User's Guide Command Line Interface - QLogic
User's Guide Command Line Interface - QLogic
User's Guide Command Line Interface - QLogic
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
User’s <strong>Guide</strong><br />
<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Firmware Version 8.0<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Information furnished in this manual is believed to be accurate and reliable. However, <strong>QLogic</strong> Corporation assumes no<br />
responsibility for its use, nor for any infringements of patents or other rights of third parties which may result from its<br />
use. <strong>QLogic</strong> Corporation reserves the right to change product specifications at any time without notice. Applications<br />
described in this document for any of these products are for illustrative purposes only. <strong>QLogic</strong> Corporation makes no<br />
representation nor warranty that such applications are suitable for the specified use without further testing or<br />
modification. <strong>QLogic</strong> Corporation assumes no responsibility for any errors that may appear in this document.<br />
This switch is covered by one or more of the following patents: 6697359; other patents pending.<br />
Revision A, October, 2008<br />
Revision B, November 2011<br />
Document Revision History<br />
Changes<br />
Pages Affected<br />
Support for transparent routing. 5-8, 5-15, 13-109, 13-214, 13-218<br />
Support for Internet Key Exchange and Public Key<br />
Infrastructure<br />
Update for current template and branding<br />
3-7, 3-8, 3-9, 3-10, 3-13, 3-14, 3-15, 3-20, 3-21,<br />
3-25, 3-26, 13-44, 13-47, 13-53, 13-63, 13-64,<br />
13-66, 13-73, 13-74,<br />
Throughout<br />
Added 20Gb Stacking Port license key 4-29, 13-29<br />
Updated description of the Tech_Support_Center<br />
profile<br />
Removed ExtCredit from the Set Config Port command<br />
example<br />
11-4<br />
13-111<br />
ii<br />
59263-02 B
Table of Contents<br />
Preface<br />
Switch Models and Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
Related Materials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
1 <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
xvi<br />
xvi<br />
xvi<br />
xvii<br />
xvii<br />
xvii<br />
xviii<br />
Logging In to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2<br />
Opening and Closing an Admin Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3<br />
Entering <strong>Command</strong>s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4<br />
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4<br />
Setting Page Breaks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5<br />
Creating a Support File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6<br />
Downloading and Uploading Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8<br />
2 User Account Configuration<br />
Displaying User Account Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2<br />
Creating User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3<br />
Modifying User Accounts and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4<br />
3 Network Configuration<br />
Displaying the Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1<br />
Configuring the Ethernet Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2<br />
IP Version 4 Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2<br />
IP Version 6 Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4<br />
DNS Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4<br />
Verifying a Switch in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5<br />
Managing IP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6<br />
59263-02 B iii
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
IP Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7<br />
Security Policies and Associations . . . . . . . . . . . . . . . . . . . . . . . 3-7<br />
IKE Peers and Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8<br />
Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8<br />
Displaying IP Security Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9<br />
IP Security Policy and Association Information . . . . . . . . . . . . . 3-9<br />
IKE Peer and Policy Information. . . . . . . . . . . . . . . . . . . . . . . . . 3-10<br />
Public Key Infrastructure Information . . . . . . . . . . . . . . . . . . . . . 3-10<br />
IP Security Configuration History . . . . . . . . . . . . . . . . . . . . . . . . 3-11<br />
IP Security Configuration Limits . . . . . . . . . . . . . . . . . . . . . . . . . 3-12<br />
Managing the Security Policy Database . . . . . . . . . . . . . . . . . . . . . . . 3-12<br />
Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13<br />
Deleting a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14<br />
Modifying a User-Defined Policy . . . . . . . . . . . . . . . . . . . . . . . . 3-14<br />
Renaming a User-Defined Policy . . . . . . . . . . . . . . . . . . . . . . . . 3-15<br />
Copying a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15<br />
Managing the Security Association Database . . . . . . . . . . . . . . . . . . . 3-16<br />
Creating an Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17<br />
Deleting an Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18<br />
Modifying a User-Defined Association . . . . . . . . . . . . . . . . . . . . 3-19<br />
Renaming a User-Defined Association. . . . . . . . . . . . . . . . . . . . 3-20<br />
Copying an Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20<br />
Managing IKE Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20<br />
Creating an IKE Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20<br />
Deleting an IKE Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21<br />
Modifying an IKE Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22<br />
Renaming an IKE Peer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23<br />
Copying an IKE Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23<br />
Managing IKE Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23<br />
Creating an IKE Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24<br />
Deleting an IKE Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25<br />
Modifying an IKE Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25<br />
Renaming an IKE Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26<br />
Copying an IKE Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26<br />
Resetting the IP Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . 3-27<br />
4 Switch Configuration<br />
Displaying Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1<br />
Name Server Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2<br />
Switch Operational Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3<br />
iv<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
System Process Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4<br />
Elapsed Time Between Resets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5<br />
Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5<br />
Switch Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . 4-5<br />
Zoning Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . 4-6<br />
Security Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . 4-6<br />
Hardware Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7<br />
Firmware Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8<br />
Managing Switch Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9<br />
Managing Switch Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10<br />
Displaying a List of Switch Configurations. . . . . . . . . . . . . . . . . . . . . . 4-10<br />
Activating a Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11<br />
Copying a Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11<br />
Deleting a Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11<br />
Modifying a Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11<br />
Backing Up and Restoring a Switch Configuration . . . . . . . . . . . . . . . 4-13<br />
Creating the Backup File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13<br />
Downloading the Configuration File . . . . . . . . . . . . . . . . . . . . . . 4-14<br />
Restoring the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . 4-15<br />
Paging a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16<br />
Setting the Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16<br />
Displaying the Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16<br />
Setting the Date and Time Explicitly . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17<br />
Setting the Date and Time through NTP . . . . . . . . . . . . . . . . . . . . . . . 4-18<br />
Resetting a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19<br />
Installing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19<br />
Non-disruptive Activation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20<br />
One-Step Firmware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21<br />
Custom Firmware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22<br />
Testing a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23<br />
Online Tests for Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24<br />
Offline Tests for Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25<br />
Connectivity Tests for Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26<br />
Displaying Switch Test Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26<br />
Canceling a Switch Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27<br />
Verifying and Tracing Fibre Channel Connections . . . . . . . . . . . . . . . . . . . . 4-28<br />
Managing Switch Feature Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29<br />
Displaying Feature Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29<br />
Installing a Feature License Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29<br />
59263-02 B v
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Managing Idle Session Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30<br />
5 Port Configuration<br />
Displaying Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1<br />
Port Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2<br />
Port Operational Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3<br />
Port Threshold Alarm Configuration Parameters. . . . . . . . . . . . . . . . . 5-4<br />
Port Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5<br />
Transceiver Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6<br />
Modifying Port Operating Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7<br />
Configuring Transparent Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8<br />
Port Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11<br />
Resetting a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13<br />
Configuring Port Threshold Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14<br />
Testing a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15<br />
Online Tests for Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15<br />
Offline Tests for Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16<br />
Display Port Test Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17<br />
Cancel a Port Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17<br />
Displaying Extended Credit Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17<br />
6 Zoning Configuration<br />
Displaying Zoning Database Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2<br />
Configured Zone Set Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2<br />
Active Zone Set Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3<br />
Merged Zone Set Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4<br />
Edited Zone Set Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5<br />
Zone Set Membership Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5<br />
Zone Membership Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6<br />
Orphan Zone Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6<br />
Alias and Alias Membership Information . . . . . . . . . . . . . . . . . . . . . . . 6-7<br />
Zoning Modification History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7<br />
Zoning Database Limits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8<br />
Configuring the Zoning Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9<br />
Modifying the Zoning Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11<br />
Saving the Active and Merged Zone Sets . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12<br />
Resetting the Zoning Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12<br />
Removing Inactive Zone Sets, Zones, and Aliases . . . . . . . . . . . . . . . . . . . 6-13<br />
Managing Zone Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13<br />
Create a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13<br />
vi<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Delete a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14<br />
Rename a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14<br />
Copy a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14<br />
Add Zones to a Zone Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14<br />
Remove Zones from a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Activate a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Deactivate a Zone Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Managing Zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Create a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16<br />
Delete a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16<br />
Rename a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16<br />
Copy a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16<br />
Add Members to a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17<br />
Remove Members from a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17<br />
Managing Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17<br />
Create an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17<br />
Delete an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18<br />
Rename an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18<br />
Copy an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18<br />
Add Members to an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18<br />
Remove Members from an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18<br />
7 Connection Security Configuration<br />
Managing SSL and SSH Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2<br />
Displaying SSL and SSH Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3<br />
Creating an SSL Security Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3<br />
8 Device Security Configuration<br />
Displaying Security Database Information . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1<br />
Configured Security Set Information . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2<br />
Active Security Set Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3<br />
Security Set Membership Information . . . . . . . . . . . . . . . . . . . . . . . . . 8-4<br />
Group Membership Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4<br />
Security Database Modification History. . . . . . . . . . . . . . . . . . . . . . . . 8-5<br />
Security Database Limits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5<br />
Configuring the Security Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6<br />
Modifying the Security Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8<br />
Resetting the Security Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9<br />
Managing Security Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9<br />
Create a Security Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9<br />
59263-02 B vii
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Delete a Security Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9<br />
Rename a Security Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10<br />
Copy a Security Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10<br />
Add Groups to a Security Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10<br />
Remove Groups from a Security Set. . . . . . . . . . . . . . . . . . . . . . . . . . 8-10<br />
Activate a Security Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10<br />
Deactivate a Security Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10<br />
Managing Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11<br />
Create a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11<br />
Delete a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11<br />
Rename a Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11<br />
Copy a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11<br />
Add Members to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12<br />
Modify a Group Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13<br />
Remove Members from a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13<br />
9 RADIUS Server Configuration<br />
Displaying RADIUS Server Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1<br />
Configuring a RADIUS Server on the Switch . . . . . . . . . . . . . . . . . . . . . . . . 9-3<br />
10 Event Log Configuration<br />
Starting and Stopping Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2<br />
Displaying the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2<br />
Filtering the Event Log Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3<br />
Controlling Messages in the Output Stream . . . . . . . . . . . . . . . . . . . . 10-3<br />
Managing the Event Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4<br />
Configure the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4<br />
Display the Event Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5<br />
Restore the Event Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 10-5<br />
Clearing the Event Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5<br />
Logging to a Remote Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5<br />
Creating and Downloading a Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6<br />
11 Call Home Configuration<br />
Call Home Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1<br />
Call Home Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2<br />
Call Home Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3<br />
Technical Support <strong>Interface</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4<br />
Configuring the Call Home Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5<br />
Managing the Call Home Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6<br />
Displaying Call Home Database Information. . . . . . . . . . . . . . . . . . . . 11-7<br />
viii<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Creating a Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9<br />
Deleting a Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9<br />
Modifying a Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10<br />
Renaming a Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11<br />
Copying a Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11<br />
Adding a Data Capture Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 11-11<br />
Modifying a Data Capture Configuration . . . . . . . . . . . . . . . . . . . . . . . 11-12<br />
Deleting a Data Capture Configuration . . . . . . . . . . . . . . . . . . . . . . . . 11-12<br />
Testing a Call Home Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13<br />
Changing SMTP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13<br />
Clearing the Call Home Message Queue. . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13<br />
Resetting the Call Home Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14<br />
12 Simple Network Management Protocol Configuration<br />
Managing the SNMP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2<br />
Displaying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3<br />
Modifying the SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4<br />
Resetting the SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5<br />
Managing the SNMP Version 3 Configuration . . . . . . . . . . . . . . . . . . . . . . . 12-6<br />
Create an SNMP Version 3 User Account. . . . . . . . . . . . . . . . . . . . . . 12-7<br />
Display SNMP Version 3 User Accounts . . . . . . . . . . . . . . . . . . . . . . . 12-7<br />
Modify an SNMP Version 3 User Account. . . . . . . . . . . . . . . . . . . . . . 12-8<br />
13 <strong>Command</strong> Reference<br />
Access Authority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1<br />
Syntax and Keywords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2<br />
Notes and Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2<br />
<strong>Command</strong> Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2<br />
Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3<br />
Alias. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4<br />
Callhome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-6<br />
Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-10<br />
Cert_Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13<br />
Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14<br />
Clone Config Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16<br />
Config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-17<br />
Create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-21<br />
Date. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-24<br />
Exit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-25<br />
Fcping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-26<br />
59263-02 B ix
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Fctrace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-27<br />
Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-29<br />
Firmware Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-30<br />
Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-32<br />
Hardreset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-40<br />
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-41<br />
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-42<br />
Hotreset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-43<br />
Ike List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-44<br />
Ike Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-47<br />
Ike Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-53<br />
Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-60<br />
Ipsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-63<br />
Ipsec Association. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-65<br />
Ipsec List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-69<br />
Ipsec Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-72<br />
Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-77<br />
Lip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-79<br />
Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-80<br />
Passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-81<br />
Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-82<br />
Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-83<br />
Ps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-87<br />
Quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-88<br />
Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-89<br />
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-99<br />
Securityset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-103<br />
Set Alarm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-106<br />
Set Beacon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-107<br />
Set Config Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-108<br />
Set Config Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-113<br />
Set Config Security Portbinding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-114<br />
Set Config Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-115<br />
Set Config Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-117<br />
Set Config Zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-119<br />
Set Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-121<br />
Set Pagebreak. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-125<br />
Set Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-126<br />
Set Setup Callhome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-128<br />
x<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Set Setup Radius. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-131<br />
Set Setup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-135<br />
Set Setup SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-138<br />
Set Setup System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-142<br />
Set Switch State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-150<br />
Set Timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-151<br />
Show About . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-152<br />
Show Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-154<br />
Show Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-155<br />
Show Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-156<br />
Show Config Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-157<br />
Show Config Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-159<br />
Show Config Security Portbinding. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-160<br />
Show Config Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-161<br />
Show Config Threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-162<br />
Show Config Zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-163<br />
Show Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-164<br />
Show Donor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-165<br />
Show Env . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-166<br />
Show Fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-167<br />
Show FDMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-168<br />
Show <strong>Interface</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-169<br />
Show Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-170<br />
Show LSDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-174<br />
Show Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-175<br />
Show Mem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-178<br />
Show Ns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-179<br />
Show Pagebreak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-181<br />
Show Perf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-182<br />
Show Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-185<br />
Show Postlog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-191<br />
Show Setup Callhome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-192<br />
Show Setup Mfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-193<br />
Show Setup Radius. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-194<br />
Show Setup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-195<br />
Show Setup Snmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-196<br />
Show Setup System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-197<br />
Show Steering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-200<br />
Show Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-201<br />
59263-02 B xi
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Index<br />
Show System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-203<br />
Show Testlog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-204<br />
Show Timezone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-205<br />
Show Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-206<br />
Show Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-207<br />
Show Version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-208<br />
Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-210<br />
Snmpv3user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-211<br />
Test Cancel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-213<br />
Test Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-214<br />
Test Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-216<br />
Test Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-218<br />
Uptime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-220<br />
User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-221<br />
Whoami . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-224<br />
Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-225<br />
Zoneset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-228<br />
Zoning Active. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-231<br />
Zoning Cancel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-232<br />
Zoning Clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-233<br />
Zoning Configured. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-234<br />
Zoning Delete Orphans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-235<br />
Zoning Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-236<br />
Zoning Edited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-237<br />
Zoning History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-238<br />
Zoning Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-239<br />
Zoning List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-240<br />
Zoning Merged . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-241<br />
Zoning Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-242<br />
Zoning Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-243<br />
List of Tables<br />
Table<br />
Page<br />
1-1 <strong>Command</strong>-<strong>Line</strong> Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4<br />
2-1 Factory User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1<br />
4-1 Heartbeat LED Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7<br />
4-2 Switch Reset Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19<br />
10-1 Event Log Message Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2<br />
13-1 Data Capture Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-10<br />
xii<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
13-2 ISL Group Member Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-33<br />
13-3 Port Group Member Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-34<br />
13-4 MS Group Member Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-35<br />
13-5 Group Member Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-36<br />
13-6 IKE Peer Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-47<br />
13-7 IKE Policy Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-53<br />
13-8 IP Security Association Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 13-65<br />
13-9 IP Security Policy Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-72<br />
13-10 Profile Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-83<br />
13-11 Call Home Service Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-92<br />
13-12 Switch Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-93<br />
13-13 Port Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-94<br />
13-14 Port Threshold Alarm Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-95<br />
13-15 Zoning Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-96<br />
13-16 SNMP Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-96<br />
13-17 RADIUS Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-97<br />
13-18 Switch Services Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-97<br />
13-19 System Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-98<br />
13-20 Security Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-98<br />
13-21 Port Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-108<br />
13-22 Security Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-113<br />
13-23 Port Binding Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-114<br />
13-24 Switch Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-115<br />
13-25 Port Alarm Threshold Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-117<br />
13-26 Zoning Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-119<br />
13-27 Call Home Service Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-128<br />
13-28 Common RADIUS Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-131<br />
13-29 Specific RADIUS Server Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . 13-132<br />
13-30 Switch Services Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-135<br />
13-31 SNMP Common Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-138<br />
13-32 SNMP Trap Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-139<br />
13-33 DNS Host Name Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-142<br />
13-34 IP Version 4 Ethernet Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-143<br />
13-35 IP Version 6 Ethernet Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-143<br />
13-36 Event Logging Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-144<br />
13-37 NTP Server Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-144<br />
13-38 Timer Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-145<br />
13-39 Show About Display Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-152<br />
13-40 Log Monitoring Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-170<br />
13-41 Transceiver Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-175<br />
13-42 Show Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-185<br />
13-43 Switch Operational Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-201<br />
13-44 Show Version Display Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-208<br />
13-45 SNMP Version 3 User Account Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-211<br />
13-46 Port Test Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-215<br />
59263-02 B xiii
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
13-47 Switch Test Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-219<br />
13-48 Zoning Database Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-239<br />
xiv<br />
59263-02 B
Preface<br />
This guide describes the features and use of the command line interface for<br />
<strong>QLogic</strong> 5800V Series Fibre Channel switches running firmware version 8.0. The<br />
<strong>QLogic</strong> 5800V Series switch is a 24-port, 8-Gbps Fibre Channel switch. The<br />
model 5802V switch has dual, replaceable power supplies; model 5800V has a<br />
single non-replaceable power supply. This guide is organized as follows:<br />
• Section 1 describes logging on and off of a switch, opening and closing an<br />
Admin session, entering commands, getting help, paging a switch, setting<br />
page breaks, and loading and retrieving files.<br />
• Section 2 describes the management of user accounts and passwords.<br />
• Section 3 describes configuring the switch network configuration.<br />
• Section 4 describes managing the switch configuration, setting the date and<br />
time, backing up and restoring the switch configuration, resetting the switch,<br />
installing firmware, and installing feature licenses.<br />
• Section 5 describes port configurations, resetting a port, initializing a port<br />
loop, configuring port threshold alarms, and testing ports.<br />
• Section 6 describes managing the zoning database.<br />
• Section 7 describes managing connection security.<br />
• Section 8 describes managing device security.<br />
• Section 9 describes managing the Remote Authentication Dial-In User<br />
Service (RADIUS) server.<br />
• Section 10 describes events and event logging.<br />
• Section 11 describes managing Call Home email notification.<br />
• Section 12 describes managing the Simple Network Management Protocol<br />
(SNMP) configuration.<br />
• Section 13 lists the commands in alphabetical order, including the command<br />
syntax, keywords, notes, and examples.<br />
An index is also provided.<br />
59263-02 B xv
Preface<br />
Switch Models and Examples<br />
Switch Models and Examples<br />
The commands and displays of the command line interface vary depending on the<br />
switch model. All examples in this guide are taken from a <strong>QLogic</strong> 5802V switch<br />
unless stated otherwise.<br />
Intended Audience<br />
This guide is intended for individuals who are responsible for installing and<br />
servicing Fibre Channel equipment using the command line interface.<br />
Related Materials<br />
The following manuals and materials are referenced in the text and/or provide<br />
additional information.<br />
• <strong>QLogic</strong> 5800V Series Stackable Fibre Channel Switch Installation <strong>Guide</strong><br />
• <strong>QLogic</strong> 5800V Series QuickTools Switch Management User’s <strong>Guide</strong><br />
• <strong>QLogic</strong> 5800V Series Enterprise Fabric Suite User’s <strong>Guide</strong><br />
• <strong>QLogic</strong> Fibre Channel Switch Event Message Reference <strong>Guide</strong><br />
• Simple Network Management Protocol Reference <strong>Guide</strong><br />
• CIM Agent Reference <strong>Guide</strong><br />
• <strong>QLogic</strong> Storage Networking Interoperability <strong>Guide</strong>. This PDF document can<br />
be downloaded at www.qlogic.com.<br />
• Fibre Channel-Arbitrated Loop (FC-AL-2) Rev. 7.0.<br />
• Fibre Channel-10-bit <strong>Interface</strong> Rev. 2.3.<br />
• Definitions of Managed Objects for the Fabric Element in Fibre Channel<br />
Standard (draft-ietf-ipfc-fabric-element-mib-04.txt).<br />
The Fibre Channel Standards are available from:<br />
Global Engineering Documents, 15 Inverness Way East, Englewood, CO<br />
80112-5776 Phone: (800) 854-7179 or (303) 397-7956<br />
Fax: (303) 397-2740.<br />
xvi<br />
59263-02 B
Preface<br />
Technical Support<br />
Technical Support<br />
Customers should contact their authorized maintenance provider for technical<br />
support of their <strong>QLogic</strong> products. <strong>QLogic</strong>-direct customers may contact <strong>QLogic</strong><br />
Technical Support; others will be redirected to their authorized maintenance<br />
provider. Visit the <strong>QLogic</strong> support Web site listed in Contact Information for the<br />
latest firmware and software updates.<br />
For details about available service plans, or for information about renewing and<br />
extending your service, visit the Service Program web page at<br />
http://www.qlogic.com/services.<br />
Training<br />
<strong>QLogic</strong> offers training for technical professionals for all iSCSI, InfiniBand, and<br />
Fibre Channel products. From the main <strong>QLogic</strong> web page at www.qlogic.com,<br />
click the Support tab at the top, and then click Training and Certification on the<br />
left. The <strong>QLogic</strong> Global Training portal offers online courses, certification exams,<br />
and scheduling of in-person training.<br />
Technical Certification courses include installation, maintenance and<br />
troubleshooting <strong>QLogic</strong> products. Upon demonstrating knowledge using live<br />
equipment, <strong>QLogic</strong> awards a certificate identifying the student as a certified<br />
professional. You can reach the training professionals at <strong>QLogic</strong> by e-mail at<br />
training@qlogic.com.<br />
Contact Information<br />
<strong>QLogic</strong> Technical Support for products under warranty is available during local<br />
standard working hours excluding <strong>QLogic</strong> Observed Holidays. For customers with<br />
extended service, consult your plan for available hours. For Support phone<br />
numbers, see the Contact Support link at support.qlogic.com.<br />
Support Headquarters<br />
<strong>QLogic</strong> Web Site<br />
Technical Support Web Site<br />
Technical Support E-mail<br />
Technical Training E-mail<br />
<strong>QLogic</strong> Corporation<br />
4601 Dean Lakes Blvd.<br />
Shakopee, MN 55379 USA<br />
www.qlogic.com<br />
http://support.qlogic.com<br />
support@qlogic.com<br />
training@qlogic.com<br />
59263-02 B xvii
Preface<br />
Technical Support<br />
Knowledge Base<br />
The <strong>QLogic</strong> knowledge base is an extensive collection of <strong>QLogic</strong> product<br />
information that you can search for specific solutions. We are constantly adding to<br />
the collection of information in our knowledge base to provide answers to your<br />
most urgent questions. Access the knowledge base from the <strong>QLogic</strong> Support<br />
Center: http://support.qlogic.com.<br />
xviii<br />
59263-02 B
1 <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
Usage<br />
This section describes the following tasks:<br />
• Logging In to the Switch<br />
• Opening and Closing an Admin Session<br />
• Entering <strong>Command</strong>s<br />
• Getting Help<br />
• Setting Page Breaks<br />
• Creating a Support File<br />
• Downloading and Uploading Files<br />
NOTE:<br />
Throughout this document, references in text to commands and keywords<br />
use initial capitalization for clarity. Actual command and keyword entries are<br />
case insensitive<br />
59263-02 B 1-1
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Logging In to the Switch<br />
Logging In to the Switch<br />
To log in to a switch through Telnet, do the following:<br />
1. Open a command line window on the workstation and enter the Telnet<br />
command followed by the switch IP address. The IP address can be one of<br />
the following:<br />
• 4-byte IP version 4 address<br />
• 16-byte IP version 6 address<br />
• Domain Name System (DNS) host name (requires a DNS server)<br />
The Telnet window opens prompting you for a login.<br />
# telnet ip_address<br />
2. Enter an account name and password. The default account name is admin,<br />
and its password is password.<br />
switch login:admin<br />
password: xxxxxxxx<br />
The following warning appears when you log in for the first time:<br />
Warning: Your user account password has not been changed<br />
It is strongly recommended that you do so before<br />
proceeding<br />
To log off, enter the Exit command:<br />
SANbox #> exit<br />
To log in to a switch through the serial port, do the following:<br />
1. Configure the workstation port with the following settings:<br />
• 9600 baud<br />
• 8-bit character<br />
• 1 stop bit<br />
• No parity<br />
2. Enter an account name and password when prompted. The default account<br />
name is admin, and its password is password.<br />
1-2 59263-02 B
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Opening and Closing an Admin Session<br />
NOTE:<br />
A switch supports a combined maximum of 19 logins or sessions, which are<br />
reserved as follows. Additional logins will be refused.<br />
• 4 logins or sessions for internal applications such as management<br />
server and SNMP<br />
• 9 high priority Telnet sessions<br />
• 6 logins or sessions for Enterprise Fabric Suite, QuickTools,<br />
Application Programming <strong>Interface</strong> (API) , and Telnet.<br />
Opening and Closing an Admin Session<br />
The command line interface performs monitoring and configuration tasks.<br />
<strong>Command</strong>s that perform monitoring tasks are available to all user accounts.<br />
<strong>Command</strong>s that perform configuration tasks are available only after entering the<br />
Admin Start command to open an Admin session. A user account must have<br />
Admin authority to enter the Admin Start command.<br />
The following is an example of how to open and close an Admin session:<br />
SANbox #> admin start<br />
SANbox (admin) #><br />
.<br />
.<br />
.<br />
SANbox (admin) #> admin end<br />
59263-02 B 1-3
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Entering <strong>Command</strong>s<br />
Entering <strong>Command</strong>s<br />
The command-line completion feature makes entering and repeating commands<br />
easier. Table 1-1 describes the command-line completion keystrokes.<br />
Table 1-1. <strong>Command</strong>-<strong>Line</strong> Completion<br />
Keystroke<br />
Tab<br />
Up Arrow<br />
Down Arrow<br />
Control-A<br />
Control-E<br />
Control-U<br />
Effect<br />
Completes the command line. Enter at least one character and press<br />
the tab key to complete the command line. If more than one possibility<br />
exists, press the Tab key again to display all possibilities.<br />
Scrolls backward through the list of previously entered commands.<br />
Scrolls forward through the list of previously entered commands.<br />
Moves the cursor to the beginning of the command line<br />
Moves the cursor to the end of the command line.<br />
Clears the command line.<br />
Getting Help<br />
To display help for a command, enter the Help command followed by the<br />
command you are inquiring about. The following is an example of the help that is<br />
available for the Config Edit command.<br />
SANbox #> help config edit<br />
config edit [CONFIG_NAME]<br />
This command initiates a configuration session and places the current session<br />
into config edit mode.<br />
If CONFIG_NAME is given and it exists, it gets edited; otherwise, it gets<br />
created. If it is not given, the currently active configuration is edited.<br />
Admin mode is required for this command.<br />
Usage: config edit [CONFIG_NAME]<br />
1-4 59263-02 B
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Setting Page Breaks<br />
Setting Page Breaks<br />
Some display commands deliver so much information to the screen that it scrolls<br />
by too quickly to read it. You can limit the display to 20 lines by turning on page<br />
breaks. By default, page breaks are turned off.The following is an example of how<br />
to turn page breaks on and how it affects the display.<br />
SANbox #> set pagebreak on<br />
SANbox #> zone list<br />
Zone ZoneSet<br />
---- -------<br />
Zone1<br />
alpha<br />
beta<br />
Zone2<br />
delta<br />
echo<br />
Zone3<br />
sierra<br />
tango<br />
Zone4<br />
gamma<br />
delta<br />
Press any key to continue, 'q' to quit ...<br />
59263-02 B 1-5
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Creating a Support File<br />
Creating a Support File<br />
If you contact technical support about a problem with your switch, they may<br />
request that you create and send a support file. This support file contains all of the<br />
switch configuration information, which can be helpful in diagnosing the problem.<br />
The Create Support command creates the support file (dump_support.tgz) on the<br />
switch. If your workstation has an FTP server, you can proceed with the command<br />
prompts to send the file from the switch to a remote host. Otherwise, you can use<br />
FTP to download the support file from the switch to your workstation.<br />
NOTE:<br />
Support files are deleted from the switch during a power cycle or switch<br />
reset.<br />
The following example creates a support file and sends it to a remote host if your<br />
workstation has an FTP server.<br />
SANbox #> create support<br />
Log Msg:[Creating the support file - this will take several seconds]<br />
FTP the dump support file to another machine? (y/n): y<br />
Enter IPv4, IPv6 Address or hostname of remote computer: 10.20.33.130<br />
Login name: johndoe<br />
Enter remote directory name: bin/support<br />
Would you like to continue downloading support file? (y/n) [n]: y<br />
Connected to 10.20.33.130 (10.20.33.130).<br />
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready.<br />
331 Password required for johndoe.<br />
Password: xxxxxxx<br />
230 User johndoe logged in.<br />
cd bin/support<br />
250 CWD command successful.<br />
lcd /itasca/conf/images<br />
Local directory now /itasca/conf/images<br />
bin<br />
200 Type set to I.<br />
put dump_support.tgz<br />
local: dump_support.tgz remote: dump_support.tgz<br />
227 Entering Passive Mode (10,20,33,130,232,133)<br />
150 Opening BINARY mode data connection for dump_support.tgz.<br />
226 Transfer complete.<br />
43430 bytes sent in 0.292 secs (1.5e+02 Kbytes/sec)<br />
Remote system type is UNIX.<br />
Using binary mode to transfer files.<br />
221-You have transferred 43430 bytes in 1 files.<br />
221-Total traffic for this session was 43888 bytes in 1 transfers.<br />
221 Thank you for using the FTP service on localhost.localdomain.<br />
1-6 59263-02 B
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Creating a Support File<br />
If your workstation does not have an FTP server, enter the Create Support<br />
command to create the support file, and then use FTP to download the support file<br />
from the switch to your workstation, as shown in the following example:<br />
SANbox #> create support<br />
Log Msg:[Creating the support file - this will take several seconds]<br />
FTP the dump support file to another machine? (y/n): n<br />
To download the support file from the switch to the workstation, do the following:<br />
1. Open a terminal window and move to the directory where you want to<br />
download the support file.<br />
2. Enter the FTP command and the switch IP address or symbolic name.<br />
>ftp 10.0.0.1<br />
3. When prompted for a user and password, enter the FTP account name and<br />
password (images, images).<br />
user: images<br />
password: images<br />
4. Set binary mode and use the Get command to download the file<br />
(dump_support.tgz).<br />
ftp>bin<br />
ftp>get dump_support.tgz<br />
xxxxx bytes sent in xx secs.<br />
ftp>quit<br />
59263-02 B 1-7
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Downloading and Uploading Files<br />
Downloading and Uploading Files<br />
Several files that reside on the switch can be downloaded to the workstation for<br />
examination or for safekeeping. These files include the following:<br />
• Backup configuration file (configdata)<br />
• Log files (logfile)<br />
• Support files (dump_support.tgz)<br />
You can upload firmware image files or backup configuration files to the switch to<br />
reinstall firmware or restore a corrupted configuration. The switch uses FTP to<br />
exchange files between the switch and the workstation.<br />
To download a file from the switch to the workstation, do the following:<br />
1. Enter the FTP command and the switch IP address or symbolic name.<br />
>ftp 10.0.0.1<br />
2. When prompted for a user and password, enter the FTP account name and<br />
password (images, images).<br />
user: images<br />
password: images<br />
3. Set binary mode and use the Get command to download the file<br />
(configdata).<br />
ftp>bin<br />
ftp>get configdata<br />
xxxxx bytes sent in xx secs.<br />
ftp>quit<br />
To upload a file from the workstation to the switch, do the following<br />
1. Enter the FTP command and the switch IP address or symbolic name.<br />
>ftp 10.0.0.1<br />
2. When prompted for a user and password, enter the FTP account name and<br />
password (images, images).<br />
user:images<br />
password: images<br />
1-8 59263-02 B
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Downloading and Uploading Files<br />
3. Set binary mode and use the Put command to upload the file<br />
(config_switch_169).<br />
ftp>put config_switch_169 configdata<br />
xxxxx bytes sent in xx secs.<br />
ftp>quit<br />
For more information about reinstallation, backup and restore, and creating<br />
support and log files:<br />
• Refer to “Installing Firmware” on page 4-19 for information about installing<br />
firmware.<br />
• Refer to “Backing Up and Restoring a Switch Configuration” on page 4-13<br />
for information about backing up and restoring a switch configuration.<br />
• Refer to “Creating and Downloading a Log File” on page 10-6 for information<br />
about creating a log file.<br />
• Refer to “Creating a Support File” on page 1-6 for information about creating<br />
a support file.<br />
59263-02 B 1-9
1–<strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> Usage<br />
Downloading and Uploading Files<br />
1-10 59263-02 B
2 User Account<br />
Configuration<br />
User accounts and their respective passwords are the first line of switch security.<br />
A user account consists of an account name, an authority level, and an expiration<br />
date. Switches come from the factory with certain user accounts defined for<br />
special purposes. Table 2-1 describes these accounts, their passwords, and their<br />
purposes. These accounts cannot be deleted from the switch.<br />
Table 2-1. Factory User Accounts<br />
User<br />
Account<br />
Name<br />
Password<br />
Purpose<br />
admin password Provides access to the Telnet server for managing the<br />
switch. Admin is the only account name that has permission<br />
to create and modify other user accounts. To<br />
secure your admin user account, be sure to change<br />
the password for this account.<br />
images images Provides access to the File Transfer Protocol (FTP)<br />
server for exchanging files between the switch and<br />
the workstation.<br />
prom prom Provides access to the Maintenance mode menu to<br />
perform switch recovery tasks. Refer to the <strong>QLogic</strong><br />
5800V Series Stackable Fibre Channel Switch Installation<br />
<strong>Guide</strong> for information about using Maintenance<br />
mode.<br />
This section describes the following user account configuration tasks:<br />
• Displaying User Account Information<br />
• Creating User Accounts<br />
• Modifying User Accounts and Passwords<br />
59263-02 B 2-1
2–User Account Configuration<br />
Displaying User Account Information<br />
Displaying User Account Information<br />
You can display all user accounts defined on the switch (User Accounts<br />
command) or just those user accounts that are logged on (User List or<br />
Show Users commands).<br />
The following example displays all user accounts defined on the switch. Account<br />
information includes account name, authority, and expiration date.<br />
SANbox (admin) #> user accounts<br />
Current list of user accounts<br />
-----------------------------<br />
images (admin authority = False, never expires)<br />
admin (admin authority = True , never expires)<br />
chuckca (admin authority = False, expires in < 50 days)<br />
gregj (admin authority = True , expires in < 100 days)<br />
fred<br />
(admin authority = True , never expires)<br />
The following example displays user accounts that are logged on to the switch:<br />
SANbox (admin) #> user list<br />
User<br />
cim@OB-session1<br />
Client<br />
cim<br />
Logged in Since day month date time year<br />
User<br />
snmp@IB-session2<br />
Client<br />
Unknown<br />
Logged in Since day month date time year<br />
User<br />
snmp@OB-session3<br />
Client<br />
Unknown<br />
Logged in Since day month date time year<br />
User<br />
admin@OB-session8<br />
Client 10.33.21.27<br />
Logged in Since day month date time year<br />
2-2 59263-02 B
2–User Account Configuration<br />
Creating User Accounts<br />
Creating User Accounts<br />
A user account consists of an account name, an authority level, and an expiration<br />
date. The account name can be up to 15 characters: the first character must be<br />
alphanumeric; the remaining characters must be ASCII characters except<br />
semicolon (;), comma (,), #, and period (.). The authority level grants admin<br />
authority (true) or denies it (false). The expiration date sets the date when the user<br />
account expires. Only the Admin user account can create user accounts. You add<br />
user accounts with the User Add command.<br />
The following example creates a new user account named user1 with admin<br />
authority that expires in 100 days.<br />
SANbox (admin) #> user add<br />
Press 'q' and the ENTER key to abort this command.<br />
account name (1-15 chars) : user1<br />
account password (8-20 chars) : *******<br />
please confirm account password: *******<br />
set account expiration in days (0-2000, 0=never): [0] 100<br />
should this account have admin authority? (y/n): [n] y<br />
OK to add user account 'user1' with admin authority<br />
and to expire in 100 days?<br />
Please confirm (y/n): [n] y<br />
59263-02 B 2-3
2–User Account Configuration<br />
Modifying User Accounts and Passwords<br />
Modifying User Accounts and Passwords<br />
Only the Admin user account can modify a user account, delete a user account, or<br />
change the password of another user account. However, all user accounts can<br />
change their own passwords. The User command modifies and deletes user<br />
accounts. The Passwd command changes passwords.<br />
The following example removes the expiration date and admin authority for the<br />
user account named user1.<br />
SANbox (admin) #> user edit<br />
Press 'q' and the ENTER key to abort this command.<br />
account name (1-15 chars) : user1<br />
set account expiration in days (0-2000, 0=never): [0]<br />
should this account have admin authority? (y/n): [n]<br />
OK to modify user account 'user1' with no admin authority<br />
and to expire in 0 days?<br />
Please confirm (y/n): [n]<br />
The following example deletes the user account named user3.<br />
SANbox (admin) #> user delete user3<br />
The user account will be deleted. Please confirm (y/n): [n] y<br />
In the following example, the Admin user account changes the password for the<br />
user account named user2.<br />
SANbox #> admin start<br />
SANbox (admin) #> passwd user2<br />
Press 'q' and the ENTER key to abort this command.<br />
account OLD password : ********<br />
account NEW password (8-20 chars) : ********<br />
please confirm account NEW password: ********<br />
password has been changed.<br />
2-4 59263-02 B
3 Network Configuration<br />
Network configuration consists of the IP parameters that identify the switch in the<br />
network and provide for IP security. This section describes the following network<br />
configuration tasks:<br />
• Displaying the Network Configuration<br />
• Configuring the Ethernet Port<br />
• Verifying a Switch in the Network<br />
• Managing IP Security<br />
Displaying the Network Configuration<br />
The Show Fabric command displays IP addresses for all switches in the fabric as<br />
shown in the following example.<br />
SANbox #> show fabric<br />
Domain<br />
*133(0x85)<br />
WWN<br />
10:00:00:c0:dd:0d:53:91<br />
SymbolicName SANbox<br />
HostName<br />
<br />
EthIPv4Address 10.20.116.133<br />
EthIPv6Address <br />
* indicates principal switch<br />
59263-02 B 3-1
3–Network Configuration<br />
Configuring the Ethernet Port<br />
The Show Setup System command displays the entire switch network<br />
configuration, which includes the following:<br />
• IP configurations (versions 4 and 6)<br />
• DNS server configuration<br />
To display specific information, add the corresponding keyword. For example, to<br />
display IP version 6 configuration information, enter the Show Setup System Ipv6<br />
command:<br />
SANbox #> show setup system ipv6<br />
System Information<br />
------------------<br />
EthIPv6NetworkEnable<br />
False<br />
EthIPv6NetworkDiscovery Static<br />
EthIPv6NetworkAddress 2001::1/64<br />
EthIPv6GatewayAddress fe80::1<br />
Configuring the Ethernet Port<br />
Use the Set Setup System command in an Admin session to configure the<br />
Ethernet port and other network parameters. You can configure all of the following<br />
parameters in one session, or you can configure specific parameters by adding<br />
the corresponding keyword:<br />
• IP Version 4 Configuration<br />
• IP Version 6 Configuration<br />
• DNS Server Configuration<br />
IP Version 4 Configuration<br />
The switch supports IP version 4, which includes the following:<br />
• Network discovery method<br />
• IP address<br />
• Subnet mask<br />
• IP gateway address<br />
3-2 59263-02 B
3–Network Configuration<br />
Configuring the Ethernet Port<br />
The network discovery method determines how the switch acquires its IP address.<br />
The IP address can come from the IP address that resides on the switch or from a<br />
server. The switch supports network discovery from the following server types:<br />
• Bootstrap Protocol (BootP)<br />
• Reverse Address Resolution Protocol (RARP)<br />
• Dynamic Host Configuration Protocol (DHCP)<br />
To configure the IP version 4 parameters, enter the Set Setup System Ipv4<br />
command:<br />
SANbox (admin) #> set setup system ipv4<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
EthIPv4NetworkEnable True<br />
EthIPv4NetworkDiscovery Static<br />
EthIPv4NetworkAddress 10.20.116.133<br />
EthIPv4NetworkMask 255.255.255.0<br />
EthIPv4GatewayAddress 10.20.116.1<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
EthIPv4NetworkEnable (True / False) :<br />
EthIPv4NetworkDiscovery (1=Static, 2=Bootp, 3=Dhcp, 4=Rarp) :<br />
EthIPv4NetworkAddress (dot-notated IP Address) : 10:20:30:40<br />
EthIPv4NetworkMask (dot-notated IP Address) : 255.0.0.0<br />
EthIPv4GatewayAddress (dot-notated IPv4 Address) : 10.20.30.254<br />
Do you want to save and activate this system setup? (y/n): [n] y<br />
59263-02 B 3-3
3–Network Configuration<br />
Configuring the Ethernet Port<br />
IP Version 6 Configuration<br />
The switch supports IP version 6, which includes the following:<br />
• Network discovery method<br />
• IP address<br />
• IP gateway address<br />
The network discovery method determines how the switch acquires its IP address.<br />
The IP address can come from the IP address (static) that resides on the switch,<br />
from a DHCP server, or it can be learned from a router through the Neighbor<br />
Discovery Protocol (NDP). To configure the IP version 6 parameters, enter the<br />
Set Setup System Ipv6 command:<br />
SANbox (admin) #> set setup system ipv6<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
EthIPv6NetworkEnable<br />
EthIPv6Discovery<br />
EthIPv6NetworkAddress<br />
EthIPv6GatewayAddress<br />
False<br />
Static<br />
<br />
<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
EthIPv6NetworkEnable (True / False) :<br />
EthIPv6Discovery (1=Static, 2=Dhcpv6, 3=Ndp) :<br />
EthIPv6NetworkAddress (IPv6 Address/Mask Length format) :<br />
EthIPv6GatewayAddress (IPv6 Address) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
DNS Server Configuration<br />
A DNS server manages the host names for a fabric. This enables you to specify<br />
servers and switches by a meaningful name rather than IP address. To configure<br />
a DNS server, enter the Set Setup System Dns command in an Admin session as<br />
shown in the following example:<br />
SANbox (admin) #> set setup system dns<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
3-4 59263-02 B
3–Network Configuration<br />
Verifying a Switch in the Network<br />
Current Values:<br />
DNSClientEnabled False<br />
DNSLocalHostname <br />
DNSServerDiscovery Static<br />
DNSServer1Address <br />
DNSServer2Address <br />
DNSServer3Address <br />
DNSSearchListDiscovery Static<br />
DNSSearchList1<br />
<br />
DNSSearchList2<br />
<br />
DNSSearchList3<br />
<br />
DNSSearchList4<br />
<br />
DNSSearchList5<br />
<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
DNSClientEnabled (True / False) :<br />
DNSLocalHostname (hostname) :<br />
DNSServerDiscovery (1=Static, 2=Dhcp, 3=Dhcpv6) :<br />
DNSServer1Address (IPv4, or IPv6 Address) :<br />
DNSServer2Address (IPv4, or IPv6 Address) :<br />
DNSServer3Address (IPv4, or IPv6 Address) :<br />
DNSSearchListDiscovery (1=Static, 2=Dhcp, 3=Dhcpv6) :<br />
DNSSearchList1 (domain name) :<br />
DNSSearchList2 (domain name) :<br />
DNSSearchList3 (domain name) :<br />
DNSSearchList4 (domain name) :<br />
DNSSearchList5 (domain name) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
Verifying a Switch in the Network<br />
You can verify that a switch is communicating in the network using the Ping<br />
command. The following example successfully tests the network for a switch with<br />
IP address 10.20.11.57.<br />
SANbox #> ping 10.20.11.57<br />
Ping command issued. Waiting for response...<br />
SANbox #><br />
Response successfully received from 10.20.11.57.<br />
If the switch was unreachable, you would see the following display.<br />
SANbox #> ping 10.20.11.57<br />
Ping command issued. Waiting for response...<br />
No response from 10.20.11.57. Unreachable.<br />
59263-02 B 3-5
3–Network Configuration<br />
Managing IP Security<br />
Managing IP Security<br />
To modify IP Security, you must open an Admin session with the Admin Start<br />
command. An Admin session prevents other accounts from making changes at<br />
the same time through Telnet, QuickTools, Enterprise Fabric Suite, or another<br />
management application. You must also open an Ipsec Edit session with the Ipsec<br />
Edit command. The Ipsec Edit session provides access to the Ipsec,<br />
Ipsec Association, Ipsec Policy, Ike Peer, and Ike Policy commands with which<br />
you make modifications to the IP security and Internet key exchange (IKE)<br />
configurations.<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec)#> ipsec . . .<br />
SANbox (admin-ipsec)#> ipsec policy . . .<br />
SANbox (admin-ipsec)#> ipsec association. . .<br />
SANbox (admin-ipsec)#> ike peer . . .<br />
SANbox (admin-ipsec)#> ike policy . . .<br />
When you are finished making changes, enter the Ipsec Save command to save<br />
and activate the changes and close the Ipsec Edit session. Changes take effect<br />
immediately.<br />
SANbox (admin-ipsec)#> ipsec save<br />
To close the Ipsec Edit session without saving changes, enter the Ipsec Cancel<br />
command.<br />
SANbox (admin-ipsec)#> ipsec cancel<br />
The Admin End command releases the Admin session for other administrators<br />
when you are done making changes to the switch.<br />
To remove all IP security policies, security associations, IKE peers, and IKE<br />
policies, enter the Reset Ipsec command.<br />
SANbox (admin) #> reset ipsec<br />
3-6 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
The following subsections present IP security concepts and management tasks:<br />
• IP Security Concepts<br />
• Displaying IP Security Information<br />
• Managing the Security Policy Database<br />
• Managing the Security Association Database<br />
• Managing IKE Peers<br />
• Managing IKE Policies<br />
• Resetting the IP Security Configuration<br />
NOTE:<br />
IP security configurations can be complex: it is possible to unintentionally<br />
isolate a switch from all communication. If this happens, you can disable IP<br />
security by placing the switch in maintenance mode, and correct the<br />
problem through the serial port interface. For information about using<br />
maintenance mode and connecting through the serial port, see the <strong>QLogic</strong><br />
5800V Series Stackable Fibre Channel Switch Installation <strong>Guide</strong>.<br />
IP Security Concepts<br />
IP security provides encryption-based security for IPv4 and IP6 communications<br />
between devices through the use of security policies and associations. The<br />
Internet key exchange (IKE) protocol automates the creation of IP security<br />
associations on the switch and connected devices and the sharing of encryption<br />
keys through the configuration of IKE peers and policies. The security association<br />
database comprises all IP security associations. The security policy database<br />
comprises all IP security policies. The IKE database comprises all IKE policies<br />
and peers.<br />
Security Policies and Associations<br />
A security policy defines the following parameters:<br />
• Connection source and destination<br />
• Data traffic direction: inbound or outbound<br />
• Protocols for which to protect data traffic<br />
• Security protocols; authentication header (AH) or encapsulating security<br />
payload (ESP)<br />
• Level of protection: IP security, discard, or none<br />
59263-02 B 3-7
3–Network Configuration<br />
Managing IP Security<br />
Policies can define security for host-to-host and host-to-gateway connections; one<br />
policy for each direction. For example, to secure the connection between two<br />
hosts, you need two policies: one for outbound traffic from the source to the<br />
destination, and another for inbound traffic to the source from the destination. You<br />
can specify sources and destinations by IP addresses (version 4 or 6) or DNS<br />
host names. If a host name resolves to more than one IP address, the switch<br />
creates the necessary policies and associations. You can recognize these<br />
dynamic policies and associations because their names begin with DynamicSP_<br />
and DynamicSA_ respectively.<br />
A security association defines the encryption algorithm and encryption key (public<br />
key or secret) to apply when called by a security policy. A security policy may call<br />
several associations at different times, but each association is related to only one<br />
policy. The security association database is the set of all security associations.<br />
You can apply IP security to all communication between two systems, or to<br />
selected protocols, such as ICMP, TCP, or UDP. Furthermore, instead of applying<br />
IP security, you can choose to discard all inbound or outbound traffic, or allow all<br />
traffic without encryption. Both the AH and ESP security protocols provide source<br />
authentication, ensure data integrity, and protect against replay.<br />
IKE Peers and Policies<br />
IKE is a protocol that automates the configuration of matching IP security<br />
associations on the switch and on the connected device (or peer). The IKE peer<br />
defines the IKE security association connection through which the IKE policy<br />
configures the IP security associations.The IKE policy defines the type of data<br />
traffic to secure between the switch and the peer, and how to encrypt that data.<br />
You must create the same IKE peer and IKE policy configurations on the switch<br />
and the peer device.<br />
Public Key Infrastructure<br />
Public key encryption requires a public key, a corresponding private key, and the<br />
necessary certificates to authenticate them. Public key infrastructure (PKI)<br />
provides support for the creation and management of public/private key pairs,<br />
signed certificates, and certificate authority (CA) certificates when using IKE. You<br />
can create a public/private key and combine it with one or more device identities<br />
to generate a certificate request. Submit the certificate request to a CA to obtain a<br />
signed certificate, which contains the authenticated public/private key pair. In<br />
addition to the signed certificate, you must also obtain a CA certificate to<br />
authenticate the CA. After downloading the signed certificate and a CA certificate<br />
to the switch and importing them into the PKI database, the signed certificate<br />
(which contains the authenticated public key) can then be used to complete the<br />
IKE peer configuration.<br />
3-8 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Displaying IP Security Information<br />
You can display the following types of IP security information:<br />
• IP Security Policy and Association Information<br />
• Public Key Infrastructure Information<br />
• IKE Peer and Policy Information<br />
• IP Security Configuration History<br />
• IP Security Configuration Limits<br />
IP Security Policy and Association Information<br />
To display general or specific security policy and association information, enter the<br />
Ipsec List command. The Ipsec List command does not require an Admin session<br />
nor an Ipsec Edit session. Within an Ipsec Edit session, the Ipsec Association List<br />
and Ipsec Policy List commands display the same information. You can display<br />
active, configured, and edited polices and associations:<br />
• Active—policies and associations currently in use<br />
• Configured—policies and associations that have been saved in the IP<br />
security database<br />
• Edited—policies and associations that are being edited, but have not yet<br />
been saved<br />
The following example displays all active security policies and associations:<br />
SANbox #> ipsec list<br />
Active IPsec Information<br />
Security Association Database<br />
-----------------------------<br />
h2h-sh-sa<br />
h2h-hs-sa<br />
Security Policy Database<br />
------------------------<br />
h2h-hs-sp<br />
h2h-sh-sp<br />
Summary<br />
-------<br />
Security Association Count: 2<br />
Security Policy Count: 2<br />
59263-02 B 3-9
3–Network Configuration<br />
Managing IP Security<br />
IKE Peer and Policy Information<br />
To display general or specific peer and policy information, enter the Ike List<br />
command. The Ike List command does not require an Admin session nor an Ipsec<br />
Edit session. The Ike Peer List and Ike Policy List commands display the same<br />
information. You can display active, configured, and edited peers and polices:<br />
• Active—peers and policies currently in use<br />
• Configured—peers and policies that have been saved in the IKE database<br />
• Edited—peers and policies that are being edited, but have not yet been<br />
saved<br />
The following example displays all configured IKE peers and policies:<br />
SANbox #> ike list configured<br />
Configured (saved) IKE Information<br />
Peer<br />
Policy<br />
------ ----<br />
peer_1<br />
policy_1<br />
policy_2<br />
peer_2<br />
policy_3<br />
peer_3<br />
(no policies)<br />
(No peer)<br />
policy_4<br />
Summary:<br />
Peer Count 3<br />
Policy Count 4<br />
Public Key Infrastructure Information<br />
To display information in the PKI database about public/private key pairs, signed<br />
certificates, and certificate authorities, enter the following commands:<br />
• Key List<br />
• Certificate List Local<br />
• Cert_Authority List<br />
The following is an example of the Key List command for key512:<br />
SANbox #> key list key512<br />
Key key512:<br />
private key with:<br />
pubkey: RSA 512 bits<br />
keyid: 49:80:4c:aa:d3:c3:bc:c7:f5:b1:41:34:ce:71:48:1d:b9:b3:d9:f9<br />
subjkey: f4:b6:b9:27:25:7a:5a:69:a0:9e:cf:14:cd:3c:88:e9:d5:b1:aa:4a<br />
3-10 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
The following is an example of the Key List command:<br />
SANbox #> key list<br />
Installed Keys:<br />
key512<br />
key2048<br />
key1024<br />
* indicates key has a matching local certificate<br />
IP Security Configuration History<br />
To display the IP Security configuration history, enter the Ipsec History command<br />
to display a record of policy and association modifications as shown in the<br />
following example:<br />
SANbox #> ipsec history<br />
IPsec Database History<br />
----------------------<br />
ConfigurationLastEditedBy johndoe@OB-session5<br />
ConfigurationLastEditedOn Sat Mar 8 07:14:36 2008<br />
Active Database Checksum 00000144<br />
Inactive Database Checksum 00000385<br />
IKE Database Checksum 00000023<br />
History information includes the following:<br />
• Time of the most recent activation and the user account that performed it<br />
• Time of the most recent modification to the IP Security configuration and the<br />
user account that made it<br />
• Checksum for the active and inactive databases<br />
59263-02 B 3-11
3–Network Configuration<br />
Managing IP Security<br />
IP Security Configuration Limits<br />
To display a summary of the objects in the IP Security configuration and their<br />
maximum limit, enter the Ipsec Limits command to as shown in the following<br />
example:<br />
SANbox #> ipsec limits<br />
Configured (saved) IPsec Information<br />
IPsec Attribute<br />
Maximum Current<br />
--------------- ------- -------<br />
MaxConfiguredSAs 512 0<br />
MaxConfiguredSPs 128 0<br />
MaxConfiguredIKEPeers 16 0<br />
MaxConfiguredIKEPolicies 256 0<br />
In an Ipsec Edit session, Ipsec Limits command displays the number of both<br />
configured associations and policies, plus those created in the edit session but not<br />
yet saved.<br />
Managing the Security Policy Database<br />
The security policy database is made up of user-defined policies and dynamic<br />
policies (policies created by the switch). In addition to creating a policy, you can<br />
delete, modify, rename, and copy user-defined policies. Dynamic policies can only<br />
be copied.<br />
• Creating a Policy<br />
• Deleting a Policy<br />
• Modifying a User-Defined Policy<br />
• Renaming a User-Defined Policy<br />
• Copying a Policy<br />
3-12 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Creating a Policy<br />
To create a policy, enter the Ipsec Policy Create command as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec policy create h2h-sh-sp<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string value, 0-127 bytes) : Host-to-host: switch->host<br />
*SourceAddress (hostname, IPv4, or IPv6 Address/[PrefixLength]): fe80::2c0:ddff:fe03:d4c1<br />
SourcePort (decimal value, 1-65535) :<br />
*DestinationAddress (hostname, IPv4, or IPv6 Address/[PrefixLength]): fe80::250:daff:feb7:9d02<br />
DestinationPort (decimal value, 1-65535) :<br />
*Protocol<br />
(decimal value, or keyword)<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any<br />
: any<br />
*Direction (1=in, 2=out) : 2<br />
Priority (value, -2147483647 to +214783647) :<br />
*Action (1=discard, 2=none, 3=ipsec) : 3<br />
Mode (1=transport, 2=tunnel) : 2<br />
*TunnelSource (IPv4, or IPv6 Address) : fe91::3d1:eegg:gf14:e5d2<br />
*TunnelDestination (IPv4, or IPv6 Address)<br />
: fe91::361:ebgg:gfc8:0e13<br />
*ProtectionDesired (select one, transport-mode only)<br />
1=ah Authentication Header<br />
2=esp Encapsulating Security Payload<br />
3=both : 2<br />
*espRuleLevel (1=default, 2=use, 3=require) : 3<br />
The security policy has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
59263-02 B 3-13
3–Network Configuration<br />
Managing IP Security<br />
Deleting a Policy<br />
To delete a user-defined policy, enter the Ipsec Policy Delete command as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec policy delete policy_1<br />
The security policy will be deleted. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Modifying a User-Defined Policy<br />
To modify an existing user-defined policy, enter the Ipsec Policy Edit command in<br />
an Admin session and an Ipsec Edit session as shown in the following example.<br />
An asterisk (*) indicates a required entry.<br />
SANbox (admin-ipsec) #> ipsec policy edit h2h-sh-sp<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
To remove a value for an optional attribute, use ’n’.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
Description<br />
.<br />
.<br />
.<br />
espRuleLevel<br />
Host-to-host: switch->host<br />
require<br />
New Value (press ENTER to not specify value, 'q' to quit, 'n' for none):<br />
Description (string value, 0-127 bytes) :<br />
*SourceAddress (IPv4, IPv6 or hostname/[PrefixLength]) :<br />
SourcePort (decimal value, 1-65535) :<br />
*DestinationAddress (IPv4, IPv6 or hostname/[PrefixLength]) :<br />
DestinationPort (decimal value, 1-65535) :<br />
*Protocol (decimal value, or keyword)<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any<br />
: tcp<br />
*Direction (1=in, 2=out) :<br />
Priority (value, -2147483647 to +2147483647) :<br />
*Action (1=discard, 2=none, 3=ipsec) :<br />
Mode (1=transport, 2=tunnel) :<br />
*TunnelSource (IPv4, or IPv6 Address) :<br />
*TunnelDestination (IPv4, or IPv6 Address) :<br />
*ProtectionDesired (select one, transport-mode only)<br />
1=ah Authentication Header<br />
3-14 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
2=esp Encapsulating Security Payload<br />
3=both :<br />
*ahRuleLevel (1=default, 2=use, 3=require) :<br />
*espRuleLevel (1=default, 2=use, 3=require) :<br />
The security policy has been edited.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Renaming a User-Defined Policy<br />
To rename a policy (policy_1), enter the Ipsec Policy Rename command as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec policy rename policy_1 policy_4<br />
The security policy will be renamed. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Copying a Policy<br />
You can copy both user-defined and dynamic policies. To copy a policy (policy_1),<br />
enter the Ipsec Policy Copy command as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec policy copy policy_1 policy_a<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
59263-02 B 3-15
3–Network Configuration<br />
Managing IP Security<br />
Managing the Security Association Database<br />
The security association database is made up of user-defined associations and<br />
dynamic associations (associations created by the switch). In addition to creating<br />
an association, you can delete, modify, rename, and copy user-defined<br />
associations. Dynamic associations can only be copied.<br />
• Creating an Association<br />
• Deleting an Association<br />
• Modifying a User-Defined Association<br />
• Renaming a User-Defined Association<br />
• Copying an Association<br />
3-16 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Creating an Association<br />
To create an association, enter the Ipsec Association Create command as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec association create h2h-sh-sa<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string value, 0-127 bytes) : Host-to-host: switch->host<br />
*SourceAddress (hostname, IPv4, or IPv6 Address) : fe80::2c0:ddff:fe03:d4c1<br />
*DestinationAddress (hostname, IPv4, or IPv6 Address) : fe80::250:daff:feb7:9d02<br />
*Protocol (1=esp, 2=esp-old, 3=ah, 4=ah-old) : 1<br />
*SPI (decimal value, 256-4294967295) : 333<br />
Authentication (select an authentication algorithm)<br />
1=hmac-md5 (16 byte key)<br />
2=hmac-sha1 (20 byte key)<br />
3=hmac-sha256 (32 byte key)<br />
4=aes-xcbc-mac (16 byte key)<br />
authentication algorithm choice : 2<br />
*AuthenticationKey (quoted string or raw hex bytes) : "12345678901234567890"<br />
*Encryption<br />
(select an encryption algorithm)<br />
1=des-cbc (8 byte key)<br />
2=3des-cbc (24 byte key)<br />
3=null<br />
(0 byte key)<br />
4=blowfish-cbc (5-56 byte key)<br />
5=aes-cbc (16/24/32 byte key)<br />
6=twofish-cbc (16-32 byte key)<br />
encryption algorithm choice : 2<br />
*EncryptionKey (quoted string or raw hex bytes) : "123456789012345678901234"<br />
Mode (1=transport, 2=tunnel) : 1<br />
The security association has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
59263-02 B 3-17
3–Network Configuration<br />
Managing IP Security<br />
Deleting an Association<br />
To delete a user-defined association, enter the Ipsec Association Delete<br />
command as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec association delete association_1<br />
The security association will be deleted. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
3-18 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Modifying a User-Defined Association<br />
To modify an existing user-defined association, enter the Ipsec Association Edit<br />
command in an Admin session and an Ipsec Edit session as shown in the<br />
following example. An asterisk (*) indicates a required entry.<br />
SANbox (admin-ipsec) #> ipsec association edit h2h-sh-sa<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
To remove a value for an optional attribute, use ’n’.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
Description<br />
Host-to-host: switch->host<br />
.<br />
.<br />
EncryptionKey 123456789012345678901234<br />
New Value (press ENTER to not specify value, 'q' to quit, 'n' for none):<br />
Description (string value, 0-127 bytes) :<br />
*SourceAddress (IPv4, IPv6 or hostname) :<br />
*DestinationAddress (IPv4, IPv6 or hostname) :<br />
*Protocol<br />
(1=esp, 2=esp-old, 3=ah, 4=ah-old) : ah<br />
*SPI (decimal value, 256-4294967295) :<br />
Authentication (select an authentication algorithm)<br />
1=hmac-md5 (16 byte key)<br />
2=hmac-sha1 (20 byte key)<br />
3=hmac-sha256 (32 byte key)<br />
4=aes-xcbc-mac (16 byte key)<br />
authentication algorithm choice :<br />
*AuthenticationKey (quotes string or raw hex bytes) :<br />
*Encryption<br />
(select an encryption algorithm)<br />
1=des-cbc (8 byte key)<br />
2=3des-cbc (24 byte key)<br />
3=null (0 byte key)<br />
4=blowfish-cbc (5-56 byte key)<br />
5=aes-cbc (16/24/32 byte key)<br />
6=twofish-cbc (32 byte key)<br />
encryption algorithm choice :<br />
*EncryptionKey (quoted string or raw hex bytes) :<br />
Mode (1=transport, 2=tunnel) :<br />
The security association has been edited.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
59263-02 B 3-19
3–Network Configuration<br />
Managing IP Security<br />
Renaming a User-Defined Association<br />
To rename a user-defined association (associaton_1), enter the<br />
Ipsec Association Rename command as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec association rename association_1 association_4<br />
The security association will be renamed. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Copying an Association<br />
You can copy both user-defined and dynamic associations. To copy an<br />
association (association_1), enter the Ipsec Association Copy command as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec association copy association_1 association_a<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Managing IKE Peers<br />
An IKE peer defines a peer device and configures the IKE security association<br />
through which the switch establishes the IP security associations defined by an<br />
IKE policy. The IKE database is made up of IKE peers and policies. In addition to<br />
creating an IKE peer, you can delete, modify, rename, and copy user-defined<br />
peers.<br />
Creating an IKE Peer<br />
To create an IKE peer, enter the Ike Peer Create command as shown in the<br />
following example:<br />
SANbox ># admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike peer create peer_1<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
3-20 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Description (string, max=127 chars, N=None) : Peer 1<br />
*Address (hostname, IPv4, or IPv6 Address) : 10.0.0.3<br />
Lifetime (decimal value, 900-86400 seconds) : 3600<br />
*Encryption (select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256 : 1 4<br />
*Integrity (select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96 : 1 2 3<br />
*DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 : 2 14<br />
Restrict (True / False) : True<br />
*Authentication (1=secret, 2=public_key) : 1<br />
*Key<br />
(quoted string or raw hex bytes)<br />
maximum length for quoted string = 128<br />
maximum length for raw hex bytes = 256<br />
the raw hex length must be even : 0x11223344<br />
Deleting an IKE Peer<br />
The IKE peer has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-IPSEC) #> ipsec save<br />
To delete an IKE peer, enter the Ike Peer Delete command as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike peer delete peer_1<br />
The IKE peer will be deleted. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
59263-02 B 3-21
3–Network Configuration<br />
Managing IP Security<br />
Modifying an IKE Peer<br />
To modify an existing IKE peer, enter the Ike Peer Edit command in an Admin<br />
session and an Ipsec Edit session as shown in the following example. An asterisk<br />
(*) indicates a required entry.<br />
SANbox ># admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike peer edit peer_1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press ’q’ or ’Q’ and the ENTER key to do so.<br />
Current Values:<br />
Description Peer 1<br />
Address 10.0.0.3<br />
Lifetime<br />
3600 (seconds)<br />
Encryption<br />
3des_cbc aes_cbc_256<br />
Integrity<br />
md5_96 sha1_96 sha2_256<br />
DHGroup 2 14<br />
Restrict<br />
True<br />
Authentication secret<br />
Key<br />
0x1122334<br />
New Value (press ENTER to not specify value, 'q' to quit, 'n' for none):<br />
Description (string, max=127 chars, N=None) :<br />
*Address (hostname, IPv4, or IPv6 Address) : 10.1.2.3<br />
Lifetime (decimal value, 900-86400 seconds) :<br />
*Encryption (select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_192 :<br />
*Integrity (select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96 :<br />
*DHGroup (select one or more Diffie-Hellman Groups)<br />
1 , 2, 5, 14, 24 :<br />
Restrict (True / False) : False<br />
Authentication (1=secret) :<br />
*Key<br />
(quoted string or raw hex bytes)<br />
maximum length for quoted string = 128<br />
maximum length for raw hex bytes = 256<br />
the raw hex length must be even :<br />
The IKE peer has been edited.<br />
This configuration must be saved with the ’ipsec save’ command<br />
before it can take effect, or to discard this configuration<br />
use the ’ipsec cancel’ command.<br />
SANbox (admin-IPSEC) #> ipsec save<br />
3-22 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Renaming an IKE Peer<br />
To rename an IKE peer (peer_1), enter the Ike Peer Rename command as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike peer rename peer_1 peer_4<br />
The IKE peer will be renamed. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Copying an IKE Peer<br />
To copy an IKE peer (peer_1), enter the Ike Peer Copy command as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike peer copy peer_1 peer_a<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Managing IKE Policies<br />
An IKE policy defines and configures the IP security association on the switch and<br />
the peer device by which data traffic is selected and encrypted. The IKE database<br />
is made up of the IKE policies and peers. In addition to creating an IKE policy, you<br />
can delete, modify, rename, and copy user-defined policies.<br />
59263-02 B 3-23
3–Network Configuration<br />
Managing IP Security<br />
Creating an IKE Policy<br />
To create an IKE peer, enter the Ike Policy Create command as shown in the<br />
following example:<br />
SANbox (admin-ipsec) #> ike policy create policy_2<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string, max=127 chars, N=None) : Policy 2<br />
*Mode (1=transport, 2=tunnel) : 1<br />
*LocalAddress (IPv4, IPv6 Address or keyword 'All' : 10.0.0.3<br />
LocalPort (decimal value, 0-65535 or keyword 'All' : 1234<br />
RemotePort (decimal value, 0-65535 or keyword 'All' : 0<br />
*Peer (string, max=32 chars) : peer_1<br />
*Protocol<br />
(decimal value, 0-255, or keyword)<br />
0=NotSpecified<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any : udp<br />
Action (1=ipsec) : 1<br />
ProtectionDesired (select one, transport-mode only)<br />
1=esp Encapsulating Security Payload : 1<br />
LifetimeChild (decimal value, 900-86400 seconds) : 3600<br />
RekeyChild (True / False) : True<br />
*Encryption<br />
(select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256<br />
5=null : 1<br />
Integrity<br />
(select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96<br />
or the keyword 'None' : 1 2 3<br />
DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 or the keyword 'None' : 1 5<br />
Restrict (True / False) : True<br />
The IKE policy has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-ipsec) #> ipsec save<br />
3-24 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Deleting an IKE Policy<br />
To delete an IKE policy, enter the Ike Policy Delete command as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike policy delete policy_1<br />
The IKE policy will be deleted. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Modifying an IKE Policy<br />
To modify an existing IKE policy, enter the Ike Policy Edit command in an Admin<br />
session and an Ipsec Edit session as shown in the following example. An asterisk<br />
(*) indicates a required entry.<br />
SANbox (admin-ipsec) #> ike policy edit policy_1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Current Values:<br />
Description Policy 1<br />
Mode<br />
tunnel<br />
LocalAddress 10.0.0.6<br />
LocalPort 456<br />
RemotePort<br />
0 (All)<br />
Action<br />
ipsec<br />
LifetimeChild 3600 (seconds)<br />
RekeyChild<br />
True<br />
Restrict<br />
False<br />
New Value (press ENTER to not specify value, 'q' to quit, 'n' for none):<br />
Description (string, max=127 chars, N=None) : Policy 1a<br />
*Mode (1=transport, 2=tunnel) : 1<br />
*LocalAddress (IPv4, IPv6 Address or keyword 'All' :<br />
LocalPort (decimal value, 0-65535 or keyword 'All' :<br />
RemotePort (decimal value, 0-65535 or keyword 'All' :<br />
*Peer (string, max=32 chars) : peer_2<br />
*Protocol<br />
(decimal value, 0-255, or keyword)<br />
0=NotSpecified<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any : udp<br />
59263-02 B 3-25
3–Network Configuration<br />
Managing IP Security<br />
Action (1=ipsec) : 1<br />
ProtectionDesired (select one, transport-mode only)<br />
1=esp Encapsulating Security Payload : 1<br />
LifetimeChild (decimal value, 900-86400 seconds) : 2000<br />
RekeyChild (True / False) : true<br />
*Encryption<br />
(select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256<br />
5=null : 1 3<br />
Integrity<br />
(select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96<br />
or the keyword 'None' : 1 3<br />
DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 or the keyword 'None' : 2 5<br />
Restrict (True / False) : true<br />
Renaming an IKE Policy<br />
The IKE policy has been edited.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-IPSEC) #> ipsec save<br />
To rename an IKE policy (policy_1), enter the Ike Policy Rename command as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike policy rename policy_1 policy_4<br />
The IKE policy will be renamed. Please confirm (y/n): [n] y<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Copying an IKE Policy<br />
To copy an IKE policy (policy_1), enter the Ike Policy Copy command as shown in<br />
the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike policy copy policy_1 policy_a<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
3-26 59263-02 B
3–Network Configuration<br />
Managing IP Security<br />
Resetting the IP Security Configuration<br />
Resetting the IP Security configuration deletes all IP security policies, IP security<br />
associations, IKE peers, and IKE policies from the switch. There are two ways to<br />
do this. Within an Ipsec Edit session, enter the Ipsec Clear command, then save<br />
the changes as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec clear<br />
SANbox (admin-ipsec) #> ipsec save<br />
The IPsec configuration will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
The Reset Ipsec command deletes all security polices, security associations, IKE<br />
peers, and IKE policies from the switch, but does not require an Ipsec Edit<br />
session.<br />
SANbox #> admin start<br />
SANbox (admin) #> reset ipsec<br />
The IPsec configuration will be reset and the default values activated.<br />
Please confirm (y/n): [n] y<br />
Reset and activation in progress ....<br />
The Reset Ike command deletes all IKE peers and policies from the IKE database.<br />
59263-02 B 3-27
3–Network Configuration<br />
Managing IP Security<br />
3-28 59263-02 B
4 Switch Configuration<br />
Switch configuration consists of the following tasks:<br />
• Displaying Switch Information<br />
• Managing Switch Services<br />
• Managing Switch Configurations<br />
• Paging a Switch<br />
• Setting the Date and Time<br />
• Resetting a Switch<br />
• Installing Firmware<br />
• Testing a Switch<br />
• Verifying and Tracing Fibre Channel Connections<br />
• Managing Switch Feature Upgrades<br />
• Managing Idle Session Timers<br />
Displaying Switch Information<br />
You can display the following types of the switch information:<br />
• Name Server Information<br />
• Switch Operational Information<br />
• System Process Information<br />
• Elapsed Time Between Resets<br />
• Configuration Information<br />
• Hardware Information<br />
• Firmware Information<br />
59263-02 B 4-1
4–Switch Configuration<br />
Displaying Switch Information<br />
Name Server Information<br />
The Show Ns command displays the list of WWNs in fabric as shown in the<br />
following example:<br />
SANbox #> show ns all<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
No entries found for domain ID 1.<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
No entries found for domain ID 4.<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
1 8 (0x8) 0824ba NL 3 22:00:00:20:37:2b:08:00 20:00:00:20:37:2b:08:00<br />
2 8 (0x8) 0824c3 NL 3 22:00:00:20:37:2b:08:78 20:00:00:20:37:2b:08:78<br />
3 8 (0x8) 0824c5 NL 3 22:00:00:20:37:1b:cf:fd 20:00:00:20:37:1b:cf:fd<br />
4 8 (0x8) 0824c6 NL 3 22:00:00:20:37:2b:07:b4 20:00:00:20:37:2b:07:b4<br />
5 8 (0x8) 0824c9 NL 3 22:00:00:20:37:2b:08:57 20:00:00:20:37:2b:08:57<br />
6 8 (0x8) 0824cb NL 3 22:00:00:20:37:1b:cf:f6 20:00:00:20:37:1b:cf:f6<br />
7 8 (0x8) 0824cc NL 3 22:00:00:20:37:2b:0b:ec 20:00:00:20:37:2b:0b:ec<br />
8 8 (0x8) 0824d6 NL 3 22:00:00:20:37:2b:07:e1 20:00:00:20:37:2b:07:e1<br />
9 8 (0x8) 0824da NL 3 22:00:00:20:37:2b:0b:1a 20:00:00:20:37:2b:0b:1a<br />
10 8 (0x8) 0824e0 NL 3 22:00:00:20:37:1b:f0:7d 20:00:00:20:37:1b:f0:7d<br />
11 8 (0x8) 0824e1 NL 3 22:00:00:20:37:2b:02:f6 20:00:00:20:37:2b:02:f6<br />
12 8 (0x8) 0824e2 NL 3 22:00:00:20:37:1b:ea:b7 20:00:00:20:37:1b:ea:b7<br />
13 8 (0x8) 0824e8 NL 3 22:00:00:20:37:1b:cb:e5 20:00:00:20:37:1b:cb:e5<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
No entries found for domain ID 10.<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
No entries found for domain ID 34.<br />
4-2 59263-02 B
4–Switch Configuration<br />
Displaying Switch Information<br />
Switch Operational Information<br />
The Show Switch command displays a variety of switch operational information.<br />
These include the switch WWN, domain ID, firmware version, administrative state,<br />
and operational state as shown in the following example:<br />
SANbox #> show switch<br />
Switch Information<br />
------------------<br />
SymbolicName<br />
SANbox<br />
SwitchWWN<br />
10:00:00:c0:dd:00:bc:56<br />
BootVersion<br />
Vx.x.x.x-0 (day month date time year)<br />
CreditPool 0<br />
DomainID<br />
19 (0x13)<br />
FirstPortAddress 130000<br />
FlashSize - MBytes 128<br />
LogFilterLevel<br />
Critical<br />
MaxPorts 24<br />
NumberOfResets 15<br />
ReasonForLastReset<br />
PowerUp<br />
ActiveImageVersion - build date Vx.x.x.0 (day month date time year)<br />
PendingImageVersion - build date Vx.x.x.0 (day month date time year)<br />
ActiveConfiguration<br />
default<br />
AdminState<br />
Online<br />
AdminModeActive<br />
False<br />
BeaconOnStatus<br />
Off<br />
OperationalState<br />
Online<br />
PrincipalSwitchRole<br />
False<br />
POSTFaultCode 00000000<br />
POSTStatus<br />
Passed<br />
TestFaultCode 00000000<br />
TestStatus<br />
NeverRun<br />
BoardTemp (1) - Degrees Celsius 32<br />
SwitchTemperatureStatus<br />
Normal<br />
59263-02 B 4-3
4–Switch Configuration<br />
Displaying Switch Information<br />
System Process Information<br />
The Ps command displays system process information to help you determine<br />
what processes are running and CPU usage. The following example displays<br />
current system processes.<br />
SANbox #> ps<br />
PID PPID %CPU %MEM TIME ELAPSED COMMAND<br />
244 224 0.0 0.3 00:00:04 2-03:02:31 cns<br />
245 224 0.0 0.3 00:00:06 2-03:02:31 ens<br />
246 224 0.0 0.3 00:00:09 2-03:02:31 dlog<br />
247 224 0.0 0.6 00:00:33 2-03:02:31 ds<br />
248 224 0.3 2.8 00:09:59 2-03:02:31 mgmtApp<br />
249 224 0.0 0.3 00:00:16 2-03:02:31 sys2swlog<br />
251 224 0.0 0.4 00:00:06 2-03:02:30 fc2<br />
252 224 0.0 0.6 00:00:16 2-03:02:30 nserver<br />
253 224 0.0 0.8 00:00:08 2-03:02:30 PortApp<br />
254 224 0.0 0.5 00:00:03 2-03:02:30 qfsApp<br />
255 224 0.0 0.5 00:00:09 2-03:02:30 mserver<br />
256 224 0.0 0.7 00:00:06 2-03:02:30 eport<br />
257 224 0.0 0.6 00:00:13 2-03:02:30 zoning<br />
282 254 0.0 0.5 00:00:00 2-03:02:26 qfsApp<br />
284 224 0.0 0.6 00:00:08 2-03:02:26 snmpservicepath<br />
285 282 0.0 0.5 00:00:00 2-03:02:26 qfsApp<br />
308 224 0.0 0.8 00:00:29 2-03:02:25 cim_server<br />
322 224 0.0 0.7 00:00:16 2-03:02:24 util<br />
323 224 0.0 0.4 00:00:09 2-03:02:24 port_mon<br />
324 224 0.0 0.5 00:00:07 2-03:02:24 diagAgent<br />
325 224 0.0 0.4 00:00:03 2-03:02:24 diagExec<br />
289 224 0.0 0.4 00:00:00 2-03:02:25 snmpd<br />
290 224 0.0 0.5 00:00:00 2-03:02:25 snmpmain<br />
335 290 0.0 0.5 00:00:00 2-03:02:23 snmpmain<br />
336 335 0.0 0.5 00:00:00 2-03:02:23 snmpmain<br />
The column titles are as follows:<br />
• PID–Process identifier<br />
• PPID–Parent process identifier<br />
• %CPU–Percentage CPU usage<br />
• %MEM–Percentage memory usage<br />
• TIME–Actual processing time<br />
• ELAPSED–Elapsed time since the process started<br />
• COMMAND–The command that initiated the process.<br />
4-4 59263-02 B
4–Switch Configuration<br />
Displaying Switch Information<br />
Elapsed Time Between Resets<br />
The Uptime command displays the elapsed time since the switch was last reset<br />
and the reset method. A hot reset or non-disruptive firmware activation does not<br />
reset the elapsed time reported by this command. The following example displays<br />
the time since the last reset.<br />
SANbox #> uptime<br />
Elapsed up time : 0 day(s), 2 hour(s), 28 min(s), 44 sec(s)<br />
Reason last reset: NormalReset<br />
Configuration Information<br />
The Show Config command displays a variety of configuration information at the<br />
port and switch levels. In addition to the basic switch configurations, the Show<br />
Config command displays parameters that control how data is maintained in the<br />
security and zoning databases. The Show Config command displays the following<br />
types of information:<br />
• Switch Configuration Parameters<br />
• Zoning Configuration Parameters<br />
• Security Configuration Parameters<br />
Refer to “Displaying Port Information” on page 5-1 for information about displaying<br />
port configuration information.<br />
Switch Configuration Parameters<br />
Enter the Show Config Switch command to display the switch configuration<br />
parameters. These parameters determine the operational characteristics of the<br />
switch. Refer to Table 13-24 for a description these parameters.<br />
SANbox #> show config switch<br />
Configuration Name: default<br />
-------------------<br />
Switch Configuration Information<br />
--------------------------------<br />
AdminState<br />
Online<br />
BroadcastEnabled False<br />
InbandEnabled<br />
True<br />
FDMIEnabled<br />
False<br />
FDMIEntries 10<br />
DefaultDomainID 19 (0x13)<br />
DomainIDLock<br />
True<br />
SymbolicName<br />
sw108<br />
R_A_TOV 10000<br />
E_D_TOV 2000<br />
PrincipalPriority 254<br />
ConfigDescription Default Config<br />
ConfigLastSavedBy admin@OB-session5<br />
ConfigLastSavedOn day month date time year<br />
59263-02 B 4-5
4–Switch Configuration<br />
Displaying Switch Information<br />
InteropMode<br />
Standard<br />
Zoning Configuration Parameters<br />
Enter the Show Config Zoning command to display zoning configuration<br />
parameters. These parameters determine how zoning is applied to the switch.<br />
Refer to Table 13-26 for a description of these parameters.<br />
SANbox #> show config zoning<br />
Configuration Name: default<br />
-------------------<br />
Zoning Configuration Information<br />
--------------------------------<br />
MergeAutoSave<br />
True<br />
DefaultZone<br />
Allow<br />
DiscardInactive False<br />
Security Configuration Parameters<br />
Enter the Show Config Security command to display security configuration and<br />
port binding parameters. These parameters determine how security is applied to<br />
the switch. Refer to Table 13-22 for a description of the switch security<br />
configuration parameters. Refer to Table 13-23 for a description of the port binding<br />
parameters.<br />
SANbox #> show config security<br />
Configuration Name: default<br />
-------------------<br />
Switch Security Configuration Information<br />
-----------------------------------------<br />
FabricBindingEnabled False<br />
AutoSave<br />
True<br />
Port Binding Status WWN<br />
---- -------------- ---<br />
0 True 10:20:30:40:50:60:70:80<br />
1 True 10:20:30:40:50:60:70:80<br />
2 False No port binding entries found.<br />
3 True 10:20:30:40:50:60:70:80<br />
4 True 10:20:30:40:50:60:70:80<br />
5 False No port binding entries found.<br />
6 True 10:20:30:40:50:60:70:81<br />
7 False No port binding entries found.<br />
8 True 10:20:30:40:50:60:70:80<br />
9 False No port binding entries found.<br />
10 False No port binding entries found.<br />
11 False No port binding entries found.<br />
12 False No port binding entries found.<br />
4-6 59263-02 B
4–Switch Configuration<br />
Displaying Switch Information<br />
13 False No port binding entries found.<br />
14 False No port binding entries found.<br />
15 False No port binding entries found.<br />
16 False No port binding entries found.<br />
17 False No port binding entries found.<br />
18 False No port binding entries found.<br />
19 False No port binding entries found.<br />
20 False No port binding entries found.<br />
21 False No port binding entries found.<br />
22 False No port binding entries found.<br />
23 False No port binding entries found.<br />
Hardware Information<br />
Enter the Show Chassis command to display the status of the switch hardware<br />
including fans, power supplies, internal temperature, and Heartbeat LED status.<br />
SANbox #> show chassis<br />
Chassis Information<br />
-------------------<br />
BoardTemp (1) - Degrees Celsius 36<br />
FanStatus (1)<br />
Good<br />
FanStatus (2)<br />
Good<br />
FanDirection (1)<br />
BackToFront<br />
FanDirection (2)<br />
BackToFront<br />
PowerSupplyStatus (1)<br />
Good<br />
PowerSupplyStatus (2)<br />
Good<br />
HeartBeatCode 1<br />
HeartBeatStatus<br />
Normal<br />
The HeartBeatCode and HeartBeatStatus entries indicate the Power-on Self Test<br />
(POST) results revealed by the Heartbeat LED blink patterns. The result is normal<br />
operation or a blink pattern indicating a critical error as described in Table 4-1.<br />
Refer to the <strong>QLogic</strong> 5800V Series Stackable Fibre Channel Switch Installation<br />
<strong>Guide</strong> for more information about the Heartbeat LED and its blink patterns.<br />
Table 4-1. Heartbeat LED Activity<br />
HeartBeatCode–HeartBeatStatus<br />
1–Normal<br />
2–AppDied<br />
3–PostFailed<br />
4–CorruptFilesystem<br />
5–Overheating<br />
Description<br />
One blink per second–Normal operation<br />
Two blink cluster–Internal firmware failure<br />
Three blink cluster–Fatal POST error<br />
Four blink cluster–Configuration file system<br />
error<br />
Five blink cluster– Over temperature<br />
59263-02 B 4-7
4–Switch Configuration<br />
Displaying Switch Information<br />
Firmware Information<br />
Enter the Show Version command to display a summary of switch identity<br />
information including the firmware version. The following is an example of the<br />
Show Version command:<br />
SANbox #> show version<br />
*****************************************************<br />
* *<br />
* <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> SHell (CLISH) *<br />
* *<br />
*****************************************************<br />
SystemDescription<br />
<strong>QLogic</strong> 5800V FC Switch<br />
HostName<br />
<br />
EthIPv4NetworkAddress 10.20.11.192<br />
EthIPv6NetworkAddress ::<br />
MACAddress<br />
00:c0:dd:00:71:ee<br />
WorldWideName<br />
10:00:00:c0:dd:00:71:ed<br />
ChassisSerialNumber 033100024<br />
SymbolicName<br />
SANbox<br />
ActiveSWVersion<br />
V8.0.x.x.xx.xx<br />
ActiveTimestamp<br />
day month date time year<br />
POSTStatus<br />
Passed<br />
LicensedPorts 24<br />
SwitchMode<br />
Full Fabric<br />
4-8 59263-02 B
4–Switch Configuration<br />
Managing Switch Services<br />
Managing Switch Services<br />
You can configure your switch to suit the demands of your environment by<br />
enabling or disabling a variety of switch services. You manage the switch services<br />
using the Show Setup Services and Set Setup Services commands. Refer to<br />
Table 13-30 for a description of the switch services.<br />
Enter the Show Setup Services command to display the current switch service<br />
status as shown in the following example:<br />
SANbox #> show setup services<br />
System Services<br />
-----------------------------<br />
TelnetEnabled<br />
True<br />
SSHEnabled<br />
False<br />
GUIMgmtEnabled<br />
True<br />
SSLEnabled<br />
False<br />
EmbeddedGUIEnabled True<br />
SNMPEnabled<br />
True<br />
NTPEnabled<br />
True<br />
CIMEnabled<br />
True<br />
FTPEnabled<br />
True<br />
MgmtServerEnabled<br />
True<br />
CallHomeEnabled<br />
True<br />
Enter the Set Setup Services command within an Admin session to configure the<br />
switch services as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> set setup services<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
PLEASE NOTE:<br />
-----------<br />
* Further configuration may be required after enabling a service.<br />
* If services are disabled, the connection to the switch may be lost.<br />
* When enabling SSL, please verify that the date/time settings<br />
on this switch and the workstation from where the SSL connection<br />
will be started match, and then a new certificate may need to be<br />
created to ensure a secure connection to this switch.<br />
TelnetEnabled (True / False) [True ]<br />
SSHEnabled (True / False) [False]<br />
GUIMgmtEnabled (True / False) [True ]<br />
59263-02 B 4-9
4–Switch Configuration<br />
Managing Switch Configurations<br />
SSLEnabled (True / False) [False]<br />
EmbeddedGUIEnabled (True / False) [True ]<br />
SNMPEnabled (True / False) [True ]<br />
NTPEnabled (True / False) [False]<br />
CIMEnabled (True / False) [False]<br />
FTPEnabled (True / False) [True ]<br />
MgmtServerEnabled (True / False) [True ]<br />
CallHomeEnabled (True / False) [True ]<br />
Do you want to save and activate this services setup? (y/n): [n]<br />
Managing Switch Configurations<br />
The switch configuration determines the basic operational characteristics of the<br />
switch. A switch can save up to 10 configurations including the default<br />
configuration, named Default Config. The current switch operating characteristics<br />
are determined by the active configuration. Only one configuration can be active<br />
at one time.<br />
Each switch configuration contains switch, port, port threshold alarm, and zoning<br />
configuration components. Managing Switch Configurations describes the<br />
following tasks:<br />
• Displaying a List of Switch Configurations<br />
• Activating a Switch Configuration<br />
• Copying a Switch Configuration<br />
• Deleting a Switch Configuration<br />
• Modifying a Switch Configuration<br />
• Backing Up and Restoring a Switch Configuration<br />
Displaying a List of Switch Configurations<br />
Enter the Config List command to display the configurations stored on the switch<br />
as show in the following example. Notice that the Config List command does not<br />
require an Admin session.<br />
SANbox #> config list<br />
Current list of configurations<br />
------------------------------<br />
default<br />
config_1<br />
config_2<br />
4-10 59263-02 B
4–Switch Configuration<br />
Managing Switch Configurations<br />
Activating a Switch Configuration<br />
Enter the Config Activate command in an Admin session to activate a switch<br />
configuration (config_1) as shown in the following example:<br />
SANbox (admin) config activate config_1<br />
Copying a Switch Configuration<br />
Enter the Config Copy command in an Admin session to create a copy of an<br />
existing configuration as shown in the following example:<br />
SANbox (admin) config copy config_1 config_2<br />
Deleting a Switch Configuration<br />
Enter the Config Delete command in an Admin session to delete a configuration<br />
from the switch as shown in the following example. You cannot delete the active<br />
configuration nor the default configuration (Default Config).<br />
SANbox (admin) config delete config_2<br />
Modifying a Switch Configuration<br />
To modify a switch configuration, you must open an Admin session with the Admin<br />
Start command. An Admin session prevents other accounts from making changes<br />
at the same time through Telnet, Enterprise Fabric Suite, or another management<br />
application. You must also open a Config Edit session with the Config Edit<br />
command and indicate which configuration you want to modify. If you do not<br />
specify a configuration name the active configuration is assumed.<br />
The Config Edit session provides access to the Set Config commands with which<br />
you make modifications to the port, switch, port threshold alarm, or zoning<br />
configuration components as shown:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
The config named default is being edited.<br />
SANbox (admin-config)#> set config port . . .<br />
SANbox (admin-config)#> set config switch . . .<br />
SANbox (admin-config)#> set config threshold . . .<br />
SANbox (admin-config)#> set config zoning . . .<br />
SANbox (admin-config)#> set config security . . .<br />
59263-02 B 4-11
4–Switch Configuration<br />
Managing Switch Configurations<br />
The Config Save command saves the changes you made during the Config Edit<br />
session. In this case, changes to the configuration named Default are being saved<br />
to a new configuration named config_10132003. However, the new configuration<br />
does not take effect until you activate it with the Config Activate command:<br />
SANbox (admin-config)#> config save config_10132003<br />
SANbox (admin)#> config activate config_10132003<br />
SANbox (admin)#> admin end<br />
The Admin End command releases the Admin session for other administrators<br />
when you are done making changes to the switch.<br />
The following is an example of the Set Config Switch command. Refer to<br />
Table 13-24 for a description of the switch configuration parameters.<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config switch<br />
A list of attributes with formatting and default values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
AdminState (1=Online, 2=Offline, 3=Diagnostics) [Online ]<br />
BroadcastEnabled (True / False) [True ]<br />
InbandEnabled (True / False) [True ]<br />
FDMIEnabled (True / False) [True ]<br />
FDMIEntries (decimal value, 0-1000) [1000 ]<br />
DefaultDomainID (decimal value, 1-239) [2 ]<br />
DomainIDLock (True / False) [False ]<br />
SymbolicName (string, max=32 chars) [SANbox ]<br />
R_A_TOV (decimal value, 100-100000 msec) [10000 ]<br />
E_D_TOV (decimal value, 10-20000 msec) [2000 ]<br />
PrincipalPriority (decimal value, 1-255) [254 ]<br />
ConfigDescription (string, max=64 chars) [Default Config]<br />
To make temporary changes to the switch administrative state, enter the<br />
Set Switch State command.<br />
4-12 59263-02 B
4–Switch Configuration<br />
Managing Switch Configurations<br />
Backing Up and Restoring a Switch Configuration<br />
Successful management of switches and fabrics depends on the effective use of<br />
switch configurations. Backing up and restoring a configuration is useful to protect<br />
your work or for use as a template in configuring other switches. Backing up and<br />
restoring the switch configuration involves the following:<br />
• Creating the Backup File<br />
• Downloading the Configuration File<br />
• Restoring the Configuration File<br />
Creating the Backup File<br />
The Config Backup command creates a file on the switch, named configdata. This<br />
file can be used to restore a switch configuration only from the command line<br />
interface; it cannot be used to restore a switch using Enterprise Fabric Suite.<br />
SANbox #> config backup<br />
The configdata file contains the following switch configuration information:<br />
• All named switch configurations including port, switch, port threshold alarm<br />
and zoning configurations.<br />
• All SNMP and network information defined with the Set Setup command.<br />
• The zoning database includes all zone sets, zones, and aliases.<br />
• The security database except the group primary and secondary secrets.<br />
• The Call Home database and Call Home service configuration.<br />
NOTE:<br />
Configuration backup files are deleted from the switch during a power cycle<br />
or switch reset.<br />
59263-02 B 4-13
4–Switch Configuration<br />
Managing Switch Configurations<br />
Downloading the Configuration File<br />
You use FTP to download the configdata file to your workstation for safe keeping<br />
and to upload the file back to the switch for the restore function. To download the<br />
configdata file, open an FTP session on the switch and login with the account<br />
name images and password images. Transfer the file in binary mode with the Get<br />
command as shown in the following example:<br />
>ftp ip_address<br />
user:images<br />
password: images<br />
ftp>bin<br />
ftp>get configdata<br />
xxxxx bytes sent in xx secs.<br />
ftp>quit<br />
You should rename the configdata file on your workstation with the switch name<br />
and date, for example, config_switch_169_10112003.<br />
4-14 59263-02 B
4–Switch Configuration<br />
Managing Switch Configurations<br />
Restoring the Configuration File<br />
The restore operation begins with FTP to upload the configuration file from the<br />
workstation to the switch, then finishes with a Telnet session and the Config<br />
Restore command. To upload the configuration file, config_switch_169_10112003<br />
in this case, open and FTP session with account name images and password<br />
images. Transfer the file in binary mode with the Put command as shown in the<br />
following example:<br />
ftp ip_address<br />
user: images<br />
password: images<br />
ftp> bin<br />
ftp> put config_switch_169_10112003 configdata<br />
Local file config_switch_169_10112003<br />
Remote file configdata<br />
ftp>quit<br />
The restore process replaces all configuration information on the switch and<br />
afterwards the switch is automatically reset. If the restore process changes the IP<br />
address, all management sessions are terminated. Use the Set Setup System<br />
command to return the IP configuration to the values you want. To restore the<br />
switch, open a Telnet session (a new IP address may be required), then enter the<br />
Config Restore command from within an Admin session as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> config restore<br />
The switch will be reset after restoring the configuration.<br />
Please confirm (y/n): [n] y<br />
Alarm Msg: [day month date time year][A1005.0021][SM][Configuration is being<br />
restored - this could take several minutes]<br />
Alarm Msg: [day month date time year][A1000.000A][SM][The switch will be reset in<br />
3 seconds due to a config restore]<br />
SANbox (admin) #><br />
Alarm Msg: [day month date time year][A1000.0005][SM][The switch is being reset]<br />
59263-02 B 4-15
4–Switch Configuration<br />
Paging a Switch<br />
Paging a Switch<br />
To help you locate a particular switch in a rack of switches, you can turn on the<br />
beacon feature with the Set Beacon command. This causes all port Logged-In<br />
LEDs to flash in unison. The following is an example of how to turn the beacon on<br />
and off.<br />
SANbox #> set beacon on<br />
SANbox $> set beacon off<br />
Setting the Date and Time<br />
The switch date and time can be set explicitly using the Date command or it can<br />
be set automatically through a Network Time Protocol (NTP) server. The Date<br />
command also displays the current time. Unlike the Date command, the NTP<br />
server also synchronizes the date and time on the switch with the date and time<br />
on the workstation, which is required for Secure Socket Layer (SSL) connections.<br />
NOTE:<br />
To set the date with the Date command, the NTP client must be disabled.<br />
For information about disabling the NTPClientEnabled parameter, refer to<br />
the Set Setup System command.<br />
If you are using the date command, you can set the time zone using the<br />
Set Timezone command. The default time zone is Universal Time (UTC) also<br />
known as Greenwich Mean Time (GMT). Changing the time zone converts the<br />
current time to the time in the new time zone. For this reason, if you are not using<br />
an NTP server, set the time zone first, then set the date and time.<br />
See the following date and time management examples:<br />
• Displaying the Date and Time<br />
• Setting the Date and Time Explicitly<br />
• Setting the Date and Time through NTP<br />
Displaying the Date and Time<br />
Enter the Date command to display the date and time as shown in the following<br />
example:<br />
SANbox #> date<br />
Mon Apr 07 07:51:24 200x<br />
4-16 59263-02 B
4–Switch Configuration<br />
Setting the Date and Time<br />
Setting the Date and Time Explicitly<br />
To set the switch date and time explicitly, use the Set Timezone and Date<br />
commands. To change the time zone (to America/North Dakota, for example),<br />
enter the Set Timezone command in an Admin session, as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> set timezone<br />
Africa<br />
America<br />
Antarctica<br />
Asia<br />
Atlantic<br />
Australia<br />
Europe<br />
Indian<br />
Pacific<br />
UTC<br />
Press ENTER for more options or 'q' to make a selection.<br />
America/Grenada<br />
America/Guatemala<br />
America/Guyana<br />
America/Havana<br />
America/Indiana<br />
.<br />
.<br />
.<br />
America/Monterrey<br />
America/Montreal<br />
America/Nassau<br />
America/Nipigon<br />
America/Noronha<br />
America/Panama<br />
America/Guadeloupe<br />
America/Guayaquil<br />
America/Halifax<br />
America/Hermosillo<br />
America/Indianapolis<br />
America/Montevideo<br />
America/Montserrat<br />
America/New_York<br />
America/Nome<br />
America/North_Dakota<br />
America/Pangnirtung<br />
q<br />
Press ENTER for more options or 'q' to make a selection.<br />
Enter selection (or 'q' to quit): america/north_dakota<br />
America/North_Dakota/Center<br />
Enter selection (or 'q' to quit): america/north_dakota/center<br />
To set the date and time (January 31, 10:15 AM, 2008), enter the date command,<br />
as shown in the following example:<br />
SANbox (admin) #> date 013110152008<br />
SANbox (admin) #> date<br />
Thu Jan 31 10:15:03 america/north_dakota/center 2008<br />
59263-02 B 4-17
4–Switch Configuration<br />
Setting the Date and Time<br />
Setting the Date and Time through NTP<br />
An NTP server can automatically set the switch date and time. To configure the<br />
switch to use an NTP server, enter the Set Setup System Ntp command in an<br />
Admin session to enable the NTP client on the switch and specify the NPT server<br />
IP address, as shown in the following example:<br />
SANbox (admin) #> set setup system ntp<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
NTPClientEnabled False<br />
NTPServerDiscovery Static<br />
NTPServerAddress 10.20.10.10<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
NTPClientEnabled (True / False) : True<br />
NTPServerDiscovery (1=Static, 2=Dhcp, 3=Dhcpv6) :<br />
NTPServerAddress (hostname, IPv4, or IPv6 Address) : 10.20.3.4<br />
Do you want to save and activate this system setup? (y/n): [n] y<br />
4-18 59263-02 B
4–Switch Configuration<br />
Resetting a Switch<br />
Resetting a Switch<br />
Table 4-2 describes the methods for resetting a switch, the corresponding<br />
command, and the impact on the switch.<br />
Table 4-2. Switch Reset Methods<br />
Description<br />
Hot Reset<br />
(Hotreset<br />
command)<br />
Soft Reset<br />
(Reset<br />
Switch<br />
command)<br />
Hard Reset<br />
(Hardreset<br />
Switch<br />
command)<br />
Activates pending firmware ✔ ✔ ✔<br />
Disrupts I/O traffic ✔ ✔<br />
Reconnects Enterprise Fabric<br />
Suite and QuickTools sessions<br />
afterwards<br />
✔ ✔ ✔<br />
Clears the event log ✔ ✔ ✔<br />
Deletes supports files, firmware<br />
image files that have not been<br />
unpacked, and configuration<br />
backup files<br />
✔<br />
✔<br />
Closes all management sessions ✔ ✔ ✔<br />
Performs power-on self test<br />
✔<br />
Installing Firmware<br />
New firmware becomes available periodically either on CD-ROM or from the<br />
<strong>QLogic</strong> web site. Installing firmware on a switch involves the following steps:<br />
1. Download the firmware image file to the switch.<br />
2. Unpack the firmware image file.<br />
3. Activate the new firmware. The activation can be disruptive or<br />
non-disruptive. Refer to “Non-disruptive Activation” on page 4-20 for<br />
information about the conditions for a non-disruptive activation.<br />
The Firmware Install and the Image Install commands automate the firmware<br />
installation process and perform a disruptive activation as described in “One-Step<br />
Firmware Installation” on page 4-21. To perform a nondisruptive activation, refer to<br />
“Custom Firmware Installation” on page 4-22.<br />
59263-02 B 4-19
4–Switch Configuration<br />
Installing Firmware<br />
Non-disruptive Activation<br />
You can load and activate firmware upgrades on an operating switch without<br />
disrupting data traffic or having to re-initialize attached devices. If the<br />
non-disruptive activation fails, you will usually be prompted to try again later.<br />
Otherwise, the switch will perform a disruptive activation. A disruptive activation<br />
interrupts Fibre Channel data traffic on the switch, while a non-disruptive<br />
activation does not. For information about non-disruptive firmware versions, see<br />
the Firmware Release Notes.<br />
To ensure a successful non-disruptive activation, you should first satisfy the<br />
following conditions:<br />
• No changes are being made to switches in the fabric including powering up,<br />
powering down, disconnecting or connecting ISLs, changing switch<br />
configurations, or installing firmware.<br />
• No port on the switch is in the diagnostic state.<br />
• No Zoning Edit sessions are open on the switch.<br />
• No changes are being made to attached devices including powering up,<br />
powering down, disconnecting, connecting, and HBA configuration changes.<br />
• For a fabric in which one or more switches are running firmware prior to<br />
version 8.0, only one Enterprise Fabric Suite session can be open.<br />
Install firmware on one switch at a time in the fabric. If you are installing firmware<br />
on one switch, wait two minutes after the activation is complete before installing<br />
firmware on a second switch.<br />
Ports that change states during the non-disruptive activation, will be reset. When<br />
the non-disruptive activation is complete, Enterprise Fabric Suite and QuickTools<br />
sessions reconnect automatically. However, Telnet sessions must be restarted<br />
manually.<br />
NOTE:<br />
After upgrading firmware that includes changes to QuickTools, a QuickTools<br />
session that was open during the upgrade may indicate that the new<br />
firmware is not supported. To correct this, close the QuickTools session and<br />
the browser window, then open a new QuickTools session.<br />
4-20 59263-02 B
4–Switch Configuration<br />
Installing Firmware<br />
One-Step Firmware Installation<br />
The Firmware Install and Image Install commands download the firmware image<br />
file from an FTP or TFTP server to the switch, unpacks the image file, and<br />
performs a disruptive activation in one step. The one-step installation process<br />
prompts you to enter the following:<br />
• The file transfer protocol (FTP or TFTP)<br />
• IP address of the remote host<br />
• An account name and password on the remote host (FTP only)<br />
• Pathname for the firmware image file<br />
1. Enter the following commands to download the firmware from a remote host<br />
to the switch, install the firmware, then reset the switch to activate the<br />
firmware.<br />
SANbox #> admin start<br />
SANbox #> firmware install<br />
The switch will be reset. This process will cause a<br />
disruption to I/O traffic.<br />
Continuing with this action will terminate all management<br />
sessions,including any Telnet sessions. When the firmware<br />
activation is complete, you may log in to the switch again.<br />
Do you want to continue? [y/n]: y<br />
Press 'q' and the ENTER key to abort this command.<br />
2. Enter your choice for the file transfer protocol with which to download the<br />
firmware image file. FTP requires an user account and a password; TFTP<br />
does not.<br />
FTP or TFTP<br />
: ftp<br />
3. Enter your account name on the remote host (FTP only) and the IP address<br />
of the remote host. When prompted for the source file name, enter the path<br />
for the firmware image file.<br />
User Account : johndoe<br />
IP Address : 10.0.0.254<br />
Source Filename : 8.0.00.00_epc<br />
About to install image. Do you want to continue? [y/n] y<br />
59263-02 B 4-21
4–Switch Configuration<br />
Installing Firmware<br />
4. When prompted to install the new firmware, enter Yes to continue or No to<br />
cancel. Entering Yes will disrupt traffic. This is the last opportunity to cancel.<br />
About to install image. Do you want to continue? [y/n] y<br />
Connected to 10.20.20.200 (10.20.20.200).<br />
220 localhost.localdomain FTP server (Version wu-2.6.1-18)<br />
ready.<br />
5. Enter the password for your account name (FTP only).<br />
331 Password required for johndoe.<br />
Password:******<br />
230 User johndoe logged in.<br />
6. The firmware will now be downloaded from the remote host to the switch,<br />
installed, and activated.<br />
Custom Firmware Installation<br />
A custom firmware installation downloads the firmware image file from a remote<br />
host to the switch, unpacks the image file, and resets the switch in separate steps.<br />
This allows you to choose the type of switch reset and whether the activation will<br />
be disruptive (Reset Switch command) or nondisruptive (Hotreset command). The<br />
following example illustrates a custom firmware installation with a nondisruptive<br />
activation.<br />
1. Download the firmware image file from the workstation to the switch.<br />
• If your workstation has an FTP server, you can enter the Image Fetch<br />
command:<br />
SANbox #> admin start<br />
SANbox (admin) #> image fetch account_name ip_address<br />
filename<br />
• If your workstation has a TFTP server, you can enter the Image TFTP<br />
command to download the firmware image file.<br />
SANbox (admin) #> image tftp ip_address filename<br />
4-22 59263-02 B
4–Switch Configuration<br />
Testing a Switch<br />
• If your workstation has neither an FTP nor a TFTP server, open an<br />
FTP session and download the firmware image file by entering FTP<br />
commands:<br />
>ftp ip_address or switchname<br />
user:images<br />
password: images<br />
ftp>bin<br />
ftp>put filename<br />
ftp>quit<br />
2. Display the list of firmware image files on the switch to confirm that the file<br />
was loaded.<br />
SANbox #> admin start<br />
SANbox (admin) $> image list<br />
3. Unpack the firmware image file to install the new firmware in flash memory.<br />
SANbox (admin) $> image unpack filename<br />
4. Wait for the unpack to complete.<br />
Image unpack command result: Passed<br />
5. A message will prompt you to reset the switch to activate the firmware. Use<br />
the Hotreset command to attempt a non-disruptive activation.<br />
Testing a Switch<br />
SANbox (admin) $> hotreset<br />
You can test all ports on a switch using the Test Switch command. There are three<br />
test types: online, offline, and connectivity. Refer to “Testing a Port” on page 5-15<br />
for information about testing individual and ports.<br />
The following sections describe the test types, displaying test status, and<br />
cancelling a switch test:<br />
• Online Tests for Switches<br />
• Offline Tests for Switches<br />
• Connectivity Tests for Switches<br />
• Displaying Switch Test Status<br />
• Canceling a Switch Test<br />
59263-02 B 4-23
4–Switch Configuration<br />
Testing a Switch<br />
Online Tests for Switches<br />
An online test is a non-disruptive test that exercises port-to-device connections for<br />
all ports that are online. The online switch test excludes TR_Ports. The following<br />
is an example of an online test:<br />
SANbox #> admin start<br />
SANbox (admin) #> test switch online<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the default value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [100 ]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or 'Default') [Default]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
Do you want to start the test? (y/n) [n] y<br />
4-24 59263-02 B
4–Switch Configuration<br />
Testing a Switch<br />
Offline Tests for Switches<br />
An offline test is a disruptive test that exercises all port connections for a switch in<br />
the diagnostics state. You must place the switch in the diagnostics state using the<br />
Set Switch State command before starting the test. There are two types of offline<br />
test: internal loopback and external loopback.<br />
• An internal loopback test exercises all internal port connections.<br />
• An external loopback test exercises all internal port and transceiver<br />
connections. A transceiver with a loopback plug is required for all ports.<br />
The following example performs an offline internal loopback test on a switch:<br />
SANbox #> admin start<br />
SANbox (admin) #>set switch state diagnostics<br />
SANbox (admin) #> test switch offline internal<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the default value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [100 ]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or 'Default') [Default]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
Do you want to start the test? (y/n) [n] y<br />
When the test is complete, remember to place the switch back online. The switch<br />
resets when it leaves the diagnostics state.<br />
SANbox (admin) #> set switch state online<br />
59263-02 B 4-25
4–Switch Configuration<br />
Testing a Switch<br />
Connectivity Tests for Switches<br />
A connectivity test is a disruptive test that exercises all port and inter-port<br />
connections for a switch in the diagnostics state. You must place the switch in the<br />
diagnostics state using the Set Switch State command before starting the test.<br />
There are two types of connectivity test: internal loopback and external loopback.<br />
• An internal loopback test exercises all internal port and inter-port<br />
connections.<br />
• An external loopback test exercises all internal port, transceiver, and<br />
inter-port connections. A transceiver with a loopback plug is required for all<br />
ports.<br />
The following example performs a connectivity internal test on a switch:<br />
SANbox #> admin start<br />
SANbox (admin) #>set switch state diagnostics<br />
SANbox (admin) #> test switch connectivity internal<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [100 ]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or keyword 'Default') [Default]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
Do you want to start the switch test? (y/n): [n] y<br />
When the test is complete, remember to place the switch back online. The switch<br />
resets when it leaves the diagnostics state.<br />
SANbox (admin) #> set switch state online<br />
Displaying Switch Test Status<br />
You can display the test status while the test is in progress by entering the<br />
Test Status Switch command as shown in the following example:<br />
SANbox (admin) #> test status switch<br />
Test Test Test Loop Test<br />
Level Type Status Count Failures<br />
----- ---- ------ ----- --------<br />
Switch Offline internal NeverRun 33 4<br />
Port Test Test Loop Test<br />
Num Type Status Count Failures<br />
---- ---- ------ ----- --------<br />
4-26 59263-02 B
4–Switch Configuration<br />
Testing a Switch<br />
0 Offline internal StoppedOnError 12 2<br />
1 Offline internal NeverRun 1 0<br />
2 Offline internal Passed 4 0<br />
3 Offline internal NeverRun 1 0<br />
4 Offline internal NeverRun 1 0<br />
5 Offline internal NeverRun 1 0<br />
6 Offline internal NeverRun 1 0<br />
7 Offline internal NeverRun 12 2<br />
8 Unknown NeverRun 0 0<br />
9 Unknown NeverRun 0 0<br />
10 Unknown NeverRun 0 0<br />
11 Unknown NeverRun 0 0<br />
12 Unknown NeverRun 0 0<br />
13 Unknown NeverRun 0 0<br />
14 Unknown NeverRun 0 0<br />
15 Unknown NeverRun 0 0<br />
16 Unknown NeverRun 0 0<br />
17 Unknown NeverRun 0 0<br />
18 Unknown NeverRun 0 0<br />
19 Unknown NeverRun 0 0<br />
20 Unknown NeverRun 0 0<br />
21 Unknown NeverRun 0 0<br />
22 Unknown NeverRun 0 0<br />
23 Unknown NeverRun 0 0<br />
Canceling a Switch Test<br />
To cancel a switch test that is in progress, enter the Test Cancel Switch command.<br />
59263-02 B 4-27
4–Switch Configuration<br />
Verifying and Tracing Fibre Channel Connections<br />
Verifying and Tracing Fibre Channel Connections<br />
You can verify Fibre Channel connections between the switch and the fabric and<br />
display routing information. Enter the Fcping command to verify a Fibre Channel<br />
connection to a switch or a device as shown in the following example. The target<br />
device can be defined as a Fibre Channel address or a WWN.<br />
SANbox #> fcping 970400 count 3<br />
28 bytes from local switch to 0x970400 time = 10 usec<br />
28 bytes from local switch to 0x970400 time = 11 usec<br />
28 bytes from local switch to 0x970400 time = 119 usec<br />
The following is an example of a connection failure:<br />
SANbox #> fcping 0x113344 count 3<br />
28 bytes from local switch to 0x113344 failed<br />
Enter the Fctrace command to display Fibre Channel routing information between<br />
two devices as shown in the following example. The devices can be defined as<br />
Fibre Channel addresses or WWNs.<br />
SANbox#> fctrace 970400 970e00 hops 5<br />
36 bytes from 0x970400 to 0x970e00, 5 hops max<br />
Domain Ingress Port WWN Port Egress Port WWN Port<br />
------ ---------------- ---- --------------- ----<br />
97 20:04:00:c0:dd:02:cc:2e 4 20:0e:00:c0:dd:02:cc:2e 14<br />
97 20:0e:00:c0:dd:02:cc:2e 14 20:04:00:c0:dd:02:cc:2e 4<br />
4-28 59263-02 B
4–Switch Configuration<br />
Managing Switch Feature Upgrades<br />
Managing Switch Feature Upgrades<br />
The following features are available to upgrade your switch through the purchase<br />
and installation of a license key:<br />
• Enterprise Fabric Suite is a workstation-based Java ® application that<br />
provides a graphical user interface for fabric management. This includes<br />
Performance View which graphs port performance. Enterprise Fabric Suite<br />
comes with a free 30-day trial license.<br />
• Port Activation enables additional Fibre Channel ports up to the 24-port<br />
maximum.<br />
• 20Gb Activation upgrades the XPAK ports to 20Gbps.<br />
Installing a feature license key is not disruptive, nor does it require a switch reset.<br />
To order a license key, contact your switch distributor or your authorized reseller.<br />
Displaying Feature Licenses<br />
Enter the Feature Log command to display the license keys that are installed on<br />
your switch as shown in the following example:<br />
SANbox #> feature log<br />
Mfg Feature Log:<br />
----------------<br />
Switch Licensed for 8 ports<br />
Customer Feature Log:<br />
---------------------<br />
1) day month date 19:39:24 year - Switch Licensed for 24 ports<br />
1-LCVXOWUNOJBE6<br />
Installing a Feature License Key<br />
Enter the Feature Add command to install a license key on your switch as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> feature add 1-LCVXOWUNOJBE6<br />
License upgrade to 24 ports<br />
Do you want to continue with license upgrade procedure? (y/n): [n] y<br />
Alarm Msg:[day mon date time year][A1005.0030][SM][Upgrading Licensed Ports to 24]<br />
59263-02 B 4-29
4–Switch Configuration<br />
Managing Idle Session Timers<br />
Managing Idle Session Timers<br />
You can limit the duration of idle login sessions and idle Admin sessions (Admin<br />
Start command). You can specify limits up to 1,440 minutes; specifying 0 means<br />
unlimited. Idle login sessions that exceed the limit are logged off<br />
(InactivityTimeout). An idle Admin session that exceeds the limit is ended, but the<br />
login session may be maintained (AdminTimeout). By default, no limit is enforced<br />
on idle login sessions; idle Admin sessions are ended after 30 minutes.<br />
Enter the Show Setup System Timers command to display the idle login and<br />
Admin session configuration as shown in the following example:<br />
SANbox #> show setup system timers<br />
System Information<br />
------------------<br />
AdminTimeout 30<br />
InactivityTimeout 0<br />
Enter the Set Setup System Timers command to configure idle login and Admin<br />
session limits as shown in the following example:<br />
SANbox (admin) #> set setup system timers<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
AdminTimeout 30<br />
InactivityTimeout 0<br />
New Value (press ENTER to accept current value, 'q' to quit):<br />
AdminTimeout (dec value 0-1440 minutes, 0=never) :<br />
InactivityTimeout (dec value 0-1440 minutes, 0=never) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
4-30 59263-02 B
5 Port Configuration<br />
This section describes the following topics:<br />
• Displaying Port Information<br />
• Modifying Port Operating Characteristics<br />
• Configuring Transparent Routing<br />
• Port Binding<br />
• Resetting a Port<br />
• Configuring Port Threshold Alarms<br />
• Testing a Port<br />
• Displaying Extended Credit Status<br />
Displaying Port Information<br />
You can display the following port information:<br />
• Port Configuration Parameters<br />
• Port Operational Information<br />
• Port Threshold Alarm Configuration Parameters<br />
• Port Performance<br />
59263-02 B 5-1
5–Port Configuration<br />
Displaying Port Information<br />
Port Configuration Parameters<br />
Enter the Show Config Port command to display the port configuration<br />
parameters. These parameters determine the operational characteristics of the<br />
port. Refer to Table 13-21 for a description of these parameters.<br />
SANbox #> show config port 0<br />
Configuration Name: default<br />
-----------------------------<br />
Port Number: 0<br />
------------<br />
AdminState<br />
Offline<br />
LinkSpeed<br />
Auto<br />
PortType<br />
GL<br />
SymbolicName Port0<br />
ALFairness<br />
False<br />
DeviceScanEnabled True<br />
ForceOfflineRSCN False<br />
ARB_FF<br />
False<br />
InteropCredit 0<br />
ExtCredit 0<br />
FANEnabled<br />
True<br />
AutoPerfTuning False<br />
LCFEnabled<br />
False<br />
MFSEnabled<br />
True<br />
VIEnabled<br />
False<br />
MSEnabled<br />
True<br />
NoClose<br />
False<br />
IOStreamGuard Disabled<br />
PDISCPingEnable True<br />
5-2 59263-02 B
5–Port Configuration<br />
Displaying Port Information<br />
Port Operational Information<br />
Enter the Show Port command to display port operational information.<br />
SANbox #> show port 1<br />
Port Number: 1<br />
------------<br />
AdminState Online OperationalState Offline<br />
AsicNumber 0 PerfTuningMode Normal<br />
AsicPort 2 PortID 3a0100<br />
ConfigType GL PortWWN 20:01:00:c0:dd:0d:4f:08<br />
POSTFaultCode 00000000 RunningType Unknown<br />
POSTStatus Passed MediaPartNumber FTLF8528P2BCV<br />
DownstreamISL False MediaRevision A<br />
EpConnState None MediaType 800-MX-SN-S<br />
EpIsoReason NotApplicable MediaVendor FINISAR CORP.<br />
IOStreamGuard Disabled MediaVendorID 00009065<br />
Licensed True SymbolicName Port1<br />
LinkSpeed Auto SyncStatus SyncLost<br />
LinkState Inactive TestFaultCode 00000000<br />
LoginStatus NotLoggedIn TestStatus NeverRun<br />
MaxCredit 16 UpstreamISL False<br />
MediaSpeeds 2Gb/s, 4Gb/s, 8Gb/s XmitterEnabled True<br />
ALInit 1 LIP_F8_F7 0<br />
ALInitError 0 LinkFailures 0<br />
BadFrames 0 Login 0<br />
BBCR_FrameFailures 0 Logout 0<br />
BBCR_RRDYFailures 0 LongFramesIn 0<br />
Class2FramesIn 0 LoopTimeouts 0<br />
Class2FramesOut 0 LossOfSync 0<br />
Class2WordsIn 0 LostFrames 0<br />
Class2WordsOut 0 LostRRDYs 0<br />
Class3FramesIn 0 PrimSeqErrors 0<br />
Class3FramesOut 0 RxLinkResets 0<br />
Class3Toss 0 RxOfflineSeq 0<br />
Class3WordsIn 0 ShortFramesIn 0<br />
Class3WordsOut 0 TotalErrors 0<br />
DecodeErrors 0 TotalLinkResets 0<br />
EpConnects 0 TotalLIPsRecvd 0<br />
FBusy 0 TotalLIPsXmitd 2<br />
FlowErrors 0 TotalOfflineSeq 0<br />
FReject 0 TotalRxFrames 0<br />
InvalidCRC 0 TotalRxWords 0<br />
InvalidDestAddr 0 TotalTxFrames 0<br />
LIP_AL_PD_AL_PS 0 TotalTxWords 0<br />
LIP_F7_AL_PS 0 TxLinkResets 0<br />
LIP_F7_F7 0 TxOfflineSeq 0<br />
LIP_F8_AL_PS 0<br />
59263-02 B 5-3
5–Port Configuration<br />
Displaying Port Information<br />
Port Threshold Alarm Configuration Parameters<br />
Enter the Show Config Threshold command to display the port threshold alarm<br />
parameters. These parameters determine the error thresholds at which the switch<br />
issues alarms. Refer to Table 13-25 for a description of these parameters.<br />
SANbox #> show config threshold<br />
Configuration Name: default<br />
------------<br />
Threshold Configuration Information<br />
-----------------------------------<br />
ThresholdMonitoringEnabled False<br />
CRCErrorsMonitoringEnabled True<br />
RisingTrigger 25<br />
FallingTrigger 1<br />
SampleWindow 10<br />
DecodeErrorsMonitoringEnabled True<br />
RisingTrigger 25<br />
FallingTrigger 0<br />
SampleWindow 10<br />
ISLMonitoringEnabled<br />
True<br />
RisingTrigger 2<br />
FallingTrigger 0<br />
SampleWindow 10<br />
LoginMonitoringEnabled<br />
True<br />
RisingTrigger 5<br />
FallingTrigger 1<br />
SampleWindow 10<br />
LogoutMonitoringEnabled<br />
True<br />
RisingTrigger 5<br />
FallingTrigger 1<br />
SampleWindow 10<br />
LOSMonitoringEnabled<br />
True<br />
RisingTrigger 100<br />
FallingTrigger 5<br />
SampleWindow 10<br />
5-4 59263-02 B
5–Port Configuration<br />
Displaying Port Information<br />
Port Performance<br />
Enter the Show Perf command to display port performance in terms of the volume<br />
of data transmitted, data received, or errors. You can display continuous live<br />
performance information for one or more ports, or an instantaneous summary. The<br />
following example displays an instantaneous summary in bytes and frames.<br />
Values are expressed in thousands (K) and millions (M) of bytes or frames per<br />
second.<br />
SANbox #> show perf<br />
Port Bytes/s Bytes/s Bytes/s Frames/s Frames/s Frames/s<br />
Number (in) (out) (total) (in) (out) (total)<br />
------ ------- ------- ------- -------- -------- --------<br />
0 7K 136M 136M 245 68K 68K<br />
1 58K 0 58K 1K 0 1K<br />
2 0 0 0 0 0 0<br />
3 0 0 0 0 0 0<br />
4 0 0 0 0 0 0<br />
5 0 0 0 0 0 0<br />
6 0 7K 7K 0 245 245<br />
7 136M 58K 136M 68K 1K 70K<br />
8 7K 136M 136M 245 68K 68K<br />
9 58K 0 58K 1K 0 1K<br />
10 0 0 0 0 0 0<br />
11 0 0 0 0 0 0<br />
12 0 0 0 0 0 0<br />
13 0 0 0 0 0 0<br />
14 0 7K 7K 0 245 245<br />
15 136M 58K 136M 68K 1K 70K<br />
16 47M 23K 47M 23K 726 24K<br />
17 0 0 0 0 0 0<br />
18 23K 47M 47M 726 23K 24K<br />
19 0 0 0 0 0 0<br />
20 0 0 0 0 0 0<br />
21 0 0 0 0 0 0<br />
22 0 0 0 0 0 0<br />
23 0 0 0 0 0 0<br />
59263-02 B 5-5
5–Port Configuration<br />
Displaying Port Information<br />
Transceiver Information<br />
Enter the Show Media command to display operational information about one or<br />
more transceivers as shown in the following example. Refer to Table 13-41 for a<br />
description of the transceiver information in the Show Media display.<br />
SANbox #> show media 4<br />
Port Number: 4<br />
-------------<br />
MediaType<br />
400-M5-SN-I<br />
MediaVendor<br />
FINISAR CORP.<br />
MediaPartNumber FTRJ8524P2BNL<br />
MediaRevision A<br />
MediaSerialNumber P6G22RL<br />
MediaSpeeds<br />
1Gb/s, 2Gb/s, 4Gb/s<br />
Temp Voltage Tx Bias Tx Pwr Rx Pwr<br />
(C) (V) (mA) (mW) (mW)<br />
----------- ----------- ------------ ----------- -----------<br />
Value 37.32 3.33 7.30 0.373 0.000<br />
Status Normal HighWarning Normal Normal LowAlarm<br />
HighAlarm 95.00 3.90 17.00 0.637 1.264<br />
HighWarning 90.00 3.70 14.00 0.637 0.791<br />
LowWarning -20.00 2.90 2.00 0.082 0.028<br />
LowAlarm -25.00 2.70 1.00 0.073 0.019<br />
5-6 59263-02 B
5–Port Configuration<br />
Modifying Port Operating Characteristics<br />
Modifying Port Operating Characteristics<br />
You can make permanent or temporary changes to port operating characteristics.<br />
You make permanent port configuration changes using the Set Config Port<br />
command. These changes are saved in the active configuration and are<br />
preserved across switch or port resets. The Set Port command makes temporary<br />
changes that apply until the next port or switch reset, or until you activate a<br />
configuration.<br />
NOTE:<br />
8-Gbps SFPs do not support the 1-Gbps setting. Setting a port to 1-Gbps<br />
that has an 8-Gbps SFP will down the port.<br />
The following example permanently changes the port 1 administrative state:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config port 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Configuring Port Number: 1<br />
------------------------<br />
AdminState (1=Online, 2=Offline, 3=Diagnostics, 4=Down) [Online] offline<br />
LinkSpeed (1=Gb/s, 2=2Gb/s, 4=4Gb/s, 8=8Gb/s, A=Auto) [Auto ]<br />
PortType (GL / G / F / FL / Donor) [GL ]<br />
SymPortName (string, max=32 chars) [Port1 ]<br />
ALFairness (True / False) [False ]<br />
DeviceScanEnable (True / False) [True ]<br />
ForceOfflineRSCN (True / False) [False ]<br />
ARB_FF (True / False) [False ]<br />
InteropCredit (decimal value, 0-255) [0 ]<br />
FANEnable (True / False) [True ]<br />
AutoPerfTuning (True / False) [False ]<br />
LCFEnable (True / False) [False ]<br />
MFSEnable (True / False) [False ]<br />
VIEnable (True / False) [False ]<br />
MSEnable (True / False) [True ]<br />
NoClose (True / False) [False ]<br />
IOStreamGuard (Enable / Disable / Auto) [Disable]<br />
PDISCPingEnable (True / False) [True ]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
59263-02 B 5-7
5–Port Configuration<br />
Configuring Transparent Routing<br />
To discard this configuration use the config cancel command.<br />
SANbox (admin-config) #> config save<br />
SANbox (admin-config) #> config activate<br />
You can configure all ports based a specified source port using the<br />
Set Config Ports command. The following example configures ports 0–23 based<br />
on port 3.<br />
SANbox #> admin start<br />
SANbox (admin) config edit<br />
SANbox (admin) #> set config ports 3<br />
.<br />
.<br />
.<br />
SANbox (admin-config)#> config save<br />
SANbox (admin)#> config activate<br />
SANbox (admin)#> admin end<br />
The following example temporarily changes the port 1 administrative state to<br />
Down:<br />
SANbox #> admin start<br />
SANbox (admin) #> set port 1 state down<br />
Configuring Transparent Routing<br />
The transparent routing feature provides inter-fabric routing to allow controlled<br />
and limited access between devices on a <strong>QLogic</strong> 5800V Series (local) fabric and<br />
devices on a remote fabric consisting of noncompliant switches made by other<br />
vendors. This type of inter-fabric connection uses the Fibre Channel industry<br />
N-Port ID Virtualization (NPIV), and makes local and remote devices accessible to<br />
each other while maintaining the local and remote fabrics as separate fabrics.<br />
You can configure transparent routing using the CLI, QuickTools, and Enterprise<br />
Fabric Suite. However, only QuickTools and Enterprise Fabric Suite validate your<br />
entries, manage the zone mapping for the local fabric, and create a list of zoning<br />
commands that can be run in a script on a Brocade ® or Cisco ® SAN switch. For<br />
more information, see the <strong>QLogic</strong> 5800V Series QuickTools Switch Management<br />
User’s <strong>Guide</strong> or the <strong>QLogic</strong> 5800V Series Enterprise Fabric Suite User’s <strong>Guide</strong>.<br />
You can connect multiple <strong>QLogic</strong> 5800V Series Switches to one or more remote<br />
fabrics using multiple TR_Ports. Local and remote devices are identified by their<br />
respective port worldwide names. Consider the following mapping rules:<br />
• A TR_Port can support a maximum of 32 local device/remote device<br />
mappings.<br />
• A specific local device can be mapped to devices on only one remote fabric.<br />
Local devices on the same <strong>QLogic</strong> 5800V Series Switch can each be<br />
mapped to different remote fabrics.<br />
5-8 59263-02 B
5–Port Configuration<br />
Configuring Transparent Routing<br />
• For mappings between a specific <strong>QLogic</strong> 5800V Series Switch and a remote<br />
fabric, each local device or remote device can be mapped over only one<br />
TR_Port. Additional mappings to either device must use that same TR_Port.<br />
• Multiple local devices connected to different local switches can be mapped<br />
to the same remote device over one TR_Port on each local switch.<br />
• A local device cannot be mapped over an E_Port to another local switch,<br />
then over a TR_Port to the remote device. The local switch to which the local<br />
device is connected must connect directly to the remote fabric over a<br />
TR_Port.<br />
NOTE:<br />
When a local device is mapped over a TR_Port to a remote device, the<br />
local device and its TR_Port appear as an NPIV connected device in<br />
the remote fabric. It is possible, though not recommended, to map<br />
such a local device over a second TR_Port to a local device in a<br />
second local fabric. In this case, if you merge the two local fabrics, the<br />
transparent route becomes inactive for the devices that now have a<br />
path over an ISL, and an alarm is generated.<br />
• Because Cisco switches do not support the Unzoned Name Server, Cisco<br />
fabrics must be “pre-zoned” before you can set up TR mappings to a remote<br />
Cisco fabric. The Cisco fabric zone set must be changed to add zones so<br />
that the WWNs of the remote devices to be mapped and the WWNs of the<br />
SNS2120 Fibre Channel Switch TR ports are zoned together. For more<br />
information about configuring zoning, see the Cisco documentation. Retain<br />
these zones in the zone set after completing the TR mapping until you no<br />
longer need to map the device to the local fabric.<br />
To configure transparent routing using the CLI:<br />
1. Determine what devices on the local fabric require access to devices on the<br />
remote fabric. Local devices must be attached directly to the <strong>QLogic</strong> 5800V<br />
Series Switch. In this example, the device WWNs are as follows:<br />
• Local device: 21:00:00:e0:8b:0e:d3:59<br />
• Remote device: 22:00:00:04:cf:a8:7f:2d<br />
2. Configure one or more TR_Ports on the local <strong>QLogic</strong> 5800V Series Switch:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config port 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
59263-02 B 5-9
5–Port Configuration<br />
Configuring Transparent Routing<br />
Configuring Port Number: 1<br />
------------------------<br />
AdminState (1=Online, 2=Offline, 3=Diagnostics, 4=Down) [Online]<br />
LinkSpeed (1=1Gb/s, 2=2Gb/s, 4=4Gb/s, 8=8Gb/s, A=Auto) [Auto ]<br />
PortType (GL, G, F, FL, TR) [GL ] TR<br />
SymPortName (string, max=32 chars) [Port1 ]<br />
.<br />
.<br />
.<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
SANbox (admin-config) #> config save<br />
SANbox (admin-config) #> config activate<br />
3. Connect the TR_Port to the remote fabric. For remote Brocade and Cisco<br />
fabrics, the switch to which the TR_Port is connected must support NPIV,<br />
and for the Brocade switch, the interoperability mode must be disabled<br />
(InteropMode=0). Other switches in the remote fabric need not support<br />
NPIV, but the interoperability mode on all Brocade switches must be<br />
disabled.<br />
NOTE:<br />
Be sure to configure the TR_Port before connecting the remote fabric<br />
to the <strong>QLogic</strong> 5800V Series Switch. If the remote fabric is connected to<br />
a port on the<strong>QLogic</strong> 5800V Series Switch that is not a TR_Port, the<br />
two fabrics may establish an E_Port connection and the local and<br />
remote fabrics may merge. This mixed fabric is not a supported<br />
configuration. If the port type is changed to TR_Port after connecting<br />
the remote fabric, a port reset may be required to completely establish<br />
the TR connection.<br />
4. Map local devices to remote devices by creating an inter-fabric zone. The<br />
inter-fabric zone contains the port WWNs of the local device, the remote<br />
device, and the TR_Port. The name of the inter-fabric zone begins with IFZ<br />
followed by the lowest device port WWN followed by the remaining port<br />
WWN, all uppercase, separated by underscores (_).<br />
5-10 59263-02 B
5–Port Configuration<br />
Port Binding<br />
Port Binding<br />
a. Create the inter-fabric zone:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #>zone create<br />
IFZ_210000E08B0ED359_22000004CFA87F2D<br />
b. Add the device and TR_Port WWNs to the inter-fabric zone:<br />
SANbox (admin-zoning) #>zone add<br />
IFZ_210000E08B0ED359_22000004CFA87F2D<br />
21:00:00:e0:8b:0e:d3:59 22:00:00:04:cf:a8:7f:2d<br />
20:01:00:c0:dd:0d:53:a5<br />
c. Add the new zone to the active zone set, save the zone set, and<br />
activate it.<br />
SANbox (admin-zoning) #>zoneset add zoneset_alpha<br />
IFZ_210000E08B0ED359_22000004CFA87F2D<br />
SANbox (admin-zoning) #> zoning save<br />
The changes have been saved; however, they must be<br />
activated before they can take effect -- see Zoneset<br />
Activate command.<br />
SANbox (admin) #> zoneset activate zoneset_alpha<br />
5. Apply the same inter-fabric zone that was created on the local fabric to the<br />
active zoning on the remote Brocade or Cisco fabric. When modifications to<br />
the active zoning on both fabrics are complete, the transparent routing<br />
connection becomes active, and local devices will discover remote devices.<br />
To remove a transparent route, in addition to removing the local inter-fabric zone,<br />
you must also remove the corresponding remote inter-fabric zone.<br />
Port binding establishes up to 32 switches or devices that are permitted to log in to<br />
a particular switch port. Switches or devices that are not among the 32 are<br />
refused access to the port. Enter the Show Config Security Portbinding command<br />
to display the port binding configuration for all ports as shown in the following<br />
example.<br />
SANbox #> show config security portbinding<br />
Configuration Name: default<br />
-------------------<br />
Port Binding Status WWN<br />
---- -------------- ---<br />
0 True 10:20:30:40:50:60:70:80<br />
59263-02 B 5-11
5–Port Configuration<br />
Port Binding<br />
1 True 10:20:30:40:50:60:70:80<br />
2 False No port binding entries found.<br />
3 True 10:20:30:40:50:60:70:80<br />
4 True 10:20:30:40:50:60:70:80<br />
5 False No port binding entries found.<br />
6 True 10:20:30:40:50:60:70:81<br />
7 False No port binding entries found.<br />
8 True 10:20:30:40:50:60:70:80<br />
9 False No port binding entries found.<br />
10 False No port binding entries found.<br />
11 False No port binding entries found.<br />
12 False No port binding entries found.<br />
13 False No port binding entries found.<br />
14 False No port binding entries found.<br />
15 False No port binding entries found.<br />
16 False No port binding entries found.<br />
17 False No port binding entries found.<br />
18 False No port binding entries found.<br />
19 False No port binding entries found.<br />
20 False No port binding entries found.<br />
21 False No port binding entries found.<br />
22 False No port binding entries found.<br />
23 False No port binding entries found.<br />
Enter the Set Config Security Portbinding command to enable port binding for the<br />
selected port and to specify the world wide names of the authorized ports/devices.<br />
The following example enables port binding on port 1 and specifies two device<br />
world wide names.<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config security port 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
PortBindingEnabled (True / False)[False] true<br />
WWN<br />
(N=None / WWN)[None ] 10:00:00:c0:dd:00:b9:f9<br />
WWN<br />
(N=None / WWN)[None ] 10:00:00:c0:dd:00:b9:f8<br />
WWN<br />
(N=None / WWN)[None ] n<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
5-12 59263-02 B
5–Port Configuration<br />
Resetting a Port<br />
Resetting a Port<br />
Enter the Reset Port command to reinitialize one or more ports and to discard any<br />
temporary changes that have been made to the administrative state or link speed.<br />
The following example reinitializes port 1:<br />
SANbox #> reset port 1<br />
59263-02 B 5-13
5–Port Configuration<br />
Configuring Port Threshold Alarms<br />
Configuring Port Threshold Alarms<br />
The switch can monitor a set of port errors and generates alarms based on<br />
user-defined sample windows and thresholds. These port errors include the<br />
following:<br />
• Cyclic Redundancy Check (CRC) errors<br />
• Decode errors<br />
• ISL connection count<br />
• Device login errors<br />
• Device logout errors<br />
• Loss-of-signal errors<br />
You make changes to the port threshold alarms by modifying the switch<br />
configuration as described in “Modifying a Switch Configuration” on page 4-11.<br />
Refer to Table 13-25 for a description of the port alarm threshold parameters.<br />
The switch will down a port if an alarm condition is not cleared within three<br />
consecutive sampling windows (by default 30 seconds). Reset the port to bring it<br />
back online. An alarm is cleared when the threshold monitoring detects that the<br />
error rate has fallen below the falling trigger.<br />
Enter the Set Config Threshold command to enable and configure port threshold<br />
monitoring on the switch:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config threshold<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
ThresholdMonitoringEnabled (True / False) [False ]<br />
CRCErrorsMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [25 ]<br />
FallingTrigger (decimal value, 0-1000) [1 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
DecodeErrorsMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [25 ]<br />
FallingTrigger (decimal value, 0-1000) [0 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
ISLMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [2 ]<br />
FallingTrigger (decimal value, 0-1000) [0 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
LoginMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [5 ]<br />
5-14 59263-02 B
5–Port Configuration<br />
Testing a Port<br />
FallingTrigger (decimal value, 0-1000) [1 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
LogoutMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [5 ]<br />
FallingTrigger (decimal value, 0-1000) [1 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
LOSMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [100 ]<br />
FallingTrigger (decimal value, 0-1000) [5 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
Testing a Port<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and activated (see<br />
config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
SANbox (admin-config) #> config save<br />
SANbox (admin-config) #> config activate<br />
You can test a port using the Test Port command using online or offline tests. The<br />
following sections describe the test types, displaying test results, and cancelling a<br />
test:<br />
• Online Tests for Ports<br />
• Offline Tests for Ports<br />
• Display Port Test Results<br />
• Cancel a Port Test<br />
Online Tests for Ports<br />
An online test is a non-disruptive test that exercises the port, transceiver, and<br />
device connections. The port must be online and connected to a device. Online<br />
testing of TR_Ports is not allowed. The following is an example of an online test:<br />
SANbox #> admin start<br />
SANbox (admin) #> test port 1 online<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the default value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [429496729]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or 'Default') [Default ]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
59263-02 B 5-15
5–Port Configuration<br />
Testing a Port<br />
Do you want to start the test? (y/n) [n] y<br />
The test has been started.<br />
A notification with the test result(s) will appear<br />
on the screen when the test has completed.<br />
SANbox (admin) #><br />
Test for port 1 Passed.<br />
Offline Tests for Ports<br />
An offline test is a disruptive test that exercises the port connections. You must<br />
place the port in the diagnostics state using the Set Port command before starting<br />
the test. There are two types of offline test: internal loopback and external<br />
loopback.<br />
• An internal loopback test exercises the internal port connections.<br />
• An external loopback test exercises the port and its transceiver. A<br />
transceiver with a loopback plug is required for the port.<br />
The following example performs an offline test:<br />
SANbox #> admin start<br />
SANbox (admin) #> set port 1 state diagnostics<br />
SANbox (admin) #> test port 1 offline internal<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the default value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and<br />
the ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [429496729]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or 'Default') [Default ]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
Do you want to start the test? (y/n) [n] y<br />
The test has been started.<br />
A notification with the test result(s) will appear<br />
on the screen when the test has completed.<br />
SANbox (admin) #><br />
Test for port 1 Passed.<br />
When the test is complete, remember to place the port back online.<br />
SANbox (admin) #> set port 1 state online<br />
5-16 59263-02 B
5–Port Configuration<br />
Displaying Extended Credit Status<br />
Display Port Test Results<br />
You can display the test status while the test is in progress by entering the<br />
Test Status Port command in an Admin session as shown in the following<br />
example:<br />
SANbox (admin) #> test status port 1<br />
Port Test Test Loop Test<br />
Num Port Type Status Count Failures<br />
---- -------- ---- ------ ----- --------<br />
1 1 Offline Internal Passed 12 0<br />
Cancel a Port Test<br />
To cancel a port test that is in progress, enter the Test Cancel Port command.<br />
Displaying Extended Credit Status<br />
Enter the Show Donor command to display the extended credit status for the<br />
switch as shown in the following example:<br />
SANbox #> show donor<br />
Port Config Ext Credit Max Credit Donated Member of Valid Groups to<br />
Number Type Requested Available to Port Donor Group Extend Credit<br />
------ ------ ---------- ---------- ------- ----------- ---------------<br />
0 GL 0 16 None 0 0<br />
1 GL 0 16 None 0 0<br />
2 GL 0 16 None 0 0<br />
3 GL 0 16 None 0 0<br />
4 GL 0 16 None 0 0<br />
5 GL 0 16 None 0 0<br />
6 GL 0 16 None 0 0<br />
7 GL 0 16 None 0 0<br />
8 GL 0 16 None 0 0<br />
9 GL 0 16 None 0 0<br />
10 GL 0 16 None 0 0<br />
11 GL 0 16 None 0 0<br />
12 GL 0 16 None 0 0<br />
13 GL 0 16 None 0 0<br />
14 GL 0 16 None 0 0<br />
15 GL 0 16 None 0 0<br />
16 GL 0 16 None 0 0<br />
17 GL 0 16 None 0 0<br />
18 GL 0 16 None 0 0<br />
19 GL 0 16 None 0 0<br />
20 G 0 16 None None None<br />
21 G 0 16 None None None<br />
22 G 0 16 None None None<br />
59263-02 B 5-17
5–Port Configuration<br />
Displaying Extended Credit Status<br />
23 G 0 16 None None None<br />
Donor Group Credit Pool<br />
----------- -----------<br />
0 0<br />
5-18 59263-02 B
6 Zoning Configuration<br />
This section describes the following tasks:<br />
• Displaying Zoning Database Information<br />
• Configuring the Zoning Database<br />
• Modifying the Zoning Database<br />
• Saving the Active and Merged Zone Sets<br />
• Resetting the Zoning Database<br />
• Managing Zone Sets<br />
• Managing Zones<br />
• Managing Aliases<br />
Consider device access needs within the fabric. Access is controlled by the use of<br />
zoning. Some zoning strategies include the following:<br />
• Separate devices by operating system.<br />
• Separate devices that have no need to communicate with other devices in<br />
the fabric or have classified data.<br />
• Separate devices into department, administrative, or other functional group.<br />
• Reserve a path and its bandwidth from one port to another.<br />
A zone is a named group of ports or devices. Members of the same zone can<br />
communicate with each other and transmit outside the zone, but cannot receive<br />
inbound traffic from outside the zone.<br />
Zoning divides the fabric for purposes of controlling discovery and inbound traffic.<br />
Zoning is hardware-enforced only when a port/device is a member of no more<br />
than eight zones whose combined membership does not exceed 64. If this<br />
condition is not satisfied, that port behaves as a soft zone member. You can<br />
assign ports/devices to a zone individually or as a group by creating an alias.<br />
A zone can be a component of more than one zone set. Several zone sets can be<br />
defined for a fabric, but only one zone set can be active at one time. The active<br />
zone set determines the current fabric zoning.<br />
59263-02 B 6-1
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
Displaying Zoning Database Information<br />
A switch maintains three zoning databases:<br />
• Non-volatile–This zoning database is permanent and contains all zone sets,<br />
zones, and aliases that you create and save on a switch. The zone sets in<br />
the non-volatile zoning database are known as configured zone sets.<br />
• Volatile–This zoning database is temporary. This means it is not retained<br />
across switch resets. The volatile zoning database can be the working copy<br />
of a zone set being edited or the active zone set received from another<br />
switch. In the latter case, this is also known as the merged zone set.<br />
• Active–This zoning database is the active zone set.<br />
You can display the following information about the zoning database:<br />
• Configured Zone Set Information<br />
• Active Zone Set Information<br />
• Merged Zone Set Information<br />
• Edited Zone Set Information<br />
• Zone Set Membership Information<br />
• Orphan Zone Information<br />
• Alias and Alias Membership Information<br />
• Zoning Modification History<br />
• Zoning Database Limits<br />
Configured Zone Set Information<br />
The Zoneset List and the Zoning List commands display information about the all<br />
zone sets in the non-volatile zoning database. Enter the Zoneset List command to<br />
display a list of the zone sets as shown in the following example:<br />
SANbox #> zoneset list<br />
Current List of ZoneSets<br />
------------------------<br />
alpha<br />
beta<br />
Enter the Zoning List command to display all zone sets, zones, and zone<br />
members in the active zone set and configured zone sets as shown in the<br />
following example. Merged and edited zone sets are displayed if they exist.<br />
SANbox #> zoning list<br />
Active (enforced) ZoneSet Information<br />
6-2 59263-02 B
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
ZoneSet Zone ZoneMember<br />
--------------------------------<br />
wwn<br />
wwn_23bd31<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:c3<br />
Configured (saved in NVRAM) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
--------------------------------<br />
wwn<br />
wwn_23bd31<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:16<br />
Active Zone Set Information<br />
The Zoning List and Zoneset Active commands display information about the<br />
active zone set. Enter the Zoning Active command to display component zones<br />
and zone members as shown in the following example:<br />
SANbox #> zoning active<br />
Active (enforced) ZoneSet Information<br />
ZoneSet Zone ZoneMember<br />
--------------------------------<br />
wwn<br />
wwn_b0241f<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
21:00:00:e0:8b:02:41:2f<br />
wwn_23bd31<br />
59263-02 B 6-3
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:c3<br />
Enter the Zoneset Active command to display the name of the active zone set and<br />
its activation history as shown in the following example:<br />
SANbox #> zoneset active<br />
Active ZoneSet Information<br />
--------------------------<br />
ActiveZoneSet Bets<br />
LastActivatedBy admin@OB-session6<br />
LastActivatedOn day month date time year<br />
Merged Zone Set Information<br />
A merged zone set is a zone set that is received from another switch as a result of<br />
a change in active zone sets. You can display the merged zone set on your switch<br />
if the MergeAutoSave parameter is set to False. Refer to “Configuring the Zoning<br />
Database” on page 6-9 for more information about the MergeAutoSave<br />
parameter. Enter the Zoning Merged command to display merged zone set<br />
information as shown in the following example:<br />
SANbox #> zoning merged<br />
*********************************************************************<br />
To permanently save the merged database locally, execute the<br />
'zoning merged capture' command. To edit the merged database<br />
use the ’zoning edit merged’ command. To remove the merged database<br />
use the ’zoning restore’ command.<br />
**********************************************************************<br />
Merged (unsaved) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
------- ---- ----------<br />
ZS1<br />
Z1<br />
10:00:00:c0:dd:00:b9:f9<br />
10:00:00:c0:dd:00:b9:fa<br />
Z2<br />
10:00:00:c0:dd:00:b9:fb<br />
10:00:00:c0:dd:00:b9:fc<br />
6-4 59263-02 B
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
Edited Zone Set Information<br />
The edited zone set is a zone set that you were modifying when a change in<br />
active zone set or a fabric merge occurred. Enter the Zoning Edited command to<br />
display the unsaved edited zone set information as shown in the following<br />
example:<br />
SANbox (admin-zoning) #> zoning edited<br />
Edited (unsaved) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
------- ---- ----------<br />
ZS1<br />
Z1<br />
10:00:00:c0:dd:00:b9:f9<br />
10:00:00:c0:dd:00:b9:fa<br />
Zone Set Membership Information<br />
The Zoneset Zones, Zone List, and Zone Zonesets commands display zone set<br />
membership information. Enter the Zoneset Zones command to display the<br />
member zones for a specified zone set as shown in the following example:<br />
SANbox #> zoneset zones ssss<br />
Current List of Zones for ZoneSet: ssss<br />
----------------------------------<br />
zone1<br />
zone2<br />
zone3<br />
Enter the Zone List command to display the zones and the zone sets to which<br />
they belong as shown in the following example:<br />
SANbox #> zone list<br />
Zone ZoneSet<br />
---- -------<br />
wwn_b0241f<br />
zone_set_1<br />
wwn_23bd31<br />
zone_set_1<br />
wwn_221416<br />
zone_set_2<br />
wwn_2215c3<br />
zone_set_2<br />
wwn_0160ed<br />
59263-02 B 6-5
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
zone_set_3<br />
Enter the Zone Zonesets command to display the zone sets for which a specified<br />
zone is a member as shown in the following example:<br />
SANbox #> zone zonesets zone1<br />
Current List of ZoneSets for Zone: zone1<br />
----------------------------------<br />
zone_set_1<br />
Zone Membership Information<br />
Enter the Zone Members command to display the members for a specified zone<br />
as shown in the following example:<br />
SANbox #> zone members wwn_b0241f<br />
Current List of Members for Zone: wwn_b0241f<br />
---------------------------------<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
21:00:00:e0:8b:02:41:2f<br />
Orphan Zone Information<br />
Enter the Zone Orphans command to display a list of zones that are not members<br />
of any zone set as shown in the following example:<br />
SANbox #> zone orphans<br />
Current list of orphan zones<br />
----------------------------<br />
zone3<br />
zone4<br />
6-6 59263-02 B
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
Alias and Alias Membership Information<br />
The Alias List and Alias Members commands display information about aliases.<br />
Enter the Alias List command to display a list of all aliases as shown in the<br />
following example:<br />
SANbox #> alias list<br />
Current list of Zone Aliases<br />
----------------------------<br />
alias1<br />
alias2<br />
Enter the Alias Members command to display the membership for a specified<br />
alias as shown in the following example:<br />
SANbox #> alias members alias1<br />
Current list of members for Zone Alias: alias1<br />
---------------------------------------<br />
50:06:04:82:bf:d2:18:c4<br />
50:06:04:82:bf:d2:18:c5<br />
50:06:04:82:bf:d2:18:c6<br />
Zoning Modification History<br />
Enter the Zoning History command to display a record of zoning modifications as<br />
shown in the following example:<br />
SANbox #> zoning history<br />
Active Database Information<br />
---------------------------<br />
ZoneSetLastActivated/DeactivatedBy Remote<br />
ZoneSetLastActivated/DeactivatedOn day mon date hh:mm:ss yyyy<br />
Database Checksum 00000000<br />
Inactive Database Information<br />
-----------------------------<br />
ConfigurationLastEditedBy<br />
admin@OB-session17<br />
ConfigurationLastEditedOn<br />
day mon date hh:mm:ss yyyy<br />
Database Checksum 00000000<br />
History information includes the following:<br />
• Time of the most recent zone set activation or deactivation and the user<br />
account that performed it<br />
• Time of the most recent modifications to the zoning database and the user<br />
account that made them.<br />
• Checksum for the zoning database<br />
59263-02 B 6-7
6–Zoning Configuration<br />
Displaying Zoning Database Information<br />
Zoning Database Limits<br />
Enter the Zoning Limits command to display a summary of the objects in the<br />
zoning database and their maximum limit as shown in the following example:<br />
SANbox #> zoning limits<br />
Configured (saved in NVRAM) Zoning Information<br />
Zoning Attribute Maximum Current [Zoning Name]<br />
---------------- ------- ------- -------------<br />
MaxZoneSets 256 6<br />
MaxZones 2000 17<br />
MaxAliases 2500 1<br />
MaxTotalMembers 10000 166<br />
MaxZonesInZoneSets 2000 19<br />
MaxMembersPerZone 2000<br />
10 D_1_JBOD_1<br />
23 D_1_Photons<br />
9 D_2_JBOD1<br />
16 D_2_NewJBOD_2<br />
5 E1JBOD1<br />
5 E2JBOD2<br />
3 LinkResetZone<br />
3 LinkResetZone2<br />
8 NewJBOD1<br />
8 NewJBOD2<br />
24 Q_1Photon1<br />
8 Q_1_NewJBOD1<br />
13 Q_1_Photon_1<br />
21 Q_2_NewJBOD2<br />
3 ZoneAlias<br />
3 ZoneDomainPort<br />
4 ZoneFCAddr<br />
MaxMembersPerAlias 2000<br />
2 AliasInAZone<br />
ActiveZones 19<br />
ActiveZoneMembers 160<br />
To display abbreviated limits information, enter the Zoning Limits Brief command.<br />
6-8 59263-02 B
6–Zoning Configuration<br />
Configuring the Zoning Database<br />
Configuring the Zoning Database<br />
You can configure how the zoning database is applied to the switch and<br />
exchanged with the fabric through the zoning configuration parameters. The<br />
following zoning configuration parameters are available through the<br />
Set Config Zoning command. Refer to Table 13-26 for more information about the<br />
zoning configuration parameters.<br />
• MergeAutoSave–This parameter enables or disables the automatic saving<br />
of a new active zone set to the switch non-volatile zoning database.<br />
• DefaultZone–This parameter allows or denies communication among<br />
ports/devices that are not defined in the active zone set.<br />
• DiscardInactive–This parameter enables or disables the discarding of all<br />
zone sets except the active zone set.<br />
If MergeAutoSave is False on a switch, and a new zone set is activated elsewhere<br />
in the fabric or a fabric merge occurs, you can choose how to dispose of the<br />
merged zone set:<br />
• Enter the Zoning Merged command to display merged zone set.<br />
• Enter the Zoning Edit Merged command to edit the merged zone set.<br />
• Enter the Zoning Merged Capture command to save the merged zone set to<br />
the non-volatile zoning database.<br />
• Enter the Zoning Restore command to discard the merged zone set.<br />
If you are editing the configured zone set that corresponds to the active zone set,<br />
and a zone set merge occurs, you have the same options plus you can enter the<br />
Zoning Edited command to display the edited zoning database.<br />
To restore the zoning configuration to its factory values, enter the Reset Config or<br />
Reset Factory commands. Notice however, these commands restore other<br />
aspects of the switch configuration also.<br />
59263-02 B 6-9
6–Zoning Configuration<br />
Configuring the Zoning Database<br />
To modify the zoning configuration, you must open an Admin session with the<br />
Admin Start command. An Admin session prevents other accounts from making<br />
changes at the same time through Telnet, QuickTools, Enterprise Fabric Suite, or<br />
another management application. You must also open a Config Edit session with<br />
the Config Edit command and indicate which configuration you want to modify. If<br />
you do not specify a configuration name, the active configuration is assumed.<br />
The Config Edit session provides access to the Set Config Zoning command as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
The config named default is being edited.<br />
SANbox (admin-config) #> set config zoning<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list press 'q'<br />
or 'Q' and the ENTER key to do so.<br />
MergeAutoSave (True / False) [True ]<br />
DefaultZone (Allow / Deny) [Allow ]<br />
DiscardInactive (True / False) [False]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
SANbox (admin-config)#> config save<br />
SANbox (admin)#> config activate<br />
SANbox (admin)#> admin end<br />
6-10 59263-02 B
6–Zoning Configuration<br />
Modifying the Zoning Database<br />
Modifying the Zoning Database<br />
To modify the non-volatile zoning database, you must open an Admin session with<br />
the Admin Start command. An Admin session prevents other accounts from<br />
making changes at the same time through Telnet, Enterprise Fabric Suite, or<br />
another management application. You must also open a Zoning Edit session with<br />
the Zoning Edit Configured command. To modify the temporary merged zone set<br />
(if one exists), enter the Zoning Edit Merged command. The Zoning Edit session<br />
provides access to the Zoneset, Zone, Alias, and Zoning commands with which<br />
you make modifications to the zoning database.<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning)#> zoneset . . .<br />
SANbox (admin-zoning)#> zone . . .<br />
SANbox (admin-zoning)#> alias . . .<br />
SANbox (admin-zoning)#> zoning . . .<br />
When you are finished making changes, enter the Zoning Save command to save<br />
the changes and close the Zoning Edit session.<br />
SANbox (admin-zoning)#> zoning save<br />
To close the Zoning Edit session without saving changes, enter the Zoning Cancel<br />
command.<br />
SANbox (admin-zoning)#> zoning cancel<br />
Changes to the active zone set do not take effect until you activate it with the<br />
Zoneset Activate command. The active zone set is propagated throughout the<br />
fabric.<br />
SANbox (admin)#> zoneset activate zoneset_1<br />
SANbox (admin)#> admin end<br />
The Admin End command releases the Admin session for other administrators<br />
when you are done making changes to the switch.<br />
To remove all zoning database objects (aliases, zones, and zone sets) and restore<br />
the zoning database to its factory state, enter the Reset Zoning command as<br />
shown in the following example:<br />
SANbox (admin) #> reset zoning<br />
59263-02 B 6-11
6–Zoning Configuration<br />
Saving the Active and Merged Zone Sets<br />
Saving the Active and Merged Zone Sets<br />
You can save the active zone set and merged zone set to the non-volatile zoning<br />
database. Enter the Zoning Active Capture to save the active zone set as shown<br />
in the following example:<br />
SANbox (admin) #> zoning active capture<br />
This command will overwrite the configured zoning database in NVRAM.<br />
Please confirm (y/n): [n] y<br />
The active zoning database has been saved.<br />
Enter the Zoning Merged Capture to the save the merged zone set as shown in<br />
the following example:<br />
SANbox (admin) #> zoning merged capture<br />
This command will overwrite the configured zoning database in NVRAM.<br />
Please confirm (y/n): [n] y<br />
The merged zoning database has been saved.<br />
Resetting the Zoning Database<br />
There are two ways to remove all aliases, zones, and zone sets from the zoning<br />
database:<br />
• Enter the Zoning Clear command as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoning clear<br />
SANbox (admin-zoning) #> zoning save<br />
• Enter the Reset Zoning command as shown in the following example. The<br />
zoning configuration values, MergeAutoSave, DefaultZone, and<br />
DiscardInactive remain unchanged. This is the preferred method.<br />
SANbox #> admin start<br />
SANbox (admin) #> reset zoning<br />
6-12 59263-02 B
6–Zoning Configuration<br />
Removing Inactive Zone Sets, Zones, and Aliases<br />
Removing Inactive Zone Sets, Zones, and Aliases<br />
Enter the Zoning Delete Orphans command to delete all objects from the zoning<br />
database except those in the active zone set.<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning delete orphans<br />
This command will remove all zonesets, zones, and aliases<br />
that are not currently active.<br />
Please confirm (y/n): [n] y<br />
SANbox (admin) #> zoning save<br />
Managing Zone Sets<br />
Create a Zone Set<br />
Managing zone sets consists of the following tasks:<br />
• Create a Zone Set<br />
• Delete a Zone Set<br />
• Rename a Zone Set<br />
• Copy a Zone Set<br />
• Add Zones to a Zone Set<br />
• Remove Zones from a Zone Set<br />
• Activate a Zone Set<br />
• Deactivate a Zone Set<br />
All of these tasks except Activate a Zone Set and Deactivate a Zone Set require<br />
an Admin session and a Zoning Edit session.<br />
Enter the Zoneset Create command to create a new zone set as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoneset create zoneset_1<br />
SANbox (admin-zoning) #>zoning save<br />
59263-02 B 6-13
6–Zoning Configuration<br />
Managing Zone Sets<br />
Delete a Zone Set<br />
Enter the Zoneset Delete command to delete a zone set as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoneset delete zoneset_1<br />
SANbox (admin-zoning) #>zoning save<br />
Rename a Zone Set<br />
Copy a Zone Set<br />
Enter the Zoneset Rename command to rename a zone set as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoneset rename zoneset_old zoneset_new<br />
SANbox (admin-zoning) #>zoning save<br />
Enter the Zoneset Copy command to copy a zone set and its contents to a new<br />
zone set as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoneset copy zoneset_1 zoneset_2<br />
SANbox (admin-zoning) #>zoning save<br />
Add Zones to a Zone Set<br />
Enter the Zoneset Add command to add a zone to a zone set as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoneset add zoneset_1 zone_1 zone_2<br />
SANbox (admin-zoning) #>zoning save<br />
6-14 59263-02 B
6–Zoning Configuration<br />
Managing Zones<br />
Remove Zones from a Zone Set<br />
Enter the Zoneset Remove command to remove zones from a zone set as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoneset remove zoneset_1 zone_1 zone_2<br />
SANbox (admin-zoning) #>zoning save<br />
Activate a Zone Set<br />
Enter the Zoneset Activate command to apply zoning to the fabric as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoneset activate zoneset_1<br />
Deactivate a Zone Set<br />
Enter the Zoneset Deactivate command to deactivate the active zone set and<br />
disable zoning in the fabric:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoneset deactivate<br />
Managing Zones<br />
Managing Zones consists of the following tasks:<br />
• Create a Zone<br />
• Delete a Zone<br />
• Rename a Zone<br />
• Copy a Zone<br />
• Add Members to a Zone<br />
• Remove Members from a Zone<br />
All of these tasks require an Admin session and a Zoning Edit session.<br />
59263-02 B 6-15
6–Zoning Configuration<br />
Managing Zones<br />
Create a Zone<br />
Enter the Zone Create command to create a new zone as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zone create zone_1<br />
SANbox (admin-zoning) #> zoning save<br />
Delete a Zone<br />
Rename a Zone<br />
Copy a Zone<br />
Enter the Zone Delete command to delete zone_1 from the zoning database as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zone delete zone_1<br />
SANbox (admin-zoning) #> zoning save<br />
Enter the Zone Rename command to rename zone_1 to zone_a as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zone rename zone_1 zone_a<br />
SANbox (admin-zoning) #> zoning save<br />
Enter the Zone Copy command to copy the contents of an existing zone (zone_1)<br />
to a new zone (zone_2) as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zone copy zone_1 zone_2<br />
SANbox (admin-zoning) #> zoning save<br />
6-16 59263-02 B
6–Zoning Configuration<br />
Managing Aliases<br />
Add Members to a Zone<br />
Enter the Zone Add command to add ports/devices to zone_1 as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zone add zone_1 alias_1 1,4 1,5<br />
SANbox (admin-zoning) #> zoning save<br />
Remove Members from a Zone<br />
Enter the Zone Remove command to remove ports/devices from zone_1 as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zone remove zone_1 alias_1 1,4 1,5<br />
SANbox (admin-zoning) #> zoning save<br />
Managing Aliases<br />
Create an Alias<br />
Managing aliases consists of the following tasks:<br />
• Create an Alias<br />
• Delete an Alias<br />
• Rename an Alias<br />
• Copy an Alias<br />
• Add Members to an Alias<br />
• Remove Members from an Alias<br />
All of these tasks require an Admin session and a Zoning Edit session.<br />
Enter the Alias Create command to create a new alias as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> alias create alias_1<br />
SANbox (admin-zoning) #> zoning save<br />
59263-02 B 6-17
6–Zoning Configuration<br />
Managing Aliases<br />
Delete an Alias<br />
Rename an Alias<br />
Copy an Alias<br />
Enter the Alias Delete command to delete alias_1 from the zoning database as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> alias delete alias_1<br />
SANbox (admin-zoning) #> zoning save<br />
Enter the Alias Rename command to rename alias_1 to alias_a as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> alias rename alias_1 alias_a<br />
SANbox (admin-zoning) #> zoning save<br />
Enter the Alias Copy command to copy alias_1 and its contents to alias_2 as<br />
shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> alias copy alias_1 alias_2<br />
SANbox (admin-zoning) #> zoning save<br />
Add Members to an Alias<br />
Enter the Alias Add command to add ports/devices to alias_1 as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> alias add alias_1 1,4 1,5<br />
SANbox (admin-zoning) #> zoning save<br />
Remove Members from an Alias<br />
Enter the Alias Remove command to remove ports/devices from alias_1 as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> alias remove alias_1 1,4 1,5<br />
SANbox (admin-zoning) #> zoning save<br />
6-18 59263-02 B
7 Connection Security<br />
Configuration<br />
This section describes the following tasks:<br />
• Managing SSL and SSH Services<br />
• Displaying SSL and SSH Services<br />
• Creating an SSL Security Certificate<br />
The switch supports secure connections with Telnet and switch management<br />
applications. The Secure SHell protocol (SSH) secures Telnet connections to the<br />
switch. The Secure Sockets Layer (SSL) protocol secures switch connections to<br />
the following management applications:<br />
• Enterprise Fabric Suite<br />
• QuickTools<br />
• Application Programming <strong>Interface</strong><br />
• Storage Management Initiative-Specification (SMI-S)<br />
59263-02 B 7-1
7–Connection Security Configuration<br />
Managing SSL and SSH Services<br />
Managing SSL and SSH Services<br />
Consider the following when enabling SSH and SSL services:<br />
• To establish a secure Telnet connection, your workstation must use an SSH<br />
client.<br />
• To enable secure SSL connections, you must first synchronize the date and<br />
time on the switch and workstation. Refer to “Setting the Date and Time” on<br />
page 4-16.<br />
• The SSL service must be enabled to authenticate users through a RADIUS<br />
server. Refer to “Configuring a RADIUS Server on the Switch” on page 9-3.<br />
• To disable SSL when using a user authentication RADIUS server, the<br />
RADIUS server authentication order must be local.<br />
• Enabling SSL automatically creates a security certificate on the switch.<br />
Enter the Set Setup Services command to manage both SSH and SSL services<br />
as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> set setup services<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
PLEASE NOTE:<br />
-----------<br />
* Further configuration may be required after enabling a service.<br />
* If services are disabled, the connection to the switch may be lost.<br />
* When enabling SSL, please verify that the date/time settings<br />
on this switch and the workstation from where the SSL connection<br />
will be started match, and then a new certificate may need to be<br />
created to ensure a secure connection to this switch.<br />
TelnetEnabled (True / False) [True ]<br />
SSHEnabled (True / False) [False] True<br />
GUIMgmtEnabled (True / False) [True ]<br />
SSLEnabled (True / False) [False] True<br />
EmbeddedGUIEnabled (True / False) [True ]<br />
SNMPEnabled (True / False) [True ]<br />
NTPEnabled (True / False) [False]<br />
CIMEnabled (True / False) [False]<br />
FTPEnabled (True / False) [True ]<br />
MgmtServerEnabled (True / False) [True ]<br />
Do you want to save and activate this services setup? (y/n): [n] y<br />
7-2 59263-02 B
7–Connection Security Configuration<br />
Displaying SSL and SSH Services<br />
Displaying SSL and SSH Services<br />
Enter the Show Setup Services command to display the status of the SSH and<br />
SSL services as shown in the following example:<br />
SANbox #> show setup services<br />
System Services<br />
-----------------------------<br />
TelnetEnabled<br />
True<br />
SSHEnabled<br />
False<br />
GUIMgmtEnabled<br />
True<br />
SSLEnabled<br />
False<br />
EmbeddedGUIEnabled True<br />
SNMPEnabled<br />
True<br />
NTPEnabled<br />
True<br />
CIMEnabled<br />
True<br />
FTPEnabled<br />
True<br />
MgmtServerEnabled<br />
True<br />
CallHomeEnabled<br />
True<br />
Creating an SSL Security Certificate<br />
Enabling SSL automatically creates a security certificate on the switch. The<br />
security certificate is required to establish an SSL connection with a management<br />
application such as Enterprise Fabric Suite or QuickTools. The certificate is valid<br />
24 hours before the certificate creation date and expires 365 days after the<br />
creation date. Should the original certificate become invalid, enter the<br />
Create Certificate command to create a new one as shown in the following<br />
example:<br />
SANbox (admin) #> create certificate<br />
The current date and time is day mon date hh:mm:ss UTC yyyy.<br />
This is the time used to stamp onto the certificate.<br />
Is the date and time correct? (y/n): [n] y<br />
Certificate generation successful.<br />
To ensure the creation of a valid certificate, be sure that the switch and the<br />
workstation time and date are the same. Refer to “Setting the Date and Time” on<br />
page 4-16.<br />
59263-02 B 7-3
7–Connection Security Configuration<br />
Creating an SSL Security Certificate<br />
7-4 59263-02 B
8 Device Security<br />
Configuration<br />
This section describes the following tasks:<br />
• Displaying Security Database Information<br />
• Configuring the Security Database<br />
• Modifying the Security Database<br />
• Resetting the Security Database<br />
• Managing Security Sets<br />
• Managing Groups<br />
Device security provides for the authorization and authentication of devices that<br />
you attach to a switch. You can configure a switch with a group of devices against<br />
which the switch authorizes new attachments by devices, other switches, or<br />
devices issuing management server commands.<br />
Device security is defined through the use of security sets and groups. A group is<br />
a list of device worldwide names that are authorized to attach to a switch. There<br />
are three types of groups: one for other switches (ISL), another for devices (port),<br />
and a third for devices issuing management server commands (MS). A security<br />
set is a set of up to three groups with no more than one of each group type. The<br />
security database is made up of all security sets on the switch.<br />
In addition to authorization, the switch can be configured to require authentication<br />
to validate the identity of the connecting switch, device, or host. Authentication<br />
can be performed locally using the switch’s security database, or remotely using a<br />
Remote Dial-In User Service (RADIUS) server such as Microsoft® RADIUS.<br />
Displaying Security Database Information<br />
You can display the following information about the security database:<br />
• Configured Security Set Information<br />
• Active Security Set Information<br />
• Security Set Membership Information<br />
59263-02 B 8-1
8–Device Security Configuration<br />
Displaying Security Database Information<br />
• Group Membership Information<br />
• Security Database Modification History<br />
• Security Database Limits<br />
Configured Security Set Information<br />
The Securityset List and the Security List commands display information about the<br />
all security sets in the security database. Enter the Securityset List command to<br />
display a list of the security sets as shown in the following example:<br />
SANbox #> securityset list<br />
Current list of SecuritySets<br />
----------------------------<br />
alpha<br />
beta<br />
Enter the Security List command to display all security sets, groups, and group<br />
members in the security database as shown in the following example:<br />
SANbox #> security list<br />
Active Security Information<br />
SecuritySet Group GroupMember<br />
----------- ----- -----------<br />
No active securityset defined.<br />
Configured Security Information<br />
SecuritySet Group GroupMember<br />
----------- ----- -----------<br />
alpha<br />
group1 (ISL)<br />
10:00:00:00:00:10:21:16<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
10:00:00:00:00:10:21:17<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
8-2 59263-02 B
8–Device Security Configuration<br />
Displaying Security Database Information<br />
Active Security Set Information<br />
The Security Active and Securityset Active commands display information about<br />
the active security set. Enter the Security Active command to display component<br />
groups and group members as shown in the following example:<br />
SANbox #> security active<br />
Active Security Information<br />
SecuritySet Group GroupMember<br />
----------- ----- -----------<br />
alpha<br />
group1 (ISL)<br />
10:00:00:00:00:10:21:16<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
10:00:00:00:00:10:21:17<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
Enter the Securityset Active command to display the name of the active security<br />
set and its activation history as shown in the following example:<br />
SANbox #> securityset active<br />
Active SecuritySet Information<br />
------------------------------<br />
ActiveSecuritySet alpha<br />
LastActivatedBy Remote<br />
LastActivatedOn day month date time year<br />
59263-02 B 8-3
8–Device Security Configuration<br />
Displaying Security Database Information<br />
Security Set Membership Information<br />
The Securityset Groups and Group Securitysets commands display security set<br />
membership information. Enter the Securityset Groups command to display the<br />
member groups for a specified security set as shown in the following example:<br />
SANbox #> securityset groups alpha<br />
Current list of Groups for SecuritySet: alpha<br />
---------------------------------------<br />
group1 (ISL)<br />
group2 (Port)<br />
Enter the Group Securitysets command to display the security sets for which a<br />
specified group is a member as shown in the following example:<br />
SANbox #> group securitysets group_1<br />
Current list of SecuritySets for Group: group_1<br />
---------------------------------------<br />
SecuritySet_1<br />
SecuritySet_2<br />
SecuritySet_A<br />
SecuritySet_B<br />
Group Membership Information<br />
Enter the Group Members command to display the members for a specified group<br />
as shown in the following example:<br />
SANbox #> group members group_1<br />
Current list of members for Group: group_1<br />
----------------------------------<br />
10:00:00:c0:dd:00:71:ed<br />
10:00:00:c0:dd:00:72:45<br />
10:00:00:c0:dd:00:90:ef<br />
10:00:00:c0:dd:00:b8:b7<br />
8-4 59263-02 B
8–Device Security Configuration<br />
Displaying Security Database Information<br />
Security Database Modification History<br />
Enter the Security History command to display a record of security database<br />
modifications as shown in the following example:<br />
SANbox #> security history<br />
Active Database Information<br />
---------------------------<br />
SecuritySetLastActivated/DeactivatedBy Remote<br />
SecuritySetLastActivated/DeactivatedOn day month date time year<br />
Database Checksum 00000000<br />
Inactive Database Information<br />
-----------------------------<br />
ConfigurationLastEditedBy<br />
admin@IB-session11<br />
ConfigurationLastEditedOn<br />
day month date time year<br />
Database Checksum 00007558<br />
History information includes the following:<br />
• Time of the most recent security set activation or deactivation and the user<br />
account that performed it<br />
• Time of the most recent modifications to the security database and the user<br />
account that made them<br />
• Checksum for the security database<br />
Security Database Limits<br />
Enter the Security Limits command to display a summary of the objects in the<br />
security database and their maximum limit as shown in the following example:<br />
SANbox #> security limits<br />
Security Attribute Maximum Current [Name]<br />
------------------ ------- ------- ------<br />
MaxSecuritySets 4 1<br />
MaxGroups 16 2<br />
MaxTotalMembers 1000 19<br />
MaxMembersPerGroup 1000<br />
4 group1<br />
15 group2<br />
59263-02 B 8-5
8–Device Security Configuration<br />
Configuring the Security Database<br />
Configuring the Security Database<br />
You can configure how the security database is applied to the switch and<br />
exchanged with the fabric through the security configuration parameters. The<br />
following security configuration parameters are available through the<br />
Set Config Security command:<br />
• AutoSave–This parameter enables or disables the saving of changes to<br />
active security set in the switch’s non-volatile security database.<br />
• FabricBindingEnabled–This parameter enables or disables the configuration<br />
and enforcement of fabric binding on all switches in the fabric. Fabric binding<br />
associates switch worldwide names with a domain ID in the creation of ISL<br />
groups.<br />
If AutoSave is False, you can revert device security changes that have been<br />
received from another switch through the activation of a security set, or merging of<br />
fabrics. Enter the Security Restore command to replace the volatile security<br />
database with the contents of the non-volatile security database.<br />
To restore the security configuration to its factory values, you can enter the<br />
Reset Config or Reset Factory command. Notice however, that these commands<br />
restore other aspects of the switch configuration also.<br />
8-6 59263-02 B
8–Device Security Configuration<br />
Configuring the Security Database<br />
To modify the security configuration, you must open an Admin session with the<br />
Admin Start command. An Admin session prevents other accounts from making<br />
changes at the same time either through the CLI, QuickTools, or Enterprise Fabric<br />
Suite. You must also open a Config Edit session with the Config Edit command<br />
and indicate which configuration you want to modify. If you do not specify a<br />
configuration name, the active configuration is assumed. The Config Edit session<br />
provides access to the Set Config Security command as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config security<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
FabricBindingEnabled (True / False) [False]<br />
AutoSave (True / False) [True ]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
SANbox (admin-config)#> config save<br />
SANbox (admin)#> config activate<br />
SANbox (admin)#> admin end<br />
59263-02 B 8-7
8–Device Security Configuration<br />
Modifying the Security Database<br />
Modifying the Security Database<br />
To modify the security database, you must open an Admin session with the Admin<br />
Start command. An Admin session prevents other accounts from making changes<br />
at the same time either through the CLI, QuickTools, or Enterprise Fabric Suite.<br />
You must also open a Security Edit session with the Security Edit command. The<br />
Security Edit session provides access to the Securityset, Group, and Security<br />
commands with which you make modifications to the security database.<br />
SANbox #> admin start<br />
SANbox (admin) #> security edit<br />
SANbox (admin-security)#> securityset . . .<br />
SANbox (admin-security)#> group . . .<br />
SANbox (admin-security)#> security . . .<br />
When you are finished making changes, enter the Security Save command to<br />
save the changes and close the Security Edit session.<br />
SANbox (admin-security)#> security save<br />
To close the session without saving changes, enter the Security Cancel<br />
command.<br />
SANbox (admin-security)#> security cancel<br />
Changes to the active security set do not take effect until you activate it with the<br />
Security Activate command. The Admin End command releases the Admin<br />
session for other administrators when you are done making changes to the<br />
switch.<br />
SANbox (admin)#> security activate<br />
SANbox (admin)#> admin end<br />
8-8 59263-02 B
8–Device Security Configuration<br />
Resetting the Security Database<br />
Resetting the Security Database<br />
There are two ways to remove all groups and security sets from the security<br />
database:<br />
• Enter the Security Clear command as shown in the following example:<br />
SANbox (admin-security) #> security clear<br />
All security information will be cleared. Please confirm (y/n): [n] y<br />
SANbox (admin-security) #> security save<br />
• Enter the Reset Security command as shown in the following example. The<br />
security configuration values, autosave and fabric binding remain<br />
unchanged.<br />
SANbox (admin) #> reset security<br />
Managing Security Sets<br />
Managing Security Sets consists of the following tasks:<br />
• Create a Security Set<br />
• Delete a Security Set<br />
• Rename a Security Set<br />
• Copy a Security Set<br />
• Add Groups to a Security Set<br />
• Remove Groups from a Security Set<br />
• Activate a Security Set<br />
• Deactivate a Security Set<br />
All of these tasks except Activate a Security Set and Deactivate a Security Set<br />
require a Security Edit session.<br />
Create a Security Set<br />
Enter the Securityset Create command to create a new security set as shown in<br />
the following example:<br />
SANbox (admin-security) #> securityset create securityset_1<br />
Delete a Security Set<br />
Enter the Securityset Delete command to delete a security set as shown in the<br />
following example:<br />
SANbox (admin-security) #> securityset delete securityset_1<br />
59263-02 B 8-9
8–Device Security Configuration<br />
Managing Security Sets<br />
Rename a Security Set<br />
Enter the Securityset Rename command to rename a security set as shown in the<br />
following example:<br />
SANbox (admin-security) #> securityset rename securityset_old securityset_new<br />
Copy a Security Set<br />
Enter the Securityset Copy command to copy a security set and its contents to a<br />
new security set as shown in the following example:<br />
SANbox (admin-security) #> securityset copy securityset_1 securityset_2<br />
Add Groups to a Security Set<br />
Enter the Securityset Add command to add a group to a security set as shown in<br />
the following example:<br />
SANbox (admin-security) #> securityset add securityset_1 group_isl group_port<br />
Remove Groups from a Security Set<br />
Enter the Securityset Remove command to remove groups from a security set as<br />
shown in the following example:<br />
SANbox (admin-security) #> sescurityset remove securityset_1 group_isl group_port<br />
Activate a Security Set<br />
Enter the Securityset Activate command to apply security to the fabric as shown in<br />
the following example:<br />
SANbox (admin) #> securityset activate securityset_1<br />
Deactivate a Security Set<br />
Enter the Securityset Deactivate command to deactivate the active security set<br />
and disable security in the fabric:<br />
SANbox (admin) #> securityset deactivate<br />
8-10 59263-02 B
8–Device Security Configuration<br />
Managing Groups<br />
Managing Groups<br />
Create a Group<br />
Delete a Group<br />
Rename a Group<br />
Copy a Group<br />
Managing Groups consists of the following tasks:<br />
• Create a Group<br />
• Delete a Group<br />
• Rename a Group<br />
• Copy a Group<br />
• Add Members to a Group<br />
• Modify a Group Member<br />
• Remove Members from a Group<br />
All of these tasks require an Admin session and a Security Edit session.<br />
Creating a group involves specifying a group name and a group type. There are<br />
three types of groups:<br />
• ISL group–secures connected switches<br />
• Port group–secures connected devices<br />
• MS group–secures management server commands<br />
Enter the Group Create command to create a new port group as shown in the<br />
following example:<br />
SANbox (admin-security) #> group create group_port port<br />
Enter the Group Delete command to delete group_port from the security database<br />
as shown in the following example:<br />
SANbox (admin-security) #> group delete group_port<br />
Enter the Group Rename command to rename group_port to port_1 as shown in<br />
the following example:<br />
SANbox (admin-security) #> group rename group_port port_1<br />
Enter the Group Copy command to copy the contents of an existing group<br />
(group_port) to a new group (port_1) as shown in the following example:<br />
SANbox (admin-security) #> group copy group_port port_1<br />
59263-02 B 8-11
8–Device Security Configuration<br />
Managing Groups<br />
Add Members to a Group<br />
Adding a member to a group involves specifying a group, the member worldwide<br />
name, and the member attributes. The member attributes define the<br />
authentication method, encryption method, secrets, and fabric binding, depending<br />
on the group type.<br />
• For ISL member attributes, refer to Table 13-2.<br />
• For Port member attributes, refer to Table 13-3.<br />
• For MS member attributes, refer to Table 13-4.<br />
Enter the Group Add command to add a member to a group:<br />
SANbox #> admin start<br />
SANbox (admin) #> security edit<br />
SANbox (admin-security) #> group add Group_1<br />
A list of attributes with formatting and default values will follow<br />
Enter a new value or simply press the ENTER key to accept the current value<br />
with exception of the Group Member WWN field which is mandatory.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Group Name Group_1<br />
Group Type ISL<br />
Member (WWN) [00:00:00:00:00:00:00:00] 10:00:00:c0:dd:00:90:a3<br />
Authentication (None / Chap) [None ] chap<br />
PrimaryHash (MD5 / SHA-1) [MD5 ]<br />
PrimarySecret (32 hex or 16 ASCII char value) [ ] 0123456789abcdef<br />
SecondaryHash (MD5 / SHA-1 / None) [None ]<br />
SecondarySecret (40 hex or 20 ASCII char value) [ ]<br />
Binding (domain ID 1-239, 0=None) [0 ]<br />
Finished configuring attributes.<br />
To discard this configuration use the security cancel command.<br />
8-12 59263-02 B
8–Device Security Configuration<br />
Managing Groups<br />
Modify a Group Member<br />
Modifying a group member involves changing the member attributes. The<br />
member attributes define the authentication method, encryption methods, secrets,<br />
and fabric binding, depending on the group type.<br />
• For ISL member attributes, refer to Table 13-2.<br />
• For Port member attributes, refer to Table 13-3.<br />
• For MS member attributes, refer to Table 13-4.<br />
Enter the Group Edit command to change the attributes of a group member:<br />
SANbox #> admin start<br />
SANbox (admin) #> security edit<br />
SANbox (admin-security) #> group edit G1 10:00:00:c0:dd:00:90:a3<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Group Name g1<br />
Group Type ISL<br />
Group Member 10:00:00:c0:dd:00:90:a3<br />
Authentication (None / Chap) [None] chap<br />
PrimaryHash (MD5 / SHA-1) [MD5 ] sha-1<br />
PrimarySecret (40 hex or 20 ASCII char value) [ ] 12345678901234567890<br />
SecondaryHash (MD5 / SHA-1 / None) [None] md5<br />
SecondarySecret (32 hex or 16 ASCII char value) [ ] 1234567890123456<br />
Binding (domain ID 1-239, 0=None) [3 ]<br />
Finished configuring attributes.<br />
To discard this configuration use the security cancel command.<br />
Remove Members from a Group<br />
Enter the Group Remove command to remove a member from a group as shown<br />
in the following example:<br />
SANbox (admin-security) #> group remove group_1 10:00:00:c0:dd:00:90:a3<br />
59263-02 B 8-13
8–Device Security Configuration<br />
Managing Groups<br />
8-14 59263-02 B
9 RADIUS Server<br />
Configuration<br />
Authentication can be performed locally using the switch’s security database, or<br />
remotely using a Remote Dial-In User Service (RADIUS) server such as Microsoft<br />
RADIUS. With a RADIUS server, the security database for the entire fabric<br />
resides on the server. In this way, the security database can be managed<br />
centrally, rather than on each switch. You can configure up to five RADIUS servers<br />
to provide failover.<br />
You can configure the RADIUS server to authenticate just the switch or both the<br />
switch and the initiator device if the device supports authentication. When using a<br />
RADIUS server, every switch in the fabric must have a network connection. A<br />
RADIUS server can also be configured to authenticate user accounts. Refer to<br />
Section 2 for information about user accounts. A secure connection is required to<br />
authenticate user logins with a RADIUS server. Refer to Section 7 for information<br />
about secure connections.<br />
This section describes the following tasks:<br />
• Displaying RADIUS Server Information<br />
• Configuring a RADIUS Server on the Switch<br />
Displaying RADIUS Server Information<br />
Enter the Show Setup Radius command to display RADIUS server information as<br />
shown in the following example. Refer to Table 13-28 for a description of the<br />
RADIUS configuration parameters.<br />
SANbox #> show setup radius<br />
Radius Information<br />
------------------<br />
DeviceAuthOrder Local<br />
UserAuthOrder Local<br />
TotalServers 2<br />
Server: 1<br />
ServerIPAddress 10.0.0.13<br />
ServerUDPPort 1812<br />
59263-02 B 9-1
9–RADIUS Server Configuration<br />
Displaying RADIUS Server Information<br />
DeviceAuthServer False<br />
UserAuthServer False<br />
AccountingServer False<br />
Timeout 2<br />
Retries 0<br />
SignPackets False<br />
Secret ********<br />
Server: 2<br />
ServerIPAddress bacd:1234:bacd:1234:bacd:1234:bacd:1234<br />
ServerUDPPort 1812<br />
DeviceAuthServer True<br />
UserAuthServer True<br />
AccountingServer True<br />
Timeout 2<br />
Retries 0<br />
SignPackets False<br />
Secret ********<br />
9-2 59263-02 B
9–RADIUS Server Configuration<br />
Configuring a RADIUS Server on the Switch<br />
Configuring a RADIUS Server on the Switch<br />
Enter the Set Setup Radius command to configure a RADIUS server on the<br />
switch. There are two groups of RADIUS configuration parameters. One group of<br />
parameters is common to all RADIUS server configurations. The second group is<br />
server specific. You can configure both groups of parameters for all RADIUS<br />
servers, or you can configure the common and server-specific parameters<br />
separately. Refer to Table 13-28 for a description of the common and<br />
server-specific RADIUS configuration parameters.<br />
The following example configures the common RADIUS server configuration<br />
parameters:<br />
SANbox (admin) #> set setup radius common<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the attributes<br />
for the server being processed, press 'q' or 'Q' and the ENTER key to do so.<br />
If you wish to terminate the configuration process completely, press 'qq' or<br />
'QQ' and the ENTER key to so do.<br />
PLEASE NOTE:<br />
-----------<br />
* SSL must be enabled in order to configure RADIUS User Authentication<br />
SSL can be enabled using the 'set setup services' command.<br />
Current Values:<br />
DeviceAuthOrder Local<br />
UserAuthOrder Local<br />
TotalServers 1<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
DeviceAuthOrder 1=Local, 2=Radius, 3=RadiusLocal :<br />
UserAuthOrder 1=Local, 2=Radius, 3=RadiusLocal :<br />
TotalServers decimal value, 0-5 :<br />
Do you want to save and activate this radius setup? (y/n): [n]<br />
59263-02 B 9-3
9–RADIUS Server Configuration<br />
Configuring a RADIUS Server on the Switch<br />
The following example configures RADIUS server 1:<br />
SANbox (admin) #> set setup radius server 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the attributes<br />
for the server being processed, press 'q' or 'Q' and the ENTER key to do so.<br />
If you wish to terminate the configuration process completely, press 'qq' or<br />
'QQ' and the ENTER key to so do.<br />
PLEASE NOTE:<br />
-----------<br />
* SSL must be enabled in order to configure RADIUS User Authentication<br />
SSL can be enabled using the 'set setup services' command.<br />
Server 1 Current Values:<br />
ServerIPAddress 10.20.11.8<br />
ServerUDPPort 1812<br />
DeviceAuthServer True<br />
UserAuthServer True<br />
AccountingServer False<br />
Timeout 10<br />
Retries 0<br />
SignPackets False<br />
Secret **********<br />
New Server 1 Value (press ENTER to accept current value, 'q' to skip):<br />
ServerIPAddress (hostname, IPv4, or IPv6 address) :<br />
ServerUDPPort (decimal value) :<br />
DeviceAuthServer (True / False) :<br />
UserAuthServer (True / False) :<br />
AccountingServer (True / False) :<br />
Timeout (decimal value, 10-30 secs) :<br />
Retries (decimal value, 1-3, 0=None) :<br />
SignPackets (True / False) :<br />
Secret (1-63 characters, recommend 22+) :<br />
Do you want to save and activate this radius setup? (y/n): [n]<br />
9-4 59263-02 B
10 Event Log Configuration<br />
This section describes the following tasks:<br />
• Starting and Stopping Event Logging<br />
• Displaying the Event Log<br />
• Managing the Event Log Configuration<br />
• Clearing the Event Log<br />
• Logging to a Remote Host<br />
• Creating and Downloading a Log File<br />
Event messages originate from the switch or from the management application in<br />
response to events that occur in the fabric. Refer to the <strong>QLogic</strong> Fibre Channel<br />
Switch Event Message Reference <strong>Guide</strong> for a complete listing of switch event<br />
messages.<br />
Events are classified by the following severity levels:<br />
• Alarm–The alarm level describes events that are disruptive to the<br />
administration or operation of a fabric and require administrator intervention.<br />
Alarms are always logged and always displayed on the screen. Alarm<br />
thresholds can be defined for certain port errors to customize when to<br />
generate an alarm.<br />
• Critical–The critical level describes events that are generally disruptive to<br />
the administration or operation of the fabric, but require no action.<br />
• Warning–The warning level describes events that are generally not<br />
disruptive to the administration or operation of the fabric, but are more<br />
important than the informative level events.<br />
• Informative–The informative level describes routine events associated with a<br />
normal fabric.<br />
59263-02 B 10-1
10–Event Log Configuration<br />
Starting and Stopping Event Logging<br />
Starting and Stopping Event Logging<br />
Enter the Set Log Stop command in an Admin session to stop recording event<br />
messages in the switch Log as shown in the following example:<br />
SANbox (admin) #> set log stop<br />
Enter the Set Log Start command to start recording event message in the switch<br />
log as shown in the following example:<br />
SANbox (admin) #> set log start<br />
Displaying the Event Log<br />
Enter the Show Log command to display the event log. Each message has the<br />
following format:<br />
[ordinal][time_stamp][severity][message_ID][source][message_text]<br />
Table 10-1 describes the message format components.<br />
Table 10-1. Event Log Message Format<br />
Component<br />
[ordinal]<br />
[time_stamp]<br />
[severity]<br />
[message_ID]<br />
[source]<br />
[message_text]<br />
Description<br />
A number assigned to each message in sequence since the last time<br />
the alarm history was cleared.<br />
The time the alarm was issued in the format day month hh:mm:ss.ms<br />
UTC yyyy. This time stamp comes from the switch for events that<br />
originate with the switch, and from the workstation for events that<br />
originate with QuickTools or Enterprise Fabric Suite.<br />
The event severity: A–Alarm, C–Critical, W–Warning, I–Informative<br />
A number that identifies the message using the following format: category.message_number<br />
The program module or application that generated the event.<br />
Sources include Zoning, Switch, PortApp, EPort, Management<br />
Server. Alarms do not include the source.<br />
The message text<br />
The following is an example of the Show Log command:<br />
SANbox #> show log<br />
[327][day month date time year][I][Eport Port:0/8][Eport State=<br />
E_A0_GET_DOMAIN_ID]<br />
[328][day month date time year][I][Eport Port: 0/8][FSPF PortUp state=0]<br />
[329][day month date time year][I][Eport Port: 0/8][Sending init hello]<br />
10-2 59263-02 B
10–Event Log Configuration<br />
Displaying the Event Log<br />
[330][day month date time year][I][Eport Port: 0/8][Processing EFP, oxid= 0x8]<br />
[331][day month date time year][I][Eport Port: 0/8][Eport State = E_A2_IDLE]<br />
[332][day month date time year][I][Eport Port: 0/8][EFP,WWN= 0x100000c0dd00b845,<br />
len= 0x30]<br />
[333][day month date time year][I][Eport Port: 0/8][Sending LSU oxid=0xc:type=1]<br />
[334][day month date time year][I][Eport Port: 0/8][Send Zone Merge Request]<br />
[335][day month date time year][I][Eport Port: 0/8][LSDB Xchg timer set]<br />
You can also filter the event log display with the Show Log Display command and<br />
customize the messages that display automatically in the output stream.<br />
• Filtering the Event Log Display<br />
• Controlling Messages in the Output Stream<br />
Filtering the Event Log Display<br />
You can customize what events are displayed according to the component or<br />
severity level. Enter the Show Log Display command to filter the events in the<br />
display. You can choose from the following severity levels and component events:<br />
• Informative events<br />
• Warning events<br />
• Critical events<br />
• E_Port events<br />
• Management server events<br />
• Name server events<br />
• Port events<br />
• Switch management events<br />
• Simple Network Management Protocol (SNMP) events<br />
• Zoning events<br />
The following example filters the event log display for critical events.<br />
SANbox #> show log display critical<br />
Controlling Messages in the Output Stream<br />
Enter the Set Log Display command in an Admin session to specify the severity<br />
level filter to use to determine what messages are automatically displayed on the<br />
screen when they occur. Alarms are always included in the output stream. The<br />
following example includes warning and critical level messages in the output<br />
stream:<br />
SANbox (admin) #> set log display warn<br />
59263-02 B 10-3
10–Event Log Configuration<br />
Managing the Event Log Configuration<br />
Managing the Event Log Configuration<br />
Managing the Event Log Configuration consists of the following tasks:<br />
• Configure the Event Log<br />
• Display the Event Log Configuration<br />
• Restore the Event Log Configuration<br />
Configure the Event Log<br />
You can customize what events are recorded in the switch event log according to<br />
component, severity level, and port. Enter the Set Log Component, Set Log Level,<br />
and Set Log Port commands in an Admin session to filter the events to be<br />
recorded. You can choose from the following component events:<br />
• E_Port events<br />
• Management server events<br />
• Name server events<br />
• Port events<br />
• Switch management events<br />
• Simple Network Management Protocol (SNMP) events<br />
• Zoning events<br />
• Call Home events<br />
The following example configures the event log to record switch management<br />
events with warning and critical severity levels associated with ports 0–3. Entering<br />
the Set Log Save command ensures that this configuration is preserved across<br />
switch resets.<br />
SANbox (admin) #> set log component switch<br />
SANbox (admin) #> set log level warn<br />
SANbox (admin) #> set log port 0 1 2 3<br />
SANbox (admin) #> set log save<br />
10-4 59263-02 B
10–Event Log Configuration<br />
Clearing the Event Log<br />
Display the Event Log Configuration<br />
Enter the Show Log Settings command to display all event log configuration<br />
settings as shown in the following example:<br />
SANbox #> show log settings<br />
Current settings for log<br />
------------------------<br />
Started<br />
True<br />
FilterComponent NameServer MgmtServer Zoning Switch Port Eport Snmp CLI QFS<br />
FilterLevel Info<br />
DisplayLevel Critical<br />
FilterPort 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23<br />
Restore the Event Log Configuration<br />
Enter the Set Log Restore command in an Admin session to return the event log<br />
configuration to the factory default as shown in the following example:<br />
SANbox (admin) #> set log restore<br />
Clearing the Event Log<br />
Enter the Set Log Clear command in an Admin session to delete all entries in the<br />
event log as shown in the following example:<br />
SANbox (admin) #> set log clear<br />
Logging to a Remote Host<br />
The switch comes from the factory with local logging enabled, which instructs the<br />
switch firmware to maintain an event log in switch memory. The switch can also be<br />
configured to log events to a remote host that supports the syslog protocol. This<br />
requires that you enable remote logging on the switch and specify an IP address<br />
for the remote host.<br />
NOTE:<br />
To log event messages on a remote host, you must edit the syslog.conf file<br />
on the remote host and then restart the syslog daemon. The syslog.conf file<br />
must contain an entry that specifies the name of the log file. Add the<br />
following line to the syslog.conf file. A separates the selector field<br />
(local0.info) and action field which contains the log file path name<br />
(/var/adm/messages/messages.name).<br />
local0.info /var/adm/messages/messages.name<br />
Consult your host operating system documentation for information on how to<br />
configure remote logging.<br />
59263-02 B 10-5
10–Event Log Configuration<br />
Creating and Downloading a Log File<br />
Enter the Set Setup System Logging command to control local logging through<br />
the LocalLogEnabled parameter, and remote logging through the<br />
RemoteLogEnabled and RemoteLogHostAddress parameters as shown in the<br />
following example:<br />
SANbox (admin) #> set setup system logging<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
LocalLogEnabled<br />
True<br />
RemoteLogEnabled False<br />
RemoteLogHostAddress 10.0.0.254<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
LocalLogEnabled (True / False) :<br />
RemoteLogEnabled (True / False) :<br />
RemoteLogHostAddress (hostname, IPv4, or IPv6 Address) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
Creating and Downloading a Log File<br />
Enter the Set Log Archive command to collect the event log messages in a file on<br />
the switch named logfile. This file can have a maximum of 1200 event messages.<br />
Use FTP to download the file from the switch to your workstation as follows:<br />
1. Log into the switch through Telnet and create an archive of the event log.<br />
Enter the Set Log Archive command in an Admin session to create a file on<br />
the switch named logfile.<br />
SANbox #> admin start<br />
SANbox (admin) #> set log archive<br />
2. Open an FTP session on the switch and log in with the account name<br />
images and password images. Transfer the file logfile in binary mode with<br />
the Get command.<br />
>ftp ip_address<br />
user:images<br />
password: images<br />
ftp>bin<br />
ftp>get logfile<br />
xxxxx bytes sent in xx secs.<br />
ftp>quit<br />
10-6 59263-02 B
11 Call Home Configuration<br />
This section describes the following topics:<br />
• Call Home Concepts<br />
• Configuring the Call Home Service<br />
• Managing the Call Home Database<br />
• Testing a Call Home Profile<br />
• Changing SMTP Servers<br />
• Clearing the Call Home Message Queue<br />
• Resetting the Call Home Database<br />
Call Home Concepts<br />
The Call Home service improves fabric availability by notifying administrators by<br />
email of events that affect switch operation. The Call Home service is active by<br />
default and is controlled by the Set Setup Services command. To display the Call<br />
Home service status, enter the Show Setup Services command. To better<br />
understand the Call Home service, consider the following:<br />
• Call Home Requirements<br />
• Call Home Messages<br />
• Technical Support <strong>Interface</strong><br />
59263-02 B 11-1
11–Call Home Configuration<br />
Call Home Concepts<br />
Call Home Requirements<br />
In addition to enabling the Call Home service, you must also do the following to<br />
ensure that email messages can be sent:<br />
• Configure the Call Home service. The Call Home service configuration<br />
consists of primary and secondary SMTP server specifications and contact<br />
information. You must enable and specify an address and service port for at<br />
least one SMTP server. Refer to “Configuring the Call Home Service” on<br />
page 11-5.<br />
• Configure the Call Home database The Call Home database consists of up<br />
to 25 Call Home profiles. Each profile defines the following:<br />
Event severity levels (Alarm, Critical, Warn) that will initiate an email<br />
message<br />
Email message format and subject<br />
Email recipients<br />
Multiple profiles make it possible to notify different audiences based on any<br />
combination of event severity, message format (short or full), or message<br />
length. You configure profiles using the Profile command within a Callhome<br />
Edit session. Refer to “Managing the Call Home Database” on page 11-6.<br />
• Ensure that each switch that is to support Call Home email notification has<br />
its own Ethernet connection.<br />
Enter the Callhome Test command to test your Call Home service and database<br />
configurations. Refer to “Testing a Call Home Profile” on page 11-13.<br />
11-2 59263-02 B
11–Call Home Configuration<br />
Call Home Concepts<br />
Call Home Messages<br />
The Call Home service generates email messages for the specified event severity<br />
level and the following switch actions:<br />
• Switch comes online<br />
• Switch goes offline<br />
• Reboot<br />
• Power up<br />
• Power down 1<br />
• SFP failure<br />
When a qualifying switch action or event occurs, an email message is created and<br />
placed in the Call Home queue to be sent to the active SMTP server. You can<br />
monitor activity in the queue using the Callhome Queue Stats command. You can<br />
also clear the queue of email messages using the Callhome Queue Clear<br />
command.<br />
There are three email message formats: full text, short text, and Tsc1. The full-text<br />
format contains the switch and event information, plus the contact information<br />
from the Call Home profile and SNMP configurations. The short-text and Tsc1<br />
formats contains basic switch and event information; Tl is formatted for automated<br />
parsing. The following is an example of a short-text email:<br />
From: john.doe@qlogic.com [mailto:john.doe@qlogic.com]<br />
Sent: day, month date, year hh:mm<br />
Subject: [CallHome: Test] Alarm generated on Switch_8<br />
SwitchName: Switch_8_83.215<br />
SwitchIP: 10.20.30.40<br />
SwitchWWN: 10:00:00:c0:dd:0c:66:f2<br />
Level: Alarm<br />
Text: CALLHOME TEST PROFILE MESSAGE<br />
ID: 8B00.0002<br />
Time: day month date hh:mm:ss.343 CDT year<br />
The following is an example of a full-text email including profile and SNMP contact<br />
information:<br />
From: john.doe@work.com [mailto:john.doe@work.com]<br />
Sent: day, month date, year hh:mm<br />
Subject: [CallHome: Test] Alarm generated on Switch_8<br />
1<br />
If the switch is forced to power-down before the message is sent to the SMTP server, no message<br />
will be transmitted.<br />
59263-02 B 11-3
11–Call Home Configuration<br />
Call Home Concepts<br />
------------ Event Details<br />
SwitchName: Switch_8_83.215<br />
SwitchIP: 10.20.30.40<br />
SwitchWWN: 10:00:00:c0:dd:0c:66:f2<br />
Level: Alarm<br />
Text: CALLHOME TEST PROFILE MESSAGE<br />
ID: 8B00.0002<br />
Time: day month date hh:mm:ss.343 CDT year<br />
------------ Switch Location<br />
Room 123; Rack 9; Bay 3<br />
------------ Contact Information<br />
George Smith<br />
12345 4th Street, City, State<br />
952-999-9999<br />
george.smith@work.com<br />
Technical Support <strong>Interface</strong><br />
The Tech_Support_Center profile provides a way to collect and send switch status<br />
and trend data periodically by e-mail to specified technical support resources. To<br />
use this feature, you must create a profile named Tech_Support_Center. The<br />
Capture command enables you to add instructions to the Tech_Support_Center<br />
profile to specify the frequency with which to e-mail this data. For more<br />
information, refer to “Adding a Data Capture Configuration” on page 11-11.<br />
11-4 59263-02 B
11–Call Home Configuration<br />
Configuring the Call Home Service<br />
Configuring the Call Home Service<br />
Enter the Set Setup Callhome command in an Admin session to configure the Call<br />
Home service as shown in the following example. Refer to Table 13-27 for a<br />
description of the Call Home service configuration entries.<br />
SANbox (admin) #> set setup callhome<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the current value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
If either the Primary or Secondary SMTP Servers are enabled, the FromEmailAddress<br />
attribute must be configured or the switch will not attempt to deliver messages.<br />
Current Values:<br />
PrimarySMTPServerAddr 0.0.0.0<br />
PrimarySMTPServerPort 25<br />
PrimarySMTPServerEnable False<br />
SecondarySMTPServerAddr 0.0.0.0<br />
SecondarySMTPServerPort 25<br />
SecondarySMTPServerEnable False<br />
ContactEmailAddress nobody@localhost.localdomain<br />
PhoneNumber<br />
<br />
StreetAddress<br />
<br />
FromEmailAddress<br />
nobody@localhost.localdomain<br />
ReplyToEmailAddress nobody@localhost.localdomain<br />
ThrottleDupsEnabled True<br />
New Value (press ENTER to accept current value, 'q' to quit):<br />
PrimarySMTPServerAddr (IPv4, IPv6, or hostname) :<br />
PrimarySMTPServerPort (decimal value) :<br />
PrimarySMTPServerEnable (True / False) :<br />
SecondarySMTPServerAddr (IPv4, IPv6, or hostname) :<br />
SecondarySMTPServerPort (decimal value) :<br />
SecondarySMTPServerEanble (True / False) :<br />
ContactEmailAddress (ex: admin@company.com) :<br />
PhoneNumber (ex: +1-800-123-4567) :<br />
StreetAddress (include all address info) :<br />
FromEmailAddress (ex: bldg3@company.com) :<br />
ReplyToEmailAddress (ex: admin3@company.com) :<br />
ThrottleDupsEnabled (True / False) :<br />
Do you want to save and activate this Callhome setup? (y/n):<br />
Enter the Show Setup Callhome command to display the Call Home service<br />
configuration as shown in the following example.<br />
SANbox #> show setup callhome<br />
Callhome Information<br />
59263-02 B 11-5
11–Call Home Configuration<br />
Managing the Call Home Database<br />
--------------------<br />
PrimarySMTPServerAddr 0.0.0.0<br />
PrimarySMTPServerPort 25<br />
PrimarySMTPServerEnabled False<br />
SecondarySMTPServerAddr 0.0.0.0<br />
SecondarySMTPServerPort 25<br />
SecondarySMTPServerEnabled False<br />
ContactEmailAddress<br />
nobody@localhost.localdomain<br />
PhoneNumber<br />
<br />
StreetAddress<br />
<br />
FromEmailAddress<br />
nobody@localhost.localdomain<br />
ReplyToEmailAddress<br />
nobody@localhost.localdomain<br />
ThrottleDupsEnabled<br />
True<br />
+ indicates active SMTP server<br />
Managing the Call Home Database<br />
To modify the Call Home database, you must open an Admin session with the<br />
Admin Start command. An Admin session prevents other accounts from making<br />
changes at the same time through Telnet, QuickTools, Enterprise Fabric Suite, or<br />
another management application. You must also open a Callhome Edit session<br />
with the Callhome Edit command. The Callhome Edit session provides access to<br />
the Callhome, Capture, and Profile commands with which you make modifications<br />
to the Call Home database.<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome)#> callhome . . .<br />
SANbox (admin-callhome)#> profile . . .<br />
SANbox (admin-callhome)#> capture . . .<br />
When you are finished making changes, enter the Callhome Save command to<br />
save the changes and close the Callhome Edit session. Changes take effect<br />
immediately.<br />
SANbox (admin-callhome)#> callhome save<br />
To close the Callhome Edit session without saving changes, enter the Callhome<br />
Cancel command.<br />
SANbox (admin-callhome)#> callhome cancel<br />
The Admin End command releases the Admin session for other administrators<br />
when you are done making changes to the switch.<br />
11-6 59263-02 B
11–Call Home Configuration<br />
Managing the Call Home Database<br />
To remove all Call Home profiles and restore the Call Home service configuration<br />
to its factory state, enter the Reset Callhome command.<br />
SANbox (admin) #> reset callhome<br />
Managing the Call Home database consists of the following tasks:<br />
• Displaying Call Home Database Information<br />
• Creating a Profile<br />
• Deleting a Profile<br />
• Modifying a Profile<br />
• Renaming a Profile<br />
• Copying a Profile<br />
• Adding a Data Capture Configuration<br />
• Modifying a Data Capture Configuration<br />
• Deleting a Data Capture Configuration<br />
Displaying Call Home Database Information<br />
Enter the Callhome History command to display the Call Home data base change<br />
history information as shown in the following example:<br />
SANbox #> callhome history<br />
CallHome Database History<br />
-------------------------<br />
ConfigurationLastEditedBy admin@OB-session2<br />
ConfigurationLastEditedOn day mmm dd hh:mm:ss yyyy<br />
DatabaseChecksum<br />
000014a3<br />
ProfileName<br />
group4<br />
ProfileLevel<br />
Warn<br />
ProcessedCount 286<br />
ProcessedLast<br />
day mmm dd hh:mm:ss yyyy<br />
ProfileName<br />
group5<br />
ProfileLevel<br />
Alarm<br />
ProcessedCount 25<br />
ProcessedLast<br />
day mmm dd hh:mm:ss yyyy<br />
Enter the Callhome List command to display a list of Call Home profiles as shown<br />
in the following example:<br />
SANbox #> callhome list<br />
Configured Profiles:<br />
--------------------<br />
group4<br />
group5<br />
59263-02 B 11-7
11–Call Home Configuration<br />
Managing the Call Home Database<br />
Enter the Callhome List Profile command to display a list of Call Home profiles<br />
and their details as shown in the following example:<br />
SANbox #> callhome list profile<br />
ProfileName: group4<br />
------------<br />
Level<br />
Warn<br />
Format<br />
FullText<br />
MaxSize any size up to max of 100000<br />
EmailSubject CallHome Warn<br />
RecipientEmail admin1@company.com<br />
RecipientEmail admin2@company.com<br />
RecipientEmail admin3@company.com<br />
RecipientEmail admin7@company.com<br />
RecipientEmail admin8@company.com<br />
RecipientEmail admin9@company.com<br />
RecipientEmail admin10@company.com<br />
ProfileName: group5<br />
------------<br />
Level<br />
Alarm<br />
Format<br />
ShortText<br />
MaxSize any size up to max of 40000<br />
EmailSubject CallHome Alarm<br />
RecipientEmail me1@company.com<br />
RecipientEmail me10@company.com<br />
Enter the Callhome Queue Stats command to display information about email<br />
messages in the Call Home queue as shown in the following example:<br />
SANbox #> callhome queue stats<br />
Callhome Queue Information<br />
--------------------------<br />
FileSystemSpaceInUse 534 (bytes)<br />
EntriesInQueue 3<br />
11-8 59263-02 B
11–Call Home Configuration<br />
Managing the Call Home Database<br />
Creating a Profile<br />
Enter the Profile Create command to create a Call Home profile as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile create profile_1<br />
A list of attributes with formatting and default values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press ’q’ or ’Q’ and the ENTER key to do so.<br />
Default Values:<br />
Level<br />
Alarm<br />
Format<br />
FullText<br />
MaxSize 100000<br />
EmailSubject <br />
RecipientEmail (up to 10 entries allowed)<br />
New Value (press ENTER to accept default value, 'q' to quit):<br />
Level (Alarm,Critical,Warn,None) :<br />
Format (1=FullText, 2=ShortText, 3=Tsc1) :<br />
MaxSize (decimal value, 650-100000) :<br />
EmailSubject (string, max=64 chars, N=None) : Technical problem<br />
RecipientEmail (ex: admin@company.com, N=None)<br />
1. : admin0@company.com<br />
The profile has been created.<br />
This configuration must be saved with the callhome save command<br />
before it can take effect, or to discard this configuration<br />
use the callhome cancel command.<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Deleting a Profile<br />
Enter the Profile Delete command to delete a Call Home profile as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile delete profile_1<br />
The profile will be deleted. Please confirm (y/n): [n] y<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
59263-02 B 11-9
11–Call Home Configuration<br />
Managing the Call Home Database<br />
Modifying a Profile<br />
Enter the Profile Edit command to modify an existing Call Home profile as shown<br />
in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile edit profile_1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
Level<br />
Alarm<br />
Format<br />
ShortText<br />
MaxSize 1000<br />
EmailSubject Switch Problem<br />
RecipientEmail (up to 10 entries allowed)<br />
1. john.smith@domain.com<br />
New Value (press ENTER to accept current value, 'q' to quit):<br />
Level (Alarm,Critical,Warn,None) :<br />
Format (1=FullText, 2=ShortText, 3=Tsc1) : 1<br />
MaxSize (decimal value, 650-100000) :<br />
EmailSubject (string, max=64 chars, N=None) :<br />
RecipientEmail (ex: admin@company.com, N=None)<br />
1. john.smith@domain.com :<br />
2. :<br />
The profile has been edited.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
11-10 59263-02 B
11–Call Home Configuration<br />
Managing the Call Home Database<br />
Renaming a Profile<br />
Enter the Profile Rename command to rename profile_1 as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile rename profile_1 profile_4<br />
The profile will be renamed. Please confirm (y/n): [n] y<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Copying a Profile<br />
Enter the Profile Copy command to copy profile_1 as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile copy profile_1 profile_a<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Adding a Data Capture Configuration<br />
Enter the Capture Add command to add a data capture configuration to the<br />
Tech_Support_Center profile as shown in the following example. If the<br />
Tech_Support_Center profile does not exist, you must create it using the Profile<br />
Create command.<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> capture add<br />
A list of attributes with formatting and default values will follow.<br />
Enter a value or simply press the ENTER key to accept the default value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Value (press ENTER to accept the default, 'q' to quit):<br />
TimeOfDay (HH:MM) [02:00]<br />
DayOfWeek (Sun,Mon,Tue,Wed,Thu,Fri,Sat) [Sat ]<br />
Interval (decimal value, 1-26 weeks) [1 ]<br />
A capture entry has been added to profile Tech_Support_Center.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
59263-02 B 11-11
11–Call Home Configuration<br />
Managing the Call Home Database<br />
Modifying a Data Capture Configuration<br />
Enter the Capture Edit command to modify a data capture configuration in the<br />
Tech_Support_Center profile as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> capture edit<br />
Capture Entries for Profile: Tech_Support_Center<br />
Index TimeOfDay DayOfWeek Interval<br />
----- --------- --------- --------<br />
1 02:00 Sat 1 (weeks)<br />
Please select a capture entry from the list above ('q' to quit): 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Value (press ENTER to accept the default, 'q' to quit):<br />
TimeOfDay (HH:MM) [02:00]<br />
DayOfWeek (Sun,Mon,Tue,Wed,Thu,Fri,Sat) [Sat ]<br />
Interval (decimal value, 1-26 weeks) [1 ]<br />
The selected capture entry has been edited for profile Tech_Support_Center.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
Deleting a Data Capture Configuration<br />
Enter the Capture Remove command to delete a data capture configuration from<br />
the Tech_Support_Center profile as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> capture remove<br />
Capture Entries for Profile: Tech_Support_Center<br />
Index TimeOfDay DayOfWeek Interval<br />
----- --------- --------- --------<br />
1 02:00 Sat 1 (weeks)<br />
Please select a capture entry from the list above ('q' to quit): 1<br />
The selected capture entry has been removed from profile Tech_Support_Center.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
11-12 59263-02 B
11–Call Home Configuration<br />
Testing a Call Home Profile<br />
Testing a Call Home Profile<br />
Enter the Callhome Test Profile command to test a Call Home profile as shown in<br />
the following example. This command generates a test message and routes it to<br />
the email recipients specified in the profile.<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome test profile group4<br />
A callhome profile test has been started.<br />
A notification with the test result will appear<br />
on the screen when the test has completed.<br />
SANbox (admin) #><br />
Test for Callhome Profile group4 Passed.<br />
Changing SMTP Servers<br />
The Call Home service configuration enables you to specify a primary and a<br />
secondary SMTP server to which the switch connects. The active server is the<br />
server that receives messages from the switch. By default, the primary SMTP<br />
server is the active server. Should the active server lose connection, control<br />
passes automatically to the other server. You can explicitly change the active<br />
server by entering the Callhome Changeover command as shown in the following<br />
example:<br />
SANbox #> admin start<br />
SANbox #> callhome edit<br />
SANbox #> (admin-callhome) #> callhome changeover<br />
The currently active CallHome SMTP server will change. Please confirm (y/n): [n] y<br />
Though the active server status changes, the primary SMTP server remains the<br />
primary, and the secondary SMTP server remains the secondary.<br />
Clearing the Call Home Message Queue<br />
Enter the Callhome Queue Clear command to clear email messages from the Call<br />
Home message queue as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome queue clear<br />
The callhome queue will be cleared. Please confirm (y/n): [n] y<br />
Refer to the Callhome Queue Stats command to display the contents of the Call<br />
Home message queue.<br />
59263-02 B 11-13
11–Call Home Configuration<br />
Resetting the Call Home Database<br />
Resetting the Call Home Database<br />
There are two ways to reset the Call Home database. Enter the Callhome Clear<br />
command to clear all Callhome profiles as shown in the following example. This<br />
command resets the Tech_Support_Center profile to the factory default, but does<br />
not affect the Call Home service configuration.<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> callhome clear<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
Enter the Reset Callhome command to clear all Call Home profiles and resets the<br />
Tech_Support_Center profile and Call Home service configuration to the factory<br />
defaults as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> reset callhome<br />
The callhome configuration will be reset and the default values activated.<br />
Please confirm (y/n): [n] y<br />
Reset and activation in progress ....<br />
11-14 59263-02 B
12 Simple Network<br />
Management Protocol<br />
Configuration<br />
This section describes the following tasks:<br />
• Managing the SNMP Service<br />
• Displaying SNMP Information<br />
• Modifying the SNMP Configuration<br />
• Resetting the SNMP Configuration<br />
• Managing the SNMP Version 3 Configuration<br />
The Simple Network Management Protocol (SNMP) provides for the management<br />
of the switch through third-party applications that use SNMP. Security consists of<br />
a read community string and a write community string that serve as passwords<br />
that control read and write access to the switch. These strings are set at the<br />
factory to well-known defaults and should be changed if SNMP is to be enabled.<br />
The switch supports SNMP version 3 in the CLI, which is disabled by default.<br />
59263-02 B 12-1
12–Simple Network Management Protocol Configuration<br />
Managing the SNMP Service<br />
Managing the SNMP Service<br />
You control the SNMP service SNMPEnabled parameters through the<br />
Set Setup SNMP or Set Setup Services commands. Refer to “Modifying the<br />
SNMP Configuration” on page 12-4 for more information.<br />
Enter the Set Setup Services command to enable SNMP as shown in the<br />
following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> set setup services<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
PLEASE NOTE:<br />
-----------<br />
* Further configuration may be required after enabling a service.<br />
* If services are disabled, the connection to the switch may be lost.<br />
* When enabling SSL, please verify that the date/time settings<br />
on this switch and the workstation from where the SSL connection<br />
will be started match, and then a new certificate may need to be<br />
created to ensure a secure connection to this switch.<br />
TelnetEnabled (True / False) [True ]<br />
SSHEnabled (True / False) [False]<br />
GUIMgmtEnabled (True / False) [True ]<br />
SSLEnabled (True / False) [False]<br />
EmbeddedGUIEnabled (True / False) [True ]<br />
SNMPEnabled (True / False) [True ]<br />
NTPEnabled (True / False) [False]<br />
CIMEnabled (True / False) [False]<br />
FTPEnabled (True / False) [True ]<br />
MgmtServerEnabled (True / False) [True ]<br />
CallHomeEnabled (True / False) [True ]<br />
Do you want to save and activate this services setup? (y/n): [n]<br />
You can display the SNMPEnabled parameters using the Show Setup Snmp or<br />
Show Setup Services commands.<br />
12-2 59263-02 B
12–Simple Network Management Protocol Configuration<br />
Displaying SNMP Information<br />
Displaying SNMP Information<br />
Enter the Show Setup Snmp command to displays common and trap-specific<br />
SNMP configuration information as shown in the following example. Refer to<br />
Table 13-32 for a description of the SNMP parameters.<br />
SANbox #> show setup snmp<br />
SNMP Information<br />
----------------<br />
SNMPEnabled<br />
True<br />
Contact<br />
<br />
Location<br />
N_107 System Test Lab<br />
Description<br />
<strong>QLogic</strong> 5800V FC Switch<br />
ObjectID 1.3.6.1.4.1.3873.1.9<br />
AuthFailureTrap True<br />
ProxyEnabled<br />
True<br />
SNMPv3Enabled<br />
False<br />
Trap1Address 10.0.0.254<br />
Trap1Port 162<br />
Trap1Severity<br />
warning<br />
Trap1Version 2<br />
Trap1Enabled<br />
False<br />
Trap2Address 0.0.0.0<br />
Trap2Port 162<br />
Trap2Severity<br />
warning<br />
Trap2Version 2<br />
Trap2Enabled<br />
False<br />
Trap3Address 0.0.0.0<br />
Trap3Port 162<br />
Trap3Severity<br />
warning<br />
Trap3Version 2<br />
Trap3Enabled<br />
False<br />
Trap4Address 0.0.0.0<br />
Trap4Port 162<br />
Trap4Severity<br />
warning<br />
Trap4Version 2<br />
Trap4Enabled<br />
False<br />
Trap5Address 0.0.0.0<br />
Trap5Port 162<br />
Trap5Severity<br />
warning<br />
Trap5Version 2<br />
Trap5Enabled<br />
False<br />
59263-02 B 12-3
12–Simple Network Management Protocol Configuration<br />
Modifying the SNMP Configuration<br />
Modifying the SNMP Configuration<br />
Enter the Set Setup SNMP command in an Admin session to configure SNMP on<br />
the switch. There are two groups of configuration parameters. One group is<br />
common to all traps. The second group is trap specific. You can configure both<br />
groups of parameters for all SNMP traps, or you can configure the common and<br />
trap-specific parameters separately. Refer to Table 13-32 for descriptions of the<br />
common and trap-specific SNMP parameters.<br />
The following example configures the common SNMP trap configuration<br />
parameters:<br />
SANbox (admin) #> set setup snmp common<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
SnmpEnabled True<br />
Contact<br />
<br />
Location<br />
<br />
ReadCommunity public<br />
WriteCommunity private<br />
AuthFailureTrap False<br />
ProxyEnabled True<br />
SNMPv3Enabled False<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
SnmpEnabled (True / False) :<br />
Contact (string, max=64 chars) :<br />
Location (string, max=64 chars) :<br />
ReadCommunity (string, max=32 chars) :<br />
WriteCommunity (string, max=32 chars) :<br />
AuthFailureTrap (True / False) :<br />
ProxyEnabled (True / False) :<br />
SNMPv3Enabled (True / False) :<br />
Do you want to save and activate this snmp setup? (y/n): [n]<br />
The following example configures SNMP trap 1:<br />
SANbox (admin) #> set setup snmp trap 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
Trap1Enabled<br />
True<br />
12-4 59263-02 B
12–Simple Network Management Protocol Configuration<br />
Resetting the SNMP Configuration<br />
Trap1Address 10.20.33.181<br />
Trap1Port 5001<br />
Trap1Severity info<br />
Trap1Version 2<br />
Trap1Community northdakota<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
Trap1Enabled (True / False) :<br />
Trap1Address (hostname, IPv4, or IPv6 Address) :<br />
Trap1Port (decimal value, 1-65535) :<br />
Trap1Severity (select a severity level)<br />
1=unknown 6=warning<br />
2=emergency 7=notify<br />
3=alert 8=info<br />
4=critical 9=debug<br />
5=error 10=mark :<br />
Trap1Version (1 / 2) :<br />
Trap1Community (string, max=32 chars) :<br />
Do you want to save and activate this snmp setup? (y/n): [n]<br />
Resetting the SNMP Configuration<br />
Enter the Reset SNMP command in an Admin session to reset the SNMP<br />
configuration back to the factory defaults as shown in the following example.<br />
Refer to Table 13-16 for a listing of the SNMP configuration factory defaults.<br />
SANbox (admin) #> reset snmp<br />
59263-02 B 12-5
12–Simple Network Management Protocol Configuration<br />
Managing the SNMP Version 3 Configuration<br />
Managing the SNMP Version 3 Configuration<br />
SNMP version 3 is an interoperable standards-based protocol for network<br />
management. SNMP version 3 provides secure access to devices by a<br />
combination of packet authentication and encryption over the network. SNMP<br />
version 3 provides the following security features:<br />
• Message integrity—ensures that packets have not been altered<br />
• Authentication—ensures that the packet is coming from a valid source<br />
• Encryption—ensures that packet contents cannot be read by an<br />
unauthorized source<br />
To configure SNMP version 3, you must enable SNMP version 3 on the switch and<br />
create one or more SNMP version 3 user accounts. To enable SNMP version 3,<br />
enter the Set Setup SNMP Common command and set the SNMPv3Enabled<br />
parameter to True:<br />
SANbox #> admin start<br />
SANbox (admin) #> set setup snmp common<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
SnmpEnabled True<br />
Contact<br />
<br />
Location<br />
<br />
ReadCommunity public<br />
WriteCommunity private<br />
AuthFailureTrap False<br />
ProxyEnabled True<br />
SNMPv3Enabled False<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
SnmpEnabled (True / False) :<br />
Contact (string, max=64 chars) :<br />
Location (string, max=64 chars) :<br />
ReadCommunity (string, max=32 chars) :<br />
WriteCommunity (string, max=32 chars) :<br />
AuthFailureTrap (True / False) :<br />
ProxyEnabled (True / False) :<br />
SNMPv3Enabled (True / False) : t<br />
Do you want to save and activate this snmp setup? (y/n): [n] y<br />
12-6 59263-02 B
12–Simple Network Management Protocol Configuration<br />
Managing the SNMP Version 3 Configuration<br />
Create an SNMP Version 3 User Account<br />
To create an SNMP version 3 user account, enter the Snmpv3user Add command<br />
as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> snmpv3user add<br />
A list of SNMPV3 user attributes with formatting and default values as<br />
applicable will follow.<br />
Enter a new value OR simply press the ENTER key where-ever allowed to<br />
accept the default value.<br />
If you wish to terminate this process before reaching the end of the list,<br />
press "q" or "Q" and the ENTER OR "Ctrl-C" key to do so.<br />
Username (8-32 chars) : snmpuser1<br />
Group (0=ReadOnly, 1=ReadWrite) [ReadOnly ] : 1<br />
Authentication (True/False) [False ] : t<br />
AuthType (1=MD5, 2=SHA) [MD5 ] : 1<br />
AuthPhrase (8-32 chars) : ***********<br />
Confirm AuthPhrase : ***********<br />
Privacy (True/False) [False ] : t<br />
PrivType (1=DES) [DES ] : 1<br />
PrivPhrase (8-32 chars) : ********<br />
Confirm PrivPhrase : ********<br />
Do you want to save and activate this snmpv3user setup ?<br />
(y/n): [n] y<br />
SNMPV3 user added and activated.<br />
Display SNMP Version 3 User Accounts<br />
To display SNMP version 3 user accounts, enter the Snmpv3user List command<br />
as shown in the following example:<br />
SANbox #> snmpv3user list<br />
Username Group AuthType PrivType<br />
-------- ----- -------- --------<br />
snmpuser1 ReadWrite MD5 DES<br />
59263-02 B 12-7
12–Simple Network Management Protocol Configuration<br />
Managing the SNMP Version 3 Configuration<br />
Modify an SNMP Version 3 User Account<br />
To modify an SNMP version 3 user account, enter the Snmpv3user Edit command<br />
as shown in the following example:<br />
SANbox #> admin start<br />
SANbox (admin) #> snmpv3user edit<br />
A list of SNMPV3 user attributes with formatting and current attribute<br />
values for the specified SNMPV3 user will follow.<br />
Enter a new value OR simply press the ENTER key where-ever allowed to<br />
accept the current value.<br />
If you wish to terminate this process before reaching the end of the list,<br />
press "q" or "Q" and the ENTER OR "Ctrl-C" key to do so.<br />
Username (8-32 chars) : snmpuser1<br />
Group (0=ReadOnly, 1=ReadWrite) [ReadWrite ] : 1<br />
Authentication (True/False) [True ] : f<br />
Do you want to save and activate this setup ?<br />
(y/n): [n] n<br />
SNMPV3 user account edited and activated.<br />
12-8 59263-02 B
13 <strong>Command</strong> Reference<br />
This section describes the commands of the CLI and the format in which they are<br />
presented. The command format presents the following:<br />
• Access Authority<br />
• Syntax and Keywords<br />
• Notes and Examples<br />
• <strong>Command</strong> Listing<br />
Access Authority<br />
The Authority paragraph in each command description indicates what types of<br />
sessions are required to enter that command. <strong>Command</strong>s associated with<br />
monitoring tasks are available to all account names with no special session<br />
requirement. <strong>Command</strong>s associated with configuration tasks are available only<br />
within an Admin session. An account must have Admin authority to enter the<br />
Admin Start command, which opens an Admin session.<br />
Some commands require that you open additional editing sessions within an<br />
Admin session such as the following:<br />
• <strong>Command</strong>s that modify zoning require a Zoning Edit session, which is<br />
opened by the Zoning Edit command. These commands include the Alias,<br />
Zone, Zoneset, and Zoning commands.<br />
• <strong>Command</strong>s that modify device security require a Security Edit session,<br />
which is opened by the Security Edit command. These commands include<br />
the Group, Security, and Securityset commands.<br />
• <strong>Command</strong>s that modify the switch configuration require a Config Edit<br />
session, which is opened by the Config Edit command. These commands<br />
include all of the Set Config commands.<br />
• <strong>Command</strong>s that modify the Call Home e-mail notification configuration<br />
require a Callhome Edit session, which is opened by the Callhome Edit<br />
command. These commands include the Callhome, Capture, and Profile<br />
commands.<br />
59263-02 B 13-1
13–<strong>Command</strong> Reference<br />
Syntax and Keywords<br />
• <strong>Command</strong>s that modify the IP security configuration require an Ipsec Edit<br />
session, which is opened by the Ipsec Edit command. These commands<br />
include the Ipsec, Ipsec Association, Ipsec Policy, Ike Peer, and Ike Policy<br />
commands.<br />
Syntax and Keywords<br />
The Syntax paragraph defines the command syntax using the following<br />
convention:<br />
command<br />
keyword<br />
keyword [value]<br />
keyword [value1] [value2]<br />
The <strong>Command</strong> is followed by one or more keywords. Consider the following rules<br />
and conventions:<br />
• <strong>Command</strong>s and keywords are case insensitive.<br />
• Required keyword values appear in standard font: [value]. Optional values<br />
are shown in italics: [value].<br />
• Underlined portions of the keyword in the command format indicate the<br />
abbreviated form that can be used. For example, the delete keyword can be<br />
abbreviated del.<br />
The Keywords paragraph lists and describes each keyword and any applicable<br />
values.<br />
Notes and Examples<br />
The Notes paragraph presents useful information about the command and its<br />
use, including special applications or effects on other commands. The Examples<br />
paragraph presents sample screen captures of the command and its output.<br />
<strong>Command</strong> Listing<br />
The commands are listed in alphabetical order.<br />
13-2 59263-02 B
13–<strong>Command</strong> Reference<br />
Admin<br />
Admin<br />
Authority<br />
Syntax<br />
Keywords<br />
Opens and closes an Admin session. The Admin session provides access to<br />
commands that change the fabric and switch configurations. Only one Admin<br />
session can be open on the switch at any time. An inactive Admin session will<br />
time out after a period of time which can be changed using the Set Setup System<br />
command.<br />
User account with Admin authority<br />
admin<br />
start (or begin)<br />
end (or stop)<br />
cancel<br />
start (or begin)<br />
Opens the Admin session<br />
end (or stop)<br />
Closes the Admin session. The Hardreset, Hotreset, Quit, Shutdown, and<br />
Reset Switch commands will also end an Admin session.<br />
cancel<br />
Terminates an Admin session opened by another user. Use this keyword with care<br />
because it terminates the Admin session without warning the other user and<br />
without saving pending changes.<br />
Notes<br />
Examples<br />
Closing a Telnet window during an Admin session does not release the session. In<br />
this case, you must either wait for the Admin session to time out, or use the Admin<br />
Cancel command.<br />
The following example shows how to open and close an Admin session:<br />
SANbox #> admin start<br />
SANbox (admin) #><br />
.<br />
.<br />
.<br />
SANbox (admin) #> admin end<br />
59263-02 B 13-3
13–<strong>Command</strong> Reference<br />
Alias<br />
Alias<br />
Authority<br />
Syntax<br />
Keywords<br />
Creates a named set of ports/devices. Aliases make it easier to assign a set of<br />
ports/devices to many zones. An alias can not have a zone or another alias as a<br />
member.<br />
Admin session and Zoning Edit session for all keywords except List and Members<br />
alias<br />
add [alias] [member_list]<br />
copy [alias_source] [alias_destination]<br />
create [alias]<br />
delete [alias]<br />
list<br />
members [alias]<br />
remove [alias] [member_list]<br />
rename [alias_old] [alias_new]<br />
add [alias] [member_list]<br />
Specifies one or more ports/devices given by [member_list] to add to the alias<br />
named [alias]. Use a to delimit ports/devices in [member_list]. An alias<br />
can have a maximum of 2000 members. A port/device in [member_list] can have<br />
any of the following formats:<br />
• Domain ID and port number pair (Domain ID, Port Number). Domain IDs can<br />
be 1–239; port numbers can be 0–255.<br />
• 6-character hexadecimal device Fibre Channel address (hex)<br />
• 16-character hexadecimal worldwide port name (WWPN) with the format<br />
xx:xx:xx:xx:xx:xx:xx:xx.<br />
The application verifies that the [alias] format is correct, but does not validate that<br />
such a port/device exists.<br />
copy [alias_source] [alias_destination]<br />
Creates a new alias named [alias_destination] and copies the membership into it<br />
from the alias given by [alias_source].<br />
create [alias]<br />
Creates an alias with the name given by [alias]. An alias name must begin with a<br />
letter and be no longer than 64 characters. Valid characters are 0-9, A-Z, a-z, _, $,<br />
^, and -. The zoning database supports a maximum of 256 aliases.<br />
13-4 59263-02 B
13–<strong>Command</strong> Reference<br />
Alias<br />
delete [alias]<br />
Deletes the specified alias given by [alias] from the zoning database. If the alias is<br />
a member of the active zone set, the alias will not be removed from the active<br />
zone set until the active zone set is deactivated.<br />
list<br />
Displays a list of all aliases. This keyword does not require an Admin session.<br />
members [alias]<br />
Displays all members of the alias given by [alias]. This keyword does not require<br />
an Admin session.<br />
remove [alias] [member_list]<br />
Removes the ports/devices given by [member_list] from the alias given by [alias].<br />
Use a to delimit ports/devices in [member_list]. A port/device in<br />
[member_list] can have any of the following formats:<br />
• Domain ID and port number pair (Domain ID, Port Number). Domain IDs can<br />
be 1–239; port numbers can be 0–255.<br />
• 6-character hexadecimal device Fibre Channel address (hex)<br />
• 16-character hexadecimal worldwide port name (WWPN) for the device with<br />
the format xx:xx:xx:xx:xx:xx:xx:xx.<br />
rename [alias_old] [alias_new]<br />
Renames the alias given by [alias_old] to the alias given by [alias_new].<br />
Examples<br />
The following is an example of the Alias List command:<br />
SANbox #> alias list<br />
Current list of Zone Aliases<br />
----------------------------<br />
alias1<br />
alias2<br />
59263-02 B 13-5
13–<strong>Command</strong> Reference<br />
Callhome<br />
Callhome<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages the Call Home database. The Callhome Edit command opens a session<br />
in which to create and manage Call Home profiles. Refer to the Profile command<br />
for more information about Call Home profiles.<br />
Admin session except for the History and List keywords. The Clear keyword also<br />
requires a Callhome Edit session.<br />
callhome<br />
cancel<br />
changeover<br />
clear<br />
edit<br />
history<br />
list profile [profile]<br />
queue [option]<br />
save<br />
test profile [profile]<br />
cancel<br />
Closes the current Callhome Edit session. Any unsaved changes are lost.<br />
changeover<br />
Toggles activation between the primary SMTP server and the secondary SMTP<br />
server. Though the active server status changes, the primary SMTP server<br />
remains the primary, and the secondary SMTP server remains the secondary.<br />
clear<br />
Clears all Call Home profile information from the volatile edit copy of the Call<br />
Home database. This keyword requires a Callhome Edit session. This keyword<br />
does not affect the non-volatile Call Home database. However, if you enter the<br />
Callhome Clear command followed by the Callhome Save command, the<br />
non-volatile Call Home database will be cleared from the switch.<br />
NOTE:<br />
The preferred method for clearing the Call Home database from the switch is<br />
the Reset Callhome command.<br />
edit<br />
Open a Callhome Edit session. Callhome Edit session commands include<br />
Callhome Clear and all Profile commands.<br />
13-6 59263-02 B
13–<strong>Command</strong> Reference<br />
Callhome<br />
history<br />
Displays a history of Call Home modifications. This keyword does not require an<br />
Admin session. History information includes the following:<br />
• Time of the most recent Call Home database modification and the user who<br />
performed it.<br />
• Checksum for the Call Home database<br />
• Profile processing information<br />
list profile [profile]<br />
Lists the configuration for the profile given by [profile]. If you omit [profile], the<br />
command lists all profiles and their configurations. If you omit the profile keyword,<br />
the command lists the profile names.<br />
queue [option]<br />
Clears the Call Home e-mail queue or displays Call Home e-mail queue statistics<br />
depending on the value of [option]. [option] can be one of the following:<br />
clear<br />
Clears the Call Home e-mail queue.<br />
stats<br />
Displays Call Home e-mail queue statistics. Statistics include the number of<br />
e-mail messages in the queue and the amount of file system space in use.<br />
save<br />
Saves changes made during the current Callhome Edit session.<br />
test profile [profile]<br />
Tests the Call Home profile given by [profile].<br />
Examples<br />
The following is an example of the Callhome History command:<br />
SANbox #> callhome history<br />
CallHome Database History<br />
-------------------------<br />
ConfigurationLastEditedBy admin@OB-session2<br />
ConfigurationLastEditedOn day mmm dd hh:mm:ss yyyy<br />
DatabaseChecksum<br />
000014a3<br />
ProfileName<br />
group4<br />
ProfileLevel<br />
Warn<br />
ProcessedCount 286<br />
ProcessedLast<br />
day mmm dd hh:mm:ss yyyy<br />
ProfileName<br />
group5<br />
ProfileLevel<br />
Alarm<br />
ProcessedCount 25<br />
ProcessedLast<br />
day mmm dd hh:mm:ss yyyy<br />
59263-02 B 13-7
13–<strong>Command</strong> Reference<br />
Callhome<br />
The following is an example of the Callhome List command:<br />
SANbox #> callhome list<br />
Configured Profiles:<br />
--------------------<br />
group4<br />
group5<br />
The following is an example of the Callhome List Profile command:<br />
SANbox #> callhome list profile<br />
ProfileName: group4<br />
------------<br />
Level<br />
Warn<br />
Format<br />
FullText<br />
MaxSize any size up to max of 100000<br />
EmailSubject CallHome Warn<br />
RecipientEmail admin1@company.com<br />
RecipientEmail admin2@company.com<br />
RecipientEmail admin3@company.com<br />
RecipientEmail admin7@company.com<br />
RecipientEmail admin8@company.com<br />
RecipientEmail admin9@company.com<br />
RecipientEmail admin10@company.com<br />
ProfileName: group5<br />
------------<br />
Level<br />
Alarm<br />
Format<br />
ShortText<br />
MaxSize any size up to max of 40000<br />
EmailSubject CallHome Alarm<br />
RecipientEmail me1@company.com<br />
RecipientEmail me10@company.com<br />
The following is an example of the Callhome Test Profile command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome test profile group4<br />
A callhome profile test has been started.<br />
A notification with the test result will appear<br />
on the screen when the test has completed.<br />
SANbox (admin) #><br />
Test for Callhome Profile group4 Passed.<br />
13-8 59263-02 B
13–<strong>Command</strong> Reference<br />
Callhome<br />
The following is an example of the Callhome Queue Clear command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome queue clear<br />
The callhome queue will be cleared. Please confirm (y/n): [n] y<br />
The following is an example of the Callhome Queue Stats command:<br />
SANbox #> callhome queue stats<br />
Callhome Queue Information<br />
--------------------------<br />
FileSystemSpaceInUse 534 (bytes)<br />
EntriesInQueue 3<br />
59263-02 B 13-9
13–<strong>Command</strong> Reference<br />
Capture<br />
Capture<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages the data capture configuration for the Tech_Support_Center Call Home<br />
profile. The data capture configuration determines the time and frequency by<br />
which status and trend data is collected from the switch and sent to recipients<br />
specified in the Tech_Support_Center profile.<br />
Admin session and a Callhome Edit session. Refer to the “Callhome” command<br />
on page 13-6 for information about starting a Callhome Edit session.<br />
capture<br />
add<br />
edit<br />
remove<br />
add<br />
Adds data capture instructions to the Tech_Support_Center profile. Table 13-1<br />
describes the data capture parameters.<br />
Table 13-1. Data Capture Configuration Parameters<br />
Parameters<br />
TimeOfDay<br />
DayOfWeek<br />
Interval<br />
Description<br />
Time of day to send status and trend data to the<br />
Tech_Support_Center profile e-mail recipients. The format is<br />
hh:mm on a 24-hour clock. The default 02:00.<br />
Day-of-the-week to send status and trend data to the<br />
Tech_Support_Center profile e-mail recipients. Values can be Sun,<br />
Mon, Tue, Wed, Thur, Fri, Sat. The default is Sat.<br />
Number of weeks between capture data e-mails to the<br />
Tech_Support_Center profile e-mail recipients. Values can be<br />
1–26. The default is 1.<br />
edit<br />
Opens an edit session in which to modify the data capture configuration of the<br />
Tech_Support_Center profile. Refer to Table 13-1 for a description of the data<br />
capture configuration parameters.<br />
remove<br />
Removes the data capture configuration from the Test_Support_Center profile.<br />
13-10 59263-02 B
13–<strong>Command</strong> Reference<br />
Capture<br />
Examples<br />
The following is an example of the Capture Add command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> capture add<br />
A list of attributes with formatting and default values will follow.<br />
Enter a value or simply press the ENTER key to accept the default value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Value (press ENTER to accept the default, 'q' to quit):<br />
TimeOfDay (HH:MM) [02:00]<br />
DayOfWeek (Sun,Mon,Tue,Wed,Thu,Fri,Sat) [Sat ]<br />
Interval (decimal value, 1-26 weeks) [1 ]<br />
A capture entry has been added to profile Tech_Support_Center.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
The following is an example of the Capture Edit command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> capture edit<br />
Capture Entries for Profile: Tech_Support_Center<br />
Index TimeOfDay DayOfWeek Interval<br />
----- --------- --------- --------<br />
1 02:00 Sat 1 (weeks)<br />
Please select a capture entry from the list above ('q' to quit): 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Value (press ENTER to accept the default, 'q' to quit):<br />
TimeOfDay (HH:MM) [02:00]<br />
DayOfWeek (Sun,Mon,Tue,Wed,Thu,Fri,Sat) [Sat ]<br />
Interval (decimal value, 1-26 weeks) [1 ]<br />
The selected capture entry has been edited for profile Tech_Support_Center.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
59263-02 B 13-11
13–<strong>Command</strong> Reference<br />
Capture<br />
The following is an example of the Capture Remove command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> capture remove<br />
Capture Entries for Profile: Tech_Support_Center<br />
Index TimeOfDay DayOfWeek Interval<br />
----- --------- --------- --------<br />
1 02:00 Sat 1 (weeks)<br />
Please select a capture entry from the list above ('q' to quit): 1<br />
The selected capture entry has been removed from profile Tech_Support_Center.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
13-12 59263-02 B
13–<strong>Command</strong> Reference<br />
Cert_Authority<br />
Cert_Authority<br />
Manages certificate authority certificates in the PKI database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin. The List keyword does not require an Admin session.<br />
cert_authority<br />
delete certificate [authority_name]<br />
import certificate [authority_name] [file_name] force<br />
list [authority_name]<br />
delete certificate [authority_name]<br />
Deletes a certificate associated with the certificate authority given by<br />
[authority_name].<br />
import certificate [authority_name] [file_name] force<br />
Imports a certificate authority certificate file given by [file_name] and associates it<br />
with the certificate authority given by [authority_name]. The optional keyword<br />
Force overwrites an existing association with the same name.<br />
list [authority_name]<br />
Displays certificate authorities on the switch and associated certificate authority<br />
certificates.<br />
59263-02 B 13-13
13–<strong>Command</strong> Reference<br />
Certificate<br />
Certificate<br />
Creates certificate requests and manages signed digital certificates in the PKI<br />
database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin<br />
certificate<br />
delete local [certificate_name]<br />
generate request<br />
import local [certificate_name] [file_name] force<br />
list local [certificate_name]<br />
delete local [certificate_name]<br />
Deletes a signed certificate from the PKI database.<br />
generate request<br />
Creates a certificate request and stores it as a file on the switch. This keyword<br />
prompts you for the following information:<br />
KeyName<br />
The name of a public/private key pair.<br />
SubjectDistinguishedName<br />
The distinguished name for the switch.<br />
SubjectAlternateName<br />
One or more alternate distinguished names for the switch. These alternate<br />
names can be host names, IPv4 or IPv6 addresses, or e-mail addresses.<br />
OutputFileName<br />
The name of the certificate request file.<br />
import local [certificate_name] [file_name] force<br />
Imports a signed certificate file given by [file_name] and places it in the PKI<br />
database with certificate name [certificate_name].<br />
list local [certificate_name]<br />
Displays information about the signed certificate given by [certificate_name]. If<br />
you omit Local [certificate_name], the List keyword lists all signed certificates in<br />
the PKI database.<br />
Notes<br />
Upload the certificate request file to your workstation and submit it to a certificate<br />
authority to obtain a signed certificate.<br />
For information about creating a public/private key pair, see the Key command.<br />
13-14 59263-02 B
13–<strong>Command</strong> Reference<br />
Certificate<br />
Examples<br />
The following is an example of a Certificate Generate Request command:<br />
SANbox (admin) #> admin start<br />
SANbox (admin) #> certificate generate request<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
*KeyName (string, max=32 chars) : key512<br />
*SubjectDistinguishedName (string, max=128 chars)<br />
: O=Xyz<br />
SubjectAlternateName (may enter up to 16, 1 per line)<br />
1) enter a hostname, IPv4, IPv6 or Email Address : johndoe@xyz.com<br />
2) enter a hostname, IPv4, IPv6 or Email Address : 10.0.0.1<br />
3) enter a hostname, IPv4, IPv6 or Email Address :<br />
OutputFileName (string, max=64 chars) : dm5800<br />
Certificate Request has been created and placed in file: dm5800<br />
59263-02 B 13-15
13–<strong>Command</strong> Reference<br />
Clone Config Port<br />
Clone Config Port<br />
Duplicates a source port configuration on specified target ports.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session and a Config Edit session<br />
clone config port<br />
[source_port_number] [port_list]<br />
[source_port_number] [port_list]<br />
Duplicates the configuration of a port given by [source_port_number] on a set of<br />
target ports given by [port_list]. [source_port_number] can be 0–23. [port_list] can<br />
be a list of port numbers or ranges delimited by spaces.<br />
Notes For a description of the port configuration parameters, see Table 13-21.<br />
Examples The following example configures ports 8–19 based on port 0:<br />
SANbox #> admin start<br />
SANbox (admin) config edit<br />
SANbox (admin) #> clone config port 0 8-19<br />
Port 0 configuration will be cloned to ports 8-19.<br />
Please confirm (y/n): [n] y<br />
SANbox (admin-config)#> config save<br />
SANbox (admin)#> config activate<br />
SANbox (admin)#> admin end<br />
13-16 59263-02 B
13–<strong>Command</strong> Reference<br />
Config<br />
Config<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages the Fibre Channel configurations on a switch. For information about<br />
setting the port and switch configurations, refer to the “Set Config Switch”<br />
command on page 13-115.<br />
Admin session for all keywords except Backup and List<br />
config<br />
activate [config_name]<br />
backup export<br />
cancel<br />
copy [config_source] [config_destination]<br />
delete [config_name]<br />
edit [config_name]<br />
export [account_name] [ip_address] [file_name]<br />
import [account_name] [ip_address] [file_name]<br />
list<br />
restore import<br />
save [config_name]<br />
activate [config_name]<br />
Activates the configuration given by [config_name]. If you omit [config_name], the<br />
currently active configuration is used. Only one configuration can be active at a<br />
time.<br />
backup export<br />
Creates a file named configdata, which contains the system configuration<br />
information. This keyword does not require an Admin session. Configuration<br />
backup files are deleted from the switch during a power cycle or switch reset.<br />
The optional Export keyword creates the configuration backup file and exports it to<br />
a remote server prompting you for the server, an account name, the server IP<br />
address or DNS host name, destination file name, and a password if the server<br />
requires one.<br />
cancel<br />
Terminates the current configuration edit session without saving changes that<br />
were made.<br />
copy [config_source] [config_destination]<br />
Copies the configuration given by [config_source] to the configuration given by<br />
[config_destination]. The switch supports up to 10 configurations including the<br />
default configuration.<br />
59263-02 B 13-17
13–<strong>Command</strong> Reference<br />
Config<br />
delete [config_name]<br />
Deletes the configuration given by [config_name] from the switch. You cannot<br />
delete the default configuration (Default Config) nor the active configuration.<br />
edit [config_name]<br />
Opens an edit session for the configuration given by [config_name]. If you omit<br />
[config_name], the currently active configuration is used.<br />
export [account_name] [ip_address] [file_name]<br />
Exports an existing backup configuration file (configdata) from the switch to a<br />
remote server. The server IP address and corresponding user account are given<br />
by [ip_address] and [account_name] respectively. [ip_address] can be an IP<br />
address (version 4 or 6) or a DNS host name. The file name on the remote server<br />
is given by [file_name]. The system will prompt for a password if the server<br />
requires one.<br />
import [account_name] [ip_address] [file_name]<br />
Imports a backup configuration file given by [file_name] from a remote server to<br />
the switch. The server IP address and corresponding user account are given by<br />
[ip_address] and [account_name] respectively. [ip_address] can be an IP address<br />
(version 4 or 6) or a DNS host name. The file name on the remote server is given<br />
by [file_name]. The system will prompt for a password if the server requires one.<br />
You must enter the Config Restore command to apply the configuration to the<br />
switch.<br />
list<br />
Displays a list of all available configurations on the switch. This keyword does not<br />
require an Admin session.<br />
restore import<br />
Restores configuration settings to an out-of-band switch from a backup file named<br />
configdata, which must be first uploaded on the switch using FTP. You create the<br />
backup file using the Config Backup command. Use FTP to load the backup file<br />
on a switch, then enter the Config Restore command. After the restore is<br />
complete, the switch automatically resets.<br />
The optional Import keyword imports the backup file from a remote server<br />
prompting you for an account name, server IP address or DNS host name,<br />
configuration file name on the server, and a password if the server requires one.<br />
When the upload is complete, the switch restores the configuration.<br />
Refer to “Backing Up and Restoring a Switch Configuration” on page 4-13.<br />
13-18 59263-02 B
13–<strong>Command</strong> Reference<br />
Config<br />
NOTE:<br />
• If the restore process changes the IP address, use the<br />
Set Setup System command to return the IP configuration to the values<br />
you want. If the IP address is unknown, you must place the switch in<br />
maintenance mode and reset the network configuration to restore the<br />
default IP address 10.0.0.1. Refer to the installation guide for information<br />
about using maintenance mode.<br />
• Configuration archive files created with the Enterprise Fabric Suite<br />
Archive function are not compatible with the Config Restore command.<br />
• The configdata backup file does not include the security group primary or<br />
secondary secrets, and therefore are not restored. You must edit the<br />
security database and reconfigure the secrets. If they are not, the switch<br />
will isolate from the fabric.<br />
save [config_name]<br />
Saves changes made during a configuration edit session in the configuration<br />
given by [config_name]. If you omit [config_name], the value for [config_name]<br />
you chose for the most recent Config Edit command is used. [config_name] can<br />
be up to 31 characters excluding #, semicolon (;), and comma (,). The switch<br />
supports up to 10 configurations including the default configuration.<br />
Notes<br />
Examples<br />
Changes you make to an active or inactive configuration can be saved, but will not<br />
take effect until you activate that configuration.<br />
The following shows an example of how to open and close a Config Edit session:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
The config named default is being edited.<br />
.<br />
.<br />
SANbox (admin-config) #> config cancel<br />
Configuration mode will be canceled. Please confirm (y/n): [n] y<br />
SANbox (admin) #> admin end<br />
59263-02 B 13-19
13–<strong>Command</strong> Reference<br />
Config<br />
The following is an example of how to create a backup file (configdata) and<br />
download the file to the workstation.<br />
SANbox #> config backup<br />
SANbox #> exit<br />
#>ftp symbolic_name or ip_address<br />
user: images<br />
password: images<br />
ftp> bin<br />
ftp> get configdata<br />
ftp> quit<br />
The following is an example of how to upload a configuration backup file<br />
(configdata) from the workstation to the switch, and then restore the configuration.<br />
#> ftp symbolic_name or ip_address<br />
user: images<br />
password: images<br />
ftp> bin<br />
ftp> put configdata<br />
ftp> quit<br />
SANbox #> admin start<br />
SANbox (admin) #> config restore<br />
The switch will be reset after restoring the configuration.<br />
Please confirm (y/n): [n] y<br />
Alarm Msg: [day month date time year][A1005.0021][SM][Configuration is being<br />
restored - this could take several minutes]<br />
Alarm Msg: [day month date time year][A1000.000A][SM][The switch will be reset in<br />
3 seconds due to a config restore]<br />
SANbox (admin) #><br />
Alarm Msg: [day month date time year][A1000.0005][SM][The switch is being reset]<br />
13-20 59263-02 B
13–<strong>Command</strong> Reference<br />
Create<br />
Create<br />
Authority<br />
Syntax<br />
Keywords<br />
Creates support files for troubleshooting switch problems, and certificates for<br />
secure communications for Enterprise Fabric Suite and SMI-S.<br />
Admin session for the Certificate keyword<br />
create<br />
certificate<br />
support<br />
certificate<br />
Creates a security certificate on the switch. The security certificate is required to<br />
establish an SSL connection with a management application such as Enterprise<br />
Fabric Suite. The certificate is valid 24 hours before the certificate creation date<br />
and expires 365 days after the creation date. Should the current certificate<br />
become invalid, use the Create Certificate command to create a new one.<br />
NOTE:<br />
To insure the creation of a valid certificate, be sure that the switch and the<br />
workstation time and date are the same. Refer to the following commands:<br />
• “Date” command on page 13-24 for information about setting the time<br />
and date<br />
• “Set Timezone” command on page 13-151 for information about setting<br />
the time zone on the switch and workstation<br />
• “Set Setup System” command on page 13-142 (System keyword) for<br />
information about enabling the Network Time Protocol for synchronizing<br />
the time and date on the switch and workstation from an NTP server.<br />
support<br />
Assembles all log files and switch memory data into a file (dump_support.tgz) on<br />
the switch. If your workstation has an FTP server, you can proceed with the<br />
command prompts to send the file from the switch to a remote host. Otherwise,<br />
you can use FTP to download the support file from the switch to your workstation.<br />
The support file is useful to technical support personnel for troubleshooting switch<br />
problems. Use this command when directed by your authorized maintenance<br />
provider. This keyword does not require an Admin session.<br />
NOTE:<br />
Support files are deleted from the switch during a power cycle or switch<br />
reset.<br />
59263-02 B 13-21
13–<strong>Command</strong> Reference<br />
Create<br />
Examples<br />
The following is an example of the Create Support command when an FTP server<br />
is available on the workstation:<br />
SANbox #> create support<br />
Log Msg:[Creating the support file - this will take several seconds]<br />
FTP the dump support file to another machine? (y/n): y<br />
Enter IPv4, IPv6 Address or hostname of remote computer: 10.20.33.130<br />
Login name: johndoe<br />
Enter remote directory name: bin/support<br />
Would you like to continue downloading support file? (y/n) [n]: y<br />
Connected to 10.20.33.130 (10.20.33.130).<br />
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready.<br />
331 Password required for johndoe.<br />
Password: xxxxxxx<br />
230 User johndoe logged in.<br />
cd bin/support<br />
250 CWD command successful.<br />
lcd /itasca/conf/images<br />
Local directory now /itasca/conf/images<br />
bin<br />
200 Type set to I.<br />
put dump_support.tgz<br />
local: dump_support.tgz remote: dump_support.tgz<br />
227 Entering Passive Mode (10,20,33,130,232,133)<br />
150 Opening BINARY mode data connection for dump_support.tgz.<br />
226 Transfer complete.<br />
43430 bytes sent in 0.292 secs (1.5e+02 Kbytes/sec)<br />
Remote system type is UNIX.<br />
Using binary mode to transfer files.<br />
221-You have transferred 43430 bytes in 1 files.<br />
221-Total traffic for this session was 43888 bytes in 1 transfers.<br />
221 Thank you for using the FTP service on localhost.localdomain.<br />
13-22 59263-02 B
13–<strong>Command</strong> Reference<br />
Create<br />
The following is an example of the Create Support command to download the<br />
support file to your workstation. When prompted to send the support file to another<br />
machine, you decline, close the Telnet session, and open an FTP session on the<br />
switch and log in with the account name images and password images. You then<br />
use the Get FTP command to transfer the dump_support.tgz file in binary mode.<br />
SANbox #> create support<br />
SANbox (admin) #> create support<br />
Log Msg:[Creating the support file - this will take several seconds]<br />
FTP the dump support file to another machine? (y/n): n<br />
SANbox (admin) #> quit<br />
>ftp switch_ip_address<br />
user: images<br />
password: images<br />
ftp>bin<br />
ftp>get dump_support.tgz<br />
xxxxx bytes sent in xx secs.<br />
ftp> quit<br />
The following is an example of the Create Certificate command:<br />
SANbox (admin) #> create certificate<br />
The current date and time is day mon date hh:mm:ss UTC yyyy.<br />
This is the time used to stamp onto the certificate.<br />
Is the date and time correct? (y/n): [n] y<br />
Certificate generation successful.<br />
59263-02 B 13-23
13–<strong>Command</strong> Reference<br />
Date<br />
Date<br />
Authority<br />
Syntax<br />
Keywords<br />
Notes<br />
Examples<br />
Displays or sets the system date and time. To set the date and time the<br />
information string must be provided in this format: MMDDhhmmCCYY. The new<br />
date and time takes effect immediately.<br />
Admin session except to display the date.<br />
date<br />
[MMDDhhmmCCYY]<br />
[MMDDhhmmCCYY]<br />
Specifies the date – this requires an Admin session. If you omit<br />
[MMDDhhmmCCYY], the current date is displayed which does not require an<br />
Admin session.<br />
Network Time Protocol (NTP) must be disabled to set the time with the Date<br />
command. Enter the Set Setup System command to disable the<br />
NTPClientEnabled parameter.<br />
When setting the date and time on a switch that is enabled for SSL connections,<br />
the switch time must be within 24 hours of the workstation time. Otherwise, the<br />
connection will fail.<br />
The following is an example of the Date command:<br />
SANbox #> date<br />
Mon Apr 07 07:51:24 200x<br />
13-24 59263-02 B
13–<strong>Command</strong> Reference<br />
Exit<br />
Exit<br />
Authority<br />
Syntax<br />
Notes<br />
Closes the Telnet session.<br />
None<br />
exit<br />
You can also press Control-D to close the Telnet session.<br />
59263-02 B 13-25
13–<strong>Command</strong> Reference<br />
Fcping<br />
Fcping<br />
Authority<br />
Syntax<br />
Keywords<br />
Verifies a Fibre Channel connection with another switch or a device and reports<br />
status.<br />
None<br />
fcping destination [address]<br />
count [number]<br />
timeout [seconds]<br />
[address]<br />
The address of the port or device with which to verify the Fibre Channel<br />
connection. [address] can have one of the following formats:<br />
• 6-character hexadecimal device Fibre Channel address (hex). Enter<br />
addresses with or without the “0x” prefix.<br />
• 16-character hexadecimal worldwide port name (WWPN) with the format<br />
xx:xx:xx:xx:xx:xx:xx:xx or xxxxxxxxxxxxxxxx.<br />
count [number]<br />
Number of times given by [number] to repeat the command. If you omit this<br />
keyword, the command is repeated once.<br />
timeout [seconds]<br />
Number of seconds given by [seconds] to wait for a response. If you omit this<br />
keyword, the switch waits 1 second for a response.<br />
Examples<br />
The following is an example of the Fcping command:<br />
SANbox #> fcping 970400 count 3<br />
28 bytes from local switch to 0x970400 time = 10 usec<br />
28 bytes from local switch to 0x970400 time = 11 usec<br />
28 bytes from local switch to 0x970400 time = 119 usec<br />
13-26 59263-02 B
13–<strong>Command</strong> Reference<br />
Fctrace<br />
Fctrace<br />
Authority<br />
Syntax<br />
Keywords<br />
Displays the path from an initiator device port in the fabric to a target device port in<br />
the same zone. To trace the path between two initiator ports, you must disable the<br />
I/O StreamGuard feature. Use the Set Config Port command to change the<br />
IOStreamGuard parameter.<br />
Path information includes the following:<br />
• Domain IDs<br />
• Inbound port name and physical port number<br />
• Outbound port name and physical port number<br />
None<br />
fctrace [port_source] [port_destination] [hop_count]<br />
[port_source]<br />
The Fibre Channel port from to begin the trace. [port_source] can have the<br />
following formats:<br />
• 6-character hexadecimal device Fibre Channel address (hex). Enter<br />
addresses with or without the “0x” prefix.<br />
• 16-character hexadecimal worldwide port name (WWPN) with the format<br />
xx:xx:xx:xx:xx:xx:xx:xx or xxxxxxxxxxxxxxxx.<br />
[port_destination]<br />
The Fibre Channel port at which to end the trace. [port_destination] can have the<br />
following formats:<br />
• 6-character hexadecimal device Fibre Channel address (hex). Enter<br />
addresses with or without the “0x” prefix.<br />
• 16-character hexadecimal worldwide port name (WWPN) with the format<br />
xx:xx:xx:xx:xx:xx:xx:xx or xxxxxxxxxxxxxxxx.<br />
[hop_count]<br />
Maximum number of hops before stopping the trace. If you omit [hop_count], 20<br />
hops is used.<br />
59263-02 B 13-27
13–<strong>Command</strong> Reference<br />
Fctrace<br />
Examples<br />
The following is an example of the Fctrace command:<br />
SANbox#> fctrace 970400 970e00 hops 5<br />
36 bytes from 0x970400 to 0x970e00, 5 hops max<br />
Domain Ingress Port WWN Port Egress Port WWN Port<br />
------ ---------------- ---- --------------- ----<br />
97 20:04:00:c0:dd:02:cc:2e 4 20:0e:00:c0:dd:02:cc:2e 14<br />
97 20:0e:00:c0:dd:02:cc:2e 14 20:04:00:c0:dd:02:cc:2e 4<br />
13-28 59263-02 B
13–<strong>Command</strong> Reference<br />
Feature<br />
Feature<br />
Authority<br />
Syntax<br />
Keywords<br />
Adds license key features to the switch and displays the license key feature log.<br />
To order a license key, contact your switch distributor or your authorized reseller.<br />
Upgrading a switch is not disruptive, nor does it require a switch reset.<br />
Admin session for Add keyword only<br />
feature<br />
add [license_key]<br />
log<br />
add [license_key]<br />
Adds the feature that corresponds to the value given by [license_key].<br />
[license_key] is case insensitive.<br />
log<br />
Displays a list of installed license key features.<br />
Notes<br />
The following license keys are available:<br />
• Enterprise Fabric Suite is a workstation-based Java ® application that<br />
provides a graphical user interface for fabric management. This includes<br />
Performance View, which graphs port performance. Enterprise Fabric Suite<br />
comes with a free 30-day trial license.<br />
• Port Activation enables additional Fibre Channel ports up to the 24-port<br />
maximum.<br />
• 20Gb Activation upgrades the XPAK ports to 20Gbps.<br />
Examples<br />
The following is an example of the Feature Add command:<br />
SANbox #> admin start<br />
SANbox (admin) #> feature add 1-LCVXOWUNOJBE6<br />
License upgrade to 24 ports<br />
Do you want to continue with license upgrade procedure? (y/n): [n] y<br />
Alarm Msg:[day mon date time year][A1005.0030][SM][Upgrading Licensed Ports to 24]<br />
The following is an example of the Feature Log command:<br />
SANbox #> feature log<br />
Mfg Feature Log:<br />
----------------<br />
Switch Licensed for 8 ports<br />
Customer Feature Log:<br />
---------------------<br />
1) day month date 19:39:24 year - Switch Licensed for 24 ports<br />
1-LCVXOWUNOJBE6<br />
59263-02 B 13-29
13–<strong>Command</strong> Reference<br />
Firmware Install<br />
Firmware Install<br />
Downloads firmware from a remote host to the switch, installs the firmware, then<br />
resets the switch to activate the firmware. This is disruptive. The command<br />
prompts you for the following:<br />
• The file transfer protocol (FTP or TFTP)<br />
• IP address or DNS host name of the remote host<br />
• An account name and password on the remote host (FTP only)<br />
• Pathname for the firmware image file<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session<br />
firmware install<br />
The following is an example of the Firmware Install command using FTP:<br />
SANbox #> admin start<br />
SANbox (admin) #> firmware install<br />
The switch will be reset. This process will cause a disruption<br />
to I/O traffic.<br />
Continuing with this action will terminate all management sessions,<br />
including any Telnet sessions. When the firmware activation is complete,<br />
you may log in to the switch again.<br />
Do you want to continue? [y/n]: y<br />
Press 'q' and the ENTER key to abort this command.<br />
FTP or TFTP : ftp<br />
User Account : johndoe<br />
IP Address : 10.0.0.254<br />
Source Filename : 8.0.00.xx_epc<br />
About to install image. Do you want to continue? [y/n] y<br />
Connected to 10.0.0.254 (10.0.0.254).<br />
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready.<br />
331 Password required for johndoe.<br />
Password: xxxxxxxxx<br />
230 User johndoe logged in.<br />
bin<br />
200 Type set to I.<br />
verbose<br />
Verbose mode off.<br />
This may take several seconds...<br />
The switch will now reset.<br />
Connection closed by foreign host.<br />
13-30 59263-02 B
13–<strong>Command</strong> Reference<br />
Firmware Install<br />
The following is an example of the Firmware Install command using TFTP:<br />
SANbox #> admin start<br />
SANbox (admin) #> firmware install<br />
The switch will be reset. This process will cause a disruption<br />
to I/O traffic.<br />
Continuing with this action will terminate all management sessions,<br />
including any Telnet sessions. When the firmware activation is complete,<br />
you may log in to the switch again.<br />
Do you want to continue? [y/n]: y<br />
Press 'q' and the ENTER key to abort this command.<br />
FTP or TFTP : tftp<br />
IP Address : 10.0.0.254<br />
Source Filename : 8.0.xx.xx_epc<br />
About to install image. Do you want to continue? [y/n] y<br />
Connected to 10.0.0.254 (10.0.0.254).<br />
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready.<br />
bin<br />
200 Type set to I.<br />
verbose<br />
Verbose mode off.<br />
This may take several seconds...<br />
The switch will now reset.<br />
Connection closed by foreign host.<br />
59263-02 B 13-31
13–<strong>Command</strong> Reference<br />
Group<br />
Group<br />
Authority<br />
Syntax<br />
Creates groups, manages membership within the group, and manages the<br />
membership of groups in security sets.<br />
Admin session and a Security Edit session. Refer to the “Security” command on<br />
page 13-99 for information about starting a Security Edit session. The List,<br />
Members, Securitysets, and Type keywords are available without an Admin<br />
session.<br />
group<br />
add [group]<br />
copy [group_source] [group_destination]<br />
create [group] [type]<br />
delete [group]<br />
edit [group] [member]<br />
list<br />
members [group]<br />
remove [group] [member_list]<br />
rename [group_old] [group_new]<br />
securitysets [group]<br />
type [group]<br />
13-32 59263-02 B
13–<strong>Command</strong> Reference<br />
Group<br />
Keywords<br />
add [group]<br />
Initiates an editing session in which to specify a group member and its attributes<br />
for the existing group given by [group]. ISL, Port, and MS member attributes are<br />
described in Table 13-2, Table 13-3, and Table 13-4 respectively. The group name<br />
and group type attributes are read-only fields common to all three tables.<br />
Table 13-2. ISL Group Member Attributes<br />
Attribute<br />
Member<br />
Authentication<br />
Primary Hash<br />
Primary Secret<br />
Secondary Hash<br />
Secondary<br />
Secret<br />
Binding<br />
Description<br />
Worldwide name of the switch that would attach to the switch. A<br />
member cannot belong to more than one group.<br />
Enables (CHAP) or disables (None) authentication using the Challenge<br />
Handshake Authentication Protocol (CHAP). The default is<br />
None.<br />
The preferred hash function to use to decipher the encrypted Primary<br />
Secret sent by the ISL member. The hash functions are MD5<br />
or SHA-1. If the ISL member does not support the Primary Hash, the<br />
switch will use the Secondary Hash.<br />
Hexadecimal string that is encrypted by the Primary Hash for<br />
authentication with the ISL group member. The string has the following<br />
lengths depending on the Primary Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
Hash function to use to decipher the encrypted Secondary Secret<br />
sent by the ISL group member. Hash values are MD5 or SHA-1. The<br />
Secondary Hash is used when the Primary Hash is not available on<br />
the ISL group member. The Primary Hash and the Secondary Hash<br />
cannot be the same.<br />
Hex string that is encrypted by the Secondary Hash and sent for<br />
authentication. The string has the following lengths, depending on<br />
the Secondary Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
Domain ID of the switch to which to bind the ISL group member<br />
worldwide name. This option is available only if<br />
FabricBindingEnabled is set to True using the Set Config Security<br />
command. 0 (zero) specifies no binding.<br />
59263-02 B 13-33
13–<strong>Command</strong> Reference<br />
Group<br />
Table 13-3. Port Group Member Attributes<br />
Attribute<br />
Member<br />
Authentication<br />
Primary Hash<br />
Primary Secret<br />
Secondary Hash<br />
Secondary<br />
Secret<br />
Description<br />
Worldwide port name (WWPN) for the N_Port device that would<br />
attach to the switch. A member cannot belong to more than one<br />
group. All loop device WWPNs must be included in the group, otherwise<br />
the switch port will be downed, and none of the devices will be<br />
able to log in.<br />
Enables (CHAP) or disables (None) authentication using the Challenge<br />
Handshake Authentication Protocol (CHAP). The default is<br />
None.<br />
The preferred hash function to use to decipher the encrypted Primary<br />
Secret sent by the Port group member. The hash functions are<br />
MD5 or SHA-1. If the Port group member does not support the Primary<br />
Hash, the switch will use the Secondary Hash.<br />
Hexadecimal string that is encrypted by the Primary Hash for<br />
authentication with the Port group member. The string has the following<br />
lengths depending on the Primary Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
Hash function to use to decipher the encrypted Secondary Secret<br />
sent by the Port group member. Hash values are MD5 or SHA-1.<br />
The Secondary Hash is used when the Primary Hash is not available<br />
on the Port group member. The Primary Hash and the Secondary<br />
Hash cannot be the same.<br />
Hex string that is encrypted by the Secondary Hash and sent for<br />
authentication. The string has the following lengths depending on<br />
the Secondary Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
13-34 59263-02 B
13–<strong>Command</strong> Reference<br />
Group<br />
Table 13-4. MS Group Member Attributes<br />
Attribute<br />
Member<br />
CTAuthentication<br />
Hash<br />
Secret<br />
Description<br />
Port worldwide name for the N_Port device that would attach to<br />
the switch.<br />
Common Transport (CT) authentication. Enables (True) or disables<br />
(False) authentication for MS group members. The default<br />
is False.<br />
The hash function to use to decipher the encrypted Secret sent<br />
by the MS group member. Hash values are MD5 or SHA-1.<br />
Hexadecimal string that is encrypted by the Hash function for<br />
authentication with MS group members. The string has the following<br />
lengths depending on the Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
copy [group_source] [group_destination]<br />
Creates a new group named [group_destination] and copies the membership into<br />
the new group from the group given by [group_source].<br />
create [group] [type]<br />
Creates a group with the name given by [group] with the type given by [type]. A<br />
group name must begin with a letter and be no longer than 64 characters. Valid<br />
characters are 0-9, A-Z, a-z, _, $, ^, and -. The security database supports a<br />
maximum of 16 groups. If you omit [type], ISL is used. [type] can be one of the<br />
following:<br />
isl<br />
Configures security for attachments to other switches.<br />
Port<br />
Configures security for attachments to N_Port devices.<br />
ms<br />
Configures security for attachments to N_Port devices that are issuing<br />
management server commands.<br />
delete [group]<br />
Deletes the group given by [group].<br />
59263-02 B 13-35
13–<strong>Command</strong> Reference<br />
Group<br />
edit [group] [member]<br />
Initiates an editing session in which to change the attributes of a worldwide name<br />
given by [member] in a group given by [group]. Member attributes that can be<br />
changed are described in Table 13-5.<br />
Table 13-5. Group Member Attributes<br />
Attribute<br />
Authentication<br />
(ISL and Port Groups)<br />
CTAuthentication<br />
(MS Groups)<br />
Primary Hash<br />
(ISL and Port Groups)<br />
Hash<br />
(MS Groups)<br />
Primary Secret<br />
(ISL and Port Groups)<br />
Secondary Hash<br />
(ISL and Port Groups)<br />
Secondary Secret<br />
(ISL and Port Groups)<br />
Secret<br />
(MS Groups)<br />
Description<br />
Enables (CHAP) or disables (None) authentication using the<br />
Challenge Handshake Authentication Protocol (CHAP).<br />
CT authentication. Enables (True) or disables (False)<br />
authentication for MS group members. The default is False.<br />
The preferred hash function to use to decipher the<br />
encrypted Primary Secret sent by the member. The hash<br />
functions are MD5 or SHA-1. If the member does not support<br />
the Primary Hash, the switch will use the Secondary<br />
Hash.<br />
The hash function to use to decipher the encrypted Secret<br />
sent by the MS group member. Hash values are MD5 or<br />
SHA-1.<br />
Hexadecimal string that is encrypted by the Primary Hash<br />
for authentication with the member. The string has the following<br />
lengths depending on the Primary Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
Hash function to use to decipher the encrypted Secondary<br />
Secret sent by the group member. Hash values are MD5 or<br />
SHA-1. The Secondary Hash is used when the Primary<br />
Hash is not available on the group member. The Primary<br />
Hash and the Secondary Hash cannot be the same.<br />
Hex string that is encrypted by the Secondary Hash and<br />
sent for authentication. The string has the following lengths<br />
depending on the Secondary Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
Hexadecimal string that is encrypted by the Hash function<br />
for authentication with MS group members. The string has<br />
the following lengths depending on the Hash function:<br />
• MD5 hash: 16-byte<br />
• SHA-1 hash: 20-byte<br />
13-36 59263-02 B
13–<strong>Command</strong> Reference<br />
Group<br />
Table 13-5. Group Member Attributes (Continued)<br />
Attribute<br />
Binding<br />
(ISL Groups)<br />
Description<br />
Domain ID of the switch to which to bind the ISL group member<br />
worldwide name. This option is available only if<br />
FabricBindingEnabled is set to True using the<br />
Set Config Security command. 0 (zero) specifies no binding.<br />
list<br />
Displays a list of all groups and the security sets of which they are members. This<br />
keyword is available without an Admin session.<br />
members [group]<br />
Displays all members of the group given by [group]. This keyword is available<br />
without an Admin session.<br />
remove [group] [member_list]<br />
Remove the port/device worldwide name given by [member] from the group given<br />
by [group]. Use a to delimit multiple member names in [member_list]<br />
rename [group_old] [group_new]<br />
Renames the group given by [group_old] to the group given by [group_new].<br />
securitysets [group]<br />
Displays the list of security sets of which the group given by [group] is a member.<br />
This keyword is available without an Admin session.<br />
type [group]<br />
Displays the group type for the group given by [group]. This keyword is available<br />
without an Admin session.<br />
Notes<br />
Primary and secondary secrets are not included in a switch configuration backup.<br />
Therefore, after restoring a switch configuration, you must re-enter the primary<br />
and secondary secrets. Otherwise, the switch will isolate because of an<br />
authentication failure.<br />
Refer to the “Securityset” command on page 13-103 for information about<br />
managing groups in security sets.<br />
59263-02 B 13-37
13–<strong>Command</strong> Reference<br />
Group<br />
Examples<br />
The following is an example of the Group Add command:<br />
SANbox #> admin start<br />
SANbox (admin) #> security edit<br />
SANbox (admin-security) #> group add Group_1<br />
A list of attributes with formatting and default values will follow<br />
Enter a new value or simply press the ENTER key to accept the current value<br />
with exception of the Group Member WWN field which is mandatory.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Group Name Group_1<br />
Group Type ISL<br />
Member (WWN) [00:00:00:00:00:00:00:00] 10:00:00:c0:dd:00:90:a3<br />
Authentication (None / Chap) [None ] chap<br />
PrimaryHash (MD5 / SHA-1) [MD5 ]<br />
PrimarySecret (32 hex or 16 ASCII char value) [ ] 0123456789abcdef<br />
SecondaryHash (MD5 / SHA-1 / None) [None ]<br />
SecondarySecret (40 hex or 20 ASCII char value) [ ]<br />
Binding (domain ID 1-239, 0=None) [0 ]<br />
Finished configuring attributes.<br />
To discard this configuration use the security cancel command.<br />
The following is an example of the Group Edit command:<br />
SANbox #> admin start<br />
SANbox (admin) #> security edit<br />
SANbox (admin-security) #> group edit G1 10:00:00:c0:dd:00:90:a3<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Group Name g1<br />
Group Type ISL<br />
Group Member 10:00:00:c0:dd:00:90:a3<br />
Authentication (None / Chap) [None] chap<br />
PrimaryHash (MD5 / SHA-1) [MD5 ] sha-1<br />
PrimarySecret (40 hex or 20 ASCII char value) [ ] 12345678901234567890<br />
SecondaryHash (MD5 / SHA-1 / None) [None] md5<br />
SecondarySecret (32 hex or 16 ASCII char value) [ ] 1234567890123456<br />
Binding (domain ID 1-239, 0=None) [3 ]<br />
Finished configuring attributes.<br />
To discard this configuration use the security cancel command.<br />
13-38 59263-02 B
13–<strong>Command</strong> Reference<br />
Group<br />
The following is an example of the Group List command:<br />
SANbox #> group list<br />
Group SecuritySet<br />
----- -----------<br />
group1 (ISL)<br />
alpha<br />
group2 (Port)<br />
alpha<br />
The following is an example of the Group Members command:<br />
SANbox #> group members group_1<br />
Current list of members for Group: group_1<br />
----------------------------------<br />
10:00:00:c0:dd:00:71:ed<br />
10:00:00:c0:dd:00:72:45<br />
10:00:00:c0:dd:00:90:ef<br />
10:00:00:c0:dd:00:b8:b7<br />
59263-02 B 13-39
13–<strong>Command</strong> Reference<br />
Hardreset<br />
Hardreset<br />
Authority<br />
Syntax<br />
Notes<br />
Resets the switch and performs a power-on self test (POST). This reset disrupts<br />
I/O traffic, activates the pending firmware, and clears the alarm log. To save the<br />
alarm log before resetting, refer to the “Set Log” on page 13-121.<br />
Admin session<br />
hardreset<br />
To reset the switch without a power-on self test, refer to the “Reset” command on<br />
page 13-89.<br />
To reset the switch without disrupting traffic, refer to the “Hotreset” command on<br />
page 13-43.<br />
13-40 59263-02 B
13–<strong>Command</strong> Reference<br />
Help<br />
Help<br />
Authority<br />
Syntax<br />
Keywords<br />
Displays a brief description of the specified command, its keywords, and usage.<br />
None<br />
help [command] [keyword]<br />
[command]<br />
Displays a summary of the command given by [command] and its keywords. If you<br />
omit [command], the system displays all available commands.<br />
[keyword]<br />
Displays a summary of the keyword given by [keyword] belonging to the<br />
command given by [command]. If you omit [keyword], the system displays the<br />
available keywords for the specified command.<br />
all<br />
Displays a list of all available commands (including command variations).<br />
Examples<br />
The following is an example of the Help Config command:<br />
SANbox #> help config<br />
config CONFIG_OPTIONS<br />
The config command operates on configurations.<br />
Usage: config { activate | backup | cancel | copy | delete |<br />
edit | list | restore | save }<br />
The following is an example of the Help Config Edit command:<br />
SANbox #> help config edit<br />
config edit [CONFIG_NAME]<br />
This command initiates a configuration session and places the current session<br />
into config edit mode.<br />
If CONFIG_NAME is given and it exists, it gets edited; otherwise, it gets<br />
created. If it is not given, the currently active configuration is edited.<br />
Admin mode is required for this command.<br />
Usage: config edit [CONFIG_NAME]<br />
59263-02 B 13-41
13–<strong>Command</strong> Reference<br />
History<br />
History<br />
Authority<br />
Syntax<br />
Notes<br />
Examples<br />
Displays a numbered list of the previously entered commands from which you can<br />
re-execute selected commands.<br />
None<br />
history<br />
Use the History command to provide context for the ! command:<br />
• Enter ![command_string] to re-execute the most recent command that<br />
matches [command_string].<br />
• Enter ![line number] to re-execute the corresponding command from the<br />
History display<br />
• Enter ![partial command string] to re-execute a command that matches the<br />
command string.<br />
• Enter !! to re-execute the most recent command.<br />
The following is an example of the History command:<br />
SANbox #> history<br />
1 show switch<br />
2 date<br />
3 help set<br />
4 history<br />
SANbox #> !3<br />
help set<br />
set SET_OPTIONS<br />
There are many attributes that can be set.<br />
Type help with one of the following to get more information:<br />
Usage: set { alarm | beacon | config | log | pagebreak |<br />
port | setup | switch }<br />
13-42 59263-02 B
13–<strong>Command</strong> Reference<br />
Hotreset<br />
Hotreset<br />
Authority<br />
Syntax<br />
Resets the switch for the purpose of activating the pending firmware without<br />
disrupting traffic. This command terminates all management sessions, saves all<br />
configuration information, and clears the event log. After the pending firmware is<br />
activated, the configuration is recovered. This process may take a few minutes. To<br />
save the event log to a file before resetting, enter the Set Log Archive command.<br />
Admin session<br />
hotreset<br />
Notes • To ensure a successful non-disruptive activation, you should first satisfy the<br />
following conditions:<br />
<br />
<br />
<br />
<br />
<br />
No changes are being made to switches in the fabric including<br />
powering up, powering down, disconnecting or connecting ISLs,<br />
changing switch configurations, or installing firmware.<br />
No port on the switch is in the diagnostic state.<br />
No Zoning Edit sessions are open on the switch.<br />
No changes are being made to attached devices, including powering<br />
up, powering down, disconnecting, connecting, and adapter<br />
configuration changes.<br />
For a fabric in which one or more switches are running firmware prior<br />
to version 8.0, only one Enterprise Fabric Suite session can be open.<br />
• Install firmware on one switch at a time in the fabric. If you are installing<br />
firmware on one switch, wait two minutes after the activation is complete<br />
before installing firmware on a second switch.<br />
• Ports that change states during the non-disruptive activation, will be reset.<br />
When the non-disruptive activation is complete, Enterprise Fabric Suite and<br />
QuickTools sessions reconnect automatically. However, Telnet sessions<br />
must be restarted manually.<br />
• This command clears the event log and all counters.<br />
NOTE:<br />
After upgrading firmware that includes changes to QuickTools, an open<br />
QuickTools session may indicate that the firmware is not supported. This<br />
means the new firmware is not supported by the previous QuickTools<br />
version. To correct this situation, close the QuickTools session and the<br />
browser window, then open a new QuickTools session.<br />
59263-02 B 13-43
13–<strong>Command</strong> Reference<br />
Ike List<br />
Ike List<br />
Authority<br />
Syntax<br />
Keywords<br />
Displays IKE peer and policy information.<br />
None<br />
ike list<br />
active<br />
configured<br />
edited<br />
peer [option]<br />
policy [option]<br />
active<br />
Displays the configurations for all active IKE peers and policies.<br />
configured<br />
Displays the configurations for all user-defined IKE peers and policies.<br />
edited<br />
Displays the configurations for all IKE peers and policies that have been modified<br />
in an Ipsec Edit session, but not saved.<br />
peer [option]<br />
Specifies the IKE peers given by [option] for which to display configuration<br />
information. [option] can have the following values:<br />
[peer]<br />
Displays the configuration for the peer given by [peer].<br />
active<br />
Displays the configuration for all active peers.<br />
configured<br />
Displays the configuration for all user-defined peers.<br />
edited<br />
Displays the configuration for all peers that have been modified, but not<br />
saved.<br />
13-44 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike List<br />
policy [option]<br />
Specifies the IKE policies given by [option] for which to display configuration<br />
information. [option] can have the following values:<br />
[policy]<br />
Displays the configuration for the IKE policy given by [policy].<br />
active<br />
Displays the configuration for all active IKE policies.<br />
configured<br />
Displays the configuration for all user-defined IKE policies.<br />
edited<br />
Displays the configuration for all IKE policies that have been modified, but<br />
not saved.<br />
Notes<br />
Examples<br />
If you omit the keywords, the Ike List command displays configuration information<br />
for all active IKE peers and policies.<br />
The following is an example of the Ike List Configured command:<br />
SANbox #> ike list configured<br />
Configured (saved) IKE Information<br />
Peer<br />
Policy<br />
------ ----<br />
peer_1<br />
policy_1<br />
policy_2<br />
peer_2<br />
policy_3<br />
peer_3<br />
(no policies)<br />
(No peer)<br />
policy_4<br />
Summary:<br />
Peer Count 3<br />
Policy Count 4<br />
59263-02 B 13-45
13–<strong>Command</strong> Reference<br />
Ike List<br />
The following is an example of the Ike List Policy command:<br />
SANbox (admin-ipsec) #> ike list policy policy_2<br />
Edited (unsaved) IKE Information<br />
policy_2<br />
Description 65<br />
Mode<br />
transport<br />
LocalAddress 10.0.0.3<br />
LocalPort 1234<br />
RemotePort<br />
0 (All)<br />
Peer<br />
peer_1<br />
Protocol<br />
udp<br />
Action<br />
ipsec<br />
ProtectionDesired <br />
LifetimeChild 3600 (seconds)<br />
RekeyChild<br />
True<br />
Encryption<br />
3des_cbc<br />
Integrity<br />
md5_96 sha1_96 sha2_256<br />
DHGroup 1 5<br />
Restrict<br />
True<br />
13-46 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Peer<br />
Ike Peer<br />
Authority<br />
Syntax<br />
Keywords<br />
Creates and manages IKE peers.<br />
Admin session and an Ipsec Edit session<br />
ike peer<br />
copy [peer_source] [peer_destination]<br />
create [peer]<br />
delete [peer]<br />
edit [peer]<br />
list [option]<br />
rename [peer_old] [peer_new]<br />
copy [peer_source] [peer_destination]<br />
Creates a new peer named [peer_destination] and copies the configuration into it<br />
from the peer given by [peer_source]. You must enter the Ipsec Save command<br />
afterwards to save your changes.<br />
create [peer]<br />
Creates a peer with the name given by [peer]. A peer name must begin with a<br />
letter and be no longer than 32 characters. Valid characters are 0-9, A-Z, a-z, _, $,<br />
^, and -. The IKE database supports a maximum of 16 user-defined peers. You<br />
must enter the Ipsec Save command afterwards to save your changes.<br />
Table 13-6. IKE Peer Configuration Parameters<br />
Parameter<br />
Description<br />
Address<br />
Lifetime<br />
Encryption<br />
Description<br />
Peer description of up to 127 characters or n<br />
(none).<br />
IP address (version 4 or 6) or DNS host name of the<br />
peer host, switch, or gateway.<br />
Duration of the IKE security association connection<br />
in seconds. Lifetime is an integer from 900–86400.<br />
Algorithm that encrypts outbound data or decrypts<br />
inbound data. The encryption algorithm can be one<br />
or more of the following:<br />
• 3DES-CBC<br />
• AES_CBC_128<br />
• AES_CBC_192<br />
• AES_CBC_256<br />
59263-02 B 13-47
13–<strong>Command</strong> Reference<br />
Ike Peer<br />
Table 13-6. IKE Peer Configuration Parameters (Continued)<br />
Parameter<br />
Description<br />
Integrity<br />
DHGroup<br />
Restrict<br />
Authentication<br />
Key<br />
(Authentication=Secret)<br />
CertificateName<br />
(Authentication=Pubkey)<br />
SwitchIdentity<br />
(Authentication=Pubkey)<br />
Integrity (authentication) algorithm. Integrity can be<br />
one or more of the following:<br />
• MD5_96<br />
• SHA1_96<br />
• SHA2_256<br />
• AES_XCBC_96<br />
Diffie-Hellman group number. You can specify one<br />
or more group numbers: 1, 2, 5, 14, or 24<br />
Algorithm and DH group restriction. The IKE<br />
responder accepts only algorithms and DH groups<br />
specified by the IKE initiator (True), or accepts all<br />
algorithms and DH groups (False).<br />
IKE authentication method. Authentication can<br />
have the following values:<br />
• Secret—Authenticate by pre-shared keys (PSK).<br />
See the Key parameter.<br />
• Pubkey—Authenticate by public key encryption<br />
(RSA) through digital certificates. See the CertificateName,<br />
SwitchIdentity, and PeerIdentity<br />
parameters.<br />
Pre-shared key that matches the key on the IKE<br />
peer. Key can be one of the following:<br />
• String in quotes up to 128 characters<br />
• Raw hex bytes up to 256 bytes. The number of<br />
bytes must be even.<br />
Name of the local switch certificate to use to<br />
authenticate the peer device. CertificateName is a<br />
string of up to 32 characters. For more information<br />
about certificates, see the Certificate command.<br />
Identifier by which the switch is authenticated.<br />
SwitchIdentity can have the following values:<br />
• Unspecified—Identifier is set to the distinguished<br />
name (DN) of the local certificate’s subject.<br />
• IPv4 or IPv6 address, DNS name, or e-mail<br />
address—this value must be included in a<br />
subjectAltName extension in the local certificate.<br />
13-48 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Peer<br />
Table 13-6. IKE Peer Configuration Parameters (Continued)<br />
Parameter<br />
PeerIdentity<br />
(Authentication=Pubkey)<br />
Description<br />
Identifier by which the peer is authenticated.<br />
PeerIdentity can have the following values:<br />
• Unspecified—Identifier is set to the IP address of<br />
the peer or remote tunnel end point.<br />
• IPv4 or IPv6 address, DNS name, or e-mail<br />
address—this value must be included in a subjectAltName<br />
extension in the peer certificate.<br />
delete [peer]<br />
Deletes the peer given by [peer] from the IKE database. You must enter the Ipsec<br />
Save command afterwards to save your changes.<br />
edit [peer]<br />
Opens an edit session in which to change the configuration of an existing peer<br />
given by [peer]. For descriptions of the peer parameters, refer to Table 13-6.<br />
list [option]<br />
Displays the configuration for the peer or peers given by [option]. If you omit<br />
[option], the command displays the configuration of all active peers. [option] can<br />
be one of the following:<br />
[peer]<br />
Displays the configuration for the peer given by [peer].<br />
active<br />
Displays the configuration for all active peers.<br />
configured<br />
Displays the configuration for all user-defined peers.<br />
edited<br />
Displays the configuration for all peers that have been modified, but not<br />
saved.<br />
rename [peer_old] [peer_new]<br />
Renames the peer given by [peer_old] to the peer given by [peer_new]. You must<br />
enter the Ipsec Save command afterwards to save your changes.<br />
59263-02 B 13-49
13–<strong>Command</strong> Reference<br />
Ike Peer<br />
Examples<br />
The following is an example of the Ike Peer Create command:<br />
SANbox ># admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ike peer create peer_1<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string, max=127 chars, N=None) : Peer_1<br />
*Address (hostname, IPv4, or IPv6 Address) : 10.0.0.3<br />
Lifetime (decimal value, 900-86400 seconds) : 3600<br />
*Encryption (select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256 : 1 4<br />
*Integrity (select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96 : 1 2 3<br />
*DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 : 2 14<br />
Restrict (True / False) : True<br />
*Authentication (1=secret, 2=public_key) : 1<br />
*Key<br />
(quoted string or raw hex bytes)<br />
maximum length for quoted string = 128<br />
maximum length for raw hex bytes = 256<br />
the raw hex length must be even : 0x11223344<br />
The IKE peer has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-IPSEC) #> ipsec save<br />
13-50 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Peer<br />
The following is an example of the Ike Peer Edit command:<br />
SANbox (admin-ipsec) #> ike peer edit peer_2<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Current Values:<br />
Description Peer_2 description<br />
Address 10.0.0.4<br />
Lifetime<br />
4800 (seconds)<br />
Encryption aes_cbc_128 aes_cbc_192<br />
Integrity<br />
aes_xcbc_96<br />
DHGroup 5 24<br />
Restrict<br />
True<br />
Authentication secret<br />
Key ********<br />
New Value (press ENTER to not specify value, 'q' to quit, 'n' for none):<br />
Description (string, max=127 chars, N=None) :<br />
*Address (hostname, IPv4, or IPv6 Address) :<br />
Lifetime (decimal value, 900-86400 seconds) : 1200<br />
*Encryption (select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256 : 1<br />
*Integrity (select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96 : 1<br />
*DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 : 1<br />
Restrict (True / False) :<br />
*Authentication (1=secret, 2=public_key) :<br />
*Key<br />
(quoted string or raw hex bytes)<br />
maximum length for quoted string = 128<br />
maximum length for raw hex bytes = 256<br />
the raw hex length must be even :<br />
The IKE peer has been edited.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
59263-02 B 13-51
13–<strong>Command</strong> Reference<br />
Ike Peer<br />
The following is an example of the Ike Peer List command:<br />
SANbox (admin-ipsec) #> ike peer list peer_1<br />
Edited (unsaved) IKE Information<br />
peer_1<br />
Description Peer_1 description<br />
Address 10.0.0.3<br />
Lifetime<br />
3600 (seconds)<br />
Encryption 3des_cbc aes_cbc_256<br />
Integrity md5_96 sha1_96 sha2_256<br />
DHGroup 2 14<br />
Restrict<br />
True<br />
Authentication secret<br />
Key ********<br />
13-52 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
Ike Policy<br />
Authority<br />
Syntax<br />
Keywords<br />
Creates and manages IKE policies.<br />
Admin session and an Ipsec Edit session<br />
ike policy<br />
copy [policy_source] [policy_destination]<br />
create [policy]<br />
delete [policy]<br />
edit [policy]<br />
list [option]<br />
rename [policy_old] [policy_new]<br />
copy [policy_source] [policy_destination]<br />
Creates a new policy named [policy_destination] and copies the configuration into<br />
it from the policy given by [policy_source]. You must enter the Ipsec Save<br />
command afterwards to save your changes.<br />
create [policy]<br />
Creates a policy with the name given by [policy]. A policy name must begin with a<br />
letter and be no longer than 32 characters. Valid characters are 0-9, A-Z, a-z, _, $,<br />
^, and -. The IKE database supports a maximum of 256 user-defined policies. You<br />
must enter the Ipsec Save command afterwards to save your changes.<br />
Table 13-7. IKE Policy Configuration Parameters<br />
Parameter<br />
Description<br />
Mode<br />
LocalAddress<br />
LocalPort<br />
Description<br />
Policy description of up to 127 characters.<br />
IP security connection type. Mode can have one of<br />
the following values:<br />
• Transport—Encrypts the transport layer payload<br />
• Tunnel—Encrypts the IP header and the transport<br />
layer payload<br />
Local switch IP address (IPv4 or IPv6). The switch<br />
and the peer device must use the same IP address<br />
version. If you omit this value, all switch IP<br />
addresses are used. An IKE policy is created for<br />
each switch IP address.<br />
Local port with which the policy traffic selector must<br />
match packets. LocalPort can be an integer from<br />
1–65535. Zero (0) and the keyword All specifies all<br />
local ports.<br />
59263-02 B 13-53
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
Table 13-7. IKE Policy Configuration Parameters (Continued)<br />
RemoteAddress<br />
(Mode=Tunnel)<br />
RemotePort<br />
(Mode=Tunnel)<br />
Peer<br />
Protocol<br />
(LocalPort=1–65535 or<br />
RemotePort=1–65535)<br />
Action<br />
ProtectionDesired<br />
(Mode=Transport)<br />
LifetimeChild<br />
RekeyChild<br />
Parameter<br />
Description<br />
IPv4 or IPv6 address of the traffic selector (with an<br />
optional address prefix length) on the remote side<br />
of the IP security tunnel<br />
Remote port with which the policy traffic selector<br />
must match packets. RemotePort can be an integer<br />
1–65535. Zero (0) and the keyword All specifies all<br />
remote ports.<br />
Name of an existing peer to be associated with this<br />
policy.<br />
Transport protocol with which the traffic selector<br />
matches packets. Protocol can have the following<br />
values:<br />
• icmp—Internet control message protocol for IP<br />
version 4<br />
• icmp6—Internet control message protocol for IP<br />
version 6<br />
• ip4—Internet protocol version 4<br />
• tcp—Transmission control protocol<br />
• udp—User datagram protocol<br />
• any or 0—Any protocol<br />
• 1–255—Numeric equivalent for standard and<br />
custom protocols<br />
Action to apply for packets that match the policy.<br />
Action can be ipsec, which applies the policy’s IP<br />
security protection to the packet.<br />
IP security protection protocol to apply (encapsulating<br />
security payload).<br />
Duration of the IP security association connection in<br />
seconds. LifetimeChild is an integer 900–86400.<br />
The default is 3600.<br />
IP security association renegotiation. Renegotiate<br />
an IP security association that is about to expire<br />
(True) or allow it to expire (False).<br />
13-54 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
Table 13-7. IKE Policy Configuration Parameters (Continued)<br />
Parameter<br />
Encryption<br />
Integrity<br />
DHGroup<br />
Restrict<br />
Description<br />
One or more encryption algorithms. Encryption can<br />
be one of the following:<br />
• null<br />
• 3des_cbc<br />
• aes_cbc_128<br />
• aes_cbc_192<br />
• aes_cbc_256<br />
• aes_ctr_128 (not supported on all platforms)<br />
• aes_ctr_192 (not supported on all platforms)<br />
• aes_ctr_256 (not supported on all platforms)<br />
One or more authentication algorithms to apply to<br />
the policy:<br />
• md5_96<br />
• sha1_96<br />
• sha2_256<br />
• aes_xcbc_96<br />
Diffie-Hellman group number(s) to apply to the policy.<br />
DHGoup can be one or more of the following: 1,<br />
2, 5, 14, 24. If you omit this value, no Diffie-Hellman<br />
exchanges will be done for IP security association<br />
setup and rekeying.<br />
Algorithm and DH group restriction. The IKE<br />
responder accepts only the configured algorithms<br />
and DH groups for an IKE security association<br />
(True), or accepts any algorithm and DH group<br />
(False).<br />
delete [policy]<br />
Deletes the policy given by [policy] from the IKE database. You must enter the<br />
Ipsec Save command afterwards to save your changes.<br />
edit [policy]<br />
Opens an edit session in which to change the configuration of an existing IKE<br />
policy given by [policy]. For descriptions of the policy parameters, refer to<br />
Table 13-6.<br />
59263-02 B 13-55
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
list [option]<br />
Displays the configuration for the policy or policies given by [option]. If you omit<br />
[option], the command displays the configuration of all active policies. [option] can<br />
be one of the following:<br />
[policy]<br />
Displays the configuration for the policy given by [policy].<br />
active<br />
Displays the configuration for all active policies.<br />
configured<br />
Displays the configuration for all user-defined policies.<br />
edited<br />
Displays the configuration for all policies that have been modified, but not<br />
saved.<br />
rename [policy_old] [policy_new]<br />
Renames the policy given by [policy_old] to the policy given by [policy_new]. You<br />
must enter the Ipsec Save command afterwards to save your changes.<br />
Examples<br />
The following is an example of the Ike Policy Create command:<br />
SANbox (admin-ipsec) #> ike policy create policy_2<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string, max=127 chars, N=None) : Policy 2<br />
*Mode (1=transport, 2=tunnel) : 1<br />
*LocalAddress (IPv4, IPv6 Address or keyword 'All' : 10.0.0.3<br />
LocalPort (decimal value, 0-65535 or keyword 'All' : 1234<br />
RemotePort (decimal value, 0-65535 or keyword 'All' : 0<br />
*Peer (string, max=32 chars) : peer_1<br />
*Protocol<br />
(decimal value, 0-255, or keyword)<br />
0=NotSpecified<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any : udp<br />
Action (1=ipsec) : 1<br />
ProtectionDesired (select one, transport-mode only)<br />
1=esp Encapsulating Security Payload : 1<br />
13-56 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
LifetimeChild (decimal value, 900-86400 seconds) : 3600<br />
RekeyChild (True / False) : True<br />
*Encryption<br />
(select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256<br />
5=null : 1<br />
Integrity<br />
(select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96<br />
or the keyword 'None' : 1 2 3<br />
DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 or the keyword 'None' : 1 5<br />
Restrict (True / False) : True<br />
The IKE policy has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-IPSEC) #> ipsec save<br />
The following is an example of the Ike Policy Edit command:<br />
SANbox (admin-ipsec) #> ike policy edit policy_1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Current Values:<br />
Description Policy 1<br />
Mode<br />
tunnel<br />
LocalAddress 10.0.0.6<br />
LocalPort 456<br />
RemotePort<br />
0 (All)<br />
Action<br />
ipsec<br />
LifetimeChild 3600 (seconds)<br />
RekeyChild<br />
True<br />
Restrict<br />
False<br />
New Value (press ENTER to not specify value, 'q' to quit, 'n' for none):<br />
Description (string, max=127 chars, N=None) : Policy 1a<br />
*Mode (1=transport, 2=tunnel) : 1<br />
*LocalAddress (IPv4, IPv6 Address or keyword 'All' :<br />
59263-02 B 13-57
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
LocalPort (decimal value, 0-65535 or keyword 'All' :<br />
RemotePort (decimal value, 0-65535 or keyword 'All' :<br />
*Peer (string, max=32 chars) : peer_2<br />
*Protocol<br />
(decimal value, 0-255, or keyword)<br />
0=NotSpecified<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any : udp<br />
Action (1=ipsec) : 1<br />
ProtectionDesired (select one, transport-mode only)<br />
1=esp Encapsulating Security Payload : 1<br />
LifetimeChild (decimal value, 900-86400 seconds) : 2000<br />
RekeyChild (True / False) : true<br />
*Encryption<br />
(select one or more encryption algorithms)<br />
1=3des_cbc<br />
2=aes_cbc_128<br />
3=aes_cbc_192<br />
4=aes_cbc_256<br />
5=null : 1 3<br />
Integrity<br />
(select one or more integrity algorithms)<br />
1=md5_96<br />
2=sha1_96<br />
3=sha2_256<br />
4=aes_xcbc_96<br />
or the keyword 'None' : 1 3<br />
DHGroup<br />
(select one or more Diffie-Hellman Groups)<br />
1, 2, 5, 14, 24 or the keyword 'None' : 2 5<br />
Restrict (True / False) : true<br />
The IKE policy has been edited.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
SANbox (admin-IPSEC) #> ipsec save<br />
13-58 59263-02 B
13–<strong>Command</strong> Reference<br />
Ike Policy<br />
The following is an example of the Ike Policy List command:<br />
SANbox (admin-ipsec) #> ike policy list policy_2<br />
Edited (unsaved) IKE Information<br />
policy_2<br />
Description Policy 2<br />
Mode<br />
transport<br />
LocalAddress 10.0.0.3<br />
LocalPort 1234<br />
RemotePort<br />
0 (All)<br />
Peer<br />
peer_1<br />
Protocol<br />
udp<br />
Action<br />
ipsec<br />
ProtectionDesired <br />
LifetimeChild 3600 (seconds)<br />
RekeyChild<br />
True<br />
Encryption<br />
3des_cbc<br />
Integrity<br />
md5_96 sha1_96 sha2_256<br />
DHGroup 1 5<br />
Restrict<br />
True<br />
59263-02 B 13-59
13–<strong>Command</strong> Reference<br />
Image<br />
Image<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages and installs switch firmware.<br />
Admin session<br />
image<br />
cleanup<br />
fetch [account_name] [ip_address] [file_source] [file_destination]<br />
install<br />
list<br />
tftp [ip_address] [file_source] [file_destination]<br />
unpack [file]<br />
cleanup<br />
Removes all firmware image files from the switch. All firmware image files are<br />
removed automatically each time the switch is reset.<br />
fetch [account_name] [ip_address] [file_source] [file_destination]<br />
Retrieves image file given by [file_source] using FTP and stores it on the switch<br />
with the file name given by [file_destination]. The image file is retrieved from the<br />
host IP address given by [ip_address]. [ip_address] can be an IP address (version<br />
4 or 6) or a DNS host name. If an account name needs a password to access the<br />
FTP server, the system will prompt you for it.<br />
install<br />
Downloads firmware from a remote host to the switch, installs the firmware, then<br />
resets the switch to activate the firmware. This is disruptive. The command<br />
prompts you for the following:<br />
• File transfer protocol (FTP or TFTP)<br />
• IP address or DNS host name of the remote host<br />
• An account name and password on the remote host (FTP only)<br />
• Pathname for the firmware image file<br />
list<br />
Displays the list of image files that reside on the switch.<br />
tftp [ip_address] [file_source] [file_destination]<br />
Retrieves image file given by [file_source] using TFTP and stores it on the switch<br />
with the file name given by [file_destination]. The image file is retrieved from the<br />
host IP address given by [ip_address]. [ip_address] can be an IP address (version<br />
4 or 6) or a DNS host name.<br />
13-60 59263-02 B
13–<strong>Command</strong> Reference<br />
Image<br />
unpack [file]<br />
Installs the firmware file given by [file]. After unpacking the file, a message<br />
appears confirming successful unpacking. The switch must be reset for the new<br />
firmware to take effect.<br />
Notes<br />
Examples<br />
To provide consistent performance throughout the fabric, ensure that all switches<br />
are running the same version of firmware.<br />
To install firmware when the management workstation has an FTP server, use the<br />
Image Install command or the Firmware Install command.<br />
The following is an example of the Image Install command:<br />
SANbox #> admin start<br />
SANbox (admin) #> image install<br />
The switch will be reset. This process will cause a disruption<br />
to I/O traffic.<br />
Continuing with this action will terminate all management sessions,<br />
including any Telnet sessions. When the firmware activation is complete,<br />
you may log in to the switch again.<br />
Do you want to continue? [y/n]: y<br />
Press 'q' and the ENTER key to abort this command.<br />
FTP or TFTP : ftp<br />
User Account : johndoe<br />
IP Address : 10.0.0.254<br />
Source Filename : 8.0.00.xx_epc<br />
About to install image. Do you want to continue? [y/n] y<br />
Connected to 10.0.0.254 (10.0.0.254).<br />
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready.<br />
331 Password required for johndoe.<br />
Password: xxxxxxxxx<br />
230 User johndoe logged in.<br />
bin<br />
200 Type set to I.<br />
verbose<br />
Verbose mode off.<br />
This may take several seconds...<br />
The switch will now reset.<br />
Connection closed by foreign host.<br />
59263-02 B 13-61
13–<strong>Command</strong> Reference<br />
Image<br />
The following is an example of the Image Fetch and Image Unpack commands:<br />
SANbox (admin) #> image fetch johndoe 10.0.0.254 8.0.00.11_epc<br />
>ftp 10.0.0.254<br />
user:johndoe<br />
password: ********<br />
ftp>bin<br />
ftp>put 8.0.00.11_epc<br />
ftp>quit<br />
SANbox (admin) $>image list<br />
SANbox (admin) $>image unpack 8.0.00.11_epc<br />
Image unpack command result: Passed<br />
13-62 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec<br />
Ipsec<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages the IP Security database. The IP Security database consists of the<br />
Security Association database and the Security Policy database. The Ipsec Edit<br />
command opens a session in which to create and manage associations and<br />
policies.<br />
Admin session except for the History keyword. The Clear keyword also requires<br />
an Ipsec Edit session.<br />
ipsec<br />
cancel<br />
clear<br />
edit<br />
history<br />
limits<br />
save<br />
cancel<br />
Closes the current Ipsec Edit session. Any unsaved changes are lost.<br />
clear<br />
Deletes all IP security associations, IP security policies, IKE peers, and IKE<br />
policies from the volatile edit copies of the IP security and IKE databases. This<br />
keyword requires an Ipsec Edit session. This keyword does not affect the<br />
non-volatile IP security configuration. However, if you enter the Ipsec Clear<br />
command followed by the Ipsec Save command, the non-volatile IP security<br />
configuration will be deleted from the switch.<br />
NOTE:<br />
The preferred method for deleting the IP security configuration from the<br />
switch is the Reset Ipsec command.<br />
edit<br />
Open an Ipsec Edit session in which to create and manage IP security<br />
associations and policies, and IKE peers and policies. This keyword requires an<br />
Admin session. Ipsec Edit session commands include the Ike Peer, Ike Policy,<br />
Ipsec Clear, Ipsec Association, and Ipsec Policy commands.<br />
59263-02 B 13-63
13–<strong>Command</strong> Reference<br />
Ipsec<br />
history<br />
Displays a history of IP security modifications. This keyword does not require an<br />
Admin session. History information includes the following:<br />
• Time of the most recent IP security database modification and the user who<br />
performed it<br />
• Checksums for the active and inactive IP security databases and the IKE<br />
database<br />
limits<br />
Displays the maximum and current numbers of configured IP security<br />
associations, IP security policies, IKE peers, and IKE policies. This keyword does<br />
not require an Admin session nor an Ipsec Edit session. However, in an Ipsec Edit<br />
session, this command displays the number of both configured associations,<br />
peers, and policies, plus those created in the edit session but not yet saved.<br />
save<br />
Saves changes made during the current Ipsec Edit session.<br />
Examples<br />
The following is an example of the Ipsec History command:<br />
SANbox #> ipsec history<br />
IPsec Database History<br />
----------------------<br />
ConfigurationLastEditedBy johndoe@OB-session5<br />
ConfigurationLastEditedOn Sat Mar 8 07:14:36 2008<br />
Active Database Checksum 00000144<br />
Inactive Database Checksum 00000385<br />
IKE Database Checksum 00000023<br />
The following is an example of the Ipsec Limits command:<br />
SANbox #> ipsec limits<br />
Configured (saved) IPsec Information<br />
IPsec Attribute<br />
Maximum Current<br />
--------------- ------- -------<br />
MaxConfiguredSAs 512 0<br />
MaxConfiguredSPs 128 0<br />
MaxConfiguredIKEPeers 16 0<br />
MaxConfiguredIKEPolicies 256 0<br />
13-64 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec Association<br />
Ipsec Association<br />
Creates and manages associations in the Security Association database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session and an Ipsec Edit session<br />
ipsec association<br />
copy [association_source] [association_destination]<br />
create [association]<br />
delete [association]<br />
edit [association]<br />
list [option]<br />
rename [association_old] [association_new]<br />
copy [association_source] [association_destination]<br />
Creates a new association named [association_destination] and copies the<br />
configuration into it from the association given by [association_source].<br />
[association_destination] must not begin with DynamicSA_, which is reserved for<br />
dynamic associations. You must enter the Ipsec Save command afterwards to<br />
save your changes.<br />
create [association]<br />
Creates an association with the name given by [association]. An association name<br />
must begin with a letter and be no longer than 32 characters. Valid characters are<br />
0-9, A-Z, a-z, _, $, ^, and -. The Security Association database supports a<br />
maximum of 512 user-defined associations. You must enter the Ipsec Save<br />
command afterwards to save your changes.<br />
Table 13-8. IP Security Association Configuration Parameters<br />
Parameter<br />
Description<br />
SourceAddress<br />
DestinationAddress<br />
Description<br />
Description of the association.<br />
IP address (version 4 or 6) or DNS host name of the<br />
host, switch, or gateway from which data originates.<br />
IP address (version 4 or 6) or DNS host name of the<br />
host, switch, or gateway receiving data. If you specify<br />
an IP address for the SourceAddress, the DestinationAddress<br />
must use the same IP version<br />
format.<br />
59263-02 B 13-65
13–<strong>Command</strong> Reference<br />
Ipsec Association<br />
Table 13-8. IP Security Association Configuration Parameters<br />
Parameter<br />
Description<br />
Protocol<br />
SPI<br />
Authentication<br />
AuthenticationKey<br />
Encryption<br />
EncryptionKey<br />
Mode<br />
IP security protocol to be used to process data. The<br />
protocol can be one of the following:<br />
• Encapsulated security payload–RFC 2406 (esp)<br />
• Encapsulated security payload–RFC 1827<br />
(esp-old)<br />
• Authentication header– RFC 2402 (ah)<br />
• Authentication header–RFC 1826 (ah-old)<br />
Security parameters index number<br />
Algorithm to use to authenticate the source or destination.<br />
The authentication algorithm can be one of<br />
the following:<br />
• HMAC-MD5<br />
• HMAC-SHA1<br />
• HMAC-SHA256<br />
• AES-XCBC-MAC<br />
Key string to use for authentication.<br />
Algorithm that encrypts outbound data or decrypts<br />
inbound data. The encryption algorithm can be one<br />
of the following:<br />
• DES-CBC<br />
• 3DES-CBC<br />
• Null<br />
• BLOWFISH-CBC<br />
• AES-CBC<br />
• TWOFISH-CBC<br />
• AES-CTR (not available on all systems)<br />
Key string to use in encrypting or decrypting data.<br />
IP security connection type. Mode can have one of<br />
the following values:<br />
• Transport—Encrypts the transport layer payload<br />
• Tunnel—Encrypts the IP header and the transport<br />
layer payload<br />
13-66 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec Association<br />
delete [association]<br />
Deletes the specified association given by [association] from the Security<br />
Association database. You must enter the Ipsec Save command afterwards to<br />
save your changes.<br />
edit [association]<br />
Opens an edit session in which to change the configuration of an existing<br />
association given by [association]. For descriptions of the association parameters,<br />
refer to Table 13-8. If the connection is not secure (SSH is disabled), the<br />
AuthenticationKey and EncryptionKey values are masked.<br />
list [option]<br />
Displays the configuration for the associations given by [option]. If you omit<br />
[option], the command displays the configuration of all active associations.<br />
[option] can be one of the following:<br />
[association]<br />
Displays the configuration for the association given by [association].<br />
active<br />
Displays the configuration for all active associations.<br />
configured<br />
Displays the configuration for all user-defined associations.<br />
edited<br />
Displays the configuration for all associations that have been modified, but<br />
not saved.<br />
rename [association_old] [association_new]<br />
Renames the association given by [association_old] to the association given by<br />
[association_new]. You must enter the Ipsec Save command afterwards to save<br />
your changes. Dynamic associations cannot be renamed.<br />
59263-02 B 13-67
13–<strong>Command</strong> Reference<br />
Ipsec Association<br />
Examples<br />
The following is an example of the Ipsec Association Create command:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec association create h2h-sh-sa<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string value, 0-127 bytes) : Host-to-host: switch->host<br />
*SourceAddress (hostname, IPv4, or IPv6 Address) : fe80::2c0:ddff:fe03:d4c1<br />
*DestinationAddress (hostname, IPv4, or IPv6 Address) : fe80::250:daff:feb7:9d02<br />
*Protocol (1=esp, 2=esp-old, 3=ah, 4=ah-old) : 1<br />
*SPI (decimal value, 256-4294967295) : 333<br />
Authentication (select an authentication algorithm)<br />
1=hmac-md5 (16 byte key)<br />
2=hmac-sha1 (20 byte key)<br />
3=hmac-sha256 (32 byte key)<br />
4=aes-xcbc-mac (16 byte key)<br />
authentication algorithm choice : 2<br />
*AuthenticationKey (quoted string or raw hex bytes) : "12345678901234567890"<br />
*Encryption<br />
(select an encryption algorithm)<br />
1=des-cbc (8 byte key)<br />
2=3des-cbc (24 byte key)<br />
3=null<br />
(0 byte key)<br />
4=blowfish-cbc (5-56 byte key)<br />
5=aes-cbc (16/24/32 byte key)<br />
6=twofish-cbc (16-32 byte key)<br />
encryption algorithm choice : 2<br />
*EncryptionKey (quoted string or raw hex bytes) : "123456789012345678901234"<br />
Mode (1=transport, 2=tunnel) : 1<br />
The security association has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
13-68 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec List<br />
Ipsec List<br />
Authority<br />
Syntax<br />
Keywords<br />
Displays information about IP security associations and policies.<br />
None<br />
ipsec list<br />
active<br />
association [option]<br />
configured<br />
edited<br />
policy [option]<br />
active<br />
Displays a summary of active associations and policies. This is the default.<br />
association [option]<br />
Displays the configuration for the associations given by [option]. If you omit<br />
[option], the command displays the configuration of all active associations.<br />
[option] can be one of the following:<br />
[association]<br />
Displays the configuration for the association given by [association].<br />
active<br />
Displays the configuration for all active associations.<br />
configured<br />
Displays the configuration for all user-defined associations.<br />
edited<br />
Displays the configuration for all associations that have been modified, but<br />
not saved.<br />
configured<br />
Displays a summary of the user-defined associations and policies.<br />
edited<br />
Displays a summary of the associations and policies that have been modified, but<br />
not saved.<br />
59263-02 B 13-69
13–<strong>Command</strong> Reference<br />
Ipsec List<br />
policy [option]<br />
Displays the configuration for the policies given by [option]. If you omit [option],<br />
the command displays the configuration of all active policies. [option] can be one<br />
of the following:<br />
[policy]<br />
Displays the configuration for the policy given by [policy].<br />
active<br />
Displays the configuration for all active policies.<br />
configured<br />
Displays the configuration for all user-defined policies.<br />
edited<br />
Displays the configuration for all policies that have been modified, but not<br />
saved.<br />
Examples<br />
The following is an example of the Ipsec List command:<br />
SANbox #> ipsec list<br />
Active IPsec Information<br />
Security Association Database<br />
-----------------------------<br />
h2h-sh-sa<br />
h2h-hs-sa<br />
Security Policy Database<br />
------------------------<br />
h2h-hs-sp<br />
h2h-sh-sp<br />
Summary<br />
-------<br />
Security Association Count: 2<br />
Security Policy Count: 2<br />
The following is an example of the Ipsec List Association command:<br />
SANbox #> ipsec list association<br />
Active IPsec Information<br />
h2h-sh-sa<br />
Description: Host-to-host: switch->host<br />
Source: fe80::2c0:ddff:fe03:d4c1<br />
13-70 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec List<br />
Destination: fe80::250:daff:feb7:9d02<br />
Protocol: esp SPI: 333 (0x14d)<br />
Authentication: hmac-sha1 ********<br />
Encryption: 3des-cbc ********<br />
Mode: transport<br />
h2h-hs-sa<br />
Description: Host-to-host: host->switch<br />
Source: fe80::250:daff:feb7:9d02<br />
Destination: fe80::2c0:ddff:fe03:d4c1<br />
Protocol: esp SPI: 444 (0x1bc)<br />
Authentication: hmac-sha1 ********<br />
Encryption: 3des-cbc ********<br />
Mode: transport<br />
The following is an example of the Ipsec List Policy command:<br />
SANbox #> ipsec list policy<br />
Active IPsec Information<br />
h2h-hs-sp<br />
Description: Host-to-host: host->switch<br />
Source: fe80::250:daff:feb7:9d02/128<br />
Destination: fe80::2c0:ddff:fe03:d4c1/128<br />
Protocol: any<br />
Direction: in Priority: 0 Action: ipsec<br />
Mode: transport<br />
Rule Protocol Mode Level<br />
---- -------- --------- -----<br />
1 esp transport require<br />
h2h-sh-sp<br />
Description: Host-to-host: switch->host<br />
Source: fe80::2c0:ddff:fe03:d4c1/128<br />
Destination: fe80::250:daff:feb7:9d02/128<br />
Protocol: any<br />
Direction: out Priority: 0 Action: ipsec<br />
Mode: transport<br />
Rule Protocol Mode Level<br />
---- -------- --------- -----<br />
1 esp transport require<br />
59263-02 B 13-71
13–<strong>Command</strong> Reference<br />
Ipsec Policy<br />
Ipsec Policy<br />
Manages policies in the Security Policy database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session and an Ipsec Edit session<br />
ipsec policy<br />
copy [policy_source] [policy_destination]<br />
create [policy]<br />
delete [policy]<br />
edit [policy]<br />
list [option]<br />
rename [policy_old] [policy_new]<br />
copy [policy_source] [policy_destination]<br />
Creates a new policy named [policy_destination] and copies the configuration into<br />
it from the policy given by [policy_source]. You must enter the Ipsec Save<br />
command afterwards to save your changes. [policy_destination] must not begin<br />
with DynamicSP_, which is reserved for dynamic policies.<br />
create [policy]<br />
Creates a policy with the name given by [policy]. A policy name must begin with a<br />
letter and be no longer than 32 characters. Valid characters are 0-9, A-Z, a-z, _, $,<br />
^, and -. The Security Policy database supports a maximum of 128 user-defined<br />
policies. You must enter the Ipsec Save command afterwards to save your<br />
changes. Table 13-9 describes the policy parameters:<br />
Table 13-9. IP Security Policy Configuration Parameters<br />
Parameter<br />
Description<br />
Description<br />
SourceAddress<br />
Description of the policy<br />
IP address (version 4 or 6) or DNS host name of the host,<br />
switch, or gateway from which data originates.<br />
SourcePort Source port number (1–65535)<br />
DestinationAddress<br />
IP address (version 4 or 6) or DNS host name of the host,<br />
switch, or gateway receiving data. If you specify an IP address<br />
for SourceAddress, DestinationAddress must use the same IP<br />
version address format.<br />
DestinationPort Destination port number (1–65535)<br />
13-72 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec Policy<br />
Table 13-9. IP Security Policy Configuration Parameters (Continued)<br />
Protocol<br />
ICMP6<br />
Direction<br />
Priority<br />
Action<br />
Parameter<br />
Mode<br />
(Action=Ipsec)<br />
TunnelSource<br />
(Mode=Tunnel)<br />
TunnelDestination<br />
(Mode=Tunnel)<br />
Description<br />
Protocol or application to which to apply IP security. Enter a keyword<br />
for one of the following protocols or an integer (0-255):<br />
• Internet Control Message Protocol for IP version 4 (ICMP)<br />
• Internet Control Message Protocol for IP version 6 (ICMP6)<br />
• Internet Protocol, version 4 (IPv4)<br />
• Transmission Control Protocol (TCP)<br />
• User Datagram Protocol (UDP)<br />
• Any protocol<br />
ICMP number (0–255). You are prompted for this parameter<br />
only if you specify ICMP6 for the Protocol parameter.<br />
Direction of the data traffic to which to apply the policy:<br />
• In—Data entering the destination<br />
• Out—Data leaving the source<br />
A number from -2147483647 to +214783647 that determines<br />
priority for this policy in the security policy database. The higher<br />
the number, the higher the priority.<br />
Processing to apply to data traffic:<br />
• Discard–Unconditionally disallow all inbound or outbound<br />
data traffic.<br />
• None–Allow all inbound or outbound data traffic without<br />
encryption or decryption.<br />
• Ipsec–Apply IP security to inbound and outbound data traffic.<br />
See the Mode and ProtectionDesired parameters.<br />
IP security connection type. Mode can have one of the following<br />
values:<br />
• Transport—Encrypts the transport layer payload<br />
• Tunnel—Encrypts the IP header and the transport layer payload.<br />
See the TunnelSource and TunnelDestination parameters.<br />
IP address (version 4 or 6) of the tunnel source.<br />
IP address (version 4 or 6) of the tunnel destination. Tunnel-<br />
Source and TunnelDestination must use the same IP version<br />
address format.<br />
59263-02 B 13-73
13–<strong>Command</strong> Reference<br />
Ipsec Policy<br />
Table 13-9. IP Security Policy Configuration Parameters (Continued)<br />
Parameter<br />
ProtectionDesired<br />
(Action=Ipsec)<br />
ahRuleLevel<br />
(ProtectionDesired=<br />
ahRuleLevel or Both)<br />
espRuleLevel<br />
(ProtectionDesired=<br />
ESP or Both)<br />
Description<br />
Type of IP security protection to apply.<br />
• AH—Authentication header. Protects against modifications<br />
to the data. See the ahRuleLevel parameter.<br />
• ESP–Encapsulating security payload. Protects against viewing<br />
the data. See the espRuleLevel parameter.<br />
• Both–Apply both AH and ESP protection. See the ahRule-<br />
Level and espRuleLevel parameters.<br />
Rule level to apply for AH protection. You are prompted for this<br />
parameter only if you specify AH or Both for the ProtectionDesired<br />
parameter.<br />
• Default—use the system wide default for the protocol<br />
• Use—use a security association if one is available<br />
• Require—a security association is required whenever a<br />
packet is sent that is matched with the policy<br />
Rule level to apply for ESP protection.<br />
• Default—use the system wide default for the protocol<br />
• Use—use a security association if one is available<br />
• Require—a security association is required whenever a<br />
packet is sent that is matched with the policy<br />
delete [policy]<br />
Deletes the policy given by [policy] from the Security Policy database. You must<br />
enter the Ipsec Save command afterwards to save your changes.<br />
edit [policy]<br />
Opens an edit session in which to change the configuration of an existing policy<br />
given by [policy]. For descriptions of the policy parameters, refer to Table 13-9.<br />
13-74 59263-02 B
13–<strong>Command</strong> Reference<br />
Ipsec Policy<br />
list [option]<br />
Displays the configuration for the policies given by [option]. If you omit [option],<br />
the command displays the configuration of all active policies. [option] can be one<br />
of the following:<br />
[policy]<br />
Displays the configuration for the policy given by [policy].<br />
active<br />
Displays the configuration for all active policies.<br />
configured<br />
Displays the configuration for all user-defined policies.<br />
edited<br />
Displays the configuration for all policies that have been modified, but not<br />
saved.<br />
rename [policy_old] [policy_new]<br />
Renames the policy given by [policy_old] to the policy given by [policy_new]. You<br />
must enter the Ipsec Save command afterwards to save your changes. Dynamic<br />
policies cannot be renamed.<br />
59263-02 B 13-75
13–<strong>Command</strong> Reference<br />
Ipsec Policy<br />
Examples<br />
The following is an example of the Ipsec Policy Create command:<br />
SANbox #> admin start<br />
SANbox (admin) #> ipsec edit<br />
SANbox (admin-ipsec) #> ipsec policy create h2h-sh-sp<br />
A list of attributes with formatting will follow.<br />
Enter a value or simply press the ENTER key to skip specifying a value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Required attributes are preceded by an asterisk.<br />
Value (press ENTER to not specify value, 'q' to quit):<br />
Description (string value, 0-127 bytes) : Host-to-host: switch->host<br />
*SourceAddress (hostname, IPv4, or IPv6 Address/[PrefixLength]): fe80::2c0:ddff:fe03:d4c1<br />
SourcePort (decimal value, 1-65535) :<br />
*DestinationAddress (hostname, IPv4, or IPv6 Address/[PrefixLength]): fe80::250:daff:feb7:9d02<br />
DestinationPort (decimal value, 1-65535) :<br />
*Protocol<br />
(decimal value, or keyword)<br />
Allowed keywords<br />
icmp, icmp6, ip4, tcp, udp or any<br />
: any<br />
*Direction (1=in, 2=out) : 2<br />
Priority (value, -2147483647 to +214783647) :<br />
*Action (1=discard, 2=none, 3=ipsec) : 3<br />
Mode (1=transport, 2=tunnel) : 2<br />
*TunnelSource (IPv4, or IPv6 Address) : fe91::3d1:eedd:bf14:e5d2<br />
*TunnelDestination (IPv4, or IPv6 Address)<br />
: fe91::361:ebdd:bfc8:0e13<br />
*ProtectionDesired (select one, transport-mode only)<br />
1=ah Authentication Header<br />
2=esp Encapsulating Security Payload<br />
3=both : 2<br />
*espRuleLevel (1=default, 2=use, 3=require) : 3<br />
The security policy has been created.<br />
This configuration must be saved with the 'ipsec save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'ipsec cancel' command.<br />
13-76 59263-02 B
13–<strong>Command</strong> Reference<br />
Key<br />
Key<br />
Authority<br />
Syntax<br />
Keywords<br />
Creates and manages public/private key pairs in the PKI database.<br />
Admin. The List keyword does not require an Admin session.<br />
key<br />
delete [key_name]<br />
generate [key_name] size [size] force<br />
import [key_name] [file_name] force<br />
list [key_name]<br />
delete [key_name]<br />
Deletes a public/private key pair from the PKI database.<br />
generate [key_name] size [size] force<br />
Creates a public/private key pair with the name given by [key_name] of the size in<br />
bits given by [size]. The optional keyword Force overwrites an existing key pair<br />
with the same name. [size] can be one of the following:<br />
512<br />
Creates a public/private key pair of 512 bits<br />
1024<br />
Creates a public/private key of 1,024 bits<br />
2048<br />
Creates a public/private key of 2,048 bits<br />
import [key_name] [file_name] force<br />
Imports the public/private key pair file given by [file_name] into the PKI database<br />
with the name given by [key_name]. The optional keyword Force overwrites an<br />
existing key pair with the same name.<br />
list [key_name]<br />
Displays detailed information about the public/private key pair given by<br />
[key_name]. If you omit [key_name], the command lists all key pairs in the PKI<br />
database.<br />
Notes<br />
For information about creating a certificate request, see the Certificate Generate<br />
Request command.<br />
59263-02 B 13-77
13–<strong>Command</strong> Reference<br />
Key<br />
Examples<br />
The following is an example of the Key Generate command:<br />
SANbox #> admin start<br />
SANbox (admin) #>: key generate key512 size 512<br />
The following is an example of the Key List command for key512:<br />
SANbox #> key list key512<br />
Key key512:<br />
private key with:<br />
pubkey: RSA 512 bits<br />
keyid: 49:80:4c:aa:d3:c3:bc:c7:f5:b1:41:34:ce:71:48:1d:b9:b3:d9:f9<br />
subjkey: f4:b6:b9:27:25:7a:5a:69:a0:9e:cf:14:cd:3c:88:e9:d5:b1:aa:4a<br />
The following is an example of the Key List command:<br />
SANbox #> key list<br />
Installed Keys:<br />
key512<br />
key2048<br />
key1024<br />
* indicates key has a matching local certificate<br />
13-78 59263-02 B
13–<strong>Command</strong> Reference<br />
Lip<br />
Lip<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
Reinitializes the specified loop port.<br />
Admin session<br />
lip [port_number]<br />
[port_number]<br />
The number of the port to be reinitialized. Ports are numbered beginning with 0.<br />
The following is an example of the Lip command:<br />
SANbox (admin) #> lip 2<br />
59263-02 B 13-79
13–<strong>Command</strong> Reference<br />
Logout<br />
Logout<br />
Authority<br />
Syntax<br />
Notes<br />
Closes the Telnet session.<br />
None<br />
logout<br />
You can also press Control-D to close the Telnet session.<br />
13-80 59263-02 B
13–<strong>Command</strong> Reference<br />
Passwd<br />
Passwd<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
Changes a user account’s password.<br />
Admin account name and an Admin session to change another account’s<br />
password; you can change you own password without an Admin session.<br />
passwd [account_name]<br />
[account_name]<br />
The user account name. To change the password for an account name other than<br />
your own, you must open an Admin session with the account name Admin. If you<br />
omit [account_name], you will be prompted to change the password for the<br />
current account name.<br />
The following is an example of the Passwd command:<br />
SANbox #> admin start<br />
SANbox (admin) #> passwd user2<br />
Press 'q' and the ENTER key to abort this command.<br />
account OLD password : ********<br />
account NEW password (8-20 chars) : ********<br />
please confirm account NEW password: ********<br />
password has been changed.<br />
59263-02 B 13-81
13–<strong>Command</strong> Reference<br />
Ping<br />
Ping<br />
Authority<br />
Syntax<br />
Keywords<br />
Initiates an attempt to communicate with another switch over an Ethernet network<br />
and reports the result.<br />
None<br />
ping<br />
[host_name]<br />
-ipv4 [host_address]<br />
-ipv6 [host_address]<br />
[host_name]<br />
DNS host name of the switch you want to query. [host_name] is a character string<br />
of 2–125 characters made up of one or more subdomains delimited by periods (.).<br />
The following naming rules apply:<br />
• Valid characters are alphanumeric characters, period (.), and hyphen (-).<br />
• Each subdomain must be a minimum of two alphanumeric characters.<br />
• Each subdomain must start and end with an alphanumeric character.<br />
• A host name can end with a period (.).<br />
-ipv4 [host_address]<br />
IP address (version 4) or DNS host name of the switch you want to query.<br />
Broadcast IP addresses, such as 255.255.255.255, are not valid.<br />
-ipv6 [host_address]<br />
IP address (version 6) or DNS host name of the switch you want to query.<br />
Examples<br />
The following is an example of a successful Ping command:<br />
SANbox #> ping 10.20.11.57<br />
Ping command issued. Waiting for response...<br />
SANbox #><br />
Response successfully received from 10.20.11.57.<br />
This following is an example of an unsuccessful Ping command:<br />
SANbox #> ping 10.20.11.57<br />
Ping command issued. Waiting for response...<br />
No response from 10.20.11.57. Unreachable.<br />
13-82 59263-02 B
13–<strong>Command</strong> Reference<br />
Profile<br />
Profile<br />
Authority<br />
Syntax<br />
Keywords<br />
Creates and modifies profiles with which to customize Call Home e-mail<br />
notification. A profile defines the event severity level at which to generate e-mails,<br />
e-mail subject and text, and e-mail recipients.<br />
Admin session and a Callhome Edit session. Refer to the “Callhome” command<br />
on page 13-6 for information about starting a Callhome Edit session.<br />
profile<br />
copy [profile_source] [profile_destination]<br />
create [profile]<br />
delete [profile]<br />
edit [profile]<br />
rename [profile_old] [profile_new]<br />
copy [profile_source] [profile_destination]<br />
Creates a new profile named [profile_destination] and copies the configuration<br />
into it from the profile given by [profile_source]. You must enter the Callhome<br />
Save command afterwards to save your changes. Neither [profile_source] nor<br />
[profile_destination] can be Tech_Support_Center.<br />
create [profile]<br />
Creates a profile with the name given by [profile]. A profile name must begin with a<br />
letter and be no longer than 32 characters. Valid characters are 0-9, A-Z, a-z, _, $,<br />
^, and -. The Tech_Support_Center profile name is reserved. You must enter the<br />
Callhome Save command afterwards to save your changes. The Call Home<br />
database supports a maximum of 25 profiles. Table 13-10 describes the profile<br />
configuration parameters.<br />
Table 13-10. Profile Configuration Parameters<br />
Level<br />
Parameter<br />
Description<br />
Event severity level at which to generate a Call Home e-mail<br />
message:<br />
• None–Generates e-mail messages for all events.<br />
• Warn–Generates e-mail messages for Warning, Critical, and<br />
Alarm events.<br />
• Critical–Generates e-mail messages for Critical and Alarm<br />
events.<br />
• Alarm–Generates e-mail messages for Alarm events only.<br />
59263-02 B 13-83
13–<strong>Command</strong> Reference<br />
Profile<br />
Table 13-10. Profile Configuration Parameters (Continued)<br />
Parameter<br />
Format<br />
MaxSize<br />
EmailSubject<br />
RecipientMail<br />
CaptureEnabled<br />
Description<br />
Level of detail to be included in the e-mail message:<br />
• ShortText–includes switch and event information.<br />
• FullText–includes switch information, event information, Call<br />
Home contact information, and SNMP contact information.<br />
• Tsc1–includes switch and event information in a format<br />
intended for automated e-mail readers.<br />
Maximum number of characters allowed in the e-mail message.<br />
Decreasing this parameter makes for easier reading on small display<br />
devices such as cell phones. The minimum is 650. The maximum<br />
and default is 100,000.<br />
E-mail subject of up to 64 characters<br />
Recipient e-mail addresses; maximum of 10 addresses. The format<br />
is account@domain.<br />
Enables (True) or disables (False) the data capture configuration<br />
only when creating the Tech_Support_Center profile. For more<br />
information about the data capture configuration, refer to the<br />
Capture command.<br />
delete [profile]<br />
Deletes the specified profile given by [profile] from the Call Home database. You<br />
must enter the Callhome Save command afterwards to save your changes.<br />
edit [profile]<br />
Opens an edit session in which to change the configuration of an existing profile<br />
given by [profile]. The Tech_Support_Center profile can be edited. For<br />
descriptions of the profile parameters, refer to Table 13-10. The CaptureEnabled<br />
parameter is displayed only when modifying the Tech_Support_Center profile.<br />
rename [profile_old] [profile_new]<br />
Renames the profile given by [profile_old] to the profile given by [profile_new]. You<br />
must enter the Callhome Save command afterwards to save your changes.<br />
13-84 59263-02 B
13–<strong>Command</strong> Reference<br />
Profile<br />
Examples<br />
The following is an example of the Profile Create command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile create profile_1<br />
A list of attributes with formatting and default values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press ’q’ or ’Q’ and the ENTER key to do so.<br />
Default Values:<br />
Level<br />
Alarm<br />
Format<br />
FullText<br />
MaxSize 100000<br />
EmailSubject <br />
RecipientEmail (up to 10 entries allowed)<br />
New Value (press ENTER to accept default value, 'q' to quit):<br />
Level (Alarm,Critical,Warn,None) :<br />
Format (1=FullText, 2=ShortText, 3=Tsc1) :<br />
MaxSize (decimal value, 650-100000) :<br />
EmailSubject (string, max=64 chars, N=None) : Technical problem<br />
RecipientEmail (ex: admin@company.com, N=None)<br />
1. : admin0@company.com<br />
The profile has been created.<br />
This configuration must be saved with the callhome save command<br />
before it can take effect, or to discard this configuration<br />
use the callhome cancel command.<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
59263-02 B 13-85
13–<strong>Command</strong> Reference<br />
Profile<br />
The following is an example of the Profile Edit command:<br />
SANbox #> admin start<br />
SANbox (admin) #> callhome edit<br />
SANbox (admin-callhome) #> profile edit profile_1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
Level<br />
Alarm<br />
Format<br />
ShortText<br />
MaxSize 1000<br />
EmailSubject Switch Problem<br />
RecipientEmail (up to 10 entries allowed)<br />
1. john.smith@domain.com<br />
New Value (press ENTER to accept current value, 'q' to quit):<br />
Level (Alarm,Critical,Warn,None) :<br />
Format (1=FullText, 2=ShortText, 3=Tsc1) : 1<br />
MaxSize (decimal value, 650-100000) :<br />
EmailSubject (string, max=64 chars, N=None) :<br />
RecipientEmail (ex: admin@company.com, N=None)<br />
1. john.smith@domain.com :<br />
2. :<br />
The profile has been edited.<br />
This configuration must be saved with the 'callhome save' command<br />
before it can take effect, or to discard this configuration<br />
use the 'callhome cancel' command.<br />
SANbox (admin-callhome) #> callhome save<br />
The CallHome database profiles will be saved and activated.<br />
Please confirm (y/n): [n] y<br />
13-86 59263-02 B
13–<strong>Command</strong> Reference<br />
Ps<br />
Ps<br />
Authority<br />
Syntax<br />
Examples<br />
Displays current system process information.<br />
None<br />
ps<br />
The following is an example of the Ps command:<br />
SANbox #> ps<br />
PID PPID %CPU %MEM TIME ELAPSED COMMAND<br />
244 224 0.0 0.3 00:00:04 2-03:02:31 cns<br />
245 224 0.0 0.3 00:00:06 2-03:02:31 ens<br />
246 224 0.0 0.3 00:00:09 2-03:02:31 dlog<br />
247 224 0.0 0.6 00:00:33 2-03:02:31 ds<br />
248 224 0.3 2.8 00:09:59 2-03:02:31 mgmtApp<br />
249 224 0.0 0.3 00:00:16 2-03:02:31 sys2swlog<br />
251 224 0.0 0.4 00:00:06 2-03:02:30 fc2<br />
252 224 0.0 0.6 00:00:16 2-03:02:30 nserver<br />
253 224 0.0 0.8 00:00:08 2-03:02:30 PortApp<br />
254 224 0.0 0.5 00:00:03 2-03:02:30 qfsApp<br />
255 224 0.0 0.5 00:00:09 2-03:02:30 mserver<br />
256 224 0.0 0.7 00:00:06 2-03:02:30 eport<br />
257 224 0.0 0.6 00:00:13 2-03:02:30 zoning<br />
282 254 0.0 0.5 00:00:00 2-03:02:26 qfsApp<br />
284 224 0.0 0.6 00:00:08 2-03:02:26 snmpservicepath<br />
285 282 0.0 0.5 00:00:00 2-03:02:26 qfsApp<br />
308 224 0.0 0.8 00:00:29 2-03:02:25 cim_server<br />
322 224 0.0 0.7 00:00:16 2-03:02:24 util<br />
323 224 0.0 0.4 00:00:09 2-03:02:24 port_mon<br />
324 224 0.0 0.5 00:00:07 2-03:02:24 diagAgent<br />
325 224 0.0 0.4 00:00:03 2-03:02:24 diagExec<br />
289 224 0.0 0.4 00:00:00 2-03:02:25 snmpd<br />
290 224 0.0 0.5 00:00:00 2-03:02:25 snmpmain<br />
335 290 0.0 0.5 00:00:00 2-03:02:23 snmpmain<br />
336 335 0.0 0.5 00:00:00 2-03:02:23 snmpmain<br />
59263-02 B 13-87
13–<strong>Command</strong> Reference<br />
Quit<br />
Quit<br />
Authority<br />
Syntax<br />
Notes<br />
Closes the Telnet session.<br />
None<br />
quit<br />
You can also press Control-D to close the Telnet session.<br />
13-88 59263-02 B
13–<strong>Command</strong> Reference<br />
Reset<br />
Reset<br />
Authority<br />
Syntax<br />
Keywords<br />
Resets the switch configuration parameters. If you omit the keyword, the default is<br />
Reset Switch.<br />
Admin session<br />
reset<br />
callhome<br />
config [config_name]<br />
factory<br />
ike<br />
ipsec<br />
port [port_list]<br />
radius<br />
security<br />
services<br />
snmp<br />
switch (default)<br />
system<br />
zoning<br />
callhome<br />
Resets the Call Home database configuration to its default values.<br />
config [config_name]<br />
Resets the configuration given by [config_name] to the factory default values for<br />
switch, port, port threshold alarm, and zoning configuration as described in<br />
Table 13-12 through Table 13-20. If [config_name] does not exist on the switch, a<br />
configuration with that name will be created. If you omit [config_name], the active<br />
configuration is reset. You must activate the configuration for the changes to take<br />
effect.<br />
59263-02 B 13-89
13–<strong>Command</strong> Reference<br />
Reset<br />
factory<br />
Resets switch configuration, port configuration, port threshold alarm configuration,<br />
zoning configuration, SNMP configuration, system configuration, security<br />
configuration, RADIUS configuration, switch services configuration, zoning<br />
configuration, and Call Home configuration to the factory default values as<br />
described in Table 13-12 through Table 13-20. The switch configuration is<br />
activated automatically.<br />
NOTE:<br />
• Because this keyword changes network parameters, the<br />
workstation could lose communication with the switch and release<br />
the Admin session.<br />
• This keyword does not affect installed license keys.<br />
ike<br />
Resets the IKE database configuration, removing all IKE peers and policies.<br />
ipsec<br />
Resets the IP security database and IKE database configurations, removing all IP<br />
security associations, IP security policies, IKE peers, and IKE policies.<br />
port [port_list]<br />
Reinitializes one or more ports given by [port_list]. [port_list] can be a set of port<br />
numbers and ranges delimited by spaces. For example, [0 2 10-15] specifies ports<br />
0, 2, 10, 11, 12, 13, 14, and 15.<br />
radius<br />
Resets the RADIUS configuration to the default values as described in<br />
Table 13-17.<br />
security<br />
Clears the security database and deactivates the active security set. The security<br />
configuration value, autosave, and fabric binding remain unchanged.<br />
services<br />
Resets the switch services configuration to the default values as described in<br />
Table 13-18.<br />
snmp<br />
Resets the SNMP configuration settings to the factory default values. Refer to<br />
Table 13-16 for SNMP configuration default values.<br />
13-90 59263-02 B
13–<strong>Command</strong> Reference<br />
Reset<br />
switch<br />
Resets the switch without a power-on self test. This is the default. This reset<br />
disrupts traffic and does the following:<br />
• Activates the pending firmware.<br />
• Closes all management sessions.<br />
• Clears the event log. To save the event log before resetting, refer to the<br />
“Set Log” command on page 13-121.<br />
To reset the switch with a power-on self test, refer to the “Hardreset” command on<br />
page 13-40. To reset the switch without disrupting traffic, refer to the “Hotreset”<br />
command on page 13-43.<br />
NOTE:<br />
The following files are deleted from the switch during a switch reset:<br />
• Firmware image files that have not been unpacked<br />
• Configuration backup files<br />
• Support files<br />
system<br />
Resets the system configuration settings to the factory default values as<br />
described in Table 13-19.<br />
NOTE:<br />
• Because this keyword changes network parameters, the<br />
workstation could lose communication with the switch.<br />
• This keyword does not affect installed license keys.<br />
zoning<br />
Clears the zoning database and deactivates the active zone set. The zoning<br />
configuration parameters (MergeAutoSave, DefaultZone, DiscardInactive) remain<br />
unchanged. Refer to Table 13-15 for information about the zoning configuration<br />
parameters.<br />
59263-02 B 13-91
13–<strong>Command</strong> Reference<br />
Reset<br />
Notes<br />
The following tables specify the various factory default settings:<br />
• Table 13-11 shows the Call Home service configuration defaults. Enter the<br />
Show Setup Callhome command to display the Call Home service<br />
configuration values.<br />
• Table 13-12 shows the switch configuration default values. Enter the<br />
Show Config Switch command to display switch configuration values.<br />
• Table 13-13 shows the port configuration default values. Enter the<br />
Show Config Port command to display port configuration values.<br />
• Table 13-14 shows the port threshold alarm configuration defaults. Enter the<br />
Show Config Threshold command to display port threshold alarm<br />
configuration values.<br />
• Table 13-15 shows the zoning configuration defaults. Enter the<br />
Show Config Zoning command to display zoning configuration values.<br />
• Table 13-16 shows the SNMP configuration defaults. Enter the<br />
Show Setup Snmp command to display SNMP configuration values.<br />
• Table 13-17 shows the RADIUS configuration defaults. Enter the<br />
Show Setup Radius command to display RADIUS configuration values.<br />
• Table 13-18 shows the switch services configuration defaults. Enter the<br />
Show Setup Services command to display switch services configuration<br />
values.<br />
• Table 13-19 shows the system configuration defaults. Enter the<br />
Show Setup System command to display system configuration values.<br />
• Table 13-20 shows the security configuration defaults. Enter the<br />
Show Config Security command to display security configuration values.<br />
Table 13-11. Call Home Service Configuration Defaults<br />
Parameters<br />
Default<br />
PrimarySMTPServerAddr 0.0.0.0<br />
PrimarySMTPServerPort 25<br />
PrimarySMTPServerEnabled<br />
False<br />
SecondarySMTPServerAddr 0.0.0.0<br />
SecondarySMTPServerPort 25<br />
SecondarySMTPServerEnabled<br />
ContactEmailAddress<br />
PhoneNumber<br />
False<br />
nobody@localhost.localdomain<br />
<br />
13-92 59263-02 B
13–<strong>Command</strong> Reference<br />
Reset<br />
Table 13-11. Call Home Service Configuration Defaults (Continued)<br />
Parameters<br />
Default<br />
StreetAddress<br />
FromEmailAddress<br />
ReplyToEmailAddress<br />
ThrottleDupsEnabled<br />
<br />
nobody@localhost.localdomain<br />
nobody@localhost.localdomain<br />
True<br />
Table 13-12. Switch Configuration Defaults<br />
Parameter<br />
Default<br />
Admin State<br />
Broadcast Enabled<br />
InbandEnabled<br />
FDMIEnabled<br />
Online<br />
True<br />
True<br />
True<br />
FDMIEntries 1000<br />
DefaultDomain ID<br />
Domain ID Lock<br />
Symbolic Name<br />
1 (0x Hex)<br />
False<br />
SANbox<br />
R_A_TOV 10000<br />
E_D_TOV 2000<br />
Principal Priority 254<br />
Configuration Description<br />
InteropMode<br />
Config Default<br />
Standard<br />
59263-02 B 13-93
13–<strong>Command</strong> Reference<br />
Reset<br />
Table 13-13. Port Configuration Defaults<br />
Parameter SFP Port Defaults XPAK Port Defaults<br />
Admin State Online Online<br />
Link Speed Auto 10-Gbps<br />
Port Type GL G<br />
Symbolic Name<br />
Portn, where n is the port<br />
number<br />
10G-n, where n is the port<br />
number<br />
ALFairness False N/A<br />
DeviceScanEnabled True True<br />
ForceOfflineRSCN False False<br />
ARB_FF False N/A<br />
InteropCredit 0 0<br />
ExtCredit 0 N/A<br />
FANEnable True N/A<br />
AutoPerfTuning True True<br />
LCFEnable False False<br />
MFSEnable False False<br />
MSEnable True False<br />
NoClose False N/A<br />
IOStreamGuard Auto Auto<br />
VIEnable False False<br />
PDISCPingEnable True N/A<br />
13-94 59263-02 B
13–<strong>Command</strong> Reference<br />
Reset<br />
Table 13-14. Port Threshold Alarm Configuration Defaults<br />
Parameter<br />
Default<br />
ThresholdMonitoringEnabled<br />
CRCErrorsMonitoringEnabled<br />
• RisingTrigger<br />
• FallingTrigger<br />
• SampleWindow<br />
DecodeErrorsMonitoringEnabled<br />
• RisingTrigger<br />
• FallingTrigger<br />
• SampleWindow<br />
ISLMonitoringEnabled<br />
• RisingTrigger<br />
• FallingTrigger<br />
• SampleWindow<br />
LoginMonitoringEnabled<br />
• RisingTrigger<br />
• FallingTrigger<br />
• SampleWindow<br />
LogoutMonitoringEnabled<br />
• RisingTrigger<br />
• FallingTrigger<br />
• SampleWindow<br />
LOSMonitoringEnabled<br />
• RisingTrigger<br />
• FallingTrigger<br />
• SampleWindow<br />
False<br />
True<br />
25<br />
1<br />
10<br />
True<br />
25<br />
0<br />
10<br />
True<br />
2<br />
0<br />
10<br />
True<br />
5<br />
1<br />
10<br />
True<br />
5<br />
1<br />
10<br />
True<br />
100<br />
5<br />
10<br />
59263-02 B 13-95
13–<strong>Command</strong> Reference<br />
Reset<br />
Table 13-15. Zoning Configuration Defaults<br />
Parameter<br />
Default<br />
MergeAutoSave<br />
DefaultZone<br />
DiscardInactive<br />
True<br />
Allow<br />
False<br />
Table 13-16. SNMP Configuration Defaults<br />
Parameter<br />
Default<br />
SNMPEnabled<br />
Contact<br />
Location<br />
Description<br />
ObjectID<br />
AuthFailureTrap<br />
ProxyEnabled<br />
SNMPv3Enabled<br />
True<br />
<br />
<br />
<strong>QLogic</strong> 5800V FC Switch<br />
1.3.6.1.4.1.3873.1.14 (5800V)<br />
1.3.6.1.4.1.3873.1.9 (5802V)<br />
False<br />
True<br />
False<br />
Trap [1-5] Address Trap 1: 10.0.0.254; Traps 2–5: 0.0.0.0<br />
Trap [1-5] Port 162<br />
Trap [1-5] Severity<br />
Warning<br />
Trap [1-5] Version 2<br />
Trap [1-5] Enabled<br />
False<br />
13-96 59263-02 B
13–<strong>Command</strong> Reference<br />
Reset<br />
Table 13-17. RADIUS Configuration Defaults<br />
Parameter<br />
Default<br />
DeviceAuthOrder<br />
UserAuthOrder<br />
Local<br />
Local<br />
TotalServers 0<br />
DeviceAuthServer<br />
UserAuthServer<br />
AccountingServer<br />
False<br />
False<br />
False<br />
ServerIPAddress 10.0.0.1<br />
ServerUDPPort 1812<br />
Timeout<br />
2 seconds<br />
Retries 0<br />
SignPackets<br />
False<br />
Table 13-18. Switch Services Configuration Defaults<br />
Parameter<br />
Default<br />
TelnetEnabled<br />
SSHEnabled<br />
GUIMgmtEnabled<br />
SSLMgmtEnabled<br />
EmbeddedGUIEnabled<br />
SNMPEnabled<br />
NTPEnabled<br />
CIMEnabled<br />
FTPEnabled<br />
MgmtServerEnabled<br />
CallHomeEnabled<br />
True<br />
False<br />
True<br />
False<br />
True<br />
True<br />
False<br />
True<br />
True.<br />
True<br />
True<br />
59263-02 B 13-97
13–<strong>Command</strong> Reference<br />
Reset<br />
Table 13-19. System Configuration Defaults<br />
Parameter<br />
Default<br />
Ethernet Network Enable<br />
Ethernet Network Discovery<br />
True<br />
Static<br />
Ethernet Network IP Address 10.0.0.1<br />
Ethernet Network IP Mask 255.0.0.0<br />
Ethernet Gateway Address 10.0.0.254<br />
Admin Timeout<br />
30 minutes<br />
InactivityTimeout 0<br />
LocalLogEnabled<br />
RemotelogEnabled<br />
True<br />
False<br />
RemoteLogHostAddress 10.0.0.254<br />
NTPClientEnabled<br />
False<br />
NTPServerAddress 10.0.0.254<br />
EmbeddedGUIEnabled<br />
True<br />
Table 13-20. Security Configuration Defaults<br />
Parameter<br />
Default<br />
AutoSave<br />
FabricBindingEnabled<br />
PortBindingEnabled<br />
True<br />
False<br />
False<br />
13-98 59263-02 B
13–<strong>Command</strong> Reference<br />
Security<br />
Security<br />
Authority<br />
Syntax<br />
Keywords<br />
Opens a Security Edit session in which to manage the security database on a<br />
switch. Refer to the “Group” command on page 13-32 and the “Securityset”<br />
command on page 13-103.<br />
Admin session. The keywords Active, History, Limits, and List are available<br />
without an Admin session.<br />
security<br />
active<br />
cancel<br />
clear<br />
edit<br />
history<br />
limits<br />
list<br />
restore<br />
save<br />
active<br />
Displays the active security set, its groups, and group members. This keyword<br />
does not require an Admin session.<br />
cancel<br />
Closes a Security Edit session without saving changes. Use the Edit keyword to<br />
open a Security Edit session.<br />
clear<br />
Clears all inactive security sets from the volatile edit copy of the security<br />
database. This keyword does not affect the non-volatile security database.<br />
However, if you enter the Security Clear command followed by the Security Save<br />
command, the non-volatile security database will be cleared from the switch.<br />
NOTE:<br />
The preferred method for clearing the security database from the switch is<br />
the Reset Security command.<br />
59263-02 B 13-99
13–<strong>Command</strong> Reference<br />
Security<br />
edit<br />
Initiates a Security Edit session in which to make changes to the security<br />
database. A Security Edit session enables you to use the Group and Securityset<br />
commands to create, add, and delete security sets, groups, and group members.<br />
To close a Security Edit session and save changes, enter the Security Save<br />
command. To close a Security Edit session without saving changes, enter the<br />
Security Cancel command.<br />
history<br />
Displays history information about the security database and the active security<br />
set, including the account name that made changes and when those changes<br />
were made. This keyword does not require an Admin session.<br />
limits<br />
Displays the current totals and the security database limits for the number of<br />
security sets, groups, members per group, and total members. This keyword does<br />
not require an Admin session.<br />
list<br />
Displays all security sets, groups, and group members in the security database.<br />
This keyword does not require an Admin session.<br />
restore<br />
Restores the volatile security database with the contents of the non-volatile<br />
security database. If the AutoSave parameter is False, you can use this keyword<br />
to revert changes to the volatile security database that were propagated from<br />
another switch in the fabric through security set activation or merging fabrics.<br />
Refer to Table 13-20 for information about the AutoSave parameter.<br />
save<br />
Saves the changes that have been made to the security database during a<br />
Security Edit session. Changes you make to any security set will not take effect<br />
until you activate that security set. Refer to the “Securityset” command on<br />
page 13-103 for information about activating a security set.<br />
13-100 59263-02 B
13–<strong>Command</strong> Reference<br />
Security<br />
Examples<br />
The following is an example of the Security Active command:<br />
SANbox #> security active<br />
Active Security Information<br />
SecuritySet Group GroupMember<br />
----------- ----- -----------<br />
alpha<br />
group1 (ISL)<br />
10:00:00:00:00:10:21:16<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
10:00:00:00:00:10:21:17<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
The following is an example of the Security History command:<br />
SANbox #> security history<br />
Active Database Information<br />
---------------------------<br />
SecuritySetLastActivated/DeactivatedBy Remote<br />
SecuritySetLastActivated/DeactivatedOn day month date time year<br />
Database Checksum 00000000<br />
Inactive Database Information<br />
-----------------------------<br />
ConfigurationLastEditedBy<br />
admin@IB-session11<br />
ConfigurationLastEditedOn<br />
day month date time year<br />
Database Checksum 00007558<br />
The following is an example of the Security Limits command:<br />
SANbox #> security limits<br />
Security Attribute Maximum Current [Name]<br />
------------------ ------- ------- ------<br />
MaxSecuritySets 4 1<br />
MaxGroups 16 2<br />
MaxTotalMembers 1000 19<br />
MaxMembersPerGroup 1000<br />
4 group1<br />
15 group2<br />
59263-02 B 13-101
13–<strong>Command</strong> Reference<br />
Security<br />
The following is an example of the Security List command:<br />
SANbox #> security list<br />
Active Security Information<br />
SecuritySet Group GroupMember<br />
----------- ----- -----------<br />
No active securityset defined.<br />
Configured Security Information<br />
SecuritySet Group GroupMember<br />
----------- ----- -----------<br />
alpha<br />
group1 (ISL)<br />
10:00:00:00:00:10:21:16<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
10:00:00:00:00:10:21:17<br />
Authentication Chap<br />
Primary Hash MD5<br />
Primary Secret ********<br />
Secondary Hash SHA-1<br />
Secondary Secret ********<br />
Binding 0<br />
13-102 59263-02 B
13–<strong>Command</strong> Reference<br />
Securityset<br />
Securityset<br />
Manages security sets in the security database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session and a Security Edit session. Refer to the “Security” command on<br />
page 13-99 for information about starting a Security Edit session. The Active,<br />
Groups, and List keywords are available without an Admin session. You must<br />
close the Security Edit session before using the Activate and Deactivate<br />
keywords.<br />
securityset<br />
activate [security_set]<br />
active<br />
add [security_set] [group_list]<br />
copy [security_set_source] [security_set_destination]<br />
create [security_set]<br />
deactivate<br />
delete [security_set]<br />
groups [security_set]<br />
list<br />
remove [security_set] [group]<br />
rename [security_set_old] [security_set_new]<br />
activate [security_set]<br />
Activates the security set given by [security_set] and deactivates the currently<br />
active security set. Close the Security Edit session using the Security Save or<br />
Security Cancel command before using this keyword.<br />
active<br />
Displays the name of the active security set. This keyword is available to without<br />
an Admin session.<br />
add [security_set] [group_list]<br />
Adds one or more groups given by [group_list] to the security set given by<br />
[security_set]. Use a to delimit multiple group names in [group_list]. A<br />
security set can have a maximum of three groups, but no more than one group of<br />
each group type.<br />
copy [security_set_source] [security_set_destination]<br />
Creates a new security set named [security_set_destination] and copies into it the<br />
membership from the security set given by [security_set_source].<br />
59263-02 B 13-103
13–<strong>Command</strong> Reference<br />
Securityset<br />
create [security_set]<br />
Creates the security set with the name given by [security_set]. A security set<br />
name must begin with a letter and be no longer than 64 characters. Valid<br />
characters are 0-9, A-Z, a-z, _, $, ^, and -. The security database supports a<br />
maximum of four security sets.<br />
deactivate<br />
Deactivates the active security set. Close the Security Edit session before using<br />
this keyword.<br />
delete [security_set]<br />
Deletes the security set given by [security_set]. If the specified security set is<br />
active, the command is suspended until the security set is deactivated.<br />
groups [security_set]<br />
Displays all groups that are members of the security set given by [security_set].<br />
This keyword is available without an Admin session.<br />
list<br />
Displays a list of all security sets. This keyword is available without an Admin<br />
session.<br />
remove [security_set] [group]<br />
Removes a group given by [group] from the security set given by [security_set]. If<br />
[security_set] is the active security set, the group will not be removed until the<br />
security set has been deactivated.<br />
rename [security_set_old] [security_set_new]<br />
Renames the security set given by [security_set_old] to the name given by<br />
[security_set_new].<br />
Notes<br />
Refer to the “Group” command on page 13-32 for information about creating and<br />
managing groups.<br />
13-104 59263-02 B
13–<strong>Command</strong> Reference<br />
Securityset<br />
Examples<br />
The following is an example of the Securityset Active command<br />
SANbox #> securityset active<br />
Active SecuritySet Information<br />
------------------------------<br />
ActiveSecuritySet alpha<br />
LastActivatedBy Remote<br />
LastActivatedOn day month date time year<br />
The following is an example of the Securityset Groups command<br />
SANbox #> securityset groups alpha<br />
Current list of Groups for SecuritySet: alpha<br />
---------------------------------------<br />
group1 (ISL)<br />
group2 (Port)<br />
The following is an example of the Securityset List command<br />
SANbox #> securityset list<br />
Current list of SecuritySets<br />
----------------------------<br />
alpha<br />
beta<br />
59263-02 B 13-105
13–<strong>Command</strong> Reference<br />
Set Alarm<br />
Set Alarm<br />
Authority<br />
Syntax<br />
Keywords<br />
Controls the display of alarms in the session output stream or clears the alarm log.<br />
Admin session for the Clear keyword. Otherwise, none.<br />
set alarm [option]<br />
[option]<br />
[option] can be one of the following:<br />
clear<br />
Clears the alarm log history. This value requires an Admin session.<br />
on<br />
Enables the display of alarms in the session output stream.<br />
off<br />
Disables the display of alarms in the session output stream. Disabling the<br />
display of alarms in the output stream allows command scripts to run without<br />
interruption.<br />
Examples<br />
The following is an example of the Set Alarm command:<br />
SANbox #> set alarm on<br />
13-106 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Beacon<br />
Set Beacon<br />
Enables or disables the flashing of the Logged-In LEDs for the purpose of locating<br />
a switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
set beacon [state]<br />
[state]<br />
[state] can be one of the following:<br />
on<br />
Enables the flashing beacon.<br />
off<br />
Disables the flashing beacon.<br />
Examples<br />
The following is an example of the Set Beacon command:<br />
SANbox #> set beacon on<br />
59263-02 B 13-107
13–<strong>Command</strong> Reference<br />
Set Config Port<br />
Set Config Port<br />
Sets the port configuration parameters for one or more ports. The changes you<br />
make with this command are not retained when you reset or power cycle the<br />
switch unless you save them using the Config Save command.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session and a Config Edit session<br />
set config port [port_number]<br />
or<br />
set config ports [port_number]<br />
port [port_number]<br />
Initiates an edit session in which to change configuration parameters for the port<br />
number given by [port_number]. If you omit [port_number], the system begins with<br />
port 0 and proceeds in order through the last port. For each parameter, enter a<br />
new value or press the Enter key to accept the current value shown in brackets.<br />
Enter “q” to end the configuration for one port, or “qq” to end the configuration for<br />
all ports. Table 13-21 describes the port configuration parameters.<br />
ports [port_number]<br />
Initiates an editing session in which to change configuration parameters for all<br />
ports based on the configuration for the port given by [port_number]. If you omit<br />
[port_number], port 0 is used. For each parameter, enter a new value or press the<br />
Enter key to accept the current value shown in brackets. Enter “q” to end the<br />
configuration. Table 13-21 describes the port configuration parameters.<br />
Table 13-21. Port Configuration Parameters<br />
Parameter<br />
AdminState<br />
Description<br />
Port administrative state:<br />
• Online – Activates and prepares the port to send data.<br />
This is the default.<br />
• Offline – Prevents the port from receiving signal and<br />
accepting a device login.<br />
• Diagnostics – Prepares the port for testing and prevents<br />
the port from accepting a device login.<br />
• Down – Disables the port by removing power from the port<br />
lasers.<br />
13-108 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Config Port<br />
Table 13-21. Port Configuration Parameters (Continued)<br />
LinkSpeed<br />
PortType<br />
Parameter<br />
Description<br />
Transmission speed:<br />
• SFP Ports: 1-Gbps, 2 Gbps, 4-Gbps, 8-Gbps, or Auto. The<br />
default is Auto. 8-Gbps SFPs do not support the 1-Gbps<br />
setting. Setting a port to 1-Gbps that has an 8-Gbps SFP<br />
will down the port.<br />
• XPAK Ports: 10-Gbps, 20-Gbps, or Auto. The default is<br />
Auto.<br />
Port types:<br />
• SFP Ports: GL, G, F, FL, TR, Donor. The default is GL.<br />
• XPAK Ports: GL, G, F, FL, Donor. The default is GL.<br />
SymbolicPortName Descriptive name for the port. The name can be up to 32<br />
characters excluding #, semicolon (;), and comma (,). The<br />
default is Port n, where n is the port number.<br />
ALFairness<br />
(SFP ports only)<br />
DeviceScanEnabled<br />
ForceOfflineRSCN<br />
ARB_FF<br />
InteropCredit<br />
Arbitration loop fairness. Enables (True) or disables (False)<br />
the switch’s priority to arbitrate on the loop. The default is<br />
False.<br />
Enables (True) or disables (False) the scanning of the connected<br />
device for FC-4 descriptor information during login.<br />
The default is True.<br />
Enables (False) or disables (True) the immediate transmission<br />
of RSCN messages when communication between a<br />
port and a device is interrupted. If enabled, the RSCN message<br />
is delayed for 200 ms for locally attached devices and<br />
400 ms for devices connected through other switches. The<br />
default is False. This parameter is ignored if IOStreamGuard<br />
is enabled.<br />
Send ARB_FF (True) instead of IDLEs (False) on the loop.<br />
The default is False.<br />
Interoperability credit. The number of buffer-to-buffer credits<br />
per port. 0 means the default is unchanged. Default buffer-to-buffer<br />
credits are 16 per port.<br />
Changing interoperability credits is necessary only for<br />
E_Ports that are connected to non-FC-SW-2-compliant<br />
switches. Contact your authorized maintenance provider for<br />
assistance in using this feature.<br />
59263-02 B 13-109
13–<strong>Command</strong> Reference<br />
Set Config Port<br />
Table 13-21. Port Configuration Parameters (Continued)<br />
Parameter<br />
FANEnable<br />
AutoPerfTuning<br />
LCFEnable<br />
MFSEnable<br />
VIEnable<br />
MSEnable<br />
NoClose<br />
Description<br />
Fabric address notification. Enables (True) or disables<br />
(False) the communication of the FL_Port address, port<br />
name, and node name to the logged-in NL_Port. The default<br />
is True.<br />
Automatic performance tuning for FL_Ports only. The default<br />
is True.<br />
• If AutoPerfTuning is enabled (True) and the port is an<br />
FL_Port, MFSEnable is automatically enabled. LCFEnable<br />
and VIEnable are overridden to False.<br />
• If AutoPerfTuning is disabled (False), MFSEnable, LCFEnable,<br />
and VIEnable retain their original values.<br />
Link control frame preference routing. This parameter<br />
appears only if AutoPerfTuning is False. Enables (True) or<br />
disables (False) preferred routing of frames with R_CTL =<br />
1100 (Class 2 responses). The default is False. Enabling<br />
LCFEnable will disable MFSEnable.<br />
Multi-Frame Sequence bundling. This parameter appears<br />
only if AutoPerfTuning is False. Prevents (True) or allows<br />
(False) the interleaving of frames in a sequence. The default<br />
is False. Enabling MFSEnable disables LCFEnable<br />
and VIEnable.<br />
Virtual <strong>Interface</strong> (VI) preference routing. This parameter<br />
appears only if AutoPerfTuning is False. Enables (True) or<br />
disables (False) VI preference routing. The default is False.<br />
Enabling VIEnable will disable MFSEnable.<br />
Management server enable. Enables (True) or disables<br />
(False) management server on this port. The default is True.<br />
Loop circuit closure prevention. Enables (True) or disables<br />
(False) the loop’s ability to remain in the open state indefinitely.<br />
True reduces the amount of arbitration on a loop when<br />
there is only one device on the loop. The default is False.<br />
13-110 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Config Port<br />
Table 13-21. Port Configuration Parameters (Continued)<br />
Parameter<br />
IOStreamGuard<br />
PDISCPingEnable<br />
(SFP ports only)<br />
Description<br />
Enables or disables the suppression of RSCN messages.<br />
IOStreamGuard can have the following values:<br />
• Enable – Suppresses the reception of RSCN messages<br />
from other ports for which IOStreamGuard is enabled.<br />
• Disable – Allows free transmission and reception of RSCN<br />
messages.<br />
• Auto – Suppresses the reception of RSCN messages<br />
when the port is connected to an initiator device with a<br />
<strong>QLogic</strong> adapter. For older <strong>QLogic</strong> adapters, such as the<br />
QLA2200, the DeviceScanEnabled parameter must also<br />
be enabled. The default is Auto.<br />
Enables (True) or disables (False) the transmission of ping<br />
messages from the switch to all devices on a loop port. The<br />
default is True.<br />
Examples<br />
The following is an example of the Set Config Port command:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config port 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Configuring Port Number: 1<br />
------------------------<br />
AdminState (1=Online, 2=Offline, 3=Diagnostics, 4=Down) [Online]<br />
LinkSpeed (1=1Gb/s, 2=2Gb/s, 4=4Gb/s, 8=8Gb/s, A=Auto) [Auto ]<br />
PortType (GL / G / F / FL / TR / Donor) [GL ]<br />
SymPortName (string, max=32 chars) [Port1 ]<br />
ALFairness (True / False) [False ]<br />
DeviceScanEnable (True / False) [True ]<br />
ForceOfflineRSCN (True / False) [False ]<br />
ARB_FF (True / False) [False ]<br />
InteropCredit (decimal value, 0-255) [0 ]<br />
FANEnable (True / False) [True ]<br />
AutoPerfTuning (True / False) [False ]<br />
LCFEnable (True / False) [False ]<br />
MFSEnable (True / False) [False ]<br />
VIEnable (True / False) [False ]<br />
59263-02 B 13-111
13–<strong>Command</strong> Reference<br />
Set Config Port<br />
MSEnable (True / False) [True ]<br />
NoClose (True / False) [False ]<br />
IOStreamGuard (Enable / Disable / Auto) [Disable]<br />
PDISCPingEnable (True / False) [True ]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
The following is an example of the Set Config Port command for an XPAK port:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config port 20<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Configuring Port Number: 20<br />
------------------------<br />
AdminState (1=Online, 2=Offline, 3=Diagnostics, 4=Down) [Online ]<br />
LinkSpeed (10=10Gb/s) [10Gb/s ]<br />
PortType (G / F) [G ]<br />
SymPortName (string, max=32 chars) [10G-20 ]<br />
DeviceScanEnable (True / False) [True ]<br />
ForceOfflineRSCN (True / False) [False ]<br />
AutoPerfTuning (True / False) [False ]<br />
LCFEnable (True / False) [False ]<br />
MFSEnable (True / False) [False ]<br />
VIEnable (True / False) [False ]<br />
MSEnable (True / False) [True ]<br />
IOStreamGuard (Enable / Disable / Auto) [Auto ]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
13-112 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Config Security<br />
Set Config Security<br />
Configures the security database for the automatic saving of changes to the active<br />
security set and fabric binding. The changes you make with this command are not<br />
retained when you reset or power cycle the switch unless you save them using the<br />
Config Save command.<br />
Authority<br />
Syntax<br />
Admin session and a Config Edit session<br />
set config security<br />
This command initiates an editing session in which to change the security<br />
database configuration. The system displays each parameter one line at a time<br />
and prompts you for a value. For each parameter, enter a new value or press the<br />
Enter key to accept the current value shown in brackets. Enter “q” or "Q" to end<br />
the editing session. Table 13-22 describes the security configuration parameters.<br />
Table 13-22. Security Configuration Parameters<br />
AutoSave<br />
Parameter<br />
FabricBindingEnabled<br />
Description<br />
Enables (True) or disables (False) the saving of changes<br />
to active security set in the switch’s permanent memory.<br />
The default is True.<br />
Enables (True) or disables (False) the configuration and<br />
enforcement of fabric binding on all switches in the fabric.<br />
Fabric binding associates switch worldwide names with a<br />
domain ID in the creation of ISL groups. The default is<br />
False.<br />
Examples<br />
The following is an example of the Set Config Security command:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config security<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
FabricBindingEnabled (True / False) [False]<br />
AutoSave (True / False) [True ]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
59263-02 B 13-113
13–<strong>Command</strong> Reference<br />
Set Config Security Portbinding<br />
Set Config Security Portbinding<br />
Configures port binding.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session and a Config Edit session<br />
set config security portbinding [port_number]<br />
[port_number]<br />
Initiates an editing session in which to change the port binding configuration for<br />
the port given by [port_number]. The system displays each parameter one line at<br />
a time and prompts you for a value. For each parameter, enter a new value or<br />
press the Enter key to accept the current value shown in brackets. Enter “q” or "Q"<br />
to end the editing session. Table 13-23 describes the Set Config Security<br />
Portbinding parameters.<br />
Table 13-23. Port Binding Configuration Parameters<br />
Parameter<br />
PortBindingEnabled<br />
WWN<br />
Description<br />
Enables (True) or disables (False) port binding for the<br />
port given by [port_number].<br />
Worldwide port name for the port/device that is allowed to<br />
connect to the port given by [port_number].<br />
Examples<br />
The following is an example of the Set Config Security Portbinding command:<br />
SANbox #> admin start<br />
SANbox (admin) config edit<br />
SANbox (admin-config) #> set config security portbinding 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
PortBindingEnabled (True / False)[False] true<br />
WWN<br />
(N=None / WWN)[None ] 10:00:00:c0:dd:00:b9:f9<br />
WWN<br />
(N=None / WWN)[None ] 10:00:00:c0:dd:00:b9:f8<br />
WWN<br />
(N=None / WWN)[None ] n<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
13-114 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Config Switch<br />
Set Config Switch<br />
Sets the switch configuration parameters. The changes you make with this<br />
command are not retained when you reset or power cycle the switch unless you<br />
save them using the Config Save command.<br />
Authority<br />
Syntax<br />
Admin session and a Config Edit session<br />
set config switch<br />
This command initiates an editing session in which to change switch configuration<br />
settings. The system displays each parameter one line at a time and prompts you<br />
for a value. For each parameter, enter a new value or press the Enter key to<br />
accept the current value shown in brackets. Table 13-24 describes the switch<br />
configuration parameters.<br />
Table 13-24. Switch Configuration Parameters<br />
Parameter<br />
AdminState<br />
BroadcastEnabled<br />
InbandEnabled<br />
FDMIEnabled<br />
FDMIEntries<br />
Description<br />
Switch administrative state.<br />
• Online – Activates and prepares the ports to send data.<br />
This is the default.<br />
• Offline – Prevents the ports from receiving signal and<br />
accepting a device login.<br />
• Diagnostics – Prepares the ports for testing and prevents<br />
the ports from accepting a device login.<br />
• Down – Disables the ports by removing power from the<br />
port lasers.<br />
Broadcast. Enables (True) or disables (False) forwarding of<br />
broadcast frames. The default is True.<br />
Inband management. Enables (True) or disables (False) the<br />
ability to manage the switch over an ISL. The default is True.<br />
Fabric Device Monitoring <strong>Interface</strong>. Enables (True) or disables<br />
(False) the monitoring of target and initiator device<br />
information. The default is True.<br />
The number of device entries to maintain in the FDMI database.<br />
Enter a number from 0–1000. The default is 1000.<br />
DefaultDomainID Default domain ID. The default is 1.<br />
DomainIDLock<br />
Prevents (True) or allows (False) dynamic reassignment of<br />
the domain ID. The default is False.<br />
SymbolicName Descriptive name for the switch. The name can be up to 32<br />
characters excluding #, semicolon (;), and comma (,). The<br />
default is SANbox.<br />
59263-02 B 13-115
13–<strong>Command</strong> Reference<br />
Set Config Switch<br />
Table 13-24. Switch Configuration Parameters (Continued)<br />
Parameter<br />
R_A_TOV<br />
E_D_TOV<br />
PrincipalPriority<br />
ConfigDescription<br />
Description<br />
Resource Allocation Timeout Value. The number of milliseconds<br />
the switch waits to allow two ports to allocate enough<br />
resources to establish a link. The default is 10000.<br />
Error Detect Timeout Value. The number of milliseconds a<br />
port is to wait for errors to clear. The default is 2000.<br />
The priority used in the FC-SW-2 principal switch selection<br />
algorithm. 1 is high, 255 is low. The default is 254.<br />
Switch configuration description. The configuration description<br />
can be up to 32 characters excluding #, semicolon (;),<br />
and comma (,). The default is Config Default.<br />
Examples<br />
The following is an example of the Set Config Switch command:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config switch<br />
A list of attributes with formatting and default values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
AdminState (1=Online, 2=Offline, 3=Diagnostics) [Online ]<br />
BroadcastEnabled (True / False) [True ]<br />
InbandEnabled (True / False) [True ]<br />
FDMIEnabled (True / False) [True ]<br />
FDMIEntries (decimal value, 0-1000) [1000 ]<br />
DefaultDomainID (decimal value, 1-239) [2 ]<br />
DomainIDLock (True / False) [False ]<br />
SymbolicName (string, max=32 chars) [SANbox ]<br />
R_A_TOV (decimal value, 100-100000 msec) [10000 ]<br />
E_D_TOV (decimal value, 10-20000 msec) [2000 ]<br />
PrincipalPriority (decimal value, 1-255) [254 ]<br />
ConfigDescription (string, max=64 chars) [Default Config]<br />
13-116 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Config Threshold<br />
Set Config Threshold<br />
Sets the port alarm threshold parameters by which the switch monitors port<br />
performance and generates alarms. The changes you make with this command<br />
are not retained when you reset or power cycle the switch unless you save them<br />
using the Config Save command.<br />
Authority<br />
Syntax<br />
Admin session and a Config Edit session<br />
set config threshold<br />
Initiates a configuration session by which to generate and log alarms for selected<br />
events. The system displays each event, its triggers, and a sampling window one<br />
line at a time and prompts you for a value. For each parameter, enter a new value<br />
or press the Enter key to accept the current value shown in brackets. Table 13-25<br />
describes the port alarm threshold parameters.<br />
Table 13-25. Port Alarm Threshold Parameters<br />
Parameter<br />
Threshold Monitoring Enabled<br />
CRCErrorsMonitoringEnabled<br />
DecodeErrorsMonitoringEnabled<br />
ISLMonitoringEnabled<br />
LoginMonitoringEnabled<br />
LogoutMonitoringEnabled<br />
LOSMonitoringEnabled<br />
Rising Trigger<br />
Falling Trigger<br />
Sample Window<br />
Description<br />
Master enable/disable parameter for all events.<br />
Enables (True) or disables (False) the generation<br />
of all enabled event alarms. The default is False.<br />
The event type enable/disable parameter. Enables<br />
(True) or disables (False) the generation of alarms<br />
for each of the following events:<br />
• CRC errors<br />
• Decode errors<br />
• ISL connection count<br />
• Device login errors<br />
• Device logout errors<br />
• Loss-of-signal errors<br />
The event count above which a rising trigger alarm<br />
is logged. The switch will not generate another rising<br />
trigger alarm for that event until the count<br />
descends below the falling trigger and again<br />
exceeds the rising trigger.<br />
The event count below which a falling trigger alarm<br />
is logged. The switch will not generate another falling<br />
trigger alarm for that event until the count<br />
exceeds the rising trigger and descends again<br />
below the falling trigger.<br />
The time in seconds in which to count events.<br />
59263-02 B 13-117
13–<strong>Command</strong> Reference<br />
Set Config Threshold<br />
Notes<br />
Examples<br />
The switch will down a port if an alarm condition is not cleared within three<br />
consecutive sampling windows (by default, 30 seconds). Reset the port to bring it<br />
back online. An alarm is cleared when the threshold monitoring detects that the<br />
error rate has fallen below the falling trigger.<br />
The following is an example of the Set Config Threshold command:<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
SANbox (admin-config) #> set config threshold<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
ThresholdMonitoringEnabled (True / False) [False ]<br />
CRCErrorsMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [25 ]<br />
FallingTrigger (decimal value, 0-1000) [1 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
DecodeErrorsMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [25 ]<br />
FallingTrigger (decimal value, 0-1000) [0 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
ISLMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [2 ]<br />
FallingTrigger (decimal value, 0-1000) [0 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
LoginMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [5 ]<br />
FallingTrigger (decimal value, 0-1000) [1 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
LogoutMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [5 ]<br />
FallingTrigger (decimal value, 0-1000) [1 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
LOSMonitoringEnabled (True / False) [True ]<br />
RisingTrigger (decimal value, 1-1000) [100 ]<br />
FallingTrigger (decimal value, 0-1000) [5 ]<br />
SampleWindow (decimal value, 1-1000 sec) [10 ]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and activated (see<br />
config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
13-118 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Config Zoning<br />
Set Config Zoning<br />
Configures the zoning database. The changes you make with this command are<br />
not retained when you reset or power cycle the switch unless you save them using<br />
the Config Save command.<br />
Authority<br />
Syntax<br />
Admin session and a Config Edit session<br />
set config zoning<br />
Initiates an editing session in which to change the zoning database configuration.<br />
The system displays each parameter one line at a time and prompts you for a<br />
value. For each parameter, enter a new value or press the Enter key to accept the<br />
current value shown in brackets.<br />
Table 13-26. Zoning Configuration Parameters<br />
Parameter<br />
MergeAutoSave<br />
DefaultZone<br />
DiscardInactive<br />
Description<br />
Enables (True) or disables (False) the saving of changes to active<br />
zone set in the switch’s non-volatile zoning database.The default<br />
is True.<br />
Disabling the MergeAutoSave parameter can be useful for preventing<br />
the propagation of zoning information when experimenting<br />
with different zoning schemes. However, leaving the<br />
MergeAutoSave parameter disabled can disrupt device configurations<br />
should a switch have to be reset. For this reason, the MergeAutoSave<br />
parameter should be enabled in a production<br />
environment.<br />
Enables (Allow) or disables (Deny) communication among<br />
ports/devices that are not defined in the active zone set or when<br />
there is no active zone set. The DefaultZone value must be the<br />
same on all switches in the fabric. The default is Allow.<br />
Enables (True) or disables (False) the discarding of all inactive<br />
zone sets from that zoning database. Inactive zone sets are all<br />
zone sets except the active zone set. The default is False.<br />
59263-02 B 13-119
13–<strong>Command</strong> Reference<br />
Set Config Zoning<br />
Examples<br />
The following is an example of the Set Config Zoning command.<br />
SANbox #> admin start<br />
SANbox (admin) #> config edit<br />
The config named default is being edited.<br />
SANbox (admin-config) #> set config zoning<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list press 'q'<br />
or 'Q' and the ENTER key to do so.<br />
MergeAutoSave (True / False) [True ]<br />
DefaultZone (Allow / Deny) [Allow ]<br />
DiscardInactive (True / False) [False]<br />
Finished configuring attributes.<br />
This configuration must be saved (see config save command) and<br />
activated (see config activate command) before it can take effect.<br />
To discard this configuration use the config cancel command.<br />
13-120 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Log<br />
Set Log<br />
Authority<br />
Syntax<br />
Keywords<br />
Specifies the events to record in the event log and display on the screen. You<br />
determine what events to record in the switch event log using the Component,<br />
Level, and Port keywords. You determine what events are automatically displayed<br />
on the screen using the Display keyword. Alarms are always displayed on the<br />
screen.<br />
Admin session<br />
set log<br />
archive<br />
clear<br />
component [filter_list]<br />
display [filter]<br />
level [filter]<br />
port [port_list]<br />
restore<br />
save<br />
start (default)<br />
stop<br />
archive<br />
Collects all log entries and stores the result in new file named logfile that is<br />
maintained in switch memory where it can be downloaded using FTP. To<br />
download logfile, open an FTP session, log in with account name/password of<br />
“images” for both, and type “get logfile”.<br />
clear<br />
Clears all log entries.<br />
component [filter_list]<br />
Specifies one or more components given by [filter_list] to monitor for events. A<br />
component is a firmware module that is responsible for a particular portion of<br />
switch operation. Use a to delimit values in the list. [filter_list] can be one<br />
or more of the following:<br />
All<br />
Monitors all components. To maintain optimal switch performance, do not<br />
use this setting with the Level keyword set to Info.<br />
Eport<br />
Monitors all E_Ports.<br />
59263-02 B 13-121
13–<strong>Command</strong> Reference<br />
Set Log<br />
Mgmtserver<br />
Monitors management server status.<br />
Nameserver<br />
Monitors name server status.<br />
None<br />
Monitor none of the component events.<br />
Port<br />
Monitors all port events.<br />
QFS<br />
Monitors all <strong>QLogic</strong> Fabric Service (QFS) events. QFS governs Call Home<br />
e-mail notification.<br />
SNMP<br />
Monitors all SNMP events.<br />
Switch<br />
Monitors switch management events.<br />
Zoning<br />
Monitors zoning conflict events.<br />
display [filter]<br />
Specifies the log events to automatically display on the screen according to the<br />
event severity levels given by [filter]. [filter] can be one of the following values:<br />
Critical<br />
Critical events. The critical severity level describes events that are generally<br />
disruptive to the administration or operation of the fabric, but require no<br />
action.<br />
Warn<br />
Warning events. The warning severity level describes events that are<br />
generally not disruptive to the administration or operation of the fabric, but<br />
are more important than the informative level events.<br />
Info<br />
Informative events. The informative severity level describes routine events<br />
associated with a normal fabric.<br />
13-122 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Log<br />
None<br />
Specifies no severity levels for display on the screen.<br />
level [filter]<br />
Specifies the severity level given by [filter] to use in monitoring and logging events<br />
for the specified components or ports. [filter] can be one of the following values:<br />
Critical<br />
Monitors critical events. The critical level describes events that are generally<br />
disruptive to the administration or operation of the fabric, but require no<br />
action. This is the default severity level.<br />
Warn<br />
Monitors warning and critical events. The warning level describes events<br />
that are generally not disruptive to the administration or operation of the<br />
fabric, but are more important than the informative level events.<br />
Info<br />
Monitors informative, warning, and critical events. The informative level<br />
describes routine events associated with a normal fabric.<br />
NOTE:<br />
Logging events at the Info severity level can deplete switch resources<br />
because of the high volume of events.<br />
None<br />
Monitors none of the severity levels.<br />
port [port_list]<br />
Specifies one or more ports to monitor for events. Choose one of the following<br />
values:<br />
[port_list]<br />
Specifies the port or ports to monitor. [port_list] can be a set of port numbers<br />
and ranges delimited by spaces. For example, [0 2 10-15] specifies ports 0,<br />
2, 10, 11, 12, 13, 14, and 15.<br />
All<br />
Specifies all ports.<br />
None<br />
Disables monitoring on all ports.<br />
59263-02 B 13-123
13–<strong>Command</strong> Reference<br />
Set Log<br />
restore<br />
Restores and saves the port, component, and level settings to the default values.<br />
save<br />
Saves the log settings for the component, severity level, port, and display level.<br />
These settings remain in effect after a switch reset. The log settings can be<br />
viewed using the Show Log Settings command. To export log entries to a file, use<br />
the Set Log Archive command.<br />
start<br />
Starts the logging of events based on the Port, Component, and Level keywords<br />
assigned to the current configuration. The logging continues until you enter the<br />
Set Log Stop command.<br />
stop<br />
Stops logging of events.<br />
Notes<br />
In addition to critical, warn, and informative severity levels, the highest event<br />
severity level is alarm. The alarm level describes events that are disruptive to the<br />
administration or operation of a fabric and require administrator intervention.<br />
Alarms are always logged and always displayed on the screen.<br />
13-124 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Pagebreak<br />
Set Pagebreak<br />
Specifies how much information is displayed on the screen at a time. This<br />
command is useful for disabling pagebreaks to allow command scripts to run<br />
without interruption.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
pagebreak [state]<br />
[state]<br />
[state] can be one of the following:<br />
on<br />
Limits the display of information to 20 lines at a time. The page break<br />
function affects the following commands:<br />
• Alias (List, Members)<br />
• Show (Alarm, Log, Test Log)<br />
• Zone (List, Members)<br />
• Zoneset (List, Zones)<br />
• Zoning (Active, List)<br />
off<br />
Allows continuous display of information without a break. This is the default.<br />
Examples<br />
The following is an example of the Set Pagebreak command:<br />
SANbox #> set pagebreak on<br />
SANbox #> zone list<br />
Zone ZoneSet<br />
---- -------<br />
Zone1<br />
alpha<br />
beta<br />
Zone2<br />
delta<br />
echo<br />
Zone3<br />
sierra<br />
tango<br />
Zone4<br />
gamma<br />
delta<br />
Press any key to continue, 'q' to quit ...<br />
59263-02 B 13-125
13–<strong>Command</strong> Reference<br />
Set Port<br />
Set Port<br />
Authority<br />
Syntax<br />
Keywords<br />
Sets port state and speed for the specified port temporarily until the next switch<br />
reset or new configuration activation. This command also clears port counters.<br />
Admin session<br />
set port clear<br />
or<br />
set port [port_number]<br />
clear<br />
speed [transmission_speed]<br />
state [state]<br />
[port_number]<br />
Specifies the port. Ports are numbered beginning with 0.<br />
clear<br />
Clears the counters on all ports or the port given by [port_number].<br />
speed [transmission_speed]<br />
Specifies the transmission speed for the specified port. Choose one of the<br />
following port speed values:<br />
1Gb/s<br />
One gigabit per second. 8-Gbps SFPs do not support the 1-Gbps setting.<br />
Setting a port to 1-Gbps that has an 8-Gbps SFP will down the port.<br />
2Gb/s<br />
Two gigabits per second.<br />
4Gb/s<br />
Four gigabits per second.<br />
8Gb/s<br />
Eight gigabits per second.<br />
10Gb/s<br />
Ten gigabits per second. This applies only to ports 20–23.<br />
20Gb/s<br />
Twenty gigabits per second. This applies only to ports 20–23 with a 20Gbps<br />
license key.<br />
13-126 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Port<br />
Auto<br />
The port speed is automatically detected.<br />
state [state]<br />
Specifies one of the following administrative states for the specified port:<br />
Online<br />
Activates and prepares the port to send data.<br />
Offline<br />
Prevents the port from receiving signal and accepting a device login.<br />
Diagnostics<br />
Prepares the port for testing and prevents the port from accepting a device<br />
login.<br />
Down<br />
Disables the port by removing power from the port lasers.<br />
Notes<br />
Enterprise Fabric Suite and QuickTools will override any temporary administrative<br />
state changes that have been made using the Set Port State command.<br />
Therefore, to avoid unexpected results, do not manage port administrative states<br />
with Enterprise Fabric Suite or QuickTools and the CLI at the same time.<br />
59263-02 B 13-127
13–<strong>Command</strong> Reference<br />
Set Setup Callhome<br />
Set Setup Callhome<br />
Configures the Call Home database for managing e-mail notifications of fabric<br />
problems.<br />
Authority<br />
Syntax<br />
Admin session<br />
set setup callhome<br />
Prompts you in a line-by-line fashion to configure the Call Home database.<br />
Table 13-28 describes the Call Home configuration fields.<br />
Table 13-27. Call Home Service Configuration Settings<br />
Entry<br />
PrimarySMTPServerAddr<br />
PrimarySMTPServerPort<br />
PrimarySMTPServerEnabled<br />
SecondarySMTPServerAddr<br />
SecondarySMTPServerPort<br />
SecondarySMTPServerEnabled<br />
ContactEmailAddress<br />
PhoneNumber<br />
StreetAddress<br />
Description<br />
IP address (version 4 or 6) or DNS host name of<br />
the primary SMTP server. The default is 0.0.0.0.<br />
Service port number that the primary SMTP<br />
server is monitoring for SMTP agents. The default<br />
is 25.<br />
Enables (True) or disables (False) the primary<br />
SMTP server. The default is False.<br />
IP address (version 4 or 6) or DNS host name of<br />
the secondary SMTP server. The default is<br />
0.0.0.0.<br />
Service port number that the secondary SMTP<br />
server is monitoring for SMTP agents. The default<br />
is 25.<br />
Enable (True) or disable (False) the secondary<br />
SMTP server. The default is False.<br />
E-mail address of the person to be notified to<br />
respond to the e-mail message. The format is<br />
account@domain. This information is included in<br />
the e-mail message when the profile format is<br />
FullText.<br />
Contact phone number to be included in the<br />
e-mail message text. This information is included<br />
in the e-mail message when the profile format is<br />
FullText.<br />
Contact street address to be included in the e-mail<br />
message text. This information is included in the<br />
e-mail message when the profile format is Full-<br />
Text.<br />
13-128 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup Callhome<br />
Table 13-27. Call Home Service Configuration Settings (Continued)<br />
Entry<br />
FromEmailAddress<br />
ReplyToEmailAddress<br />
ThrottleDupsEnabled<br />
Description<br />
E-mail address that is defined as the sending<br />
address in the From: field of the e-mail message.<br />
The format is account@domain. This field is<br />
required. Undeliverable messages are returned to<br />
this address unless overridden by the<br />
ReplayToEmailAddress parameter.<br />
E-mail address that is to receive replies to the outbound<br />
e-mail message. The format is<br />
account@domain. This parameter overrides the<br />
FromEmailAddress parameter.<br />
Enables (True) or disables (False) the throttling of<br />
duplicate e-mail messages in the message queue.<br />
When enabled, duplicate e-mail messages that<br />
enter the queue within 15 seconds of the original<br />
are suppressed. The original message is sent with<br />
a report of the number of suppressed duplicates.<br />
Notes • The Callhome service must be active to support Call Home e-mail<br />
notification. Refer to the “Set Setup Services” command on page 13-135.<br />
• The primary, secondary, or both SMTP servers must be properly addressed<br />
and enabled on the switch to activate Call Home e-mail notification. If both<br />
SMTP servers are enabled, the primary server is active.<br />
• The switch will reroute Call Home e-mail messages to the secondary SMTP<br />
server if the primary should become unavailable. Primary and secondary<br />
identities do not change upon transfer of control.<br />
• Callhome profiles determine the events, conditions, and e-mail recipients of<br />
Call Home e-mail messages. Refer to the “Profile” command on page 13-83<br />
for information about creating Call Home profiles.<br />
59263-02 B 13-129
13–<strong>Command</strong> Reference<br />
Set Setup Callhome<br />
Examples<br />
The following is an example of the Set Setup Callhome command:<br />
SANbox (admin) #> set setup callhome<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the current value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
If either the Primary or Secondary SMTP Servers are enabled, the FromEmailAddress<br />
attribute must be configured or the switch will not attempt to deliver messages.<br />
Current Values:<br />
PrimarySMTPServerAddr 0.0.0.0<br />
PrimarySMTPServerPort 25<br />
PrimarySMTPServerEnable False<br />
SecondarySMTPServerAddr 0.0.0.0<br />
SecondarySMTPServerPort 25<br />
SecondarySMTPServerEnable False<br />
ContactEmailAddress nobody@localhost.localdomain<br />
PhoneNumber<br />
<br />
StreetAddress<br />
<br />
FromEmailAddress<br />
nobody@localhost.localdomain<br />
ReplyToEmailAddress nobody@localhost.localdomain<br />
ThrottleDupsEnabled True<br />
New Value (press ENTER to accept current value, 'q' to quit):<br />
PrimarySMTPServerAddr (IPv4, IPv6, or hostname) :<br />
PrimarySMTPServerPort (decimal value) :<br />
PrimarySMTPServerEnable (True / False) :<br />
SecondarySMTPServerAddr (IPv4, IPv6, or hostname) :<br />
SecondarySMTPServerPort (decimal value) :<br />
SecondarySMTPServerEanble (True / False) :<br />
ContactEmailAddress (ex: admin@company.com) :<br />
PhoneNumber (ex: +1-800-123-4567) :<br />
StreetAddress (include all address info) :<br />
FromEmailAddress (ex: bldg3@company.com) :<br />
ReplyToEmailAddress (ex: admin3@company.com) :<br />
ThrottleDupsEnabled (True / False) :<br />
Do you want to save and activate this Callhome setup? (y/n):<br />
13-130 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup Radius<br />
Set Setup Radius<br />
Configures RADIUS servers on the switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
set setup radius<br />
common<br />
server [server_number]<br />
common<br />
Prompts you in a line-by-line fashion to configure parameters that are common to<br />
all RADIUS servers. To configure common and specific RADIUS server<br />
parameters, omit the keyword. Table 13-28 describes the common RADIUS<br />
configuration parameters.<br />
Table 13-28. Common RADIUS Configuration Parameters<br />
Parameter<br />
DeviceAuthOrder<br />
UserAuthOrder<br />
TotalServers<br />
Description<br />
Authenticator priority for devices:<br />
• Local: Authenticate devices using only the local security database.<br />
This is the default.<br />
• Radius: Authenticate devices using only the security database<br />
on the RADIUS server.<br />
• RadiusLocal: Authenticate devices using the RADIUS server<br />
security database first. If the RADIUS server is unavailable, then<br />
use the local switch security database.<br />
Authenticator priority for user accounts:<br />
• Local: Authenticate users using only the local security database.<br />
This is the default.<br />
• Radius: Authenticate users using only the security database on<br />
the RADIUS server.<br />
• RadiusLocal: Authenticate users using the RADIUS server<br />
security database first. If the RADIUS server is unavailable, then<br />
use the local switch security database.<br />
Number of RADIUS servers to configure during this session. Setting<br />
TotalServers to 0 disables all RADIUS authentication. The<br />
default is 0.<br />
59263-02 B 13-131
13–<strong>Command</strong> Reference<br />
Set Setup Radius<br />
server [server_number]<br />
Prompts you in a line-by-line fashion to configure parameters for the RADIUS<br />
server given by [server_number]. [server_number] is a positive integer. To<br />
configure common and specific RADIUS server parameters, omit the keyword.<br />
Table 13-29 describes the specific RADIUS server configuration parameters.<br />
Table 13-29. Specific RADIUS Server Configuration Parameters<br />
Parameter<br />
ServerIPAddress<br />
ServerUDPPort<br />
DeviceAuthServer<br />
UserAuthServer<br />
AccountingServer<br />
Timeout<br />
Retries<br />
SignPackets<br />
Secret<br />
Description<br />
IP address (version 4 or 6) or DNS host name of the RADIUS<br />
server. The default is 10.0.0.1.<br />
User Datagram Protocol (UDP) port number on the RADIUS<br />
server. The default is 1812.<br />
Enable (True) or disable (False) this server for device authentication.<br />
The default is False.<br />
Enable (True) or disable (False) this server for user account<br />
authentication. A user authentication RADIUS server requires a<br />
secure management connection (SSL). The default is True.<br />
Enable (True) or disable (False) this server for auditing of activity<br />
during a user session. When enabled, user activity is audited<br />
whether UserAuthServer is enabled or not.The default is False.<br />
The accounting server UDP port number is the ServerUDPPort<br />
value plus 1. The default is 1813.<br />
Number of seconds to wait to receive a response from the<br />
RADIUS server before timing out. The default is 2.<br />
Number of retries after the first attempt to establish communication<br />
with the RADIUS server fails. The default is 0.<br />
Enable (True) or disable (False) the use of sign packets to protect<br />
the RADIUS server packet integrity. The default is False.<br />
22-byte ASCII string used as a password for authentication purposes<br />
between the switch and the RADIUS server.<br />
13-132 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup Radius<br />
Examples<br />
The following is an example of the Set Setup Radius Common command:<br />
SANbox (admin) #> set setup radius common<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the attributes<br />
for the server being processed, press 'q' or 'Q' and the ENTER key to do so.<br />
If you wish to terminate the configuration process completely, press 'qq' or<br />
'QQ' and the ENTER key to so do.<br />
PLEASE NOTE:<br />
-----------<br />
* SSL must be enabled in order to configure RADIUS User Authentication<br />
SSL can be enabled using the 'set setup services' command.<br />
Current Values:<br />
DeviceAuthOrder Local<br />
UserAuthOrder Local<br />
TotalServers 1<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
DeviceAuthOrder 1=Local, 2=Radius, 3=RadiusLocal :<br />
UserAuthOrder 1=Local, 2=Radius, 3=RadiusLocal :<br />
TotalServers decimal value, 0-5 :<br />
Do you want to save and activate this radius setup? (y/n): [n]<br />
59263-02 B 13-133
13–<strong>Command</strong> Reference<br />
Set Setup Radius<br />
The following is an example of the Set Setup Radius Server command:<br />
SANbox (admin) #> set setup radius server 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the attributes<br />
for the server being processed, press 'q' or 'Q' and the ENTER key to do so.<br />
If you wish to terminate the configuration process completely, press 'qq' or<br />
'QQ' and the ENTER key to so do.<br />
PLEASE NOTE:<br />
-----------<br />
* SSL must be enabled in order to configure RADIUS User Authentication<br />
SSL can be enabled using the 'set setup services' command.<br />
Server 1 Current Values:<br />
ServerIPAddress 10.20.11.8<br />
ServerUDPPort 1812<br />
DeviceAuthServer True<br />
UserAuthServer True<br />
AccountingServer False<br />
Timeout 10<br />
Retries 0<br />
SignPackets False<br />
Secret **********<br />
New Server 1 Value (press ENTER to accept current value, 'q' to skip):<br />
ServerIPAddress (hostname, IPv4, or IPv6 address) :<br />
ServerUDPPort (decimal value) :<br />
DeviceAuthServer (True / False) :<br />
UserAuthServer (True / False) :<br />
AccountingServer (True / False) :<br />
Timeout (decimal value, 10-30 secs) :<br />
Retries (decimal value, 1-3, 0=None) :<br />
SignPackets (True / False) :<br />
Secret (1-63 characters, recommend 22+) :<br />
Do you want to save and activate this radius setup? (y/n): [n]<br />
13-134 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup Services<br />
Set Setup Services<br />
Configures services on the switch.<br />
Authority<br />
Syntax<br />
Admin session<br />
set setup services<br />
This command prompts you in a line-by-line fashion to enable or disable switch<br />
services. Table 13-30 describes the switch service parameters. For each<br />
parameter, enter a new value or press the Enter key to accept the current value<br />
shown in brackets.<br />
NOTE:<br />
Disabling TelnetEnabled or GUIMgmtEnabled will immediately terminate the<br />
current Telnet or switch management session. Disable services with caution;<br />
it is possible to disable all Ethernet access to the switch.<br />
Table 13-30. Switch Services Settings<br />
Entry<br />
TelnetEnabled<br />
SSHEnabled<br />
GUIMgmtEnabled<br />
Description<br />
Enables (True) or disables (False) the ability to manage the<br />
switch over a Telnet connection. Disabling this service is not<br />
recommended. The default is True.<br />
Enables (True) or disables (False) Secure Shell (SSH) connections<br />
to the switch. SSH secures the remote connection to<br />
the switch. To establish a secure remote connection, your<br />
workstation must use an SSH client. The default is False.<br />
Enables (True) or disables (False) out-of-band management<br />
of the switch with Enterprise Fabric Suite and the Application<br />
Programming <strong>Interface</strong>. If this service is disabled, the switch<br />
can only be managed inband or through the serial port. The<br />
default is True.<br />
59263-02 B 13-135
13–<strong>Command</strong> Reference<br />
Set Setup Services<br />
Table 13-30. Switch Services Settings (Continued)<br />
Entry<br />
SSLEnabled<br />
EmbeddedGUIEnabled<br />
SNMPEnabled<br />
NTPEnabled<br />
CIMEnabled<br />
FTPEnabled<br />
Description<br />
Enables (True) or disables (False) secure SSL connections<br />
for management applications including Enterprise Fabric<br />
Suite, QuickTools, Application Programming <strong>Interface</strong>, and<br />
SMI-S. The default is False.<br />
• This service must be enabled to authenticate users<br />
through a RADIUS server.<br />
• Enabling SSL automatically creates a security certificate<br />
on the switch.<br />
• To enable secure SSL connections, you must first synchronize<br />
the date and time on the switch and workstation.<br />
• To disable SSL when using a user authentication RADIUS<br />
server, the RADIUS server authentication order must be<br />
local.<br />
Enables (True) or disables (False) the QuickTools embedded<br />
switch management application. QuickTools enables you to<br />
point at a switch with an internet browser and manage the<br />
switch. This parameter is the master control for the Set Setup<br />
System command parameter, EmbeddedGUIEnabled. The<br />
default is True.<br />
Enables (True) or disables (False) the management of the<br />
switch through third-party applications that use the Simple<br />
Network Management Protocol (SNMP). This parameter is<br />
the master control for the Set Setup SNMP command parameter,<br />
SNMPEnabled. The default is True.<br />
Enables (True) or disables (False) the Network Time Protocol<br />
(NTP) which allows the synchronizing of switch and workstation<br />
dates and times with an NTP server. This helps to prevent<br />
invalid SSL certificates and timestamp confusion in the<br />
event log. The default is False. This parameter is the master<br />
control for the Set Setup System command parameter, NTP-<br />
ClientEnabled. The default is False.<br />
Enables (True) or disables (False) the management of the<br />
switch through third-party applications that use SMI-S.<br />
Enables (True) or disables (False) the File Transfer Protocol<br />
(FTP) for transferring files rapidly between the workstation<br />
and the switch. The default is True.<br />
13-136 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup Services<br />
Table 13-30. Switch Services Settings (Continued)<br />
Entry<br />
MgmtServerEnabled<br />
CallHomeEnabled<br />
Description<br />
Enables (True) or disables (False) the management of the<br />
switch through third-party applications that use GS-3 Management<br />
Server (MS). This parameter is the master control<br />
for the Set Config Port command parameter, MSEnable. The<br />
default is True.<br />
Enables (True) or disables (False) the Call Home service<br />
which controls e-mail notification. The default is True.<br />
Examples<br />
The following is an example of the Set Setup Services command:<br />
SANbox #> admin start<br />
SANbox (admin) #> set setup services<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
PLEASE NOTE:<br />
-----------<br />
* Further configuration may be required after enabling a service.<br />
* If services are disabled, the connection to the switch may be lost.<br />
* When enabling SSL, please verify that the date/time settings<br />
on this switch and the workstation from where the SSL connection<br />
will be started match, and then a new certificate may need to be<br />
created to ensure a secure connection to this switch.<br />
TelnetEnabled (True / False) [True ]<br />
SSHEnabled (True / False) [False]<br />
GUIMgmtEnabled (True / False) [True ]<br />
SSLEnabled (True / False) [False]<br />
EmbeddedGUIEnabled (True / False) [True ]<br />
SNMPEnabled (True / False) [True ]<br />
NTPEnabled (True / False) [False]<br />
CIMEnabled (True / False) [False]<br />
FTPEnabled (True / False) [True ]<br />
MgmtServerEnabled (True / False) [True ]<br />
CallHomeEnabled (True / False) [True ]<br />
Do you want to save and activate this services setup? (y/n): [n]<br />
59263-02 B 13-137
13–<strong>Command</strong> Reference<br />
Set Setup SNMP<br />
Set Setup SNMP<br />
Configures SNMP on the switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
set setup snmp<br />
common<br />
trap [trap_number]<br />
common<br />
Prompts you in a line-by-line fashion to change SNMP configuration parameters<br />
that are common for all traps. For each parameter, enter a new value or press the<br />
Enter key to accept the current value. To configure common parameters and trap<br />
parameters, omit the Common keyword. Refer to Table 13-32 for a description of<br />
the SNMP trap parameters. Table 13-31 describes the common SNMP<br />
configuration parameters.<br />
Table 13-31. SNMP Common Configuration Parameters<br />
Parameter<br />
SNMPEnabled<br />
Contact<br />
Location<br />
ReadCommunity<br />
WriteCommunity<br />
Description<br />
Enables (True) or disables (False) SNMP on the switch. The<br />
default is True.<br />
Specifies the name of the person to be contacted to respond to<br />
trap events. The name can be up to 64 characters excluding #,<br />
semicolon (;), and comma (,). The default is undefined. This<br />
value is also passed to the Call Home service configuration.<br />
Specifies the name of the switch location. The name can be up<br />
to 64 characters excluding #, semicolon (;), and comma (,).<br />
The default is undefined. This value is also passed to the Call<br />
Home service configuration.<br />
Read community password that authorizes an SNMP agent to<br />
read information from the switch. This is a write-only field. The<br />
value on the switch and the SNMP management server must<br />
be the same. The read community password can be up to 32<br />
characters excluding #, semicolon (;), and comma (,). The<br />
default is “public”.<br />
Write community password that authorizes an SNMP agent to<br />
write information to the switch. This is a write-only field. The<br />
value on the switch and the SNMP management server must<br />
be the same. The write community password can be up to 32<br />
characters excluding #, semicolon (;), and comma (,). The<br />
default is “private”.<br />
13-138 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup SNMP<br />
Table 13-31. SNMP Common Configuration Parameters (Continued)<br />
Parameter<br />
TrapCommunity<br />
AuthFailureTrap<br />
ProxyEnabled<br />
SNMPv3Enabled<br />
Description<br />
Trap community password that authorizes an SNMP agent to<br />
receive traps. This is a write-only field. The value on the switch<br />
and the SNMP management server must be the same. The<br />
trap community password can be up to 32 characters excluding<br />
#, semicolon (;), and comma (,). The default is “public”.<br />
Enables (True) or disables (False) the generation of traps in<br />
response to trap authentication failures. The default is False.<br />
Enables (True) or disables (False) SNMP communication with<br />
other switches in the fabric. The default is True.<br />
Enables (True) or disables (False) SNMP version 3. The<br />
default is False.<br />
trap [trap_number]<br />
Prompts you in a line-by-line fashion to change SNMP trap parameters for the trap<br />
number given by [trap_number]. [trap_number] can be 1–5. For each parameter,<br />
enter a new value or press the Enter key to accept the current value. To configure<br />
common parameters and trap parameters, omit the Trap keyword. Refer to<br />
Table 13-31 for a description of the SNMP trap parameters.Table 13-32 describes<br />
the trap parameters.<br />
Table 13-32. SNMP Trap Configuration Parameters<br />
Parameter<br />
Trap[1–5]Address<br />
Trap[1–5]Port<br />
Trap[1–5]Severity<br />
Trap[1–5]Version<br />
Trap[1–5]Enabled<br />
Description<br />
Workstation IP address (version 4 or 6) or DNS host name to<br />
which SNMP traps are sent. The default address for trap 1 is<br />
10.0.0.254. The default address for traps 2–5 is 0.0.0.0.<br />
Addresses, other than 0.0.0.0, for all traps must be unique.<br />
Workstation port to which SNMP traps are sent. Valid workstation<br />
port numbers are 1–65535. The default is 162.<br />
Severity level to use when monitoring trap events. The default<br />
is Warning.<br />
SNMP version (1 or 2) to use in formatting the trap. The default<br />
is 2.<br />
Enables (True) or disables (False) the SNMP trap.<br />
59263-02 B 13-139
13–<strong>Command</strong> Reference<br />
Set Setup SNMP<br />
Examples<br />
The following is an example of the Set Setup Snmp Common command:<br />
SANbox (admin) #> set setup snmp common<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
SnmpEnabled True<br />
Contact<br />
<br />
Location<br />
<br />
ReadCommunity public<br />
WriteCommunity private<br />
AuthFailureTrap False<br />
ProxyEnabled True<br />
SNMPv3Enabled False<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
SnmpEnabled (True / False) :<br />
Contact (string, max=64 chars) :<br />
Location (string, max=64 chars) :<br />
ReadCommunity (string, max=32 chars) :<br />
WriteCommunity (string, max=32 chars) :<br />
AuthFailureTrap (True / False) :<br />
ProxyEnabled (True / False) :<br />
SNMPv3Enabled (True / False) :<br />
Do you want to save and activate this snmp setup? (y/n): [n]<br />
13-140 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup SNMP<br />
The following is an example of the Set Setup Snmp Trap command:<br />
SANbox (admin) #> set setup snmp trap 1<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
Trap1Enabled True<br />
Trap1Address 10.20.33.181<br />
Trap1Port 5001<br />
Trap1Severity info<br />
Trap1Version 2<br />
Trap1Community northdakota<br />
New Value (press ENTER to not specify value, 'q' to quit):<br />
Trap1Enabled (True / False) :<br />
Trap1Address (hostname, IPv4, or IPv6 Address) :<br />
Trap1Port (decimal value, 1-65535) :<br />
Trap1Severity (select a severity level)<br />
1=unknown 6=warning<br />
2=emergency 7=notify<br />
3=alert 8=info<br />
4=critical 9=debug<br />
5=error 10=mark :<br />
Trap1Version (1 / 2) :<br />
Trap1Community (string, max=32 chars) :<br />
Do you want to save and activate this snmp setup? (y/n): [n]<br />
59263-02 B 13-141
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
Set Setup System<br />
Configures the network, logging, NTP server, and timer configurations on the<br />
switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
set setup system<br />
dns<br />
ipv4<br />
ipv6<br />
logging<br />
ntp<br />
timers<br />
dns<br />
Prompts you in a line-by-line fashion to change DNS host name configuration<br />
parameters described in Table 13-33. To configure all system parameters, omit<br />
the keyword. For each parameter, enter a new value or press the Enter key to<br />
accept the current value.<br />
Table 13-33. DNS Host Name Configuration Parameters<br />
Parameter<br />
DNSClientEnabled<br />
DNSLocalHostname<br />
DNSServerDiscovery<br />
DNSServer1Address<br />
DNSServer2Address<br />
DNSServer3Address<br />
DNSSearchListDiscovery<br />
DNSSearchList1<br />
DNSSearchList2<br />
DNSSearchList3<br />
DNSSearchList4<br />
DNSSearchList5<br />
Description<br />
Enables (True) or disables (False) the DNS client.<br />
Name of local DNS server<br />
DNS server boot method: 1 – Static, 2 – DHCP,<br />
3 – DHCP version 6. The default is 1 - Static.<br />
IP addresses (version 4 or 6) of up to three DNS servers.<br />
DNS search list discovery method:<br />
• Static<br />
• DHCP for IP version 4<br />
• DHCP for IP version 6<br />
A suffix that is appended to unqualified host names to<br />
extend the DNS search. You can specify up to five<br />
searchlists (or suffixes).<br />
13-142 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
ipv4<br />
Prompts you in a line-by-line fashion to change the switch IPv4 Ethernet<br />
configuration parameters described in Table 13-34. To configure all system<br />
parameters, omit the keyword. For each parameter, enter a new value or press<br />
the Enter key to accept the current value.<br />
NOTE:<br />
Changing the IP address will terminate all Ethernet management sessions.<br />
Table 13-34. IP Version 4 Ethernet Configuration Parameters<br />
Entry<br />
EthIPv4NetworkEnable<br />
EthIPv4NetworkDiscovery<br />
Description<br />
Enables (True) or disables (False) the IP version 4 interface.<br />
The default is True.<br />
Ethernet boot method: 1 - Static, 2 - Bootp, 3 - DHCP,<br />
4 - RARP. The default is 1 - Static.<br />
EthIPv4NetworkAddress Ethernet IP address. The default is 10.0.0.1.<br />
EthIPv4NetworkMask<br />
Ethernet IP subnet mask address. The default is<br />
255.0.0.0.<br />
EthIPv4GatewayAddress Ethernet address gateway. The default is 10.0.0.254<br />
ipv6<br />
Prompts you in a line-by-line fashion to change the switch IP version 6 Ethernet<br />
configuration parameters described in Table 13-35. To configure all system<br />
parameters, omit the keyword. For each parameter, enter a new value or press<br />
the Enter key to accept the current value.<br />
NOTE:<br />
Changing the IP address will terminate all Ethernet management sessions.<br />
Table 13-35. IP Version 6 Ethernet Configuration Parameters<br />
Entry<br />
EthIPv6NetworkEnable<br />
EthIPv6Discovery<br />
Description<br />
Enables (True) or disables (False) the IP version 6 interface.<br />
The default is True.<br />
Ethernet boot method: 1 – Static, 2 – DHCPv6, 3 – Ndp.<br />
The default is 1 - Static.<br />
59263-02 B 13-143
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
Table 13-35. IP Version 6 Ethernet Configuration Parameters<br />
Entry<br />
Description<br />
EthIPv6NetworkAddress<br />
EthIPv6NetworkMask<br />
EthIPv6GatewayAddress<br />
Ethernet IP address<br />
Ethernet IP subnet mask address.<br />
Ethernet IP address gateway.<br />
logging<br />
Prompts you in a line-by-line fashion to change the event logging configuration<br />
parameters described in Table 13-36. To configure all system parameters, omit<br />
the keyword. For each parameter, enter a new value or press the Enter key to<br />
accept the current value.<br />
Table 13-36. Event Logging Configuration Parameters<br />
Parameter<br />
LocalLogEnabled<br />
RemoteLogEnabled<br />
RemoteLogHostAddress<br />
Description<br />
Enables (True) or disables (False) the saving of log information<br />
on the switch. The default is True.<br />
Enables (True) or disables (False) the recording of the<br />
switch event log on a remote host that supports the syslog<br />
protocol. The default is False.<br />
The IP address (version 4 or 6) or DNS host name of the<br />
host that will receive the switch event log information if<br />
remote logging is enabled. The default is 10.0.0.254.<br />
ntp<br />
Prompts you in a line-by-line fashion to change the NTP server configuration<br />
parameters described in Table 13-37. To configure all system parameters, omit<br />
the keyword. For each parameter, enter a new value or press the Enter key to<br />
accept the current value.<br />
Table 13-37. NTP Server Configuration Parameters<br />
Parameter<br />
EthNetworkDiscovery<br />
EthNetworkAddress<br />
Description<br />
Ethernet boot method: 1 - Static, 2 - Bootp, 3 - DHCP,<br />
4 - RARP. The default is 1 - Static.<br />
Ethernet Internet Protocol (IP) address. The default is<br />
10.0.0.1.<br />
13-144 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
Table 13-37. NTP Server Configuration Parameters (Continued)<br />
Parameter<br />
NTPClientEnabled<br />
NTPServerAddress<br />
Description<br />
Enables (True) or disables (False) the Network Time Protocol<br />
(NTP) client on the switch. This client enables the<br />
switch to synchronize its time with an NTP server. This<br />
feature supports NTP version 4 and is compatible with<br />
version 3. An Ethernet connection to the server is<br />
required and you must first set an initial time and date on<br />
the switch. The synchronized time becomes effective<br />
immediately. The default is False.<br />
The IP address (version 4 or 6) or DNS host name of the<br />
NTP server from which the NTP client acquires the time<br />
and date. The default is 10.0.0.254.<br />
timers<br />
Prompts you in a line-by-line fashion to change the timer configuration parameters<br />
described in Table 13-38. To configure all system parameters, omit the keyword.<br />
For each parameter, enter a new value or press the Enter key to accept the<br />
current value.<br />
Table 13-38. Timer Configuration Parameters<br />
Parameter<br />
AdminTimeout<br />
InactivityTimeout<br />
Description<br />
Amount of time in minutes the switch waits before terminating<br />
an idle Admin session. Zero (0) disables the time<br />
out threshold. The default is 30, the maximum is 1440.<br />
Amount of time in minutes the switch waits before terminating<br />
an idle Telnet command line interface session.<br />
Zero (0) disables the time out threshold. The default is 0,<br />
the maximum is 1440.<br />
59263-02 B 13-145
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
Examples<br />
The following is an example of the Set Setup System Dns command:<br />
SANbox (admin) #> set setup system dns<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
DNSClientEnabled False<br />
DNSLocalHostname <br />
DNSServerDiscovery Static<br />
DNSServer1Address <br />
DNSServer2Address <br />
DNSServer3Address <br />
DNSSearchListDiscovery Static<br />
DNSSearchList1<br />
<br />
DNSSearchList2<br />
<br />
DNSSearchList3<br />
<br />
DNSSearchList4<br />
<br />
DNSSearchList5<br />
<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
DNSClientEnabled (True / False) :<br />
DNSLocalHostname (hostname) :<br />
DNSServerDiscovery (1=Static, 2=Dhcp, 3=Dhcpv6) :<br />
DNSServer1Address (IPv4, or IPv6 Address) :<br />
DNSServer2Address (IPv4, or IPv6 Address) :<br />
DNSServer3Address (IPv4, or IPv6 Address) :<br />
DNSSearchListDiscovery (1=Static, 2=Dhcp, 3=Dhcpv6) :<br />
DNSSearchList1 (domain name) :<br />
DNSSearchList2 (domain name) :<br />
DNSSearchList3 (domain name) :<br />
DNSSearchList4 (domain name) :<br />
DNSSearchList5 (domain name) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
13-146 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
The following is an example of the Set Setup System Ipv4 command:<br />
SANbox (admin) #> set setup system ipv4<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
EthIPv4NetworkEnable True<br />
EthIPv4NetworkDiscovery Static<br />
EthIPv4NetworkAddress 10.20.116.133<br />
EthIPv4NetworkMask 255.255.255.0<br />
EthIPv4GatewayAddress 10.20.116.1<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
EthIPv4NetworkEnable (True / False) :<br />
EthIPv4NetworkDiscovery (1=Static, 2=Bootp, 3=Dhcp, 4=Rarp) :<br />
EthIPv4NetworkAddress (dot-notated IP Address) :<br />
EthIPv4NetworkMask (dot-notated IP Address) :<br />
EthIPv4GatewayAddress (dot-notated IPv4 Address) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
The following is an example of the Set Setup System Ipv6 command:<br />
SANbox (admin) #> set setup system ipv6<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
EthIPv6NetworkEnable<br />
EthIPv6Discovery<br />
EthIPv6NetworkAddress<br />
EthIPv6GatewayAddress<br />
False<br />
Static<br />
<br />
<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
EthIPv6NetworkEnable (True / False) :<br />
EthIPv6Discovery (1=Static, 2=Dhcpv6, 3=Ndp) :<br />
EthIPv6NetworkAddress (IPv6 Address/Mask Length format) :<br />
EthIPv6GatewayAddress (IPv6 Address) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
59263-02 B 13-147
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
The following is an example of the Set Setup System Logging command:<br />
SANbox (admin) #> set setup system logging<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
LocalLogEnabled<br />
True<br />
RemoteLogEnabled False<br />
RemoteLogHostAddress 10.0.0.254<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
LocalLogEnabled (True / False) :<br />
RemoteLogEnabled (True / False) :<br />
RemoteLogHostAddress (hostname, IPv4, or IPv6 Address) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
The following is an example of the Set Setup System Ntp command:<br />
SANbox (admin) #> set setup system ntp<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
NTPClientEnabled False<br />
NTPServerDiscovery Static<br />
NTPServerAddress 10.20.10.10<br />
New Value (press ENTER to accept current value, 'q' to quit, 'n' for none):<br />
NTPClientEnabled (True / False) :<br />
NTPServerDiscovery (1=Static, 2=Dhcp, 3=Dhcpv6) :<br />
NTPServerAddress (hostname, IPv4, or IPv6 Address) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
13-148 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Setup System<br />
The following is an example of the Set Setup System Timers command:<br />
SANbox (admin) #> set setup system timers<br />
A list of attributes with formatting and current values will follow.<br />
Enter a new value or simply press the ENTER key to accept the current value.<br />
If you wish to terminate this process before reaching the end of the list<br />
press 'q' or 'Q' and the ENTER key to do so.<br />
Current Values:<br />
AdminTimeout 30<br />
InactivityTimeout 0<br />
New Value (press ENTER to accept current value, 'q' to quit):<br />
AdminTimeout (dec value 0-1440 minutes, 0=never) :<br />
InactivityTimeout (dec value 0-1440 minutes, 0=never) :<br />
Do you want to save and activate this system setup? (y/n): [n]<br />
59263-02 B 13-149
13–<strong>Command</strong> Reference<br />
Set Switch State<br />
Set Switch State<br />
Changes the administrative state for all ports on the switch. The previous Set<br />
Config Switch settings are restored after a switch reset or a reactivation of a<br />
switch configuration.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
set switch state [state]<br />
[state]<br />
[state] can be one of the following:<br />
online<br />
Activates and prepares the ports to send data. This is the default.<br />
offline<br />
Prevents the ports from receiving signal and accepting a device login.<br />
diagnostics<br />
Prepares the ports for testing and prevents each port from accepting a<br />
device login. When you leave the diagnostics state, the switch automatically<br />
resets.<br />
Notes<br />
Examples<br />
Enterprise Fabric Suite and QuickTools will override any temporary administrative<br />
state changes that have been made using the Set Switch command. Therefore, to<br />
avoid unexpected results, do not manage switch administrative states with<br />
Enterprise Fabric Suite or QuickTools and the CLI at the same time.<br />
The following is an example of the Set Switch command:<br />
SANbox #>admin start<br />
SANbox (admin) #>set switch state offline<br />
13-150 59263-02 B
13–<strong>Command</strong> Reference<br />
Set Timezone<br />
Set Timezone<br />
Specifies the time zone for the switch and the workstation. The default is Universal<br />
Time (UTC) also known as Greenwich Mean Time (GMT). This keyword prompts<br />
you to choose a region, then a subregion to specify the time zone. Changing the<br />
time zone converts the currently displayed time to the time in the new time zone.<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session<br />
set timezone<br />
The following is an example of the Set Timezone command:<br />
SANbox #> admin start<br />
SANbox (admin) #> set timezone<br />
Africa<br />
America<br />
Antarctica<br />
Asia<br />
Atlantic<br />
Australia<br />
Europe<br />
Indian<br />
Pacific<br />
UTC<br />
Press ENTER for more options or 'q' to make a selection.<br />
America/Grenada<br />
America/Guatemala<br />
America/Guyana<br />
America/Havana<br />
America/Indiana<br />
.<br />
.<br />
.<br />
America/Monterrey<br />
America/Montreal<br />
America/Nassau<br />
America/Nipigon<br />
America/Noronha<br />
America/Panama<br />
America/Guadeloupe<br />
America/Guayaquil<br />
America/Halifax<br />
America/Hermosillo<br />
America/Indianapolis<br />
America/Montevideo<br />
America/Montserrat<br />
America/New_York<br />
America/Nome<br />
America/North_Dakota<br />
America/Pangnirtung<br />
Press ENTER for more options or 'q' to make a selection.<br />
q<br />
Enter selection (or 'q' to quit): america/north_dakota<br />
America/North_Dakota/Center<br />
Enter selection (or 'q' to quit): america/north_dakota/center<br />
59263-02 B 13-151
13–<strong>Command</strong> Reference<br />
Show About<br />
Show About<br />
Displays an introductory set of information about operational attributes of the<br />
switch. This command is equivalent to the Show Version command.<br />
Authority<br />
Syntax<br />
Notes<br />
None<br />
show about<br />
Table 13-39 describes the entries in the Show About command display.<br />
Table 13-39. Show About Display Entries<br />
Entry<br />
SystemDescription<br />
HostName<br />
Switch system description<br />
DNS host name<br />
Description<br />
EthIPv4NetworkAddress IP address, version 4<br />
EthIPv6NetworkAddress IP address, version 6<br />
MacAddress<br />
WorldWideName<br />
ChassisSerialNumber<br />
SymbolicName<br />
ActiveSWVersion<br />
ActiveTimestamp<br />
POSTStatus<br />
LicensedPorts<br />
SwitchMode<br />
Switch MAC address<br />
Switch worldwide name<br />
Switch serial number<br />
Switch symbolic name<br />
Firmware version<br />
Date and time that the firmware was activated<br />
Results of the Power-on Self Test<br />
Number of licensed ports<br />
Full Fabric indicates that the switch operates with the<br />
standard Fibre Channel port types: G, GL, F, FL, E, TR.<br />
13-152 59263-02 B
13–<strong>Command</strong> Reference<br />
Show About<br />
Examples<br />
The following is an example of the Show About command:<br />
SANbox #> show about<br />
*****************************************************<br />
* *<br />
* <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> SHell (CLISH) *<br />
* *<br />
*****************************************************<br />
SystemDescription<br />
<strong>QLogic</strong> 5800V FC Switch<br />
HostName<br />
<br />
EthIPv4NetworkAddress 10.20.11.192<br />
EthIPv6NetworkAddress ::<br />
MACAddress<br />
00:c0:dd:00:71:ee<br />
WorldWideName<br />
10:00:00:c0:dd:00:71:ed<br />
ChassisSerialNumber FAM033100024<br />
SymbolicName<br />
SANbox<br />
ActiveSWVersion<br />
V8.0.x.x.xx.xx<br />
ActiveTimestamp<br />
day month date time year<br />
POSTStatus<br />
Passed<br />
LicensedPorts 24<br />
SwitchMode<br />
Full Fabric<br />
59263-02 B 13-153
13–<strong>Command</strong> Reference<br />
Show Alarm<br />
Show Alarm<br />
Displays the alarm log and session output stream display setting.<br />
Authority<br />
Syntax<br />
Keywords<br />
Notes<br />
Examples<br />
None<br />
show alarm<br />
settings<br />
settings<br />
Displays the status of the parameter that controls the display of alarms in the<br />
session output stream. This parameter is set using the Set Alarm command.<br />
The alarm log is cleared when the switch is reset or power cycled.<br />
The following is an example of the Show Alarm command:<br />
SANbox #> show alarm<br />
[1][Fri Jan 19 13:50:26.508 UTC 2011][A][1004.000F][Port: 4][Eport Isolating<br />
due to Merge Zone Failure]<br />
[2][Fri Jan 19 13:50:26.513 UTC 2011][A][1004.0030][Topology change, lost<br />
route to switch with domain ID 1]<br />
[3][Sun Jan 21 07:59:28.677 UTC 2011][A][1004.0030][Topology change, lost<br />
route to switch with domain ID 99]<br />
[4][Sun Jan 21 07:59:29.367 UTC 2011][A][1004.0030][Topology change, lost<br />
route to switch with domain ID 101]<br />
The following is an example of the Show Alarm Settings command:<br />
SANbox #> show alarm settings<br />
Current settings for alarm<br />
--------------------------<br />
display ON<br />
13-154 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Broadcast<br />
Show Broadcast<br />
Displays the broadcast tree information and all ports that are currently transmitting<br />
and receiving broadcast frames.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show broadcast<br />
The following is an example of the Show Broadcast command:<br />
SANbox #> show broadcast<br />
Group Member Ports ISL Ports<br />
----- ------------ ---------<br />
0 3 16<br />
15<br />
16<br />
59263-02 B 13-155
13–<strong>Command</strong> Reference<br />
Show Chassis<br />
Show Chassis<br />
Displays chassis component status and temperature.<br />
Authority<br />
Syntax<br />
None<br />
show chassis<br />
Examples The following is an example of the Show Chassis command for model 5602.<br />
SANbox #> show chassis<br />
Chassis Information<br />
-------------------<br />
BoardTemp (1) - Degrees Celsius 36<br />
FanStatus (1)<br />
Good<br />
FanStatus (2)<br />
Good<br />
FanDirection (1)<br />
BackToFront<br />
FanDirection (2)<br />
BackToFront<br />
PowerSupplyStatus (1)<br />
Good<br />
PowerSupplyStatus (2)<br />
Good<br />
HeartBeatCode 1<br />
HeartBeatStatus<br />
Normal<br />
13-156 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Config Port<br />
Show Config Port<br />
Displays configuration parameters for one or more ports.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show config port [port_number]<br />
[port_number]<br />
The number of the port. Ports are numbered beginning with 0. If you omit<br />
[port_number], all ports are specified.<br />
Examples The following is an example of the Show Config Port command for port 0:<br />
SANbox #> show config port 0<br />
Configuration Name: default<br />
-----------------------------<br />
Port Number: 0<br />
------------<br />
AdminState<br />
Offline<br />
LinkSpeed<br />
Auto<br />
PortType<br />
GL<br />
SymbolicName Port0<br />
ALFairness<br />
False<br />
DeviceScanEnabled True<br />
ForceOfflineRSCN False<br />
ARB_FF<br />
False<br />
InteropCredit 0<br />
ExtCredit 0<br />
FANEnabled<br />
True<br />
AutoPerfTuning False<br />
LCFEnabled<br />
False<br />
MFSEnabled<br />
True<br />
VIEnabled<br />
False<br />
MSEnabled<br />
True<br />
NoClose<br />
False<br />
IOStreamGuard Disabled<br />
PDISCPingEnable True<br />
59263-02 B 13-157
13–<strong>Command</strong> Reference<br />
Show Config Port<br />
The following is an example of the Show Config Port command for an XPAK port:<br />
SANbox #> show config port 20<br />
Configuration Name: default<br />
-------------------<br />
Port Number: 16<br />
------------<br />
AdminState<br />
Online<br />
LinkSpeed<br />
10Gb/s<br />
PortType<br />
G<br />
SymbolicName 10G-20<br />
DeviceScanEnabled True<br />
ForceOfflineRSCN False<br />
AutoPerfTuning False<br />
LCFEnabled<br />
False<br />
MFSEnabled<br />
False<br />
MSEnabled<br />
True<br />
IOStreamGuard Disabled<br />
VIEnabled<br />
False<br />
PDISCPingEnabled True<br />
13-158 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Config Security<br />
Show Config Security<br />
Displays the security database configuration parameters.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show config security<br />
The following is an example of the Show Config Security command:<br />
SANbox #> show config security<br />
Configuration Name: default<br />
-------------------<br />
Switch Security Configuration Information<br />
-----------------------------------------<br />
FabricBindingEnabled False<br />
AutoSave<br />
True<br />
Port Binding Status WWN<br />
---- -------------- ---<br />
0 True 10:20:30:40:50:60:70:80<br />
1 True 10:20:30:40:50:60:70:80<br />
2 False No port binding entries found.<br />
3 True 10:20:30:40:50:60:70:80<br />
4 True 10:20:30:40:50:60:70:80<br />
5 False No port binding entries found.<br />
6 True 10:20:30:40:50:60:70:81<br />
7 False No port binding entries found.<br />
8 True 10:20:30:40:50:60:70:80<br />
9 False No port binding entries found.<br />
10 False No port binding entries found.<br />
11 False No port binding entries found.<br />
12 False No port binding entries found.<br />
13 False No port binding entries found.<br />
14 False No port binding entries found.<br />
15 False No port binding entries found.<br />
16 False No port binding entries found.<br />
17 False No port binding entries found.<br />
18 False No port binding entries found.<br />
19 False No port binding entries found.<br />
20 False No port binding entries found.<br />
21 False No port binding entries found.<br />
22 False No port binding entries found.<br />
23 False No port binding entries found.<br />
59263-02 B 13-159
13–<strong>Command</strong> Reference<br />
Show Config Security Portbinding<br />
Show Config Security Portbinding<br />
Displays the port binding configuration for one or more ports.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
None<br />
show config security portbinding [port_number]<br />
[port_number]<br />
The number of the port. If you omit [port_number], the port binding configuration<br />
for all ports is displayed.<br />
The following is an example of the Show Config Security Portbinding command:<br />
SANbox #> show config security portbinding<br />
Configuration Name: default<br />
-------------------<br />
Port Binding Status WWN<br />
---- -------------- ---<br />
0 True 10:20:30:40:50:60:70:80<br />
1 True 10:20:30:40:50:60:70:80<br />
2 False No port binding entries found.<br />
3 True 10:20:30:40:50:60:70:80<br />
4 True 10:20:30:40:50:60:70:80<br />
5 False No port binding entries found.<br />
6 True 10:20:30:40:50:60:70:81<br />
7 False No port binding entries found.<br />
8 True 10:20:30:40:50:60:70:80<br />
9 False No port binding entries found.<br />
10 False No port binding entries found.<br />
11 False No port binding entries found.<br />
12 False No port binding entries found.<br />
13 False No port binding entries found.<br />
14 False No port binding entries found.<br />
15 False No port binding entries found.<br />
16 False No port binding entries found.<br />
17 False No port binding entries found.<br />
18 False No port binding entries found.<br />
19 False No port binding entries found.<br />
20 False No port binding entries found.<br />
21 False No port binding entries found.<br />
22 False No port binding entries found.<br />
23 False No port binding entries found.<br />
13-160 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Config Switch<br />
Show Config Switch<br />
Displays the switch configuration parameters.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show config switch<br />
The following is an example of the Show Config Switch command:<br />
SANbox #> show config switch<br />
Configuration Name: default<br />
-------------------<br />
Switch Configuration Information<br />
--------------------------------<br />
AdminState<br />
Online<br />
BroadcastEnabled False<br />
InbandEnabled<br />
True<br />
FDMIEnabled<br />
False<br />
FDMIEntries 10<br />
DefaultDomainID 19 (0x13)<br />
DomainIDLock<br />
True<br />
SymbolicName<br />
sw108<br />
R_A_TOV 10000<br />
E_D_TOV 2000<br />
PrincipalPriority 254<br />
ConfigDescription Default Config<br />
ConfigLastSavedBy admin@OB-session5<br />
ConfigLastSavedOn day month date time year<br />
InteropMode<br />
Standard<br />
59263-02 B 13-161
13–<strong>Command</strong> Reference<br />
Show Config Threshold<br />
Show Config Threshold<br />
Displays alarm threshold parameters for the switch.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show config threshold<br />
The following is an example of the Show Config Threshold command:<br />
SANbox #> show config threshold<br />
Configuration Name: default<br />
------------<br />
Threshold Configuration Information<br />
-----------------------------------<br />
ThresholdMonitoringEnabled False<br />
CRCErrorsMonitoringEnabled True<br />
RisingTrigger 25<br />
FallingTrigger 1<br />
SampleWindow 10<br />
DecodeErrorsMonitoringEnabled True<br />
RisingTrigger 25<br />
FallingTrigger 0<br />
SampleWindow 10<br />
ISLMonitoringEnabled<br />
True<br />
RisingTrigger 2<br />
FallingTrigger 0<br />
SampleWindow 10<br />
LoginMonitoringEnabled<br />
True<br />
RisingTrigger 5<br />
FallingTrigger 1<br />
SampleWindow 10<br />
LogoutMonitoringEnabled<br />
True<br />
RisingTrigger 5<br />
FallingTrigger 1<br />
SampleWindow 10<br />
LOSMonitoringEnabled<br />
True<br />
RisingTrigger 100<br />
FallingTrigger 5<br />
SampleWindow 10<br />
13-162 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Config Zoning<br />
Show Config Zoning<br />
Displays zoning configuration parameters for the switch.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show config zoning<br />
The following is an example of the Show Config Zoning command:<br />
SANbox #> show config zoning<br />
Configuration Name: default<br />
-------------------<br />
Zoning Configuration Information<br />
--------------------------------<br />
MergeAutoSave<br />
True<br />
DefaultZone<br />
Allow<br />
DiscardInactive False<br />
59263-02 B 13-163
13–<strong>Command</strong> Reference<br />
Show Domains<br />
Show Domains<br />
Displays list of each domain and its worldwide name in the fabric.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show domains<br />
The following is an example of the Show Domains command:<br />
SANbox #> show domains<br />
Principal switch is (remote): 10:00:00:60:69:50:0b:6c<br />
Upstream Principal ISL is : 1<br />
Domain ID List:<br />
Domain 97 (0x61) WWN = 10:00:00:c0:dd:00:71:ed<br />
Domain 98 (0x62) WWN = 10:00:00:60:df:22:2e:0c<br />
Domain 99 (0x63) WWN = 10:00:00:c0:dd:00:72:45<br />
Domain 100 (0x64) WWN = 10:00:00:c0:dd:00:ba:68<br />
Domain 101 (0x65) WWN = 10:00:00:60:df:22:2e:06<br />
Domain 102 (0x66) WWN = 10:00:00:c0:dd:00:90:ef<br />
Domain 103 (0x67) WWN = 10:00:00:60:69:50:0b:6c<br />
Domain 104 (0x68) WWN = 10:00:00:c0:dd:00:b8:b7<br />
13-164 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Donor<br />
Show Donor<br />
Displays list of current donors and extended credit configuration for all ports.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show donor<br />
The following is an example of the Show Donor command:<br />
SANbox #> show donor<br />
Port Config Ext Credit Max Credit Donated Member of Valid Groups to<br />
Number Type Requested Available to Port Donor Group Extend Credit<br />
------ ------ ---------- ---------- ------- ----------- ---------------<br />
0 GL 0 16 None 0 0<br />
1 GL 0 16 None 0 0<br />
2 GL 0 16 None 0 0<br />
3 GL 0 16 None 0 0<br />
4 GL 0 16 None 0 0<br />
5 GL 0 16 None 0 0<br />
6 GL 0 16 None 0 0<br />
7 GL 0 16 None 0 0<br />
8 GL 0 16 None 0 0<br />
9 GL 0 16 None 0 0<br />
10 GL 0 16 None 0 0<br />
11 GL 0 16 None 0 0<br />
12 GL 0 16 None 0 0<br />
13 GL 0 16 None 0 0<br />
14 GL 0 16 None 0 0<br />
15 GL 0 16 None 0 0<br />
16 GL 0 16 None 0 0<br />
17 GL 0 16 None 0 0<br />
18 GL 0 16 None 0 0<br />
19 GL 0 16 None 0 0<br />
20 G 0 16 None None None<br />
21 G 0 16 None None None<br />
22 G 0 16 None None None<br />
23 G 0 16 None None None<br />
Donor Group Credit Pool<br />
----------- -----------<br />
0 0<br />
59263-02 B 13-165
13–<strong>Command</strong> Reference<br />
Show Env<br />
Show Env<br />
Authority<br />
Syntax<br />
Examples<br />
Displays temperature and voltage information.<br />
None<br />
show env<br />
The following is an example of the Show Env command:<br />
SANbox #> show env<br />
Temperature(C) Sensors:<br />
Sensor Description Status Current High Warn High Alarm<br />
------ ----------- ------ ------- --------- ----------<br />
0 BOARD Normal 24 65 70<br />
1 DS1780 Normal 28 n/a n/a<br />
2 MAX1617 Normal 31 65 70<br />
3 ASIC Normal 49 95 100<br />
Voltage Sensors:<br />
Sensor Description Status Current Low Alarm High Alarm<br />
------ ----------- ------ ------- --------- ----------<br />
0 2.5V Good 2.50 2.20 2.80<br />
1 1.25V Good 1.24 1.00 1.50<br />
2 3.3V Good 3.32 3.02 3.58<br />
3 12V Good 12.00 10.00 13.31<br />
4 1.2V Good 1.26 1.04 1.38<br />
5 1.5V Good 1.50 1.31 1.68<br />
6 1.8V_ANALOG Good 1.78 1.58 2.02<br />
7 1.8V Good 1.79 1.60 1.99<br />
8 2.5V_ANALOG Good 2.40 2.08 2.84<br />
13-166 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Fabric<br />
Show Fabric<br />
Displays list of each domain, symbolic name, worldwide name, node IP address,<br />
and port IP address in the fabric.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
None<br />
show fabric brief<br />
brief<br />
Displays a table of switches in the fabric including domain ID, WWN, and symbolic<br />
name. If you omit the Brief keyword, the command displays information for the<br />
local switch only.<br />
The following is an example of the Show Fabric command:<br />
SANbox #> show fabric<br />
Domain<br />
*133(0x85)<br />
WWN<br />
10:00:00:c0:dd:0d:53:91<br />
SymbolicName SANbox<br />
HostName<br />
<br />
EthIPv4Address 10.20.116.133<br />
EthIPv6Address <br />
* indicates principal switch<br />
The following is an example of the Show Fabric Brief command:<br />
SANbox #> show fabric brief<br />
Domain WWN SymbolicName<br />
------ --- ------------<br />
*16 (0x10) 10:00:00:c0:dd:00:77:81 swsb1.11<br />
17 (0x11) 10:00:00:c0:dd:00:6a:2d sw12<br />
18 (0x12) 10:00:00:c0:dd:00:c3:04 sw.160<br />
19 (0x13) 10:00:00:c0:dd:00:bc:56 Sb2.108<br />
* indicates principal switch<br />
59263-02 B 13-167
13–<strong>Command</strong> Reference<br />
Show FDMI<br />
Show FDMI<br />
Displays detailed information about the device host bus adapter.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
None<br />
show fdmi [port_wwn]<br />
[port_wwn]<br />
The device worldwide port name for which to display information. If you omit<br />
[port_wwn], the command displays a summary of host bus adapter information for<br />
all attached devices in the fabric. Illegal characters in the display appear as<br />
question marks (?).<br />
The following is an example of the Show FDMI command:<br />
SANbox #> show fdmi<br />
HBA ID PortID Manufacturer Model Ports<br />
-------- ------ --------------- ------- -----<br />
21:01:00:e0:8b:27:aa:bc 610000 <strong>QLogic</strong> Corporation QLA2342 2<br />
21:00:00:00:ca:25:9b:96 180100 <strong>QLogic</strong> Corporation QL2330 2<br />
The following is an example of the Show FDMI WWN command:<br />
SANbox #> show fdmi 21:00:00:e0:8b:09:3b:17<br />
FDMI Information<br />
----------------<br />
Manufacturer<br />
<strong>QLogic</strong> Corporation<br />
SerialNumber [04202<br />
Model<br />
QLA2342<br />
ModelDescription <strong>QLogic</strong> QLA2342 PCI Fibre Channel Adapter<br />
PortID 610000<br />
NodeWWN<br />
20:00:00:e0:8b:07:aa:bc<br />
HardwareVersion<br />
FC5010409-10<br />
DriverVersion<br />
8.2.3.10 Beta 2 (W2K VI)<br />
OptionRomVersion 1.21<br />
FirmwareVersion 03.02.13.<br />
OperatingSystem SunOS 5.8<br />
MaximumCTPayload 2040<br />
NumberOfPorts 1<br />
Port 21:01:00:e0:8b:27:aa:bc<br />
SupportedFC4Types FCP<br />
SupportedSpeed<br />
2Gb/s<br />
CurrentSpeed<br />
2Gb/s<br />
MaximumFrameSize 2048<br />
OSDeviceName<br />
HostName<br />
13-168 59263-02 B
13–<strong>Command</strong> Reference<br />
Show <strong>Interface</strong><br />
Show <strong>Interface</strong><br />
Displays the status of the active network interfaces.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show interface<br />
The following is an example of the Show <strong>Interface</strong> command:<br />
SANbox #> show interface<br />
eth0 Link encap:Ethernet HWaddr 00:C0:DD:00:00:27<br />
inet addr:10.20.116.131 Bcast:10.20.116.255 Mask:255.255.255.0<br />
inet6 addr: fd70:c154:c2df:116:2c0:ddff:fe00:27/64 Scope:Global<br />
inet6 addr: fe80::2c0:ddff:fe00:27/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:137168 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:2194 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000<br />
RX bytes:47764214 (45.5 Mb) TX bytes:328639 (320.9 Kb)<br />
lo<br />
Link encap:Local Loopback<br />
inet addr:127.0.0.1 Mask:255.255.255.255<br />
inet6 addr: ::1/128 Scope:Host<br />
UP LOOPBACK RUNNING MTU:16436 Metric:1<br />
RX packets:3887 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:3887 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:0<br />
RX bytes:272461 (266.0 Kb) TX bytes:272461 (266.0 Kb)<br />
59263-02 B 13-169
13–<strong>Command</strong> Reference<br />
Show Log<br />
Show Log<br />
Displays the contents of the log or the parameters used to create and display<br />
entries in the log. The log contains a maximum of 1200 entries. When the log<br />
reaches its entry capacity, subsequent entries overwrite the existing entries,<br />
beginning with the oldest.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show log<br />
[number_of_events]<br />
component<br />
display [filter]<br />
level<br />
options<br />
port<br />
settings<br />
[number_of_events]<br />
Specifies the number of the most recent events to display from the event log.<br />
[number_of_events] must be a positive integer.<br />
component<br />
Displays the components currently being monitored for events. Table 13-40<br />
describes the log monitoring components.<br />
Table 13-40. Log Monitoring Components<br />
Component<br />
Chassis<br />
CLI<br />
Eport<br />
Mgmtserver<br />
Nameserver<br />
Other<br />
Port<br />
QFS<br />
SNMP<br />
Description<br />
Chassis hardware components such as fans and power supplies<br />
<strong>Command</strong> line interface events<br />
E_Port events<br />
Management server events<br />
Name server events<br />
Miscellaneous events<br />
Port events<br />
<strong>QLogic</strong> Fabric Service events. QFS governs Call Home e-mail<br />
notification.<br />
SNMP events<br />
13-170 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Log<br />
Table 13-40. Log Monitoring Components (Continued)<br />
Component<br />
Switch<br />
Zoning<br />
Switch management events<br />
Zoning conflict events<br />
Description<br />
display [filter]<br />
Displays log events on the screen according to the component or severity level<br />
filter given by [filter]. [filter] can be one of the following:<br />
Info<br />
Displays all informative events.<br />
Warning<br />
Displays all warning events.<br />
Critical<br />
Displays all critical events.<br />
Eport3<br />
Displays all events related to E_Ports.<br />
Mgmtserver<br />
Displays all events related to the management server.<br />
Nameserver<br />
Displays all events related to the name server.<br />
Port [port_number]<br />
Displays all events related to the port given by [port_number].<br />
SNMP<br />
Displays all events related to SNMP.<br />
Switch<br />
Displays all events related to switch management.<br />
Zoning<br />
Displays all events related to zoning.<br />
59263-02 B 13-171
13–<strong>Command</strong> Reference<br />
Show Log<br />
level<br />
Displays the severity settings for event logging and the setting for the display<br />
level.<br />
options<br />
Displays the options that are available for configuring event logging and automatic<br />
display to the screen. Refer to the “Set Log” command on page 13-121 for<br />
information about how to configure event logging and display level.<br />
port<br />
Displays the ports being monitored for events. If an event occurs that is of the<br />
defined level and on a defined component, but is not on a defined port, no entry is<br />
made in the log.<br />
settings<br />
Displays the current filter settings for component, severity level, port, and display<br />
level. This command is equivalent to executing the following commands<br />
separately: Show Log Component, Show Log Level, and Show Log Port.<br />
Examples<br />
The following is an example of the Show Log Component command:<br />
SANbox #> show log component<br />
Current settings for log<br />
------------------------<br />
FilterComponent NameServer MgmtServer Zoning Switch Port Eport Snmp<br />
The following is an example of the Show Log Level command:<br />
SANbox #> show log level<br />
Current settings for log<br />
------------------------<br />
FilterLevel Info<br />
DisplayLevel Critical<br />
The following is an example of the Show Log Options command:<br />
SANbox #> show log options<br />
Allowed options for log<br />
-----------------------<br />
FilterComponent All,None,NameServer,MgmtServer,Zoning,Switch,Port,Eport,Snmp,CLI,Qfs<br />
FilterLevel Critical,Warn,Info,None<br />
DisplayLevel Critical,Warn,Info,None<br />
13-172 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Log<br />
The following is an example of the Show Log command:<br />
SANbox #> show log<br />
[327][day month date time year][I][Eport Port:0/8][Eport State=<br />
E_A0_GET_DOMAIN_ID]<br />
[328][day month date time year][I][Eport Port: 0/8][FSPF PortUp state=0]<br />
[329][day month date time year][I][Eport Port: 0/8][Sending init hello]<br />
[330][day month date time year][I][Eport Port: 0/8][Processing EFP, oxid= 0x8]<br />
[331][day month date time year][I][Eport Port: 0/8][Eport State = E_A2_IDLE]<br />
[332][day month date time year][I][Eport Port: 0/8][EFP,WWN= 0x100000c0dd00b845,<br />
len= 0x30]<br />
[333][day month date time year][I][Eport Port: 0/8][Sending LSU oxid=0xc:type=1]<br />
[334][day month date time year][I][Eport Port: 0/8][Send Zone Merge Request]<br />
[335][day month date time year][I][Eport Port: 0/8][LSDB Xchg timer set]<br />
59263-02 B 13-173
13–<strong>Command</strong> Reference<br />
Show LSDB<br />
Show LSDB<br />
Displays Link State database information,<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show lsdb<br />
The following is an example of the Show LSDB command:<br />
SANbox #> show lsdb<br />
Link State Database Information<br />
-------------------------------<br />
LsID 34: Age=1176, Incarnation=0x800000e5<br />
NeighborDomain=36, LocalPort=6, RemotePort=7, Cost=500<br />
NeighborDomain=35, LocalPort=16, RemotePort=16, Cost=100<br />
NeighborDomain=35, LocalPort=18, RemotePort=19, Cost=100<br />
NeighborDomain=35, LocalPort=7, RemotePort=7, Cost=500<br />
NeighborDomain=35, LocalPort=5, RemotePort=4, Cost=500<br />
Local Domain<br />
LsID 35: Age=1166, Incarnation=0x800000cc<br />
NeighborDomain=34, LocalPort=16, RemotePort=16, Cost=100<br />
NeighborDomain=34, LocalPort=19, RemotePort=18, Cost=100<br />
NeighborDomain=36, LocalPort=5, RemotePort=4, Cost=250<br />
NeighborDomain=34, LocalPort=7, RemotePort=7, Cost=500<br />
NeighborDomain=34, LocalPort=4, RemotePort=5, Cost=500<br />
Route: OutPort=18, Hops=1, Cost=100<br />
LsID 36: Age=1162, Incarnation=0x80000046<br />
NeighborDomain=34, LocalPort=7, RemotePort=6, Cost=500<br />
NeighborDomain=35, LocalPort=4, RemotePort=5, Cost=250<br />
Route: OutPort=16, Hops=2, Cost=350<br />
13-174 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Media<br />
Show Media<br />
Displays transceiver operational and diagnostic information for one or more ports.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show media<br />
[port_list]<br />
all<br />
installed<br />
[port_list]<br />
The port or ports for which to display transceiver information. [port_list] can be a<br />
set of port numbers and ranges delimited by spaces. For example, [0 2 10-15]<br />
specifies ports 0, 2, 10, 11, 12, 13, 14, and 15.<br />
all<br />
Displays transceiver information for all ports.<br />
installed<br />
Displays transceiver information for all ports that have transceivers installed.<br />
Notes<br />
Table 13-41 describes the transceiver information in the Show Media display.<br />
Table 13-41. Transceiver Information<br />
Information Type<br />
MediaType<br />
MediaVendor<br />
MediaPartNumber<br />
MediaRevision<br />
MediaSerialNumber<br />
MediaSpeeds<br />
Description<br />
Media physical variant. The variant indicates speed, media,<br />
transmitter, and distance. The media designator may be M5<br />
(multimode 50 micron), M6 (multimode 62.5 micron), or MX.<br />
MX indicates that the media supports both multimode 50 and<br />
62.5 micron.<br />
MediaType may also be on of the following:<br />
• NotInstalled–transceiver is not installed.<br />
• Unknown–transceiver does not have a serial ID.<br />
• NotApplicable–transceiver is not needed.<br />
Vendor name<br />
Vendor media part number<br />
Vender media revision level<br />
Vendor media serial number<br />
Transmission speed capabilities<br />
59263-02 B 13-175
13–<strong>Command</strong> Reference<br />
Show Media<br />
Table 13-41. Transceiver Information (Continued)<br />
Information Type<br />
Temp<br />
Description<br />
Temperature in degrees Celsius.<br />
Voltage Supply voltage in Volts. The range is 0–6.55.<br />
Tx Bias<br />
Tx Power<br />
Transmitter laster bias current in milliamps. The range is<br />
0–655.<br />
Transmitter coupled output power in milliWatts. The range is<br />
0–6.55.<br />
Rx Power Received optical power in milliWatts. The range is 0–6.55.<br />
Value<br />
Status<br />
HighAlarm<br />
HighWarning<br />
LowWarning<br />
LowAlarm<br />
Measured value.<br />
State associated with the measured value:<br />
• Normal: Value is in the normal operating range.<br />
• HighAlarm: Value exceeds the high alarm threshold.<br />
• HighWarning: Value exceeds the high warning threshold.<br />
• LowWarning: Value is less than the low warning threshold.<br />
• LowAlarm: Value is less than the low alarm threshold.<br />
Vendor specified threshold above which an alarm is issued.<br />
Vendor specified threshold above which a warning is issued.<br />
Vendor specified threshold below which a warning is issued.<br />
Vendor specified threshold below which an alarm is issued.<br />
Examples The following is an example of the Show Media command for port 4:<br />
SANbox #> show media 4<br />
Port Number: 4<br />
-------------<br />
MediaType<br />
400-M5-SN-I<br />
MediaVendor<br />
FINISAR CORP.<br />
MediaPartNumber FTRJ8524P2BNL<br />
MediaRevision A<br />
MediaSerialNumber P6G22RL<br />
MediaSpeeds<br />
1Gb/s, 2Gb/s, 4Gb/s<br />
Temp Voltage Tx Bias Tx Pwr Rx Pwr<br />
(C) (V) (mA) (mW) (mW)<br />
----------- ----------- ------------ ----------- -----------<br />
Value 37.32 3.33 7.30 0.373 0.000<br />
Status Normal HighWarning Normal Normal LowAlarm<br />
HighAlarm 95.00 3.90 17.00 0.637 1.264<br />
13-176 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Media<br />
HighWarning 90.00 3.70 14.00 0.637 0.791<br />
LowWarning -20.00 2.90 2.00 0.082 0.028<br />
LowAlarm -25.00 2.70 1.00 0.073 0.019<br />
The following is an example of the Show Media command for all ports:<br />
SANbox #> show media<br />
Note: -- LowAlarm; - LowWarning; + HighWarning; ++ HighAlarm<br />
Port Vendor Name Temp Voltage Tx Bias Tx Pwr Rx Pwr<br />
Num (C) (V) (mA) (mW) (mW)<br />
---- ----------- ------- ------- ------- ------ ------<br />
0 NotInstalled N/A N/A N/A N/A N/A<br />
1 NotApplicable N/A N/A N/A N/A N/A<br />
2 Unknown N/A N/A N/A N/A N/A<br />
3 FINISAR N/A N/A N/A N/A N/A<br />
4 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
5 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
6 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
7 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
8 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
9 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
10 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
11 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
12 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
13 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
14 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
15 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
16 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
17 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
18 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
19 FINISAR 37.32 3.33+ 7.30 0.371 0.000 --<br />
20 Unknown N/A N/A N/A N/A N/A<br />
21 INFINEON N/A N/A N/A N/A N/A<br />
22 INFINEON 39.62 N/A 5.84 0.637 0.092<br />
23 INFINEON 39.62 N/A 5.84 0.637 0.092<br />
59263-02 B 13-177
13–<strong>Command</strong> Reference<br />
Show Mem<br />
Show Mem<br />
Displays information about memory activity.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show mem [count]<br />
[count]<br />
The number of seconds for which to display memory information. If you omit<br />
[count], the value 1 is used. Displayed memory values are in 1K block units.<br />
NOTE:<br />
This keyword will display memory activity updates until [count] is reached–it<br />
cannot be interrupted. Therefore, avoid using large values for [count].<br />
Examples<br />
The following is an example of the Show Mem command:<br />
SANbox #> show mem<br />
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----<br />
r b swpd free buff cache si so bi bo in cs us sy id wa<br />
1 0 0 334464 55932 18728 0 0 1 0 401 57 1 2 97 0<br />
Filesystem space in use: 41138/53188 KB (77%)<br />
13-178 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Ns<br />
Show Ns<br />
Authority<br />
Syntax<br />
Keywords<br />
Displays the WWNs for devices in the fabric.<br />
None<br />
show ns [option]<br />
[option]<br />
The domain IDs or port IDs for which to display name server information. If you<br />
omit [option], name server information for the local domain ID is displayed.<br />
[option] can have the following values:<br />
all<br />
Displays WWNs for all switches and ports.<br />
[domain_id]<br />
Displays WWNs for all devices connected to the switch given by<br />
[domain_id]. [domain_id] is a switch domain ID.<br />
[port_id]<br />
Displays the WWNs for the devices connected to the port given by [port_id].<br />
[port_id] is a port Fibre Channel address.<br />
Examples<br />
The following is an example of the Show Ns (local domain) command:<br />
SANbox #> show ns<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
1 19 (0x13) 1301e1 NL 3 21:00:00:20:37:73:13:69 20:00:00:20:37:73:13:69<br />
2 19 (0x13) 1301e2 NL 3 21:00:00:20:37:73:12:9b 20:00:00:20:37:73:12:9b<br />
3 19 (0x13) 1301e4 NL 3 21:00:00:20:37:73:05:26 20:00:00:20:37:73:05:26<br />
4 19 (0x13) 130d00 N 3 21:01:00:e0:8b:27:a7:bc 20:01:00:e0:8b:27:a7:bc<br />
The following is an example of the Show Ns [domain_ID] command:<br />
SANbox #> show ns 18<br />
Seq Domain Port Port<br />
No ID ID Type COS PortWWN NodeWWN<br />
--- ------ ------ ---- --- ------- -------<br />
1 18 (0x12) 120700 N 3 21:00:00:e0:8b:07:a7:bc 20:00:00:e0:8b:07:a7:bc<br />
59263-02 B 13-179
13–<strong>Command</strong> Reference<br />
Show Ns<br />
The following is an example of the Show Ns [port_ID] command:<br />
SANbox #> show ns 1301e1<br />
Port ID: 1301e1<br />
--------<br />
PortType<br />
NL<br />
PortWWN 21:00:00:20:37:73:13:69<br />
SymbolicPortName<br />
NodeWWN 20:00:00:20:37:73:13:69<br />
SymbolicNodeName<br />
NodeIPAddress diskarray7.anycompany.com<br />
ClassOfService 3<br />
PortIPAddress ::<br />
FabricPortName 20:01:00:c0:dd:00:bc:56<br />
FC4Type<br />
FCP<br />
FC4Desc<br />
(NULL)<br />
13-180 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Pagebreak<br />
Show Pagebreak<br />
Displays the current pagebreak setting.<br />
Authority<br />
Syntax<br />
Notes<br />
Examples<br />
None<br />
show pagebreak<br />
The pagebreak setting limits the display of information to 20 lines (On) or allows<br />
the continuous display of information without a break (Off).<br />
The following is an example of the Show Pagebreak command:<br />
SANbox #> show pagebreak<br />
current setting: ON<br />
59263-02 B 13-181
13–<strong>Command</strong> Reference<br />
Show Perf<br />
Show Perf<br />
Displays port performance in frames/second and bytes/second. If you omit the<br />
keyword, the command displays data transmitted (out), data received (in), and<br />
total data transmitted and received in frames/second and bytes/second.<br />
Transmission rates are expressed in thousands (K) and millions (M).<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show perf [port_list]<br />
or<br />
show perf<br />
byte [port_list]<br />
inbyte [port_list]<br />
outbyte [port_list]<br />
frame [port_list]<br />
inframe [port_list]<br />
outframe [port_list]<br />
errors [port_list]<br />
[port_list]<br />
Displays the instantaneous performance data for up to sixteen ports given by<br />
[port_list]. [port_list] can be a set of port numbers and ranges delimited by spaces.<br />
For example, [0 2 10-15] specifies ports 0, 2, 10, 11, 12, 13, 14, and 15. If you<br />
omit [port_list], the command displays performance data for all ports.<br />
byte [port_list]<br />
Displays continuous performance data in total bytes/second transmitted and<br />
received for up to sixteen ports given by [port_list]. [port_list] can be a set of port<br />
numbers and ranges delimited by spaces. For example, [0 2 10-15] specifies ports<br />
0, 2, 10, 11, 12, 13, 14, and 15. If you omit [port_list], the command displays<br />
performance data for ports 0–15. Press any key to stop the display.<br />
inbyte [port_list]<br />
Displays continuous performance data in bytes/second received for the ports<br />
given by [port_list]. [port_list] can be a set of port numbers and ranges delimited<br />
by spaces. For example, [0 2 10-15] specifies ports 0, 2, 10, 11, 12, 13, 14, and<br />
15. If you omit [port_list], the command displays performance data for ports 0–15.<br />
Press any key to stop the display.<br />
13-182 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Perf<br />
outbyte [port_list]<br />
Displays continuous performance data in bytes/second transmitted for the ports<br />
given by [port_list]. [port_list] can be a set of port numbers and ranges delimited<br />
by spaces. For example, [0 2 10-15] specifies ports 0, 2, 10, 11, 12, 13, 14, and<br />
15. If you omit [port_list], the command displays performance data for ports 0–15.<br />
Press any key to stop the display.<br />
frame [port_list]<br />
Displays continuous performance data in total frames/second transmitted and<br />
received for the ports given by [port_list]. [port_list] can be a set of port numbers<br />
and ranges delimited by spaces. For example, [0 2 10-15] specifies ports 0, 2, 10,<br />
11, 12, 13, 14, and 15. If you omit [port_list], the command displays performance<br />
data for ports 0–15. Press any key to stop the display.<br />
inframe [port_list]<br />
Displays continuous performance data in frames/second received for the ports<br />
given by [port_list]. [port_list] can be a set of port numbers and ranges delimited<br />
by spaces. For example, [0 2 10-15] specifies ports 0, 2, 10, 11, 12, 13, 14, and<br />
15. If you omit [port_list], the command displays performance data for ports 0–15.<br />
Press any key to stop the display.<br />
outframe [port_list]<br />
Displays continuous performance data in frames/second transmitted for the ports<br />
given by [port_list]. [port_list] can be a set of port numbers and ranges delimited<br />
by spaces. For example, [0 2 10-15] specifies ports 0, 2, 10, 11, 12, 13, 14, and<br />
15. If you omit [port_list], the command displays performance data for ports 0–15.<br />
Press any key to stop the display.<br />
errors [port_list]<br />
Displays continuous error counts for the ports given by [port_list]. [port_list] can be<br />
a set of port numbers and ranges delimited by spaces. For example, [0 2 10-15]<br />
specifies ports 0, 2, 10, 11, 12, 13, 14, and 15. If you omit [port_list], the command<br />
displays performance data for ports 0–15. Press any key to stop the display.<br />
59263-02 B 13-183
13–<strong>Command</strong> Reference<br />
Show Perf<br />
Examples<br />
The following is an example of the Show Perf command:<br />
SANbox #> show perf<br />
Port Bytes/s Bytes/s Bytes/s Frames/s Frames/s Frames/s<br />
Number (in) (out) (total) (in) (out) (total)<br />
------ ------- ------- ------- -------- -------- --------<br />
0 7K 136M 136M 245 68K 68K<br />
1 58K 0 58K 1K 0 1K<br />
2 0 0 0 0 0 0<br />
3 0 0 0 0 0 0<br />
4 0 0 0 0 0 0<br />
5 0 0 0 0 0 0<br />
6 0 7K 7K 0 245 245<br />
7 136M 58K 136M 68K 1K 70K<br />
8 7K 136M 136M 245 68K 68K<br />
9 58K 0 58K 1K 0 1K<br />
10 0 0 0 0 0 0<br />
11 0 0 0 0 0 0<br />
12 0 0 0 0 0 0<br />
13 0 0 0 0 0 0<br />
14 0 7K 7K 0 245 245<br />
15 136M 58K 136M 68K 1K 70K<br />
16 47M 23K 47M 23K 726 24K<br />
17 0 0 0 0 0 0<br />
18 23K 47M 47M 726 23K 24K<br />
19 0 0 0 0 0 0<br />
20 0 0 0 0 0 0<br />
21 0 0 0 0 0 0<br />
22 0 0 0 0 0 0<br />
23 0 0 0 0 0 0<br />
The following is an example of the Show Perf Byte command:<br />
SANbox #> show perf byte<br />
Displaying bytes/sec (total)... (Press any key to stop display)<br />
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15<br />
--------------------------------------------------------------------------------<br />
0 0 0 0 0 0 0 0 137M 58K 0 0 0 0 8K 137M<br />
0 0 0 0 0 0 0 0 136M 58K 0 0 0 0 8K 136M<br />
0 0 0 0 0 0 0 0 135M 58K 0 0 0 0 7K 135M<br />
0 0 0 0 0 0 0 0 137M 58K 0 0 0 0 8K 137M<br />
0 0 0 0 0 0 0 0 136M 58K 0 0 0 0 7K 136M<br />
0 0 0 0 0 0 0 0 137M 58K 0 0 0 0 8K 137M<br />
0 0 0 0 0 0 0 0 136M 58K 0 0 0 0 8K 136M<br />
0 0 0 0 0 0 0 0 136M 58K 0 0 0 0 7K 136M<br />
q<br />
13-184 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Port<br />
Show Port<br />
Displays operational information for one or more ports.<br />
Authority<br />
Syntax<br />
Keywords<br />
Notes<br />
None<br />
show port<br />
[port_list]<br />
[port_list]<br />
The number of the port for which to display information. [port_list] can be a set of<br />
port numbers and ranges delimited by spaces. For example, [0 2 10-15] specifies<br />
ports 0, 2, 10, 11, 12, 13, 14, and 15.<br />
Table 13-42 describes the port parameters.<br />
Table 13-42. Show Port Parameters<br />
Entry<br />
Description<br />
AdminState<br />
AIinit<br />
AIinitError<br />
AsicNumber<br />
AsicPort<br />
BadFrames<br />
BBCR_FrameFailures<br />
BBCR_RRDYFailures<br />
ClassXFramesIn<br />
ClassXFramesOut<br />
ClassXWordsIn<br />
ClassXWordsOut<br />
ClassXToss<br />
ConfigType<br />
Administrative state<br />
Number of times the port began arbitrated loop initialization.<br />
Number of times the port entered initialization and the initialization<br />
failed.<br />
ASIC number<br />
ASIC port number<br />
Number of frames that have framing errors.<br />
Number of times more frames were lost during a credit recovery<br />
period than the recovery process could resolve. This<br />
causes a Link Reset to recover the credits.<br />
Number of times more R_RDYs were lost during a credit<br />
recovery period than the recovery process could resolve. This<br />
causes a Link Reset to recover the credits.<br />
Number of class x frames received by this port.<br />
Number of class x frames sent by this port.<br />
Number of class x words received by this port.<br />
Number of class x words sent by this port.<br />
Number of times an SOFi3 or SOFn3 frame is tossed from<br />
TBUF.<br />
Configured port type: G, GL, F, FL, TR, or Donor<br />
59263-02 B 13-185
13–<strong>Command</strong> Reference<br />
Show Port<br />
Table 13-42. Show Port Parameters (Continued)<br />
Entry<br />
DecodeError<br />
DownstreamISL<br />
POSTFaultCode<br />
POSTStatus<br />
EpConnects<br />
EpConnState<br />
EpIsoReason<br />
Number of decode errors detected<br />
Downstream ISL state. True indicates a connection to another<br />
switch that is not the principal switch.<br />
Fault code from the most recent Power-on self test<br />
Status from the most recent Power-on self test<br />
Number of times an E_Port connected through ISL negotiation.<br />
E_Port connection status<br />
E_Port isolation reason<br />
Description<br />
FBusy Number of times the switch sent a F_BSY because Class 2<br />
frame could not be delivered within ED_TOV time. The number<br />
of class 2 and class 3 fabric busy (F_BSY) frames generated<br />
by this port in response to inbound frames. This usually<br />
indicates a busy condition on the fabric or N_Port that is preventing<br />
delivery of this frame.<br />
Flowerrors<br />
FReject<br />
InvalidCRC<br />
InvalidDestAddr<br />
IOStreamGuard<br />
Licensed<br />
LinkFailures<br />
LinkSpeed<br />
LinkState<br />
LIP_AL_PD_ALPS<br />
LIP_F7_AL_PS<br />
Number of frames received there were no available credits.<br />
Number of frames from devices that were rejected.<br />
Invalid CRC detected.<br />
Invalid destination address detected.<br />
I/O StreamGuard status<br />
Port activation status<br />
Number of optical link failures detected by this port. A link failure<br />
is a loss of synchronization or a loss of signal while not in<br />
the offline state. A loss of signal causes the switch to attempt<br />
to re-establish the link. If the link is not re-established, a link<br />
failure is counted. A link reset is performed after a link failure.<br />
Port transmission speed<br />
Port activity status<br />
Number of F7, AL_PS LIPs, or AL_PD (vendor specific)<br />
resets, performed.<br />
This LIP is used to reinitialize the loop. An L_Port, identified by<br />
AL_PS, may have noticed a performance degradation and is<br />
trying to restore the loop.<br />
13-186 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Port<br />
Table 13-42. Show Port Parameters (Continued)<br />
Entry<br />
LIP_F8_AL_PS<br />
LIP_F7_F7<br />
LIP_F8_F7<br />
Login<br />
LoginStatus<br />
Logout<br />
LongFramesIn<br />
LoopTimeouts<br />
LossOfSync<br />
LostFrames<br />
LostRRDYs<br />
MaxCredit<br />
MediaSpeeds<br />
MediaPartNumber<br />
MediaRevision<br />
MediaType<br />
MediaVendor<br />
MediaVendorID<br />
OperationalState<br />
PerfTuningMode<br />
This LIP denotes a loop failure detected by the L_Port identified<br />
by AL_PS.<br />
A loop initialization primitive frame used to acquire a valid<br />
AL_PA.<br />
A loop initialization primitive frame used to indicate that a loop<br />
failure has been detected at the receiver.<br />
Number of device logins<br />
Device login status for the port: LoggedIn or NotLoggedIn<br />
Number of device logouts that have occurred on the port<br />
Number of incidents when one or more frames that are greater<br />
than the maximum size were received<br />
A two (2) second timeout, as specified by FC-AL-2.<br />
Number of synchronization losses (>100 ms) detected by this<br />
port. A loss of synchronization is detected by the receipt of an<br />
invalid transmission word.<br />
Number of incidents of lost frames.<br />
Number of incidents of lost Receiver_Ready (R_RDY) primitives<br />
Maximum number of port buffer credits<br />
Possible transmission speeds for the port<br />
Transceiver vendor part number<br />
Transceiver revision<br />
Media physical variant. The variant indicates speed, media,<br />
transmitter, and distance. The media designator may be M5<br />
(multimode 50 micron), M6 (multimode 62.5 micron), or MX.<br />
MX indicates that the media supports both multimode 50 and<br />
62.5 micron.<br />
Transceiver manufacturer<br />
Transceiver manufacturer identifier<br />
Operational state<br />
AutoPerfTuning status<br />
Description<br />
59263-02 B 13-187
13–<strong>Command</strong> Reference<br />
Show Port<br />
Table 13-42. Show Port Parameters (Continued)<br />
Entry<br />
Description<br />
PortID<br />
PortWWN<br />
PrimSeqErrors<br />
RunningType<br />
RxLinkResets<br />
RxOfflineSeq<br />
ShortFramesIn<br />
SymbolicName<br />
SyncStatus<br />
TestFaultCode<br />
TestStatus<br />
TotalErrors<br />
TotalLinkResets<br />
TotalLIPsRecvd<br />
TotalLIPsXmitd<br />
TotalOfflineSeq<br />
TotalRxFrames<br />
TotalRxWords<br />
TotalTxFrames<br />
TotalTxWords<br />
TxLinkResets<br />
TxOfflineSeq<br />
Fibre Channel port address<br />
Worldwide port name<br />
Number of primitive sequence errors detected<br />
Operational port type: F, FL, E, or Unknown<br />
Number of link reset primitives received from an attached<br />
device<br />
Number of offline sequences (OLSs) received. An OLS is<br />
issued for link initialization, a Receive & Recognize<br />
Not_Operational (NOS) state, or to enter the offline state.<br />
Number of incidents when one or more frames that are less<br />
than the minimum size were received<br />
Port symbolic name<br />
Synchronization status: SyncAcquired, SyncLost<br />
Fault code from the most recent port test<br />
Status from the most recent port test<br />
Total number of errors detected on the port since the last port<br />
or switch reset<br />
Total number of link resets since the last port or switch reset<br />
Number of loop initialization primitive frames received by this<br />
port.<br />
Number of loop initialization primitive frames transmitted by<br />
this port.<br />
Total number of Offline Sequences issued and received by this<br />
port.<br />
Total number of frames received by this port.<br />
Total number of words received by this port.<br />
Total number of frames issued by this port.<br />
Total number of words issued by this port.<br />
Number of Link Resets issued by this port.<br />
Number of Offline Sequences issued by this port.<br />
13-188 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Port<br />
Table 13-42. Show Port Parameters (Continued)<br />
Entry<br />
XmitterEnabled<br />
Transmitter status: True, False<br />
Description<br />
Examples<br />
The following is an example of the Show Port command:<br />
SANbox #> show port 1<br />
Port Number: 1<br />
------------<br />
AdminState Online OperationalState Offline<br />
AsicNumber 0 PerfTuningMode Normal<br />
AsicPort 2 PortID 3a0100<br />
ConfigType GL PortWWN 20:01:00:c0:dd:0d:4f:08<br />
POSTFaultCode 00000000 RunningType Unknown<br />
POSTStatus Passed MediaPartNumber FTLF8528P2BCV<br />
DownstreamISL False MediaRevision A<br />
EpConnState None MediaType 800-MX-SN-S<br />
EpIsoReason NotApplicable MediaVendor FINISAR CORP.<br />
IOStreamGuard Disabled MediaVendorID 00009065<br />
Licensed True SymbolicName Port1<br />
LinkSpeed Auto SyncStatus SyncLost<br />
LinkState Inactive TestFaultCode 00000000<br />
LoginStatus NotLoggedIn TestStatus NeverRun<br />
MaxCredit 16 UpstreamISL False<br />
MediaSpeeds 2Gb/s, 4Gb/s, 8Gb/s XmitterEnabled True<br />
ALInit 1 LIP_F8_F7 0<br />
ALInitError 0 LinkFailures 0<br />
BadFrames 0 Login 0<br />
BBCR_FrameFailures 0 Logout 0<br />
BBCR_RRDYFailures 0 LongFramesIn 0<br />
Class2FramesIn 0 LoopTimeouts 0<br />
Class2FramesOut 0 LossOfSync 0<br />
Class2WordsIn 0 LostFrames 0<br />
Class2WordsOut 0 LostRRDYs 0<br />
Class3FramesIn 0 PrimSeqErrors 0<br />
Class3FramesOut 0 RxLinkResets 0<br />
Class3Toss 0 RxOfflineSeq 0<br />
Class3WordsIn 0 ShortFramesIn 0<br />
Class3WordsOut 0 TotalErrors 0<br />
DecodeErrors 0 TotalLinkResets 0<br />
EpConnects 0 TotalLIPsRecvd 0<br />
FBusy 0 TotalLIPsXmitd 2<br />
FlowErrors 0 TotalOfflineSeq 0<br />
FReject 0 TotalRxFrames 0<br />
InvalidCRC 0 TotalRxWords 0<br />
InvalidDestAddr 0 TotalTxFrames 0<br />
59263-02 B 13-189
13–<strong>Command</strong> Reference<br />
Show Port<br />
LIP_AL_PD_AL_PS 0 TotalTxWords 0<br />
LIP_F7_AL_PS 0 TxLinkResets 0<br />
LIP_F7_F7 0 TxOfflineSeq 0<br />
LIP_F8_AL_PS 0<br />
13-190 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Postlog<br />
Show Postlog<br />
Displays the Power On Self Test (POST) log, which contains results from the most<br />
recently failed POST.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show postlog<br />
or<br />
show port log<br />
The following is an example of the Show Postlog command:<br />
SANbox #> show postlog<br />
Queue:<br />
POST<br />
Sequence Count: 467<br />
Success Count: 452<br />
Failed Count: 42<br />
Records: 53<br />
Record: 1 of 53<br />
Time:<br />
day mmm dd hh:mm:ss yyyy<br />
Sequence Number: 5<br />
Consecutive Passes: 5<br />
Record: 2 of 53<br />
Time:<br />
day mmm dd hh:mm:ss yyyy<br />
Sequence Number: 6<br />
Test:<br />
TEST_SUITE_POST (0x13)<br />
Subtest:<br />
TEST_STATIC_PORTADDR (0x72)<br />
Fault Code:<br />
DIAGS_ERR_CPORT_VERIFY (0x34)<br />
Loops: 0<br />
Blade/Asic: 0/0<br />
Register Address: 0x00000005<br />
Received Data: 0x0082202b<br />
Expected Data: 0x00a2202b<br />
.<br />
.<br />
.<br />
59263-02 B 13-191
13–<strong>Command</strong> Reference<br />
Show Setup Callhome<br />
Show Setup Callhome<br />
Displays the Call Home database configuration.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show setup callhome<br />
The following is an example of the Show Setup Callhome command:<br />
SANbox #> show setup callhome<br />
Callhome Information<br />
--------------------<br />
PrimarySMTPServerAddr 0.0.0.0<br />
PrimarySMTPServerPort 25<br />
PrimarySMTPServerEnabled False<br />
SecondarySMTPServerAddr 0.0.0.0<br />
SecondarySMTPServerPort 25<br />
SecondarySMTPServerEnabled False<br />
ContactEmailAddress<br />
nobody@localhost.localdomain<br />
PhoneNumber<br />
<br />
StreetAddress<br />
<br />
FromEmailAddress<br />
nobody@localhost.localdomain<br />
ReplyToEmailAddress<br />
nobody@localhost.localdomain<br />
ThrottleDupsEnabled<br />
True<br />
+ indicates active SMTP server<br />
13-192 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Setup Mfg<br />
Show Setup Mfg<br />
Displays manufacturing information about the switch.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show setup mfg<br />
The following is an example of the Show Setup Mfg command:<br />
SANbox #> show setup mfg<br />
Manufacturing Information<br />
-------------------------<br />
BrandName<br />
<strong>QLogic</strong><br />
BuildDate<br />
Unknown<br />
ChassisPartNumber SB5800V-08A8-30<br />
ChassisSerialNumber 0331000011<br />
CPUBoardSerialNumber 0331000011<br />
LicensedPorts 24<br />
MACAddress<br />
00:c0:dd:02:cc:17<br />
PlanarPartNumber<br />
Unknown<br />
SwitchSymbolicName SANbox<br />
SwitchWWN<br />
10:00:00:c0:dd:02:cc:16<br />
SystemDescription SANbox 5800V FC Switch<br />
SystemObjectID 1.3.6.1.4.1.3873.1.9<br />
59263-02 B 13-193
13–<strong>Command</strong> Reference<br />
Show Setup Radius<br />
Show Setup Radius<br />
Displays RADIUS server information.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show setup radius<br />
common<br />
server [server_number]<br />
common<br />
Displays the configuration parameters that are common for all RADIUS servers.<br />
To display common and server-specific information, omit the keyword. Refer to<br />
Table 13-28 for a description of the common configuration parameters.<br />
server [server_number]<br />
Displays the configuration parameters for the RADIUS server given by<br />
[server_number]. [server_number] is an integer corresponding to a configured<br />
server. To display common and server-specific information, omit the keyword.<br />
Refer to Table 13-29 for a description of the server-specific configuration<br />
parameters.<br />
Examples<br />
The following is an example of the Show Setup Radius Common command:<br />
SANbox #> show setup radius common<br />
Radius Information<br />
------------------<br />
DeviceAuthOrder Local<br />
UserAuthOrder Local<br />
TotalServers 2<br />
The following is an example of the Show Setup Radius Server command:<br />
SANbox #> show setup radius server 2<br />
Radius Information<br />
------------------<br />
Server: 2<br />
ServerIPAddress bacd:1234:bacd:1234:bacd:1234:bacd:1234<br />
ServerUDPPort 1812<br />
DeviceAuthServer True<br />
UserAuthServer True<br />
AccountingServer True<br />
Timeout 2<br />
Retries 0<br />
SignPackets False<br />
Secret ********<br />
13-194 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Setup Services<br />
Show Setup Services<br />
Displays switch service status information.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show setup services<br />
The following is an example of the Show Setup Services command:<br />
SANbox #> show setup services<br />
System Services<br />
-----------------------------<br />
TelnetEnabled<br />
True<br />
SSHEnabled<br />
False<br />
GUIMgmtEnabled<br />
True<br />
SSLEnabled<br />
False<br />
EmbeddedGUIEnabled True<br />
SNMPEnabled<br />
True<br />
NTPEnabled<br />
True<br />
CIMEnabled<br />
True<br />
FTPEnabled<br />
True<br />
MgmtServerEnabled<br />
True<br />
CallHomeEnabled<br />
True<br />
59263-02 B 13-195
13–<strong>Command</strong> Reference<br />
Show Setup Snmp<br />
Show Setup Snmp<br />
Displays the current SNMP settings.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show setup snmp<br />
common<br />
trap<br />
common<br />
Displays SNMP configuration parameters that are common to all traps. To display<br />
common and trap-specific parameters, omit the keyword. Refer to Table 13-31 for<br />
descriptions of the common configuration parameters.<br />
trap<br />
Displays trap-specific SNMP configuration parameters. To display common and<br />
trap-specific parameters, omit the keyword. Refer to Table 13-32 for descriptions<br />
of the trap-specific configuration parameters.<br />
Examples<br />
The following is an example of the Show Setup Snmp Common command:<br />
SANbox #> show setup snmp common<br />
SNMP Information<br />
----------------<br />
SNMPEnabled<br />
True<br />
Contact<br />
<br />
Location<br />
<br />
Description<br />
<strong>QLogic</strong> 5800V FC Switch<br />
ObjectID 1.3.6.1.4.1.3873.1.9<br />
AuthFailureTrap True<br />
ProxyEnabled<br />
True<br />
SNMPv3Enabled<br />
False<br />
The following is an example of the Show Setup Snmp Trap command:<br />
SANbox #> show setup snmp trap 1<br />
SNMP Information<br />
----------------<br />
Trap1Address 10.0.0.254<br />
Trap1Port 162<br />
Trap1Severity<br />
warning<br />
Trap1Version 2<br />
Trap1Enabled<br />
False<br />
13-196 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Setup System<br />
Show Setup System<br />
Displays network, logging, NTP server, and timer parameters on the switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
show setup system<br />
dns<br />
ipv4<br />
ipv6<br />
logging<br />
ntp<br />
timers<br />
dns<br />
Displays DNS host name configuration parameters. To display all system<br />
configuration parameters, omit the keyword. Refer to Table 13-33 for descriptions<br />
of the DNS host name configuration parameters.<br />
ipv4<br />
Displays switch IPv4 Ethernet configuration parameters. To display all system<br />
configuration parameters, omit the keyword. Refer to Table 13-34 for descriptions<br />
of the IPv4 Ethernet configuration parameters.<br />
ipv6<br />
Displays switch IP version 6 Ethernet configuration parameters. To display all<br />
system configuration parameters, omit the keyword. Refer to Table 13-35 for<br />
descriptions of the IP version 6 Ethernet configuration parameters.<br />
logging<br />
Displays event logging configuration parameters. To display all system<br />
configuration parameters, omit the keyword. Refer to Table 13-36 for descriptions<br />
of the event logging configuration parameters.<br />
ntp<br />
Displays NTP server configuration parameters. To display all system configuration<br />
parameters, omit the keyword. Refer to Table 13-37 for descriptions of the NTP<br />
server configuration parameters.<br />
timers<br />
Displays timer configuration parameters. To display all system configuration<br />
parameters, omit the keyword. Refer to Table 13-38 for descriptions of the timer<br />
configuration parameters.<br />
59263-02 B 13-197
13–<strong>Command</strong> Reference<br />
Show Setup System<br />
Examples<br />
The following is an example of the Show Setup System Dns command:<br />
SANbox #> show setup system dns<br />
System Information<br />
------------------<br />
DNSClientEnabled False<br />
DNSLocalHostname <br />
DNSServerDiscovery Static<br />
DNSServer1Address <br />
DNSServer2Address <br />
DNSServer3Address <br />
DNSSearchListDiscovery Static<br />
DNSSearchList1<br />
<br />
DNSSearchList2<br />
<br />
DNSSearchList3<br />
<br />
DNSSearchList4<br />
<br />
DNSSearchList5<br />
<br />
The following is an example of the Show Setup System Ipv4 command:<br />
SANbox #> show setup system ipv4<br />
System Information<br />
------------------<br />
EthIPv4NetworkEnable<br />
True<br />
EthIPv4NetworkDiscovery Static<br />
EthIPv4NetworkAddress 10.20.11.32<br />
EthIPv4NetworkMask 255.255.252.0<br />
EthIPv4GatewayAddress 10.20.8.254<br />
The following is an example of the Show Setup System Ipv6 command:<br />
SANbox #> show setup system ipv6<br />
System Information<br />
------------------<br />
EthIPv6NetworkEnable<br />
False<br />
EthIPv6NetworkDiscovery Static<br />
EthIPv6NetworkAddress 2001::1/64<br />
EthIPv6GatewayAddress fe80::1<br />
The following example of the Show Setup System Logging command:<br />
SANbox #> show setup system logging<br />
System Information<br />
------------------<br />
LocalLogEnabled<br />
True<br />
RemoteLogEnabled<br />
False<br />
RemoteLogHostAddress 10.0.0.254<br />
13-198 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Setup System<br />
The following is an example of the Show Setup System Ntp command:<br />
SANbox #> show setup system ntp<br />
System Information<br />
------------------<br />
NTPClientEnabled<br />
False<br />
NTPServerDiscovery Static<br />
NTPServerAddress 51.68.85.102<br />
The following example of the Show Setup System Timers command:<br />
SANbox #> show setup system timers<br />
System Information<br />
------------------<br />
AdminTimeout 30<br />
InactivityTimeout 0<br />
59263-02 B 13-199
13–<strong>Command</strong> Reference<br />
Show Steering<br />
Show Steering<br />
Displays the routes that data takes in the fabric.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
None<br />
show steering [domain_id]<br />
[domain_id]<br />
The domain ID for which to display route information. If you omit [domain_id], the<br />
system displays routes for all switches in the fabric.<br />
The following is an example of the Show Steering command:<br />
SANbox #> show steering 35<br />
DomainID DefaultOutPort InPort OutPort<br />
-------- -------------- ------ -------<br />
35 18 3 16/18/16/18<br />
5 18/16/18/16<br />
6 16/18/16/18<br />
7 16/18/16/18<br />
15 18/16/18/16<br />
13-200 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Switch<br />
Show Switch<br />
Displays switch operational information.<br />
Authority<br />
Syntax<br />
Notes<br />
None<br />
show switch<br />
Table 13-43 describes the switch operational parameters.<br />
Table 13-43. Switch Operational Parameters<br />
Parameter<br />
SymbolicName<br />
SwitchWWN<br />
BootVersion<br />
CreditPool<br />
DomainID<br />
Description<br />
Descriptive name for the switch<br />
Switch worldwide name<br />
PROM boot version<br />
Number of port buffer credits available to recipient<br />
ports<br />
Switch domain ID<br />
FirstPortAddress Fibre Channel address of switch port 0<br />
FlashSize - MBytes<br />
LogFilterLevel<br />
MaxPorts<br />
NumberOfResets<br />
ReasonForLastReset<br />
ActiveImageVersion - build date<br />
PendingImageVersion - build date<br />
ActiveConfiguration<br />
AdminState<br />
AdminModeActive<br />
BeaconOnStatus<br />
OperationalState<br />
Size of the flash memory in megabytes<br />
Event severity level used to record events in the<br />
event log<br />
Number of ports available on the switch<br />
Number of times the switch has been reset over its<br />
service life<br />
Action that caused the last reset<br />
Active firmware image version and build date.<br />
Firmware image version and build date that is<br />
pending. This image will become active at the next<br />
reset or power cycle.<br />
Name of the switch configuration that is in use.<br />
Switch administrative state<br />
Admin session status<br />
Beacon status as set by the Set Beacon command.<br />
Switch operational state<br />
59263-02 B 13-201
13–<strong>Command</strong> Reference<br />
Show Switch<br />
Table 13-43. Switch Operational Parameters (Continued)<br />
Parameter<br />
PrincipalSwitchRole<br />
POSTFaultCode<br />
POSTStatus<br />
TestFaultCode<br />
TestStatus<br />
BoardTemp (1) - Degrees Celsius<br />
SwitchTemperatureStatus<br />
Description<br />
Principal switch status. True indicates that this<br />
switch is the principal switch.<br />
Fault code from the most recent Power-on self test<br />
Status from the most recent Power-on self test<br />
Fault code from the most recent switch test<br />
Status from the most recent switch test<br />
Internal switch temperature at circuit board<br />
sensor 1.<br />
Switch temperature status: Normal, Warning, Failure.<br />
Examples<br />
The following is an example of the Show Switch command:<br />
SANbox #> show switch<br />
Switch Information<br />
------------------<br />
SymbolicName<br />
SANbox<br />
SwitchWWN<br />
10:00:00:c0:dd:00:bc:56<br />
BootVersion<br />
Vx.x.x.x-0 (day month date time year)<br />
CreditPool 0<br />
DomainID<br />
19 (0x13)<br />
FirstPortAddress 130000<br />
FlashSize - MBytes 128<br />
LogFilterLevel<br />
Critical<br />
MaxPorts 24<br />
NumberOfResets 15<br />
ReasonForLastReset<br />
PowerUp<br />
ActiveImageVersion - build date Vx.x.x.0 (day month date time year)<br />
PendingImageVersion - build date Vx.x.x.0 (day month date time year)<br />
ActiveConfiguration<br />
default<br />
AdminState<br />
Online<br />
AdminModeActive<br />
False<br />
BeaconOnStatus<br />
Off<br />
OperationalState<br />
Online<br />
PrincipalSwitchRole<br />
False<br />
POSTFaultCode 00000000<br />
POSTStatus<br />
Passed<br />
TestFaultCode 00000000<br />
TestStatus<br />
NeverRun<br />
BoardTemp (1) - Degrees Celsius 32<br />
SwitchTemperatureStatus<br />
Normal<br />
13-202 59263-02 B
13–<strong>Command</strong> Reference<br />
Show System<br />
Show System<br />
Displays the operational status of the Ethernet and DNS host name configuration<br />
parameters.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show system<br />
The following is an example of the Show System command:<br />
SANbox #> show system<br />
Assigned System Network Information<br />
-----------------------------------<br />
Hostname<br />
<br />
EthIPv4NetworkAddress 10.20.116.133<br />
EthIPv6NetworkAddress <br />
DNSServer1<br />
<br />
DNSSearchList1<br />
<br />
IPv4GatewayList1 10.20.116.1<br />
IPv6GatewayList1 <br />
NTPServer 10.20.10.10<br />
59263-02 B 13-203
13–<strong>Command</strong> Reference<br />
Show Testlog<br />
Show Testlog<br />
Displays the contents of the diagnostic field test log file.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show testlog<br />
or<br />
show test log<br />
The following is an example of the Show Testlog command:<br />
SANbox #> show testlog<br />
Queue:<br />
UID<br />
Sequence Count: 17<br />
Success Count: 10<br />
Failed Count: 7<br />
Records: 11<br />
Record: 1 of 11<br />
Time: Mon Sep 15 16:56:49 2008<br />
Sequence Number: 1<br />
Test:<br />
TEST_ONLINE (0x61)<br />
Subtest:<br />
TEST_ONLINE (0x61)<br />
Fault Code:<br />
DIAGS_ERR_INVALID_PORT_TYPE (0x14)<br />
Loops: 0<br />
Tx Blade/Asic/Port: 0/0/0<br />
Record: 2 of 11<br />
Time: Mon Sep 15 17:02:38 2008<br />
Sequence Number: 3<br />
Test:<br />
TEST_ONLINE (0x61)<br />
Subtest:<br />
TEST_ONLINE (0x61)<br />
Fault Code:<br />
DIAGS_ERR_INVALID_PORT_TYPE (0x14)<br />
Loops: 0<br />
Tx Blade/Asic/Port: 0/0/0<br />
Record: 3 of 11<br />
Time: Mon Sep 15 17:02:38 2008<br />
Sequence Number: 2<br />
Consecutive Passes: 1<br />
.<br />
.<br />
.<br />
13-204 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Timezone<br />
Show Timezone<br />
Displays the current time zone setting.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
show timezone<br />
The following is an example of the Show Timezone command:<br />
SANbox #> show timezone<br />
America/Chicago<br />
59263-02 B 13-205
13–<strong>Command</strong> Reference<br />
Show Topology<br />
Show Topology<br />
Displays information about devices connected to the switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
None<br />
show topology [port_number]<br />
[port_number]<br />
Displays the devices connected to the port given by [port_number].<br />
The following is an example of the Show Topology command:<br />
SANbox #> show topology<br />
Unique ID Key<br />
-------------<br />
A = ALPA, D = Domain ID, P = Port ID<br />
Port Local Local Remote Remote Unique<br />
Number Type PortWWN Type NodeWWN ID<br />
------ ----- ------- ------ ------- ------<br />
5 F 20:05:00:c0:dd:00:bd:ec N 20:00:00:00:c9:22:1e:93 010500 P<br />
10 E 20:0a:00:c0:dd:00:bd:ec E 10:00:00:c0:dd:00:80:21 4(0x4) D<br />
The following is an example of the Show Topology command for port 1:<br />
SANbox #> show topology 1<br />
Local Link Information<br />
----------------------<br />
PortNumber 1<br />
PortID 650100<br />
PortWWN<br />
20:01:00:c0:dd:00:91:11<br />
PortType<br />
F<br />
Remote Link Information<br />
-----------------------<br />
Device 0<br />
NodeWWN<br />
50:80:02:00:00:06:d5:38<br />
PortType<br />
NL<br />
Description<br />
(NULL)<br />
IPv4Address 0.0.0.0<br />
IPv6Address<br />
fc00:1234:5678:9abc:def0:1234:5678:9abc<br />
Device 1<br />
NodeWWN<br />
20:00:00:20:37:2b:08:c9<br />
PortType<br />
NL<br />
Description<br />
(NULL)<br />
IPv4Address 0.0.0.0<br />
IPv6Address<br />
fc00:1234:5678:9abc:def0:1234:5678:9efg<br />
13-206 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Users<br />
Show Users<br />
Displays a list of logged-in users. This is equivalent to the User List command.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
None<br />
show users brief<br />
brief<br />
Displays just the account name and client.<br />
The following is an example of the Show Users command:<br />
SANbox #> show users<br />
User<br />
cim@OB-session1<br />
Client<br />
cim<br />
Logged in Since Tue Apr 8 05:22:47 2008<br />
User<br />
snmp@IB-session2<br />
Client<br />
Unknown<br />
Logged in Since Tue Apr 8 05:22:55 2008<br />
User<br />
snmp@OB-session3<br />
Client<br />
Unknown<br />
Logged in Since Tue Apr 8 05:22:55 2008<br />
User<br />
admin@OB-session5<br />
Client 10.33.21.27<br />
Logged in Since Thu Apr 10 04:14:11 2008<br />
The following is an example of the Show Users Brief command:<br />
SANbox #> show users brief<br />
User<br />
Client<br />
---- ------<br />
cim@OB-session1<br />
cim<br />
snmp@IB-session2<br />
Unknown<br />
snmp@OB-session3<br />
Unknown<br />
admin@OB-session5 10.33.21.27<br />
59263-02 B 13-207
13–<strong>Command</strong> Reference<br />
Show Version<br />
Show Version<br />
Displays an introductory set of information about operational attributes of the<br />
switch. This command is equivalent to the Show About command.<br />
Authority<br />
Syntax<br />
Notes<br />
None<br />
show version<br />
Table 13-44 describes the Show Version command display entries.<br />
Table 13-44. Show Version Display Entries<br />
Entry<br />
SystemDescription<br />
HostName<br />
Switch system description<br />
DNS host name<br />
Description<br />
EthIPv4NetworkAddress Switch IP address, version 4<br />
EthIPv6NetworkAddress Switch IP address, version 6<br />
MacAddress<br />
WorldWideName<br />
ChassisSerialNumber<br />
SymbolicName<br />
ActiveSWVersion<br />
ActiveTimestamp<br />
POSTStatus<br />
LicensedPorts<br />
SwitchMode<br />
Switch MAC address<br />
Switch worldwide name<br />
Switch serial number<br />
Switch symbolic name<br />
Firmware version<br />
Date and time that the firmware was activated<br />
Results of the Power-on Self Test<br />
Number of licensed ports<br />
Full Fabric indicates that the switch operates with the<br />
standard Fibre Channel port types: G, GL, F, FL, E, TR.<br />
13-208 59263-02 B
13–<strong>Command</strong> Reference<br />
Show Version<br />
Examples<br />
The following is an example of the Show Version command.<br />
SANbox #> show version<br />
*****************************************************<br />
* *<br />
* <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong> SHell (CLISH) *<br />
* *<br />
*****************************************************<br />
SystemDescription<br />
<strong>QLogic</strong> 5800V FC Switch<br />
HostName<br />
<br />
EthIPv4NetworkAddress 10.20.11.192<br />
EthIPv6NetworkAddress ::<br />
MACAddress<br />
00:c0:dd:00:71:ee<br />
WorldWideName<br />
10:00:00:c0:dd:00:71:ed<br />
ChassisSerialNumber 033100024<br />
SymbolicName<br />
SANbox<br />
ActiveSWVersion<br />
V8.0.x.x.xx.xx<br />
ActiveTimestamp<br />
day month date time year<br />
POSTStatus<br />
Passed<br />
LicensedPorts 24<br />
SwitchMode<br />
Full Fabric<br />
59263-02 B 13-209
13–<strong>Command</strong> Reference<br />
Shutdown<br />
Shutdown<br />
Terminates all data transfers on the switch at convenient points and closes the<br />
Telnet session. Always power cycle the switch after entering this command.<br />
Authority<br />
Syntax<br />
Notes<br />
Admin session<br />
shutdown<br />
When the shutdown is complete, the Heartbeat LED is extinguished.<br />
13-210 59263-02 B
13–<strong>Command</strong> Reference<br />
Snmpv3user<br />
Snmpv3user<br />
Manages SNMP version 3 user accounts on the switch.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session except for the List keyword<br />
snmpv3user<br />
add<br />
delete [account]<br />
edit<br />
list<br />
add<br />
Creates an SNMP version 3 user account, prompting you for the parameters that<br />
are described in Table 13-45.<br />
Table 13-45. SNMP Version 3 User Account Parameters<br />
Parameter<br />
Description<br />
Username<br />
Group<br />
Authentication<br />
AuthType<br />
AuthPhrase<br />
Confirm AuthPhrase<br />
Privacy<br />
PrivType<br />
PrivPhrase<br />
Confirm PrivPhrase<br />
Account user name<br />
Group type: Read-Only or Read-Write. The default is<br />
Read-Only.<br />
Enables (True) or disables (False) authentication. The<br />
default is False.<br />
Authentication type can be MD5 or SHA.<br />
Authentication phrase<br />
Authentication phrase confirmation. Re-enter the phrase.<br />
Enables (True) or disables (False) privacy. The default is<br />
False.<br />
Privacy type. The default is DES.<br />
Privacy phrase<br />
Privacy phrase confirmation. Re-enter the phrase.<br />
delete [account]<br />
Deletes the SNMP version 3 user account given by [account].<br />
edit<br />
Modifies an SNMP version 3 user account, prompting you first for the account<br />
name to edit. For a description of the SNMP version 3 user account parameters,<br />
refer to Table 13-45.<br />
59263-02 B 13-211
13–<strong>Command</strong> Reference<br />
Snmpv3user<br />
list<br />
Displays SNMP version 3 user accounts, group, authentication type, and privacy<br />
type. This keyword does not require an Admin session.<br />
Examples<br />
The following is an example of the Snmpv3user Add command:<br />
SANbox #> admin start<br />
SANbox (admin) #> snmpv3user add<br />
A list of SNMPV3 user attributes with formatting and default values as<br />
applicable will follow.<br />
Enter a new value OR simply press the ENTER key where-ever allowed to<br />
accept the default value.<br />
If you wish to terminate this process before reaching the end of the list,<br />
press "q" or "Q" and the ENTER OR "Ctrl-C" key to do so.<br />
Username (8-32 chars) : snmpuser1<br />
Group (0=ReadOnly, 1=ReadWrite) [ReadOnly ] : 1<br />
Authentication (True/False) [False ] : t<br />
AuthType (1=MD5, 2=SHA) [MD5 ] : 1<br />
AuthPhrase (8-32 chars) : ***********<br />
Confirm AuthPhrase : ***********<br />
Privacy (True/False) [False ] : t<br />
PrivType (1=DES) [DES ] : 1<br />
PrivPhrase (8-32 chars) : ********<br />
Confirm PrivPhrase : ********<br />
Do you want to save and activate this snmpv3user setup ?<br />
(y/n): [n] y<br />
SNMPV3 user added and activated.<br />
The following is an example of the Snmpv3user Delete command:<br />
SANbox #> admin start<br />
SANbox (admin) #> snmpv3user delete snmpuser1<br />
The user account will be deleted. Please confirm (y/n): [n] y<br />
SNMPV3 user deleted.<br />
The following is an example of the Snmpv3user List command:<br />
SANbox #> snmpv3user list<br />
Username Group AuthType PrivType<br />
-------- ----- -------- --------<br />
snmpuser1 ReadWrite MD5 DES<br />
13-212 59263-02 B
13–<strong>Command</strong> Reference<br />
Test Cancel<br />
Test Cancel<br />
Cancels a port test that is in progress.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
test cancel<br />
port [port_number]<br />
port [port_number]<br />
Cancel the test for the port given by [port_number]. [port_number] can be 0–23.<br />
Examples The following example cancels the test running on port 15:<br />
SANbox (admin) #> test cancel port 15<br />
59263-02 B 13-213
13–<strong>Command</strong> Reference<br />
Test Port<br />
Test Port<br />
Authority<br />
Syntax<br />
Keywords<br />
Tests individual ports using an offline or online test.<br />
Admin session<br />
test port [port_number]<br />
offline [loopback_type]<br />
online<br />
[port_number]<br />
The port to be tested. [port_number] can be 0–23.<br />
offline [loopback_type]<br />
Performs an offline test of the type given by [loopback_type] on the port given by<br />
[port_number]. Use the Set Port command to place the port in the diagnostics<br />
state before running the test. [loopback_type] can have the following values:<br />
internal<br />
Exercises the internal port connections.<br />
NOTE:<br />
An internal test on an XPAK port verifies that a complete path exists,<br />
but does not send a test frame.<br />
external<br />
Exercises the port and its transceiver. A transceiver with a loopback plug is<br />
required for the port.<br />
NOTE:<br />
An external test on an XPAK port verifies that a complete path exists,<br />
but does not send a test frame.<br />
online<br />
Exercises the port, transceiver, and device connections while the port is online.<br />
Online testing of TR_Ports is not allowed. This test does not disrupt<br />
communication on the port.<br />
13-214 59263-02 B
13–<strong>Command</strong> Reference<br />
Test Port<br />
Notes<br />
Table 13-46 describes the port test parameters.<br />
Table 13-46. Port Test Parameters<br />
Parameter<br />
Description<br />
LoopCount<br />
FrameSize<br />
DataPattern<br />
StopOnError<br />
LoopForever<br />
Number of frames sent<br />
Number of bytes in each test frame<br />
Pattern in the payload<br />
Stops the test when an error occurs (True).<br />
Otherwise, the test continues to completion.<br />
Restarts the test after completion and continues<br />
until you cancel it (True). Otherwise,<br />
the test ends normally after completion.<br />
To cancel a port test that is in progress, enter the Test Cancel Port command.<br />
To display the status of the most recent port test or port test in progress, enter the<br />
Test Status Port command.<br />
Examples The following example performs an online test on port 1:<br />
SANbox #> admin start<br />
SANbox (admin) #> test port 1 online<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the default value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [429496729]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or 'Default') [Default ]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
Do you want to start the test? (y/n) [n] y<br />
The test has been started.<br />
A notification with the test result(s) will appear<br />
on the screen when the test has completed.<br />
SANbox (admin) #><br />
Test for port 1 Passed.<br />
59263-02 B 13-215
13–<strong>Command</strong> Reference<br />
Test Status<br />
Test Status<br />
Displays the status of a test in progress, or if there is no test in progress, the<br />
status of the last test that was executed.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
test status<br />
port [port_number]<br />
switch<br />
port [port_number]<br />
Display test status for the port given by [port_number]. [port_number] can be<br />
0–23.<br />
switch<br />
Display test status for the switch: Passed, Failed, NeverRun.<br />
Examples<br />
The following is an example of the Test Status Port command:<br />
SANbox (admin) #> test status port 1<br />
Port Test Test Loop Test<br />
Num Port Type Status Count Failures<br />
---- -------- ---- ------ ----- --------<br />
1 1 Offline Internal Passed 12 0<br />
13-216 59263-02 B
13–<strong>Command</strong> Reference<br />
Test Status<br />
The following example of the Test Status Switch command:<br />
SANbox (admin) #> test status switch<br />
Test Test Test Loop Test<br />
Level Type Status Count Failures<br />
----- ---- ------ ----- --------<br />
Switch Offline internal NeverRun 33 4<br />
Port Test Test Loop Test<br />
Num Type Status Count Failures<br />
---- ---- ------ ----- --------<br />
0 Offline internal StoppedOnError 12 2<br />
1 Offline internal NeverRun 1 0<br />
2 Offline internal Passed 4 0<br />
3 Offline internal NeverRun 1 0<br />
4 Offline internal NeverRun 1 0<br />
5 Offline internal NeverRun 1 0<br />
6 Offline internal NeverRun 1 0<br />
7 Offline internal NeverRun 12 2<br />
8 Unknown NeverRun 0 0<br />
9 Unknown NeverRun 0 0<br />
10 Unknown NeverRun 0 0<br />
11 Unknown NeverRun 0 0<br />
12 Unknown NeverRun 0 0<br />
13 Unknown NeverRun 0 0<br />
14 Unknown NeverRun 0 0<br />
15 Unknown NeverRun 0 0<br />
16 Unknown NeverRun 0 0<br />
17 Unknown NeverRun 0 0<br />
18 Unknown NeverRun 0 0<br />
19 Unknown NeverRun 0 0<br />
20 Unknown NeverRun 0 0<br />
21 Unknown NeverRun 0 0<br />
22 Unknown NeverRun 0 0<br />
23 Unknown NeverRun 0 0<br />
59263-02 B 13-217
13–<strong>Command</strong> Reference<br />
Test Switch<br />
Test Switch<br />
Tests all ports on the switch using a connectivity test, an offline test, or an online<br />
test.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
test switch<br />
connectivity [loopback_type]<br />
offline [loopback_type]<br />
online<br />
connectivity [loopback_type]<br />
Performs a connectivity test of the type given by [loopback_type] on all switch<br />
ports. You must place the switch in the diagnostics state using the<br />
Set Switch State command before starting the test. [loopback_type] can be one of<br />
the following:<br />
internal<br />
Exercises all internal port and inter-port connections.<br />
external<br />
Exercises all internal port, transceiver, and inter-port connections. A<br />
transceiver with a loopback plug is required for all ports.<br />
offline [loopback_type]<br />
Performs an offline test of the type given by [loopback_type] on all switch ports.<br />
You must place the switch in the diagnostics state using the Set Switch State<br />
command before starting the test. [loopback_type] can have the following values:<br />
internal<br />
Exercises all internal port connections.<br />
external<br />
Exercises all port and transceiver connections. A transceiver with a<br />
loopback plug is required for all ports.<br />
online<br />
Exercises port-to-device connections for all ports that are online. The online test<br />
excludes TR_Ports. This test does not disrupt communication on the ports.<br />
13-218 59263-02 B
13–<strong>Command</strong> Reference<br />
Test Switch<br />
Notes<br />
Table 13-47 describes the switch test parameters.<br />
Table 13-47. Switch Test Parameters<br />
Parameter<br />
Description<br />
LoopCount Number of frames sent: 1–4294967295.<br />
The default is 100.<br />
FrameSize<br />
DataPattern<br />
StopOnError<br />
LoopForever<br />
Number of bytes in each test frame:<br />
40–2148. The default is 256.<br />
32-bit hexadecimal test value, or default,<br />
which defines random data<br />
Stops the test when an error occurs (True).<br />
Otherwise, the test continues to completion.<br />
Restarts the test after completion and continues<br />
until you cancel it (True). Otherwise,<br />
the test ends normally after completion.<br />
To cancel a switch test in progress, enter the Test Cancel Switch command.<br />
To display the status of a recent switch test or switch test in progress, enter the<br />
Test Status Switch command.<br />
Examples<br />
The following example performs an offline internal test on a switch:<br />
SANbox #> admin start<br />
SANbox (admin) #>set switch state diagnostics<br />
SANbox (admin) #> test switch offline internal<br />
A list of attributes with formatting and current values will follow. Enter a new<br />
value or simply press the ENTER key to accept the default value. If you wish to<br />
terminate this process before reaching the end of the list press 'q' or 'Q' and the<br />
ENTER key to do so.<br />
LoopCount (decimal value, 1-4294967295) [100 ]<br />
FrameSize (decimal value, 40-2148) [256 ]<br />
DataPattern (32-bit hex value or 'Default') [Default]<br />
StopOnError (True / False) [True ]<br />
LoopForever (True / False) [False ]<br />
Do you want to start the test? (y/n) [n] y<br />
59263-02 B 13-219
13–<strong>Command</strong> Reference<br />
Uptime<br />
Uptime<br />
Authority<br />
Syntax<br />
Examples<br />
Displays the elapsed up time since the switch was last reset and the reset<br />
method. A hot reset or non-disruptive firmware activation does not reset the<br />
elapsed up time reported by this command.<br />
None<br />
uptime<br />
The following is an example of the Uptime command:<br />
SANbox #> uptime<br />
Elapsed up time : 0 day(s), 2 hour(s), 28 min(s), 44 sec(s)<br />
Reason last reset: NormalReset<br />
13-220 59263-02 B
13–<strong>Command</strong> Reference<br />
User<br />
User<br />
Authority<br />
Syntax<br />
Keywords<br />
Administers and displays user accounts.<br />
Admin account name and an Admin session. The Accounts and List keywords are<br />
available to all account names without an Admin session.<br />
user<br />
accounts<br />
add<br />
delete [account_name]<br />
edit<br />
list brief<br />
accounts<br />
Displays all user accounts that exist on the switch. This keyword is available to all<br />
account names without an Admin session.<br />
add<br />
Add a user account to the switch. You will be prompted for an account name, a<br />
password, authority, and an expiration date.<br />
• A switch can have a maximum of 15 user accounts. An account name can<br />
be up to 15 characters: the first character must be alphanumeric; the<br />
remaining characters must be ASCII characters excluding semicolon (;),<br />
comma (,), #, and period (.).<br />
• Passwords must be 8–20 characters.<br />
• Admin authority grants permission to use the Admin command to open an<br />
Admin session, from which all commands can be entered. Without Admin<br />
authority, you are limited to view-only commands.<br />
• The expiration date is expressed in the number of days until the account<br />
expires (2000 maximum). The switch will issue an expiration alarm every<br />
day for seven days prior to expiration. 0 (zero) specifies that the account has<br />
no expiration date.<br />
delete [account_name]<br />
Deletes the account name given by [account_name] from the switch.<br />
edit<br />
Initiates an edit session that prompts you for the account name for which to<br />
change the expiration date and authority.<br />
59263-02 B 13-221
13–<strong>Command</strong> Reference<br />
User<br />
list brief<br />
Displays the list of users currently logged in, the login date, and the login time.<br />
The User List command is equivalent to the Show Users command. This keyword<br />
is available to all account names without an Admin session. To display just the<br />
account name and client, enter the User List Brief command.<br />
Notes<br />
Examples<br />
Authority level or password changes that you make to an account that is currently<br />
logged in do not take effect until that account logs in again.<br />
The following is an example of the User Accounts command:<br />
SANbox (admin) #> user accounts<br />
Current list of user accounts<br />
-----------------------------<br />
images (admin authority = False, never expires)<br />
admin (admin authority = True , never expires)<br />
chuckca (admin authority = False, expires in < 50 days)<br />
gregj (admin authority = True , expires in < 100 days)<br />
fred<br />
(admin authority = True , never expires)<br />
The following is an example of the User Add command:<br />
SANbox (admin) #> user add<br />
Press 'q' and the ENTER key to abort this command.<br />
account name (1-15 chars) : user1<br />
account password (8-20 chars) : *******<br />
please confirm account password: *******<br />
set account expiration in days (0-2000, 0=never): [0] 100<br />
should this account have admin authority? (y/n): [n] y<br />
OK to add user account 'user1' with admin authority<br />
and to expire in 100 days?<br />
Please confirm (y/n): [n] y<br />
13-222 59263-02 B
13–<strong>Command</strong> Reference<br />
User<br />
The following is an example of the User Edit command:<br />
SANbox (admin) #> user edit<br />
Press 'q' and the ENTER key to abort this command.<br />
account name (1-15 chars) : user1<br />
set account expiration in days (0-2000, 0=never): [0]<br />
should this account have admin authority? (y/n): [n]<br />
OK to modify user account 'user1' with no admin authority<br />
and to expire in 0 days?<br />
Please confirm (y/n): [n]<br />
The following is an example of the User Delete command:<br />
SANbox (admin) #> user delete user3<br />
The user account will be deleted. Please confirm (y/n): [n] y<br />
The following is an example of the User List command:<br />
SANbox (admin) #> user list<br />
User<br />
cim@OB-session1<br />
Client<br />
cim<br />
Logged in Since day month date time year<br />
User<br />
snmp@IB-session2<br />
Client<br />
Unknown<br />
Logged in Since day month date time year<br />
User<br />
snmp@OB-session3<br />
Client<br />
Unknown<br />
Logged in Since day month date time year<br />
User<br />
admin@OB-session8<br />
Client 10.33.21.27<br />
Logged in Since day month date time year<br />
59263-02 B 13-223
13–<strong>Command</strong> Reference<br />
Whoami<br />
Whoami<br />
Authority<br />
Syntax<br />
Examples<br />
Displays the account name, session number, and switch domain ID for the Telnet<br />
session.<br />
None<br />
whoami<br />
The following is an example of the Whoami command:<br />
SANbox #> whoami<br />
User name : admin@session2<br />
Switch name : SANbox<br />
Switch domain ID: 21 (0x15)<br />
13-224 59263-02 B
13–<strong>Command</strong> Reference<br />
Zone<br />
Zone<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages zones and zone membership on a switch.<br />
Admin session and a Zoning Edit session. Refer to the “Zoning Edit” command on<br />
page 13-236 for information about starting a Zoning Edit session. The List,<br />
Members, and Zonesets keywords are available without an Admin session.<br />
zone<br />
add [zone] [member_list]<br />
list<br />
members [zone]<br />
orphans<br />
remove [zone] [member_list]<br />
rename [zone_old] [zone_new]<br />
zonesets [zone]<br />
add [zone] [member_list]<br />
Specifies one or more ports/devices given by [members] to add to the zone<br />
named [zone]. Use a to delimit aliases and ports/devices in<br />
[member_list]. A zone can have a maximum of 2000 members. [member_list] can<br />
have any of the following formats:<br />
• Domain ID and port number pair (Domain ID, Port Number). Domain IDs can<br />
be 1–239; port numbers can be 0–255.<br />
• 6-character hexadecimal device Fibre Channel address (hex)<br />
• 16-character hexadecimal worldwide port name (WWPN) with the format<br />
xx:xx:xx:xx:xx:xx:xx:xx.<br />
• Alias name<br />
The application verifies that the [members] format is correct, but does not validate<br />
that such a member exists. You must enter the Zoning Save command afterwards<br />
to save your changes.<br />
copy [zone_source] [zone_destination]<br />
Creates a new zone named [zone_destination] and copies the membership into it<br />
from the zone given by [zone_source]. You must enter the Zoning Save command<br />
afterwards to save your changes.<br />
create [zone]<br />
Creates a zone with the name given by [zone]. An zone name must begin with a<br />
letter and be no longer than 64 characters. Valid characters are 0-9, A-Z, a-z, _, $,<br />
^, and -. The zoning database supports a maximum of 2000 zones. You must<br />
enter the Zoning Save command afterwards to save your changes.<br />
59263-02 B 13-225
13–<strong>Command</strong> Reference<br />
Zone<br />
delete [zone]<br />
Deletes the specified zone given by [zone] from the zoning database. If the zone<br />
is a component of the active zone set, the zone will not be removed from the<br />
active zone set until the active zone set is deactivated. You must enter the<br />
Zoning Save command afterwards to save your changes.<br />
list<br />
Displays a list of all zones and the zone sets of which they are components. This<br />
keyword does not require an Admin session.<br />
members [zone]<br />
Displays all members of the zone given by [zone]. This keyword does not require<br />
an Admin session.<br />
orphans<br />
Displays a list of zones that are not members of any zone set.<br />
remove [zone] [member_list]<br />
Removes the ports/devices given by [member_list] from the zone given by [zone].<br />
Use a to delimit aliases and ports/devices in [member_list].<br />
[member_list] can have any of the following formats:<br />
• Domain ID and port number pair (Domain ID, Port Number). Domain IDs can<br />
be 1–239; port numbers can be 0–255.<br />
• 6-character hexadecimal device Fibre Channel address (hex)<br />
• 16-character hexadecimal worldwide port name (WWPN) with the format<br />
xx:xx:xx:xx:xx:xx:xx:xx.<br />
• Alias name<br />
You must enter the Zoning Save command afterwards to save your changes.<br />
rename [zone_old] [zone_new]<br />
Renames the zone given by [zone_old] to the zone given by [zone_new]. You<br />
must enter the Zoning Save command afterwards to save your changes.<br />
zonesets [zone]<br />
Displays all zone sets of which the zone given by [zone] is a component. This<br />
keyword does not require an Admin session.<br />
13-226 59263-02 B
13–<strong>Command</strong> Reference<br />
Zone<br />
Examples<br />
The following is an example of the Zone List command:<br />
SANbox #> zone list<br />
Zone ZoneSet<br />
---- -------<br />
wwn_b0241f<br />
zone_set_1<br />
wwn_23bd31<br />
zone_set_1<br />
wwn_221416<br />
zone_set_2<br />
wwn_2215c3<br />
zone_set_2<br />
wwn_0160ed<br />
zone_set_3<br />
The following is an example of the Zone Members command:<br />
SANbox #> zone members wwn_b0241f<br />
Current List of Members for Zone: wwn_b0241f<br />
---------------------------------<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
21:00:00:e0:8b:02:41:2f<br />
The following is an example of the Zone Orphans command:<br />
SANbox #> zone orphans<br />
Current list of orphan zones<br />
----------------------------<br />
zone3<br />
zone4<br />
The following is an example of the Zone Zonesets command:<br />
SANbox #> zone zonesets zone1<br />
Current List of ZoneSets for Zone: zone1<br />
----------------------------------<br />
zone_set_1<br />
59263-02 B 13-227
13–<strong>Command</strong> Reference<br />
Zoneset<br />
Zoneset<br />
Authority<br />
Syntax<br />
Keywords<br />
Manages zone sets and component zones across the fabric.<br />
Admin session and a Zoning Edit session. Refer to the “Zoning Edit” command on<br />
page 13-236 for information about starting a Zoning Edit session. The Active, List,<br />
and Zones keywords are available without an Admin session. You must close the<br />
Zoning Edit session before using the Activate and Deactivate keywords.<br />
zoneset<br />
activate [zone_set]<br />
active<br />
add [zone_set] [zone_list]<br />
copy [zone_set_source] [zone_set_destination]<br />
create [zone_set]<br />
deactivate<br />
delete [zone_set]<br />
list<br />
remove [zone_set] [zone_list]<br />
rename [zone_set_old] [zone_set_new]<br />
zones [zone_set]<br />
activate [zone_set]<br />
Activates the zone set given by [zone_set]. This keyword deactivates the active<br />
zone set. Close the Zoning Edit session before using this keyword.<br />
active<br />
Displays the name of the active zone set. This keyword does not require Admin<br />
session.<br />
add [zone_set] [zone_list]<br />
Adds a list of zones and aliases given by [zone_list] to the zone set given by<br />
[zone_set]. Use a to delimit zone and alias names in [zone_list]. You<br />
must enter the Zoning Save command afterwards to save your changes.<br />
copy [zone_set_source] [zone_set_destination]<br />
Creates a new zone set named [zone_set_destination] and copies into it the<br />
zones from the zone set given by [zone_set_source]. You must enter the<br />
Zoning Save command afterwards to save your changes.<br />
13-228 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoneset<br />
create [zone_set]<br />
Creates the zone set with the name given by [zone_set]. A zone set name must<br />
begin with a letter and be no longer than 64 characters. Valid characters are 0-9,<br />
A-Z, a-z, _, $, ^, and -. The zoning database supports a maximum of 256 zone<br />
sets. You must enter the Zoning Save command afterwards to save your changes.<br />
deactivate<br />
Deactivates the active zone set. Close the Zoning Edit session before using this<br />
keyword.<br />
delete [zone_set]<br />
Deletes the zone set given by [zone_set]. If the specified zone set is active, the<br />
command is suspended until the zone set is deactivated. You must enter the<br />
Zoning Save command afterwards to save your changes.<br />
list<br />
Displays a list of all zone sets. This keyword does not require an Admin session.<br />
remove [zone_set] [zone_list]<br />
Removes a list of zones given by [zone_list] from the zone set given by<br />
[zone_set]. Use a to delimit zone names in [zone_list]. If [zone_set] is the<br />
active zone set, the zone will not be removed until the zone set has been<br />
deactivated. You must enter the Zoning Save command afterwards to save your<br />
changes.<br />
rename [zone_set_old] [zone_set_new]<br />
Renames the zone set given by [zone_set_old] to the name given by<br />
[zone_set_new]. You can rename the active zone set. You must enter the<br />
Zoning Save command afterwards to save your changes.<br />
zones [zone_set]<br />
Displays all zones that are components of the zone set given by [zone_set]. This<br />
keyword does not require an Admin session.<br />
Notes • A zone set must be active for its definitions to be applied to the fabric.<br />
• Only one zone set can be active at one time.<br />
• A zone can be a component of more than one zone set.<br />
59263-02 B 13-229
13–<strong>Command</strong> Reference<br />
Zoneset<br />
Examples<br />
The following is an example of the Zoneset Active command:<br />
SANbox #> zoneset active<br />
Active ZoneSet Information<br />
--------------------------<br />
ActiveZoneSet Bets<br />
LastActivatedBy admin@OB-session6<br />
LastActivatedOn day month date time year<br />
The following is an example of the Zoneset List command:<br />
SANbox #> zoneset list<br />
Current List of ZoneSets<br />
------------------------<br />
alpha<br />
beta<br />
The following is an example of the Zoneset Zones command:<br />
SANbox #> zoneset zones ssss<br />
Current List of Zones for ZoneSet: ssss<br />
----------------------------------<br />
zone1<br />
zone2<br />
zone3<br />
13-230 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Active<br />
Zoning Active<br />
Displays information for the active zone set or saves the active zone set to the<br />
non-volatile zoning database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
Admin session for the Capture keyword.<br />
zoning active<br />
capture<br />
capture<br />
Saves the active zone set to the non-volatile zoning data base.<br />
The following is an example of the Zoning Active command:<br />
SANbox #> zoning active<br />
Active (enforced) ZoneSet Information<br />
ZoneSet Zone ZoneMember<br />
--------------------------------<br />
wwn<br />
wwn_b0241f<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
21:00:00:e0:8b:02:41:2f<br />
wwn_23bd31<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:c3<br />
The following is an example of the Zoning Active Capture command:<br />
SANbox (admin) #> zoning active capture<br />
This command will overwrite the configured zoning database in NVRAM.<br />
Please confirm (y/n): [n] y<br />
The active zoning database has been saved.<br />
59263-02 B 13-231
13–<strong>Command</strong> Reference<br />
Zoning Cancel<br />
Zoning Cancel<br />
Closes the current Zoning Edit session. Any unsaved changes are lost.<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session and a Zoning Edit session.<br />
zoning cancel<br />
The following is an example of the Zoning Cancel command:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
.<br />
.<br />
.<br />
SANbox (admin-zoning) #> zoning cancel<br />
Zoning edit mode will be canceled. Please confirm (y/n): [n] y<br />
13-232 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Clear<br />
Zoning Clear<br />
Clears all inactive zone sets from the volatile edit copy of the zoning database.<br />
This keyword requires a zoning edit session. This keyword does not affect the<br />
non-volatile zoning database. However, if you enter the Zoning Clear command<br />
followed by the Zoning Save command, the non-volatile zoning database will be<br />
cleared from the switch.<br />
NOTE:<br />
The preferred method for clearing the zoning database from the switch is the<br />
Reset Zoning command.<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session and a Zoning Edit session.<br />
zoning clear<br />
The following is an example of the Zoning Clear command:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #> zoning clear<br />
SANbox (admin-zoning) #> zoning save<br />
59263-02 B 13-233
13–<strong>Command</strong> Reference<br />
Zoning Configured<br />
Zoning Configured<br />
Displays the contents of the non-volatile zoning database.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
zoning configured<br />
The following is an example of the Zoning Configured command:<br />
SANbox #> zoning configured<br />
Configured (saved in NVRAM) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
------- ---- ----------<br />
wwn<br />
wwn_b0241f<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
wwn_23bd31<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:16<br />
13-234 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Delete Orphans<br />
Zoning Delete Orphans<br />
Deletes all objects that are not part of the active zone set, including zone sets,<br />
zones, and aliases.<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session<br />
zoning delete orphans<br />
The following is an example of the Zoning Delete Orphans command:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning delete orphans<br />
This command will remove all zonesets, zones, and aliases<br />
that are not currently active.<br />
Please confirm (y/n): [n] y<br />
SANbox (admin) #> zoning save<br />
59263-02 B 13-235
13–<strong>Command</strong> Reference<br />
Zoning Edit<br />
Zoning Edit<br />
Opens a Zoning Edit session for the non-volatile zoning database or the merged<br />
zone set in which to create and manage zone sets and zones. Refer to the “Zone”<br />
command on page 13-225 and the “Zoneset” command on page 13-228.<br />
Authority<br />
Syntax<br />
Keywords<br />
Admin session<br />
zoning edit [database]<br />
[database]<br />
Opens an edit session for the zoning database given by [database]. If you omit<br />
[database], an edit session for the non-volatile zoning database is opened.<br />
[database] can have the following values:<br />
configured<br />
Opens a zoning edit session for the non-volatile zoning database.<br />
merged<br />
Opens a zoning edit session for the temporary merged zone set received<br />
from another switch.<br />
Examples<br />
The following is an example of the Zoning Edit command:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #><br />
.<br />
.<br />
SANbox (admin-zoning) #> zoning save<br />
The changes have been saved; however, they must be activated<br />
before they can take effect -- see zoneset activate command.<br />
13-236 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Edited<br />
Zoning Edited<br />
Displays the contents of the edited zoning database.<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session and a Zoning Edit session<br />
zoning edited<br />
The following is an example of the Zoning Edited command:<br />
SANbox (admin-zoning) #> zoning edited<br />
Edited (unsaved) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
------- ---- ----------<br />
ZS1<br />
Z1<br />
10:00:00:c0:dd:00:b9:f9<br />
10:00:00:c0:dd:00:b9:fa<br />
59263-02 B 13-237
13–<strong>Command</strong> Reference<br />
Zoning History<br />
Zoning History<br />
Displays a history of zoning modifications. This keyword does not require an<br />
Admin session. History information includes the following:<br />
• Time of the most recent zone set activation or deactivation and the user who<br />
performed it<br />
• Time of the most recent modifications to the zoning database and the user<br />
who made them.<br />
• Checksum for the zoning database<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
zoning history<br />
The following is an example of the Zoning History command:<br />
SANbox #> zoning history<br />
Active Database Information<br />
---------------------------<br />
ZoneSetLastActivated/DeactivatedBy Remote<br />
ZoneSetLastActivated/DeactivatedOn day mon date hh:mm:ss yyyy<br />
Database Checksum 00000000<br />
Inactive Database Information<br />
-----------------------------<br />
ConfigurationLastEditedBy<br />
admin@OB-session17<br />
ConfigurationLastEditedOn<br />
day mon date hh:mm:ss yyyy<br />
Database Checksum 00000000<br />
13-238 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Limits<br />
Zoning Limits<br />
Displays the limits and numbers of zone sets, zones, aliases, members per zone,<br />
members per alias, and total members in the zoning database.<br />
Authority<br />
Syntax<br />
Keywords<br />
None<br />
zoning limits<br />
brief<br />
brief<br />
Displays zoning limits for each category, the current number of objects, and the<br />
applicable zoning database (non-volatile or active). If you omit this keyword, the<br />
display includes a membership breakdown for each zone.<br />
Notes The specific zoning database limits are described in Table 13-48.<br />
Table 13-48. Zoning Database Limits<br />
Limit<br />
Description<br />
MaxZoneSets Maximum number of zone sets (256)<br />
MaxZones Maximum number of zones (2000)<br />
MaxAliases Maximum number of aliases (2500)<br />
MaxTotalMembers Maximum number of zone and alias members (10000)<br />
that can be stored in the switch’s zoning database. Each<br />
instance of a zone member or alias member counts<br />
toward this maximum.<br />
MaxZonesInZoneSets<br />
Maximum number of zones that are components of zone<br />
sets (2000), excluding those in the orphan zone set, that<br />
can be stored in the switch’s zoning database. Each<br />
instance of a zone in a zone set counts toward this maximum.<br />
MaxMembersPerZone Maximum number of members in a zone (2000)<br />
MaxMembersPerAlias Maximum number of members in an alias (2000)<br />
59263-02 B 13-239
13–<strong>Command</strong> Reference<br />
Zoning List<br />
Zoning List<br />
Lists all zoning definitions, including the applicable zoning database.<br />
Authority<br />
Syntax<br />
Examples<br />
None<br />
zoning list<br />
The following is an example of the Zoning List command:<br />
SANbox #> zoning list<br />
Active (enforced) ZoneSet Information<br />
ZoneSet Zone ZoneMember<br />
--------------------------------<br />
wwn<br />
wwn_23bd31<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:c3<br />
Configured (saved in NVRAM) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
--------------------------------<br />
wwn<br />
wwn_23bd31<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:23:bd:31<br />
wwn_221416<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:14:16<br />
wwn_2215c3<br />
50:06:04:82:bf:d2:18:c2<br />
50:06:04:82:bf:d2:18:d2<br />
10:00:00:00:c9:22:15:16<br />
13-240 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Merged<br />
Zoning Merged<br />
Displays the contents of the merged zone set, or saves the merged zone set to<br />
the non-volatile zoning database.<br />
Authority<br />
Syntax<br />
Keywords<br />
Examples<br />
Admin session for the Capture keyword.<br />
zoning merged<br />
capture<br />
capture<br />
Saves the merged zone set to the non-volatile zoning database. You must enter<br />
the Zoning Save command afterwards to save your changes. If you omit this<br />
keyword, this command displays the contents of the merged zone set.<br />
The following is an example of the Zoning Merged command:<br />
SANbox #> zoning merged<br />
*********************************************************************<br />
To permanently save the merged database locally, execute the<br />
'zoning merged capture' command. To edit the merged database<br />
use the ’zoning edit merged’ command. To remove the merged database<br />
use the ’zoning restore’ command.<br />
**********************************************************************<br />
Merged (unsaved) Zoning Information<br />
ZoneSet Zone ZoneMember<br />
------- ---- ----------<br />
ZS1<br />
Z1<br />
10:00:00:c0:dd:00:b9:f9<br />
10:00:00:c0:dd:00:b9:fa<br />
Z2<br />
10:00:00:c0:dd:00:b9:fb<br />
10:00:00:c0:dd:00:b9:fc<br />
The following is an example of the Zoning Merged Capture command:<br />
SANbox (admin) #> zoning merged capture<br />
This command will overwrite the configured zoning database in NVRAM.<br />
Please confirm (y/n): [n] y<br />
The merged zoning database has been saved.<br />
59263-02 B 13-241
13–<strong>Command</strong> Reference<br />
Zoning Restore<br />
Zoning Restore<br />
Restores the volatile zoning database with the contents of the non-volatile zoning<br />
database. If the MergeAutoSave parameter is False (see Table 13-15), you can<br />
use this command to revert changes to the merged zone set that were propagated<br />
from another switch in the fabric through zone set activation or merging fabrics.<br />
Authority<br />
Syntax<br />
Admin session<br />
zoning restore<br />
13-242 59263-02 B
13–<strong>Command</strong> Reference<br />
Zoning Save<br />
Zoning Save<br />
Saves changes made during the current Zoning Edit session. The system informs<br />
you that the zone set must be activated to implement any changes.<br />
Authority<br />
Syntax<br />
Examples<br />
Admin session and a Zoning Edit session.<br />
zoning save<br />
The following is an example of the Zoning Save command:<br />
SANbox #> admin start<br />
SANbox (admin) #> zoning edit<br />
SANbox (admin-zoning) #><br />
.<br />
.<br />
SANbox (admin-zoning) #> zoning save<br />
The changes have been saved; however, they must be activated<br />
before they can take effect -- see zoneset activate command.<br />
59263-02 B 13-243
13–<strong>Command</strong> Reference<br />
Zoning Save<br />
13-244 59263-02 B
Index<br />
Numerics<br />
20Gb stacking port license 4-29, 13-29<br />
A<br />
account name<br />
admin 1-2<br />
display 13-221, 13-224<br />
factory 2-1<br />
maintenance mode 2-1<br />
activation<br />
firmware 4-19, 4-20<br />
security 8-8, 8-10<br />
switch configuration 4-11, 4-12<br />
zoning 6-11<br />
active zone set 6-1, 6-3<br />
adapter 13-168<br />
Admin<br />
account name 2-1, 13-1<br />
authority 1-3, 13-1<br />
session 1-3<br />
session timeout 13-145<br />
Admin command 13-3<br />
Admin session 4-30<br />
administrative state<br />
port 13-127<br />
switch 13-150<br />
alarm<br />
configuration 5-14, 13-117<br />
configuration display 5-4, 13-162<br />
description 10-1, 13-124<br />
log 13-106, 13-154<br />
alias<br />
add members 6-18, 13-4<br />
copy 6-18, 13-4<br />
create 6-17, 13-4<br />
delete 6-18, 13-5<br />
delete members 13-5<br />
display list 13-5<br />
display members 13-5<br />
information 6-7<br />
management 6-17<br />
remove 6-13<br />
remove ports/devices 6-18<br />
rename 6-18, 13-5<br />
Alias command 13-4<br />
Add example 6-18<br />
Copy example 6-18<br />
Create example 6-17<br />
Delete example 6-18<br />
List example 6-7<br />
Members example 6-7<br />
Remove example 6-18<br />
Rename example 6-18<br />
association<br />
concepts 3-7<br />
copy 3-20<br />
create 3-17<br />
delete 3-18<br />
information 3-9<br />
modify 3-19<br />
rename 3-20<br />
authentication 8-1, 9-1, 13-34<br />
authority 2-1, 3-8, 3-10, 13-1<br />
authorization 8-1<br />
autosave<br />
security database 8-6<br />
zoning database 6-9<br />
59263-02 B Index-1
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
B<br />
backup file 4-13<br />
beacon 4-16, 13-107<br />
binding<br />
fabric 13-33, 13-37<br />
port 5-11, 13-114<br />
Boot Protocol 13-143, 13-144<br />
broadcast 13-155<br />
C<br />
Call Home<br />
concepts 11-1<br />
database 11-2, 11-6, 11-7, 11-14<br />
edit session 13-1<br />
message queue 11-8, 11-13<br />
messages 11-3<br />
queue 11-3<br />
requirements 11-2<br />
reset 11-7<br />
service 11-2, 11-5, 13-137<br />
technical support interface 11-4<br />
Callhome command 13-6<br />
Changeover example 11-13<br />
Clear example 11-14<br />
Edit example 11-6<br />
History example 11-7<br />
List example 11-7<br />
List Profile example 11-8<br />
Profile Test example 11-13<br />
Queue Clear example 11-13<br />
Queue Stats example 11-8<br />
Capture command 13-10<br />
Add example 11-11<br />
Edit example 11-12<br />
Remove example 11-12<br />
Central Processing Unit usage 4-4<br />
Cert_authority command 13-13<br />
certificate 3-8, 3-10, 7-2, 7-3, 13-21<br />
certificate authority 3-8, 3-10<br />
Certificate command 13-14<br />
Challenge Handshake Authentication Protocol<br />
13-34<br />
CHAP - See Challenge Handshake<br />
Authentication Protocol<br />
chassis status 13-155, 13-156<br />
Clone Config Port command 13-16<br />
command<br />
entry 1-4<br />
examples 13-2<br />
listing 13-2<br />
notes 13-2<br />
reference 13-1<br />
rules and conventions 13-2<br />
syntax 13-2<br />
command-line completion 1-4<br />
Config command 13-17<br />
Activate example 4-11<br />
Backup example 4-13<br />
Copy example 4-11<br />
Delete example 4-11<br />
Edit example 4-11, 6-10<br />
List example 4-10<br />
Restore example 4-15<br />
configuration<br />
activate 4-11, 13-17<br />
backup 4-13, 13-17<br />
copy 4-11, 13-17<br />
delete 4-11, 13-18<br />
device security 8-1<br />
display 4-10<br />
edit 13-18<br />
edit session 13-1<br />
export 13-18<br />
import 13-18<br />
list 13-18<br />
modify 4-11<br />
reset 13-89<br />
restore 4-13, 4-15, 13-18<br />
save 13-19<br />
configuration file<br />
download 1-8, 4-14<br />
upload 1-8<br />
Index-2<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
connection<br />
security 7-1, 13-135, 13-136<br />
SSL 13-21<br />
connectivity test 4-26<br />
CPU - See Central Processing Unit<br />
CRC - See Cyclic Redundancy Check<br />
Create command 13-21<br />
Certificate example 7-3<br />
Support example 1-6<br />
credit 13-165<br />
critical event 10-1<br />
Cyclic Redundancy Check errors 5-14<br />
D<br />
data capture<br />
add configuration 11-11<br />
delete configuration 11-12<br />
modify configuration 11-12<br />
date 4-16, 4-18<br />
Date command 4-16, 13-24<br />
decode errors 5-14<br />
default<br />
switch configuration 13-92<br />
zone 6-9<br />
device<br />
access 6-1<br />
security configuration 8-1<br />
digital certificate 3-8<br />
discard inactive 6-9<br />
discovery method 3-1<br />
display control 1-5<br />
DNS - See Domain Name System<br />
domain ID<br />
binding 13-33, 13-37<br />
display 13-164<br />
Domain Name System 3-4<br />
donor port 13-165<br />
Dynamic Host Configuration Protocol 13-143,<br />
13-144<br />
E<br />
elapsed time 4-4<br />
encryption 3-8<br />
Enterprise Fabric Suite 4-29, 13-29<br />
errors 5-14<br />
Ethernet<br />
connection 11-2<br />
network information 3-1<br />
port configuration 3-2<br />
event<br />
message format 10-2<br />
output stream control 10-3<br />
remote logging 10-5<br />
severity level 10-1<br />
event log<br />
clear 10-5<br />
configuration 10-1, 10-4<br />
configuration management 10-4<br />
display 10-2<br />
display configuration 10-5<br />
filter 10-3<br />
restore configuration 10-5<br />
event logging<br />
by component 13-121, 13-170<br />
by port 13-123, 13-172<br />
by severity level 13-172<br />
display 13-170<br />
remote 10-5<br />
restore defaults 13-124<br />
save settings 13-124<br />
settings 13-172<br />
severity level 13-123<br />
start and stop 10-2, 13-124<br />
Exit command 13-25<br />
expiration date 2-1<br />
extended credit 13-165<br />
external test 5-15, 13-214, 13-218<br />
59263-02 B Index-3
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
F<br />
fabric<br />
binding 8-6<br />
configuration 3-1<br />
Fabric Device Management <strong>Interface</strong> 13-168<br />
factory defaults 13-90<br />
Fcping command 13-26<br />
example 4-28<br />
Fctrace command 13-27<br />
example 4-28<br />
FDMI - See Fabric Device Management<br />
<strong>Interface</strong><br />
Feature command 13-29<br />
Add example 4-29<br />
Log example 4-29<br />
feature upgrade 4-29, 13-29<br />
Fibre Channel<br />
connection 4-28<br />
routing 4-28<br />
file download and upload 1-8<br />
File Transfer Protocol<br />
download files 1-8, 4-14<br />
download firmware 4-21<br />
restore configuration file 4-15<br />
service 13-136<br />
user account 2-1<br />
firmware<br />
custom installation 4-22<br />
image file 13-60<br />
information 4-8<br />
install with CLI 13-30<br />
installation 4-19<br />
list image files 13-60<br />
non-disruptive activation 4-20, 13-43<br />
one-step installation 4-21<br />
remove image files 13-60<br />
retrieve image file 13-60<br />
unpack image 13-61<br />
upload file 1-8<br />
version 13-208<br />
Firmware Install command 13-30<br />
example 4-19<br />
FTP - See File Transfer Protocol<br />
full-text format 11-3<br />
G<br />
gateway address 3-1, 3-2, 13-143, 13-144<br />
Greenwich Mean Time 4-16<br />
group<br />
add members 8-12, 13-33<br />
add to security set 8-10<br />
copy 8-11, 13-35<br />
create 8-11, 13-35<br />
delete 8-11<br />
description 8-1<br />
edit member attributes 13-36<br />
ISL 8-11<br />
list 13-37<br />
list members 13-37<br />
management 8-11<br />
membership 8-4<br />
modify member 8-13<br />
MS 8-11, 13-35<br />
port 8-11<br />
remove from security set 8-10<br />
remove members 8-13, 13-37<br />
rename 8-11, 13-37<br />
type 13-35, 13-37<br />
Group command 13-32<br />
Add example 8-12<br />
Copy example 8-11<br />
Create example 8-11<br />
Delete example 8-11<br />
Edit example 8-13<br />
Members example 8-4<br />
Remove example 8-13<br />
Rename example 8-11<br />
Securitysets example 8-4<br />
H<br />
hard reset 4-19<br />
Hardreset command 13-40<br />
hardware information 4-7<br />
Index-4<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Heartbeat LED 4-7<br />
Help command 1-4, 13-41<br />
History command 13-42<br />
hot reset 4-19<br />
Hotreset command 13-43<br />
I<br />
I/O Stream Guard 13-111<br />
idle session limits 4-30<br />
Ike List command 13-44<br />
example 3-10<br />
Ike Peer command 13-47<br />
Copy example 3-23<br />
Create example 3-20<br />
Delete example 3-21<br />
Edit example 3-22<br />
Rename example 3-23<br />
Ike Policy command 13-53<br />
Copy example 3-26<br />
Create example 3-24<br />
Delete example 3-25<br />
Edit example 3-25<br />
Rename example 3-26<br />
Image command 13-60<br />
Install example 4-19<br />
inactivity limits 4-30<br />
informative event 10-1<br />
Inter-Fabric Zone 5-10<br />
internal test 5-15, 13-214, 13-218<br />
Internet Key Exchange<br />
concepts 3-7<br />
database 3-20, 3-23<br />
peer 3-8, 3-10<br />
policy 3-8, 3-10, 3-23<br />
Internet Protocol<br />
security 3-6, 3-7, 3-27<br />
version 4 3-2<br />
version 6 3-4<br />
Inter-Switch Link<br />
connection count 5-14<br />
group 8-1, 8-11, 13-35<br />
IP address 3-1, 3-2, 13-143, 13-144<br />
IP security<br />
association 3-7<br />
configuration history 3-11<br />
configuration limits 3-12<br />
edit session 13-2<br />
policy 3-7<br />
reset 3-6<br />
Ipsec Association command 13-65<br />
Copy example 3-20<br />
Create example 3-17<br />
Delete example 3-18<br />
Edit example 3-19<br />
Rename example 3-20<br />
Ipsec command 13-63<br />
Clear example 3-27<br />
Ipsec History command<br />
example 3-11<br />
Ipsec Limits command<br />
example 3-12<br />
Ipsec List command 13-69<br />
example 3-9<br />
Ipsec Policy command 13-72<br />
Copy example 3-15<br />
Create example 3-13<br />
Delete example 3-14<br />
Edit example 3-14<br />
Rename example 3-15<br />
ISL - See Inter-Switch Link<br />
K<br />
key 3-10<br />
Key command 13-77<br />
keywords 13-2<br />
59263-02 B Index-5
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
L<br />
license key<br />
20Gb stacking port 4-29, 13-29<br />
description 4-29<br />
display 4-29<br />
Enterprise Fabric Suite 13-29<br />
install 4-29, 13-29<br />
port activation 4-29<br />
limits 13-239<br />
Link Control Frame 13-110<br />
link state database 13-174<br />
Lip command 13-79<br />
log<br />
archive 13-121<br />
clear 13-121<br />
display 13-122, 13-171<br />
event 13-121, 13-170<br />
local 13-144<br />
POST 13-191<br />
remote 13-144<br />
log file<br />
create and download 10-6<br />
download 1-8<br />
upload 1-8<br />
logged in users 13-207<br />
login<br />
errors 5-14<br />
limit 1-3<br />
session 4-30<br />
Logout command 13-80<br />
logout errors 5-14<br />
loop port initialization 13-79<br />
loss-of-signal errors 5-14<br />
M<br />
maintenance mode 2-1<br />
Management Server<br />
group 8-1, 8-11, 13-35<br />
service 13-137<br />
manufacturer information 13-193<br />
mask address 13-143, 13-144<br />
MD5 authentication 13-34<br />
memory activity 13-178<br />
message<br />
format 11-3<br />
queue 11-8, 11-13<br />
MS - See Management Server<br />
Multi-Frame Sequence bundling 13-110<br />
N<br />
name server information 4-2, 13-179<br />
network<br />
configuration 3-1<br />
configuration reset 13-91<br />
discovery 3-1, 3-2, 13-143, 13-144<br />
enable 13-143<br />
gateway address 13-143, 13-144<br />
interfaces 13-169<br />
IP address 13-143, 13-144<br />
mask 13-143, 13-144<br />
Network Time Protocol<br />
client 13-145<br />
date and time 4-18<br />
description 4-16<br />
interaction with Date command 13-24<br />
server address 13-145<br />
service 13-136<br />
non-disruptive activation 13-43<br />
NPIV - See N-Port ID Virtualization<br />
N-Port ID Virtualization 5-8, 5-9<br />
NTP - See Network Time Protocol<br />
O<br />
offline test<br />
port 5-16<br />
switch 4-25<br />
online test<br />
port 5-15<br />
switch 4-24<br />
operational information 4-3<br />
orphan zones 6-6<br />
Index-6<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
output stream control 10-3<br />
P<br />
page break 1-5<br />
Passwd command 2-4, 13-81<br />
password<br />
change 13-81<br />
default 1-2<br />
File Transfer Protocol 1-8<br />
switch 13-81<br />
user account 2-4<br />
peer<br />
copy 3-23<br />
create 3-20<br />
delete 3-21<br />
description 3-8<br />
information 3-10<br />
modify 3-22<br />
rename 3-23<br />
performance tuning 13-110<br />
Ping command 13-82<br />
example 3-5<br />
PKI - See Public Key Infrastructure<br />
policy (IKE)<br />
copy 3-26<br />
create 3-24<br />
delete 3-25<br />
description 3-8<br />
information 3-10<br />
modify 3-25<br />
rename 3-26<br />
policy (IP)<br />
copy 3-15<br />
create 3-13<br />
delete 3-14<br />
description 3-7<br />
information 3-9<br />
modify 3-14<br />
rename 3-15<br />
port<br />
activation 4-29, 13-29<br />
administrative state 13-127<br />
binding 5-11, 13-114, 13-160<br />
configuration 5-1, 13-108<br />
configuration display 13-157<br />
configuration parameters 5-2<br />
counters 13-126<br />
external test 13-214, 13-218<br />
group 8-1, 8-11, 13-35<br />
information 5-1<br />
initialize 13-90<br />
internal test 13-214, 13-218<br />
modify operating characteristics 5-7<br />
online test 13-214, 13-218<br />
operational information 5-3, 13-185<br />
performance 5-5, 13-181, 13-182<br />
performance tuning 13-110<br />
reset 5-13<br />
speed 13-126<br />
testing 5-15<br />
threshold alarms 5-4, 5-14<br />
POST - See Power-On Self Test<br />
Power-On Self Test log 13-191<br />
preference routing 13-110<br />
process identifier 4-4<br />
processing time 4-4<br />
profile<br />
copy 11-11, 13-83<br />
create 11-9, 13-83<br />
delete 11-9, 13-84<br />
edit 13-84<br />
modify 11-10<br />
rename 11-11, 13-84<br />
Tech_Support_Center 11-4, 11-14<br />
test 11-13<br />
Profile command 13-83<br />
Copy example 11-11<br />
Create example 11-9<br />
Delete example 11-9<br />
Edit example 11-10<br />
Rename example 11-11<br />
Ps command 4-4, 13-87<br />
59263-02 B Index-7
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
public key<br />
description 3-8<br />
management 3-10<br />
Public Key Infrastructure 3-10<br />
Q<br />
QuickTools 13-136<br />
Quit command 13-88<br />
R<br />
RADIUS - See Remote Dial-In User Service<br />
RADIUS server<br />
configuration 7-2, 9-1, 9-3, 13-128, 13-131,<br />
13-132<br />
configuration display 13-194<br />
information 9-1<br />
reset 13-90<br />
Registered State Change Notification 13-111<br />
Remote Dial-In User Service 9-1<br />
remote host logging<br />
description 10-5<br />
enable 13-144<br />
host address 13-144<br />
Reset command 13-89<br />
Callhome example 11-7, 11-14<br />
Config example 6-9<br />
Factory example 6-9<br />
Internet Key Exchange 3-27<br />
IP Security example 3-6<br />
Ipsec example 3-27<br />
Port example 5-13<br />
Security example 8-9<br />
SNMP example 12-5<br />
Zoning example 6-11, 6-12<br />
Reverse Address Resolution Protocol 13-143,<br />
13-144<br />
routing 13-110, 13-200<br />
RSCN - See Registered State Change<br />
Notification<br />
S<br />
secret 13-34<br />
Secure File Transfer Protocol 4-21<br />
Secure Shell<br />
description 7-1<br />
service 7-2, 13-135<br />
Secure Socket Layer<br />
certificate 7-3, 13-21<br />
description 7-1<br />
service 7-2, 13-136<br />
switch time 13-24<br />
security<br />
certificate 7-2, 7-3<br />
configuration 13-113<br />
configuration display 13-159<br />
configuration parameters 4-6<br />
connection 7-1<br />
database 13-90<br />
edit session 13-1<br />
group 8-1<br />
revert changes 8-6<br />
security association<br />
database 3-16<br />
information 3-9<br />
Security command 13-99<br />
Activate example 8-8<br />
Active example 8-3<br />
Clear example 8-9<br />
Edit example 8-8<br />
History example 8-5<br />
Limits example 8-5<br />
List example 8-2<br />
Save example 8-8<br />
Index-8<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
security database<br />
autosave 8-6<br />
clear 13-99<br />
configuration 8-6<br />
description 8-1<br />
display 13-100<br />
display history 13-100<br />
information 8-1<br />
limits 8-5, 13-100<br />
modification history 8-5<br />
modify 8-8<br />
reset 8-9<br />
restore 8-6<br />
security edit session<br />
cancel 13-99<br />
initiate 13-100<br />
revert changes 13-100<br />
save changes 13-100<br />
security policy<br />
database 3-12<br />
information 3-9<br />
security set<br />
activate 8-10, 13-103<br />
active 8-3<br />
add group 8-10<br />
add member group 13-103<br />
configured 8-2<br />
copy 8-10, 13-103<br />
create 8-9, 13-104<br />
deactivate 8-10, 13-104<br />
delete 8-9, 13-104<br />
delete member group 13-104<br />
description 8-1<br />
display 13-104<br />
display active 13-99, 13-103<br />
display members 13-104<br />
information 8-2<br />
management 8-9<br />
membership 8-4<br />
remove groups 8-10<br />
rename 8-10, 13-104<br />
Securityset command 13-103<br />
Activate example 8-10<br />
Active example 8-3<br />
Add example 8-10<br />
Copy example 8-10<br />
Create example 8-9<br />
Deactivate example 8-10<br />
Delete example 8-9<br />
Group example 8-4<br />
List example 8-2<br />
Remove example 8-10<br />
Rename example 8-10<br />
services<br />
display 4-9, 7-3<br />
managing 4-9<br />
SNMP 12-2<br />
Set Beacon command 4-16<br />
Set Config Port command 13-108<br />
example 5-7<br />
Set Config Security command 13-113<br />
example 8-7<br />
Set Config Security Port command 13-114<br />
example 5-12<br />
Set Config Switch command 13-115<br />
example 4-12<br />
Set Config Threshold command 13-117<br />
example 5-14<br />
Set Config Zoning command 13-119<br />
example 6-9<br />
Set Log command 13-121<br />
Archive example 10-6<br />
Clear example 10-5<br />
Display example 10-3<br />
example 10-4<br />
Restore example 10-5<br />
Start example 10-2<br />
Stop example 10-2<br />
Set Pagebreak command 13-125<br />
example 1-5<br />
Set Port command 13-126<br />
Set Setup Callhome command 13-128<br />
example 11-5<br />
Set Setup command<br />
SNMP example 12-4<br />
59263-02 B Index-9
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Set Setup Radius command 13-131<br />
example 9-3<br />
Set Setup Services command 13-135<br />
example 4-9<br />
SNMP service 12-2<br />
SSH and SSL services 7-2<br />
Set Setup SNMP command 13-138<br />
Set Setup System command 13-142<br />
Ethernet configuration 3-2<br />
NTP example 4-18<br />
remote logging 10-6<br />
Timers example 4-30<br />
Set Switch State command 13-150<br />
Set Timezone command 13-151<br />
severity level 10-1<br />
SHA-1 authentication 13-34<br />
short-text format 11-3<br />
Show About command 13-152<br />
Show Alarm command 13-154<br />
Show Broadcast command 13-155<br />
Show Chassis command 13-156<br />
example 4-7<br />
Show Config Port command 13-157<br />
example 5-2<br />
Show Config Security command 13-159<br />
example 4-6<br />
port binding 5-11<br />
Show Config Security Port command 13-160<br />
Show Config Switch command 13-161<br />
example 4-5<br />
Show Config Threshold command 13-162<br />
example 5-4<br />
Show Config Zoning command 13-163<br />
example 4-6<br />
Show Domains command 13-164<br />
Show Donor command 13-165<br />
example 5-17<br />
Show Env command 13-166<br />
Show Fabric command 13-167<br />
example 3-1<br />
Show FDMI command 13-168<br />
Show <strong>Interface</strong> command 13-169<br />
Show Log command 13-170<br />
display log 10-2<br />
filter display 10-3<br />
Settings example 10-5<br />
Show LSDB command 13-174<br />
Show Media command 13-175<br />
example 5-6<br />
Show Mem command 13-178<br />
Show NS command 13-179<br />
example 4-2<br />
Show Pagebreak command 13-181<br />
Show Perf command 13-182<br />
example 5-5<br />
Show Port command 13-185<br />
example 5-3<br />
Show Post Log command 13-191<br />
Show Setup Callhome command 13-192<br />
example 11-5<br />
Show Setup Mfg command 13-193<br />
Show Setup Radius command 13-194<br />
example 9-1<br />
Show Setup Services command 13-195<br />
example 4-9<br />
SSL and SSH example 7-3<br />
Show Setup SNMP command 13-196<br />
example 12-3<br />
Show Setup System command 13-197<br />
example 3-2<br />
Show Steering command 13-200<br />
Show Switch command 13-201<br />
Show System command 13-203<br />
Show Test Log command 13-204<br />
Show Timezone command 13-205<br />
Show Topology command 13-206<br />
Show Users command 13-207<br />
Show Version command 13-208<br />
example 4-8<br />
Shutdown command 13-210<br />
signed certificate 3-10<br />
Simple Mail Transfer Protocol server 11-13<br />
Index-10<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Simple Network Management Protocol<br />
configuration 12-1, 13-138<br />
configuration display 13-196<br />
information 12-3<br />
modify configuration 12-4<br />
reset 13-90<br />
reset configuration 12-5<br />
service 12-2, 13-136<br />
user account 12-7<br />
version 3 12-4, 12-6, 13-211<br />
SMI-S - See Storage Management<br />
Initiative-Specification<br />
Snmpv3user command 13-211<br />
soft<br />
reset 4-19<br />
zone 6-1<br />
SSH - See Secure Shell<br />
SSL - See Secure Socket Layer<br />
Storage Management Initiative-Specification<br />
13-136<br />
subnet mask 3-1<br />
support file<br />
create 1-6, 13-21<br />
download 1-7, 1-8<br />
upload 1-8<br />
switch<br />
administrative state 13-150<br />
configuration 4-1, 4-10, 13-115<br />
configuration defaults 13-92<br />
configuration display 13-161<br />
configuration parameters 4-5, 4-12<br />
date and time 7-3<br />
hard reset 13-40<br />
information 4-1<br />
log 13-144<br />
login 1-2<br />
management service 13-135<br />
manufacturer information 13-193<br />
operational information 4-3, 13-201<br />
paging 4-16<br />
reset 4-5, 4-19, 13-220<br />
reset without POST 13-91<br />
services 4-9, 13-90, 13-135, 13-195<br />
user accounts 2-1<br />
syntax 13-2<br />
system configuration<br />
change 13-142<br />
display 13-197<br />
system process information 4-4<br />
T<br />
technical support 1-6<br />
Telnet<br />
connection security 7-2<br />
login 1-2<br />
service 13-135<br />
session timeout 13-145<br />
test<br />
cancel 4-27, 5-17<br />
connectivity 4-26<br />
offline 4-25, 5-16<br />
online 4-24, 5-15<br />
status 4-26, 5-17<br />
Test Cancel command 13-213<br />
Test command<br />
example 5-15<br />
test log file 13-204<br />
Test Port command 13-214<br />
example 5-15<br />
Test Status command 13-216<br />
Test Switch command 13-218<br />
TFTP - See Trivial File Transfer Protocol<br />
time<br />
between resets 4-5<br />
set and display 4-16, 13-24<br />
set with NTP 4-18<br />
zone 4-16, 13-151, 13-205<br />
timeout<br />
Admin session 13-145<br />
admin session 3-2<br />
inactivity 3-2<br />
Telnet session 13-145<br />
topology 13-206<br />
TR_Port 5-8<br />
transceiver information 5-6<br />
transparent routing 5-8<br />
59263-02 B Index-11
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Trivial File Transfer Protocol 4-21, 13-60<br />
Tsc1 text format 11-3<br />
U<br />
Universal Time 4-16<br />
upgrade 4-29, 13-29<br />
Uptime command 13-220<br />
example 4-5<br />
user account<br />
add 13-221<br />
configuration 2-1<br />
create 2-3<br />
delete 13-221<br />
display 13-221<br />
edit 13-221<br />
information 2-2<br />
list 13-222<br />
logged in 13-207<br />
modify 2-4<br />
password 2-4<br />
user administration 13-221<br />
User command 13-221<br />
Accounts example 2-2<br />
Add example 2-3<br />
Delete example 2-4<br />
Edit example 2-4<br />
List example 2-2<br />
Z<br />
zone<br />
add member port 13-225<br />
add to zone set 6-14, 6-17<br />
copy 6-16, 13-225<br />
create 6-16, 13-225<br />
definition 6-1<br />
delete 6-16, 13-226<br />
delete member port 13-226<br />
list 13-226<br />
list members 13-226<br />
management 6-15<br />
membership 6-6<br />
orphan 13-226<br />
orphans 6-6<br />
remove 6-13<br />
remove from zone set 6-15<br />
remove ports/devices 6-17<br />
rename 6-16, 13-226<br />
Zone command 13-225<br />
Add example 6-17<br />
Copy example 6-16<br />
Create example 6-16<br />
Delete example 6-16<br />
Members example 6-6<br />
Remove example 6-17<br />
Rename example 6-16<br />
Zonesets example 6-6<br />
V<br />
Virtual <strong>Interface</strong> preference routing 13-110<br />
W<br />
warning 10-1<br />
web applet<br />
service 13-136<br />
Whoami command 13-224<br />
workstation<br />
date and time 7-3<br />
settings 1-2<br />
Index-12<br />
59263-02 B
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
zone set<br />
activate 6-15, 13-228<br />
active 6-1, 6-3, 6-12, 13-231<br />
add member zone 13-228<br />
add zones 6-14<br />
configured 6-2<br />
copy 6-14, 13-228<br />
create 6-13, 13-229<br />
deactivate 6-15, 13-91, 13-229<br />
definition 6-1<br />
delete 6-14, 13-229<br />
delete member zone 13-229<br />
display 13-229<br />
display active 13-228<br />
display members 13-229<br />
display zones 13-226<br />
information 6-2<br />
management 6-13<br />
membership 6-5<br />
merged 6-4, 6-12<br />
remove 6-13<br />
remove zones 6-15<br />
rename 6-14, 13-229<br />
Zoneset command 13-228<br />
Activate example 6-15<br />
Active example 6-4<br />
Add example 6-14<br />
Copy example 6-14<br />
Create example 6-13<br />
Deactivate example 6-15<br />
Delete example 6-14<br />
List example 6-2<br />
Merged example 6-4<br />
Remove example 6-15<br />
Rename example 6-14<br />
Zones example 6-5<br />
zoning<br />
configuration 6-1, 13-119<br />
configuration display 13-163<br />
configuration parameters 4-6<br />
database 13-91<br />
edit session 13-1<br />
hardware enforced 6-1<br />
information 6-2<br />
limits 13-239<br />
list definitions 13-240<br />
merged zone set 6-9<br />
modification history 6-7<br />
modify 6-10<br />
reset 6-11<br />
restore 6-9<br />
revert changes 13-242<br />
save edits 13-243<br />
Zoning Active command 13-231<br />
Capture example 6-12<br />
example 6-3<br />
Zoning Cancel command 13-232<br />
Zoning Clear command 13-233<br />
example 6-12<br />
Zoning command<br />
Merged Capture example 6-12<br />
Zoning Configured command 13-234<br />
zoning database<br />
configuration 6-9<br />
limits 6-8<br />
modify 6-11<br />
reset 6-12<br />
Zoning Delete command<br />
example 6-13<br />
Zoning Delete Orphans command 13-235<br />
Zoning Edit command 13-236<br />
example 6-11<br />
Zoning Edited command 13-237<br />
Zoning History command 13-238<br />
example 6-7<br />
Zoning Limits command 13-239<br />
example 6-8<br />
Zoning List command 13-240<br />
example 6-2<br />
59263-02 B Index-13
User’s <strong>Guide</strong> <strong>Command</strong> <strong>Line</strong> <strong>Interface</strong><br />
5800V Series Stackable Fibre Channel Switch<br />
Zoning Merged command 13-241<br />
Capture example 6-12<br />
Zoning Restore command 13-242<br />
Zoning Save command 13-243<br />
Index-14<br />
59263-02 B
Corporate Headquarters <strong>QLogic</strong> Corporation 26650 Aliso Viejo Parkway Aliso Viejo, CA 92656 949.389.6000 www.qlogic.com<br />
International Offices UK | Ireland | Germany | France | India | Japan | China | Hong Kong | Singapore | Taiwan<br />
© 2011 <strong>QLogic</strong> Corporation. Specifications are subject to change without notice. All rights reserved worldwide. <strong>QLogic</strong>, the <strong>QLogic</strong> logo, Enterprise<br />
Fabric Suite, and QuickTools are trademarks or registered trademarks of <strong>QLogic</strong> Corporation. Microsoft, Windows NT, and Windows 2000/2003, and<br />
Internet Explorer are registered trademarks of Microsoft Corporation. Brocade is a registered trademark of Brocade Communications Systems, Inc.<br />
Cisco is a registered trademark of Cisco Systems, Inc. All other brand and product names are trademarks or registered trademarks of their respective<br />
owners. Information supplied by <strong>QLogic</strong> Corporation is believed to be accurate and reliable. <strong>QLogic</strong> Corporation assumes no responsibility for any<br />
errors in this brochure. <strong>QLogic</strong> Corporation reserves the right, without notice, to make changes in product design or specifications.