CMSE LG v2 PDF
CMSE LG v2 PDF
CMSE LG v2 PDF
Cisco Multiprotocol
Storage Essentials
Version 2.0
Lab Guide
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax
numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica
Croatia • Cyprus • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece
Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia
Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania
Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland
Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright 2005 Cisco Systems, Inc. All rights reserved. CCSP, the Cisco Square Bridge logo, Follow Me
Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play,
and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco
IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the
Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive,
GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard,
LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet,
PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus,
SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered
trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the
word partner does not imply a partnership relationship between Cisco and any other company. (0501R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO
WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY
OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO
SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-
INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE
OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be accurate, it falls
subject to the disclaimer above.
CMSE
Lab Guide
Overview
This guide includes these activities:
Lab 2-1: Implementing FCIP with the Cisco MDS 9000 IPS Module
Lab 2-2: Implementing FCIP High Availability
Lab 2-3: Implementing IVR for SAN Extension
Lab 2-4: Tuning FCIP Performance
Lab 3-1: Implementing iSCSI with the MDS 9000 IPS Module
Lab 3-2: Configuring Static Initiators and Targets
Lab 3-3: Implementing Fibre Channel Access Control for iSCSI
Lab 3-4: Implementing iSCSI Access Control
Lab 3-5: Implementing High-Availability iSCSI Configurations
Lab 3-6: Troubleshooting IP Storage Services
Lab 2-1: Implementing FCIP with the Cisco MDS
9000 IPS Module
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
Your customer needs to provide basic SAN extension between two sites. There is no need for
redundancy, as this is simply a proof-of-concept implementation. The customer network is
large, with many IP subnets.
In this activity, you will configure an FCIP environment using the Cisco MDS 9000 IPS
Module. After completing this activity, you will be able to meet these objectives:
Complete the initial switch configuration process.
Configure Gigabit Ethernet interfaces on the MDS 9000 IPS Module.
Configure FCIP profiles.
Create and verify an FCIP tunnel between two MDS 9000 IPS Modules.
Create and test a file system in Windows 2000.
Visual Objective
The figure illustrates what you will accomplish in this activity.
2 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Required Resources
These are the resources and equipment required to complete this activity:
A Cisco MDS 9506 Multilayer Director and a Cisco MDS 9216 Fabric Switch, each with
an MDS 9000 IPS Module.
Two Windows 2000 servers, each with an FC HBA.
A Just a Bunch of Disks (JBOD) with at least two disks
Command List
The table describes the commands used in this activity.
Command Description
show fcns database Displays a list of all the ports that are logged in to
[ vsan vsan-id ] the Fibre Channel Name Server (FCNS).
show interface gigabitethernet Displays the status of and statistics for interface
slot/port gigabitethernet slot or port.
show interface fcip interface- Displays the status of and statistics for FCIP
number interface interface-number.
Activity Procedure
Complete these steps:
Step 1 Start a console session and log in to your assigned switch using the following login
information:
Switch login: admin
Password: 1234qwer
Step 2 Clear the current startup configuration and reboot the switch. Your display should
resemble the following:
# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
# reload
This command will reboot the system. (y/n)? y
Step 3 After the switch reboots, it will automatically launch the setup utility. Answer the
questions according to the following example, replacing your pod number where
appropriate. Your display should resemble the following:
Uncompressing linecard components
INIT: Entering runlevel: 3
---- System Admin Account Setup ----
Enter the password for "admin": 1234qwer
Confirm the password for "admin": 1234qwer
4 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Mgmt0 IP address : 10.0.x.y (where x is the pod number and y is 3 for
the MDS 9216 and y is 5 for the MDS 9506)
Mgmt0 IP netmask : 255.255.255.0
Configure the default gateway? (yes/no) [y]: <Enter>
IP address of the default gateway : 10.0.x.254
Configure advanced IP options? (yes/no) [n]: <Enter>
Enable the telnet service? (yes/no) [y]: <Enter>
Enable the ssh service? (yes/no) [n]: <Enter>
Configure the ntp server? (yes/no) [n]: y
NTP server IP address : 10.0.x.254 (where x is the pod number)
Configure default switchport interface state (shut/noshut)
[shut]: <Enter>
Configure default switchport trunk mode (on/off/auto) [on]:
<Enter>
Configure default zone policy (permit/deny) [deny]: <Enter>
Enable full zoneset distribution (yes/no) [n]: <Enter>
Step 4 Review the configuration summary and save the configuration. Your display should
resemble the following:
The following configuration will be applied:
switchname mds9216-21
interface mgmt0
ip address 10.0.21.3 255.255.255.0
no shutdown
ip default-gateway 10.0.21.254
telnet server enable
no ssh server enable
ntp server 10.0.21.254
system default switchport shutdown
system default switchport trunk mode on
no zone default-zone permit vsan 1-4093
no zoneset distribute full vsan 1-4093
Step 5 After the setup utility saves the configuration, log in to the switch, using the
following login information:
Switch login: admin
Password: 1234qwer
Note To terminate the ping command, press Ctrl-C. Notify your instructor if you cannot ping your
default gateway.
Step 7 Verify that your system clock is synchronized with the system clock on the other
switch in your pod. Both teams should simultaneously invoke the show clock
command and verify that the results are the same on both switches.
Step 8 On both switches, configure virtual VSAN 2 and VSAN 3 and assign interfaces.
Your display should resemble the following:
# conf t
(conf)# vsan dat
(config-vsan-db)# vsan 2
(config-vsan-db)# vsan 2 interface fc1/port (where port is 6 on the
MDS 9506 and 10 on the MDS 9216)
(config-vsan-db)# vsan 3
(config-vsan-db)# vsan 3 interface fc1/port (where port is 5 on the
MDS 9506 and 6 on the MDS 9216)
(config-vsan-db)# end
Step 9 Verify the results on both switches. Your display should resemble the following:
9506# show vsan mem
vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4 fc1/7 fc1/8 fc1/9
fc1/10 fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16
vsan 2 interfaces:
fc1/6
vsan 3 interfaces:
fc1/5
vsan 4094(isolated_vsan) interfaces:
6 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
vsan 3 interfaces:
fc1/6
vsan 4094(isolated_vsan) interfaces:
Activity Verification
You have completed this task when you attain this result:
Your ports are assigned to the correct VSAN on both switches, as verified in Step 9 of this
task.
Activity Procedure
Complete these steps on both MDS 9000 Series switches to configure port gigE2/1 for the FCIP
tunnel:
Step 1 Log in to your Windows 2000 server as administrator using the password cisco.
Step 2 Open the Cisco Device Manager from the Windows desktop and enter the
following information in the dialog box:
In the Device Name field, enter the IP address of your switch (configured during
the initial setup process in Task 1).
In the User Name field, enter admin.
In the Password field, enter 1234qwer.
From the Local Interface list, choose the server IP address on the 10.0.x.y
network.
Check the SNMPv3 checkbox to encrypt management traffic.
Step 3 Click Open. The Cisco Device Manager window opens, showing the Device view.
Note Typically, you should change the MTU from 1500 to 2300. An MTU of 1500 will fragment
some FC frames, which can be up to 2148 bytes. Fragmentation will reduce effective
bandwidth. However not all Ethernet switches support jumbo frames. The Ethernet switches
in this lab do not support jumbo frames. Therefore, you should leave the MTU at 1500.
Step 6 Click Apply, then click Close. You have now finished configuring the physical
properties for the Gigabit Ethernet interface.
8 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Caution Do not proceed to the next step until both teams have completed configuring gigE2/1.
Step 7 Open a console session to your MDS 9000 Series Switch and log in using the
following login information:
Switch login: admin
Password: 1234qwer
Step 8 Display the status of your Gigabit Ethernet interface. Your display should be similar
to the following output example:
# show interface gig2/1
GigabitEthernet2/1 is up
Port description is Primary FCIP Link
Hardware is GigabitEthernet, address is 000c.300c.e978
Internet address is 10.1.21.21/24
MTU 1500 bytes
Port mode is IPS
Speed is 1 Gbps
Beacon is turned off
Auto-Negotiation is turned on
5 minutes input rate 8 bits/sec, 1 bytes/sec, 0 frames/sec
5 minutes output rate 136 bits/sec, 17 bytes/sec, 0 frames/sec
45 packets input, 5352 bytes
0 multicast frames, 0 compressed
0 input errors, 0 frame, 0 overrun 0 fifo
338 packets output, 14196 bytes, 0 underruns
0 output errors, 0 collisions, 0 fifo
0 carrier errors
Note The interface should be in an up state. If this is not the case, correct the problem before
proceeding.
Step 9 To test the Gigabit Ethernet connectivity, ping port gigE2/1 on the Gigabit Ethernet
IP address of the other team. Your display should resemble the following:
# ping 10.1.x.y (where x is your pod number and y is the last octet of the IP
address that the other team assigned to their port gig2/1)
PING 10.1.21.11 (10.1.21.11): 56 data bytes
64 bytes from 10.1.21.11: icmp_seq=0 ttl=255 time=3.6 ms
64 bytes from 10.1.21.11: icmp_seq=1 ttl=255 time=4.2 ms
64 bytes from 10.1.21.11: icmp_seq=2 ttl=255 time=4.2 ms
--- 10.1.21.11 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3.6/4.0/4.2 ms
Step 10 If the ping was successful, save your configuration using the copy run start
command.
You have completed this task when you attain this result:
You can successfully ping the remote end of your Gigabit Ethernet interface.
Activity Procedure
Complete these steps:
Step 1 From the Cisco Device Manager window menu, choose Admin > Feature Control.
Step 2 Click the Action field for the fcip feature and choose enable.
Step 3 Verify that enable is in the Action field, then click Apply.
Step 4 Click Close.
10 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 5 From the Cisco Device Manager window main menu, choose IP > FCIP.
Step 6 In the FCIP dialog box, click the Profiles tab, then click Create.
Step 7 In the Create FCIP Profiles dialog box, configure the following FCIP profile
parameters:
Profile ID: Enter your pod number.
IP address: Choose your gigE2/1 IP address from the drop-down menu.
Leave all other settings at their default values.
Note The following TCP parameters can be left at their default values:
TCP Port: This parameter specifies the TCP port on which FCIP listens for an incoming
connection.
SACK: TCP Selective Acknowledgment (SACK) helps overcome the limitation of multiple
lost packets during a TCP transmission.
KeepAliveTimeout: This parameter enables you to configure the interval for TCP
connections to verify if the FCIP link is functioning. Configuring a KeepAliveTimeout ensures
that an FCIP link failure is detected quickly even when there is no traffic.
MinReTxTimeout: This parameter controls the minimum amount of time TCP waits before
retransmitting.
MaxReTx: This parameter specifies the maximum number of times a packet is retransmitted
before TCP decides to close the connection.
SendBufSize: This parameter defines the required additional buffering that TCP allows
beyond the normal send window size.
MaxBandwidth, MinAvailBandwidth, and Estimated RTT: These values are used to
automatically calculate the TCP Maximum Window Size (MWS) and other TCP flow control
parameters.
PMTU Enable: Path MTU (PMTU) allows the MDS 9000 Series Multilayer Switch to
dynamically adjust the IP MTU that you configured on the Gigabit Ethernet port to the lowest
common denominator supported by all devices in the IP network. Note that all IP devices
must support PMTU for this to work.
ResetTimeout: This parameter specifies the time after which TCP tries the original MTU.
12 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 9 Your FCIP configuration should look similar to the following illustration.
Note The FC host and JBOD in your pod are attached to both switches. To simulate a remote
SAN environment, you will configure your pod so that the host is visible only on the MDS
9506 Multilayer Director, and the JBOD is visible only on the MDS 9216 Fabric Switch. All of
the FC ISLs between the two switches are disabled, forcing all inter-switch traffic to travel
across the FCIP tunnel.
Step 10 On both switches, in the Cisco Device Manager window, right-click and enable the
interface that is connected to your Windows 2000 server; for example:
On the MDS 9506, enable port fc1/5
On the MDS 9216, enable port fc1/10
Click the Refresh button. The port should display F .
Step 11 On both switches, right-click and enable JBOD interface fc1/6.
Click the Refresh button. The port should display FL .
Step 12 Using the CLI, display the status of your FCIP profile. Your display should resemble
the following output:
# show fcip profile x (where x is your pod number)
FCIP Profile 21
Internet Address is 10.1.21.21 (interface GigabitEthernet2/1)
Listen Port is 3225
TCP parameters
SACK is enabled
PMTU discovery is enabled, reset timeout is 3600 sec
Keep alive is 60 sec
Minimum retransmission timeout is 200 ms
Maximum number of re-transmissions is 4
Send buffer size is 0 KB
Maximum allowed bandwidth is 1000000 kbps
Minimum available bandwidth is 500000 kbps
Estimated round trip time is 1000 usec
Congestion window monitoring is enabled, burst size is 50KB
Configured maximum jitter is 1000 us
Step 13 Display the name server database using the show fcns database command. You
should have similar output as below, with each switch displaying several target
entries (JBOD disks) in one VSAN and one initiator (host HBA) in the other VSAN:
# show fcns database
VSAN 2:
------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
------------------------------------------------------------------------
0x6900dc NL 22:00:00:0c:50:d1:f9:13 (Seagate) scsi-fcp:target
0x6900e0 NL 22:00:00:0c:50:d1:f9:4e (Seagate) scsi-fcp:target
0x6900e1 NL 22:00:00:0c:50:dd:05:f2 (Seagate) scsi-fcp:target
0x6900e2 NL 22:00:00:0c:50:d1:d1:5d (Seagate) scsi-fcp:target
0x6900e4 NL 22:00:00:0c:50:d1:d1:44 (Seagate) scsi-fcp:target
0x6900e8 NL 22:00:00:0c:50:d1:d1:8e (Seagate) scsi-fcp:target
Total number of entries = 6
VSAN 3:
------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
------------------------------------------------------------------------
0xe50000 N 21:01:00:e0:8b:30:9d:3e (Qlogic) scsi-fcp:init
Total number of entries = 1
Step 14 If the entries are correct, save your configuration using the copy run start
command.
14 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
FCIP profile parameters have been correctly configured, as verified in Step 12 of this task.
The name server database shows each switch displaying several target entries (JBOD disks)
in one VSAN and one initiator (host HBA) in the other VSAN, as verified in Step 13 of this
task.
You have saved your configuration.
Activity Procedure
Complete these steps:
Step 1 From the main menu in the Cisco Device Manager window, choose IP > FCIP >
Tunnels.
Step 2 Click Create. The Create FCIP Tunnels dialog box appears. In the Create FCIP
Tunnels dialog box, configure the following FCIP Tunnel parameters:
In the ProfileId field, enter your pod number.
In the TunnelId field, enter your pod number.
In the RemoteIP Address field, enter the IP address of port gigE2/1 on the other
team switch.
In the Quality of Service Control field, enter 46.
In the Quality of Service Data field, enter 34.
Leave the rest of the settings at their default values.
16 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Note The QoS Control and QoS Data fields contain the Differentiated Services Code Point
(DSCP) values for TCP control connection traffic and FC data traffic, respectively. The
DSCP value of 34 for data traffic indicates priority delivery (precedence 1) and high
reliability. The DSCP value of 46 for control traffic indicates flash delivery, high reliability,
and low delay. Additional information on implementing QoS DSCP values is available at
http://www.cisco.com/warp/public/105/dscpvalues.html#dscpandassuredforwardingclasses.
Step 4 Verify that your FCIP configuration looks similar to the following display:
Step 7 Complete this task by performing the following steps on both switches:
From the CLI, display your switch WWN using the show wwn switch
command.
Display the status of the FCIP tunnel using the show interface fcip x command
(where x is your pod number). Your display should resemble the following:
# show interface fcip 21
fcip21 is trunking
Hardware is GigabitEthernet
Port WWN is 20:42:00:0d:ec:09:8d:00
Peer port WWN is 20:42:00:0d:ec:0c:e6:40
18 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Total number of entries = 7
Step 10 Save your configuration using the copy run start command.
Activity Verification
You have completed this task when you attain these results:
FCIP tunnel parameters have been correctly configured, as verified in Step 7.
Your switch Port WWN displayed in Step 7 is the Peer Port WWN displayed on the other
switch, as verified in Step 8.
The name server database displayed for both switches is identical, as verified in Step 9.
Activity Procedure
Complete these steps:
Step 1 On both switches, use the CLI to change the default zone policy to permit. Your
display should resemble the following:
# conf t
(config)# zone default permit vsan 2-3
(config)# end
Step 2 From your Windows 2000 server desktop, right-click My Computer and choose
Manage from the pop-up menu.
Step 3 Under Storage, choose Disk Management to display the discovered disks.
Step 4 You might be asked to write a disk signature for recently discovered disks. Choose
all the disks and continue. You should see Disk 0 and several more disks and the CD
ROM. The additional disks should be your JBOD storage devices.
Note If no additional disks appear, choose the Action > Rescan Disks menu to force Windows to
rescan the I/O bus; if that fails to produce a result, reboot the server.
Step 6 The display should identify the Adapter Name as QLogic QLA23xx. Click OK.
Step 7 If the disk type is labeled “Dynamic” (instead of “Basic” as shown in the Step 7
illustration) then right-click in the Disk area and choose Revert to Basic Disk.
Step 8 If there are any existing partitions on the drive, delete them.
Step 9 To create a partition, right-click anywhere in the Unallocated space and choose
Create Partition. The Create Partition Wizard begins.
20 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 13 In the Assign Drive Letter or Path dialog box, choose E and click Next.
Step 14 In the Format Partition dialog box, configure the following settings:
In the File System field, choose NTFS.
In the Allocation unit size field, choose Default.
In the Volume label field, choose FCIP_Volume.
Check the Perform a Quick Format checkbox. (This is very important.)
Step 15 Click Next.
Step 16 At the Completing the Create Partition Wizard dialog box, click Finish.
Step 17 Wait a few seconds until the partition is marked Healthy.
Step 18 Log out of Windows by clicking Start > Shut down > Log off Administrator.
Step 19 When the remote desktop window disappears, return to the LabGear interface and
log in to Windows again.
Activity Verification
You have successfully completed this task when you attain this result:
You were able to create a disk partition, format it, and copy files to the new file system on
each server.
22 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 2-1 Answer Key: Implementing FCIP with the IP Services
Module
When you complete this activity, your switch running configuration file will be similar to the
following, with differences that are specific to your device or workgroup. The following is a
partial output of the show run command from the MDS 9216 Fabric Switch in Pod 21 after
completing this activity.
vsan database
vsan 2
vsan 3
fcip enable
fcip profile 1
ip address 10.1.21.11
interface fcip2
use-profile 1
peer-info ipaddr 10.1.21.21
switchport mode E
no shutdown
vsan database
vsan 3 interface fc1/6
vsan 2 interface fc1/10
zone default-zone permit vsan 2-3
interface mgmt0
ip address 10.0.21.3 255.255.255.0
interface GigabitEthernet2/1
ip address 10.1.21.11 255.255.255.0
switchport mtu 2300
no shutdown
interface fc1/6
no shutdown
interface fc1/10
no shutdown
Activity Objective
Your customer wants to run replication traffic over their FCIP SAN extension and desires
redundancy and load balancing. The customer wants to mitigate the amount of fabric service
disruptions. The customer also wants to mitigate the effects of TCP resets and restarts on the
FCIP tunnels. The SAN extension must be highly available and able to withstand the failure of
an MDS Series 9000 switch.
In this activity, you will create port channels between the two MDS 9000 IPS Modules. After
completing this activity, you will be able to meet these objectives:
Clear your FCIP configuration without using the write erase command.
Configure FCIP tunnels using the Cisco Fabric Manager FCIP wizard.
Configure an FC PortChannel between two MDS 9000 IPS Modules.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment required to complete this exercise:
An MDS 9506 Multilayer Director and an MDS 9216 Fabric Switch, each with an MDS
9000 IPS Module
Two Windows 2000 servers, each with an FC HBA
A JBOD with at least two disks
24 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Command List
The commands used in this exercise are described in the table.
Command Description
Step 5 Verify that all Gigabit Ethernet interfaces are disabled using the show interface
brief command.
26 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
You have completed this task when you have attained this result:
All Gigabit Ethernet interfaces have been disabled, as verified in Step 5 of this task.
Activity Procedure
Complete these steps: (In this activity Team 1 on Server 1 will complete the steps in sequence.
Upon completion, Team 2 on Server 2 will perform the same steps.)
Step 1 Open Cisco Fabric Manager from the Windows desktop.
Step 2 In the Cisco Fabric Manager window, click the FCIP Tunnel icon on the toolbar to
open the FCIP wizard.
Note It is not necessary to enable the FCIP feature prior to launching the FCIP wizard. The wizard
will enable FCIP.
Step 5 In the dialog box titled 2 of 4: Select Ethernet Ports, choose the appropriate Ethernet
ports (gigE2/1 or gigE2/2 as assigned to your team) in both panes and then click
Next.
Team 1: Choose gigE2/1 in both lists.
Team 2: Choose gigE2/2 in both lists.
28 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 6 In the dialog box titled 3 of 4: Specify Tunnel Properties, leave all parameters with
the default values and click Next.
30 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 9 From the CLI, both teams verify the FCIP configuration. Your display should
resemble the following sample output:
# show fcip profile
---------------------------------------------
ProfileId Ipaddr TcpPort
---------------------------------------------
1 10.1.21.21 3225
2 10.1.21.22 3225
Do you see two profiles? ______________________
Step 10 Verify both FCIP interfaces are active using the show interface brief command.
Record the FCIP interface numbers: FCIP________ FCIP ________
Tip Page to the bottom of the report using the space bar.
Step 11 Verify that the name server database has propagated between switches using the
show fcns database command.
Do you see entries from both switches? ________________
Step 12 From Cisco Fabric Manager, verify the FCIP links in the fabric map. Hold your
cursor over each dashed line in the right pane. Your display should resemble the
following illustration:
Step 13 From the CLI, save your configuration using the copy run start command.
Activity Verification
You have completed this task when you attain these results:
You were able to display profiles for the two FCIP tunnels.
Both FCIP interfaces are active.
The name server database has propagated between the switches.
The correct FCIP links appear in the fabric map.
Activity Procedure
Complete these steps: (Team 1 only on Server 1 unless otherwise indicated)
Step 1 Open Cisco Fabric Manager from the Windows desktop and connect to the MDS
9506 Multilayer Director. From the toolbar in the Cisco Fabric Manager, click the
Port Channel icon. The Port Channel wizard starts.
Step 2 In the dialog box titled 1 of 3: Select Switch Pair, choose the pair showing both
MDS 9000 Series switches and click Next to continue. You should see the label (2
ISLs) next to the switch pair.
32 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 3 In the dialog box titled 2 of 3: Select ISLs, verify that both FCIP interface pairs are
in the Selected pane. Click Next to continue:
Step 4 In the dialog box titled 3 of 3: Create Port Channel, configure the following settings:
1. In the VSAN List field enter the default value (1 to 4093).
2. In the Trunk Mode field click the trunk radio button to enable trunk mode on
(TE_Port).
Step 5 Click Finish.
Step 6 A warning dialog box appears, requesting confirmation to continue. Click Yes to
create the PortChannel.
Step 7 From the CLI on both switches, display the interface table to verify that the
PortChannel is operational. Use the show interface brief command.
Note In the following steps you will monitor activity on the PortChannel by using Cisco Device
Manager to display the link counters during file copy.
34 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 (Team 2 only on Server 2) From the Cisco Device Manager main menu, choose
Interface > FCIP. Complete the following steps:
1. Hold down the Ctrl key and choose both FCIP interfaces.
2. From the Cisco Device Manager main menu, choose Interface > Monitor >
FCIP.
3. In the FCIP Monitor dialog box, set the Interval fields to 2s measuring
Cumulative traffic.
4. Observe the output for a few seconds. You should see the counters change on at
least one of the FCIP interfaces.
Step 13 Observe the counters. Notice that the counters for the “down” interface eventually
go down to zero (0). Reenable the interface by choosing up in its Admin status field,
and then clicking Apply. When the copy is completed, close all windows.
Activity Verification
You have completed this task when you attain these results:
You were able to configure an FC PortChannel with FCIP interfaces as members.
You were able to disable one of the interfaces without disrupting a data copy to the remote
storage device.
Note If time permits, Team 1 can delete the PortChannel. Team 2 can use the PortChannel
wizard to recreate the PortChannel following the steps outlined in this activity.
36 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 2-2 Answer Key: Implementing FCIP High Availability
When you complete this activity, the running configuration file for your switch will be similar
to the following, with differences that are specific to your device or workgroup. The following
is a partial output of the show run command from the MDS 9216 Fabric Switch in Pod 21 after
completing this activity.
vsan database
vsan 2
vsan 3
fcip enable
fcip profile 1
ip address 10.1.21.11
fcip profile 2
ip address 10.1.21.12
interface port-channel 1
channel mode active
switchport description To md95
switchport mode E
interface fcip2
use-profile 1
peer-info ipaddr 10.1.21.21
switchport mode E
channel-group 1 force
no shutdown
interface fcip3
use-profile 2
peer-info ipaddr 10.1.21.22
switchport mode E
channel-group 1 force
no shutdown
vsan database
vsan 3 interface fc1/6
vsan 2 interface fc1/10
zone default-zone permit vsan 2-3
interface GigabitEthernet2/1
ip address 10.1.21.11 255.255.255.0
switchport mtu 2300
no shutdown
interface GigabitEthernet2/2
ip address 10.1.21.12 255.255.255.0
switchport mtu 2300
no shutdown
interface fc1/6
no shutdown
interface fc1/10
no shutdown
Activity Objective
Your customer wants to run replication traffic over an FCIP SAN extension and desires
redundancy and load balancing. The customer wants to mitigate the amount of fabric service
disruptions. The customer also wants to mitigate the effects of TCP resets and restarts on the
FCIP tunnels. The SAN extension must be highly available, and WAN faults should not affect
the operation of the SAN devices that do not need to access the FCIP tunnel.
In this activity, you will implement IVR to allow routing between VSANs on either end of a
highly available FCIP link. After completing this activity, you will be able to meet these
objectives:
Remove any existing FCIP and PortChannel configurations.
Create two FCIP tunnels and aggregate the FCIP links into a PortChannel.
Configure VSANs and assign static domain IDs.
Configure IVR.
38 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Visual Objective
The figures illustrate what you will accomplish in this activity.
Command List
The table describes the commands used in this activity.
Command Description
show ivr zoneset active Displays all active IVR zone sets.
show fcns database Displays the name server entries for all VSANs.
Job Aids
This table provides virtual SAN (VSAN) and domain ID assignments.
Domain ID na na 14 15 92
MDS 9216
Port assignment na na fc1/10 fc1/6 na
Domain ID 12 13 na na 95
MDS 9506
Port assignment fc1/6 fc1/5 na na na
40 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 1: Remove FCIP and PortChannel Configurations
In this task, both teams will clear the current FCIP configuration and PortChannel created in
Lab 2-2.
Activity Procedure
Complete these steps:
Step 1 Start a console session and log in to your assigned switch using the following login
and password:
Switch login: admin
Password: 1234qwer
Step 2 Clear the current FCIP configuration. Your display should resemble the following:
# conf t
(config)# no fcip enable
(config)# end
Step 3 Verify the results using the show fcip profile command. You should not see any
FCIP profiles.
Step 4 Delete the PortChannel as follows:
From the Cisco Device Manager menu, choose Interface > Port Channels.
In the Port Channels dialog box, chose the PortChannel that you created in Lab
2-2, and click Delete.
Step 6 Verify that the Gigabit Ethernet interfaces are active, with assigned IP addresses,
and that the PortChannel is removed from the database using the following two
commands:
# show interface brief | in Gig
# show port-chan database
Activity Procedure
Complete these steps: (Unless otherwise indicated, both teams will complete each step.)
Step 1 (Team 1 only) In Cisco Fabric Manager, launch the FCIP wizard and create the first
FCIP tunnel using the following specifications:
Ethernet ports: Use gigE2/1 from both switches.
Ethernet IP Address/Mask settings:
— For the MDS 9506 Multilayer Director use 10.1.x.21/24 (where x is your
pod number).
— For the MDS 9216 Fabric Switch use 10.1.x.11/24 (where x is your pod
number).
Set the Trunk Mode option to trunk.
Caution Do not proceed until Team 1 completes the first FCIP tunnel.
Step 2 (Team 2 only) In Cisco Fabric Manager, launch the FCIP wizard and create the
second FCIP tunnel using the following specifications:
Ethernet ports: Use gigE2/2 from both switches.
Ethernet IP Address/Mask settings:
— For the MDS 9506 Multilayer Director use 10.1.x.22/24 (where x is your
pod number).
— Set the Trunk Mode option to trunk.
Step 3 From the CLI, verify the FCIP configuration using the show fcip profile command.
Your display should resemble the following output:
---------------------------------------------
ProfileId Ipaddr TcpPort
---------------------------------------------
1 10.1.21.21 3225
2 10.1.21.22 3225
Do you see two profiles? ______________________
Step 4 Verify that both FCIP interfaces are active using the show interface brief | in fcip
command.
Record the FCIP interface numbers: FCIP________ FCIP ________
42 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 5 Verify that the name server database has propagated between switches using the
show fcns database command.
Do you see entries from both switches? ________________
Step 6 From Cisco Fabric Manager, verify the FCIP links. Hold your cursor over each
dashed line in the right pane. Your display should resemble the following
illustration:
Step 7 From the CLI, save your configuration using the copy run start command.
Step 8 (Team 2 only on Server 2) To create a PortChannel between the switches, complete
the following steps:
1. From Cisco Fabric Manager, launch the PortChannel wizard and create a
PortChannel with the FCIP interfaces as a member. For the Trunk Mode
option, choose trunk to enable trunk mode on (TE_Port). Leave the VSAN
List with the default value (1-4093).
2. From the CLI, display the interface table to verify that the PortChannel is
operational. Use the show interface brief | in port command.
3. Display the PortChannel database information using the show port-chan
database command. Your display should resemble the following sample
output:
port-channel 1
Administrative channel mode is active
Operational channel mode is active
Last membership update succeeded
First operational port is fcip2
2 ports in total, 2 ports up
Ports: fcip2 [up] *
fcip3 [up
Activity Verification
You have completed this task when you attain this result:
You were able to create the FC PortChannel with FCIP interfaces as members.
Activity Procedure
Complete the following steps: (Unless otherwise indicated, both teams will complete each
step.)
Step 1 From the Cisco Device Manager menu, choose FC > VSANs > Create. The Create
VSAN General dialog box appears.
Step 2 Create the transit VSAN (VSAN 99) using the following information:
In the VSAN id field, enter 99.
In the Name field, enter Transit-VSAN.
44 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 (Team 2 only on the MDS 9216 Fabric Switch) In the VSAN window, delete VSAN
2 and VSAN 3, as follows:
In the VSAN ID column, hold down the Shift key and select both row 2 (for
VSAN 2) and row 3 (for VSAN 3) together.
Click Delete.
Step 5 (Team 2 only on the MDS 9216 Fabric Switch) Create VSAN 4 and VSAN 5 with
the following interface members:
VSAN 4: fc1/10
VSAN 5: fc1/6
Step 7 Before proceeding to assign static domain IDs in Cisco Device Manager, both teams
should verify that the port VSAN membership is configured as follows:
MDS 9506 Multilayer Director: VSAN 2 is fc1/6; VSAN 3 is fc1/5.
MDS 9216 Fabric Switch: VSAN 4 is fc1/0; VSAN 5 is fc1/6.
Step 8 From the Cisco Device Manager menu, choose FC > Domain Manager > Domains
to display the current domain ID assignments. The output will appear similar to the
following illustrations:
For the MDS 9506 Multilayer Director:
Note Notice that your switch is both the local and principal switch for the unique VSANs (2, 3, 4,
and 5). The results for VSAN 1 and VSAN 99 will vary. The domain IDs for all VSANs will
vary.
46 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Caution Perform the following five steps in sequence on the specified switch.
Tip You may need to click Refresh multiple times until the display updates.
Step 11 Choose the Domains tab and verify that the domain IDs are set according to the
specifications. The output should appear similar to the following illustrations:
MDS 9506 Multilayer Director:
Note Local and principal switch assignments may or may not change for VSAN 99.
Step 12 Save your configuration using the copy run start command.
48 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
You have successfully created VSANs on your assigned switch with the specified port
members for your assigned switch.
You have successfully configured the domain IDs according to the specifications for your
assigned switch.
Step 2 In the dialog box titled IVR Zone Wizard 1 of 5, move VSANs 1, 3, and 5 from the
Selected pane to the Available pane. (Hold down the Ctrl key and select VSANs 1,
3, and 5 and Click the Left Arrow button. The selected VSANs will move to the
Available pane.)
Step 3 Click Next to continue.
Step 4 In the dialog box titled 2 of 5: Select End Devices, choose the initiator device from
VSAN 4 and one JBOD disk from VSAN 2, from the table in the Available pane and
click Add to move them to the Selected pane.
50 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 5 Click Next to continue.
Step 6 In the dialog box titled 3 of 5: Select Transition VSAN, choose VSAN 99 from the
drop-down menu and click Next.
Step 9 In the Save Configuration dialog box, click Continue Activation to confirm IVR
zone distribution and save the running configuration:
52 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 10 In the dialog box titled 5 of 5: Review Actions, observe the IVR creation progress.
Wait for the Success notice at the bottom of the screen, and click Close.
Step 11 Verify the IVR configuration using the show ivr command. Your display should
resemble the following output:
mds9216# show ivr
Inter-VSAN Routing is enabled
Inter-VSAN enabled switches
---------------------------
AFID VSAN DOMAIN CAPABILITY SWITCH WWN
------------------------------------------------------------
1 4 0x e( 14) 00000001 20:00:00:0d:ec:0c:e6:40 *
1 99 0x5c( 92) 00000001 20:00:00:0d:ec:0c:e6:40 *
1 99 0x5f( 95) 00000001 20:00:00:0d:ec:09:8d:00
Total: 3 IVR-enabled VSAN-Domain pairs
Step 13 Display the name server database for the transit VSAN (99) and edge VSAN (2 or
4). Your display should resemble the following:
mds9216# show fcns data vsan 4
VSAN 4:
--------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------
0x0c00e4 NL 22:00:00:0c:50:d1:d1:44 (Seagate) scsi-fcp:target
0x0e0000 N 21:00:00:e0:8b:11:70:fd (Qlogic) scsi-fcp:init
Total number of entries = 2
Step 14 Display the IVR VSAN topology. Your display should resemble the following:
md9216# show ivr vsan-topology
AFID SWITCH WWN Active Cfg. VSANS
-----------------------------------------------------
1 20:00:00:0d:ec:09:8d:00 yes yes 2,99
1 20:00:00:0d:ec:0c:e6:40 * yes yes 4,99
Step 15 Record the last 3 bytes of the pWWN of the JBOD disk (Seagate):
________:________:________
54 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Procedure 2: Team 1
In this activity, Team 1 on the MDS 9506 Multilayer Director will modify the existing IVR
zone set (IvrZoneSet1) by adding a second IVR zone (IvrZone2) that connects the JBOD in
VSAN 5 on the MDS 9216 Fabric Switch with Server 1 in VSAN 3 on the MDS 9506 over
transit VSAN 99.
Complete these steps:
Step 1 From Cisco Fabric Manager, open the IVR Zone Wizard from the toolbar.
Step 2 In the dialog box titled 1 of 5: Select VSANs, remove VSANs 1, 2, and 4 from the
Selected pane by clicking the Left Arrow between the panes.
Step 3 In the dialog box titled 2 of 5: Select End Devices, choose the initiator device from
VSAN 3 and one JBOD disk from VSAN 5. Click Next.
Caution Do not choose the same target device as recorded in the previous procedure. Consult with
Team 2 to make sure that you are not using the same disk device.
Step 4 In the dialog box titled 3 of 5: Select Transition VSAN, choose VSAN 99 from the
drop-down menu.
Step 5 In the dialog box titled 4 of 5: Select Zone, accept the default zone and zone set
names, and click Next.
Note The IVR zone set name (IvrZoneSet1) was created by Team 2 in the previous procedure.
Step 9 Save your configuration using the copy run start command.
Step 10 Verify that your IVR configuration is successful and that both servers can access
their JBOD disk. From your Windows server, open Disk Management and verify
that you have a single FC disk available.
56 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 Right-click the disk, choose Properties, and verify that the adapter name is listed as
QLogic QLA23xx PCI FC Adapter.
Activity Verification
You have completed this task when you attain these results:
You have configured a PortChannel aggregating two FCIP interfaces.
You have configured two IVR zones in the same IVR zone set.
Each server has accessed its assigned JBOD disk.
58 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
member pwwn 21:00:00:0c:50:d1:d1:5d vsan 5
ivr zoneset name IvrZoneSet1
member IvrZone1
member IvrZone2
ivr zoneset activate name IvrZoneSet1 force
zone default-zone permit vsan 2-3
zoneset activate name nozoneset vsan 4
zoneset activate name nozoneset vsan 5
interface GigabitEthernet2/1
ip address 10.1.21.11 255.255.255.0
switchport mtu 2300
no shutdown
interface GigabitEthernet2/2
ip address 10.1.21.12 255.255.255.0
switchport mtu 2300
no shutdown
interface fc1/6
no shutdown
interface fc1/10
no shutdown
Activity Objective
In this activity, you will use the SAN extension tuner to generate test workloads on the SAN,
observe the resulting performance metrics, and tune TCP parameters to improve performance
based on the observed metrics. After completing this exercise, you will be able to meet these
objectives:
Clear any existing FCIP configuration.
Configure a new FCIP tunnel.
Configure the SAN extension tuner and tune TCP parameters to improve the performance
of the FCIP link.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment required to complete this exercise:
An MDS 9506 Multilayer Director and an MDS 9216 Fabric Switch, each with an MDS
9000 IPS Module
Two Windows 2000 servers, each with an FC HBA.
A JBOD with at least two disks
60 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Command List
The table describes the commands used in this activity.
Command Description
Step 2 Clear the current FCIP configuration. Your display should resemble the following:
# conf t
(config)# no fcip enable
(config)# end
Step 3 Verify the results using the show fcip profile command.
Step 4 Verify that the Gigabit Ethernet interfaces are still configured and enabled using the
show interface gig 2/1 brief command.
Activity Procedure
Complete these steps: (both teams unless otherwise indicated)
Step 1 (Team 1 only.) Open Cisco Fabric Manager and then open the FCIP wizard. In the
FCIP wizard, configure a single FCIP tunnel using the following settings:
gigE2/1 for both switches
MDS 9506 Multilayer Director IP address: 10.1.x.21/24 (where x is your pod
number)
MDS 9216 Fabric Switch IP address: 10.1.x.11/24 (where x is your pod number)
Trunk Mode: trunk (TE_Port)
All other parameters at default values
Click Yes to enable the FCIP feature on both switches.
62 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 2 (Both teams.) From the CLI, verify the FCIP configuration. Your display should
resemble the following:
# show fcip profile
---------------------------------------------
ProfileId Ipaddr TcpPort
---------------------------------------------
1 10.1.21.21 3225
Step 3 Verify that the FCIP interface is active using the show interface brief command.
Record the FCIP interface number: FCIP________
Tip Page to the bottom of the report using the space bar.
Step 4 Verify that the name server database has propagated between switches using the
following two commands:
# show flogi database
# show fcns database
The name server (FCNS) database should report devices from both switches in each VSAN.
Step 5 In Cisco Fabric Manager, verify the FCIP link. Hold your cursor over each dashed
line in the right pane. Your display should resemble the following illustration:
Step 6 From the CLI, save your configuration using the copy run start command.
Activity Verification
You have completed this task when you attain these results:
You were able to configure an FCIP tunnel.
You have verified the FCIP link.
You have saved your configuration.
Activity Procedure
Complete these steps:
Step 1 From the CLI, create VSAN 100 and set the default zone policy to permit on both
switches. Your display should resemble the following:
# conf t
(config)# vsan database
(config-vsan-db)# vsan 100
(config-vsan-db)# exit
(config)# zone default-zone permit vsan 100
Note VSAN 100 will be used to isolate the SAN extension tuner (SET) virtual initiator and target
from physical initiators and targets. Setting the default zone policy to permit, while not a
best practice, allows SET virtual initiators and targets to communicate.
Step 2 Enable SET and iSCSI on both switches using the following commands:
(config)# san-ext-tuner enable
(config)# iscsi enable
Step 3 Enable Gigabit Ethernet interface 2/2 on both switches using the following
commands:
(config)# interface gigabitethernet 2/2
(config-if)# no shutdown
Step 4 Enable the iSCSI interface on both switches using the following commands:
(config-if)# interface iscsi 2/2
(config-if)# no shutdown
(config-if)# end
Step 5 Verify that the interfaces are up on both switches using the following commands:
# show interface iscsi 2/2 brief
# show interface gig 2/2 brief
Step 6 Create a file named test on bootflash to use as a data pattern for SAN extension
tuner. Use the copy run bootflash:test command.
Step 7 Create a virtual node WWN and port WWN and specify the data pattern file. Your
display should resemble the following:
# san-ext-tuner
(san-ext)# nWWN nwwn
(san-ext)# nport pWWN pwwn vsan 100 interf gig 2/2
(san-ext)# data-pattern bootflash:test
64 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Note MDS 9506 Multilayer Director: nwwn is 1:0:0:0:0:0:0:0; pwwn is 1:0:0:0:0:0:0:1.
MDS 9216 Fabric Switch: nwwn is 2:0:0:0:0:0:0:0; pwwn is 2:0:0:0:0:0:0:1.
Caution Do not proceed until the previous steps have been performed on both switches.
Step 8 On both switches, generate a continuous write command to the virtual N_Port on the
other MDS 9000 Series switch using the following command:
(san-ext-nport)# write command-id 1 target pwwn transfer-size
1024000 outstanding-ios 2 continuous
Note MDS 9506 Multilayer Director: target pwwn is 2:0:0:0:0:0:0:1; MDS 9216 Fabric Switch:
target pwwn is 1:0:0:0:0:0:0:1.
Step 9 Verify that the virtual N_Ports are present in the fabric login (FLOGI) and FCNS
databases. Your display should resemble the following:
(san-ext-nport)# end
# show flogi database vsan 100
Step 11 From the Device View in Cisco Device Manager, monitor Gigabit Ethernet interface
2/1. Right-click gigE2/1 and choose Monitor.
Step 12 Change the Interval field to 2s and change the Column Data field to Average/Sec.
66 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Note If there is no activity, verify the SAN extension configuration on both switches.
Step 14 From the CLI, display the SAN extension tuner counter for gigE2/2. Your display
should resemble the following:
# show san-ext-tuner interfac gig2/2 nport pwwn n vsan 100
counter
Note On the MDS 9506 Multilayer Director, n is 1:0:0:0:0:0:0:1. On the MDS 9216 Fabric Switch,
n is 2:0:0:0:0:0:0:1.
Note You may need to reinvoke the command several times before a nonzero value appears.
Step 15 On both switches, enable write acceleration on the FCIP interface. Your display
should resemble the following:
# conf
(config)# interface fcip n ( n = FCIP number from Task 2 Step 4 )
(config-if)# write
Caution Do not proceed until the previous step has been performed on both switches.
Step 16 While still in configuration mode, display the SAN extension tuner counter for
gigE2/2. Your display should resemble the following:
(config-if)# do show san-ext-tuner interfac gig2/2 nport pwwn
n vsan 100 counter (where NDS1 n is 1:0:0:0:0:0:0:1 and MDS2 n is
2:0:0:0:0:0:0:1)
Statistics for nport
Node name 01:00:00:00:00:00:00:00 Port name
01:00:00:00:00:00:00:01
I/Os per sec : 228
Reads : 0%
Writes : 100%
Egress throughput : 114.33 MBs/sec (Max - 114.45 MBs/sec)
Ingress throughput : 0.03 MBs/sec (Max - 114.24 MBs/sec)
Average response time : Read - 0 us, Write - 8842 us
Minimum response time : Read - 5370 us, Write - 4802 us
Note You may need to reinvoke the command several times before a nonzero value appears.
Step 17 Stop the I/O on both switches. Your display should resemble the following:
# san-ext-tuner
(san-ext)# nport pWWN n vsan 1 interfac gig 2/2
(san-ext-nport)# stop command-id 1
(san-ext-nport)# end (where MDS1 n is 1:0:0:0:0:0:0:1 and MDS2 n is
2:0:0:0:0:0:0:1)
Activity Verification
You have completed this task when you attain these results:
You have successfully created a virtual node and port WWNs on both switches.
You have created a data pattern file on the bootflash file system.
You have verified that the virtual N_Ports are present in the FLOGI and FCNS databases.
You have generated write traffic between SET virtual initiators and targets.
You have used the Cisco Device Manager and the CLI to monitor ISL link utilization.
You have enabled write acceleration and observed the performance impact.
68 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 3-1: Implementing iSCSI with the MDS 9000
IPS Module
Complete this activity to practice what you learned in the related lesson.
Activity Objective
Your customer wants to use a low-cost SAN interconnect to provide access from servers to FC-
attached storage. The customer would like to start out with a basic configuration to attach a
Windows 2000 host to the Cisco MDS 9000 Series switches via the MDS 9000 IPS Module.
Initially, you will implement a simple IP-SAN configuration using the dynamic initiator and
target configuration features of the MDS 9000 IPS Module. You will then verify that the
servers are able to initiate a discovery session with the MDS 9000 IPS Module and that the host
iSCSI initiator has connectivity to the dynamically imported targets.
In this activity, you will configure the Gigabit Ethernet interfaces on the MDS 9000 IPS
Module using the GUI. You will establish and verify iSCSI connectivity between a Windows
2000 host and the MDS 9000 Series Multilayer Switch. You will then provision FC storage
targets to the iSCSI host initiator and verify that the storage is accessible from the host. After
completing this activity, you will be able to meet these objectives:
Perform initial setup of the MDS 9000 Series switches.
Configure static IP routing on the Gigabit Ethernet port of an MDS 9000 IPS Module and
provision dynamic iSCSI initiators.
Provision virtual iSCSI targets and verify iSCSI connectivity between the iSCSI host
initiator and the FC storage targets.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Command List
The table describes the commands used in this activity.
Command Description
show ips ip route Displays the IP routes associated with the specified
interface gig x/y Gigabit Ethernet interface.
show ips arp interface gig Displays the Address Resolution Protocol (ARP) cache
x/y for the specified interface.
show iscsi initiator Shows all iSCSI nodes that are remote to the switch.
summary
show iscsi initiator Shows information for all iSCSI ports.
iscsi-session
attach module Connects you directly to a specific module in the switch.
debug ips ipstack icmp Enables debugging for the IPS manager.
port x/y
debug ips iscsi login port Enables debugging for the iSCSI flow.
x/y
70 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 1: Initial Switch Configuration
In this task, you will complete the following activities:
Erase the existing configuration.
Set up the initial switch configuration.
Create VSANs and assign interfaces.
Permit communication between members of the default zone.
Activity Procedure
Complete these steps:
Step 1 Start a console session and log in to your assigned switch using the following login
information:
Switch login: admin
Password: 1234qwer
Step 2 Clear the current startup configuration and reboot the switch. Your display should
resemble the following:
# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
# reload
This command will reboot the system. (y/n)? y
Step 3 After the switch reboots, it will automatically launch the setup utility. Answer the
questions according to the following example, replacing variables with your pod
number where appropriate:
Uncompressing linecard components
INIT: Entering runlevel: 3
---- System Admin Account Setup ----
Enter the password for "admin": 1234qwer
Confirm the password for "admin": 1234qwer
Step 4 Review the configuration summary and save the configuration. Your display should
resemble the following:
The following configuration will be applied:
switchname mds9216-21
interface mgmt0
ip address 10.0.21.3 255.255.255.0
no shutdown
ip default-gateway 10.0.21.254
telnet server enable
no ssh server enable
ntp server 10.0.21.254
system default switchport shutdown
system default switchport trunk mode on
no zone default-zone permit vsan 1-4093
no zoneset distribute full vsan 1-4093
Step 5 After the setup utility completes the save, log in to the switch using the following
login information:
Switch login: admin
Password: 1234qwer
72 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 6 From the console prompt, ping 10.0.X.254 (where X is your pod number). Your
display should resemble the following:
# ping 10.0.21.254
PING 10.0.21.254 (10.0.21.254): 56 data bytes
64 bytes from 10.0.21.254: icmp_seq=0 ttl=255 time=3.6 ms
64 bytes from 10.0.21.254: icmp_seq=1 ttl=255 time=4.2 ms
64 bytes from 10.0.21.254: icmp_seq=2 ttl=255 time=4.2 ms
--- 10.0.21.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3.6/4.0/4.2 ms
Note To terminate the ping command, press Ctrl-C. Notify your instructor if you cannot ping your
default gateway.
Step 7 Both teams should verify that their system clocks are synchronized. Simultaneously
invoke the show clock command:
Step 8 On both switches, configure VSANs 2 and 3 and assign interface fc1/6. You must
create both VSANs on both switches, but you will assign fc1/6 to only one VSAN
depending on which switch you are using.
# conf t
(conf)# vsan database
(config-vsan-db)# vsan 2 (Both switches)
(config-vsan-db)# vsan 3 (Both switches)
(config-vsan-db)# vsan 2 interface fc1/6 (MDS 9506 only)
(config-vsan-db)# vsan 3 interface fc1/6 (MDS 9216 only)
(config-vsan-db)# end
Step 9 Verify your results with the show vsan membership command. Your display
should resemble the following:
9506# show vsan membership
vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4 fc1/7 fc1/8 fc1/9
fc1/10
fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16
vsan 2 interfaces:
fc1/6
vsan 3 interfaces:
vsan 4094(isolated_vsan) interfaces:
Note Remember that the default zone policy is set on a per-switch basis. Therefore, you must set
the default zone policy to permit for both VSANs on both switches.
Note It is not recommended to allow unzoned devices to communicate. However, in this lab it will
simplify the configuration. In subsequent labs you will change your configuration to conform
to best practices by implementing zoning for iSCSI hosts and virtual targets.
Activity Verification
You have completed this task when you attain these results:
Verify that your ports are assigned to the correct VSAN.
74 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 2: Basic iSCSI Configuration
In this task, both teams will complete the following activities on their respective switches:
Enable iSCSI on the switch.
Enable iSCSI interface VSAN membership
Configure the Gigabit Ethernet interface.
Verify connectivity between the Windows 2000 host and the switch.
Set up the switch so no Challenge Handshake Authentication Protocol (CHAP)
authentication is required.
Turn on iSCSI on interface 2/1.
Activity Procedure
Complete these steps:
Step 1 From your MDS 9000 Series Multilayer switch console, execute the following
command to verify that iSCSI is enabled on your switch:
# show i? (no space before the question mark)
Note If iSCSI is enabled, IPS, iSCSI, and iSNS options will appear under the show i? command.
If these options are absent, then iSCSI must be globally enabled.
Step 2 From the CLI, enable iSCSI and verify the results. Your display should resemble the
following:
# conf t
(config)# iscsi enable
(config)# end
# show i?
ilc-helper ilc-nvram in-order-guarantee incompatibility
install interface inventory ip
ipconf ipfc ips iscsi
isns
Step 3 Enable iSCSI interface VSAN membership using the following commands:
# conf t
(config)# iscsi interface vsan-membership
(config)# end
Step 4 Log in to your assigned Windows 2000 server as administrator with password cisco.
76 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 6 In the configuration dialog box, choose the GigE tab and configure the following
settings:
In the Description field, enter the description: Primary iSCSI interface.
Next to the Admin label, click the Up radio button.
In the IP Address/Mask box, enter the IP address: 10.1.X.Y/24 (where X is your
pod number; Y is 11 for MDS 9216, and Y is 21 for MDS 9506).
In the IscsiAuthMethod field check none, and ensure that the chap check box
is unchecked.
Note The subnet for the IPS interfaces is 10.1.x.y subnet, where all iSCSI traffic will run. All
management traffic will run on the 10.0.x.y subnet.
78 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 In the Cisco Device Manager main window, click the Refresh Display button. You
should see interface 2/1 displayed as active, with the symbol I in the port indicator.
This indicates that iSCSI is active on that port.
Step 12 Globally configure iSCSI authentication. From the Cisco Device Manager menu,
choose IP > iSCSI.
Step 13 Click the Globals tab and configure the following settings:
Next to the AuthMethod label, check the none check box, and ensure that the
chap check box is unchecked.
Leave the InitiatorIdle Timeout field setting at the default value.
Note Connected (C) identifies the subnet in which the interface is configured (directly connected
to the interface). Static (S) identifies the static routes that go through the router.
Step 16 To verify your network configuration, execute a ping command from your Windows
server to the IP address that you assigned to interface 2/1. Your display should
resemble the following:
> ping 10.1.22.2
Pinging 10.1.22.2 with 32 bytes of data:
Reply from 10.1.22.2: bytes=32 time<10ms TTL=128
Reply from 10.1.22.2: bytes=32 time<10ms TTL=128
Reply from 10.1.22.2: bytes=32 time<10ms TTL=128
...
If the ping fails, verify the following items, and then repeat the ping command:
The Gigabit Ethernet interface is in the up state.
The IP address of the iSCSI initiator is configured correctly.
The IP route is configured correctly.
Step 17 Open the Microsoft iSCSI Initiator control panel from the shortcut on the desktop.
Step 18 Choose the Target Portals tab from iSCSI Initiators Properties
Step 19 Click Add
Step 20 Enter the IP address of the switch gigE2/1 interface: 10.1.x.y (where x is your pod
number and y is 21 for the MDS 9506 or 11 for the MDS 9216)
Step 21 Click OK.
80 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 22 Click OK to close the iSCSI Initiator Properties.
Step 23 On the MDS console, verify the connection by viewing the ARP cache. (x is 2 if you
are working on the MDS 9216 and x is 6 if you are working on the MDS 9506.)
Your display should resemble the following:
# show ips arp interface gigabitethernet 2/1
Protocol Address Age(min) Hardware Addr Type Interface
Gateway IP
Internet 10.1.x.2 0 000b.fdd5.807f ARPA GigabitEthernet2/3
Internet 10.1.x.6 4 000b.fdd5.807f ARPA GigabitEthernet2/3
Step 24 Display and verify IP statistics. Your display should resemble the following:
# show ips stats ip interface gigabitethernet 2/1
Internet Protocol Statistics for port GigabitEthernet2/3
44 total received, 44 good, 0 error
0 reassembly required, 0 reassembled ok, 0 dropped after
timeout
44 packets sent, 0 outgoing dropped, 0 dropped no route
0 fragments created, 0 cannot fragment
Step 25 Verify that the gig2/1 physical port and the iscsi2/1 logical port are both up. Use the
show interface brief command.
Activity Verification
You have completed this task when you attain these results:
You have enabled iSCSI on the switch.
You have enabled iSCSI interface VSAN membership on the switch.
You have configured the Gigabit Ethernet interface.
You have configured iSCSI on interface 2/1.
You have verified connectivity between the Windows 2000 host and the switch.
You have configured the iSCSI initiator target portal.
Step 2 From the Cisco Device Manager menu, choose FC > Name Server. Click the
General tab if necessary to view the FCNS database. You should see six Type NL
targets and one Type N iSCSI initiator.
82 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 From the Cisco Device Manager menu, choose the IP > iSCSI menu, and click the
Targets tab.
Step 5 Check the Dynamically Import FC Targets check box and click Apply.
Note The display should not change. At this point, you should not see any virtual iSCSI targets.
FC targets are not actually imported until at least one iSCSI initiator logs in and initiates a
discovery session.
Step 2 Click the Available Targets tab and click the Refresh button.
84 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 In the Log On to Target dialog box, ensure that all check boxes are cleared, and
click OK.
Step 2 Display iSCSI virtual targets with the show iscsi virtual-target command. Your
display should resemble the following sample output.
# show iscsi virtual-target
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc35
Port WWN 22:00:00:0c:50:d1:bc:35 , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc6d
Port WWN 22:00:00:0c:50:d1:bc:6d , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1d191
Port WWN 22:00:00:0c:50:d1:d1:91 , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd0493
Port WWN 22:00:00:0c:50:dd:04:93 , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd054d
Port WWN 22:00:00:0c:50:dd:05:4d , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd878c
Port WWN 22:00:00:0c:50:dd:87:8c , VSAN 2
Auto-created node
86 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 3 Display active iSCSI sessions with the show iscsi session command. Your display
should resemble the following sample output:
# show iscsi session
Initiator iqn.1991-05.com.microsoft:p22-server1
Initiator ip addr (s): 10.1.22.2
Session #1
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc35
VSAN 2, ISID 400001370008, Status active, no reservation
Session #2
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc6d
VSAN 2, ISID 40000137000b, Status active, no reservation
Session #3
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1d191
VSAN 2, ISID 40000137000c, Status active, no reservation
Session #4
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd0493
VSAN 2, ISID 40000137000d, Status active, no reservation
Session #5
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd054d
VSAN 2, ISID 40000137000e, Status active, no reservation
Session #6
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd878c
VSAN 2, ISID 40000137000f, Status active, no reservation
Step 4 Display the contents of the Fibre Channel Name Server database with the show fcns
database command. Your display should resemble the following sample output:
# sh fcns da
VSAN 2:
--------------------------------------------------------------------------
FCID TYPE PWWN VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x0c00dc NL 22:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target
0x0c00e0 NL 22:00:00:0c:50:dd:04:93 (Seagate) scsi-fcp:target
0x0c00e1 NL 22:00:00:0c:50:d1:bc:35 (Seagate) scsi-fcp:target
0x0c00e2 NL 22:00:00:0c:50:dd:87:8c (Seagate) scsi-fcp:target
0x0c00e4 NL 22:00:00:0c:50:d1:d1:91 (Seagate) scsi-fcp:target
0x0c00e8 NL 22:00:00:0c:50:d1:bc:6d (Seagate) scsi-fcp:target
0x0c0100 N 24:02:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init isc..w
Total number of entries = 7
MDS 9216
# sh iscsi initiator
iSCSI Node name is iqn.1991-05.com.microsoft:p22-server2
Initiator ip addr (s): 10.1.22.6
iSCSI alias name:
Node WWN is 21:01:00:0d:ec:0c:d5:02 (dynamic)
Member of vsans: 3
Number of Virtual n_ports: 1
Virtual Port WWN is 21:02:00:0d:ec:0c:d5:02 (dynamic)
Interface iSCSI 2/1, Portal group tag: 0x80
VSAN ID 3, FCID 0xef0100
88 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 7 Save your configuration by completing the following steps on both switches:
1. From the CLI, save your configuration using the copy run start command.
2. Back up your running configuration to the TFTP server using the following
command:
# copy run tftp://10.0.0.198/podx/fname-nnnn-iscsi1.cfg
(where x is your pod number, fname is your first name, and nnnn is either 9506 or
9216)
90 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 3-2: Configuring Static Initiators and Targets
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
To provide a higher level of security for an iSCSI environment, your customer wants to
statically assign initiators to the MDS 9000 Series Multilayer Switch after allowing them to be
dynamically discovered. The customer would also like to statically assign iSCSI targets to
statically configured iSCSI initiators.
In this activity, you will configure iSCSI initiators by letting the initiators dynamically enter the
iSCSI environment, and then statically assigning them to the MDS 9000 Series Multilayer
Switch for security reasons. You will statically configure targets that have been discovered
dynamically. After completing this activity, you will be able to meet these objectives:
Restore your saved configuration from the previous lab.
Create static iSCSI initiators.
Create static iSCSI storage targets.
Verify iSCSI target properties in Windows 2000.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Command List
The table describes the commands used in this activity.
Command Description
sh iscsi session Lists all the active iSCSI initiator or target sessions.
Activity Procedure
Follow these steps on both switches:
Step 1 From the CLI, restore the configuration you saved at the end of Lab 3-1 using the
following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi1.cfg run (where x
is your pod number, fname is your first name, and nnnn is either 9506 or 9216.)
Step 2 From the CLI, copy the running-config file to the startup-config file using the copy
run start command.
Activity Verification
Follow these steps to verify that the configuration has been successfully restored:
Step 1 From the Windows 2000 server, double-click the Microsoft iSCSI Initiator
shortcut on the Windows desktop.
Step 2 Click the Target Portals tab.
Step 3 Click Add.
92 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 In the IP address or DNS name field, enter the IP address of the switch gigE2/1
interface: 10.1.x.y (where x is your pod number, and y is 21 for the MDS 9506 or 11
for the MDS 9216).
Step 7 Click Refresh, and confirm that the status of all targets is “Connected.”
Activity Procedure
Complete these steps:
Step 1 From the CLI, convert the dynamic initiator to a static initiator with the iscsi
initiator command. Your display should resemble the following:
# conf t
(config)# iscsi initiator ip-address 10.1.x.y (where x is your pod
number and y is 2 for the 9506 or 6 for the 9216)
(config-iscsi-init)# static nWWN system-assign
(config-iscsi-init)# static pWWN system-assign 1
(config-iscsi-init)# end
Step 4 Double-click the VSAN Membership column for the initiator name that contains an
IP address and assign VSAN membership as follows.
MDS 9506: VSAN 2
MDS 9216: VSAN 3
Step 5 If there is another iSCSI initiator with an IQN name (for example, iqn.1991-
05.com.microsoft:p22-server1), select it and click Delete. Click Yes to confirm the
deletion.
Step 6 Click Apply.
Step 7 Close the Cisco Device Manager iSCSI dialog box.
94 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
Follow these steps to verify that the dynamic iSCSI initiator has been converted to a static
initiator.
Step 1 From the CLI, view the running-config file using the show run command.
Step 2 Locate and confirm the static initiator configuration. Your display should provide
information similar to what is shown in following output sample:
iscsi initiator ip-address 10.1.2.2
static nWWN 24:03:00:0d:ec:09:77:02
static pWWN 24:04:00:0d:ec:09:77:02
Step 3 View the iSCSI initiator with the show iscsi initiator command. Your display
should resemble the following:
# show iscsi initiator
iSCSI Node name is 10.1.22.2
iSCSI Initiator name: iqn.1991-05.com.microsoft:p22-server1
iSCSI alias name:
Node WWN is 24:03:00:0d:ec:09:77:02 (configured)
Member of vsans: 2
Step 3 In the Targets tab, click Apply, then click Refresh. You should no longer see any
targets in the dialog box.
Step 4 Click Create.
96 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 5 In the Create iSCSI Targets dialog box, configure the following settings for each
switch:
In the iSCSI Name field, enter iqn.iscsidiskdrive1 for MDS 9506 or
iqn.iscsidiskdrive2 for MDS 9216.
Click the Down Arrow next to the Port WWN field. Choose the WWN of the
first target (for MDS 9506) or the second target (for MDS 9216) listed in the
Port WWN drop-down menu.
In the Initiator Access area, choose the List option and type the IP address of the
static initiator that you configured for your switch: 10.1.x.y/24 (where x is your
pod number, and y is 2 for MDS 9506 or 6 for MDS 9216). Remember to add
the subnet mask /24 after the IP address!
Under Advertised Interfaces, choose the Select from List option, and then
choose the gigE2/1 check box.
98 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 3 Select each target in turn and click Log Off to remove all of the dynamic targets that
you previously created.
Note If you see a warning dialog box that tells you that a target cannot be logged off because it is
in use, click OK, and then attempt to log off that target again.
Step 2 Verify iSCSI virtual targets with the show iscsi virtual-target command. Your
display should resemble the following output example:
# show iscsi virtual-target
target: iqn.iscsidiskdrive2
* Port WWN 21:00:00:0c:50:d1:bc:6d
Configured node
No. of advertised interface: 1
GigabitEthernet 2/1
No. of initiators permitted: 1
initiator 10.1.22.6/24 is permitted
all initiator permit is disabled
trespass support is disabled
revert to primary support is disabled
Step 3 View name server registration of iSCSI initiators with the show fcns database
command. Your display should resemble the following output example:
# show fcns database
VSAN 2:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x0c00dc NL 22:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target
0x0c00e0 NL 22:00:00:0c:50:dd:04:93 (Seagate) scsi-fcp:target
0x0c00e1 NL 22:00:00:0c:50:d1:bc:35 (Seagate) scsi-fcp:target
0x0c00e2 NL 22:00:00:0c:50:dd:87:8c (Seagate) scsi-fcp:target
0x0c00e4 NL 22:00:00:0c:50:d1:d1:91 (Seagate) scsi-fcp:target
0x0c00e8 NL 22:00:00:0c:50:d1:bc:6d (Seagate) scsi-fcp:target
0x0c0101 N 24:04:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init isc..w
Total number of entries = 7
100 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 View iSCSI session information with the show iscsi session command. Your display
should resemble the following output example:
# show iscsi session
Initiator 10.1.22.6
Initiator name 10.1.22.6
Session #1
Target iqn.iscsidiskdrive2
VSAN 3, ISID 400001370014, Status active, no reservation
Caution Be careful when working in Disk Administrator. Never make any configuration changes to
disks 0 or 1.
Activity Procedure
Complete these steps:
Step 1 On your Windows 2000 server desktop, right-click My Computer and choose
Manage.
Step 2 In the Computer Management window, choose Storage > Disk Management.
Step 3 In the lower right pane of Disk Manager, you will see several disk drives. Scroll
down in that panel and right-click each disk (one at a time) and choose Properties.
(Be sure to right-click the box that says Disk N, not the volume area to the right.)
102 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 3-2 Answer Key: Configuring Static Initiators and Targets
When you complete this activity, your switch running configuration file will be similar to the
following, with differences that are specific to your device or workgroup. The following is a
partial output of the show run command from the MDS 9216 in Pod 22 after completing this
activity.
vsan database
vsan 2
vsan 3
iscsi enable
iscsi interface vsan-membership
vsan database
vsan 3 interface iscsi2/1
vsan 3 interface fc1/6
iscsi initiator ip-address 10.1.22.6
vsan 3
iscsi initiator ip-address 10.1.22.6
static nWWN 21:03:00:0d:ec:0c:d5:02
static pWWN 21:04:00:0d:ec:0c:d5:02
iscsi virtual-target name iqn.iscsidiskdrive2
pWWN 21:00:00:0c:50:d1:bc:6d
advertise interface GigabitEthernet2/1
initiator ip address 10.1.22.6 permit
zone default-zone permit vsan 2
zone default-zone permit vsan 3
interface iscsi2/1
switchport description Client 1
no shutdown
interface GigabitEthernet2/1
iscsi authentication none
ip address 10.1.22.11 255.255.255.0
switchport description Primary iSCSI Interface
no shutdown
interface fc1/6
no shutdown
Exercise Objective
To provide a higher level of security for a iSCSI environment, your customer wants to segment
statically assigned initiators into separate VSANs, then further secure access by configuring
zoning for all iSCSI hosts and targets.
In this activity, you will zone your statically assigned iSCSI initiators and targets. After
completing this activity, you will be able to meet these objectives:
Restore your saved configuration.
Configure zoning using iSCSI initiators and targets.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment required to complete this activity:
An MDS 9506 Multilayer Director and an MDS 9216 Fabric Switch, each with an MDS
9000 IPS Module
Two Windows 2000 servers, each with the Microsoft iSCSI Initiator driver installed
A JBOD with at least two disks
104 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Command List
The table describes the commands used in this activity.
Command Description
show iscsi initiator Displays the configured information for the iSCSI initiator.
configured
debug ips iscsi flow Enables debugging for the IPS iSCSI flow.
show iscsi session Lists all the active iSCSI initiator or target sessions.
Activity Procedure
Follow these steps on both switches:
Step 1 From the CLI, restore the configuration you saved at the end of Lab 3-2 using the
following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi2.cfg run (where x
is your pod number, fname is your first name, and nnnn is either 9506 or 9216.)
Step 2 From the CLI, copy the running-config file to the startup-config file using the copy
run start command.
Activity Verification
Follow these steps to verify that the configuration has been successfully restored:
Step 1 From the Windows 2000 server, double-click the Microsoft iSCSI Initiator
shortcut on the Windows desktop.
Step 2 Click the Target Portals tab from iSCSI Initiators Properties
Step 4 Enter the IP address of the switch gigE2/1 interface: 10.1.x.y (where x is your pod
number, and y is 21 for the MDS 9506 or 11 for the MDS 9216).
Step 5 Click OK.
Step 6 Click the Available Targets tab.
Step 7 Click Refresh, and confirm that the status of the target is “Connected.”
106 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 2: Configuring Zones
In this task, you will configure zones and zone sets for your iSCSI devices. You will configure
zoning in VSAN 2 on the MDS 9506 Multilayer Director and in VSAN 3 on the MDS 9216
Fabric Switch.
Activity Procedure
Complete these steps on both switches.
Step 1 From the CLI, configure default zone permit settings for VSAN 2 and VSAN 3 to
deny access.
# conf t
(config)# no zone default-zone permit vsan 2 (MDS 9506 only)
(config)# no zone default-zone permit vsan 3 (MDS 9216 only)
Step 5 In the Edit Local Full Zone Database window choose Zonesets, and then click the
Insert button.
108 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 7 In the Edit Local Full Zone Database window choose Zones, and then click the
Insert button.
Step 9 Expand the Zonesets and Zones folders by clicking on the Plus [+] signs next to
each folder.
MDS 9506
MDS 9216
110 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 Add the selected devices to Zone1 by dragging them into Zone1 below the Zones
folder.
Step 12 Click Zone1 and add Zone1 to ZoneSet1 by dragging it into ZoneSet1.
Step 14 Check the Save Running to Startup Configuration check box and click Continue
Activation to activate ZoneSet1.
Step 15 You will see zone set activation status and a “Success” message in the lower left
corner of the Edit Local Full Zone Database window when the activation has
completed.
Step 16 When activation has completed and the configuration has been saved, click Close.
Step 17 Open the Microsoft iSCSI Initiator control panel from the shortcut on the
Windows 2000 desktop.
112 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 18 Click the Active Sessions tab.
114 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 25 Return to the CLI and view the debug output. Your display should resemble the
following sample output:
MDS9506# 2005 Apr 5 13:11:20 ips: Session Create init: iqn.1991-
05.com.microsot:p22-server1, ip addr: 10.1.22.2, target
iqn.iscsidiskdrive1
2005 Apr 5 13:11:20 ips: matched ip address configured initiator
2005 Apr 5 13:11:20 ips: Fc-port(5) pwwn 2404000dec097702 pgt 128
iscsi-if-index 0b080000 intf 02080000
2005 Apr 5 13:11:20 ips: Created session(14288) target name
iqn.iscsidiskdrive1 isid 400001370016 for initiator(5)
2005 Apr 5 13:11:20 ips: Target iqn.iscsidiskdrive1 a virtual
target checking access
2005 Apr 5 13:11:20 ips: Node iqn.iscsidiskdrive1 is allowed to
be advertised
to if_index 0x2080000, initiator iqn.1991-5.com.microsoft:p22-
server1
2005 Apr 5 13:11:20 ips: fc_port(5) Querying NS for target
pwwn:[2200000c50d1b35] sec pwwn:[0] wait 1
2005 Apr 5 13:11:20 ips: Got NS tgt response fc_port(5) sid
000c0101 vsan 2 did 000c00e1
2005 Apr 5 13:11:20 ips: Sending Session Create Response for
init_name:[iqn.1991-05.com.microsoft:p22-server1]
target_name:[iqn.iscsidiskdrive1] isid:[400001370016]
Activity Verification
Complete these steps on both the MDS 9506 Multilayer Director and the MDS 9216 Fabric
Switch:
Step 1 From the CLI, display the iSCSI initiator. Your display should resemble the
following sample output:
# show iscsi initiator
MDS9506# sh iscsi initiator
iSCSI Node name is 10.1.22.2
iSCSI Initiator name: iqn.1991-05.com.microsoft:p22-server1
iSCSI alias name:
Node WWN is 24:03:00:0d:ec:09:77:02 (configured)
Member of vsans: 2
Number of Virtual n_ports: 1
Virtual Port WWN is 24:04:00:0d:ec:09:77:02 (configured)
Interface iSCSI 2/1, Portal group tag: 0x80
VSAN ID 2, FCID 0x0c0101
Step 2 From the CLI, display all active zone sets. Your display should resemble the
following sample output:
# show zoneset active
MDS9506# show zoneset active
zoneset name ZoneSet1 vsan 2
zone name Zone1 vsan 2
* fcid 0x0c00e1 [pwwn 22:00:00:0c:50:d1:bc:35]
* fcid 0x0c0101 [pwwn 24:04:00:0d:ec:09:77:02]
Step 4 Save your configuration by completing the following steps on both switches:
1. From the CLI, save your configuration using the copy run start command.
2. Back up your running configuration to the TFTP server using the following
command:
# copy run tftp://10.0.0.198/podx/fname-nnnn-iscsi3.cfg
(where x is your pod number, fname is your first name, and nnnn is either 9506 or
9216)
116 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 3-3 Answer Key: Implementing Fibre Channel Access
Control for iSCSI
When you complete this activity, your switch running configuration file will be similar to the
following, with differences that are specific to your device or workgroup. The following is a
partial output of the show run command from the MDS 9216 Fabric Switch in Pod 22 after
completing this activity.
vsan database
vsan 2
vsan 3
iscsi enable
iscsi interface vsan-membership
vsan database
vsan 3 interface iscsi2/1
vsan 3 interface fc1/6
iscsi initiator ip-address 10.1.22.6
vsan 3
iscsi initiator ip-address 10.1.22.6
static nWWN 21:03:00:0d:ec:0c:d5:02
static pWWN 21:04:00:0d:ec:0c:d5:02
iscsi virtual-target name iqn.iscsidiskdrive2
pWWN 21:00:00:0c:50:d1:bc:6d
advertise interface GigabitEthernet2/1
initiator ip address 10.1.22.6 permit
zone broadcast enable vsan 3
zone name Zone1 vsan 3
member pwwn 21:00:00:0c:50:d1:bc:6d
member pwwn 21:04:00:0d:ec:0c:d5:02
zoneset name ZoneSet1 vsan 3
member Zone1
zoneset activate name ZoneSet1 vsan 3
interface iscsi2/1
switchport description Client 1
no shutdown
interface GigabitEthernet2/1
iscsi authentication none
ip address 10.1.22.11 255.255.255.0
switchport description Primary iSCSI Interface
no shutdown
interface fc1/6
no shutdown
Activity Objective
Your customer wants all iSCSI initiators to have secured access to the Fibre Channel fabric,
and the customer wants to manage this security from a central location.
In this activity, you will configure IP ACLs, iSCSI target advertising, and CHAP authentication
on the MDS 9000 IPS Module. You will also configure the MDS 9000 IPS Module to use
RADIUS to authenticate iSCSI initiators using the CHAP protocol. After completing this
activity, you will be able to meet these objectives:
Restore your saved configuration.
Configure IP ACLs to restrict iSCSI initiator access to virtual iSCSI targets.
Configure target advertising to restrict visibility of virtual iSCSI targets.
Configure CHAP authentication for iSCSI initiators.
Configure a RADIUS server using Windows Internet Authentication Service (IAS).
Configure the MDS 9000 IPS Module to use a RADIUS server to authenticate iSCSI
initiators.
Visual Objective
The figure illustrates what you will accomplish in this activity.
118 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Required Resources
These are the resources and equipment required to complete this activity:
An MDS 9506 Multilayer Director and an MDS 9216 Fabric Switch, each with an MDS
9000 IPS Module
Two Windows 2000 servers, each with the Microsoft iSCSI Initiator software driver
installed
A JBOD with at least two disks
Command List
The table describes the commands used in this activity.
Command Description
show interface Displays the description of the Gigabit Ethernet interface in the
gigabitethernet specified slot/port.
slot/port
show radius-server Displays all configured RADIUS server parameters.
Note Note that you must restore your saved configuration to the startup configuration, not the
running configuration as you did in the previous labs. When you restore to the running
configuration, the saved configuration is merged with the running configuration. This was an
acceptable method in the previous labs, but in this case you need to erase the FC access
control configuration from Lab 3-3. Therefore, you must restore to the startup configuration.
When you restore to the startup configuration and reload, the saved configuration replaces
the running configuration.
Activity Verification
Complete these steps to verify that the configuration has been successfully restored:
Step 1 Open the Microsoft iSCSI Initiator control panel from the shortcut on the
Windows desktop.
Step 2 Click the Target Portals tab.
Step 3 Click Add.
Step 4 Enter the IP address of the switch gigE2/1 interface: 10.1.x.y (where x is your pod
number, and y is 21 for the MDS 9506 or 11 for the MDS 9216).
Step 5 Click OK.
120 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 6 Click the Available Targets tab.
Step 7 Click Refresh and confirm that the status of the target is “Connected.”
Activity Procedure
Complete these steps:
Step 1 Open the Cisco Device Manager.
Step 2 From the Device Manager main menu, choose Security > IP ACL.
Step 5 In the Create IP ACL Profiles dialog box, enter ACL1 in the Name field.
122 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 7 In the IP ACL window, click the Profiles tab, choose the newly created IP ACL
profile name, and click Rules.
124 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 Create a second IP filter to deny ICMP echo from the server that is not configured
locally as a static initiator on this MDS 9000 Series Multilayer Switch. Configure
the following parameters for the IP filter:
In the Index field, enter 2.
Set the Action option to deny.
Set the Protocol field to 1 ICMP.
In the Source area, configure the following:
— In the Address field, enter the IP address of the server that has not been
configured as the static initiator for this switch.
— In the Wildcard field, enter 0.0.0.0.
— In the Ports field, enter 0.
— In the To field, enter 65535.
In the Destination area, configure the following:
— In the Address field, enter the IP address of the gigE2/1 interface
— In the Wildcard field, enter 0.0.0.0.
— In the Ports field, enter 0.
— In the To field, enter 65535.
In the Other area, set the ICMP Type to 8 echo.
Step 16 In the Create IP ACL Interfaces dialog box, click the […] button beside the Interface
field to apply the IP ACL inbound to the gigE2/1 interface.
Step 17 Click the gigE2/1 interface and confirm that the mgmt0 Logical Interface check box
is unchecked.
Step 18 Click OK.
126 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 19 From the ProfileName field list, choose ACL1.
Step 24 Enable debug output for the IP ACL with the debug ipacl all command:
Note If you are working on the MDS 9506, you will use the Microsoft iSCSI Initiator control panel
on Server1 to log in to the iSCSI target, and then attempt to ping gigE2/1 from Server2.
If you are working on the MDS 9216, you will use the Microsoft iSCSI Initiator control panel
on Server2 to log in to the iSCSI target, and then attempt to ping gigE2/1 from Server1.
Step 1 From the desktop of the server that is configured as the static initiator for this
switch, open the Microsoft iSCSI Initiator control panel.
Step 2 Click the Active Sessions tab, and then click Log Off.
128 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 3 Click the Available Targets tab, and then click Log On.
130 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 3: Configuring iSCSI Target Advertisement
In this task you will configure target advertisement for your iSCSI interfaces.
Activity Procedure
Complete these steps on both the MDS 9506 Multilayer Director and the MDS 9216 Fabric
Switch:
Step 1 From the Cisco Device Manager, choose IP > iSCSI.
Step 4 In the Advertised Interfaces dialog box, choose interface gigE2/1 and click Delete.
Step 7 In the Create Advertised Interface dialog box, choose gigE2/2 in the Interface drop-
down menu. Note that your server is actually connected to interface gigE2/1, not
gigE2/2.
Step 8 Click Create, then click Close.
132 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
Complete the following steps from Server1 and Server2:
Step 1 From the desktop of the server that is configured as the static initiator for this
switch, open the Microsoft iSCSI Initiator control panel.
134 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 12 Return to the Microsoft iSCSI Initiator control panel.
Step 2 In the gigE2/1 dialog box, change the IscsiAuthMethod to chap for interface
gigE2/1.
136 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 From the Cisco Device Manager main menu, choose IP > iSCSI.
Step 5 Click the Globals tab and change the AuthMethod from none to chap.
Step 7 From the Cisco Device Manager main menu, choose Security > iSCSI.
Step 8 In the iSCSI Security dialog box, configure the following settings:
In the iSCSI User field, enter the IP address of the locally configured iSCSI
initiator.
In the Password and Confirm Password fields, enter mds9000labchap.
Step 9 Click Create, then click Close.
138 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Procedure 2: Enable CHAP on the iSCSI Initiator
Complete these steps on both servers:
Step 1 From the Windows 2000 desktop, open the Microsoft iSCSI Initiator control panel.
Step 2 Click the Initiator Settings tab.
Step 3 In the Change to: field in the Change Initiator Node Name area, type the iSCSI
username that you configured in Step 8. This should match the IP address of the
iSCSI initiator: 10.1.x.y (where x is your pod number and y is 2 for Server1 or 6 for
Server2).
Step 4 Click Change.
Step 5 Click the Target Portals tab.
Step 6 Click Remove to delete the configured target portal.
Step 8 In the IP address or DNS name field, enter the IP address of interface gigE2/1 on
your switch: 10.1.x.y (where x is your pod number and y is 21 for the MDS 9506 or
11 for the MDS 9216).
Step 9 Click Advanced to configure the CHAP parameters for the discovery session.
Step 10 Check the CHAP logon information check box.
Step 11 Enter mds9000labchap in the Target Secret field.
140 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 12 Click OK to close the Advanced Settings window.
Step 13 Click OK to close the Add Target Portal window.
Activity Verification
Complete these steps to verify that your iSCSI initiator is authenticating with the switch:
Step 1 From the switch CLI, issue the following command to debug CHAP authentication:
MDS9506# debug aaa events
Step 2 Return to the Microsoft iSCSI Initiator control panel and click the Active Sessions
tab.
142 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 7 Check the CHAP logon information check box.
Step 12 Turn off all debugging with the undebug all command.
You have completed this task when you attain these results:
You view debug output that shows that CHAP authentication has occurred.
The Microsoft iSCSI Initiator properties Available Target and Active Sessions tabs both
reflect a status of “Connected.”
Note If you are working alone you will configure Server 1 and the MDS 9506 Multilayer Director. If
you are working in teams, one team will configure Server 1 and the MDS 9506 Multilayer
Director, and the other team will configure Server 2 and the MDS 9216 Fabric Switch.
Activity Procedure
Complete these steps on the server.
Step 1 From your server desktop, right-click My Computer and choose Manage.
Step 2 Expand Local Users and Groups in the left pane, then right-click Users and choose
New User.
144 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 3 Enter the iSCSI Security User name that you used in the previous task: 10.1.x.y
(where x is your pod number and y is the last octet of the IP address of your iSCSI
initiator—2 on Server 1 and 6 on Server 2).
.
Step 11 Click Apply, then click OK.
Step 12 Open the Windows IAS configuration tool by choosing Start > Programs >
Administrative Tools > Internet Authentication Service.
Note If IAS is not already installed on your Windows 2000 server, you can install it by clicking:
Start > Settings > Control Panel > Add/Remove Programs > Add/Remove Windows
Components > Networking Services > Details > Internet Authentication Service.
146 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 13 From the Internet Authentication Service (Local) tree view, right click the Clients
folder and chose New Client.
Step 14 In the Add Client dialog box, configure the following settings:
In the Friendly name field, enter the client name in the format MDSnnnn, where
nnnn is either 9506 or 9216 and correlates with your assigned switch.
Confirm that the Protocol field is set to RADIUS.
Step 17 Click Finish and verify that the client you configured appears in the Details pane of
the IAS Clients folder.
Step 18 Right-click Remote Access Policies from the IAS tree view and choose New
Remote Access Policy.
148 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 19 In the Add Remote Access Policy dialog box, specify iSCSI_HOST as the name for
the new Remote Access Policy in the Policy Friendly Name field.
Step 23 In the Client IP Address dialog box, enter 10.*.*.* as the wild card for the Client-IP-
Address attribute and then click OK.
150 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 24 In the Add Remote Access Policy dialog box, ensure that the “Client IP Address
matches ″10.*.*.*″ ” condition appears in the Conditions field, then click Next.
Step 25 In the Add Remote Access Policy dialog box, click the Grant remote access
permission radio button and then click Next.
Step 27 In the Edit Dial-in Profile dialog box, click the Authentication tab.
152 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 28 Check the Encrypted Authentication (CHAP) authentication check box as the
method to be used for this connection.
Activity Verification
You have completed this task when you attain these results:
The new iSCSI_HOST policy appears in the right pane of the Internet Authentication
Services dialog box. (If you do not see the policy, ensure that the Remote Access Policies
item is selected in the left pane.)
154 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 6: Configuring RADIUS Authentication
In this task, you will configure your MDS 9000 Series Multilayer Switch to use RADIUS for
iSCSI CHAP authentication.
Note If you are working alone you will configure the MDS 9506 Multilayer Director. If you are
working in teams, one team will configure the MDS 9506 Multilayer Director, and the other
team will configure the MDS 9216 Fabric Switch.
Activity Procedure
Complete these steps:
Step 1 From the switch CLI, execute the show authentication command.
Step 2 Confirm that the current local authentication mechanism for iSCSI is not enabled.
Step 3 Execute the following command to display the configuration of interface gig2/1:
# show interface gig2/1
Step 4 Confirm that the current interface authentication mechanism for iSCSI is CHAP.
Step 5 From the Cisco Device Manager main menu, choose Security > AAA.
Step 6 Click the Servers tab, and click Create.
156 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
© 2005, Cisco Systems, Inc. Lab Guide 157
Step 10 Click the Applications tab and enter 1 in the “iSCSI,all,authentication” row of the
ServerGroupIdList column.
Step 11 Click Apply and then click Close.
Step 12 From the CLI, enter the show radius-server command and verify your
configuration. Your display should resemble the following:
MDS9506# show radius-server
retransmission count:1
timeout value:1
total number of servers:1
following RADIUS servers are configured:
10.0.22.2:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
timeout:5
retries:2
Step 13 From the Cisco Device Manager, right-click gigE2/1 and choose Configure.
Step 14 In the configuration dialog box, click the iSCSI tab and click the passThrough
radio button in the ForwardingMode field.
Step 15 Click the ipaddress radio button in the Initiator ID Mode field.
158 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 16 Click Apply and then click Close.
Activity Verification
Complete these steps to verify that RADIUS authentication is active and that the iSCSI initiator
can still authenticate with the switch:
Step 1 From the LabGear interface, click the console link for your switch to start a new
CLI session. If you already have a console session open, just log out and log in
again.
Step 2 From the CLI, enter the show authentication command. Your display should
resemble the following:
# show authentication
authentication method:radius
console:not enabled
telnet/ssh:not enabled
iscsi:enabled
authentication method:local
console:not enabled
telnet/ssh:not enabled
iscsi:not enabled
Confirm that RADIUS is the only authentication method enabled for iSCSI. Under
authentication method:local, you should see iscsi:not enabled.
Step 3 Enter the debug radius aaa-request-lowlevel command to view RADIUS
authentication of the iSCSI CHAP session.
160 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 5 Click the Available Targets tab.
162 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 12 Return to the switch CLI and observe the debug output of the iSCSI authentication
request. Your display should resemble the following:
MDS9506# debug radius aaa-request-lowlevel
MDS9506# 2005 Apr 7 15:34:42 radius: process_aaa_radius_request:
entering for aaa session id 0
2005 Apr 7 15:34:42 radius: received CHAP authentication request for
10.1.22.2
2005 Apr 7 15:34:42 radius: get_radius_server_group_info: entering...
2005 Apr 7 15:34:42 radius: radius_request_process: event:
FIRST_REQUEST, switch to first server
2005 Apr 7 15:34:42 radius: radius_request_process_next_server:
entering...
2005 Apr 7 15:34:42 radius: radius_request_process_next_server:
looping thru servers in servergroup...
2005 Apr 7 15:34:42 radius: process_aaa_radius_request: returning
TRUE...
2005 Apr 7 15:34:42 radius: chap_data_available_func: entering for
aaa session 0
2005 Apr 7 15:34:42 radius: chap_data_available_func: RADIUS server
sent accept for authentication aaa session 0
2005 Apr 7 15:34:42 radius: chap_reply: entering for aaa session: 0
2005 Apr 7 15:34:42 radius: send_aaa_radius_resp_mts: entering for
aaa session 0
2005 Apr 7 15:34:42 radius: send_aaa_radius_resp_mts: exiting for aaa
session
2005 Apr 7 15:34:42 radius: chap_reply: exiting for aaa session: 0
Step 13 Turn off all debugging with the undebug all command.
Step 14 Save your configuration by completing the following steps on both switches:
1. From the CLI, save your configuration using the copy run start command.
2. Back up your running configuration to the TFTP server using the following
command:
# copy run tftp://10.0.0.198/podx/fname-nnnn-iscsi4.cfg
(where x is your pod number, fname is your first name, and nnnn is either 9506 or
9216)
Activity Verification
You have completed this task when you attain these results:
The RADIUS server “sent accept” message appears in the debug output.
In the Microsoft iSCSI Initiator Properties dialog box, the connection state of all iSCSI
targets is “Connected.”
164 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Lab 3-5: Implementing High-Availability iSCSI
Configurations
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
The customer would like to implement a highly available iSCSI interconnect environment. You
must ensure that the redundancy is in place in both the front-end network, which connects the
iSCSI host (initiator) to the MDS 9000 Series Multilayer Switch, and the back-end network,
which connects the iSCSI client to storage targets.
In this activity, you will configure the Virtual Router Redundancy Protocol (VRRP) so that the
iSCSI connection can survive the failure of an MDS 9000 Series Multilayer Switch or Ethernet
interface. You will then configure the target portal multipathing feature on the MDS 9000
Series Multilayer Switch to provide high availability on the back end. After completing this
activity, you will be able to meet these objectives:
Restore your previous configuration.
Configure VRRP for iSCSI initiators.
Implement target portal multipathing.
Test and verify the configuration.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Command List
The table describes the commands used in this activity.
Command Description
show iscsi initiator Displays configuration information for all configured iSCSI
initiators.
show iscsi virtual-target Displays configuration information for all configured iSCSI
virtual targets.
show fcns database Displays the contents of the Fibre Channel Name Server
database
show iscsi session Displays information about all active iSCSI sessions.
iscsi initiator ip-address Creates a static iSCSI initiator with the name ip-address.
ip-address
show vrrp Displays configuration and status information about all
configured VRRP virtual routers.
Note Note that you must restore your saved configuration to the startup configuration, not the
running configuration as you did in the previous labs. When you restore to the running
configuration, the saved configuration is merged with the running configuration. This was an
acceptable method in the previous labs, but in this case you need to erase the FC access
control configuration from Lab 3-4. Therefore, you must restore to the startup configuration.
When you restore to the startup configuration and reload, the saved configuration replaces
the running configuration.
166 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Procedure
Complete these steps to load your configuration from the TFTP server:
Step 1 Erase your current startup configuration.
# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
Step 2 Copy the configuration you saved at the end of Lab 3-2 to the startup configuration
using the following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi2.cfg start
(where x is your pod number, fname is your first name, and nnnn is either 9506 or
9216)
Activity Verification
Complete these steps to verify that the configuration has been successfully restored:
Step 1 Open the Microsoft iSCSI Initiator control panel from the shortcut on the
Windows desktop.
Step 2 Click the Target Portals tab.
Step 3 Click Add.
Step 4 Enter the IP address of the switch gigE2/1 interface: 10.1.x.y (where x is your pod
number, and y is 21 for the MDS 9506 or 11 for the MDS 9216).
Step 5 Click OK.
Step 7 Click Refresh and confirm that the status of the target is “Connected.”
Step 8 Display configured iSCSI initiators with the show iscsi initiator command. Your
display should resemble the following example:
MDS 9506# show iscsi initiator
iSCSI Node name is 10.1.22.2
iSCSI Initiator name: 10.1.22.2
iSCSI alias name:
Node WWN is 24:03:00:0d:ec:09:77:02 (configured)
Member of vsans: 2
Number of Virtual n_ports: 1
Virtual Port WWN is 24:04:00:0d:ec:09:77:02 (configured)
Interface iSCSI 2/1, Portal group tag: 0x80
VSAN ID 2, FCID 0x0c0101
168 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
VSAN ID 3, FCID 0xef0101
Step 9 Display configured iSCSI virtual targets with the show iscsi virtual-target
command. Your display should resemble the following example:
MDS 9506# show iscsi virtual-target
target: iqn.iscsidiskdrive1
* Port WWN 22:00:00:0c:50:d1:bc:35
Configured node
No. of advertised interface: 1
GigabitEthernet 2/1
No. of initiators permitted: 1
initiator 10.1.22.2/24 is permitted
all initiator permit is disabled
trespass support is disabled
revert to primary support is disabled
MDS 9216# show iscsi virtual-target
target: iqn.iscsidiskdrive2
* Port WWN 21:00:00:0c:50:d1:bc:6d
Configured node
No. of advertised interface: 1
GigabitEthernet 2/1
No. of initiators permitted: 1
initiator 10.1.22.6/24 is permitted
all initiator permit is disabled
trespass support is disabled
revert to primary support is disabled
Step 10 Display name server information with the show fcns database command. Your
display should resemble the following example:
MDS 9506# show fcns database
VSAN 2:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x0c00dc NL 22:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target
0x0c00e0 NL 22:00:00:0c:50:dd:04:93 (Seagate) scsi-fcp:target
0x0c00e1 NL 22:00:00:0c:50:d1:bc:35 (Seagate) scsi-fcp:target
0x0c00e2 NL 22:00:00:0c:50:dd:87:8c (Seagate) scsi-fcp:target
0x0c00e4 NL 22:00:00:0c:50:d1:d1:91 (Seagate) scsi-fcp:target
0x0c00e8 NL 22:00:00:0c:50:d1:bc:6d (Seagate) scsi-fcp:target
0x0c0101 N 24:04:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init
isc..w
Total number of entries = 7
VSAN 3:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0xef00dc NL 21:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target
170 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 Display iSCSI session information with the show iscsi session command. Your
display should resemble the following example:
MDS 9506# show iscsi session
Initiator 10.1.22.2
Initiator name 10.1.22.2
Session #1
Target iqn.iscsidiskdrive1
VSAN 2, ISID 400001370003, Status active, no reservation
Note If you are working alone in your pod, you must perform this task on both switches.
172 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 5 Click the iSCSI tab and configure the following settings:
Admin: up
Port VSAN: MDS 9506 is VSAN 3, MDS 9216 is VSAN 2
Initiator ID Mode: ipaddress
174 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 9 To create the IP address used by the first VRID (21), configure the Create VRRP
IP Addresses dialog box with the following settings:
Interface: gigE2/1
VrId: 21
IpAddr: 10.1.x.21 (where x is your pod number)
Step 14 Click within the Status Admin field and change the status from down to up for both
interfaces and VRIDs.
Step 15 Click Apply and leave the VRRP dialog box open.
Activity Procedure 3: Configure Virtual Routers on the MDS 9216 Fabric Switch
Complete this procedure on the MDS 9216 Fabric Switch. If you are working on the MDS 9506
Multilayer Director, skip this procedure and proceed to Activity Verification.
Step 1 From Cisco Device Manager, select the IP > VRRP menu.
Step 2 Click Create to create the first VRID (21).
Step 3 Configure the Create VRRP General dialog box with the following settings:
Interface: gigE2/2
VrId: 21
Priority: 90
PreemptMode: Unchecked
176 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 Click Create.
Step 5 To create the second VRID (11), configure the Create VRRP General dialog box
with the following settings:
Interface: gigE2/1
VrId: 11
Priority: 90
PreemptMode: Unchecked
Step 6 Click Create, and then click Close.
Step 7 Click the IP Addresses tab.
Step 8 Click Create.
Step 9 To create the IP address used by the first VRID (21), configure the Create VRRP
IP Addresses dialog box with the following settings:
Interface: gigE2/2
VrId: 21
IpAddr: 10.1.x.21 (where x is your pod number)
178 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
When you and your teammates have completed the VRRP configuration on both switches,
complete these steps on both switches to verify your configuration:
Step 1 In the VRRP dialog box, click Refresh.
Step 2 Compare the values in the Status Admin, Status Oper, and Priority fields with the
results shown here:
Status
Switch Interface, VRID Priority
Admin Oper
gigE2/1, 11 up master 90
MDS 9216
gigE2/2, 21 up backup 90
You have successfully completed this task when you attain the following results:
VRID 11 master interface is MDS 9216 gigE2/1, backup interface is MDS 9506 gigE2/2
VRID 21 master interface is MDS 9506 gigE2/1, backup interface is MDS 9216 gigE2/2
To summarize, you and your teammates have worked together to create two virtual routers:
VRID 11 provides redundancy for the initiators connected to gigE2/1 on the MDS 9216
Fabric Switch via a backup interface on gigE2/2 on the MDS 9506 Multilayer Director.
VRID 21 provides redundancy for the initiators connected to gigE2/1 on the MDS 9506
Multilayer Director via a backup interface on gigE2/2 on the MDS 9216 Fabric Switch.
Note The configured priority has not determined which interface is the master. This is because
you configured each VRID IP address to match the IP address of one of the switch
interfaces (gigE2/1). Therefore, that interface automatically assumes the highest priority.
Step 2 When both teams have completed Step 1, verify that the PortChannel has been
created successfully and that all interfaces are up:
# sh port-channel database
port-channel 128
Administrative channel mode is active
Operational channel mode is active
Last membership update succeeded
Channel is auto created
First operational port is fc1/7
3 ports in total, 3 ports up
Ports: fc1/7 [up] *
fc1/8 [up]
fc1/9 [up]
180 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 4 Locate the iSCSI initiator that was configured on the other switch. In other words, if
you are working on the MDS 9506 Multilayer Director, locate the static initiator
configured on the MDS 9216 Fabric Switch. If you are working on the MDS 9216
Fabric Switch, locate the static initiator configured on the MDS 9506 Multilayer
Director. Document the following details of that initiator:
Parameter Value
IP address
VSAN
Step 5 Using the CLI on the other switch, replicate the static initiator that you documented
in Step 4 using the iscsi initiator ip-address command. In other words, if you are
working on the MDS 9506 Multilayer Director, create a duplicate static initiator on
the MDS 9216 Fabric Switch. If you are working on the MDS 9216 Fabric Switch,
create a duplicate static initiator on the MDS 9506 Multilayer Director. Your display
should resemble the following examples:
MDS 9216# conf t
Enter configuration commands, one per line. End with CNTL/Z.
MDS 9506(config)# iscsi initiator ip-address 10.1.22.6
MDS 9506(config-iscsi-init)# vsan 3
MDS 9506(config-iscsi-init)# static nWWN 21:03:00:0d:ec:0c:d5:02
MDS 9506(config-iscsi-init)# static pWWN 21:04:00:0d:ec:0c:d5:02
MDS 9506(config-iscsi-init)# end
182 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 3: Configuring Target Portal Multipathing
In this task you will configure Target Portal Multipathing to provide redundant paths from the
logical iSCSI interfaces to the Fibre Channel JBOD disks. The JBOD is dual-ported to both
switches in your pod. In this task, you will complete the following procedures:
Configure secondary port WWNs and iSCSI targets
Configure secondary iSCSI static initiators
Activity Procedure 1: Configure Secondary Port WWNs and iSCSI Targets on the
MDS 9506
Complete these steps if you are configuring the MDS 9506 Multilayer Director. If you are
configuring the MDS 9216 Fabric Switch, proceed to Activity Procedure 2.
Step 1 In Cisco Device Manager, choose IP > iSCSI.
Step 2 Click the Targets tab.
Step 3 Click in the Primary Port WWN field and press Ctrl-C to copy the Primary Port
WWN.
Step 4 Click in the Secondary Port WWN field and press Ctrl-V to paste the Primary Port
WWN.
Step 5 Double-click the Secondary Port WWN field and edit the first two numbers of the
WWN:
If the Primary Port WWN begins with 22, change the Secondary Port WWN to
begin with 21.
If the Primary Port WWN begins with 21, change the Secondary Port WWN to
begin with 22.
Note Dual-ported Seagate FC disk drives, like the drives used in this lab, have one port WWN
that begins with 21 and another port WWN that begins with 22.
184 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 16 Double-click the Secondary Port WWN and edit the first two numbers:
If the Primary Port WWN begins with 22, change the Secondary Port WWN to
begin with 21.
If the Primary Port WWN begins with 21, change the Secondary Port WWN to
begin with 22.
Step 4 Click within the Secondary Port WWN field and press Ctrl-V to paste the Primary
Port WWN.
Step 5 Double-click the Secondary Port WWN and edit the first two numbers of the WWN:
If the Primary Port WWN begins with 22, change the Secondary Port WWN to
begin with 21.
If the Primary Port WWN begins with 21, change the Secondary Port WWN to
begin with 22.
Note Dual-ported Seagate FC disk drives, like the drives used in this lab, have one port WWN
that begins with 21 and another port WWN that begins with 22.
186 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 11 Configure the failover path to the iSCSI target with the following settings:
iSCSI Name: iqn.iscsidiskdrive2
Port WWN: Select the Port WWN that matches the Secondary Port WWN from
Step 5.
Initiator Access: Click the List radio button and enter 10.1.x.6/24 (where x is
your pod number).
Advertised Interfaces: Click the Select from List radio button and check
gigE2/2.
188 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 4: Verifying High Availability
In this task you will demonstrate the reliability of your configuration.
Caution Wait until the team working on the other switch and Windows 2000 server are ready to
proceed before you test VRRP. Both teams should work together to perform this procedure.
Complete these steps on your assigned switch and Windows 2000 server:
Step 1 Open the Microsoft iSCSI Initiator control panel.
Step 2 Click the Active Sessions tab from iSCSI Initiator Properties. Click Refresh and
verify that the status is “Connected.”
Step 4 Display the iSCSI session status on both switches with the show iscsi session
command. Your display should resemble the following. Take note of which IP
address is displayed on your switch (10.1.x.2 or 10.1.x.6). At this point, the IP
address should be the IP address of your iSCSI initiator.
MDS 9506# show iscsi session
Initiator 10.1.22.2
Session #1
Target iqn.iscsidiskdrive1
190 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 6 Return to the Windows 2000 server desktop. In the Microsoft iSCSI Initiator control
panel, observe the status of the active session. Do this on both servers.
Step 7 Click Refresh. The status of both sessions might show “Reconnecting” and then
“Connected” as the virtual router fails over to the switch that is the VRRP backup.
Step 8 Display the VRRP status on both switches with the show vrrp command. Your
display should resemble the following example:
MDS 9506# show vrrp
Interface VR Status
-------------------------------------------------------
GigabitEthernet2/1 21 init
GigabitEthernet2/2 11 master
Initiator 10.1.22.6
Session #1
Target iqn.iscsidiskdrive2
Step 10 Reenable Gigabit Ethernet port 2/1 with the no shutdown command.
Step 11 Execute the show vrrp command again and verify that the virtual router interfaces
have returned to their original state as displayed in Step 3.
Caution Wait until the team working on the other switch and Windows 2000 server are ready to
proceed before you test target portal multipathing. Both teams should work together to
perform this procedure.
192 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Verification
You have successfully completed this task when you attain these results:
You observe the transfer of VRRP master operations and failover of iSCSI initiators when
disabling Gigabit Ethernet interfaces.
The status of all iSCSI target sessions remains “Connected” when one of the JBOD
interfaces is disabled.
194 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
iscsi authentication none
ip address 10.1.22.11 255.255.255.0
switchport description Primary iSCSI Interface
no shutdown
vrrp 11
priority 90
address 10.1.22.11
no shutdown
interface GigabitEthernet2/2
ip address 10.1.22.12 255.255.255.0
no shutdown
vrrp 21
priority 90
address 10.1.22.21
no shutdown
interface fc1/6
no shutdown
interface fc1/7
channel-group auto
no shutdown
interface fc1/8
channel-group auto
no shutdown
interface fc1/9
channel-group auto
no shutdown
Activity Objective
In this activity, you will use various CLI commands to diagnose configuration problems with
FCIP and iSCSI. After completing this activity, you will be able to:
Diagnose and resolve Gigabit Ethernet port, FCIP profile, and FCIP tunnel configuration
errors.
Diagnose and resolve FCIP high-availability configuration issues.
Diagnose and resolve basic iSCSI connectivity issues.
Diagnose and resolve iSCSI high-availability configuration issues.
Required Resources
These are the resources and equipment required to complete this activity:
An MDS 9506 Multilayer Director switch and an MDS 9216 Fabric Switch: each with an
MDS 9000 IPS Module
Two Windows 2000 servers, each with a Fibre Channel HBA and the Microsoft iSCSI
Initiator software driver installed
A JBOD with at least two disks
Configuration files for each of the tasks. The configuration files are stored on the lab
backbone server (BB_Server) at 10.0.0.198.
196 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Command List
The table describes the commands used in this activity.
Command Description
show interface fcip x Displays the status of and statistics for FCIP interface x.
show iscsi virtual- Lists all the active iSCSI virtual targets.
target
show vrrp Displays the VRRP configuration information.
Job Aids
Please refer to the tables in Appendix A of the Accessing the Remote Lab section on page 213
to determine the correct IP addresses for the management and Gigabit Ethernet interfaces of the
switches in your pod.
Problem Statement
A remote SAN is being set up by a customer storage-testing group to validate new human
resources software. A member of the engineering team used files from the production SAN for
the initial configuration. The engineer modified the files and loaded them on the MDS 9506
Multilayer Director and MDS 9216 Fabric Switch before leaving for an extended sabbatical in
Antarctica. Unfortunately, the engineer did not adequately test the configuration before leaving,
and mobile phones do not appear to work in Antarctica. You have been asked to come in and
resolve the issues.
To complete your task, you must resolve any configuration issues on the MDS 9000 Series
switches, then verify that the Windows 2000 server that is attached to the MDS 9216 Fabric
Switch in your pod can access the JBOD that is attached to the MDS 9506 Multilayer Director
through an FCIP tunnel between the MDS 9000 IPS Modules.
Note There might be more than one item that must be corrected for each problem. You can
troubleshoot them in any order.
Visual Objective
The figure illustrates the configuration that you will troubleshoot in this task.
198 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Procedure 1: Loading the Configuration
Complete these steps to copy and load the Task 1 configuration files:
Step 1 Log in to your MDS 9000 Series Multilayer Switch CLI as admin with password
1234qwer.
Step 2 Clear the current startup configuration and reboot the switch. Your display should
resemble the following:
# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
# reload
This command will reboot the system. (y/n)? y
Step 3 After the switch has reloaded, run the initial setup to configure the following:
Admin password: 1234qwer
Switch name: mdsnnnn-x (where nnnn is 9216 or 9506 and x is your pod
number; for example, Pod 21 is mds9216-21)
Mgmt0 IP address: 10.0.x.y (where x is your pod number, y is 3 for MDS 9216
and y is 5 for MDS 9506)
Mgmt0 IP netmask: 255.255.255.0
Default gateway: 10.0.x.254 (where x is your pod number)
NTP server IP address: 10.0.x.254 (where x your pod number)
Note Accept the default for all other settings in the initial setup.
Step 4 Copy the starting configuration for this task to your switch running configuration.
Replace the variable x with your pod number.
If you are working on the MDS 9216 Fabric Switch, use the following
command:
# copy tftp://10.0.0.198/podx/cmse/9216-tt-1 run
If you are working on the MDS 9506 Multilayer Director, use the following
command:
# copy tftp://10.0.0.198/podx/cmse/9506-tt-1 run
Step 5 Your prompt should look similar to the following example: (TT1 indicates trouble
ticket 1.)
MDS9216-xx(TT1)#
Step 6 Save your configuration using the copy run start command.
Step 5 From the MDS 9216 Fabric Switch, try to ping the Gigabit Ethernet interface of the
MDS 9506 Multilayer Director. Then try pinging in the reverse direction. Complete
the following table:
Switch Route
MDS 9216
MDS 9506
Step 7 Display the FLOGI database for both switches. Complete the following table:
Step 8 Display the FCNS database for both switches. Complete the following table:
200 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Step 9 Document your FCIP profile configurations in the following table:
MDS 9216
MDS 9506
MDS 9216
MDS 9506
Step 11 View your active zone configuration and note any problems in the following table:
MDS 9216
MDS 9506
Problem Solution
Activity Verification
You have completed this task when you attain these results:
The show fcns database command shows that your VSAN contains host and storage ports
from different domains (different switches).
Your Windows 2000 server can access the JBOD across the FCIP tunnel.
202 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 2: Troubleshoot FCIP High-Availability Configuration
Issues
In this task, you will resolve configuration issues with an FCIP high-availability configuration.
Problem Statement
To minimize downtime between sites, your customer has decided to implement redundant
connections for high availability over the WAN, for the customer’s mission-critical OLTP
software. Upon returning from sabbatical in Antarctica, the SAN administrator attempted to
configure a PortChannel between the switches. Unfortunately, the administrator suffered
extreme frostbite during the sabbatical, and cannot type very well. You have been asked to
determine why there is no connectivity between the data centers and to resolve any issues.
To complete your task, you must resolve any configuration issues on the MDS 9000 Series
switches, then verify that the Windows 2000 server that is attached to the MDS 9216 Fabric
Switch in your pod can access the JBOD that is attached to the MDS 9506 Multilayer Director
through the PortChannel between the MDS 9000 IPS Modules.
Note There might be more than one item that must be corrected for each problem. You can
troubleshoot them in any order.
Visual Objective
The figure illustrates the configuration that you will troubleshoot in this task.
204 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
You should now have sufficient information to diagnose and correct the problems. Document
your results in the table.
Problem Solution
Activity Verification
You have completed this task when you attain these results:
The show fcns database command shows that your VSAN contains host and storage ports
from different domains (different switches).
Your Windows 2000 server can access the JBOD across the FCIP tunnel.
You can bring down one of the Gigabit Ethernet interfaces without losing connectivity
from your host to the storage targets.
Problem Statement
On Friday, you completed a basic iSCSI configuration for a production SAN for your customer.
Over the weekend, one of the customer SAN administrators came into the office and started
going through some labs from their IP storage course—on the production SAN. Now nothing
works, and the administrator has fled the country. You have been tasked with resolving the
problems.
Note There might be more than one item that must be corrected for each problem. You can
troubleshoot them in any order.
Visual Objective
The figure illustrates the configuration that you will troubleshoot in this task.
206 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Activity Procedure 1: Loading the Configuration
Complete these steps to load the Task 3 configuration files:
Step 1 Complete Task 1: Steps 1 to 3 of Activity Procedure 1: Loading the Configuration.
Step 2 Copy the starting configuration for this task to your switch running configuration.
Replace the variable x with your pod number.
If you are working on the MDS 9216 Fabric Switch, use the following
command:
# copy tftp://10.0.0.198/podx/cmse/9216-tt-3 run
If you are working on the MDS 9506 Multilayer Director, use the following
command:
# copy tftp://10.0.0.198/podx/cmse/9216-tt-3 run
Step 3 Reboot your switch after you have loaded the configuration file. Use the reload
command.
Step 4 Log in to your switch. Your prompt should look similar to the following example:
(TT3 indicates trouble ticket 3.)
MDS9216-xx(TT3)#
Step 5 Save your configuration using the copy run start command.
Problem Solution
Activity Verification
You have completed this task when you attain these results:
Both initiators have access to their configured targets, and the iSCSI initiator driver
remains in an active connection state for discovery and normal iSCSI sessions.
The output of the sh iscsi session command displays status “active” for initiator session 1
and target session 2.
208 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Task 4: Troubleshooting iSCSI High-Availability Configuration
Issues
In this task, you will resolve configuration issues with iSCSI high-availability features.
Problem Statement
Your customer chose VRRP to provide higher availability for the implementation of iSCSI.
Soon after doing so, someone tripped over a cable that was connected to one of the IPS-8
modules—and the iSCSI hosts lost access to their storage. Claiming that there is a problem
with the VRRP implementation, they call you in again to investigate the problem
Note There might be more than one item that must be corrected for each problem. You can
troubleshoot them in any order.
Visual Objective
The figure illustrates the configuration that you will troubleshoot in this task.
Note This task will require you to work closely with the other switch in your pod. You will have to
exchange information with the other people on your team.
210 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
You should now have sufficient information to diagnose and correct the problems. Document
your results in the table.
Problem Solution
Activity Verification
You have completed this task when you attain these results:
Both initiators have access to their configured targets, and the iSCSI initiator driver
remains in an “active” connection state for discovery and normal iSCSI sessions.
Failover completes successfully when the gigE2/1 port is disabled on either switch.
Failback completes successfully when the gigE2/1 port is reenabled.
Enter the username and password that you have been given and click Login.
The username will be in the form “PXX-nnnnn”, where XX is the number of the equipment pod
you will be using, and nnnnn is the event number for your lab session. The password will be a
short string of five random characters, like “jsdor”.
212 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
After You Log In
After you have entered the correct username and password, you will be presented with a
display like that shown in Figure 2.
This is the main lab interface. You will access all of the lab equipment from this interface.
Along the top of the page is a title bar that contains some useful information:
User: This shows your pod and session ID.
Pod: You will use this pod number throughout all of the labs.
Remaining Time: This shows how much time remains in your remote lab session.
214 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Connecting to Console (Command-Line) Devices
Clicking Console for a particular device brings up a console window from which you can
control a device just as if you were sitting right next to it. You have as much control over the
device as if your PC were directly attached to the device via a serial cable.
Note After you connect to a console device by clicking the Console button, you must press Enter
to see the device’s login prompt. If you do not see a green “online” indicator in the upper
right corner of the window, as shown in Figure 5, or if nothing happens when you press
Enter, you might need to clear the console line as described below.
Figure 5 shows a typical device console window. The title bar says P22 - MDS9506 This
indicates that you are on Pod 3 and connected to the console of the MDS 9216 in that pod.
Along the bottom of the console window are buttons that allow you to:
Reconnect to and disconnect from the device.
Open scratch pads and paste console copy buffer contents to them; you can use scratch
pads as a clipboard to copy and paste text from window to window.
Send a break signal to the device.
Note If the Tab key does not work for command completion in the CLI, you might need to disable
Sun Java on your local workstation or laptop. To do so, open Internet Explorer, choose
Tools > Internet Options, click the Advanced tab, uncheck Java (Sun), and click OK. If
you do not see the Java (Sun) option in Internet Explorer, click Start > Settings > Control
Panel | Java Plug-in, uncheck Enable Java Plug-in, and click Apply. Be sure to perform
these steps on your workstation or laptop, not on the remote PCs in the lab pod. Restart
your browser after disabling Sun Java.
All Windows or Solaris applications that you will use in the labs run on the remote
workstations. For example, to manage a switch in your pod using Cisco Fabric Manager, you
must first log in to one of the workstations in your lab, and then start Cisco Fabric Manager
from the remote desktop.
Passwords
Use the following passwords:
The username for the MDS 9000 Series switches is admin, and the default password is
1234qwer.
The username for the Windows 2000 servers is administrator, and the password is cisco.
The VNC password (which might be necessary to access the servers) is cisco1.
216 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
If You Get Stuck!
Rarely, a device’s console will not respond to your keystrokes (usually this happens if you have
left the console idle for an extended period). You can clear the console line to regain access to a
device by performing the following procedure.
Along the top of your pod display screen is a menu bar with a number of buttons, as shown in
Figure 7. To clear a console line or power a device on or off, first click the Device
Management button.
Clicking the Device Management button (1) brings up a Device Control window as shown in
Figure 8.
From the Device Control window you can control a device’s power, clear console lines, and
check general device status. Choose a device name, such as the MDS9216 switch (2): The right
side of the window will display the various functions you can perform on that device. You can
apply or remove power, or clear the console line (to free up a hung console session) by clicking
the Clear Console Line button (3).
Step 6 A progress window will be displayed. Do not close this window until the restore
operation is completed.
218 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Appendix A: Pod Device Names and Addresses
Table 1: mgmt0 IP Addresses MASK = 255.255.255.0
Default
10.0.1.254 10.0.2.254 10.0.3.254 10.0.4.254 10.0.5.254 10.0.6.254
gateway
Default
10.0.7.254 10.0.8.254 10.0.9.254 10.0.10.254 10.0.11.254 10.0.12.254
gateway
Default
10.0.13.254 10.0.14.254 10.0.15.254 10.0.16.254 10.0.17.254 10.0.18.254
gateway
Domain ID na na 14 15 92
MDS 9216
Port assignment na na fc1/10 fc1/6 na
Domain ID 12 13 na na 95
MDS 9506
Port assignment fc1/6 fc1/5 na na na
220 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.