DCMDS20LG

DCMDS
Configuring Cisco
MDS 9000 Series
Switches
Version 2.0
Lab Guide
Text Part Number: 97-3314-01

Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Lab Guide © 2014 Cisco and/or its affiliates. All rights reserved.
DCMDS
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
 Lab 2-1: Perform Initial Switch Setup
 Lab 2-2: Perform the Boot Process and Upgrade Switch Software
 Lab 2-3: Install Cisco Prime DCNM Release 6.2(3)
 Lab 3-1: Configure Interfaces
 Lab 3-2: Configure Port Channels
 Lab 3-3: Configure Cisco NPV and NPIV
 Lab 3-4 Configure VSANs, Domain Management, and Persistent FCIDs
 Lab 3-5: Configure Device Aliases
 Lab 3-6: Configure Zoning
 Lab 4-1: Implement Cisco DMM
 Lab 6-1: Configure RBAC and AAA Services
 Lab 6-2: Implement Fabric and Port Security
 Lab 7-1: Configure FCIP Tunnels and FCIP High Availability with Port Channels
 Lab 7-2: Implement IVR for SAN Extension
 Lab 7-3: Tune FCIP Performance
 Answer Key
 Lab Appendix
Lab 2-1: Perform Initial Switch Setup
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
In this activity, you will perform the initial switch configuration process so that the switch can
be accessed from the management network. After completing this activity, you will be able to
meet this objective:
 Complete the initial switch configuration process on the lab switches
Visual Objective
The figure illustrates the lab topology.
P1 P2
1/6 1/6
JBOD
1/7 1/7
1/8 1/8
1/9 1/9 MDS2
MDS1
10.0.x.5 10.0.x.3
1/5 1/10 1/10 1/5
P1 P2
1/5 1/5
P2 1/1 1/1 P1
host1 MDS3 MDS4

10.0.x.13 10.0.x.14 host2
E0 10.0.x.1 E0 10.0.x.2
E1 10.1.x.2 Mask 255.255.255.0 E1 10.1.x.6
Default-Gateway 10.0.x.254
© 2013 Cisco and/or its affiliates. All rights reserved. DCMDS v2.0—3
Required Resources
These are the resources and equipment required to complete this activity:
 Four Cisco MDS 9000 Series Fibre Channel switches
 Two Windows Server hosts with a Fibre Channel HBA
2 Configuring Cisco MDS 9000 Series Switches (DCMDS) v2.0 © 2013 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.
Command Description
write erase Erases the switch startup configuration.
reload Reboots the switch.
show environment temp Displays the temperature sensors.
show environment power Displays the power usage and availability.
show module Displays Cisco MDS switch modules.
show inventory Displays a list of switch components.
show hardware Displays Cisco MDS hardware components.
no boot ssi Clears the ssi boot parameter.
show run Displays the running-config.
config Changes to config terminal level.
copy run start Copies the running-config to the startup-config.
© 2013 Cisco Systems, Inc. Lab Guide 3

Task 1: Complete the Initial Switch Configuration
In this task, you will complete the initial switch configuration process.
Note If you are working in teams within a pod, Team 1 will be responsible for configuring MDS1
and MDS4. Team 2 will be responsible for configuring MDS2 and MDS3. For this task, Team
1 need only configure MDS1 and Team 2 need only configure MDS2. If you are working
alone, you will need to configure both MDS1 and MDS2. For clarity, ask your instructor
which switches will be used in this lab. The shared Cisco MDS 9710 Multilayer Directors will
be configured before the course and will not be reconfigured during the class.
Activity Procedure
Complete these steps.
Step 1 Login to your assigned Cisco MDS switch with switch login admin and password
1234QWer.
Step 2 At the switch prompt, type the following to clear the ssi image boot parameter.
switch# config
switch(config)# no boot ssi
switch(config)# exit
switch# copy run start
Note The next lab will explain setting and clearing boot parameters and installing and activating
the ssi image.
Step 3 At the switch# prompt, clear the current startup configuration by typing the
following:
switch # write erase
The following message is displayed:

Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? [y/n] [n]
Type y to proceed and then press <Enter>.

Step 4 Reboot the switch.
switch # reload
This command will reboot the system. (y/n)?
Type y to proceed and then press <Enter>.

Step 5 After the switch reboots (which takes 2 to 3 minutes), the switch will automatically
launch the setup process. Answer the questions according to the following example,
replacing your pod number where appropriate.
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no)[y]: <Enter>
Enter the password for "admin": 1234QWer

Confirm the password for "admin": 1234QWer
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of the
system. Setup configures only enough connectivity for management of the
system.
Please register Cisco MDS 9000 Family devices promptly with your supplier.
Failure to register may affect response times for initial service calls. MDS
devices must be registered to receive entitled support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no):y
Create another login account (yes/no) [n]: <Enter>
Configure read-only SNMP community string (yes/no) [n]: <Enter>
Configure read-write SNMP community string (yes/no) [n]: <Enter>
Enter the switch name : PxMDSy (where x is your pod number and y is the
switch number; for example: P10MDS1 or P10MDS2)
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:

<Enter>
Mgmt0 IPv4 address : 10.0.x.N (where x is your pod number and N is 5 for MDS1,
3 for MDS2, 13 for MDS3, and 14 for MDS4. See Visual Objective.)
Mgmt0 IPv4 netmask : 255.255.255.0
Configure the default gateway? (yes/no) [y]:
IPv4 address of the default gateway : 10.0.x.254
Configure advanced IP options? (yes/no) [n]: <Enter>

Enable the ssh service? (yes/no) [y]: <Enter>
Type of ssh key you would like to generate (dsa/rsa) [rsa]: <Enter>
Number of rsa key bits <1024-2048> [1024]: <Enter>
Tip Telnet service is not typically enabled, but during the training class, Telnet service allows the
instructor access to your switches.
Enable the telnet service? (yes/no) [n]: <Yes>
Note Slow Drain Device Detection and Congestion Avoidance is automatically enabled.
Configuration of the congestion/no_credit settings can be modified in the initial setup. For
now, choose the defaults for the initial setup.
Configure congestion/no_credit drop for fc interfaces? (yes/no) [q/quit]

to quit [y]: <Enter>
Note Choose which type of drop to configure, congestion or no_credit. The default is
congestion.
Enter the type of drop to configure congestion/no_credit drop? (con/no) [c]:

<Enter>
Note The default stuck frame timeout value is 500 ms. Cisco recommends that you retain the
default configuration for ISLs and configure a value not exceeding 500 ms (100 to 200 ms)
for F Ports. The default is 500 ms.
Enter number of milliseconds for congestion/no_credit drop[100 - 1000] or

[d/default] for default:d
Caution Choose the port mode for the type of drop. The default is F.

Enter mode for congestion/no_credit drop[E/F]: <Enter>
Enable the http-server? (yes/no) [y]: <Enter>
Configure clock? (yes/no) [n]: <Enter>
Configure timezone? (yes/no) [n]: <Enter>
Configure summertime? (yes/no) [n]: <Enter>
Configure the ntp server? (yes/no) [n]: <Enter>
Configure default switchport interface state (shut/noshut) [shut]: <Enter>
Configure default switchport trunk mode (on/off/auto) [on]: <Enter>
Configure default switchport port mode F (yes/no) [n]: <Enter>
Configure default zone policy (permit/deny) [deny]: <Enter>
Enable full zoneset distribution (yes/no) [n]: <Enter>
Configure default zone mode (basic/enhanced) [basic]: <Enter>
Step 6 A summary of the configuration will be displayed.
The following configuration will be applied:
password strength-check
switchname P7MDS1
interface mgmt0
ip address 10.0.7.5 255.255.255.0
no shutdown
ip default-gateway 10.0.7.254
ssh key rsa 1024 force
feature ssh
feature telnet
system timeout congestion-drop default mode F
feature http-server
system default switchport shutdown
system default switchport trunk mode on
no system default zone default-zone permit
no system default zone distribute full
no system default zone mode enhanced
Would you like to edit the configuration? (yes/no) [n]:

Use this configuration and save it? (yes/no) [y]:
[########################################] 100%
Copy complete, now saving to disk (please wait)...
Activity Verification
Complete the following steps on both switches in your pod to verify your results. If working
alone, complete on all switches:
Step 1 Login to the console using the username admin and the password 1234QWer.
Step 2 Ping the TFTP server and confirm that five packets were received without error.
PxMDS1# ping 10.0.0.198
PING 10.0.0.198 (10.0.0.198) 56(84) bytes of data.
64 bytes from 10.0.0.198: icmp_seq=1 ttl=127 time=0.466 ms
Step 3 Display the initial running-configuration on the Cisco MDS 9222i Multiservice
Modular Switch.
PxMDS1# show run
!Command: show running-config

!Time: Thu Sep 5 15:43:39 2013
version 6.2(1)
role name default-role
description This is a system defined role and applies to all users.
rule 5 permit show feature environment
rule 4 permit show feature hardware
rule 3 permit show feature module
rule 2 permit show feature snmp
rule 1 permit show feature system
username admin password 5 $1$SwBbo3jX$m9GmL5lgbIPBzar40BmUE1 role network-
admin
ip domain-lookup
ip host P7MDS1 10.0.7.5
aaa group server radius radius
snmp-server user admin network-admin auth md5
0xa8faca6cd6e7c84926dfd49c6043288f
priv 0xa8faca6cd6e7c84926dfd49c6043288f localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
fcdomain fcid database
vsan 1 wwn 20:05:00:05:73:ae:dd:80 fcid 0x2c0000 dynamic
vsan 1 wwn 10:00:00:00:c9:74:4c:10 fcid 0x2c0001 dynamic
vsan 1 wwn 10:00:00:00:c9:73:46:b6 fcid 0x2c0040 dynamic
vsan 1 wwn 20:06:00:0d:ec:72:7d:00 fcid 0x2c0100 area dynamic
vsan 1 wwn 10:00:00:0d:ec:72:7d:01 fcid 0x2c0080 dynamic
switchname P7MDS1
line console
line vty
boot kickstart bootflash:/m9200-s2ek9-kickstart-mz.6.2.1.bin
boot system bootflash:/m9200-s2ek9-mz.6.2.1.bin
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface GigabitEthernet1/1

interface mgmt0
ip address 10.0.7.5 255.255.255.0
switchport speed 100
Task 2: Examine the Cisco MDS Environment
In this task, you will use various show commands to examine the Cisco MDS environment and
discover switch capabilities.
Activity Procedure
Both teams: Complete the following steps on both switches in your pod.
Step 1 Display the Cisco MDS switch modules. Output may vary from switch to switch.
PxMDS1# show module
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ----------
1 22 4x1GE IPS, 18x1/2/4Gbps FC/Sup2 DS-X9222I-K9 active *
Mod Sw Hw World-Wide-Name(s) (WWN)

--- -------------- ------ ------------------------------------------------
1 6.2(1) 1.1 20:01:00:0d:ec:72:7d:00 to 20:12:00:0d:ec:72:7d:00
Mod MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
1 00-0d-ec-75-17-88 to 00-0d-ec-75-17-90 JAE1212BPP7
* this terminal session
Note Observe that the show module command only gives a summary of the line card modules
installed in the chassis. Module 1 is fixed on the Cisco MDS 9222i Multiservice Modular
Switch and cannot be removed.
Step 2 Display the switch inventory.

PxMDS1# show inventory
NAME: "Chassis", DESCR: "MDS 9222i "
PID: DS-C9222I-K9 , VID: V01
, SN: FOX1212GKNQ
NAME: "Slot 1", DESCR: "4x1GE IPS, 18x1/2/4Gbps FC/Sup2"

PID: DS-X9222I-K9 , VID: V01 , SN: JAE1212BPP7
NAME: "Slot 17", DESCR: "MDS 9222i Power Supply"

PID: DS-CAC-845W , VID: V01
, SN: QCS120910FJ
NAME: "Slot 18", DESCR: "MDS 9222i Power Supply"

PID: DS-CAC-845W , VID: V01
, SN: QCS120910JA
NAME: "Slot 19", DESCR: "MDS 9222i Fan Module"

PID: DS-2SLOT-FAN , VID: V500
, SN: DCH12032731
Note How does the information differ from the show module command? Notice that each
component is allocated a slot, even the power supplies and fan modules.
Step 3 Display the Cisco MDS hardware components.

PxMDS1# show hardware
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents:
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.0.19
loader: version N/A
kickstart: version 6.2(1)
system: version 6.2(1)
BIOS compile time: 02/01/10
kickstart image file is: bootflash:///m9200-s2ek9-kickstart-mz.6.2.1.bin
kickstart compile time: 12/25/2020 12:00:00 [04/10/2013 13:45:55]
system image file is: bootflash:///m9200-s2ek9-mz.6.2.1.bin
system compile time: 2/21/2013 10:00:00 [04/10/2013 18:15:21]
Hardware
cisco MDS 9222i ("4x1GE IPS, 18x1/2/4Gbps FC/Sup2")
Motorola, e500v2 with 1036300 kB of memory.
Processor Board ID JAE1212BPPN
Device name: P7MDS1

bootflash: 1000440 kB
Kernel uptime is 0 day(s), 0 hour(s), 33 minute(s), 0 second(s)
Last reset at 373936 usecs after Thu Sep 5 15:33:26 2013
Reason: Reset Requested by CLI command reload

System version: 6.2(1)
Service:
--------------------------------
Switch hardware ID information
--------------------------------
Switch is booted up
Switch type is : MDS 9222i
Model number is DS-C9222I-K9
H/W version is 1.0
Part Number is 73-11019-01
Part Revision is A1
Manufacture Date is Year 12 Week 12
Serial number is FOX1212GCEH
CLEI code is COM9310ARA
--------------------------------
Chassis has 2 Module slots
--------------------------------
Module1 ok
Module type is : 4x1GE IPS, 18x1/2/4Gbps FC/Sup2
0 submodules are present
Model number is DS-X9222I-K9
H/W version is 1.1
Part Revision is B0
Serial number is JAE1212BPPN
CLEI code is COUIAMCCAA
Module2 empty
---------------------------------------
Chassis has 2 PowerSupply Slots
---------------------------------------
PS1 ok
Power supply type is: 800.10W 110v AC
Model number is DS-CAC-845W
H/W version is 1.2
Part Revision is B0
Serial number is QCS120910RJ
CLEI code is CNUPAA8AAA
PS2 ok
Power supply type is: 800.10W 110v AC
Model number is DS-CAC-845W
H/W version is 1.2
Part Revision is B0 Manufacture Date is Year 12 Week 9
Serial number is QCS120910JA
CLEI code is CNUPAA8AAA
----------------------------------
Chassis has 1 Fan slots
----------------------------------
Fan1 ok
Model number is DS-2SLOT-FAN
H/W version is 4.0
Part Revision is B0
Serial number is DCH12050286
CLEI code is CNUQABBAAC
-----------------------------------------
Chassis has 1 Interface slot
-----------------------------------------
Interface module ok
Model number is DS-X9222-MGT
H/W version is 1.0
Part Revision is A0
Serial number is JAE12088T29
CLEI code is 0
Note Observe that the show hardware command provides more detailed information on each of
the modules on the switch, including part numbers and hardware versions.
Step 4 Display the switch temperature status.

PxMDS1# show env temp
Temperature:
--------------------------------------------------------------------
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
--------------------------------------------------------------------
1 Outlet1 75 60 39 Ok
1 Outlet2 75 65 46 Ok
1 Intake1 65 50 28 Ok
Step 5 Notice the results from the temperature settings. What is the temperature difference
between the intake sensor and the outlet sensor on each of the modules?
________________________

Step 6 Show the switch power status.
PxMDS1# show env power
Power Supply:
Voltage: 42 Volts
-----------------------------------------------------
PS Model Power Power Status
(Watts) (Amp)
-----------------------------------------------------
1 DS-CAC-845W 800.10 19.05 Ok
2 DS-CAC-845W 800.10 19.05 Ok
Mod Model Power Power Power Power Status

Requested Requested Allocated Allocated
(Watts) (Amp) (Watts) (Amp)
--- ------------------- ------- ---------- --------- ---------- --------
1 DS-X9222I-K9 209.16 4.98 209.16 4.98 Powered-Up
fan1 DS-2SLOT-FAN 47.88 1.14 47.88 1.14 Powered-Up
Power Usage Summary:

--------------------
Power Supply redundancy mode: Redundant
Power Supply redundancy operational mode: Redundant
Total Power Capacity 800.10 W
Power reserved for Supervisor(s) 209.16 W

Power reserved for Fan Module(s) 47.88 W
Power currently used by Modules 0.00 W
-------------
Total Power Available 543.06 W
-------------
Note Notice the results from the switch power status. Most Cisco MDS switches and directors
support two power supplies that can be configured in either combined mode or redundant
mode. Note that even in redundant mode, there is still plenty of spare capacity on a fully
loaded switch.
You have completed this task when you attain this result:
 You completed the initial switch configuration process on the lab switches
Lab 2-2: Perform the Boot Process and Upgrade
Switch Software
Activity Objective
In this activity, you will troubleshoot incompatible software versions and learn to recover from
missing software images. After completing this activity, you will be able to meet these
objectives:
 Troubleshoot incompatible software versions
 Recover a hung switch from the loader prompt
 Upgrade switch software
Visual Objective
The figure illustrates what you will accomplish in this activity.
SMTP TFTP Server

http://10.0.0.198
Management VLAN
10.0.x.5 10.0.x.3
mgmt0 mgmt0
MDS1 MDS2
Required Resources
 Two Cisco MDS 9000 Series Fibre Channel switches
 Access to a TFTP server

Command List
The table describes the commands used in this activity.
Command Description
config Enters configuration mode.
Displays the version of system software that

show version is currently running on the switch.
show boot Displays the boot variables.
dir bootflash: Lists the files in the bootflash: directory.
copy tftp://tftp server Copies the specified file from a TFTP server
ip_addr/path/image filename
to the bootflash: directory.
bootflash:generic filename:
delete bootflash:file Deletes the specified file from bootflash.
show install all impact system file Displays the software compatibility matrix of
kick file a specific system image.
install all system system generic

Upgrades the system using the specified
filename kickstart kickstart generic system and kickstart image files.
filename
no boot system Clears the current system variable.
no boot kickstart Clears the current kickstart variable.
Assigns the specified image file to the system

boot system bootflash:system file variable to be used at the next reboot.
Assigns the specified image file to the

boot kick bootflash:kickstart file kickstart variable to be used at the next
reboot.
Copies the running configuration to the

copy run start startup configuration.
reload Reboots the system.
Manually bootstraps the switch from a TFTP

boot tftp:/10.0.0.198/kickstart server.
load system file Manually loads the SAN-OS image.
Task 1: Troubleshoot Software Version Conflicts
In this task, you will display the current boot variables, verify which image files are resident on
the bootflash: filesystem, and troubleshoot incompatible software versions.
Note If you are working in teams within a pod, Team 1 will configure MDS1 and Team 2 will
configure MDS2. If you are working alone, you will configure MDS1.
Activity Procedure
Complete the following steps on your respective Cisco MDS switch.
Step 1 Login to the switch using the username admin and the password 1234QWer.
Step 2 Both teams need to display the contents of bootflash, the current boot variables, and
the current running version.
Tip Use tab completion when invoking dir bootflash. For example, dir b<Tab> will autocomplete
as dir bootflash:.
PxMDS1# dir bootflash:

Nov 10 05:10:54 2009 MDS20091030160605021.lic
Nov 10 05:11:13 2009 MDS20091030161215690.lic
Nov 10 05:11:32 2009 MDS20091030161249316.lic
Apr 25 20:03:54 2012 cpu_logfile
Apr 13 03:22:29 2013 lost+found/
Feb 18 07:11:36 2013 m9200-s2ek9-kickstart-mz.5.2.6.bin
Jul 31 23:05:16 2013 m9200-s2ek9-kickstart-mz.6.2.1.bin
Aug 22 19:31:02 2012 m9200-s2ek9-mz.5.2.6.bin
Jul 31 22:46:54 2013 m9200-s2ek9-mz.6.2.1.bin
Sep 05 15:35:16 2013 mts.log
-* Some filesystem space might be used for internal purposes. *
Usage for bootflash://sup-local

299102208 bytes used
376483840 bytes free
675586048 bytes total
Note Actual file contents may vary.
PxMDS1# show boot

Current Boot Variables:
kickstart variable = bootflash:/m9200-s2ek9-kickstart-mz.6.2.1.bin

system variable = bootflash:/m9200-s2ek9-mz.6.2.1.bin
No module boot variable set
Boot Variables on next reload:

Note Actual boot variables may vary. The kickstart and system boot variables may point to other
versions of the files or the module boot (ssi) variable may be set.

PxMDS1# show version
Documents:
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: version N/A
kickstart image file is: bootflash:///m9200-s2ek9-kickstart-mz.6.2.1.bin
system image file is: bootflash:///m9200-s2ek9-mz.6.2.1.bin
Hardware
cisco MDS 9222i ("4x1GE IPS, 18x1/2/4Gbps FC/Sup2")
Motorola, e500v2 with 1036300 kB of memory.
Processor Board ID JAE1212BPPN
Device name: P7MDS1

bootflash: 1000440 kB
System version: 6.2(1)

Service:
. . .
Note Actual image filenames may vary in different lab topologies.
Step 3 Verify that you can ping the TFTP server.

PxMDS1# ping 10.0.0.198
In the following steps both teams will copy older kickstart image files using TFTP, verify the
bootflash: contents, and invoke the show install all impact command to determine an upgrade
result using different image versions.
Note Use the following image file name to copy unless the instructor specifies a different image
name to copy. Request instructor assistance if you get error messages indicating a lack of
space on the bootflash:. If this file already exists in bootflash: enter yes to copy over the
existing file.
PxMDS1# copy tftp://10.0.0.198/m9200-kick-1.3.4b.bin bootflash:
Note If prompted that a file with that name already exists, continue to overwrite the existing file.
Step 4 Display the images resident on bootflash:.

Nov 10 05:10:54 2009 MDS20091030160605021.lic
Nov 10 05:11:13 2009 MDS20091030161215690.lic
Nov 10 05:11:32 2009 MDS20091030161249316.lic
Apr 25 20:03:54 2012 cpu_logfile
Apr 13 03:22:29 2013 lost+found/
Sep 05 16:51:26 2013 m9200-kick-1.3.4b.bin
Aug 22 19:31:02 2012 m9200-s2ek9-mz.5.2.6.bin
Jul 31 22:46:54 2013 m9200-s2ek9-mz.6.2.1.bin
Sep 05 15:35:16 2013 mts.log
-* Some filesystem space might be used for internal purposes. *
Usage for bootflash://sup-local

Step 5 Invoke the show install all impact command to view the effect of installing the
older kickstart with the current system image.
PxMDS1# show install all impact kick bootflash:m9200-kick-1.3.4b.bin
Installer will perform impact only check. Please wait.
Verifying image bootflash:/m9200-kick-1.3.4b.bin for boot variable
"kickstart".
[# ] 0% -- FAIL.
Return code 0x4045001E (mismatch between actual image type and boot variable).
Pre-upgrade check failed. Return code 0x40930011 (Image verification failed).
Note The error indicates a version mismatch.
Step 6 Display the results from setting an incompatible kickstart boot variable.
PxMDS1# config
PxMDS1(config)# boot kickstart bootflash:m9200-kick-1.3.4b.bin
Performing image verification and compatibility check, please wait....
Failed to configure bootvar kickstart for sup-1: mismatch between actual image
type and boot variable (0x4045001E)
Step 7 Verify that the kickstart boot variable was not reconfigured and still matches the
system boot variable.
PxMDS1(config)# end
PxMDS1# show boot
kickstart variable = bootflash:/m9200-s2ek9-kickstart-mz.6.2.1.bin system
variable = bootflash:/m9200-s2ek9-mz.6.2.1.bin
kickstart variable = bootflash:/m9200-s2ek9-kickstart-mz.6.2.1.binsystem

variable = bootflash:/m9200-s2ek9-mz.6.2.1.bin

Task 2: Troubleshoot the Boot Process
In this task, each team will delete the boot variables and reload the switch, causing the switch to
hang at the loader> prompt. Each team will troubleshoot booting the switch using the ability to
bootstrap the Cisco MDS with a kickstart image that resides on the TFTP server.
Activity Procedure
Each team will perform these steps from the console on your respective switch:
Step 1 Display the current boot variables and the command syntax in the running-config.
PxMDS1# show run | include boot
boot kickstart bootflash:/ m9200-s2ek9-kickstart-mz.6.2.1.bin
boot system bootflash:/ m9200-s2ek9-mz.6.2.1.bin
Step 2 Delete the current boot variables and verify the results.
PxMDS1# config
PxMDS1(config)# no boot kickstart
PxMDS1(config)# no boot system
PxMDS1(config)# exit
PxMDS1# show boot
kickstart variable not set

system variable not set

Step 3 Save the boot variable configuration.
PxMDS1# copy run start
[########################################] 100%
Step 4 Verify that the display says boot variables on next reload are not set.
PxMDS1# show boot


Step 5 Reboot the switch.
PxMDS1# reload
This command will reboot the system. (y/n)? [n] y
unmounting filesystems...
. . . <output truncated> . . .
loader>
Note An empty kickstart boot variable, or failure to detect the kickstart file will cause the boot
sequence to halt at the loader> prompt.
Step 6 At the loader> prompt, invoke help (?) to display command options.
loader> ?
? Print command list
boot Boot image
date get/set/reset date & time
diag Enable/disable POST diagnostics
dir List Directory
help Print command list or specific command usage
network Set network communication settings
reload Reboot the board.
serial Set serial console settings
show Show loader configuration
Step 7 At the loader> prompt, invoke help (?) to display show command options.
loader> show ?
show - Show loader configuration
Usage: show {net|serial|diag|post|sprom}
show net: show network communication settings
show serial: show serial console settings
show diag: show POST diagnostics settings
show post: show POST code
show sprom: show useful fields from board's SPROM
Step 8 The network command is used to configure the network settings. Display network
command options.
loader> network <Enter> or ?
network - Set network communication settings
Usage: network { [inet4] [--ip=<ip-address(IP Address Format)>]
[--nm=<netmask(IP Address Format)>]
[--gw=<gateway(IP Address Format)>] }
{ inet6 [--ip=<ipv6-address/prefix-length> ]
[--gw=<ipv6-address> ] }
Step 9 To emulate a circumstance where a hung switch has incorrect network settings (or
no settings), each team will configure IPv4 addressing and gateway. You will use
your existing mgmt0 IP address, mask, and default gateway values, and display the
results.
loader> network inet4 -ip=10.0.x.y -nm=255.255.255.0 –gw=10.0.x.254
loader> show net
----------------- Network Settings ------------------
Current INET = AF_INET4
IPV4 ADDRESS = 10.0.7.5
IPV4 NETMASK = 255.255.255.0
IPV4 GATEWAY = 10.0.7.254
IPV6 ADDRESS = 0000:0000:0000:0000:0000:0000:0000:0000 / 0
IPV6 GATEWAY = 0000:0000:0000:0000:0000:0000:0000:0000
MAC ADDRESS = 00:0d:ec:75:19:10
Step 10 Display the contents of the bootflash: file system.
loader> dir bootflash:
bootflash:
49152 lost+found/
25 cpu_logfile
20676608 m9200-s2ek9-kickstart-mz.5.2.6.bin
102361 mts.log
101471413 m9200-s2ek9-mz.5.2.6.bin
12125696 m9200-kick-1.3.4b.bin
1104 MDS20091030160605021.lic
290 MDS20091030161215690.lic
309 MDS20091030161249316.lic
104746404 m9200-s2ek9-mz.6.2.1.bin
20637696 m9200-s2ek9-kickstart-mz.6.2.1.bin
loader>
Note The results will vary based on the different files saved to bootflash.

Step 11 This step will emulate a circumstance where the switch has a corrupt or missing
kickstart file. Each team will bypass the files in the bootflash: directory and
bootstrap the switch from a TFTP server.
loader> boot tftp://10.0.0.198/m9200-s2ek9-kickstart-mz.6.2.1.bin
INFO: Using IPv4 domain for downloading.
Note The boot sequence should now halt at the switch(boot)# prompt.
Step 12 Invoke help (?) at the switch(boot)# prompt.

switch(boot)# ?
Exec commands:
clear Reset functions
config Enter configuration mode
copy Copy from one file to another
delete Delete a file or directory
dir Directory listing for files
exit Exit from the EXEC
find Find a file below the current directory
format Format disks
init Initialize internal disk
load Load system image
mkdir Create new directory
move Move files
no Disable debugging functions
pwd View current directory
reload Reboot this supervisor module
rmdir Remove existing directory
root-shell Enter bash shell
show Show running system information
sleep Sleep for the specified number of seconds
ssh SSH to another system
tail Display the last part of a file
telnet Telnet to another system
terminal Set terminal line parameters
write Write current configuration
Step 13 Attempt to enter config-mode using the parsed config command, which is valid in a
normal Cisco NX-OS login.
switch(boot)# config
^
% incomplete command detected at '^' marker.
Note At the switch(boot)# prompt, invoking the config command without the terminal argument
will fail.
Step 14 Enter config-mode and invoke help (?).

switch(boot)# config t
switch(boot)(config)# ?
Configure commands:
admin-password Set password for admin
do EXEC command
end Exit from configure mode
exit Exit from configure mode
interface Select an interface to configure
ip Configure the ip parameters
no Negate a command or set its defaults
Tip The switch(boot)(config)# prompt is where admin password recovery is performed.
Step 15 Exit config-mode and invoke help for the copy command.
switch(boot)(config)# exit
switch(boot)# copy ?
bootflash: Select source filesystem
ftp: Select source filesystem
scp: Select source filesystem
sftp: Select source filesystem
tftp: Select source filesystem
Note This output illustrates that, if required, you can copy the software images from TFTP (or
FTP, and so on) to bootflash: while logged-in at the switch(boot)# prompt.
Step 16 Display the contents of bootflash:.

switch(boot)# dir
. . . < output truncated > . . .
Jul 31 2013 23:05:16 m9200-s2ek9-kickstart-mz.6.2.1.bin
Aug 22 2012 19:31:02 m9200-s2ek9-mz.5.2.6.bin
Jul 31 2013 22:46:54 m9200-s2ek9-mz.6.2.1.bin
Sep 05 2013 15:35:16 mts.log
. . < output truncated > . . .
Step 17 Manually load the system image and observe the boot sequence.
switch(boot)# load m9200-s2ek9-mz.6.2.1.bin
Uncompressing system image: bootflash:/m9200-s2ek9-mz-6.2.1.bin
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Note The system will momentarily pause before the message “Uncompressing system image”
appears.
Step 18 Upon completion, login and display the current boot variables.
PxMDS1# show boot
ssi variable not set


Note The report should indicate that the boot variables are still empty. Troubleshooting the boot
process does not affect the boot variable settings.
Step 19 Display the current version.

. . .
loader: version N/A

Step 20 Manually configure the boot variables and display the results.
PxMDS1# con
PxMDS1 (config)# boot kick bootflash:m9200-s2ek9-kickstart-mz.6.2.1.bin
PxMDS1 (config)# boot sys bootflash:m9200-s2ek9-mz.6.2.1.bin
Tip Use tab completion when entering commands.
Note There will be a momentary pause after each command.
PxMDS1# show boot
kickstart variable = bootflash:/bootflash:m9200-s2ek9-kickstart-mz.6.2.1.bin

Module 1
Module 1
Step 21 Save your running-config to the startup-config.
Step 22 Display the saved results.
PxMDS1# show boot

Module 1

Module 1
Step 23 Reboot the switch with the new boot parameters.
PxMDS1#reload
Are you sure? Y/N <Y>
Task 3: Use the install all Command and Upgrade the Switch
SSI Image
Manually editing the boot parameters and reloading the switch is one way to update the switch.
An alternative and graceful way to install or update the SSI image and relative boot parameter
in one procedure call is the install all command
At various times throughout this course, you will be performing labs that require a service
module with an installed Storage Service Image file installed and activated on the switch.
Activity Procedure
Step 1 On MDS1 and MDS2, download the SSI 6.2.1 image from the TFTP server to the
bootflash: of your switch.
The image name is m9000-ek9-ssi-mz.6.2.1.bin.
PxMDS1# copy tftp://10.0.0.198/m9000-ek9-ssi-mz.6.2.1.bin bootflash:m9000-ek9-
ssi-mz.6.2.1.bin
Note Enter on one line.
Step 2 Confirm that the image is saved on the bootflash:.


Aug 16 2012 19:16:59 m9200-kick-1.3.4b.bin
Nov 03 19:36:24 2011 m9000-ek9-ssi-mz.6.2.1.bin
Aug 22 19:31:02 2012 m9200-s2ek9-mz.5.2.6.bin
Jul 31 22:46:54 2013 m9200-s2ek9-mz.6.2.1.bin
Step 3 Locate the SSI 6.2.1 image and run the install all command.
PxMDS1# install all ssi bootflash:m9000-ek9-ssi-mz.6.2.1.bin
Note This step will take a few minutes to install because the action will first verify the image and
then ask if you wish to continue. When asked, type Y to continue.
Step 4 Reboot the switch to activate the SSI image.

PxMDS1# reload
This command will reboot the system. (y/n)?
Type y to proceed.
Step 5 When the install is complete, verify that the install all command also updates the
boot parameters.
Install is in progress, please wait.
Performing runtime checks.
[####################] 100% -- SUCCESS
Setting boot variables.
[####################] 100% -- SUCCESS
Performing configuration copy.
[####################] 100%
PxMDS1#show boot


Module 1
ssi variable = modflash://1-1/m9000-ek9-ssi-mz.6.2.1.bin

Module 1
Task 4: Use the install all Command and Upgrade the Switch
Kickstart and System Software
An alternative and graceful way to upgrade the switch software and the boot variables with one
procedure call is by using the install all command.
Caution The steps for this task are demonstrated here, but do not execute the steps on your pod,
since the kickstart and system software were already upgraded via the boot variable
exercise.
Activity Procedure
Read only. Do NOT perform these steps.
Step 1 Upgrade software using the install all command.
PxMDS1# install all system bootflash:m9200-s2ek9-mz.6.2.1.bin kickstart
bootflash:m9200-s2ek9-kickstart-mz.6.2.1.bin
Step 2 Type y when asked to continue.
Note The upgrade will take 2 to 3 minutes to complete. After rebooting, you will be presented with
the login prompt. Do not log in immediately, but wait for about 5 minutes until the switch has
finished downloading the new images to each of the modules in slot 1 and slot 2. On dual
supervisor systems, you can open console windows for both active and standby supervisors
and observe the system switchover between supervisors during the install all command
process.
Complete the following steps to verify your configuration:
Step 1 When the login prompt appears, wait for the module image downloads to complete,
and then log in.
Step 2 Verify the current running software version.
. . .
Software
loader: version N/A
kickstart image file is:
bootflash:///m9200-s2ek9-kickstart-mz.6.2.1.bin
system image file is:
bootflash:///m9200-s2ek9-mz.6.2.1.bin
Step 3 Verify that the boot variables point to the correct boot files.
PxMDS1# show boot

Module 1

Module 1
Step 4 Verify that the running config has been updated by the install all command.
PxMDS1# show run

!Time: Thu Sep 14 19:13:38 2013
version 6.2(1)
…
…
…
…
do install module 1 ssi modflash://1-1/m9000-ek9-ssi-mz.6.2.1.bin
Lab 2-3: Install Cisco Prime DCNM Release 6.2(3)
As of Cisco DCNM Release 5.2, Cisco Fabric Manager and Cisco DCNM for LAN are merged
into one unified product called Cisco DCNM that can manage both LAN and SAN
environments. As of Cisco Prime DCNM Release 6.2, the name Cisco Prime DCNM-SAN
Client replaces the name Cisco Fabric Manager. Cisco Prime DCNM also contains a
component called Device Manager that you will use throughout the lab exercises.
You will use Cisco Prime DCNM Release 6.2(3) in these labs.
Cisco Prime DCNM is a management system for the Cisco Unified Fabric. Cisco Prime DCNM
consists of four components, which are the Cisco Prime DCNM Unified Web Client, Cisco
Prime DCNM-SAN Client, Cisco Prime DCNM-LAN Client, and Cisco Device Manager.
Cisco Prime DCNM enables you to provision, monitor, and troubleshoot the data center
network infrastructure.
Activity Objective
In this activity, you will install and set up Cisco Prime DCNM for SAN management. Upon
completing this exercise, you will be able to meet the following objectives:
 Launch the Cisco Prime DCNM Unified Web Client
 Launch the Cisco Prime DCNM-SAN Client
 Discover SAN devices through the Cisco Prime DCNM-SAN Client
 Launch Cisco Device Manager for use in the following labs
Visual Objective
P1 P2
1/6 1/6
JBOD
1/7 1/7
1/8 1/8
1/9 1/9 MDS2
MDS1
10.0.x.5 10.0.x.3
1/5 1/10 1/10 1/5
P1 P2
1/5 1/5
P2 1/1 1/1 P1
host1 MDS3 MDS4
10.0.x.13 10.0.x.14 host2
E0 10.0.x.1 E0 10.0.x.2
E1 10.1.x.2 E1 10.1.x.6

Required Resources
 Cisco MDS 9000 Series Fibre Channel switches
 Cisco Prime DCNM install file
Task 1: Install the Cisco DCNM Package on Your Windows
Server
In this task, you will install the Cisco Prime DCNM package on your Windows server.
Activity Procedure
Complete these steps on the server for your team.
Reference For reference, the Uninstall task is in the Lab Guide Appendix.
Step 1 Open the C:\Software\DCNM623 folder and double click the installer file called
dcnm-installer-windows.6.2.3.
Step 2 The installer prepares the files for installation.

Step 3 At the installation window, click the Next button.
Step 4 Observe the Installation Help page and then click the Next button.
Step 5 Use the default location to install the Cisco Prime DCNM application. Ensure that
the check box for Add server to an existing server federation is not checked.
Click the Next button.
Note Cisco DCNM-SAN Standalone is not supported after Cisco DCNM Release 6.1.x.
Step 6 Use the default RDBMS of Install PostgreSQL. Enter 1234QWer for the
password, and then click the Next button.

Step 7 Keep the defaults for the ports and access protocol of HTTP. Ensure that the server
address is 10.0.x.y (where x is your pod number and y is your server number). Click
the Next button.
Step 8 Click the Next button at the Partition Configuration screen.
Step 9 Click the Next button at the IP Multicast Address Configuration screen.
Step 10 Click the Next button at the Choose Archive Folder for DCNM LAN screen using
the default folder location of C:\Program Files\Cisco Systems\dcm\dcnm.

Step 11 Enter the local user admin and password 1234QWer that will be used for both
DCNM-LAN and DCNM-SAN and then click the Next button.
Step 12 Select Local as the authentication mode and then click the Next button.
Step 13 Create a shortcut on the desktop for Cisco Prime DCNM by selecting the target On
the Desktop and then click the Next button.
Step 14 Observe the summary screen. See that both DCNM LAN and SAN are installed, as
are other components such as Java and Perl. Make sure the server address is 10.0.x.y
(where x is your pod number, and y is your server number). This is the address used
by the Cisco Prime DCNM Software on your pod Windows 2003 Server. By default,
the Cisco DCNM server accepts connections from Cisco DCNM clients on TCP port
1099. Click the Next button.

Step 15 Observe the installation process. This may take a few minutes to complete.
Step 16 After installation has completed, you are prompted to start the DCNM LAN and
SAN services. Ensure the check box for Start DCNM LAN and SAN Services is
checked before continuing and then click the Next button.
Step 17 In the next screen, you should see a message stating that the DCNM-LAN Server,
DCNM-LAN Client Webstart, DCNM-SAN, JBoss, and Java components have been
successfully installed. You should also see the DCNM Instance ID.

Step 18 Click the Done button to finish. The Cisco DCNM Instance ID number is used if
you plan to order licenses for Cisco DCNM-LAN. In that case, record the ID
number. The licensing process requires you to enter the ID number to obtain
licensing.
Step 19 To verify, right-click the server icon on your desktop. Select Manage from the pop-
up menu. Then click Services under Services and Applications. Observe that the
Cisco DCNM LAN and SAN services have started.
Step 20 On the Windows desktop of your pod server, you should now see several shortcuts
that have been created as part of the installation process.
These shortcut icons include Start DCNM Servers, Stop DCNM Servers, Uninstall Servers,
Cisco Device Manager, and DCNM SAN Client.
The Cisco DCNM-SAN Server component must be started before running Cisco DCNM. On a
Windows PC, Cisco DCNM-SAN Server is installed as a service. This service can then be
administered using the Windows Services in the control panel. Cisco DCNM-SAN Server is
responsible for discovery of the physical and logical fabric and for listening for SNMP traps,
syslog messages, and Performance Manager threshold events.
The Cisco DCNM-SAN Client displays a map of your network fabrics, including Cisco MDS
9000 Series switches, third-party switches, hosts, and storage devices. The Cisco DCNM-SAN
Client provides multiple menus for accessing the features of the Cisco DCNM-SAN Server.
Cisco Device Manager displays a graphic representation of the switch configuration and
provides access to statistics and configuration information.
The Cisco DCNM-LAN Client displays a map of discovered Ethernet networks. The Cisco
DCNM-LAN client provides provisioning and monitoring of Ethernet interfaces for the
Ethernet switches. The client allows you to configure complex features such as vPC, VDC, and
Cisco FabricPath and provides the topology representation of vPC, port channel, VLAN
mappings, and Cisco FabricPath.
In a single-server environment, the primary Cisco DCNM server is the one server system that
runs the Cisco DCNM server software.

Task 2: Launch the Cisco Prime DCNM Unified Web Client
In this task, you will launch the Cisco Prime DCNM Unified Web Client on your Windows
Server.
Activity Procedure
Step 1 In a web browser on your student desktop, type the IP address of the server with the
DCNM database. Team 1: Type 10.0.x.1. Team 2: Type 10.0.x.2. Insert your pod
number for x.
Step 2 In the login dialog, authenticate to Cisco Prime DCNM with username admin and
password 1234QWer. Click the Log In button.
Step 3 Licenses have already been installed and assigned. Click DCNM-SAN in the
navigation bar to launch the DCNM-SAN client from inside the Unified Web Client.
Note If prompted to choose between multiple Java Web Start Launchers, perform the next four
steps. Otherwise, skip the next four steps and continue with the DCNM Server login
authentication screen.
Step 4 If prompted regarding the Java Web Start Launcher, choose Other from the Open
with drop-down menu. This allows you to choose the appropriate and tested version
of Java.

Step 5 In the Choose Helper Application dialog, click the Browse button to choose the
correct Java version and file to launch Cisco Prime DCNM.
Step 6 Browse to C:/Program Files/Java/jre6/bin/javaws.exe and then click the Open

button.
Step 7 Finally, click the OK button to open with the selected Java(TM) Web Start
Launcher.
Step 8 Type username admin and password 1234QWer to authenticate to the Cisco Prime
DCNM-SAN Server and then click the Login button.
Step 9 When the control panel opens, select the Fabrics tab and then click the Discover
button to discover a fabric.

Step 10 At the Discover screen, enter the IP address of the Seed Switch, 10.0.x.5 (where x is
your pod number). Enter username admin and password 1234QWer and then click
the Discover button.
Step 11 At the control panel, check the Select check box, and then click the Open button to
display your fabric information.
Step 12 Take a few moments to look at your discovered fabric in the DCNM-SAN Client.
Note the following in the figure.
Item Description
1 Menu bar: Provides access to options that are organized by menus.
2 Toolbar: Provides icons for direct access to the most commonly used options on the File, Tools,
and Help menus.
3 Information pane: Displays information about whatever option is selected in the menu tree.
4 Fabric pane: Displays a map of the network fabric, including switches, hosts, and storage. This
pane also provides tabs for displaying log and event data.
5 Tabbed row: Displays a tab for each discovered fabric.
6 Physical Attributes pane: Displays a tree of available configuration tasks depending on the
fabric, VSAN, or zone selected previously. Lists the switches and end devices in the logical
selection.
7 Logical Domains pane: Displays a tree of configured SAN, fabrics, VSANs, and zones, and
provides access to user-defined groups. The label next to the segmented VSAN indicates the
number of segments.
Step 13 In the Logical Domains pane, click the plus sign (+) next to the fabric listed to
expand and show the logical VSANs within the discovered fabric.
Step 14 In the Physical Attributes pane, click the plus sign (+) next to switches to display
the physical switches in the discovered fabric.
Note Later you will notice that selecting a particular VSAN in the Logical Domains pane will affect
the appearance of the fabric pane. Switches in the fabric pane containing the selected
VSAN will be bold. Switches that do not contain the selected VSAN will be dim.

Step 15 To close, click File on the menu bar and then click Exit.
Task 3: Launch the Cisco DCNM-SAN Client from the Desktop
In this task, you will launch the DCNM-SAN Client from the icon on your desktop.
Activity Procedure
Step 1 Click the DCNM-SAN Client icon on your designated Windows server in your pod.
Step 2 Enter the IP address for your DCNM server. Team 1: On Server 1, enter 10.0.x.1.
Team 2: On Server 2, enter 10.0.x.2. Enter your pod number for x.
Step 3 Enter the credentials for your DCNM Server as specified during the install,
username admin and password 1234QWer and then click the Login button.
Note Check for the correct DCNM Server IP address. IP addresses in the screenshots may differ
from what you should enter.

Step 4 In the Discover dialog, enter your switch IP address in the Seed Switch field. Team
1: Enter 10.0.x.5 (for MDS1). Team 2: Enter 10.0.x.3 (for MDS2). Enter your pod
number for x. Configure the following settings and then click the Discover button.
Note Depending on your pod and server, IP addresses in screen shots may vary from what you
will enter. A seed switch is used to open and access the fabric that you are entitled to
access.
 Use SNMPv3: check

 Auth-Privacy: MD5
 User Name: admin
 Password: 1234QWer
Step 5 Click the OK button in the discovered fabric message.
Step 6 Before opening the fabric, click the License Files tab. Notice the Add License File
button and Reload License Files buttons.
Note In order to use Cisco DCNM advanced features on a switch, or to manage multiple fabrics at
the same time from one Cisco DCNM Server, a license file is required. This screen is where
you would click to initially add or reload a license file on the server.
Step 7 Click the License Assignments tab.
Note Note that the license previously installed on the switch has been grandfathered in and now
is listed with the Licensed State of Permanent.

Step 8 In the Control Panel dialog, click the Open tab. Check the Select check box and
then click the Open button.
Note The Cisco DCNM-SAN graphical interface should appear. The graphic pane will display only
one switch.
Step 9 To set Cisco DCNM-SAN preferences, navigate to File > Preferences > General.
Check the Open New Device Manager Each Time check box and then click the
Apply button.
Note This setting allows multiple Device Manager windows to be open on the desktop at one time.

Step 10 Choose the Map tab. Check the check boxes for Expand Loops and Expand
Multiple Links. Click the OK button and then click the Apply button.
Note This setting allows individual links and devices in the Fabric window to be separated and
displayed. For example, multiple ISLs between switches will be expanded instead of
represented as one bold ISL.
Step 11 Right-click the switch icon and choose Device Manager from the pop-up menu.
Alternatively, you can double-click the switch icon. Cisco Device Manager should
appear with the Management interface on the only active port.
Step 12 If prompted to upgrade the switch running version, click the No button.
Step 13 Each window frame has a toggle auto-hide button, highlighted in the image below.
Clicking the toggle auto-hide button hides the associated window frame and docks a
link to a sidebar item. Click the toggle auto-hide button in the Logical Domains
window.

Step 14 Right-click the toggle auto-hide button (pin) on the docked side-bar item. Uncheck
the toggle auto-hide entry to return the window frame to its original position.
Note You can also click the sidebar item (which will bring up the item) and then select the toggle
auto-hide button (pin) again.
Step 15 To reset the Cisco DCNM SAN-Client window to the original defaults, choose the
View menu and then choose Reset Frame Layout To Default.
Step 16 To launch a command-line session, right-click the switch image in the graphic pane
and choose Command Line Interface from the pop-up menu and then login.
Note The GUI will either use Telnet or SSH depending on what the switch has enabled. A path is
listed for accessing SSH in the GUI File > Preferences. If SSH is not available on the server,
or the path is incorrect, you will see the following error.

Step 17 If necessary, change the path for SSH to its accurate location of
C:\Software\Putty\putty.exe.
Step 1 Relaunch a command-line session by right-clicking the switch image in the graphic
pane and choose Command Line Interface from the pop-up menu and then login.
Step 2 Login using the command line. Click the radio button for SSH and then click the
Load button to load the correct IP address.
Step 3 At the command line login prompt, enter your credentials.
Note A command line session can also be launched using Device Manager from the Device menu.
Step 4 Display the current Cisco NX-OS version. (Note that versions of code may vary.)
PXMDS1# show version | include image
kickstart image file is: bootflash:/m9200-kick-6.2.1.bin
system image file is: bootflash:/m9200-sys-6.2.1.bin
Reference The pipe (|) character functions the same as in Windows and UNIX, to send the output of the
command to another command or filter. The include filter functions the same as grep.

Step 5 To verify that the PostgreSQL Database Service is installed and operational, right-
click the Server icon (on the Desktop) and choose Manage from the pop-up menu.
Open Services and scroll down the list of names until you see PostgreSQL Database
Service.
Step 6 Close the Computer Management dialog.
Lab 3-1: Configure Interfaces
Activity Objective
In this activity, you will configure Fibre Channel interfaces. After completing this activity, you
will be able to meet these objectives:
 Configure Fibre Channel interfaces to allow attachment by node devices
 Display FLOGI and FCNS database registration
 Configure Fibre Channel interfaces to allow attachment by other switches
 Confirm common device registration information across switches
Visual Objective
P1 P2
FL_Port FL_Port
1/6 1/6
JBOD
1/7 1/7
1/8 1/8
1/9 1/9 MDS2
MDS1
10.0.x.5 10.0.x.3
TE_Port TE_Port
1/5 F_Port F_Port 1/5
P1 P2
host1 host2
Required Resources
 Two Cisco MDS 9222i Multiservice Modular Switches
 Two Windows hosts with Cisco Prime DCNM for SAN and Cisco Device Manager
installed, each with a dual Fibre Channel HBA
 One JBOD

Command List
Command Description
Enters interface configuration sub-mode

interface fcx/y-z for Fibre Channel interfaces y through z
on module x.
Configures the interface link speed

switchport speed [1000|2000|4000|auto] [1Gb|2Gb|4Gb|auto-detect].
Configures the interface as an E-port or F-

switchport mode [E|F|FL|FX|auto] port, or auto-detect.
Enables trunk mode [on] or nontrunk

switchport trunk mode [on|off] mode [off].
Configures the TE_Port to allow the

switchport trunk allowed vsan [add] X specified VSAN to traverse the link
[additional VSAN ].
Displays interface status and statistics [for

show interface [fcx/y] [brief] the indicated interface] [brief detail].
Displays the running-config for all

show run interface [vsan X] interfaces [in the specified VSAN].
show interface trunk vsan Displays the trunking status of all VSANs.
Displays the contents of the FLOGI

show flogi database database.
Displays the Fibre Channel distributed

show fcns database name server entries.
Enters interface configuration submode

interface port-channel x for port channel x.
no int port-channel # Deletes the specified port channel.
Adds the current interface to port channel

x. The force option forces a new member
channel-group x [force] to inherit the port channel interface
properties.
show port-channel database Displays the port channel database.
show int port-channel x Displays the status for port channel x.
show vsan [usage] Displays configured VSANs [in use].
Task 1: Configure FX Ports
Both teams will configure and test FX Port interfaces using the CLI and Device Manager.
You will frequently be instructed to verify results using the CLI, which provides the most
expedient and reliable mechanism to confirm that any given task was configured correctly. The
graphical tools are often the easiest and, in many cases, the fastest tools for performing certain
configuration tasks. However, these tools can experience delays updating the results, which is a
known issue with SNMP-based applications. Your primary objective is to determine which tool
you are most comfortable using for any given exercise, while learning how to quickly verify the
results from the CLI.
Activity Procedure
Complete the following steps on both switches:
Step 1 Using Device Manager or the CLI, configure ports fc1/5 to host1 and fc1/6 to JBOD
for switchport mode F. Enable the ports and verify the results.
Tip To configure multiple ports concurrently in Device Manager, hold down the CTRL key while
selecting each port, and then right-click and choose Configure.
MDS1# config
PxMDS1(config)# int fc1/5-6
PxMDS1(config-if)# switchport mode f
PxMDS1(config-if)# no shut
PxMDS1(config-if)# show int fc1/5-6 br
------------------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
-------------------------------------------------
fc1/5 1 F -- up swl F 4
fc1/6 1 F -- init swl -- --

Note Port fc1/6 is stuck at “init.” The JBOD requires loop capability (FL Port).
Step 2 Reset port fc1/6 to switchport mode FX and verify activation.

PxMDS1# sho int fc1/6 br
------------------------------------------------------------------------------
Mode (Gbps)
-------------------------------------------------
fc1/6 1 FX -- up swl FL 2
Task 2: Display the FLOGI and FCNS Databases
In this task, you will confirm common device registration information across switches within
the fabric.
Activity Procedure
Complete the following steps on all switches.
Step 1 In Device Manager, choose FC Enabled from the Interface menu.
Step 2 Select the FLOGI tab.
Step 3 View the FLOGI information for the devices that are logged in to the local switch.
Note Every node automatically performs a FLOGI to the switch after its link comes up. The node
sends a FLOGI frame that contains the pWWN of the HBA port, and the switch responds by
returning the 24-bit device FCID. The FLOGI database on each Cisco MDS switch contains
information on all end devices that are currently logged in to that switch.

Step 4 From Device Manager, choose Name Server from the FC menu to display the
FCNS database.
Note After sending an FLOGI, each device will register with the name server in the Cisco MDS
switch to which the device is connected.
Step 5 Both teams: In Device Manager, configure and enable interface fc1/7 as shown
below. If you are working alone, you will need to configure both switches.
PxMDS1# config
Enter configuration commands, one per line. End with CNTL/Z.
PxMDS1(config)# interface fc1/7
PxMDS1(config-if)# switchport rate-mode dedicated
PxMDS1(config-if)# switchport mode E
Step 6 From Device Manager, choose Name Server from the FC menu to display the
FCNS database.

Note After sending an FLOGI, each device will register with the name server in the Cisco MDS
switch to which the device is connected. This information is then distributed to all Cisco MDS
switches within the same fabric or VSAN, so that the FCNS database contains the same
information on every Cisco MDS switch.
Step 7 Compare the FCNS and FLOGI database output to determine the end device
registration for MDS1 and MDS2.
Complete the following steps on both switches to verify your configuration.
Step 1 From the CLI, display the FLOGI database.
PxMDS1# show flogi database
-----------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
--------------------------------------------------------------
Fc1/5 1 0x0b0000 10:00:00:00:c9:73:46:b6 20:00:00:00:c9:73:46:b6
fc1/6 1 0x0b01e2 21:00:00:11:c6:52:56:12 20:00:00:11:c6:52:56:12
fc1/6 1 0x0b01e4 21:00:00:11:c6:52:59:8c 20:00:00:11:c6:52:59:8c
fc1/6 1 0x0b01e8 21:00:00:11:c6:52:57:d2 20:00:00:11:c6:52:57:d2
fc1/6 1 0x0b01ef 21:00:00:11:c6:52:5b:87 20:00:00:11:c6:52:5b:87
Total number of flogi = 5.
PxMDS1# show fcns database
VSAN 1:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x0b0000 N 10:00:00:00:c9:73:46:b6 (Emulex) ipfc scsi-fcp:init
0x0b01e2 NL 21:00:00:11:c6:52:56:12 scsi-fcp:target
0x0b01e4 NL 21:00:00:11:c6:52:59:8c scsi-fcp:target
0x0b01e8 NL 21:00:00:11:c6:52:57:d2 scsi-fcp:target
0x0b01ef NL 21:00:00:11:c6:52:5b:87 scsi-fcp:target
0x160000 N 10:00:00:00:c9:74:4c:11 (Emulex) ipfc scsi-fcp:init
0x1601e2 NL 22:00:00:11:c6:52:56:12 scsi-fcp:target
0x1601e4 NL 22:00:00:11:c6:52:59:8c scsi-fcp:target
0x1601e8 NL 22:00:00:11:c6:52:57:d2 scsi-fcp:target
0x1601ef NL 22:00:00:11:c6:52:5b:87 scsi-fcp:target
Total number of entries = 10
Step 2 Save your configuration.
Task 3: Configure E Ports (ISLs)
Both teams will configure and test ISL ports using the CLI and Device Manager.
Activity Procedure
Complete the following steps on both switches.
Caution Carefully follow the lab instructions because the correct sequence is important to achieve
the desired results.
Step 1 Both teams: Configure and enable ISL ports fc1/8 with the following settings and
verify that all VSANs are trunking across each link. If you are working alone, you
will have to configure both switches.
 Mode: E
 RateMode: dedicated
 Admin: up
PxMDS1# sho interface trunk vsan

fc1/7 is trunking
Vsan 1 is up (None)
fc1/8 is trunking
Vsan 1 is up (None)

Step 2 Perform the previous step for ISL fc1/9 and observe the result.
Step 3 Both teams: Enter the show port-resources command to see the allocation for
dedicated and shared bandwidth.
PxMDS1# show port-resources module 1
Module 1
Available dedicated buffers are 2877
Port-Group 1
Total bandwidth is 12.8 Gbps
Total shared bandwidth is 4.8 Gbps
Allocated dedicated bandwidth is 8.0 Gbps
--------------------------------------------------------------------
Interfaces in the Port-Group B2B Credit Bandwidth Rate Mode
Buffers (Gbps)
--------------------------------------------------------------------
fc1/1 16 4.0 shared
fc1/2 16 4.0 shared
fc1/3 16 4.0 shared
fc1/4 16 4.0 shared
fc1/5 16 4.0 shared
fc1/6 16 4.0 shared
Port-Group 2
Total bandwidth is 12.8 Gbps
Total shared bandwidth is 4.8 Gbps
Allocated dedicated bandwidth is 8.0 Gbps
--------------------------------------------------------------------
Interfaces in the Port-Group B2B Credit Bandwidth Rate Mode
Buffers (Gbps)
--------------------------------------------------------------------
fc1/7 250 4.0 dedicated
fc1/8 250 4.0 dedicated
fc1/9 16 4.0 shared
fc1/10 16 4.0 shared
…
Output truncated
Note On the Cisco MDS 9222i Multiservice Modular Switches, the three ISLs are in the same port
group and cannot be configured to auto-detect the maximum port speed of 4 Gbps.
Step 4 Both teams: Configure ISL port fc1/9 with the following settings and verify the
results:
 Mode: E
 Speed: 1 Gbps
 Admin: up
Step 5 Save and verify your configuration in the CLI window.

PxMDS1# show interface fc1/7-9 brief
------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper
Mode Trunk Mode Speed
Mode (Gbps)
------------------------------------------------------------
fc1/7 1 E on trunking swl TE 4
PxMDS1# sho run int fc1/7-9
interface fc1/7
switchport rate-mode dedicated
switchport mode E
no shutdown
interface fc1/8
switchport mode E
no shutdown
interface fc1/9

switchport mode E
no shutdown
PxMDS1# sho int trun vsan

fc1/7 is trunking
Vsan 1 is up (None)
fc1/8 is trunking
Vsan 1 is up (None)
fc1/9 is trunking
Vsan 1 is up (None)
Note The following steps demonstrate ISL behavior with mismatched port parameters.
Step 6 Configure the following port settings on each ISL (fc1/7 to fc1/9):
 fc1/7 Speed: mds1= 1 Gb, mds2= 2 Gb
 fc1/8 Buffer-to-buffer credits: mds1= 100, mds2= 16
 fc1/9 Receive-buffer size: mds1= 1000, mds2= 2112
Step 7 Verify the results.
PxMDS1# sho int fc1/7

fc1/7 is down (Link failure or not-connected)

fc1/8 is trunking

fc1/9 is down (Isolation due to ELP failure: class F param error)
Step 8 Display settings for all ISLs in the running-config.

interface fc1/7
no shutdown
switchport mode E
interface fc1/8
no shutdown
switchport fcrxbbcredit 100
switchport mode E
interface fc1/9
no shutdown
switchport fcrxbufsize 1000
switchport mode E

interface fc1/7
no shutdown
switchport mode E
interface fc1/8
no shutdown
switchport fcrxbbcredit 16
switchport mode E
interface fc1/9
no shutdown
switchport mode E
Note The fcrxbufsize (receive buffer size) must match between ISLs. The default is 2112. A
missing fcrxbufsize parameter in the running-config for any given port indicates that the port
is using the default. In this example, all ports except mds1 fc1/9 have a default of 2112.
Step 9 Both teams: Reset all parameters on both core switches to defaults with speed 2000.
Verify that VSAN 1 is trunking.
PxMDS1(config-if)# swi speed 2000
PxMDS1(config-if)# swi fcrxbb default
PxMDS1(config-if)# swi fcrxbufsize 2112
PxMDS1(config-if)# end
PxMDS1# sho int trun vsa

fc1/7 is trunking
Vsan 1 is up (None)
fc1/8 is trunking
Vsan 1 is up (None)
fc1/9 is trunking
Vsan 1 is up (None)
Step 10 Save your configuration on all used switches to a TFTP server.
PxMDS1# copy running-config startup-config
PxMDS1# copy run tftp://10.0.0.198/student/yymmddPxMDS#M#Lab#Task#-your

initials

Example
The following is an example only. Use the correct pod, MDS, lab number, task number, and
initials for your situation. For example, the following would be the file name entered for John
Smith on Pod 7 MDS1, module 3, lab 3, and task 3 saved on November 9, 2013:
copy run tftp://10.0.0.198/student/131109P7MDS1M3Lab3Task3-js
yymmdd Pod# MDS# Module# Lab# Task# Initials
131109 P7 MDS1 M3 Lab3 Task3- js
Note The copy running-config startup-config command will save the current configuration from
RAM to NVRAM to be used as the boot configuration when the system is reset. Saving your
configuration to a TFTP server is a best practice. If you return to your lab later, you can
restore your last configuration from the filename that you stored on the TFTP server.
When you complete this lab, view the Answer Key at the end of this guide. Your results will be
similar to what you find in the key.
Lab 3-2: Configure Port Channels
Activity Objective
In this activity, you will configure and manage port channels. After completing this activity,
you will be able to meet these objectives:
 Create VSANs for port channels with Cisco MDS 9710 Multilayer Director
 Configure port channels with Cisco MDS 9710 Multilayer Director
 Configure port channels with MDS1 and MDS2
Visual Objective
To other pods
MDS 9710 To other pods
Shared 9710s
MDS9710 MDS9710
TE JBOD1 TE
Port Channel Port Channel
TE P1 P2
TE
1/1 1/2 1/6
TE TE 1/6 1/1 1/2
1/7 1/7
1/8 1/8
1/9 1/9
MDS1 MDS2
1/5 1/5
Port Channel
1/10 1/10
P1 P2
host1 host2
Required Resources
 Two MDS 9710 Multilayer Directors, two Cisco MDS 9222i Multiservice Modular
Switches, and two Cisco MDS 9148 Multilayer Fabric Switches
 Two Windows management servers with Cisco DCNM-SAN Client and Device Manager
installed and each with dual Fibre Channel HBAs
 One JBOD with at least two disks

Command List
Command Description

on module x.


Enables trunk mode [on] or non-trunk


[additional VSAN].
Displays interfaces status and statistics

show interface [fcx/y] [brief] [for the indicated interface] [brief detail].




interface port-channel X for port channel x.
no int port-channel # Deletes the specified port channel.
Adds the current interface to port channel

x. The force option forces a new member
channel-group x [force] to inherit the port channel interface
properties.
show port-channel database Displays the port channel database.
show int port-channel x Displays the status for port channel x.
show vsan [usage] Displays configured VSANs [in use].
where Shows the CLI context that you are in.
Switches on debugging for FSPF flooding

debug fspf flood VSAN x in a particular VSAN.
show port-channel compatibility- Displays the compatibility parameters for

parameters port channels.
show logging info Confirms the current logging parameters.
Logging console Enables logging to the console port.
Task 1: Create VSANs for a Port Channel with Shared Cisco
MDS 9710
Both teams will create VSANs on MDS1 and MDS2 in preparation for connecting with a
trunking port channel to the shared Cisco MDS 9710 Multilayer Directors.
The shared Cisco MDS 9710 Multilayer Director has been preconfigured with ISL TE ports in
port channels. The port channel interfaces on the Cisco MDS 9710 have been assigned to
separate VSANs to keep the student pod connections isolated and fault-resilient.
To other pods To other pods
Shared 9710s
VSAN x01 VSAN x02
MDS9710 MDS9710
VSAN x01 VSAN x02
1/1 1/2
VSAN x01 1/1 1/2
VSAN x02
Local Pod
MDS1 MDS2
Activity Procedure
Complete the following steps on the designated switches to configure VSANs for the Port
Channel interfaces:
Step 1 Team 1: On MDS1, create VSAN x01 (where x is your pod number) and add
interface fc1/1 and interface fc1/2.
Note Team 1: If you are in Pod 7, you will configure VSAN 701, Pod 11 will configure VSAN 1101,
and so on.
PxMDS1(config)# vsan database

PxMDS1(config)# vsan x01
PxMDS1(config-vsan-db)# vsan x01 interface fc1/1-2
PxMDS1(config-vsan-db)# end
Step 2 Team 2: On MDS2, create VSAN x02 (where x is your pod number) and add
interface fc1/1 and interface fc1/2.
PxMDS2(config-vsan-db)# vsan x02
PxMDS2(config-vsan-db)# vsan x02 interface fc1/1-2

Note Team 2: If you are in Pod 7, you will configure VSAN 702, Pod 11 will configure VSAN
1102, and so on.
Verify your configuration
PxMDS1# show vsan membership
vsan 1 interfaces:
fc1/3 fc1/4 fc1/5 fc1/6
fc1/7 fc1/8 fc1/9 fc1/10
fc1/11 fc1/12 fc1/13 fc1/14
fc1/15 fc1/16 fc1/17 fc1/18
vsan 701 interfaces:

fc1/1 fc1/2
vsan 4079(evfp_isolated_vsan) interfaces:
vsan 4094(isolated_vsan) interfaces:
Task 2: Configure Port Channels with Cisco MDS 9710
Multilayer Director
Both teams will create TE ports on MDS1 and MDS2 and aggregate physical ISLs into a port
channel using the CLI in order to connect with the Cisco MDS 9710 Multilayer Director. The
MDS 9710 switches are preconfigured with the port channel information.
Activity Procedure
Step 1 Both teams: Check the status of interface fc1/1-2 on MDS1 and MDS2. The
operational status should be down.
PxMDS1#show int br
fc1/1 701 FX on down swl -- -- --
fc1/2 701 FX on down swl -- -- --
fc1/3 1 FX on down swl -- -- --
…
Step 2 Both teams: Configure and enable ISL ports fc1/1-2 on the MDS 9222i switch with
the following settings. (Follow the CLI commands in order.)
 Mode: E
 Trunk Allowed VSAN: x01 or x02 (where x is your pod number)
 Description: FC Port Channel to MDS9710-A (or B) fc1/1-2
 Channel Group: channel-group x (where x is your pod number)
 Admin: up
Warning Because the MDS 9710 is preconfigured, use the CLI to enter these commands IN ORDER
on the MDS 9222i.
PxMDS1(config)# interface fc1/1-2

PxMDS1(config-if)# switchport mode e
PxMDS1(config-if)# switchport trunk allowed vsan x01 (Where x is your pod
number) (MDS2 – vsan x02)
PxMDS1(config-if)# switchport description FC Port Channel to MDS9710-A (MDS2 –
MDS9710-B)
PxMDS1(config-if)# channel-group “x” (Where x is your pod number)
Note You will receive the instruction shown below. Ignore the instruction for now since the ports
on the MDS 9710 are already in a no shutdown state.
please do the same operation on the switch at the other end of the port-
channel,then do "no shutdown" at both ends to bring it up

Step 1 Both teams: Enter the following commands to verify that the interfaces belong to
your pod number port channel. Interfaces fc1/1-2 should now be members of your
pod VSAN, with Admin Mode E, Admin Trunk Mode on, and a Status of Trunking.
PxMDS1(config-if)# sh int br
----------------------------------------------------------------------
Mode Trunk Mode Speed Chan
Mode (Gbps)
----------------------------------------------------------------------
fc1/1 701 E on trunking swl TE 4 7
PxMDS1(config-if)# show port-channel database

port-channel 7
Administrative channel mode is on
Operational channel mode is on
Last membership update succeeded
First operational port is fc1/1
2 ports in total, 2 ports up
Ports: fc1/1 [up] *
fc1/2 [up]
PxMDS1(config-if)# show port-channel summary
------------------------------------------------------------------------------
Interface Total Ports Oper Ports First Oper Port
------------------------------------------------------------------------------
port-channel 7 2 2 fc1/2
Step 2 Both teams: Launch Device Manager for your switch. (Team 1: Launch MDS1.
Team 2: Launch MDS2.) Check interface fc1/1-2. The interfaces should be enabled
as TE Ports.
Step 3 From the Interface menu, choose Port Channels to view the successful Port
Channel display.
Step 4 On your assigned host, launch Cisco DCNM-SAN Client with your host IP address
as the DCNM Server. Enter username admin and password 1234QWer.
Step 5 Use the following credentials in the Discover dialog and then click the Discover
button.
 Seed Switch: IP address of MDS 9222i (Team 1: Use MDS1. Team 2: Use
MDS2)
 User Name: admin

Step 6 Mouse over the port channel between your switch and the MDS 9710.
Step 7 Launch Device Manager using the MDS 9710 as the seed switch. (Or double click
MDS9710-A or B in the fabric pane.) Use the following credentials:
 Device Name: 10.0.0.101
 User Name: student
Step 8 The interfaces at the opposite side of your port channel should be up and trunking.
Step 9 From the Interface menu, choose Port Channels to see the port channels created by
the other students from their pods.
Note Your display may vary depending on when the other pods complete the port channel steps.

Step 10 In Device Manager, from the Physical menu, choose Inventory or Modules to see
the 16-Gb module in slot 1.
Task 3: Configure Port Channels with MDS1 and MDS2
Both teams will aggregate physical ISLs in a port channel using the CLI and the port channel
Wizard in Cisco DCNM-SAN Client.
Activity Procedure
Complete the following steps on the designated switches to configure a port channel from the
CLI.
Caution Carefully follow the lab instructions as following the correct sequence is important to achieve
the desired results.
Step 1 Both teams: Create VSAN 10, VSAN 20, and VSAN 80 on their respective MDS1
and MDS2 switches.
PxMDS1(config)vsan database
PxMDS1(config-vsan-db)vsan 10
Step 2 Both teams: Add the new VSANs to the VSAN allowed list for interface fc1/7-9 and
then verify.
PxMDS1(config-vsan-db)interface fc1/7-9
PxMDS1(config-if)switchport trunk allowed vsan 10
PxMDS1(config-if)switchport trunk allowed vsan add 20
PxMDS1(config-if)end
PxMDS1# sh int fc1/7-9 br
------------------------------------------------------------
Inter Vsan Admin Admin Status SFP Oper Oper Port
Mode (Gbps)
------------------------------------------------------------
fc1/7 1 E on trunking swl TE 2 --

fc1/7 is trunking
Vsan 10 is up (None)
fc1/8 is trunking
fc1/9 is trunking
Step 3 Both teams: Display the current RIB (FSPF database) for VSAN 10.
PxMDS1# sho fspf database vs 10
FSPF Link State Database for VSAN 10 Domain 0x0b(11)
LSR Type = 1
Advertising domain ID = 0x0b(11)
LSR Age = 205
LSR Incarnation number = 0x80000004
LSR Checksum = 0x29b2
Number of links = 3
NbrDomainId IfIndex NbrIfIndex Link Type Cost

------------------------------------------------------
0x0c(12) 0x00010006( fc1/7) 0x00010006 1 500
0x0c(12) 0x00010007( fc1/8) 0x00010007 1 500
0x0c(12) 0x00010008( fc1/9) 0x00010008 1 500
FSPF Link State Database for VSAN 10 Domain 0x0c(12)

LSR Type = 1
Advertising domain ID = 0x0c(12)
LSR Age = 211
LSR Checksum = 0xa399
Number of links = 3
--------------------------------------------------------------
0x0b(11) 0x00010007( fc1/8) 0x00010007 1 500
0x0b(11) 0x00010006( fc1/7) 0x00010006 1 500
0x0b(11) 0x00010008( fc1/9) 0x00010008 1 500
Note The Routing Information Base (RIB) contains the FSPF link-state records (LSR) for a given
VSAN. The RIB should be identical for both VSANs 10 and 20 because everything at this
point is using default calculations. FSPF is unidirectional, so there are two LSRs, one from
each switch as indicated by the advertising domain ID. Each LSR identifies three possible
routes, each with a cost-metric of 500 (indicating 2-Gb bandwidth). The LSR uses a unique
indexing scheme to identify each route. The interface is identified by the last four digits in the
IfIndex and NbrIfIndex (starting from zero). For example, 0x00010006 = fc1/7.
Step 4 Both teams: Configure port channel 1 using all three physical ISLs (fc1/7-9) and
then verify the results.
PxMDS1# config
PxMDS1(config-if)#shut
PxMDS1(config-if)# channel-group 1
fc1/7 fc1/8 fc1/9 added to port-channel 1 and disabled please do the same
operation on the switch at the other end of the port-channel, do "no shutdown"
at both ends to bring them up
PxMDS1# show port-channel dat
port-channel 1
Administrative channel mode is on
Operational channel mode is on
Ports: fc1/7 [up] *
fc1/8 [up]
fc1/9 [up]
…
Note If interfaces are still displaying as down, then use shut and no shut commands again to
bring up the port channel.
Step 5 On both switches, enter the following command to show the port channel
compatibility parameters.
PxMDS1(config)# show port-channel compatibility-parameters
Parameters that have to be consistent across all members in a port-channel.
1. physical port layer
Members must have the same interface type, such as fibre channel, ethernet or
fcip.
2. port mode
Members must have the same port mode configured, either E or AUTO. If they are
configured in AUTO port mode, they have to negotiate E mode when they come up.
If a member negotiates a different mode, it will be suspended.
3. trunk mode
Members must have the same trunk mode configured. If they are configured in
AUTO trunking mode, they have to negotiate the same trunking mode when they
come up. If a member negotiates a different mode, it will be suspended.
4. speed
Members must have the same speed configured. If they are configured in AUTO
. . .
(output removed)
Step 6 Both teams: Display the RIB for VSAN 10.
PxMDS1# sho fspf database vsa 10
FSPF Link State Database for VSAN 10 Domain 0x0b(11)
LSR Type = 1
Advertising domain ID = 0x0b(11)
LSR Age = 535
LSR Checksum = 0x98df
Number of links = 1
--------------------------------------------------------------
0x0c(12) 0x00040000(port-channel 1) 0x00040000 1 166
FSPF Link State Database for VSAN 10 Domain 0x0c(12)

LSR Type = 1
Advertising domain ID = 0x0c(12)
LSR Age = 536
LSR Checksum = 0xbcb9
Number of links = 1
NbrDomainId IfIndex NbrIfIndex Link Typ Cost
--------------------------------------------------------------
0x0b(11) 0x00040000(port-channel 1) 0x00040000 1 166 -
Note There is a single path from each switch with cost-metric 166, indicating a 6-Gbps ISL.
Step 7 Both teams: Attempt to configure VSANs 10, 20, and 80 in the trunk allowed vsan
parameter for just interface fc1/7 and observe the response.
Note MDS prohibits configuring unique parameters for individual port channel members.

Step 8 Both teams: Display the port channel interface in the running-config.
PxMDS1# sho run int port-channel 1
interface port-channel 1
switchport mode E
switchport trunk allowed vsan 10
switchport trunk allowed vsan add 20
Step 9 Display the VSAN trunking status for fc1/7-9.

PxMDS1# sho int fc1/7-9 trunk vsan
fc1/7 is trunking
Belongs to port-channel 1
fc1/8 is trunking
fc1/9 is trunking
Note Individual port channel members will inherit any port channel parameters.


initials
Example
Lab 3-3: Configure Cisco NPV and NPIV
Activity Objective
In this activity, you will configure and manage Cisco NPV and NPIV. After completing this
activity, you will be able to meet these objectives:
 Configure a Cisco NPV edge switch and NPIV core switch
 Display the FLOGI and FCNS databases
Visual Objective
MDS1 MDS2
NPIV Core NPIV Core
1/10 1/10
F F
NP NP
N F 1/5 1/5
N F
P2 1/1 1/1 P1
host1 MDS3 MDS4
NPV Edge NPV Edge host2
Required Resources
 Two Cisco MDS 9124/9148 Multilayer Fabric Switches

Command List
Command Description

on module x.


Enables trunk mode [on] or non-trunk


[additional VSAN].
Displays interfaces status and statistics

show interface [fcx/y] [brief] [for the indicated interface] [brief detail].



Enables the NPV feature on the edge

feature npv switch.
Enables the NPIV feature on the upstream

feature npiv switch.
Task 1: Configure a Cisco NPV Edge Switch and NPIV Core
Switch
In this task, you will configure the edge switch for Cisco NPV mode. Cisco NPV mode reduces
the number of Fibre Channel domain IDs in a SAN. Switches in Cisco NPV mode do not
enable Fibre Channel services like FSPF and therefore do not join a fabric. Instead, the
switches pass frames transparently between end devices and core switches.
Activity Procedure
Complete the following:
Step 1 Both teams: Login, authenticate, and enable the Cisco NPV feature on the edge
switch. (Team 1: Use MDS4. Team 2: Use MDS3.)
10.0.x.14# login: admin
Password: 1234QWer
switch:config
switch(config)# switchname PxMDS4
PxMDS4# config
PxMDS4(config)# feature npv
Verify that boot variables are set and the changes are saved. Changing to npv
mode erases the current configuration and reboots the switch in npv mode. Do
you want to continue? (y/n): y
>> MDS-Bootloader-01.00.19 (Feb 1 2010 - 15:13:26), Build: 01.00.19

Step 2 Both teams: Enable the NPIV feature on the core switch (MDS1 and MDS2) and
configure the link to the edge switch.
PxMDS1(config)# feature npiv
PxMDS1(config)# inter fc1/10
PxMDS1(config-if)# switchport mode f
PxMDS1(config-if)# no shutdown
Note Wait for the edge switch to complete the reload before continuing.
Step 3 When the edge switch completes reload, login, and display the interface status.
PxMDS4# show int fc1/1-5 br
---------------------------------------------------------------
Mode (Gbps)
---------------------------------------------------------------------
fc1/1 1 NP off down swl --
fc1/2 1 F off sfpAbsent --
fc1/5 1 NP off down swl --
Note Configuration has been erased and all ports are shut down.
Step 4 Configure and enable fc1/1 for node connectivity and enable the fc1/5 link to the
core.
PxMDS4(config)# int fc1/5
PxMDS4(config-if)# switchport trunk mode on
PxMDS4(config-if)# no shutdown
PxMDS4(config-if)# switchport mode F
PxMDS4 config-if)# no shutdown

Verify your configuration.
PxMDS4# show int fc1/1-5 br
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/1 1 F off up swl F 4 --
fc1/2 1 F off sfpAbsent -- -- --
fc1/5 1 NP on up swl NP 4 --
PxMDS4#
Task 2: Display the FLOGI and FCNS Databases
In this task, you will confirm common device registration information across switches.
Step 1 On the core switch (MDS1 or MDS2), verify that FLOGI has occurred.
PxMDS1(config-if)# show flogi dat inter fc1/10
----------------------------------------------------------------------
----------------------------------------------------------------------
fc1/10 1 0x2c0000 20:05:00:05:73:ae:dd:80 20:01:00:05:73:ae:dd:81
fc1/10 1 0x2c0001 10:00:00:00:c9:74:4c:10 20:00:00:00:c9:74:4c:10
Step 2 Display the fc1/5 fWWN of the edge switch (link to core) to verify its entry in the
core FLOGI database.
PxMDS4# # show int fc1/5 | in WWN
Port WWN is 20:05:00:05:73:ae:dd:80
Note You will see two entries in the core FLOGI database. One entry represents the host login on
the edge switch. The second entry represents the switch port fWWN login to the core. (The
edge switch performs an FLOGI using the fWWN of the port connecting to the core.)
Step 3 Display the name server (FCNS) database on the core switch to view the logins on
your core switch.
PxMDS1# show fcns dat
VSAN 1:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x2b0040 N 10:00:00:00:c9:74:4c:63 (Emulex) ipfc scsi-fcp:init
0x2b01e2 NL 22:00:00:11:c6:66:3d:20 scsi-fcp:target
0x2b01e8 NL 22:00:00:11:c6:66:3d:37 scsi-fcp:target
0x2b01ef NL 22:00:00:11:c6:66:3d:1f scsi-fcp:target
…..
0x2c0000 N 20:05:00:05:73:af:91:40 (Cisco) npv
0x2c0001 N 10:00:00:00:c9:74:4c:62 (Emulex) ipfc scsi-fcp:init
0x2c0040 N 10:00:00:00:c9:74:4e:04 (Emulex) ipfc scsi-fcp:init
0x2c01e2 NL 21:00:00:11:c6:66:3d:20 scsi-fcp:target
0x2c01e8 NL 21:00:00:11:c6:66:3d:37 scsi-fcp:target
0x2c01ef NL 21:00:00:11:c6:66:3d:1f scsi-fcp:target
Note The highlighted entries represent the host login from the edge switch and the fWWN login
from the edge switch.
Step 4 Verify Cisco NPV on the edge switch.

PxMDS4# show npv status
npiv is disabled
disruptive load balancing is disabled
External Interfaces:
====================
Interface: fc1/5, VSAN: 1, FCID: 0x2c0000, State: Up
Number of External Interfaces: 1
Server Interfaces:
==================
Interface: fc1/1, VSAN: 1, State: Up
Number of Server Interfaces: 1

PxMDS4# show npv flogi-table
---------------------------------------------------------------------
SERVER EXTERNAL
INTERFACE VSAN FCID PORT NAME NODE NAME INTERFAC
---------------------------------------------------------------------
fc1/1 1 0x2c0001 10:00:00:00:c9:74:4c:10 20:00:00:00** fc1/5
PxMDS4# show fcns ?

^
% Invalid command at '^' marker.
Note The name server does not exist. The Cisco NPV edge switch maintains no fabric services.
Task 3: Configure a Trunking F Port Channel between an NPIV
Switch and a Cisco NPV Edge Switch
In this task, you will configure a trunking NP port channel on the NPIV core and a trunking F
port channel on the Cisco NPV edge switch and verify VSAN trunking.
Activity Procedure
Complete the following steps as indicated using the Cisco NPV edge switch and NPIV core
switch:
Step 1 On the MDS9222i switch, display interfaces fc1/5-10/.
MDS1# sh int fc1/5-10 br
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/5 1 FX off up swl F 4 --
fc1/6 1 FX off up swl FL 2 --
fc1/10 1 F on up swl F 4 --
Step 2 On the MDS9222i switch, enable the fport-channel-trunk feature and display the
results.
MDS1(config)# feature fport-channel-trunk
Admin trunk mode has been set to off for
1- Interfaces with admin switchport mode F,FL,FX,SD,ST in admin down state
2- Interfaces with operational switchport mode F,FL,SD,ST.
MDS1(config)# show int fc1/5-10 brief

-----------------------------------------------------------------
Mode (Gbps)
-----------------------------------------------------------------
fc1/5 1 FX on down swl -- --
fc1/6 1 FX on down swl -- --

fc1/10 1 F off up swl F 4 --
Note Enabling the fport-channel-trunk feature rendered the Admin Trunk Mode as off for interface
fc1/10.
Step 3 On the MDS 9222i switch, configure a port channel.

MDS1(config)# int port-channel 2
MDS1(config-if)# switchport mode f
MDS1(config-if)# channel mode active
MDS1(config-if)# switchport trunk mode on
MDS1(config-if)# int fc1/10
MDS1(config-if)# shut
MDS1(config-if)# channel-group 2 force
fc1/10 added to port-channel 2 and disabled
channel, then do "no shutdown" at both ends to bring it up
MDS1(config-if)# no shut
Step 4 On the edge switch, configure a trunking NP port channel.

MDS4(config)# int port-channel 2
MDS4(config-if)# switchport mode np
MDS4(config-if)# int fc1/5
MDS4(config-if)# channel-group 2 force
fc1/5 added to port-channel 2 and disabled
channel,then do "no shutdown" at both ends to bring it up
MDS4(config-if)# no shut
Step 5 Both teams: Verify the results in the CLI and the GUI.
MDS1(config-if)# show int fc1/10 brief
-----------------------------------------------------------------
Mode (Gbps)
-----------------------------------------------------------------
fc1/10 1 F on trunking swl TF 4 2
Note You may need to disable and enable interface fc1/1 to re-establish the login from the host
through the NPV device to the MDS 9222i.
MDS1(config-if)# show port-channel database

port-channel 1
Administrative channel mode is active
Operational channel mode is active
Ports: fc1/8 [up]
fc1/9 [up] *
port-channel 2
1 port in total, 1 port up
Ports: fc1/10 [up] *
Step 6 Add VSANs 10, 20, and 80 to the edge Cisco NPV switches (MDS3 and MDS4) to
demonstrate the effect of changing the device VSAN.
Step 7 Verify VSAN trunking status on the edge port channel.
MDS1(config-if)# show int port-channel 2 trunk vsan
port-channel 2 is trunking
Vsan 1 is up (None)
Vsan 10 is down (waiting for flogi)
PxMDS4(config)# show int fc1/5 brief
-----------------------------------------------------------------
Mode (Gbps)
-----------------------------------------------------------------
fc1/5 1 NP on trunking swl TNP 4 2
Step 8 On the edge switch, assign fc1/1 to VSAN 10 (MDS4) and VSAN 20 (MDS3) and
observe the results.
MDS4(config)# vsan database
MDS4(config-vsan-db)# vsan 10 interface fc1/1
Traffic on fc1/1 may be impacted. Do you want to continue? (y/n)[n] y
MDS4(config-vsan-db)# show int po 2 trunk vsan

Vsan 1 is up (None)
PxMDS4(config-vsan-db)# show npv flogi-table

-------------------------------------------------------------------
SERVER EXTERNAL
INTERFACE VSAN FCID PORT NAME NODE NAME INTERFAC
-------------------------------------------------------------------
fc1/1 10 0x0b0000 10:00:00:00:c9:74:4c:10 20:00:00:0** Po2
Step 9 Observe the results on the MDS1 or MDS2 switch.

MDS1(config-if)# show int port-channel 2 trunk vsan
Vsan 1 is up (None)

MDS1(config)# show flogi dat
------------------------------------------------------------------------------
------------------------------------------------------------------------------
port-channel 2 1 0x2c0020 24:02:00:05:73:ae:dd:80 20:01:00:05:73:ae:dd:81
port-channel 2 10 0x0b0000 10:00:00:00:c9:74:4c:10 20:00:00:00:c9:74:4c:10
MDS4(config)# show flogi dat

------------------------------------------------------------------------------
------------------------------------------------------------------------------
port-channel 2 1 0x2d0020 24:02:00:05:73:ae:db:00 20:01:00:05:73:ae:db:01
port-channel 2 10 0x0c0000 10:00:00:00:c9:73:46:b7 20:00:00:00:c9:73:46:b7
MDS1(config)# show fcns dat

VSAN 1:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x2c0020 N 24:02:00:05:73:ae:dd:80 (Cisco) npv
0x2d0000 N 20:05:00:05:73:ae:db:00 (Cisco) npv
..
VSAN 10:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x0b0000 N 10:00:00:00:c9:74:4c:10 (Emulex) ipfc scsi-fcp:init
0x0c0000 N 10:00:00:00:c9:73:46:b7 (Emulex) ipfc scsi-fcp:init
..
Step 10 Save your work.

MDS1# copy run bootflash:M03Lab04-your initials
MDS1# copy running-config startup-config

initials
Example
Note The copy running-config startup-config command will save the current configuration from
RAM to NVRAM to be used as the boot configuration when the system is reset. Saving your
configuration to a tftp server is a best practice. If you return to your lab later, you can restore
your last configuration from the filename that you stored on the tftp server.
Lab 3-4: Configure VSANs, Domain Management,
and Persistent FCIDs
Activity Objective
In this activity, you will create VSANs and assign interfaces based on port ID and device
WWN. After completing this activity, you will be able to meet these objectives:
 Create VSANs and assign VSAN membership to interfaces
 Observe what happens when you delete a VSAN that contains interfaces
 Configure and verify EISL trunking parameters
 Manually configure the domain ID and principal switch in a VSAN
 Configure static FCIDs
 Purge the FCID persistent database
Visual Objective
P1 P2
VSAN 10 VSAN 20
1/6 1/6
JBOD
1/7 1/7
1/8 1/8
1/9 1/9 MDS2
MDS1
10.0.x.5 10.0.x.3
TE_Port TE_Port
1/5 VSAN 10 VSAN 20 1/5
P1 P2
host1 host2
Required Resources

Command List
Command Description
vsan database Enter VSAN database submode.
Specifies the VSAN ID. The range is 1 to

vsan n 4093.
vsan n [interface] Adds interfaces to a VSAN.
Displays information for the specified VSAN

show vsan [n] ID.
show vsan [n] [membership] Displays membership information.
show interface [trunk vsan] Displays the trunking status of all VSANs.
no vsan n Deletes a VSAN.
Displays the Fibre Channel domain

show fcdomain [vsan n] (fcdomain) runtime information.
Displays a list of domain IDs granted by the

show fcdomain domain-list [vsan n] principal switch.
Displays the name server database for a

show fcns database specified VSAN or for all VSANs.
fcdomain domain id static [vsan n] Configures the domain ID as static.
fcdomain restart disruptive [vsan n] Forces the disruptive fabric reconfiguration.
Specifies the Fibre Chanel domain priority.

fcdomain priority [value] [vsan n] The range is 1 to 254.
Enters the fcdomain fcid database

fcdomain fcid database configuration mode.
show fcdomain fcid perisitent Displays the persistent fcid database.
vsan n wwn pwwn fcid fcid Configures a static FCID in the given VSAN.
show run Displays the switch running configuration.
Saves the running-config to a file on the

copy run bootflash: file bootflash: file system.
Task 1: Create VSANs and Assign Interfaces
Each team will create VSANs on their assigned switches and assign all FX Port devices to the
VSAN (Core fc1/5-6). The teams will temporarily suspend the VSAN and view the results.
VSANs will be used for subsequent tasks, such as domain ID assignment (in this lab), and
zoning and QoS (in later labs).
Activity Procedure
Both teams: Perform these steps concurrently on your assigned switch.
Step 1 Both teams: Open SAN Device Manager on your server and then confirm that FX
Ports (fc1/5-6) are enabled.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
fc1/5 1 0x0b0000 10:00:00:00:c9:73:46:b6 20:00:00:00:c9:73:46:b6
fc1/6 1 0x0b01e2 21:00:00:11:c6:52:56:12 20:00:00:11:c6:52:56:12
fc1/6 1 0x0b01e4 21:00:00:11:c6:52:59:8c 20:00:00:11:c6:52:59:8c
fc1/6 1 0x0b01e8 21:00:00:11:c6:52:57:d2 20:00:00:11:c6:52:57:d2
fc1/6 1 0x0b01ef 21:00:00:11:c6:52:5b:87 20:00:00:11:c6:52:5b:87
Total number of FLOGI = 5.
Step 2 Both teams: Assign the node ports (core fc1/5-6) to your primary VSAN (MDS1 for
VSAN 10, MDS2 for VSAN 20). Verify the results.
PxMDS1# conf
PxMDS1(config-vsan-db)# vsan “n” (mds1 = vsan 10; mds2 = vsan 20)
PxMDS1(config-vsan-db)# vsan “n” interf fc1/5-6 (mds1 = vsan 10; mds2 = vsan
20)
Traffic on fc1/5 may be impacted. Do you want to continue? (y/n) [n] y
Traffic on fc1/6 may be impacted. Do you want to continue? (y/n) [n] y

vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4

fc1/7 fc1/8 fc1/9 fc1/10
fc1/11 fc1/12 fc1/13 fc1/14
fc1/15 fc1/16 fc1/17 fc1/18
vsan 10 interfaces:
fc1/5 fc1/6
vsan 20 interfaces:
vsan 4079(evfp_isolated_vsan) interfaces:
vsan 4094(isolated_vsan) interfaces:
Reference Many command examples will be displayed in truncated format to facilitate expediency.
Reference Use the Tab key for command completion as desired if you wish to query the complete
command syntax.
Step 3 Verify the results again by displaying the FLOGI database.

------------------------------------------------------------------------------
------------------------------------------------------------------------------
fc1/5 10 0x0b0000 10:00:00:00:c9:73:46:b6 20:00:00:00:c9:73:46:b6
fc1/6 10 0x0b01e2 21:00:00:11:c6:52:56:12 20:00:00:11:c6:52:56:12
fc1/6 10 0x0b01e4 21:00:00:11:c6:52:59:8c 20:00:00:11:c6:52:59:8c
fc1/6 10 0x0b01e8 21:00:00:11:c6:52:57:d2 20:00:00:11:c6:52:57:d2
fc1/6 10 0x0b01ef 21:00:00:11:c6:52:5b:87 20:00:00:11:c6:52:5b:87
Task 2: Suspend a VSAN
Both teams will suspend VSAN n and view the results.
Activity Procedure
Complete the following steps on both switches:
Step 1 Using the CLI, suspend the VSAN of your team, view the results, and then
unsuspend the VSAN.
PxMDS1# config
PxMDS1(config)#vsan database
PxMDS1(config-vsan-db)# vsan “n” suspend (where “n” equals 10 for MDS1 and 20
for MDS2
PxMDS1(config-vsan-db)#end
------------------------------------------------------------------------------
------------------------------------------------------------------------------
port-channel 2 1 0xef0020 24:02:00:05:73:af:91:40 20:01:00:05:73:af:91:41
Total number of flogi = 1..
Step 2 Verify the status of the interfaces.

PxMDS1# show int fc1/5-6 brief
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/5 10 FX on inactive swl -- -- --
Note Suspending a VSAN will render member interfaces with a status of inactive.
Step 3 Re-activate the VSAN of your team and view the results.
PxMDS1# config
PxMDS1(config-vsan-db)# no vsan 10 suspend
PxMDS1(config0vsan-db)# end
PxMDS1# show interface fc1/5-6 br
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/5 10 FX on up swl F 4 --
fc1/6 10 FX on up swl FL 2 --

Task 3: Delete VSANs
Both teams will create VSAN 999, assign fc1/5, delete the VSAN, and then view the results.
Activity Procedure
Step 1 Both teams: Using Device Manager, create VSAN 999 by choosing VSANs from
the FC menu. Click the Create button and enter the following values in the dialog.
After you complete that action, click the Create button and then click the Close
button.
 VSAN ID: 999
 Name: test-999
Step 2 Right-click fc1/5 and choose Configure. Assign the interface to VSAN999 and
verify the results. Respond Yes to continue and Close the dialog. Then, confirm
VSAN 999 membership using the CLI.

-----------------------------------------------------------
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/5 999 FX on up swl F 4 --
Step 3 Click the Delete button to delete VSAN 999 in Device Manager and view the
operational status for port fc1/5. Respond Yes to confirm and continue, and then
Close the dialog.
Step 4 Confirm interface membership and status in CLI.

------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
Note The port has been assigned to the Isolated VSAN (4094) and rendered inactive.
Step 5 Both teams: Using the CLI, assign port fc1/5 to your primary VSAN and verify that
the port is operational.
PxMDS1(config#vsan database
PxMDS1(config-vsan-db)#vsan 10 interface fc1/5

Task 4: Configure and Verify EISL Trunking Parameters
In this task, you will configure additional VSANs on your switch and verify EISL trunking
parameters.
Activity Procedure
Complete the following steps:
Step 1 Verify that interface fc1/7 is enabled on both switches.
PxMDS2(config-vsan-db)# sh int fc 1/7 br
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
Step 2 Verify which VSANs are now trunking.

PxMDS1# show int fc1/7 trunk vsan
fc1/7 is trunking
Vsan 1 is up (None)
Step 3 Both teams: In addition to VSAN 10 and 20 on your switches, using the CLI, create
the following VSANs on your assigned switch:
 mds1: vsans 77, 78, 79, 80
PxMDS1(config-vsan-db)#vsan 77-80
 mds2: vsans 79, 80, 81, 82

PxMDS2(config-vsan-db)#vsan 79-82
Step 4 Display the VSAN usage on each switch.

PxMDS1# sho vs usage
7 vsan configured
configured vsans:1,10,20,77-80
vsans available for configuration:2-9,11-19,21-76,81-4078,4080-4093
PxMDS2# sho vs us
7 vsan configured
configured vsans:1,10,20,79-82
vsans available for configuration:2-9,11-19,21-78,83-4078,4080-4093
Step 5 Display the trunking status for fc1/7.

PxMDS1# sho int fc1/7 trunk vsa
fc1/7 is trunking
Vsan 1 is up (None)
Vsan 77 is down (Isolated due to vsan not configured on peer)
PxMDS2# sho int fc1/7 trun vsa
fc1/7 is trunking
Vsan 1 is up (None)
Note The default “trunk allowed vsan” list for TE-Ports includes VSANs 1 to 4093. Any VSAN that
is not configured on both switches is displayed a status of “isolated due to vsan not
configured on peer.”
Step 6 In Device Manager, select Interface > FC E/TE, to configure only ISL ports. Select
the Trunk Config tab.
Note VSAN 4079 is reserved for TF Ports supporting Exchange Virtual Fabrics Protocol (EVFP).
A TF Port is an F Port with trunk mode enabled and that port becomes operational as a
trunking F Port. This feature is available on a Cisco switch supporting Cisco NPV. If VSAN
4079 is reserved for EVFP use, the switchport trunk allowed vsan command will filter out
VSAN 4079 from the allowed list, as shown in the above example.
Step 7 Configure the following trunk parameters.
MDS1 MDS2
Trunking Allowed VSANs Trunking Allowed VSANs
fc1/7 trunk 1-4078, 4080-4093 nonTrunk NA
fc1/8 trunk 1, 20, 78, 80 auto 20,80,82
fc1/9 auto 10, 20 auto 10,20
Note To configure the trunk mode in the CLI, use the following commands:
[Trunk ] = MDS1 (config-if) switchport trunk mode on (default)
[nonTrunk ] = MDS1 (config-if) switchport trunk mode off

Complete the following steps for MDS1 and MDS2 switches to verify your configuration.
Step 1 In Device Manager and the CLI, display the trunk status for fc1/7-9.
PxMDS1# sho int fc1/7-9 trun vsan

fc1/7 is not trunking
fc1/8 is trunking
Vsan 1 is down (Isolation due to vsan not configured on peer)
Vsan 78 is down (Isolation due to vsan not configured on peer)
PxMDS2# sho int fc1/7-9 trun vsa

fc1/8 is trunking
Vsan 82 is down (Isola. . vsan not configured on peer)
Note The display reports ISL fc1/8 as the only trunking ISL (TE-Port). Interface fc1/9 is configured
as Admin “auto” on both switches, therefore neither interface will initiate trunking and will
remain as a nontrunking ISL.
Step 2 Display the brief status report for all ISLs.

PxMDS1# sho int fc1/7-9 br
---------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper
Mode Trunk Mode
Mode
--------------------------------------------------
fc1/7 1 E on up swl E
fc1/8 1 E on trunking swl TE
fc1/9 1 E auto up swl E
PxMDS2# sho int fc1/7-9 br
---------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper
Mode Trunk Mode
Mode
---------------------------------------------------
fc1/7 1 E off up swl E
fc1/8 1 E auto trunking swl TE
fc1/9 1 E auto up swl E
Step 3 Both teams: Use the CLI to reconfigure ISLs between MDS1 and MDS2 to the
following settings.
 Trunk mode: ON
 Trunk allowed vsan: 10,20
Note Since all interfaces will be the same, use config# int fc1/7-9.
When you configure (instead of add) a VSAN, all preconfigured VSANs are wiped out. Thus
you do not need to remove anything. You can simply configure 10 and add 20.
PxMDS1(config)int fc1/7-9
PxMDS1(config-if)switchport trunk mode on
PxMDS1(config-if)switchport trunk allowed vsan 10
PxMDS1(config-if)no shut
Step 4 Display settings in the running-config for all ISLs.

interface fc1/7
no shutdown
switchport mode E
interface fc1/8
no shutdown
switchport mode E
interface fc1/9
no shutdown
switchport mode E
Note Verify that all ISLs on both switches have identical configurations.
Step 5 Verify that only VSANs 10 and 20 are trunking and that no other VSANs are
displaying as isolated.
PxMDS1# sho int fc1/7-9 trun vs
fc1/7 is trunking
fc1/8 is trunking

fc1/9 is trunking
Step 6 Both teams: Remove the extra VSANs, leaving VSAN 10 and VSAN 20 on both
switches.
PxMDS1(config-vsan-db)# no vsan 77-80

PxMDS2(config-vsan-db)# no vsan 79-82
Task 5: Configure Domain IDs and Principal Priority
Both teams will perform domain ID and principal switch configuration.
Activity Procedure
Step 1 Verify that both switches appear in the domain list for each VSAN.
PxMDS1# show fcdomain domain-list vsan 10
Number of domains: 2
Domain ID WWN
--------- -----------------------
0x7d(125) 20:0a:00:0d:ec:72:7d:01 [Local] [Principal]
0x7e(126) 20:0a:00:0d:ec:72:7d:81
PxMDS1# show fcdom dom vsa 20

Domain ID WWN
--------- -----------------------
0x5f(95) 20:14:00:0d:ec:72:7d:01 [Local] [Principal]
0x60(96) 20:14:00:0d:ec:72:7d:81
PxMDS2# show fcdom dom vsan 10
Domain ID WWN
--------- -----------------------
0x7d(125) 20:0a:00:0d:ec:72:7d:01 [Principal]
0x7e(126) 20:0a:00:0d:ec:72:7d:81 [Local]
PxMDS2# show fcdom dom vsan 20
Domain ID WWN
--------- -----------------------
0x5f(95) 20:14:00:0d:ec:72:7d:01 [Principal]
0x60(96) 20:14:00:0d:ec:72:7d:81 [Local]
Note The label [Local] indicates the switch you are working on. The label [Principal] indicates the
principal switch. If the two labels are adjacent, then the local switch is the principal switch.
Step 2 In Device Manager, choose FC > Domain Manager. Select the Running tab to
determine the current domain IDs for the local switch in each VSAN. Review the
Domains tab to identify domains on both switches.

Reference Equivalent commands for the displayed dialogs are show fcdomain and show fcdomain
domain-id respectively.
Step 3 Each team will configure the domain ID for each primary VSAN on their switch.
Select the Configuration tab. The table displays a Running DomainId column that
is grayed-out, indicating unconfigurable fields for displaying the current status.
Note MDS does not have a static domain ID by default and requires a domain assignment from a
principal switch. The default configured domain ID on MDS is 0 Preferred.
Note Changing from a preferred to a static domain ID requires a disruptive restart for the VSAN.
All devices will log out, the principal switch will be elected, domain IDs will be allocated, and
the FSPF routing table will be rebuilt. Then, each device will log back in again with FLOGI.
Step 4 Using the CLI or GUI, configure the following settings on your assigned switch.
Switch VSAN Domain ID Type Priority
mds1 10 11 static 3
20 21 static 200
mds2 10 12 static 200
20 22 static 3
PxMDS1(config)#
PxMDS1(config)# fcdom dom 11 static vsan 10
PxMDS1(config)# fcdom priority 3 vsan 10
PxMDS2(config)#
Step 5 Click the Apply button and then click the Yes button to continue.
Note By default, if all switches have the same priority (default = 128), then the principal switch
within a VSAN becomes the switch with the lowest sWWN. Switch priority can be set within
a range of 1 to 255. Specifying a high priority (highest = 1) for a switch overrides the lowest
sWWN and becomes the principal switch that is based on the highest priority within that
VSAN.
Step 6 Display the results for each VSAN.

PxMDS1# show fcdom vsa 10 | begin prior
Running priority: 2
Current domain ID: 0x7d(125)
Local switch configuration information:

State: Enabled
FCID persistence: Enabled
Auto-reconfiguration: Disabled
Contiguous-allocation: Disabled
Configured fabric name: 20:01:00:05:30:00:28:df
Optimize Mode: Disabled
Configured priority: 3
Configured domain ID: 0x0b(11) (static)
Principal switch run time information:

Running priority: 2
Interface Role RCF-reject
---------------- ------------- ------------
fc1/7 Upstream Disabled
fc1/8 Non-principal Disabled
---------------- ------------- ------------
PxMDS2# show fcdom vsan 20 | begin prior

Running priority: 128
Current domain ID: 0x60(96) (see Note)

State: Enabled
Configured domain ID: 0x16(22) (static)
Principal switch run time information:

Running priority: 2
Interface Role RCF-reject
---------------- ------------- ------------
fc1/8 Downstream Disabled
Reference By default the configured fabric name is 20:01:00:05:30:00:28:df:.

When the fcdomain feature is enabled, the runtime fabric name is the same as the principal
switch WWN.
When the fcdomain feature is disabled, the runtime fabric name is the same as the
configured fabric name.
The fabric name is applied to runtime through a disruptive restart when the fcdomain is
configured as disabled.
Note The “current” domain ID and principal priority will not change until a disruptive fabric
restart has been invoked.
Step 7 Each team should invoke a disruptive restart for their primary VSAN (VSAN 10 on
MDS1, VSAN 20 on MDS2) using either Device Manager or the CLI. In the Restart
column, choose disruptive and then click the Apply button.
Note Use fcdom restart vsan n or the GUI to disruptively restart the VSAN.
PxMDS1(config)# fcdom restart vsan 10
PxMDS1(config)# fcdom restart vsan 20
Complete the following steps for MDS1 and MDS2 switches to verify your configuration.
Step 1 Display the results.
PxMDS1# sho fcdom dom
VSAN 10
Domain ID WWN
--------- -----------------------
0x0b(11) 20:0a:00:0d:ec:72:7c:01 [Local] [Principal]
0x0c(12) 20:0a:00:0d:ec:72:78:c1
VSAN 20
Domain ID WWN
--------- -----------------------
0x16(22) 20:14:00:0d:ec:72:78:c1 [Principal]
0x15(21) 20:14:00:0d:ec:72:7c:01 [Local]
PxMDS2# sho fcdom dom

VSAN 10
Domain ID WWN
--------- -----------------------
0x0c(12) 20:0a:00:0d:ec:72:78:c1 [Local]
0x0b(11) 20:0a:00:0d:ec:72:7c:01 [Principal]
VSAN 20
Domain ID WWN
--------- -----------------------
0x16(22) 20:14:00:0d:ec:72:78:c1 [Local][Principal]
0x15(21) 20:14:00:0d:ec:72:7c:01
Note Each switch will be the principal for its primary VSAN.
Step 2 Display the local switch domain status for each VSAN.
PxMDS1# sho fcdom vsa 10 | be prior
The local switch is the Principal Switch.
Running priority: 2
Current domain ID: 0x0b(11)

State: Enabled
Configured domain ID: 0x0b(11) (static)
PxMDS2# sho fcdom vsa 20

The local switch is the Principal Switch.
Running priority: 2
Current domain ID: 0x16(22)

State: Enabled

Configured domain ID: 0x16(22) (static)
Task 6: Configure Static FCIDs
Both teams will configure a static FCID for each server on their assigned switch.
Tip Before changing a device FCID, a static domain ID must be configured.
Activity Procedure
Both teams: Perform these steps concurrently on your assigned switch.
Step 1 Display the current persistent FCID database on your switch.
PxMDS1# sho fcdom fcid persistent vsan 10
VSAN WWN FCID Mask Used Assignment Int
---- ----------------------- -------- ----------- ---- ----------
10 10:00:00:00:c9:73:46:b6 0x0b0000 SINGLE YES DYNAMIC fc1/5
10 20:06:00:0d:ec:72:7d:00 0x0b0100 AREA YES DYNAMIC fc1/6
Note All FCIDs for your VSAN will display DYNAMIC assignments by default. The Used column
indicates an active port. Before a static FCID can be assigned, the interface where the Nx
Port device connects must be disabled.
Step 2 Alternatively, you can identify the FCID for the servers on port fc1/5 with the
interface command.
PxMDS1# sho int fc1/5 | in FCID
Port mode is F, FCID is 0x0b0000
Step 3 Both teams: Disable interface fc1/5 and redisplay the persistent FCID database for
the primary VSAN.
PxMDS1# sho fcdom fcid pers vsan 10
---- ----------------------- -------- --------- ---- ----------
10 10:00:00:00:c9:73:46:b6 0x0b0000 SINGLE NO DYNAMIC fc1/5
Note The Used column will display No for the Server 1 entry in the FCID database.
Step 4 In Device Manager, select FC > Domain Manager > Persistent FcIds. Verify that
the Used column displays false for Server1 FCID of your pod.
Note In Device Manager, if the Used column displays True, then a device is currently connected
to the fabric and using the FCID. You will not be able to edit the FCID of a device if the
device is in “USE.” Disable the port before you edit the device FCID.

Step 5 Both teams: In the FcId column for Server1, edit the FCID by changing the port
field (the last two digits in the FCID) to 99 and the Assignment field to static.
Step 6 Click the Apply button.
Note Some vendor HBAs do not allow another device to share the same AREA byte (middle two
digits). If you receive an error when applying the configuration for the changed port number,
consult your instructor.
Step 7 Both teams: Enable fc1/5 and verify the results.

Port mode is F, FCID is 0x0b0099
PxMDS2# sh int fc1/5 | in FCID

Port mode is F, FCID is 0x600199

VSAN WWN FCID Mas Used Assignment Int
---- ----------------------- -------- ----------- ---- ----------
10 10:00:00:00:c9:73:46:b6 0x0b0099 SINGLE YES STATIC fc1/5


VSAN WWN FCID Ma Used Assignment Int
---- ----------------------- -------- ----------- ---- ----------
20 20:06:00:0d:ec:72:7d:80 0x600000 AREA YES DYNAMIC fc1/6

20 10:00:00:00:c9:74:4c:11 0x600199 SINGLE YES STATIC fc1/5
Note The Used column will display YES for both Servers. The Mask will display SINGLE FCID
and Assignment shows as STATIC.
Step 8 Display the fcdomain entries in the running-config (including domain IDs, priority,
and persistent FCIDs).
PxMDS1# sho run
fcdomain priority 3 vsan 10
fcdomain domain 11 static vsan 10
vsan 10 wwn 10:00:00:00:c9:73:46:b6 fcid 0x0b0099
vsan 10 wwn 20:06:00:0d:ec:72:7d:00 fcid 0x0b0100 area dynamic
PxMDS2# show run

vsan 20 wwn 20:06:00:0d:ec:72:7d:80 fcid 0x600000 area dynamic
vsan 20 wwn 10:00:00:00:c9:74:4c:11 fcid 0x600199


Task 7: Purge the FCID Persistent Database
In this activity, you will learn how to purge the FCID persistent database.
Activity Procedure
Currently, all JBOD disks have a dynamic entry in the persistent FCID database. Both teams
will disable the JBOD port and perform a purge of the persistent FCID database.
Step 1 Display the current FCID assigned to the JBOD on port fc1/6.
Port mode is FL, FCID is 0x0b0100
Note All JBOD disks share the domain and area bytes, which in this example is 0x0b0100.
Record the FCID to determine if the ID is re-assigned after the purge.
Step 2 Disable all FX ports (fc1/5-6) and display the current persistent FCID database.
---- ----------------------- -------- ----------- ---- ----------
10 10:00:00:00:c9:73:46:b6 0x0b0099 SINGLE NO STATIC fc1/5
10 20:06:00:0d:ec:72:7d:00 0x0b0100 AREA NO DYNAMIC fc1/6
Step 3 Purge the FCID database and verify the results.

PxMDS1# purge fcdomain fcid vsan n (where n is your primary VSAN)
PxMDS1# sho fcdom fcid pers
VSAN WWN FCID Mask Use Assignment Int
---- ----------------------- -------- ----------- ---- ----------
10 10:00:00:00:c9:73:46:b6 0x0b0099 SINGLE NO STATIC fc1/5
Note All STATIC assignments remain in the database and can only be manually deleted.
Step 4 Re-enable all ports and display the FCID database.

PxMDS1# sho fcdom fcid pers vsan “n”
Persistent FCIDs table contents:
VSAN WWN FCI Mask Used Assignment Int
---- ----------------------- -------- ----------- ---- ----------
10 10:00:00:00:c9:73:46:b6 0x0b0099 SINGLE YES STATIC fc1/5


initials
Example

Lab 3-5: Configure Device Aliases
Activity Objective
In this activity, you will configure DDAS to demonstrate Cisco Fabric Services distributions
and merges. After completing this activity, you will be able to meet these objectives:
 Configure DDAS to demonstrate Cisco Fabric Services merges and distributions
 Configure enclosure names
Visual Objective
To other pods
MDS 9710 To other pods
Shared 9710s
MDS9710-A MDS9710-B
VSAN x01 VSAN x02
Disk
P1 P2
1/1 1/2 1/6
1/6 1/1 1/2
1/7 1/7
1/8 1/8
1/9 1/9
MDS1 MDS2
1/5 1/5
1/10 1/10
VSAN 10 VSAN 20
P1 1/5 1/5 P2
P2 1/1 1/1 P1
MDS3 MDS4
host1 VSAN 10 host2

VSAN 20
Required Resources
 Two Cisco MDS 9222i Multiservice Modular Switches, two Cisco MDS 9124/9148
Multilayer Fabric Switches, and two Cisco MDS 9710 Multilayer Directors
 Two Windows hosts with Cisco DCNM-SAN Client and Device Manager installed and
each with dual Fibre Channel HBAs
Command List
Command Description
write erase Erases the startup configuration of the switch.
config Enters configuration mode.
show cfs application Displays the list of Cisco Fabric Services applications.
Displays the name server database for a specified

show fcns database VSAN or for all VSANs.
Lists all the FLOGI sessions through all interfaces

show flogi database across all VSANs.
device-alias database Configures and activates the device alias database.
device-alias name name pwwn

Configures device names in the device alias database.
pwwn
Applies the pending configuration pertaining to the
device-alias commit DDAS (device alias) Cisco Fabric Services distribution
session.
show device-alias database Displays the entire device name database.
show device-alias status Displays the status of the device alias application.
show cfs merge status name Displays the status of the Cisco Fabric Services merge
device-alias operation for the device alias application.
show cfs application name X Shows the details relating to a specific Cisco Fabric
Services application.
show cfs peers Displays all Cisco Fabric Services peers in the fabric.
show cfs lock Displays applications, switches, and users holding

Cisco Fabric Services locks.
interface fc slot/port Selects a Fibre Channel interface from configuration

mode.
show npv status Displays the NPV status of the device.
show interface [fcx/y] [brief] Displays interface status and statistics [for the
indicated interface] [brief detail].
feature npv Enables the NPV feature on the edge switch.
feature npiv Enables the NPIV feature on the upstream switch.

Task 1: Configure and Distribute Device Aliases
Each team will configure device aliases for each JBOD disk and both servers connected to your
switches.
Activity Procedure
Note For this lab, MDS3 and MDS4 will be in switch mode.
Step 1 Both teams: Disable the NPV feature on your edge switch. (Team 1: Use MDS4.
Team 2: Use MDS3.)
PxMDS3(config)# no feature npv
Verify that boot variables are set and the changes are saved. Disabling npv
mode erases the current configuration and reboots the switch in non-npv mode.
Do you want to continue? (y/n):y
Step 2 Both teams: Delete port-channel 2 (between MDS1 and MDS4 and between MDS2
and MDS3).
PxMDS4(config)# no interface port-channel 2
Step 3 Team 1: Create VSAN 10 on MDS4 and then add interface fc1/1 to the VSAN.
Step 4 Team 2: Create VSAN 20 on MDS3 and then add interface fc1/1 to the VSAN.
Step 5 Both teams: Reconfigure then re-enable the ports for the ISL between your core
switch and edge switch.
Note The above step requires several commands that you have learned previously.
Step 6 Both teams: Re-enable ports 5 and 6 on MDS1 and MDS2.

Step 7 Verify that the ISL between MDS1 and MDS4, and MDS2 and MDS3 is up and
operational.
PxMDS1# sh int fc1/10 br
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
PxMDS2# sh int fc1/10 br
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
Step 8 Display the FCNS database and ensure that all devices have registered.
Note The number of disks, FCID, and pWWN numbers will depend on your actual hardware and
therefore be different than displayed here.

VSAN 10:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0xd00000 N 10:00:00:00:c9:74:4c:10 (Emulex) ipfc scsi-fcp:init

VSAN 20:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x170000 N 10:00:00:00:c9:73:46:b7 (Emulex) ipfc scsi-fcp:init
Step 9 Complete the following steps on MDS1 and MDS2 switches. Determine if Cisco
Fabric Services distribution is enabled for the device alias application.
PxMDS1# show cfs application name device-alias
Enabled : Yes
Timeout : 20s
Merge Capable : Yes
Scope : Physical-fc
Region : Default
Note The device-alias application is automatically enabled for Cisco Fabric Services.
Note Team 1 should complete configuration on MDS1 for disk devices in VSAN 10 first. After
Team 1 has committed the configuration on MDS1, then Team 2 should perform
configuration on MDS2 for disk devices in VSAN 20.
Step 10 Enter the device alias configuration mode on MDS1.

PxMDS1# conf
PxMDS1(config)# device-alias database
Step 11 Enter device alias names from top to bottom for the disks that are displayed in the
output of the show fcns database command. When configuring the MDS1 switch,
you will configure the alias names for the disks in VSAN 10, and your alias names
will be of the form podxdiskn-p1 (where x is your pod number and n is the number
of the disk that you are configuring).

Note The show fcns database command lists devices that are currently logged in to each VSAN.
Alternatively, you could use the show flogi database command to display devices only
logged into your switch. The disks are part of a JBOD and so can be identified by their port
type NL.
Port Type MDS1
fc1/6 NL podxdisk1-p1
Tip You can copy and paste the pWWN entries from the output of the show fcns database
command. Create device aliases for the disks in the JBOD. Device alias names are case
sensitive. Names will begin similarly with podxdiskn in order to support the Alias Enclosure
pattern applied in a later task. pWWNs in the output below have been truncated.
Tip Use Notepad to prepare your device-alias list, and then copy and paste to the terminal
window.
PxMDS1(config-device-alias-db)#device-alias name podxdisk1-p1 pwwn 21:00:00:11

PxMDS1(config-device-alias-db)#exit
PxMDS1(config)# device-alias commit
PxMDS1(config)# end
Note Team 2 should wait for Team 1 to commit the changes to MDS1 before continuing.
Step 12 Team 2 only: Enter device alias configuration mode on MDS2.

PxMDS2# conf
Step 13 Enter device alias names from top to bottom for the disks that are displayed in the
output of the show fcns database command. When configuring the MDS2 switch,
you will configure the alias names for the disks in VSAN 20, and your alias names
will be of the form podxdiskn-p2 (where n is the disk number and x is your pod
number).
Note The show flogi database command lists devices that are currently logged onto your switch.
The disks are part of a JBOD and therefore can be identified by their port type, NL.
Port Type MDS2
Tip You can copy and paste the pWWN entries from the output of the show fcns database
command. Create device aliases for all of the disks in the JBOD. Names will begin similarly
with diskn in order to support the Alias Enclosure pattern applied in a later task. pWWNs in
the output below have been truncated.
PxMDS2(config-device-alias-db)# device-alias name podxdisk1-p2 pwwn 22:00:00:0

PxMDS2(config-device-alias-db)# exit
PxMDS2(config)# end
Step 14 Display the FLOGI database on each switch.

----------------------------------------------------------------------------
----------------------------------------------------------------------------
fc1/5 10 0x0b0000 10:00:00:06:2b:08:f2:1d 20:00:00:06:2b:08:..
fc1/6 10 0x0b019b 21:00:00:11:c6:52:56:12 20:00:00:00:87:6e:..
[podxdisk1-p1]
fc1/6 10 0x0b01b3 21:00:00:11:c6:52:59:8c 20:00:00:00:87:6e:..
[podxdisk2-p1]
fc1/6 10 0x0b01b3 21:00:00:11:c6:52:57:d2 20:00:00:00:87:6e:..
[podxdisk3-p1]
fc1/6 10 0x0b01b3 21:00:00:11:c6:52:5b:87 20:00:00:00:87:6e:..
[podxdisk4-p1]

----------------------------------------------------------------------------
----------------------------------------------------------------------------
fc1/5 20 0x160000 10:00:00:06:2b:08:f9:55 20:00:00:06:2b:08:..
fc1/6 20 0x16019b 22:00:00:11:c6:52:56:12 20:00:00:00:87:6e:..
[podxdisk1-p2
fc1/6 20 0x1601b3 22:00:00:00:87:6e:ad:38 20:00:00:00:87:6e:..
[podxdisk2-p2
fc1/6 20 0x16019b 22:00:00:11:c6:52:57:d2 20:00:00:00:87:6e:..
[podxdisk3-p2
fc1/6 20 0x1601b3 22:00:00:11:c6:52:5b:87 20:00:00:00:87:6e:..
[podxdisk4-p2
Step 15 Team 1 should first complete the configuration on MDS1 for the host devices in
VSAN 10. After Team 1 has committed the configuration on MDS1, Team 2 should
perform configuration on MDS2 for the host devices in VSAN 20.
Step 16 Enter device alias names for the two HBA ports connected to your pair of switches,
as shown in the following tables.
Port Type MDS-1
fc1/5 N podxhost1-p1
Port Type MDS-4

Step 17 Use the pWWNs as listed in the show fcns database for VSAN 10.
Note Although Host1 is shown in the FLOGI database, Host2 is connected to a different switch
(MDS4), so you need to use the show fcns database command to identify both hosts.
pWWNs in the output below have been truncated.
PxMDS1# conf
PxMDS1(config-device-alias-db)# device-alias name podxhost1-p1 pwwn 10:00:00:0
PxMDS1(config)# end
Note Team 2 should wait for Team 1 to commit the changes to MDS1 before continuing.
Step 18 Enter device alias names for the two HBA ports connected to your pair of switches,
as shown in the following tables.
Port Type MDS-2
Port Type MDS-3
Step 19 Use the pWWNs as listed in the FCNS database for VSAN 20.
Note Although Host2 is shown in the FLOGI database, Host1 is connected to a different switch
(MDS3), so you need to use the show fcns database command to identify both hosts.
pWWNs in the output below have been truncated
PxMDS2# conf
PxMDS2(config)# end
Step 1 Both teams: Check the status of the device alias application.
PxMDS1# show device-alias status
Fabric Distribution: Enabled
Database:- Device Aliases 12 Mode: Basic
Checksum: 0xea6b9966b81bf91f74af5731a834ad6
Step 2 Examine the device alias configuration.
PxMDS1# show device-alias database
device-alias name podxdisk1-p1 pwwn 22:00:00:00:87:6e:45:3c
..
..
device-alias name podxdisk2-p1 pwwn 22:00:00:00:87:6e:ad:38
..
..
device-alias name podxhost1-p1 pwwn 10:00:00:06:2b:08:f2:1d
device-alias name podxhost1-p2 pwwn 10:00:00:06:2b:08:f2:1c
device-alias name podxhost2-p1 pwwn 10:00:00:06:2b:08:f9:55
Note Ensure that all 12 devices are shown and that there are no duplicate alias names listed.
If there are duplicates, then go back and fix your mistakes before continuing.
Step 3 Check the status of the Cisco Fabric Services merge operation for the device alias
application.
PxMDS1# show cfs merge status name device-alias
Physical-fc Merge Status: Success [ Mon Oct 7 15:04:42 2013 ]

Local Fabric
------------------------------------------------------------------------------
Switch WWN IP Address
------------------------------------------------------------------------------
20:00:00:0d:ec:72:7a:00 10.0.7.3 [Merge Master]
20:00:00:0d:ec:72:7d:c0 10.0.7.5
PxMDS1
20:00:54:7f:ee:ea:84:80 10.0.0.102
20:00:54:7f:ee:ea:cf:80 10.0.0.101
Total number of switches = 4
Step 4 The switch with the lowest sWWN will become the merge master. Compare the
contents of the device alias database on all the switches to confirm that they are
identical.
..
..
..
..
..
..
Step 5 Create a new user and password on MDS1 and MDS2 (already preconfigured on the
MDS 9710).
PxMDS1(config)# user student password 1234QWer role network-operator
Note User and role configuration will be covered in a later lesson.

Step 6 Both teams: Start an SSH session to your respective MDS 9710 with IP address:
____________, and using the login student and password 1234QWer.
PxMDS1# ssh [email protected]
Trying 10.0.0.101...
Connected to 10.0.0.101.
Escape character is '^]'.
User Access Verification
Password:
Step 7 Verify the same device-alias database on the MDS9710.

MDS9710-A# show device-alias database
device-alias name podxdisk1-p1 pwwn 21:00:00:11:c6:66:3d:20
device-alias name podxdisk2-p1 pwwn 21:00:00:11:c6:66:4f:34
device-alias name podxdisk2-p2 pwwn 22:00:00:11:c6:66:4f:34
device-alias name podxdisk4-p1 pwwn 21:00:00:11:c6:66:3d:1f
device-alias name podxdisk4-p2 pwwn 22:00:00:11:c6:66:3d:1f
device-alias name podxhost1-p1 pwwn 10:00:00:00:c9:74:4e:04
device-alias name podxhost1-p2 pwwn 10:00:00:00:c9:74:4e:05
device-alias name podxhost2-p1 pwwn 10:00:00:00:c9:74:4c:62
device-alias name podxhost3-p1 pwwn 21:00:00:e0:8b:87:d1:fb
device-alias name podxhost3-p2 pwwn 21:01:00:e0:8b:a7:d1:fb
device-alias name podxdisk1-p1 pwwn 21:00:00:11:c6:52:55:58
device-alias name podxdisk2-p1 pwwn 21:00:00:11:c6:52:57:7b
device-alias name podxdisk2-p2 pwwn 22:00:00:11:c6:52:57:7b
device-alias name podxdisk4-p1 pwwn 21:00:00:11:c6:52:59:f6--More--
Note The device-alias database was distributed to all the connected switches regardless of
VSAN. You may see device-alias entries from other pods because they perform the same
tasks and add their entries to the one common device-alias database.
Step 8 Both teams: While connected to the MDS 9710, display the Device-Alias mode.
MDS9710-A# show device-alias status
Database:- Device Aliases 29 Mode: Enhanced
Checksum: 0x302d6a340bc3b83c6c149f6d33bfb98
Step 9 Both teams: Exit from your SSH session.

Step 10 Both teams: Display the device-alias mode on your pod MDS 9222i switches
(MDS1 and MDS2).
PxMDS1(config)# show device-alias status
Database:- Device Aliases 0 Mode: Basic
Checksum: 0xf6bd6b3389b87233d462029172c8612
Step 11 Team 1: Enable device alias enhanced mode on MDS1 and MDS4.
Step 12 Team 2: Enable device alias enhanced mode on MDS2 and MDS3.
PxMDS2# conf
PxMDS2(config)# dev mode enhanced
PxMDS2(config)# dev commit
Step 13 Both teams: Display the device-alias mode.
PxMDS1# show device-alias status
Database:- Device Aliases 0 Mode: Enhanced
Checksum: 0xb713791d47fd2d205e1a5fa01ea9c447
Step 14 Both teams: Display the name server database.

PxMDS1# show fcns data vsan 10
VSAN 10:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
[podxhost1-p1]
[podxdisk1-p1]
[podxdisk2-p1]
[podxdisk3-p1]
[podxdisk4-p1]
0xd00000 N 10:00:00:00:c9:74:4c:10 (Emulex) ipfc scsi-fcp:init
[podxhost2-p1]
Total number of entries =

VSAN 20:
---------------------------------------------------------------------
--------------------------------------------------------------------
0x170000 N 10:00:00:00:c9:73:46:b7 (Emulex) ipfc scsi-fcp:init
[podxhost1-p2]
[podxhost2-p2]
[podxdisk1-p2]
[podxdisk2-p2]
[podxdisk3-p2]
[podxdisk4-p2]
Step 15 Save the configuration.

Step 16 Display all Cisco Fabric Services peers in the fabric.
PxMDS1# show cfs peers
Physical Fabric
---------------------------------------------------------------------
Switch WWN IP Address
---------------------------------------------------------------------
20:00:00:05:9b:7d:30:00 10.0.7.5 [Local]
P7MDS1
20:00:00:05:9b:7d:06:80 10.0.7.3
20:00:00:05:9b:7c:20:68 10.0.7.13
20:00:00:05:9b:7c:20:20 10.0.7.14
20:00:54:7f:ee:ea:cf:80 10.0.0.101
20:00:54:7f:ee:ea:84:80 10.0.0.102

Task 2: Configure Enclosure Names
Activity Procedure
Step 1 Both teams: Go to your Windows host and open Cisco DCNM-SAN Client. Log in
with username admin and password 1234QWer. Open the previously discovered
fabric.
Step 2 Scroll to the bottom of the Physical Attributes pane and select End Devices.
Step 3 Enlarge the End Devices information pane to expand the window so that you can see
all hosts and storage end devices.
Step 4 Drag to select all the rows containing the alias names and then click the Alias >
Enclosure button.
Step 5 The Alias > Enclosure box should open. Click the Apply button to use the
expressions in the list on the selected device aliases. The device aliases are
converted into enclosure names. Click the OK button.
Step 6 Click the Apply button above the selected rows to finalize the enclosure name
creation.
Note Notice that the enclosure name (once the pattern has been applied) keeps the first part of
the device alias name that you configured and truncates the last hyphenated part. This
facilitates similar names to be represented on the topology map in Cisco DCNM-SAN Client
by one enclosure icon.
Note If you follow good device alias naming conventions, this procedure allows you to easily
create common enclosure names for devices that have multiple ports, such as the servers
and disks in this lab.
Complete these steps to verify your configuration.
Step 1 From Cisco DCNM-SAN Client, minimize the end devices information pane to
expose the topology view.
Step 2 Right-click the JBOD loop device icons in the topology view and choose Expand.
Step 3 Drag the switches, hosts, and storage devices into a logical layout.

Step 4 Verify that the common enclosure names are visible in the topology view.
Note Notice that both podxhost1 and podxhost2 have dual redundant paths to each of the disk
drives podxdisk1, and so on. Each disk drive is dual attached through two Fibre Channel
arbitrated loops, shown as rings in the diagram.
The podxhost1 primary path is through MDS1 and the secondary path is through MDS3 and
MDS2.
The podxhost2 primary path is through MDS2 and the secondary path is through MDS4 and
MDS1.
Step 5 At the CLI, display the device alias database.

..
..
Step 6 Display the FCNS database to confirm that device aliases are shown for all devices
that have registered with the fabric.
VSAN 10:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x0b0000 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
[podxhost1-p1]
0x0b019b NL 22:00:00:00:87:6e:45:3c scsi-fcp:target
[podxhost2-p1]
0x0b01b3 NL 22:00:00:00:87:6e:ad:38 scsi-fcp:target
[podxdisk2-p1]
..
..
0xef0000 N 10:00:00:06:2b:08:f9:54 (LSI) ipfc scsi-fcp:both
[podxhost2-p2]
VSAN 20:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x160000 N 10:00:00:06:2b:08:f9:55 (LSI) ipfc scsi-fcp:init
[podxhost2-p1]
0x16019b NL 21:00:00:00:87:6e:45:3c scsi-fcp:target
[podxdisk1-p2]
0x1601b3 NL 21:00:00:00:87:6e:ad:38 scsi-fcp:target
[podxdisk2-p2]
.
..
0xef0000 N 10:00:00:06:2b:08:f2:1c (LSI) ipfc scsi-fcp:both
[podxhost1-p2]
Step 7 Display the FLOGI database to confirm that device aliases are shown for each
device that has logged into each switch.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
fc1/5 10 0x0b0000 10:00:00:06:2b:08:f2:1d 20:00:00:06:2b:08:f2:1d
[podxhost1-p1]
fc1/6 10 0x0b019b 22:00:00:00:87:6e:45:3c 20:00:00:00:87:6e:45:3c
[podxdisk1-p1]
fc1/6 10 0x0b01b3 22:00:00:00:87:6e:ad:38 20:00:00:00:87:6e:ad:38
[podxdisk2-p1]

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
fc1/5 20 0x160000 10:00:00:06:2b:08:f9:55 20:00:00:06:2b:08:f9:55
[podxhost2-p1]
fc1/6 20 0x16019b 21:00:00:00:87:6e:45:3c 20:00:00:00:87:6e:45:3c
[podxdisk1-p2]
fc1/6 20 0x1601b3 21:00:00:00:87:6e:ad:38 20:00:00:00:87:6e:ad:38
[podxdisk2-p2]
Step 8 Save your device aliases to the C:/data directory on your pod host for later use.
Note Actual IP address will vary and the default TFTP directory and folder may vary depending on
your TFTP server configuration. The instructor will help enable TFTP on a pod server if
TFTP is disabled. If prompted that the file already exists, overwrite the existing file.
PxMDS1# show device-alias database > tftp://10.0.x.1/podx-devalias.txt (where

x is your pod number)
Trying to connect to tftp server......
Connection to server Established. Copying Started.....
|
TFTP put operation was successful


initials

Example
Lab 3-6: Configure Zoning
Activity Objective
In this activity, you will configure zoning, and verify end-to-end connectivity across the zones.
After completing this activity, you will be able to meet these objectives:
 Zone Fibre Channel devices
 Perform zone merge analysis and resolution
 Configure full zone set distribution
 Back up and restore the full zone set (optional)
 Configure Smart Zoning
 Configure default zone policy (optional)
 Configure enhanced zoning and display the results
Visual Objective
Zoneset10 Zoneset20
host1zone host1zone
host2zone host2zone
VSAN 10 VSAN 20
disk1
1/6 P1 P2 1/6
disk2
1/7 1/7
MDS1 MDS2
1/5 1/10 1/10 1/5
P1 P2
1/5 1/5
P2 1/1 1/1 P1
host1 MDS3 MDS4 host2
VSAN 20 VSAN 10

Required Resources
 Two Cisco MDS 9148 Multilayer Fabric Switches, two Cisco MDS 9222i Multiservice
Modular Switches
 Two Windows 2000 management hosts with Cisco DCNM-SAN Client and Device
Manager installed and each with dual Fibre Channel HBAs
Command List
Command Description
Creates a zone called name in VSAN X and enters

zone name name vsan n configuration mode for that zone.
Creates a zone set called name in VSAN X and

zoneset name name vsan n enters configuration mode for that zone set.
member zonename Adds zone zonename to the current zone set.
zoneset activate name name vsan n Activates the zone set called name in VSAN X.
Exports the zone set database to all switches in the

zoneset export vsan n given VSAN.
debug zone database events Enables debugging of zone database events.
Displays all the zone sets that are configured on the

show zoneset switch.
Displays all the zones that are configured on the

show zone [vsan n] switch or in the specified VSAN.
Displays the status of the zones that are configured

on the switch or in the VSAN. Shows the default
show zone status [vsan n] zone policy, the zone sets, and zones in the full
zone database, and which zone set (if any) is the
active zone.
Displays the active zone set, showing its name and

show zoneset active [vsan n] the name of each active zone with all the members
of all the zones listed.
Displays a list of all the ports that are logged in to

show fcns database [vsan n] the FCNS.
Displays the status of and statistics for interface

show interface fcx/y fcx/y.
Launches debugging for a specific zoning activity,

debug zone [database | merge] such as database updates or zone merges.
show file Displays the contents of a file.
show zone policy Displays the zone policies for all VSANs.
Configures the default-zone policy to permit

zone default-zone permit vsan n communication for all unzoned devices in the given
VSAN.
Task 1: Zone Fibre Channel Devices
Both teams will configure zoning only in their primary VSAN using Cisco DCNM-SAN Client.
Team 1 on MDS1 will work in VSAN 10. Team 2 on MDS2 will work in VSAN 20.
Activity Procedure
Each team will perform these steps.
Step 1 In Cisco DCNM-SAN Client, select your VSAN and then click the plus sign (+)
next to the entry.
Note Team 1 should be in VSAN 10 and Team 2 should be in VSAN 20.
Step 2 Team 1: Right-click VSAN10 and then choose Edit Local Full Zone Database.
Step 3 Team 2: Right-click VSAN 20 and then choose Edit Local Full Zone Database.

Step 4 Both teams: Create the zone set and zones defined in the table in your primary
VSAN.
Team 1 Team 2
VSAN/Switch VSAN 10 MDS1 VSAN 20 MDS2
Zone set name Zoneset10 Zoneset20
Zone name: host1zone host2zone host1zone host2zone
podxhost1-p1 podxhost2-p1 podxhost1-p2 podxhost2-p2

Zone members:
podxdisk1-p1 podxdisk2-p1 podxdisk1-p2 podxdisk2-p2
Step 5 In the Edit Local Full Zone Database window, confirm the name in the switch drop-
down menu (at top). Verify that the switch name is your switch. The switch listed
should be MDS1 for Team 1 or MDS2 for Team 2.
Step 6 Right-click the Zonesets folder in the left pane, and then choose Insert. Type the
zone set name and then click the OK button.
Step 7 Expand the Zonesets folder to display the zone sets that you just created.
Step 8 Right-click the Zones folder in the left pane, choose Insert, and then type the zone
name as shown in the table above. Click the OK button. Repeat for the second zone
and close the dialog by clicking the Close button.
Step 9 For Zoned By, click the WWN radio button above the Name Server table. This
action determines that the name server display list is ordered by WWN. Subsequent
CLI show zone commands will display WWN information.

Step 10 To add members from the name server list to the zones, do one of the following:
 Select the zone and then drag the devices from the Name Server table to the
pane above
 Select the zone and then click the Add to Zone button
Step 11 Repeat the process to add members to the second zone.

Step 12 To add the zones to the zone set, select the zone (host1zone, host2zone) and then
drag up to Zonesetn, the zone set folder that you created.
Step 13 Right-click the zone set that you created and then choose Activate. Click the
Continue Activation button.
Step 14 Close the dialog upon successful completion.

Step 15 Verify the results in the Cisco DCNM-SAN Client graphic pane.
Tip In the Logical Domains area, open the primary VSAN and zone set folders and then click any
host zone to highlight the zone members in the graphic pane. At the CLI, the asterisks
adjacent to the zone members indicate that the devices are online and visible in the zone.
Step 16 View the results on all switches in your pod using the CLI.
PxMDS1# show zoneset active
zoneset name Zoneset10 vsan 10
zone name host1zone vsan 10
* fcid 0x0b0000 [device-alias pod7host1-p1]
* fcid 0x0b01e2 [device-alias pod7disk1-p1]

* fcid 0x140000 [pwwn 10:00:00:00:c9:74:4c:62] [pod7host2-p1]
* fcid 0x0b01e8 [pwwn 21:00:00:11:c6:66:3d:37] [pod7disk3-p1]
* fcid 0x0b0000 [device-alias pod7host1-p1]
* fcid 0x0b01e2 [device-alias pod7disk1-p1]

Step 17 Display the full zone set database on both the core and edge switches.
PxMDS1# show zoneset vsan 10
device-alias pod7host1-p1
device-alias pod7disk1-p1

pwwn 10:00:00:00:c9:74:4c:62 [pod7host2-p1]
pwwn 21:00:00:11:c6:66:3d:37 [pod7disk3-p1]
Note The edge switch should not contain the zone set database.

Zoneset not present
Task 2: Zone Merge Analysis and Resolution
The previous zone configuration task created a single, isolated zone set database in only one
VSAN on each switch. In this task, each team will create the other team’s primary VSAN on
their core switch and configure zoning using the same zone set and zone names, but with
arbitrary zone members.
Each team will run zone merge analysis in the Cisco DCNM-SAN Client to verify that the
phantom zone members will cause a zone merge failure. Each team will then activate an ISL
and resolve the merge failure.
Activity Procedure
Step 1 Team 1: Shut down the ISLs between MDS1 and MDS2 (FC1/7-9).
Step 2 While the ISL is down, follow the steps previously outlined to create the zones and
activate the zone sets in the table for the given VSAN.
Team 1 Team 2
Switch/VSAN MDS1 VSAN 20 MDS2 VSAN 10
Zone set name Zoneset20 Zoneset10
Zone name: host1zone host2zone host1zone host2zone
Zone members: FCID 0x100001 FCID 0x100002 FCID 0x100001 FCID 0x100002
Example: VSAN 10 on mds2
Example: VSAN 20 on mds1

Step 3 To add FCID members to a zone, right-click the zone (for example, host1zone) and
choose Insert. Click the FcId radio button and enter the FCID in the Port Name
field. Click the Add button and then click the Close button to close the dialog.
Specify the FCID in hexadecimal numbering (for example, 0x100001).
Step 4 Activate the zone set.

Step 5 Click Yes when asked to review differences between the configured entries and the
active zone set.
Step 6 Both teams: Close the zoning dialog.
Step 7 Both teams: Display the active zone sets.
* fcid 0x0b0000 [device-alias podxhost1-p1]
* fcid 0x0b01e2 [device-alias podxdisk1-p1]

* fcid 0xd00000 [device-alias podxhost2-p1]

fcid 0x100001

fcid 0x100002

fcid 0x100003
fcid 0x100004
zoneset name zoneset20 vsan 20

* fcid 0x6001e2 [device-alias podxdisk1-p2]
* fcid 0x170000 [device-alias podxhost1-p2]

* fcid 0x6001e4 [device-alias podxdisk2-p2]
Note No asterisks will appear adjacent to the phantom FCIDs. Asterisks indicate devices that
have logged into the fabric. Since these are phantom FCIDs, no real devices have logged in.
Step 8 While the ISL is down, both teams should navigate to DCNM-SAN Client > Zone
> Merge Analysis.
Step 9 Verify the following and then click the Analyze button.
 Check Switch 1: Identifies your core switch
 And Switch 2: Enter the IP address of the other core switch
 VSAN Id field: Enter any primary VSAN

Step 10 Repeat the process for each VSAN.
Note The results confirm that a zone merge failure will occur in the given VSAN and identify the
disparate zone members from each switch.
Step 11 Both teams: Enable fc1/7 and observe the console error messages.
PxMDS1 (config-if)# no shut
PxMDS1 (config-if)# 2010 Dec 23 02:31:44 p9mds1 %ZONE-2-ZS_MERGE_FAILED:
%$VSAN 20%$ Zone merge failure, isolating interface fc1/7 reason: Member
mismatch:[reason:0]
2010 Dec 23 02:31:44 p9mds1 %ZONE-2-ZS_MERGE_FAILED: %$VSAN 10%$ Zone merge

failure, isolating interface fc1/7 received reason: Member mismatch Received
rjt from adjacent switch:[reason:0]
Step 12 Verify that the primary VSANs are isolated due to zone merge failure.
PxMDS1 (config-if)# show int fc1/7 trunk vsan
fc1/7 is trunking
Vsan 1 is up (None)
Vsan 10 is down (Isolation due to zone merge failure)
Vsan 20 is down (Isolation due to zone merge failure)
Reference The following steps outline a merge failure resolution by exporting the active zone set.
Step 13 Perform the following command sequence from the given switch to export the active
zone set in VSAN 10 from MDS1 to MDS2 and verify the results:
 Team 2: On MDS2, display the active zone set in VSAN 10.
PxMDS2# sh zoneset active vsan 10
zoneset name ZoneSet10 vsan 10
fcid 0x100003

fcid 0x100004
 Team 1: On MDS1, export the active zone set in VSAN 10 (this may take a
moment).
PxMDS1# zoneset export vsan 10
 Both teams: Display the active zone set in VSAN 10.
PxMDS1# show zoneset act vsan 10

* fcid 0xa20000 [device-alias podxhost2-p1]
Note You may have to re-invoke the command several times. The resulting active zone set in
VSAN 10 should be identical on both switches.
Step 14 Repeat the command sequence to export the active zone set in VSAN 20 from
MDS2 to MDS1.
 Team 1: On MDS1, display the active zone set in VSAN 20.
 Team 2: On MDS2, export the active zone set in VSAN 20.
PxMDS2# zoneset export vsan 20
Step 15 Both teams: Verify the results by displaying the active zone set in VSAN 20.

Note The active zone set in VSAN 20 should be identical on both switches.

Task 3: Configure Full Zone Set Distribution
Each team will perform steps to manually synchronize the full zone set database on each VSAN
and configure full zone set distribution upon zone set activation.
Activity Procedure
Step 1 Perform the following command sequence from the given switch to manually
distribute the full zone set in VSAN 10 from MDS1 to MDS2 and verify the results.
 Team 2: On MDS2, display the full zone set in VSAN 10.
zoneset name ZoneSet10 vsan 10
fcid 0x100003

fcid 0x100004
 Team 1: On MDS1, distribute the full zone set in VSAN 10.
PxMDS1# zoneset distribute vsa 10
Zoneset distribution initiated. check zone status
 Both teams: Display the full zone set in VSAN 10.
pwwn 10:00:00:00:c9:74:4e:04 [pod7host1-p1]
pwwn 21:00:00:11:c6:66:3d:20 [pod7disk1-p1]

pwwn 10:00:00:00:c9:74:4e:04 [pod7host2-p1]
pwwn 21:00:00:11:c6:66:3d:1f [pod7disk2-p1]
Note The distribution operation may take a moment to complete. The full zone set in VSAN 10
should be identical on both switches.
Step 2 Repeat the command sequence to manually distribute the full zone set in VSAN 20
from MDS2 to MDS1 and verify the results.
 Team 1: On MDS1, display the full zone set in VSAN 20.
PxMDS1# sh zones vsa 20
 Team 2: On MDS2, distribute the full zone set in VSAN 20.
PxMDS2# zoneset distribute vsan 20
 Both teams: Display the active zone set in VSAN 20.
PxMDS1# sh zones vsa 20
pwwn 10:00:00:00:c9:74:4c:63 [pod7host2-p2]

pwwn 10:00:00:00:c9:74:4c:63 [pod7host2-p2]
pwwn 22:00:00:11:c6:66:3d:37 [pod7disk1-p2]
The full zone set in VSAN 20 should be identical on both switches.
Reference The following screen shots illustrate manual distribution of the active and full zone set from
Cisco DCNM-SAN Client. Do not invoke these steps. The images are for illustration only.
Step 3 Follow these steps in Cisco DCNM-SAN Client or the CLI to configure full zone set
distribution at the time of zone set activation for the primary VSAN.
 Select the Zoneset folder in Logical Domains and minimize the graphic pane.
 In the Zone information pane, click the Policies tab and then scroll-right to the
Propagation field. Choose fullZoneSet and then click the apply changes icon.
Step 4 If the zoneset distribute command is issued at the config prompt, the distribution
policy will be followed when the zone set is activated.
PxMDS1# conf
PxMDS1 (config)# zoneset distribute full vsan 10
PxMDS1(config)# sh zone policy vsan 10
Vsan: 10
Default-zone: deny
Distribute: full

Broadcast: disable
Merge control: allow
Generic Service: read-write
Step 5 Repeat the steps for VSAN 20 and verify the results.
Reference The following steps will verify that the full zone set distribution will occur during zone set
activation.
Step 6 Team 1: On MDS1, clear the zone database in VSAN 20.

PxMDS1# clear zone database vsan 20
Step 7 Both teams: Display the full zone set in VSAN 20.
Zoneset not present
Note Only MDS2 will have a full zone set for VSAN 20. No zone set will be present on MDS1 until
a zone distribute or a zone activate is initiated.
Step 8 Team 2: On MDS2, activate Zoneset20 in VSAN 20.

Step 9 Both teams: Display the full zone set in VSAN 20 and verify that both switches
report a full zone set in VSAN 20.
Step 10 Display the zoning configuration in the running-config.
PxMDS1# show run | begin zone
zoneset distribute full vsan 10
!Full Zone Database Section for vsan 10
pwwn 10:00:00:00:c9:74:4e:04 [pod7host1-p1]
pwwn 21:00:00:11:c6:66:3d:20 [pod7disk1-p1]

pwwn 10:00:00:00:c9:74:4e:04 [pod7host2-p1]

member host1zone
member host2zone
zoneset activate name Zoneset10 vsan 10

pwwn 10:00:00:00:c9:74:4c:63 [pod7host2-p2]

pwwn 10:00:00:00:c9:74:4c:63 [pod7host2-p2]
pwwn 22:00:00:11:c6:66:3d:37 [pod7disk1-p2]

member host1zone
member host2zone

--More—
Task 4: Backup and Restore the Full Zone Set
Each team will perform zone database backup and restore operations in their primary VSAN
using Cisco DCNM-SAN Client. Team 1 on MDS1 will work in VSAN 10. Team 2 on MDS2
will work in VSAN 20. You will create directory C:\Data on your respective server to contain
the backup files of the zone databases. Each team will view the files using Notepad.
Activity Procedure
Both teams: Complete the following steps in your primary VSAN.
Step 1 Create the directory C:\Data on your respective server.
Step 2 Right-click your primary VSAN in the Logical Domains and choose Edit Local
Full Zone Database. In the dialog, select File > Backup > This VSAN Zones.
Step 3 Click the Local radio button, and then the ellipses (...) button to browse to C:\Data
and save the file. Accept the default name.
Step 4 Wait for the Success save completion message in the bottom-left corner.
Step 5 Open Windows Explorer on your server and browse to C:\Data.

Step 6 Open the saved zones_cfg file using Notepad. View the contents and then close
Notepad.
Step 7 Clear the full zone database in your primary VSAN on your switch.
PxMDS2#Clear zone database vsan nn
Step 8 Verify that the full zone database is empty.
Zoneset not present
Step 9 In Cisco DCNM-SAN Client, from the Edit Local Full Zone Database dialog,
choose Restore from the File menu.
Step 10 Click Local and browse to C:\Data and select the saved file, click Open, and then
click Restore.
Step 11 Observe the execution messages and then click the Close button.
Step 12 Verify that the full zone set has been restored.
PxMDS2# sh zoneset vsan n
pwwn 10:00:00:00:c9:74:4c:63 [pod7host2-p2]

pwwn 10:00:00:00:c9:74:4c:63 [pod7host2-p2]
pwwn 22:00:00:11:c6:66:3d:37 [pod7disk1-p2]

member host1zone
member host2zone
Step 13 Repeat the backup zone operation and choose All VSAN Zones. View the file
created in the C:\Data directory.

Task 5: Configure Smart Zoning
Each team will enable Smart Zoning in their VSAN and convert the existing zone set to use
Smart Zoning.
Activity Procedure
Each team will configure Smart Zoning in their primary VSAN.
Step 1 Both teams: Display the active zone set in your primary VSAN.
PxMDS1# show zoneset active vsan 10
* pwwn 10:00:00:00:c9:74:4e:04 [pod7host1-p1]
* pwwn 21:00:00:11:c6:66:3d:20 [pod7disk1-p1]


zoneset name DMMZoneset1 vsan 20
zone name Zone1 vsan 20
* pwwn 10:00:00:00:c9:74:4e:04 [pod7host1-p1]
* fcid 0x1601e8 [pwwn 22:00:00:11:c6:66:3d:37] [pod7disk3-p2]
zone name DMM_Zone_admin_2013_10_07_09_21 vsan 20

* pwwn 21:d1:00:0d:ec:72:7a:02
* fcid 0x1601e8 [pwwn 22:00:00:11:c6:66:3d:37] [pod7disk3-p2]
Step 2 Both teams: Enable Smart Zoning in your primary VSAN and check the status.
PxMDS1(config)# zone smart-zoning enable vsan 10
Smart Zoning distribution initiated. check zone status
PxMDS1(config)# show zone status vsan 10

VSAN: 10 default-zone: deny distribute: active only Interop: default
mode: basic merge-control: allow
session: none
hard-zoning: enabled broadcast: disabled
smart-zoning: enabled
rscn-format: fabric-address
Default zone:
qos: none broadcast: disabled ronly: disabled
Full Zoning Database :
DB size: 236 bytes
Zonesets:1 Zones:2 Aliases: 0
Active Zoning Database :
DB size: 124 bytes
Name: Zoneset10 Zonesets:1 Zones:2
Status: Smart Zoning Activation completed at 14:59:11 UTC Oct 11 2013
Step 3 Both teams: Using the CLI, convert the existing zone set to a Smart Zoneset.
PxMDS1(config)# zoneset activate name Zoneset10 vsan 10
Zoneset activation initiated. check zone status
Step 4 Display the result of querying the name server database for the device type.
PxMDS1(config)# show zoneset vsan 10
* pwwn 10:00:00:00:c9:74:4e:04 [pod7host1-p1] init
* pwwn 21:00:00:11:c6:66:3d:20 [pod7disk1-p1] target
pwwn 10:00:00:00:c9:74:4c:62 [pod7host2-p1] init
pwwn 21:00:00:11:c6:66:3d:37 [pod7disk3-p1] target
Step 5 Both teams: Look for the Smart Zone update in Cisco DCNM-SAN Client > Edit
Local Full Zone Database.

Task 6: Configure Default Zone Policy (Optional)
Each team will configure the default zone policy in their primary VSAN to allow
communication with unzoned devices.
Activity Procedure
Both teams will complete the following steps in their primary VSAN.
Step 1 Display the current zone policy and zone status.
PxMDS1# show zone policy vsan 10
Vsan: 10
Default-zone: deny
Distribute: active only
Broadcast: disable
Smart-zone: enabled
PxMDS1# show zone status vsan 10

session: none
Default zone:
DB size: 236 bytes
DB size: 124 bytes
Status: Activation completed at 15:07:18 UTC Oct 11 2013**
Step 2 Both teams: Set the default-zone policy for your primary VSAN to “permit” using
Cisco DCNM-SAN Client or the CLI.
 Minimize the graphic pane and highlight the Zoneset under the VSAN folder.
 Choose the Policies tab and choose permit from the drop-down menu for your
switch.
 Click the Apply Changes icon.
PxMDS2(config)# zone default permit vsan 20
Step 3 Verify the results.

PxMDS2(config)# sh zone policy vs 20
Vsan: 20
Default-zone: permit
Distribute: active only
Broadcast: disable
Smart-zone: enabled
Step 4 Display the active zone set for the primary VSAN.
* fcid 0xef0000 [pwwn 10:00:00:00:c9:74:4e:05] [pod7host1-p2] init
* fcid 0x1601e2 [pwwn 22:00:00:11:c6:66:3d:20] [pod7disk1-p2] target

* fcid 0x160000 [pwwn 10:00:00:00:c9:74:4c:63] [pod7host2-p2] init
* fcid 0x1601e8 [pwwn 22:00:00:11:c6:66:3d:37] [pod7disk3-p2] target]
zone name $default_zone$ vsan 20

* fcid 0x1501ef [pod7disk4-p2]
* fcid 0x1501e8 [pod7disk3-p2]
Note The default zone is displayed as a member of the current active zone set. All unzoned
devices are entered as zone $default-zone$ members.
Step 5 Reset the default zone policy to deny and verify the results.
PxMDS2(config)# no zone def permit vs 20

PxMDS2(config)# show zone policy vsan 20
Vsan: 20
Default-zone: deny
Distribute: full
Broadcast: disable
Smart-zone: enabled

Task 7: Enable Enhanced Zoning (Optional)
Each team will enable enhanced zoning in their primary VSAN and verify the results. Team 1
on MDS1 will enable enhanced zoning in VSAN 10. Team 2 on MDS2 will enable enhanced
zoning in VSAN 20.
Activity Procedure
Both teams complete the following steps.
Step 1 Display the current zone status for both primary VSANs.
PxMDS1# sh zone status vs 10-20
session: none
Default zone:
DB size: 236 bytes
DB size: 124 bytes
VSAN: 20 default-zone: deny distribute: full Interop: default

session: none
Default zone:
DB size: 220 bytes
DB size: 116 bytes
Status: Activation completed at 20:40:27 UTC Sep 25 2009
Step 2 Team 1: On MDS1, clear the zone database in VSAN 20 and verify the results.
PxMDS1# clear zone database vsan 20
Zoneset not present
Step 3 Team 2: Perform the same steps for VSAN 10.
Step 4 Team 1: Enable enhanced zoning in VSAN 10.
PxMDS1# con
PxMDS1(config)# zone mode enhanced vsan 10
WARNING: This command would distribute the zoning database
Of this switch throughout the fabric.
Please enter yes to proceed.(y/n) [n]? y
Set zoning mode command initiated. Check zone status
Step 5 Both teams: Display the full zone set in VSAN 10.
Note Both switches should report a full zone set in VSAN 10.
Step 6 Both teams: Display the zone status for VSAN 10.
PxMDS1# sh zone status vs 10
mode: enhanced merge-control: allow
session: none
Default zone:
DB size: 292 bytes
Zonesets:1 Zones:2 Aliases: 0 Attribute-groups: 1
DB size: 184 bytes
Status: Set zoning mode complete at 08:00:05 UTC Dec 29 2010
Note Both switches should report zone mode: enhanced in VSAN 10.
Step 7 Team 2: Perform the same steps for VSAN 20.

Step 8 Both teams: Display the zone status for VSAN 20, and verify mode: enhanced.
Note The following steps will display fabricwide locking in the zoning database.
Step 9 Team 2: Open a zone edit session in VSAN 20 and configure a new zone.
PxMDS2# con
PxMDS2(config)# zone name test vsan 20
PxMDS1(config-zone)# mem pwwn 11:22:33:44:55:66:77:88
Step 10 Team 1: Attempt to open a zone edit session in VSAN 20 and observe the results.
PxMDS1# con
mds1(config)# zone name test vsan 20
Lock is currently busy
Note PxMDS2 has applied a fabricwide lock in the zoning database for VSAN 20.
Step 11 Both teams: Display the zone status in VSAN 20.

PxMDS1(config)# sh zone status vs 20
session: remote [dom: 33] [ip: 10.0.5.3]
PxMDS1(config-zone)# sh zone status vs 20

session: cli [admin]
hard-zoning: enabled broadcast: enabled
Note If a fabric-lock has been applied, the session displays where the lock was activated. In this
example, MDS1 identifies the switch whose Domain ID is 33 (0x21). On MDS2, the lock has
been applied locally. The session identifies the management tool (CLI) and account (admin).

Step 12 Team 2: Display the pending differences in VSAN 20.
PxMDS2(config-zone)# sh zone pending-diff vsa 20
+zone name test vsan 20
+ member pwwn 11:22:33:44:55:66:77:88
Step 13 Team 2: Complete the configuration process and commit the changes.
PxMDS2(config-zone)# exit
PxMDS2(config)# zone commit vsa 20
Commit operation initiated. Check zone status
Step 14 Both teams: Display the zones (not zoneset) in VSAN 20.
PxMDS1# sh zone vsa 20

zone name test vsan 20

pwwn 11:22:33:44:55:66:77:88
Step 15 Team 1: Repeat the zone edit operation in VSAN 10.

Both teams: Repeat the verification process.
Step 16 Both teams: Revert back to zone mode: basic, and verify the results.
PxMDS1(config)# no zone mode enhanced vsan n
WARNING: This command may remove features specific to
enhanced zoning mode
Please enter yes to proceed.(y/n) [n]? y
Set zoning mode command initiated. Check zone status
PxMDS1# sh zone status

VSAN: n default-zone: permit distribute: active only Interop: default
session: none
Default zone:
Db size: 244 Bbytes
Zonesets:1 Zones:2 Aliases: 0 Attribute-groups: 1
Db size: 136 Bbytes
Database Not Available
Status: Set zoning mode success at 00:01:55 UTC May 27 2008
Step 17 Save your configuration on all used switches to a tftp server.

initials
Example
Step 1 Both teams: Enter the following commands to clear zoning in VSAN 10 and VSAN
20 on all switches. (Enter all commands on all switches.)
PxMDS1(config)# no zoneset activate vsan 10
PxMDS1(config)# clear zoning database vsan 10
PxMDS1(config)# no zoneset activate vsan 20
PxMDS1(config)# clear zoning database vsan 20
Step 2 Verify that zone status is identical on all switches.

session: none
Default zone:
DB size: 4 bytes
Status: Deactivation completed at 13:50:06 UTC Oct 12 2013

session: none
Default zone:
DB size: 4 bytes
Status: Smart Zoning Activation completed at 14:34:37 UTC Oct 12 2013


initials

Example
Lab 4-1: Implement Cisco DMM
Complete this lab activity to practice what you learned in the related lesson. In this lab, you will
configure a Cisco Data Mobility Manager job to migrate data from a disk on MDS2 marked
Existing Storage to a disk on MDS1 marked New Storage.
There are several tasks to be completed by both teams to perform this migration.
Activity Objective
Both teams will perform various tasks to prepare for Cisco DMM configuration on MDS2. The
process requires a VSAN with an active zone set (containing the existing storage and host) and
device alias configuration with enclosure names.
The Cisco NX-OS version must match the SSI image, which is m9000-ek9-ssi-mz.6.2.1.bin.
After completing this activity, you will be able to meet these objectives:
 Download and install the correct SSI image to a Cisco MDS 9000 Series switch
 Enable SSH and the IP routing feature for communication
 Enable the Cisco DMM feature
 Preconfigure for Cisco DMM
 Configure a Cisco DMM migration job and session (using Cisco DCNM-SAN Client )
 Run the Cisco DMM migration and observe the status
 Terminate a DMM job
 Verify the data migration results in Windows

Visual Objective
New Storage: Existing Storage:

disk4 disk1 disk3
disk2
P1 P2
disk3
disk4
1/6 1/6
MDS 1 MDS 2
10.0.x.5 10.0.x.3
1/7 1/7
VSAN 20
1/5
P1 host1
Required Resources
 SSI image to download
 A JBOD with at least two disks
 A Windows server with Cisco Prime DCNM Client installed and a Fibre Channel HBA
connection to one of the Cisco MDS 9000 Series switches
Command List
Command Description
no boot system Deletes the system boot variable.
no boot kickstart Delete the kickstart boot variable.
copy tftp://a.b.c.d/file Copies the specified file from a TFTP server to

bootflash: bootflash:.
boot sys bootflash:file Sets the system boot variable.
boot kick bootflash:file Sets the kickstart boot variable.
boot ssi bootflash:file Sets the SSI boot variable.
Provisions the SSM module in slot 2 for the DMM

ssm enable feature dmm mod 2 feature.
Displays a list of all the ports that are logged in to the

show fcns database FCNS.
show ssm provisioning Displays the current provisioning on the SSM module.
ssh key rsa 1024 Generates a 1024-bit RSA encryption key for SSH.
Feature ssh Enables the SSH service.
ssh a.b.c.d Establishes an SSH session to the specified IP address.
Creates Control Plane Processor (CPP) interface for the

interface cpp 2/1/1 SSM in slot-2, processor-1, VSAN 1.
ip default-gateway 1.1.1.2 Creates the default-gateway 1.1.1.2 for the specified

interface cpp2/1/1 CPP interface.
attach module n Attaches to the specified module.
Displays the session information for the specified DMM

show dmm job job-id n session job Id.
Displays the running-configuration starting at the first

show run | be dmm occurrence of any line containing dmm.

Task 1: Prepare a Switch with the Installed and Activated SSI
Image
This lab requires a service module with the correct installed service file. In Lab 2, you copied a
current SSI image file into the bootflash: directory, and then installed and activated the file.
Check the status of the SSI image file. If the SSI image file is not installed and activated, repeat
Lab 2-2, Task 3.
Activity Procedure
Both teams: Complete these steps to verify that the proper SSI image file is installed and
activated on your switch:
Step 1 The SSI boot parameter should point to the current SSI image.
Step 2 Confirm that the image is saved on the bootflash.

Aug 16 2012 19:16:59 m9200-kick-1.3.4b.bin
Nov 03 19:36:24 2011 m9000-ek9-ssi-mz.6.2.1.bin
Aug 22 19:31:02 2012 m9200-s2ek9-mz.5.2.6.bin
Jul 31 22:46:54 2013 m9200-s2ek9-mz.6.2.1.bin
Step 3 Confirm that the boot parameters are set correctly for the SSI image.
PxMDS1# show boot
Module 1

Module 1
Step 4 Confirm that the SSI image file is in the mod flash.
PxMDS1# dir modflash://1-1/
25317127 Sep 23 20:02:35 2013 m9000-ek9-ssi-mz.6.2.1.bin
Usage for modflash://1-1/

PxMDS1# show module

Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ----------
1 22 4x1GE IPS, 18x1/2/4Gbps FC/Sup2 DS-X9222I-K9 active *
Mod Sw Hw World-Wide-Name(s) (WWN)

--- -------------- ------ -------------------------------------------------
-
1 6.2(1) 1.1 20:01:00:0d:ec:72:7d:c0 to
20:12:00:0d:ec:72:7d:c0
Mod Application Image Description Application Image Version
-------- ----------------------------- -------------------------
1 SSI linecard image 6.2(1)
Mod MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
1 00-0d-ec-75-18-90 to 00-0d-ec-75-18-97 JAE1212BPPN
* this terminal session

Task 2: Enable SSH and the IP Routing Feature for
Communication
The DMM GUI in the Cisco DCNM-SAN Client communicates with the Cisco MDS 9250i or
Cisco MDS 9222i using an SSH connection. In addition, the DMM module communicates with
the supervisor module over VSAN 1 using IP. In this task, each team will verify that SSH is
configured and, if necessary, configure SSH settings.
Both teams will then provision the MDS 9222i or MDS 9250i for the SSH feature.
Activity Procedure
Perform these steps on both switches:
Step 1 Both teams: Verify the SSH settings.
PxMDS1# show ssh server
ssh version 2 is enabled
Note If SSH is not configured, invoke the following command sequence.
PxMDS1# conf t
PxMDS1(config)# ssh key rsa 1024
generating rsa key(1024 bits).....
.
generated rsa key
PxMDS1(config)# feature ssh
Step 2 Verify the results by connecting to the other switch from your CLI session.
PxMDS1# ssh 10.0.x.3
The authenticity of host '10.0.7.3 (10.0.7.3)' can't be established.
RSA key fingerprint is 43:21:58:d6:0e:0e:02:dc:a6:8f:5f:ef:5a:fc:..
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.7.3'(RSA)to the list of known hosts.
MDS Switch
Password: 1234QWer
. . .
PxMDS2# show users
NAME LINE TIME IDLE PID COMMENT
admin ttyS0 Sep 24 15:05 00:04 3052
admin pts/0 Sep 24 15:13 .3497 (10.0.7.5) session=ssh *
PxMDS2# exit
Tip If you receive the following error when connecting to the SSH server of the other team,
invoke the clear ssh hosts command and retry.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
. . . < output truncated >
Host key verification failed.
# clear ssh hosts

Step 3 Both teams: Provision the DMM switch (MDS 9222i) for the IP routing feature.
Step 4 Team 1: Configure and enable the VSAN 1 interface on MDS1.
PxMDS1# conf t
PxMDS1# (config)# interface vsan 1
PxMDS1# (config-if)# ip address 10.10.1.1 255.255.255.0
PxMDS1# (config-if)# no shut
Step 5 Team 2: Configure and enable the VSAN 1 interface on MDS2.

PxMDS2# conf t
PxMDS2# (config)# interface vsan 1
PxMDS2# (config-if)# ip address 10.10.2.2 255.255.255.0
PxMDS2# (config-if)# no shut
Step 6 Both teams: Enable IP routing on both switches.

PxMDS1# config
PxMDS1# (config)# ip routing
Step 7 Team 1: Configure a static route from PxMDS1 to the VSAN 1 interface on the
MDS2 peer switch through the mgmt 0 interface.
PxMDS1# (config)# ip route 10.10.2.0 255.255.255.0 10.0.x.3 (where x is your
pod number)
Step 8 Team 2: Configure a static route from MDS2 to the VSAN 1 interface on the MDS1
peer switch through the mgmt 0 interface.
PxMDS2# (config)# ip route 10.10.1.0 255.255.255.0 10.0.x.5 (where x is your
pod number)
Step 9 Team 1: Verify that ping works by pinging the peer VSAN 1 address from MDS1.
PxMDS1# ping 10.10.2.2 count 5
--- 10.10.2.2 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4019ms rtt
min/avg/max/mdev = 0.165/2.054/9.597/3.771 ms
Step 10 Team 2: Verify that the ping works by pinging the peer VSAN 1 address from
MDS2.
PxMDS2# ping 10.10.1.1 count 5

5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 0.172/0.179/0.205/0.021 ms

Task 3: Enable the DMM Feature
In this task, you will enable the DMM feature on MDS2.
Note Since the existing storage is connected to MDS2, the DMM provisioning takes place on
MDS2.
Activity Procedure
Step 1 Team 2: Enable DMM on MDS2 using the CLI or the GUI.
PxMDS2(config)# ssm enable feature dmm module 1
NOTE: This operation might take some amount of time to complete.
PxMDS2(config)#
PxMDS2(config)# show ssm provisioning
Module Ports/Nodes Application Provisioning Status
-----------------------------------------------------------
1 1-1 dmm success
Step 2 Display the virtual initiator node created by DMM.

PxMDS2 (config)# show dmm module 1 vi-list
==============================================================
DPP-Id VI-pWWN VI-nWWN Outstanding jobs
==============================================================
1 21:cf:00:0d:ec:72:7d:02 21:ce:00:0d:ec:72:7d:02 0
Note The virtual initiator pWWN (VI_pWWN) will be zoned with the existing and new storage in a
later task.
Step 3 Display all DMM entries in the running-configuration.

PxMDS2 (config)# show run | in dmm
ssm enable feature dmm module 1
dmm module 1 rate_of_migration fast 60 medium 25 slow 10
Step 4 Display the new isapi interfaces.

PxMDS2 (config)# show int brief | in isap
isapi1/1/1 up --
isapi1/1/2 up --
isapi1/1/3 up --
isapi1/1/4 up --
Task 4: Use Cisco DCNM-SAN Client or Device Manager to
Enable DMM
Note The following steps are for reference since DMM has been enabled via the CLI.
In this task, you will use Cisco DCNM-SAN Client or Device Manager to enable DMM.
Activity Procedure
Caution Do NOT perform these steps. View only, and then skip to the next task.
Step 1 Launch DCNM-SAN Client from the desktop icon.

Step 2 In the Physical Attributes pane, expand End Devices and then click the Intelligent
Features folder. Choose the MSM tab. The currently configured DMM nodes will
be displayed.

Step 3 To demonstrate the MSM configuration options, click the Create Row icon to view
the configuration dialog. Options include Switch, Module, and Feature to enable.
Close the dialog without creating a DMM entry.
Step 4 In Device Manager, select the Admin menu and choose Feature Control.
Step 5 Sort the rows by clicking the Name header and locate dmm. Click in the Action
field to display the options in the pull-down menu.
Step 6 Click the Feature Set tab to see that fcoe is listed.
Note FCoE is supported.

Task 5: Preconfigure for DMM, Use Device Aliases and
Enclosures, Create VSANs, and Configure Zoning
Enclosures are required before creating a migration job. If the host ports are not already
included in existing enclosures, you need to create enclosures for the host ports. Though
enclosures for new and existing storage ports are created automatically, you will deploy device
alias names as storage enclosures.
In this task, you will download a device alias script for use as enclosure names, create VSAN
20, assign ports according to the lab diagram, and configure zoning for the host and existing
storage in preparation for DMM migration.
Activity Procedure
Step 1 Both teams: Verify that the device alias database is present. (Your pod number is x.
pWWNs may vary.)
PxMDS1# show dev dat
device-alias name podxdisk2-p1 pwwn 21:00:00:11:c6:52:57:d2
device-alias name podxdisk2-p2 pwwn 22:00:00:11:c6:52:57:d2
device-alias name podxdisk3-p1 pwwn 21:00:00:11:c6:52:59:8c
device-alias name podxdisk3-p2 pwwn 22:00:00:11:c6:52:59:8c
device-alias name podxdisk4-p1 pwwn 21:00:00:11:c6:52:5b:87
device-alias name podxdisk4-p2 pwwn 22:00:00:11:c6:52:5b:87
device-alias name podxhost1-p1 pwwn 10:00:00:00:c9:73:46:b6
device-alias name podxhost1-p2 pwwn 10:00:00:00:c9:73:46:b7
Step 2 Team 1 on MDS 1: If the device-alias database is not present, download the saved
device alias script to the running-config.
Note You copied the output of the show device-alias database in an earlier lab by using the
command show device-alias dat > tftp://10.0.x.1/data/ podx-devalias.txt. If the TFTP
server is not accessible, ask your instructor for help.
PxMDS1# copy tftp://10.0.x.1/data/podx-devalias.txt run (where x is your pod

number)
PxMDS1#config
PxMDS1(config)device-alias commit
Step 3 To create enclosure names in DCNM-SAN Client for the device-aliases, refer back
to the Device Alias lab.
Step 4 Team 1: Assign and enable interface fc1/5-6 in VSAN 20 (previously members of
VSAN 10). Verify the results.
PxMDS1# show vsan 20 mem
vsan 20 interfaces:
fc1/5 fc1/6
PxMDS2# show vsan 20 mem

vsan 20 interfaces:
fc1/5 fc1/6
VSAN 20:
-----------------------------------------------------------
FCID TYPE PWWN (VEND FC4-TYPE:FEATURE
--------------------------------------------------------------
0x5f00e2 NL 21:00:00:11:c6:52:56:12 scsi-fcp:target
[podxdisk1-p1]
0x5f00e4 NL 21:00:00:11:c6:52:59:8c scsi-fcp:target
[podxdisk3-p1]]
0x5f00e8 NL 21:00:00:11:c6:52:57:d2 scsi-fcp:target
[podxdisk2-p1]
0x5f00ef NL 21:00:00:11:c6:52:5b:87 scsi-fcp:target
[podxdisk4-p1]
0x5f0100 N 10:00:00:00:c9:73:46:b6 (Emulex) ipfc scsi-fcp:init
[podxhost1-p1]
0x060020 N 10:00:00:00:c9:74:4e:05 (Emulex) ipfc scsi-fcp:init
[podxhost1-p2]
[podxdisk1-p2]
[podxdisk3-p2]
[podxdisk2-p2]
[podxdisk4-p2]
Note Both teams should display the same FCNS database. Each entry should have a device
alias name associated to the entry.
Step 5 Team 1 on MDS1: Zone the following devices in VSAN 20 and activate the zone
set.
 VSAN 20
 podxhost1-p1
 podxdisk3-p2

Step 1 Both teams: Verify the results.
* fcid 0x5f0100 [pwwn 10:00:00:00:c9:73:46:b6] [podxhost1-p1]
* fcid 0x6000e4 [pwwn 22:00:00:11:c6:52:59:8c] [podxdisk3-p2]
Note The disk3-p2 enclosure will represent the existing storage during DMM configuration.
Step 2 Team 1 on Host1: Launch Windows Disk Management to see the zoned disk.
Note If the zoning was performed correctly, the Fibre Channel disk should be displayed in
Windows Disk management.
Note It is sometimes difficult to determine which disk listed in the Disk Management screen is the
zoned Fiber Channel Disk. The correct disk may be Disk 0, Disk 1, Disk 2, and so on.

Step 3 To confirm that you are looking at the correct disk, right-click the new disk label
(not the partition) and choose Properties.
Make sure you have chosen the correct disk, which is the Seagate FC disk (and not the internal
ATA disk). The disk will be labeled SEAGATE nnnnnnnnnnnnn SCSI Disk Device.
Step 4 Close the Seagate properties window, and then close the computer management
window.
Task 6: Configure a Data Mobility Manager Job on MDS2
In this task, Team 2 will use the DMM Wizard to create a DMM job and specify disk3-p2 as
the existing storage with disk4-p1 as new storage, and then start the migration process. Both
teams will monitor the migration. Upon completion, Team 2 will terminate the DMM job.
Activity Procedure
Perform these tasks on the specified switch.
Step 1 Team 2: Launch the DMM Wizard in DCNM-SAN Client. Specify Storage Based.
 Navigate to DCNM-SAN Client > Tools > Data Mobility Manager > Storage
Based.
Step 2 In Step 1 of the wizard, enter Job Name: DMM_Lab1, and specify the following:
 Existing Storage enclosure: disk3, port podxdisk3-p2
 New Storage enclosure: disk4, port podxdisk4-p1
 Migration Type: Offline
 Rate: Fast
 Schedule: Manual
Step 3 Click the Next button.

Step 4 The wizard preselects the least-loaded module (if more than one) in each fabric and
automatically selects the path for each source/destination port pair. In Step 2 of the
wizard, choose MDS2, Module 1, and then click the Next button.
Step 5 The Step 3 dialog of the wizard displays the virtual initiator (VI) created for the
module that was selected for the current job. The VI is created in the same VSAN as
the storage ports (new and existing). Click the Create/Activate Zone button.
Step 6 The new zone created in the existing zone set for VSAN 20 appears. Asterisks
should appear adjacent to each of the Fibre Channel devices indicating that they
have logged into the fabric.
In the example, the wizard created zone DMM_Zone_DMM_Lab1. A virtual initiator pWWN
is automatically generated and is zoned with both the new and existing storage enclosures
(podxdisk4-p1 and podxdisk3-p2).
Reference For the data migration to work correctly, you must configure your intelligent storage arrays
(new and existing) to allow the VIs access to all LUNs that are being migrated. The VI WWN
information is displayed in the DPP VI Selection window.

Step 8 Verify that Select All is checked and then click the Finish button.

Note If the size of the New LUN is less than the Existing LUN, then both fields will be highlighted
in red, indicating an anomaly. The size of the new storage LUN must be no less than the
size of the existing storage LUN. It is unnecessary to partition the new LUN.
Step 9 Team 2: Display the DMM setup in the running-config.

PxMDS2# show run | be dmm
. . . < output truncated >
After the first page displays, type: /dmm, to skip to search result (hint: use
forward search /<text> ).
dmm module 1 job 1363736461 create
attributes job_type 2 job_mode 2 job_rate 4 job_method 1
job_name DMM_Lab1
server vsan 20 pwwn 10:00:00:00:c9:73:46:b6
! [host1-p1]
storage vsan 20 pwwn 21:00:00:11:c6:52:5b:87 new
! [disk4-p1]
storage vsan 20 pwwn 22:00:00:11:c6:52:59:8c existing
! [disk3-p2]
commit
dmm module 1 job 1363736461 session
server 21:b8:00:0d:ec:72:7d:82 src_tgt 22:00:00:11:c6:52:59:8c src_lun 0x0
dst
_tgt 21:00:00:11:c6:52:5b:87 dst_lun 0x0
Step 10 Both teams: Display the active zone set in VSAN 20.
* fcid 0x5f0100 [pwwn 10:00:00:00:c9:73:46:b6] [host1-p1]
* fcid 0x6000e4 [pwwn 22:00:00:11:c6:52:59:8c] [disk3-p2]
zone name DMM_Zone_DMM_Lab1 vsan 20

* fcid 0x600100 [pwwn 21:b8:00:0d:ec:72:7d:82]
* fcid 0x6000e4 [pwwn 22:00:00:11:c6:52:59:8c] [disk3-p2]
* fcid 0x5f00ef [pwwn 21:00:00:11:c6:52:5b:87] [disk4-p1]]
]
Note The virtual initiator 21:b8:00:0d:ec:72:7d:82 is zoned with both the existing storage (disk3-
p2) and new storage (disk4-p1). The actual WWN may be different, depending on your lab
equipment.
Step 11 Team 2: Attach to module 1 and display the DMM job information.
PxMDS2# attach mod 1
module-1# show dmm job
========================================================================
Data Mobility Manager Job Information
========================================================================
Num Job Identifier Name Type Mode Method DMM GUI IP Peer SSM DPP
Session Status
==============================================================================
1 1363736461 DMM_Lab1 STG OFF METHOD-1 10.10.2.2 NOT_APPL
1 CREATED
Number of Jobs :1
Step 12 Team 2: Exit from the module mode.

module-1# exit
PxMDS2#
Step 13 Both teams: Record the job identifier as listed in the output of the Data Mobility
Manager Job Information.
Record Job Identifier: _____________________________________

Task 7: Run the DMM Job
In this task, you will follow the sequence in Cisco DCNM-SAN Client to launch the DMM
migration and observe the progress.
Activity Procedure
Perform these tasks on the designated switch:
Step 1 Both teams: Locate the DMM dialog in the Cisco DCNM-SAN Client Physical
Attributes and specify a 30-second polling interval.
 Navigate to DCNM-SAN Client > Physical Attributes > Intelligent Features
> Data Mobility Manager.
 Poll Interval: 30s
Step 2 Team 1: Start the migration session, choose the DMM job that you created, and then
click the Start button.
Warning Depending on the disk and the amount of data residing on the disk, the migration may take
from 0 to 15 minutes to complete. Your instructor may instruct you to stop the job before the
job completes.
Step 3 Both teams: If the disk had data, you will notice the throughput in the Device
Manager Summary view.
Step 4 Both teams: Change util% to Bytes and observe.
Step 5 Both teams: Observe the session updates.
Tip The Status and Est. TOC (time of completion) will update every 30 seconds. Click the plus
sign (+) next to DMM-Labjob to display the InProgess percentage and TOC.
Step 6 Team 2: Attach to the SSM module and display the DMM session status using the
Job Identifier recorded in the previous task.
MDS2# attach mod 1
module-1# show dmm job <job-id> session
Data Mobility Manager Session Table for Job: 1345317637
--------------------------------------------------------------
Id Initiator SrcTgt/SrcLUN DstTgt/DstLUN Progress VerifyProgres
--------------------------------------------------------------
1 23:57:00:0d:ec:81:b4:c2 22:00:00:11:c6:52:54:5c/0x0 21:00:00:11:c6:52:5c:
60/0x0 20% 0%

Note Periodically re-invoke the command until progress shows as 100%. At that point, you will
verify a successful data migration.
Step 7 Team 2: Click the Log button to display the log information.
Step 8 Both teams: Upon completion, save your configuration to bootflash.

PxMDS1# copy run bootflash:dmm.txt
Task 8: Terminate and Delete the DMM Job
In this task, you will terminate the DMM job and verify a successful migration by viewing the
new volume in your Windows host.
Activity Procedure
Perform these tasks on the designated switch:
Step 1 Team 2: Delete DMM_Lab1.
Note This was an offline session. You must terminate the DMM job to allow Windows Disk
Manager to access the volumes.
Step 2 Team 2: Type exit to abort the module attachment and verify that the DMM job is
no longer in the running-config.
module-1# exit
rlogin: connection closed.
PxMDS2# show run | in dmm


initials
Example
Lab 6-1: Configure RBAC and AAA Services
Activity Objective
Both teams will create roles and apply a set of rules using the CLI, Cisco DCNM-SAN Client,
and Device Manager. Teams will then create user accounts and assign the accounts to a created
role and verify administrative privileges. Each team will configure their switch for RADIUS
services and verify that the RADIUS server is authenticating Telnet logins.
Each team will configure their respective switch for RADIUS authentication. After completing
this activity, you will be able to meet these objectives:
 Create a role and user account using the CLI
 Configure RBAC using Cisco DCNM-SAN Client and Device Manager
 Configure RADIUS services
Visual Objective
RADIUS 10.0.0.198 Key:

mds9000Lab
VSAN 10 VSAN 20
mg0 1/6 1/6 mg0
MDS 1 MDS 2
1/7 1/7
1/5 VSAN 10 VSAN 20 1/5
host1 host2
Required Resources
 Two Windows 2000 Servers
Command List
Command Description
role name name Creates a role called name and enters config mode for that
role.
description descrip Assigns a description to the current role.
rule x permit clear Applies a rule to the current role allowing the clear
command.
rule x permit show feature Applies a rule to the current role allowing a feature of the
version show command to be executed by the user.
show role name name Displays the properties of the role name.
show user-account Displays all the users that are configured in the system.
show snmp user Displays all SNMP user accounts.
username name password Creates a user with the name name, a password of
password [expire yyyy-mm-dd ] password that expires on the specified date, and assigns
role role the role of role. This user will follow the rules assigned to
role.
show radius server Displays radius server attributes.
radius-server host ip-address Configures a RADIUS server test username and idle time
test username name idle-time setting.
[value]
radius distribute Distributes the RADIUS configuration settings.
radius commit Commits the distribution of RADIUS configuration.
radius-server timeout X Sets timeout of X seconds for the RADIUS server.
radius-server retransmit Y Sets retransmit value of Y seconds for the RADIUS server.
radius-server deadtime 30 Configures the RADIUS server dead-time interval.
show radius-server statistics Displays statistics for the specified RADIUS server.
ip-address
radius server host ip-address Configures the RADIUS server DNS name or its IP
key [value] address.
show radius-server groups Shows RADIUS server group configuration information.
aaa authentication login Server group name.

default group radius
aaa authentication login Use local username authentication.
console local
show aaa authentication Displays AAA configurations.

Task 1: Create a Role and User Account Using the CLI
In this task, you will create a role and a new user account assigned to the new role. You will
verify that the user account privileges use Telnet.
Activity Procedure:
Complete these steps on both switches in your pod to create a system-based role.
Step 1 Both teams: Create the role ccie-role with the rules shown in the example.
PxMDS1# config
PxMDS1(config)# role name ccie-role
PxMDS1(config-role)# rule 1 permit config feature zoneset
PxMDS1(config-role)# rule 2 permit show feature fcns
PxMDS1(config-role)# rule 3 permit show feature interface
PxMDS1(config-role)# exit
Step 2 Create user-account labuser and assign to role ccie-role.

PxMDS1(config)# username labuser password 1234QWer role ccie-role
PxMDS1(config)# end
Step 3 Display the new role and user account settings.

PxMDS1# show role name ccie-role
Role: ccie-role
vsan policy: permit (default)
---------------------------------------------
Rule Type Command-type Feature
---------------------------------------------
1. permit config zoneset
2. permit show fcns
3. permit show interface
PxMDS1# show user-account labuser

user:labuser
this user account has no expiry date
roles:ccie-role
PxMDS1# show snmp user labuser
____________________________________________________
SNMP USER
____________________________________________________
User Auth Priv(enforce) Groups
____ ____ _____________ ______
labuser md5 des(no) ccie-role
Note SNMP users are automatically created when creating CLI user accounts.
Step 4 Display the settings for the default role.

PxMDS1# show role name default-role
Role: default-role
Description: This is a system defined role and applies to all users
vsan policy: permit (default)
---------------------------------------------
---------------------------------------------
1. permit show system
2. permit show snmp
3. permit show module
4. permit show hardware
5. permit show environment
Step 5 Enable the Telnet feature on your switch.
PxMDS1# conf
PxMDS1(conf)# feature telnet
Step 6 Telnet to your switch from your server in your pod and authenticate as user account
labuser and perform the following:
 Invoke ? to view all available commands.
 Invoke show ? to display the valid show command options.
 Invoke an administratively prohibited command such as debug or copy run
start and observe the system response.
telnet 10.0.X.5
mds login: labuser
Password:
PxMDS1# ?
Exec commands:
configure Enter configuration mode
end Go to exec mode
exit Exit from command interpreter
PxMDS1# show ?
^
% Invalid command at '^' marker.
^
PxMDS1% Permission denied for the role
PxMDS1# config
% Permission denied for the role
PxMDS1(config)# zoneset ?
activate Activate a zoneset
capability Zone server capability
clone Zoneset clone command
distribute Enable zoneset propagation
name Configure a zoneset
rename Zoneset rename command
PxMDS1(config)# zoneset name newzoneset

^
% Incomplete command at '^' marker.
PxMDS1(config)# zoneset name newzoneset vsan 10
Step 7 Logout as labuser and then log back in as admin.

Step 8 Verify that newzoneset exists in VSAN 10.
PxMDS1#show zoneset vsan 10
zoneset name newzoneset vsan 10
Step 9 Remove newzoneset in VSAN 10.

PxMDS1(config)# no zoneset name newzoneset vsan 10
PxMDS1(config)# show zoneset vsan 10
Zoneset not present

Task 2: Configure RBAC Using Cisco DCNM-SAN Client and
Device Manager
This task is similar to the previous task. You will configure a role and user in Cisco DCNM-
SAN Client, modify the rules for the role in Device Manager, and test the account privileges.
Then, you will configure a VSAN policy for the role and test account privileges.
Activity Procedure
Perform these steps on each switch as indicated.
Step 1 On both switches, enable role distribution for Cisco Fabric Services and verify the
results.
PxMDS1# conf t
PxMDS1(config)# role distribute
PxMDS1(config)# show cfs app
----------------------------------------------
Application Enabled Scope
----------------------------------------------
ntp No Physical-fc-ip
fscm Yes Physical-fc
role Yes Physical-fc-ip
. . .
Step 2 Both teams: Toggle the auto-hide button on the graphic pane in Cisco DCNM-SAN
Client to hide the pane and display the full information pane.
Step 3 Team 1: Launch the Users and Roles icon from the toolbar and then choose the
Roles tab.
Step 4 Click the Create Row icon and enter the following.
 MDS1-team Name: team1role
 VSAN Scope List: 10
 Uncheck the Has Config, Exec and Show Permission checkbox
Step 5 Notice that the Pending radio button is selected in the Information panel. Click the
Commit CFS Pending Changes icon to propagate the changes.

Step 6 Notice that the status radio button indicates a Running state.
Step 7 Both teams: Verify role distribution from the CLI.

PxMDS1# show role name team1role
Role: team1role
Description:
Vsan policy: deny
Permitted vsans: 10
-------------------------------------------------
-------------------------------------------------
1 permit show *
Step 8 Verify that Cisco DCNM-SAN Client has updated. Both teams: Click the
Rediscover icon and then click the Refresh Values icon.
Note The Cisco DCNM-SAN Client on each workstation should update to display team1role. You
may need to invoke refresh multiple times. If the Roles table does not update, try closing
and then re-opening Cisco DCNM-SAN Client.
Step 9 Team 2: Repeat the process. Launch the Users and Roles icon from the toolbar and
select the Roles tab. Click the Create Row icon and enter the following:
 MDS2-team Name: team2role
 VSAN Scope List: 20
 Uncheck the Has Config, Exec and Show Permission radio button
 Commit changes for Cisco Fabric Services distribution
Step 10 Both teams: Verify that Cisco DCNM-SAN Client has updated. Click the
Rediscover Current Fabric icon and the Refresh Values icon.

Role: team1role
Description:
Vsan policy: deny
Permitted vsans: 10
-------------------------------------------------
-------------------------------------------------
1 permit show *
Role: team2role
Description:
Vsan policy: deny
Permitted vsans: 20
-------------------------------------------------
-------------------------------------------------
1 permit show *

Step 12 Both teams: Choose the Users tab and create a single user accordingly.
Warning If the Users tab is grayed out, then click the Roles tab first.
 Team 1: Enter user1 with password 1234QWer and role team1role.

 Team 2: Enter user2 with password 1234QWer and role team2role.
 Check the boxes for MDS1 and MDS2 switches.
Step 13 Both teams: Verify that user1 and user2 each have two entries under the Users tab
in the GUI. There should be one entry for the MDS1 switch and one entry for the
MDS2 switch.
Step 14 Both teams: Verify that user1 and user2 are valid user accounts and valid SNMP
user accounts.
PxMDS1# show user-account
user:admin
roles:network-admin
user:labuser
roles:ccie-role
user:user1
roles:team1role
user:user2
roles:team2role
PxMDS1# show snmp user

______________________________________________________________
SNMP USERS
______________________________________________________________
User Auth Priv(enforce) Groups acl_filter

____ ____ _____________ ______ __________
admin md5 des(no) network-admin
user1 md5 des(no) team1role
user2 md5 des(no) team2role
labuser md5 des(no) network-operator
student md5 des(no) network-operator
______________________________________________________________
NOTIFICATION TARGET USERS (configured for sending V3 Inform)
______________________________________________________________
User Auth Priv

____ ____ ____
Reference Role creation in Cisco DCNM-SAN Client provides limited “rules” granularity. In this
procedure, you will use Device Manager to modify the rules for the team roles created in
Cisco DCNM-SAN Client during the previous procedure.
Step 16 Both teams: In Device Manager, choose Roles from the Security menu.

Step 17 There is a slight delay before the Roles dialog appears because Device Manager
needs to fetch the feature table for all available rules.
Step 18 Team 1: Select team1role and then click the Rules button.
Note Notice that the features in the Show column are already selected by default.
Step 19 Team 1: Check Config, Debug, Exec, click the Apply button, and then click the
Close button.
Step 20 In the CFS drop-down menu, choose Commit.
Step 21 Team 2: Repeat the process for team2role. Apply the same rules for Config,
Debug, Exec and commit the changes.
PxMDS1# show role name teamxrole [X is either 1, or 2]
. . .
Role: teamXrole
vsan policy: deny
Permitted vsans: XX
---------------------------------------------
---------------------------------------------
1. permit config *
2. permit debug *
3. permit show *
4. permit exec *
Step 23 Both teams: Verify account privileges. Close Cisco DCNM-SAN Client and Device
Manager.

Step 24 Re-login to Cisco DCNM-SAN Client with username admin and password
1234QWer.
Step 25 Remove any fabrics listed in the Fabrics tab.

Step 26 Click the Discover Button.
Step 27 Discover a new fabric using your respective account. Enter username user1 for
Team 1 or user2 for Team 2, and password 1234QWer.
Note Note that the devices are visible in the graphic pane and VSANs are visible in Logical
Domains. Select various menu items to view the available features.
Step 28 Each user should only be able to configure their respective VSAN.
Step 29 Use the desktop icon to launch a new Device Manager using the user1 or user2
name, and select various menus to view available features and functions.
Step 30 Login from the CLI and then view available tasks.

Task 3: Configure RADIUS Services
Each team will configure RADIUS server support on their respective switches and test the
configuration.
Activity Procedure
Both teams complete these steps.
Note The instructor will provide the IP address where the RADIUS server has been configured or
use the IP address of your server.
Step 1 Both teams: Configure your respective switch for RADIUS authentication using
RADIUS host 10.0.0.198 with key mds9000Lab and then verify the results.
PxMDS1# con
(config)# radius-server host 10.0.0.198 key mds9000Lab
(config)# end
PxMDS1# show radius-server
retransmission count:1
timeout value:5
deadtime value:0
total number of servers:1
following RADIUS servers are configured:

10.0.0.198:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
PxMDS1# sh radius-server groups
total number of groups:1
following RADIUS server groups are configured:

group radius:
server: all configured radius servers
deadtime is 0
Note The server group “radius” is created by default. All configured RADIUS servers automatically
populate server group radius.
Step 2 Configure the AAA authentication to require all Telnet and SSH logins to
authenticate via RADIUS, and console logins to authenticate using the local name
database.
PxMDS1# config
PxMDS1(config)# aaa authentication login default group radius
PxMDS1(config)# aaa authentication login console local
PxMDS1(config)# end
Step 3 Verify that the results.

PxMDS1# sh aaa authentication
default: group radius
console: local
Step 4 Test your RADIUS configuration. Telnet to your local switch using the following
account:
 User: testuser1
 Password: passW0rd (Use the number 0 [zero] and not the letter O.)
Note The user testuser1 has been preconfigured on the RADIUS server database.
Step 5 Verify that all VSANs are visible. Enter various commands to query the
administrative privileges of the user.
PxMDS1# show vsan
PxMDS1# show int br
Note The account was created on the RADIUS server and upon logging in, will inherit “network-
operator” privileges.
Step 6 Logout from your switch console session by typing Exit and re-login as user
testuser1.
Note The login attempt will fail.
Step 7 Re-login as admin and display the current user accounts.

PxMDS1# sh user-acc testuser1
user:testuser1
roles:network-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this
user account
Local login not possible
Note User testuser1 has been automatically created on the switch with no password (preventing a
local login) and assigned to the role network-operator.
PxMDS1(config)# show user-account

user:admin
roles:network-admin
user:labuser
roles:ccie-role
user:user1
roles:team1role
user:user2
roles:team2role
user:testuser1
roles:network-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this
user account
Local login not possible
Step 8 Attempt to assign testuser1 to role ccie-role. Notice that the attempt fails. Follow
the instructions provided by the MDS.
PxMDS1(config)# user testuser1 role ccie-role
user:testuser1 account is already created through remote authentication.
Please first delete that account using "no" option
Step 9 Delete the testuser1 account that was created on the switch.
PxMDS1(config)# no user testuser1

Step 10 Re-create testuser1 in role ccie-role.
PxMDS1(config)# user testuser1 password 1234QWer role ccie-role
Step 11 Re-login as testuser1 through the console. Verify that the administrative privileges
match the rules for role ccie-role and then exit.
Step 12 Re-login as admin through the console and save your configuration.

initials
Example
Lab 6-2: Implement Fabric and Port Security
In this lab, you will enable, activate, and configure port security settings, and view port security
violations and statistics. You will use the Cisco Fabric Services infrastructure to distribute port
security configurations. You will configure fabric binding to enforce ISL security and use the
GUI to implement DH-CHAP authentication. You will create IP access lists to control access to
the Mgmt0 interface.
Activity Objective
In this activity, you will configure port security to both allow and prevent devices from logging
in to the switch. After completing this activity, you will be able to meet these objectives:
 Configure port security
 Configure fabric binding for Fibre Channel VSANs
 Implement DH-CHAP
 Create IP access lists
Visual Objective
Port-security Port-security
1/6 1/6
1/7 1/7
Fabric
mg0 1/8 1/8 mg0
Security
MDS1 MDS2
1/9 1/9
1/5 Port-security 1/5
host1 host2
IP ACL IP ACL

Required Resources
 Two Windows hosts with Cisco DCNM-SAN client and Device Manager installed and
each with dual Fibre Channel HBAs
Command List
Command Description
feature port-security Enables the port security feature.
feature fabric-binding Enables the fabric binding feature.
write erase Erases the switch configuration file.
reload Reloads the switch.
show port-security status Displays status of the port-security database.
show cfs application name Displays attributes of the Cisco Fabric Services port-
port-security security application.
show port-security database Displays the port-security database.

[active] [configuration]
show cfs merge status name Displays the merge status of the Cisco Fabric Services
port-security vsan X port-security application.
show fcsp dhchap database Displays DH-CHAP database entries.
show fabric-binding status Displays fabric binding status.
show fabric-binding database Displays the active database configuration information.

active
show fabric-binding Displays fabric binding statistics.
statistics
show fcsp interface fcx/y Displays fcsp attributes on interface fcx/y.
show fcsp interface fcx/y Displays fcsp statistics on interface fcx/y.

statistics
show fcsp dhchap Displays DH-CHAP hash algorithms and groups.
ip access list Configures IP ACLs in configuration mode.
port-security auto-learn Configures port security auto-learning.
port-security database copy Copies the active database to the config database.
port-security activate Activates the configured port-security database.
fabric-binding activate Activates the fabric-binding database.
Task 1: Configure Port Security
In this task, you will enable, activate, and configure port security settings, and view port
security violations and statistics.
Activity Procedure
Step 1 Both teams: Verify that all ISLs are shut down. Assign fc1/5-6 to VSAN 1. Enable
interface fc1/6 and disable interface fc1/5.
PxMDS1(config-if)# shut
PxMDS1(config-vsan-db)# vsan 1 interface fc1/5-6
PxMDS1(config-if)# int fc1/6
Step 2 Both teams: Enable the port-security feature.

PxMDS1(config)# feature port-security
Step 3 When activating port security for a given VSAN, the auto-learn feature is enabled by
default and populates the active database with the WWNs for all connected devices.
Entries will then be listed as Learnt Yes. Both teams: Activate port security for
VSAN 1 and verify the results.
PxMDS1# conf
PxMDS1(config)# port-sec act vsan 1
PxMDS1(config# sho port-sec database act
----------------------------------------------------------------------------
VSAN Logging-in Entity Logging-in Point (Interface) Learnt
----------------------------------------------------------------------------
1 21:00:00:11:c6:52:56:12(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)* Yes
1 21:00:00:11:c6:52:59:8c(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)* Yes
1 21:00:00:11:c6:52:57:d2(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)* Yes
1 21:00:00:11:c6:52:5b:87(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)* Yes
[Total 4 entries]
Step 4 Display the contents of the port-security configured database.

PxMDS1(config)# sho port-sec database con
----------------------------------------------------------------
VSAN Logging-in Entity Logging-in Point (Interface)
----------------------------------------------------------------
Note At this point, the configured database should be empty.
Reference In the following steps, you will disable the auto-learn feature and copy the active database to
the configured database. Disabling auto-learn will prevent learning the WWNs of any new
connecting devices, suspend any new connection attempts, and update the policy violations
counters.
Note The recommended method for configuring port security is to enable and activate port
security after all valid devices are attached to the fabric. Then, copy the active database to
the configured database and turn off auto-learn so that untrusted devices cannot log in.

Step 5 Both teams: Disable auto-learn and copy the active database to the configured
database. Verify the results.
PxMDS1(config)# no port-sec auto-learn vsan 1
PxMDS1(config)# port-security database copy vsa 1
PxMDS1(config)# sho port-sec dat con
------------------------------------------------------------------
------------------------------------------------------------------
1 21:00:00:11:c6:52:56:12(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:59:8c(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:57:d2(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:5b:87(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
[Total 4 entries]
PxMDS1# sho port-sec dat activ
--------------------------------------------------------------------
--------------------------------------------------------------------
1 21:00:00:11:c6:52:56:12(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:59:8c(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:57:d2(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:5b:87(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
[Total 4 entries]
Note The configure database and the active database should have identical entries. Note the
Learnt column no longer displays Yes in the active database.
Step 6 Both teams: To display a port activation failure, enable fc1/5 and verify the results.
PxMDS1(config-if)# sh int br | in fc1/5
fc1/5 1 FX on notConnected swl --
PxMDS1(config-if)# sh int fc1/5
fc1/5 is down (Suspended due to port security)
Hardware is Fibre Channel, . . .
Step 7 Display violations of port security policies.

PxMDS1(config-if)# sh port-sec vio
---------------------------------------------------------------------
VSAN Interface Logging-in Entity Last-Time [Repeat count]
---------------------------------------------------------------------
1 fc1/5 10:00:00:00:c9:73:46:b6 (pwwn) Feb 17 21:24:22 2010 [1]
20:00:00:00:c9:73:46:b6 (nwwn)
[Total 1 entries]
Step 8 Both teams: Manually configure a pWWN mapping to port fc1/5 and compare the
configured database versus the active database.
PxMDS1(config-if)# port-sec data vsa 1
PxMDS1(config-port-security)#pwwn 10:00:00:00:00:00:00:01 int fc 1/5
PxMDS1(config-port-security)#exit
PxMDS1(config)# sh port-sec dat
-------------------------------------------------------------------
-------------------------------------------------------------------
1 21:00:00:11:c6:52:56:12(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:59:8c(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:57:d2(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:5b:87(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 10:00:00:00:00:00:00:01(pwwn) 20:05:00:0d:ec:72:7d:00(fc1/5)*
[Total 5 entries]
PxMDS1(config)# sh port-sec dat ac
--------------------------------------------------------------------
--------------------------------------------------------------------
1 21:00:00:11:c6:52:56:12(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:59:8c(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:57:d2(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:5b:87(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
[Total 4 entries]
Note The active database will not include port fc1/5 until the configured database changes have
been activated.
Step 9 Both teams: Activate the port security database.

PxMDS1 config)# port-sec activate vsa 1
PxMDS1(config)# sh port-sec dat ac
--------------------------------------------------------------------
--------------------------------------------------------------------
1 21:00:00:11:c6:52:56:12(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:59:8c(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:57:d2(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 21:00:00:11:c6:52:5b:87(pwwn) 20:06:00:0d:ec:72:7d:00(fc1/6)*
1 10:00:00:00:00:00:00:01(pwwn) 20:05:00:0d:ec:72:7d:00(fc1/5)*
[Total 5 entries]
Step 10 Shutdown and re-enable port fc1/5and display port security violations.
PxMDS1(config-if)# sh port-sec vio
---------------------------------------------------------------------
VSAN Interface Logging-in Entity Last-Time [Repeat count]
---------------------------------------------------------------------
1 fc1/5 10:00:00:00:c9:73:46:b6 (pwwn) Feb 17 21:29:32 2010 [2]
20:00:00:00:c9:73:46:b6 (nwwn)
[Total 1 entries]
Note The [Repeat count] total should have incremented.

fc1/5 1 FX on invalidBinding swl -- --
Note The port status should display invalidBinding.
Step 11 Both teams: Disable the port-security feature and display fc1/5 port status.
PxMDS1(config-if)# no feature port-sec
1980 Jan 2 20:51:42 mds2 %PORT_SECURITY-2-FEATURE_DISABLED: Feature port-
security disabled due to explicit user disable
PxMDS1(config)# sh int fc1/5
fc1/5 is down (Suspended due to port security)
Note Port fc1/5 is left in a suspended state until the port is reset (with shut and no shut
commands).
Step 12 Reset port fc1/5 and save your configuration.

Task 2: Configure Fabric Binding for Fibre Channel VSANs
In this task, you will configure fabric binding to enforce ISL security.
Activity Procedure
Note If you are working alone, then you will configure both switches. If you are working in teams,
one team will configure MDS1 and the other team will configure MDS2. However, the
following procedure requires cooperation and synchronization between the two teams.
Complete the following steps to demonstrate VSAN isolation due to fabric binding database
mismatch.
Step 1 Both teams: Check that all ISLs are shut down.
Step 2 Enable the fabric-binding feature.
PxMDS1(config)# feature fabric-binding
Step 3 Both teams: Add an arbitrary entry to the fabric-binding database and activate.
Verify that the results.
 mds1 add: 20:00:00:00:00:00:00:02
 mds2 add: 10:00:00:00:00:00:00:01
PxMDS1(config)# fabric-binding database vsa 1
PxMDS1(config-fabric-binding)# swwn n0:00:00:00:00:00:00:0n
PxMDS1(config-fabric-binding)# exit
PxMDS1(config)# fabric-binding activate vsa 1
PxMDS1(config)# sh fab dat

--------------------------------------------------
Vsan Logging-in Switch WWN Domain-id
--------------------------------------------------
1 20:00:00:0d:ec:72:7d:00 0x2c(44) [Local]
1 20:00:00:00:00:00:00:02 Any
[Total 2 entries]
PxMDS2(config)# sh fab dat

--------------------------------------------------
--------------------------------------------------
1 20:00:00:0d:ec:72:7d:80 0x2d(45) [Local]
1 10:00:00:00:00:00:00:01 Any
[Total 2 entries]
Note [Local] designates the switch where the command was invoked. Each switch will display the
manual (arbitrary) entry and the local switch WWN. The disparity will result in isolation of
VSAN 1 upon ISL activation.
Step 4 Both teams: Enter the commands to create VSAN 2 and allow to trunk across
interfaces 7, 8, and 9.
Step 5 Both teams: Activate fc1/7 and verify the status of VSAN 2.
fc1/7 1 auto on trunking swl TE 4 --
PxMDS1(config-if)# sh int fc1/7 trun vsa

fc1/7 is trunking
Vsan 1 is down (Isolation due to fabric bind failure)
Vsan 2 is up (None)
Step 6 Display fabric binding violations.
PxMDS1# sh fab vio
--------------------------------------------------------------------
VSAN Switch WWN [domain] Last-Time [Repeat count] Reason
--------------------------------------------------------------------
1 20:00:00:0d:ec:72:7c:40 [*] Feb 17 21:44:30 2010 [1] sWWN not found [Total
1 entries]
PxMDS2# sh fab vio

---------------------------------------------------------------------
VSAN Switch WWN [domain] Last-Time [Repeat count] Reason
---------------------------------------------------------------------
1 20:00:00:0d:ec:72:7d:80 [* Mar 21 15:16:08 2013 [1] sWWN not found
[Total 1 entries]
Step 7 Both teams: Shut down the ISL.
Note In the next step, you will SSH to the switch of your neighbor and record the switch WWN
and domain ID. You will then exit back to your switch and use these values to configure the
fabric-binding database with the correct values.
Step 8 Both teams: SSH to the other MDS 9222i.

PxMDS2# ssh 10.0.x.y
PxMDS1# login: admin
Password: 1234QWer
PxMDS1# sho wwn swi
Switch WWN is 20:00:00:0d:ec:72:7d:00
PxMDS1# sh fcdomain domain vsan 1

VSAN 1
Domain ID WWN
--------- -----------------------
0x2c(44) 20:01:00:0d:ec:72:7d:01 [Local] [Principal)
PxMDS1# exit
Connection closed by foreign host.
PxMDS1 WWN: _________________________________________________

(Ex: 20:00:00:0d:ec:72:7d:00)
PxMDS1 Domain Id: __________________ (Ex: 44)
PxMDS2 WWN: _________________________________________________

(Ex: 20:00:00:0d:ec:72:7d:80)
PxMDS2 Domain Id: _________________ (Ex: 45)
Step 9 Both teams: Enter the fabric-binding database and remove the arbitrary entry, add
the WWN, and domain ID that you just recorded, and activate the database. Verify
the results.
PxMDS2(config)# fab database vsa 1
PxMDS2(config-fabric-binding)# no swwn 10:00:00:00:00:00:00:01
PxMDS2(config-fabric-binding#swwn 20:00:00:0d:ec:72:7d:00 dom 44 (WWN and
domain ID for MDS 1)
PxMDS2(config-fabric-binding)# exit
PxMDS2(config)# fabric-binding activate vsa 1
PxMDS2# sho fab dat
--------------------------------------------------
--------------------------------------------------
1 20:00:00:0d:ec:72:7d:80 0x2d(45) [Local]

1 20:00:00:0d:ec:72:7d:00 0x2c(44
[Total 2 entries]
PxMDS1# sho fab dat

--------------------------------------------------
--------------------------------------------------
1 20:00:00:0d:ec:72:7d:00 0x2c(44) [Local]
1 20:00:00:0d:ec:72:7d:80 0x2d(45)
[Total 2 entries]
Note Both switches should display the same fabric-binding database.
Step 10 Both teams: Re-activate ISL fc1/7 and then verify that VSAN 1 has successfully
merged.
PxMDS1# sho int fc1/7 trun vsa
fc1/7 is trunking
Vsan 1 is up (None)
Vsan 2 is up (None)
Step 11 Both teams: Disable fabric-binding and then remove VSAN 2.

PxMDS1# conf
PxMDS1 (config)# no feature fabric-bind
2010 Feb 17 22:10:34 mds1 %PORT-SECURITY-2-FEATURE_DISABLED: Feature fabric-
binding disabled due to explicit user disable
PxMDS1 (config)# vsan database
PxMDS1 (config-vsan-db)# no vsan 2
Do you want to continue? (y/n) y
Both teams return interface fc1/5-6 to the primary vsans.
PxMDS1(config-vsan-db)#vsan 10 interface fc1/5-6
Task 3: Implement DH-CHAP
In this task, you will use the CLI and Cisco DCNM-SAN Client to implement DH-CHAP
authentication.
Activity Procedure
Step 1 Both teams: Verify that fc1/7 is enabled and is trunking.
fc1/7 is trunking
Vsan 1 is up (None)
. . .
Step 2 Both teams: Enable FCSP with the command feature fcsp.
Step 3 In Cisco DCNM-SAN Client, rediscover the fabric if necessary.
Step 4 In Cisco DCNM-SAN Client, browse to the Physical Attributes pane, open
Switches > Security, and select the feature FC-SP.
Step 5 Close the graphic pane to display the Information area.
Step 6 In the Control tab, confirm that FC-SP is enabled.
Note To verify from the CLI, enter (config)# feature fcsp.

Step 7 In the General/Password tab, type a generic password and then click the Apply
Changes icon (green arrow).
 PxMDS1 GenericPassword: mds1-001
 PxMDS2 GenericPassword: mds2-002
Step 8 Display the results from the CLI.

PxMDS1# show fcsp dhchap database
DHCHAP Local Password:
Non-device specific password:********
Other Devices' Passwords:
PxMDS1# show run | in fcsp

feature fcsp
fcsp dhchap password 7 pzw1-001
PxMDS2# show run | in fcsp

feature fcsp
Step 9 Select the Remote Passwords tab in the Information pane and then click the Create
Row icon.
Step 10 Team 1: Uncheck the box for MDS2, choose MDS2 from the WWN drop-down
menu, and enter password mds2-002.
Step 11 Team 2: Uncheck the box for MDS1, choose MDS1 from the WWN drop-down
menu, and enter password mds1-001.
Step 12 Both teams: Verify the results at the CLI.

PxMDS1# sh fcsp dhchap data

Password for device with WWN:20:00:00:0d:ec:72:7d:80 is ********
PxMDS1# sh run | in fcsp
feature fcsp
fcsp dhchap devicename 20:00:00:0d:ec:72:7d:80 password 7 pzw2-002
PxMDS2# sh fcsp dhchap data


Password for device with WWN:20:00:00:0d:ec:72:7d:00 is ********
PxMDS2# sho run | in fcsp
feature fcsp
fcsp dhchap devicename 20:00:00:0d:ec:72:7d:00 password 7 pzw1-001
Step 13 Both teams: Configure the fcsp mode on for ISL fc1/7. Verify that the link is active.
PxMDS1(config-if)# fcsp on
PxMDS1# show int fc1/7

fc1/7 is trunking
Step 14 Team 2: Perform the same task as the previous step.

Step 15 Both teams: Verify that the link is still active.

Step 16 Both teams: Enable the following settings for ISLs fc1/8-fc1/9 and verify the results.
 Rate mode: dedicated
 Speed: 2Gb no shut
 MDS1 fc1/8: fcsp off
 MDS2 fc1/8: fcsp on
 MDS1 fc1/9: fcsp off
 MDS2 fc1/9: fcsp auto-active
Step 17 MDS2 should display an error condition upon fc1/8 activation.
PxMDS2# 1980 Jan 3 01:12:51 mds2 %FCSP-MGR-2-FCSP_AUTHENT_FAILURE: FC-SP
Authentication failure on Port fc1/8 (FC-SP Failure Reason:
FCSP_AUTHENT_FAILURE)
Step 18 Display the FCSP interface statistics.

PxMDS2# show fcsp interface fc1/7-9 statistic
fc1/7: fcsp authentication mode:SEC_MODE_ON

Status:Successfully authenticated
Authenticated using local password database
Statistics:
FC-SP Authentication Succeeded:2
FC-SP Authentication Failed:0
FC-SP Authentication Bypassed:0
FC-SP ESP SPI Mismatched frames:0
FC-SP ESP Auth failed frames:0
fc1/8: fcsp authentication mode:SEC_MODE_ON

Status:FC-SP authentication failed
Statistics:
fc1/9: fcsp authentication mode:SEC_MODE_AUTO_ACTIVE

Status:FC-SP ignored as FC-SP authentication is not supported by other
end
Statistics:

fc1/8 1 E on notConnected swl -- --

fc1/8 1 E on isolated swl -- --
Step 19 Both teams: Disable FCSP and save your configuration.

PxMDS1(config)# no feature fcsp
PxMDS1(config)# copy run start
Task 4: Create IP Access Lists
In this task, you will create an IP access list that will limit access to the management interface
to Telnet traffic.
Activity Procedure
Complete these steps on your assigned switch:
Step 1 Both teams: Enable the Telnet feature on your respective switch.
Note The Telnet feature is not enabled by default. The SSH feature is enabled by default and is
considered a best practice method to access a device.
PxMDS1(config)# feature telnet
Step 2 Both teams invoke ipconfig on your respective server and record the management
subnet (10.0.*.*) IP address.
Server IP address: ____________________________________

(Ex: 10.0.9.1)
Step 3 On your respective MDS switch, configure an IP ACL named 101 that restricts
access to your mgmt0 interface only from your server. Test your results.
PxMDS1(config)# ip access-list 101 permit tcp 10.0.x.x 0.0.0.0 any eq port
dst_telnet
PxMDS1(config)# interface mgmt0

PxMDS1(config-if)# ip access-group 101 in
Step 4 From your Windows server, ping your switch.

C:\Documents and Settings\Administrator>ping 10.0.7.5
Pinging 10.0.7.5 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Request timed out.
Ping statistics for 10.0.7.5:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Documents and Settings\Administrator>
Note The ping should fail.
Step 5 Verify that you can Telnet to your switch.
Step 6 Exit your Telnet connection.

Step 7 Both teams: Remove the access-group from mgmt0 and delete the access list.
PxMDS1# conf
PxMDS1(config)# interface mgmt0
PxMDS1(config-if)# no ip access-group 101 in
PxMDS1(config-if)# exit
PxMDS1(config)# no ip access-list 101
Step 8 Verify that your Windows server can ping the switch.
C:\Documents and Settings\Administrator>ping 10.0.7.5
Pinging 10.0.7.5 with 32 bytes of data:
Reply from 10.0.7.5: bytes=32 time<1ms TTL=64
Ping statistics for 10.0.7.5:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\Administrator>
Step 9 Disable the Telnet feature on your switch.

PxMDS1(config)# no feature telnet


initials
Example

Lab 7-1: Configure FCIP Tunnels and FCIP High
Availability with Port Channels
Activity Objective
Both teams will create and verify FCIP tunnels between your two MDS switches using all
available tools, including Device Manager, CLI, and Cisco DCNM-SAN Client. After
completing this activity, you will be able to meet these objectives:
 Configure two FCIP profiles on the same Gigabit Ethernet port
 Configure two FCIP profiles on the same Gigabit Ethernet port using the FCIP Tunnel
Wizard in Cisco DCNM-SAN Client
 Configure two port channels in Cisco DCNM-SAN Client
Visual Objective
Required Resources
 Two Cisco MDS 9222i Multiservice Modular Switches either with IPS modules or
integrated Gigabit Ethernet ports
 Two Windows 2003 servers, each with dual Fibre Channel HBAs
Command List
Command Description
write erase Deletes the existing startup-configuration.
show running Displays the current running-configuration.
Copies the current running-configuration to the startup-

copy run start configuration.
Displays a list of all the ports that are logged in to the

show fcns database FCNS.
Displays the status of and statistics for interface fc

show interface fc slot/port slot/port.
Displays the status of and statistics for interface

show interface gig slot/port gigabitethernet slot or port.
feature fcip Enables FCIP on that switch.
Creates a profile for the FCIP connection. The

fcip profile [ value ]
valid range is from 1 to 255.
interface fcip [ value ] Creates an FCIP interface.
channel-group n Assigns the given interface to a port channel.
Displays the status of and statistics for FCIP interface

show interface fcip n interface-number.
show fcip profile Displays the FCIP profile configuration.
show port-channel database Displays the status for all configured port channels.
show run interface Displays interface configurations in the running-config.
[no] boot ssi Configures the ssi boot variable
show fcdom domain Shows a list of domain IDs granted by the principal switch.
show interface port-channel Displays the Port Channel interface.

Task 1: Configure Two FCIP Profiles on the Same Gigabit
Ethernet Port
Each team will configure the first Gigabit Ethernet interface (gigE1/1) on their respective core
switch using Device Manager. From the CLI, each team will configure two FCIP profiles and
tunnels using gigE1/1, each FCIP profile will be configured with a different TCP port.
Activity Procedure
Perform these tasks on both MDS1 and MDS2 switches.
Step 1 Open Device Manager from the Windows desktop and right-click port gigE1/1 and
choose Configure.
Step 2 For Admin, click the up radio button, and then click the IPAddress(es) button and
then click the Create button. Enter the IP address (MDS1 10.1.x.5/24, MDS2
10.1.x.3/24, where x = pod number. Click Create.
Step 3 Leave all other settings to default values, click the Apply button, and then click the
Close button.
Step 4 From the CLI, verify the results. Display the interface status and ping the
neighboring switch.
PxMDS1# show interface br | in Gig
GigabitEthernet1/1 up 10.1.9.5/24 1 Gbps 1500 --
GigabitEthernet1/2 down -- auto 1500 --
PxMDS1# ping 10.1.9.3 (Ctrl-C to terminate)

3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.269/0.283/0.308/0.017 ms
Step 5 If the ping was successful, save your configuration.

Reference Each team will configure the first FCIP profile using gigE1/1 with the default TCP Port 3225.
Perform these tasks concurrently on both switches.
Step 6 Both teams: Enable the FCIP feature and create FCIP Profile 1.
PxMDS1# conf
PxMDS1(config)# feature fcip
PxMDS1(config)# fcip profile 1
PxMDS1(config-profile)# ip add 10.1.X.Y (local gigE1/1 IP address)
Step 7 Configure the FCIP interface (tunnel) and verify that the FCIP link activates.
PxMDS1(config-profile)# interface fcip 1
PxMDS1(config-if)# use-profile 1
PxMDS1(config-if)# peer-info ipaddr 10.1.X.Y (peer gigE1/1 IP address)
(config-if)# no shut
PxMDS1# show int br | in fcip
fcip1 1 auto on trunking TE 1 GigabitEthernet1/1 –
Note Confirm that the FCIP interface status is trunking before proceeding.
Step 8 To confirm a successful fabric merge, verify that both switches appear in the domain
list.
PxMDS1# show fcdomain domain-list
VSAN 1
Domain ID WWN
--------- -----------------------
0x2d(45) 20:01:00:0d:ec:72:7c:41 [Principal]
0x2c(44) 20:01:00:0d:ec:82:61:41 [Local]
Reference Each team will configure the second FCIP profile on gigE1/1 by specifying TCP Port 7000.
Use the same IP address use for the previous profile. Perform these tasks on both switches.
Step 10 Create FCIP Profile 2.

PxMDS1# conf
PxMDS1(config)# fcip profile 2

PxMDS1(config-profile)# port 7000
PxMDS1(config-profile)# ip add 10.1.X.Y
Step 11 Both teams: Configure the FCIP interface (tunnel).

PxMDS1(config-profile)# interface fcip 2
PxMDS1(config-if)# use-profile 2
PxMDS1(config-if)# peer-info ipaddr 10.1.X.Y port 7000
Step 12 Verify that the FCIP link has activated.

Step 13 Verify the FCIP Profile Listening Port.

PxMDS1# show fcip prof 1 | in Port
Listen Port is 3225
PxMDS1# show fcip prof 2 | in Port
Listen Port is 7000
Note The following TCP parameters can be left at their default values for the lab.
SACK: TCP selective acknowledgment (SACK) helps overcome the limitation of multiple lost
packets during a TCP transmission.
KeepAliveTimeout: This parameter enables you to configure the interval for TCP
connections to determine if the FCIP link is functioning. Configuring a KeepAliveTimeout
ensures that an FCIP link failure is detected quickly even when there is no traffic.
MinReTxTimeout: This parameter controls the minimum amount of time TCP waits before
retransmitting.
MaxReTx: This parameter specifies the maximum number of times a packet is retransmitted
before TCP decides to close the connection.
SendBufSize: This parameter defines the required additional buffering that TCP allows
beyond the normal send window size.
MaxBandwidth, MinAvailBandwidth, and Estimated RTT: These values are used to
automatically calculate the TCP maximum window size (MWS) and other TCP flow control
parameters.
PMTU Enable: Path MTU (PMTU) allows the MDS to dynamically adjust the IP MTU that
you configured on the Gigabit Ethernet port to the lowest common denominator supported
by all devices in the IP network. Note that all IP devices must support PMTU for this to work.
ResetTimeout: This parameter specifies the time after which TCP tries the original MTU.
Step 14 Display the FCIP configuration in the running-config.

PxMDS1# show run | in fcip next 3
Feature fcip
fcip profile 1
ip address 10.1.12.5
fcip profile 2
port 7000
--
interface fcip1
no shutdown
use-profile 1
peer-info ipaddr 10.1.12.3
--
interface fcip2
no shutdown
use-profile 2
peer-info ipaddr 10.1.12.3 port 7000

Task 2: Configure Two FCIP Profiles on the Same Gigabit
Ethernet Port Using the FCIP Tunnel Wizard in Cisco DCNM-
SAN Client
Each team will configure the third and fourth FCIP profiles on gigE1/2 using the FCIP Tunnel
Wizard from DCNM-SAN Client. Perform these tasks in sequence, beginning with Team 1
running the Wizard to create FCIP Profile 3. Upon completion, Team 2 will run the Wizard to
configure FCIP Profile 4. The result is that FCIP Profile 4 will be automatically configured for
TCP Port 3226 and FCIP Profile 3 will be configured with the default TCP Port 3225.
Activity Procedure
Step 1 Team 1: Open Cisco DCNM-SAN Client and then verify that there are two FCIP
links displayed in the graphic pane.
Step 2 Launch the FCIP Tunnel Wizard.
Step 3 In the 1 of 5: Select Switch Pair dialog, verify that both switches are displayed and
then click the Next button.
Step 4 In the 2 of 5: Select Ethernet Ports dialog, the gigE1/2 ports should be in a down
state as these were not configured before launching the Wizard. Select gigE1/2 on
both switches and then click the Next button.
Step 5 In the 3 of 5: Specify IP Address/Route dialog, enter the IP address for each gigE1/2
port (MDS1=10.1.x.55/24 or MDS2=10.1.x.33/24) and then click the Next button.

Step 6 In the 4 of 5: Specify Tunnel Properties dialog, accept the default Packet Shaping
parameters and then click the Next button.
Note Packet shaping is described in the Performance Tuning lesson.
Step 7 In the 5 of 5: Create FCIP ISL dialog, click the trunk radio button to specify a TE-
Port. Click the Finish button.
Step 8 Both teams: Verify the results.

PxMDS1# show fcip profile
------------------------------------
ProfileId Ipaddr TcpPort
------------------------------------
1 10.1.12.5 3225
2 10.1.12.5 7000
3 10.1.12.55 3225
fcip1 1 auto on trunking TE 1 GigabitEthernet1/1 --
Note The FCIP Tunnel Wizard created FCIP Profile 3 with the default TCP Port 3225 and created
interface FCIP 3.
Step 9 Verify VSAN 1 is trunking across all FCIP tunnels.

PxMDS1# sh int fcip1-3 trun vsan 1
fcip1 is trunking
Vsan 1 is up (None)
fcip2 is trunking
Vsan 1 is up (None)
fcip3 is trunking
Vsan 1 is up (None)
Step 10 Both teams: Save your configuration.

Step 11 Team 2: Click the Rediscover Current Fabric icon and verify that there are three
FCIP links displayed in the graphic pane.
Step 12 Team 2: Launch the FCIP Tunnel Wizard and repeat the configuration process as
previously described for the fourth tunnel.

Note The second dialog will have IP addresses assigned to the gigE1/2 ports on both switches.
Step 13 Both teams: Upon completion, verify the results.

PxMDS1# show fcip profile
------------------------------------
ProfileId Ipaddr TcpPort
------------------------------------
1 10.1.9.5 3225
2 10.1.9.5 7000
3 10.1.9.55 3225
4 10.1.9.55 3226
Note The FCIP Tunnel Wizard created FCIP Profile 4 with TCP Port 3226 and created interface
FCIP 4.
Step 14 Verify that VSAN 1 is trunking across the FCIP4 tunnel.

PxMDS1# sh int fcip4 trun vsan 1
fcip4 is trunking
Vsan 1 is up (None)
Step 15 Display the FCIP configuration in the running-config.

PxMDS1# show run | in fcip next 3
fcip enable
fcip profile 1
ip address 10.1.9.5
fcip profile 2
port 7000
ip address 10.1.9.5
--
fcip profile 3
fcip profile 4
port 3226
--
interface fcip1
no shutdown
use-profile 1
--
interface fcip2
no shutdown
use-profile 2
--
interface fcip3
no shutdown
use-profile 3
--
interface fcip4
no shutdown
use-profile 4

Task 3: Configure Two Port Channels in Cisco DCNM-SAN
Client
Each team will configure a port channel using the Port Channel Wizard from Cisco DCNM-
SAN Client. Perform these tasks in sequence, beginning with Team 1 running the Wizard to
create Port Channel 1 using fcip1 and fcip3 as member interfaces. Upon completion and
verification, Team 2 will run the Wizard to configure Port Channel 2 using fcip2 and fcip4.
Activity Procedure
Complete the following steps.
Step 1 Both teams: Click the Rediscover Current Fabric icon and verify that there are
four FCIP links displayed in the graphic pane.
Step 2 Team 1: Launch the Port Channel Wizard from the Cisco DCNM-SAN toolbar.
Step 3 In the 1 of 3: Select Switch Pair dialog, verify that both switches appear and the
Create New radio button is clicked and then click the Next button.
Note The dialog should display that the Wizard has detected four ISLs between the switches.
Step 4 In the 2 of 3: Select ISLs dialog, click the directional button to move fcip2 and fcip4
to the Available pane. Leave only fcip1 and fcip3 as selected and then click the
Next button.
Step 5 Verify that the “Dynamically form Port Channel Group” check box is unchecked
before proceeding.
Step 6 In the 3 of 3: Create Port Channel dialog, verify Channel Id 1 for both switches and
the trunk radio button is clicked. Accept the remaining defaults and then click the
Finish button. When prompted that creating the port channel may be disruptive,
click Yes.
Step 7 Verify that the Channel Id value is 1 for each switch before proceeding.
Step 8 Both teams: Click the Rediscover Current Fabric icon.

Step 9 Both teams: Verify the results from the CLI.
PxMDS1# sho port-channel database
port-channel 1
First operational port is fcip1
Ports: fcip1 [up] *
fcip3 [up]
Step 10 Verify that VSAN 1 is trunking across the port channel.

PxMDS1# show inter po 1 trun vsa
Vsan 1 is up (None)

Step 12 Both teams: Verify in the Cisco DCNM-SAN Client graphic pane that two dashed
lines and one bold dashed line are present.
Step 13 Hold your curser over the bold line to display the information callout window.
Step 14 Team 2: Launch the Port Channel Wizard and create Port Channel 2 using fcip2 and
fcip4 as member links. Click the Create New radio button in the first dialog.
Step 15 Confirm that Create New is selected before proceeding.

Step 16 In the 2 of 3: Select ISLs dialog, fcip2 and fcip4 should appear in the Selected pane.
Step 17 In the 3 of 3 dialog, verify that Channel Id 2 is specified and then click the Finish
button. When prompted that creating the port channel may be disruptive, click Yes.
Step 18 Both teams: Display the port channel database.

PxMDS1# sh port-ch da
port-channel 1
Ports: fcip1 [up] *
fcip3 [up]
port-channel 2
Ports: fcip2 [up]
fcip4 [up] *
Step 19 Both teams: Close and re-open Cisco DCNM-SAN Client to update the graphic
pane. Verify that two bold dashed lines appear.


initials
Example
Lab 7-2: Implement IVR for SAN Extension
Activity Objective
In this activity, you will implement IVR with a transit VSAN to increase the reliability of the
FCIP configuration. Both teams will create isolated VSANs and an IVR zone set to connect the
server on the switch to storage on the other switch across the transit VSAN 99. After
completing this activity, you will be able to meet these objectives:
 Configure VSANs to isolate both sides of the WAN link
 Configure IVR
Note When two Fibre Channel switches are connected together over an ISL or FCIP tunnel, the
connection creates a merged fabric within each VSAN. If the link breaks, then this can be
very disruptive. Both fabrics segment and all devices are logged out. Both fabrics perform a
disruptive restart of the FSPF routing table, and both nominate a principal switch within each
fabric. Finally, the devices can log in again.
Note IVR for SAN Extension is used to allow both fabrics to remain isolated within their own
VSAN, so if they are joined by an ISL or port channel, there is no disruption if the link
breaks. Nominated hosts and storage devices within an IVR zone and zone set are allowed
to communicate with each other, even though they are in separate VSANs in different
fabrics.
Visual Objective
Disk1 IVR Zone host1 IVR Zone host2 Disk1

pwwn1 MDS1 fc1/5 vsan 10 MDS1 fc1/5 vsan 20 pwwn1
MDS2 fc1/6 vsan 40 MDS2 fc1/6 vsan 30
Disk2 Disk2
pwwn2 pwwn2
VSAN 20 VSAN 40
1/6 10.1.x.5 10.1.x.3 1/6

G1/1 10.1.x.5 10.1.x.3 G1/1
MDS1 Transit MDS2
10.1.x.55 VSAN 99 10.1.x.33
G1/2 10.1.x.55 10.1.x.33 G1/2

1/5 1/5
VSAN 10 VSAN 30
host1 host2

Required Resources
 Two Windows servers, each with dual Fibre Channel HBAs
 A JBOD with at least two disks
Command List
Command Description
show interface brief Displays a brief port status and configuration.
show running Displays the current running-configuration.
Displays a list of all the ports that are logged in

show fcns database [vsan vsan-id] to the FCNS.
Displays the status of and statistics for

show interface fc slot/port interface fc slot/port.
show vsan [vsan-id] Displays the current VSAN information.
show vsan membership Displays the VSAN port membership.
Displays the domain ID of a VSAN on all

show fcdomain domain-list vsan X switches.
fcdomain domain X static vsan X Sets a static domain ID for a VSAN.
feature ivr Enables the IVR feature.
ivr distribute Enables IVR for CFS distribution.
ivr nat Enables IVR Network Address Translation.
ivr vsan-topology auto Enables the IVR auto-topology feature.
ivr zoneset name name Creates an IVR zone set.
ivr zone name name Creates an IVR zone.
ivr zoneset activate name name force Activates an IVR zone set.
ivr commit Distributes IVR configuration changes.
ivr service-group name string Creates or configures an IVR service group.
Specifies an AFID number and VSAN range

autonomous-fabric-id n vsan-ranges n within a service group.
Configures the given VSAN for the specified

vsan X interop n interop mode.
wwn vsan X vsan-wwn wwn Assigns a switch WWN to a VSAN.
Configures an interface for dedicated rate-

switchport rate-mode dedicated mode.
ivr virtual-fcdomain-add vsan-ranges Specifies a VSAN range for the IVR

n application to create virtual domains.
show autonomous-fabric-id database Displays the current AFID database.
show ivr pending-diff Displays the difference between the IVR

pending configurations and actual.
clear ivr session Clears the IVR lock across a fabric.
show ivr vsan-topology Displays the IVR VSAN topology.
Displays InterVSAN routing zone set show

show ivr zoneset active commands.

Task 1: Configure VSANs
In this task, you will configure VSANs to isolate devices on both sides of the WAN link.
Activity Procedure
Step 1 Team 2: Create VSAN 30 and add host interface fc 1/5.
PxMDS2(config-vsan-db)# vsan 30
PxMDS2(config-vsan-db)# vsan 30 interface fc 1/5
PxMDS2(config-vsan-db)# exit
Step 2 Team 2: Create VSAN 40 and add disk interface fc 1/6.

PxMDS2(config-vsan-db)# vsan 40
PxMDS2(config-vsan-db)# vsan 40 interface fc 1/6
PxMDS2(config-vsan-db)# exit
Step 3 Team 1: Create VSAN 99 on MDS1 and add the fcip interface.
Step 4 Team 2: Create VSAN 99 on MDS2 and add the fcip interface.
Step 5 Both teams: Prune the VSAN allowed list on the fcip interface to allow only VSANs
10, 20, 30, 40, and 99.
Step 6 Enable all node ports.
Step 7 Both teams: Save your configuration.
Complete the following steps on both switches to verify your configuration.
Step 1 Display the VSAN membership.
. . .
vsan 10 interfaces:
fc1/5
vsan 20 interfaces:
fc1/6
vsan 99 interfaces:
fcip2

. . .
vsan 30 interfaces:
fc1/5
vsan 40 interfaces:
fc1/6
vsan 99 interfaces:
fcip2
Step 2 Display the name server database.

VSAN 10:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x650000 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
VSAN 20:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
..
..
PxMDS1#

VSAN 30:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
VSAN 40:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x2a009b NL 21:00:00:00:87:6e:45:3c scsi-fcp:target
0x2a00b3 NL 21:00:00:00:87:6e:ad:38 scsi-fcp:target
..
..
PxMDS2#

Task 2: Configure IVR
In this task, the IVR topology will be configured to use IVR NAT and autotopology. NAT will
be enabled to allow non-unique domain IDs across all VSANs and switches that are involved in
the IVR topology. Using IVR Zone Wizard in Cisco DCNM-SAN Client, both teams will
create an IVR zone set that connects the server on the switch to storage on the other switch
across the transit VSAN 99.
Note IVR NAT is required when unique domain IDs are not configured across all VSANs and
switches participating in IVR operations.
Activity Procedure
In this activity, Team 1 on MDS1 will create an IVR zone set that connects the JBOD in VSAN
20 on the MDS1 switch, with HOST2 in VSAN 30 on the MDS2 switch over transit VSAN 99.
Team 1 on MDS1 will complete the following Steps 1 to 15. Team 2 on MDS2 will wait until
Team 1 has finished, and then proceed with Steps 16 to 30.
Step 1 Team 1: On MDS1 only, open Cisco DCNM-SAN Client.
Step 2 Click the IVR Zone Wizard icon on the toolbar or click Zone > IVR > Wizard to
open the wizard.
Step 3 Click the Yes button to enable IVR NAT mode for your IVR SAN fabric.
Step 4 Team 1: On MDS1 only, in the IVR Zone Wizard stage 1 of 6: Select the Fabric
dialog box, select your fabric, and then click the Next button.
Step 5 In the IVR Zone Wizard stage 2 of 6: Select VSANs dialog, move VSANs 20, 30,
and 99 from the Available pane to the Selected pane. Press and hold the Ctrl key,
and then choose VSANs 20, 30, and 99. Click the right arrow. The selected VSANs
will move to the Selected pane.

Step 6 Click the Next button to continue.
Step 7 In the IVR Zone Wizard stage 3 of 6: Select End Devices dialog box, choose the
initiator device from VSAN 30 and one JBOD disk from VSAN 20 from the table in
the Available pane, and then click the Add button to move them to the Selected
pane.
Step 9 In the IVR Zone Wizard stage 4 of 6: Select IVR NAT Switches dialog box, check
the check box to enable IVR NAT, Cisco Fabric Distribution for IVR, and IVR
topology in auto mode.
Note In this configuration step, IVR will be enabled in all border switches participating in IVR.
Cisco Fabric Services for IVR will be activated in all switches in the fabric. IVR NAT will be
enabled in all border switches, and IVR topology will be enabled in auto mode. Auto mode
automatically distributes the IVR topology to IVR-enabled switches using Cisco Fabric
Services to minimize administrator configuration effort and disruption in case of IVR topology
configuration change.

Step 11 In the IVR Zone Wizard stage 5 of 6: Select Zone dialog box, choose the default
IVR zone and IVR zone set name from the drop-down menu. Click the Next button.
Step 12 In the IVR Zone Wizard stage 6 of 6: Review Actions dialog box, click the Finish
button.
Step 13 In the Save Configuration dialog box, click the Continue Activation button to
confirm IVR zone distribution and save the running configuration.
Step 14 In the IVR Zone Wizard stage 6 of 6: Review Actions dialog box, observe the IVR
creation progress.
Step 15 Wait for the Success notice at the bottom of the screen and then click the Close
button.
Caution Team 2: Do not proceed until Steps 1 to 15 have been completed on the MDS1 switch.
Note In the following steps, Team 2 on MDS2 will modify the existing IVR zone set (IvrZoneSet1)
by adding a second IVR zone (IvrZone2) connecting the JBOD in VSAN 40 on MDS2 with
HOST1 in VSAN 10 on MDS1 over transit VSAN 99. The DCNM-SAN CLIENT IVR Zone
Wizard can be launched from either server that is connected to either switch.
Step 16 Team 2: On MDS2 only, in Cisco DCNM-SAN Client, click the IVR Zone Wizard
icon or click Zone > IVR > Wizard.

Step 17 In the IVR Zone Wizard stage 1 of 6: Select Fabric dialog box, select your fabric,
and then click the Next button.
Step 18 In the IVR Zone Wizard stage 2 of 6: Select VSANs dialog box, add VSANs 10, 40,
and 99 to the Selected pane by clicking right arrow between the panes.
Step 20 In the IVR Zone Wizard stage 3 of 6: Select End Devices dialog box, choose the
initiator device from VSAN 10 and one JBOD disk from VSAN 40.
Caution Try not to choose the same target device as recorded in the previous procedure. Consult
with Team 1 to make sure that you are not using the same disk device.

Step 22 In the IVR Zone Wizard stage 4 of 6: Select IVR NAT Switches dialog box, check
the box to enable IVR NAT, Cisco Fabric Distribution for IVR, and IVR Topology
Discovery in auto mode.
Step 23 In the IVR Zone Wizard stage 5 of 6: Select Zone dialog box, accept the default
zone and zone set names and then click the Next button.
Step 24 In the IVR Zone Wizard stage 6 of 6: Review Actions dialog box, click the Finish
button.
Step 25 Click the Continue Activation button to confirm IVR zone distribution and save the
running configuration.
Step 26 Confirm that the activation was successful by verifying the Success message on the
Review Actions dialog box and then click the Close button.
Note The IVR zone set name (IvrZoneSet1) was created by the MDS1 team in the previous
procedure.

Note Use the show ivr pending-diff command to determine if you have a pending configuration
change or locked IVR Cisco Fabric Services session. Use ivr commit to commit the
pending configuration change or ivr abort to discard the pending changes and free up the
session lock. Use the clear ivr session command to free the session lock.
Complete the following steps to verify your configuration.
Step 1 Both teams: Verify the IVR configuration using the Cisco DCNM-SAN Client.
Step 2 Both teams: Verify the IVR configuration using the show ivr vsan-topology
command. Your display should resemble the following.
PxMDS1# show ivr vsan-topology
AFID SWITCH WWN Active Cfg. VSANS

-----------------------------------------------------------
1 20:00:00:05:9b:7d:06:80 yes no 1,30,40,99
1 20:00:00:05:9b:7d:30:00 * yes no 1,10,20,99
Total: 2 entries in active and configured IVR VSAN-Topology
PxMDS2# show ivr vsan-topology
AFID SWITCH WWN Active Cfg. VSANS

-----------------------------------------------------------
1 20:00:00:05:9b:7d:06:80 * yes no 1,30,40,99
1 20:00:00:05:9b:7d:30:00 yes no 1,10,20,99
Total: 2 entries in active and configured IVR VSAN-Topology
Note The asterisk (*) identifies the local switch in the IVR topology.
Step 3 Both teams: Verify the IVR zone set configuration using the show ivr zoneset
active command. Verify that the virtual presence of targets and initiators from edge
VSANs 20, 30, 40, and 10 logged into the Transit VSAN 99.
PxMDS1# show ivr zoneset active
zoneset name IVR_Zoneset1
zone name IvrZone1
* pwwn 22:00:00:00:87:6e:45:3c vsan 20 autonomous-fabric-id 1
* pwwn 10:00:00:06:2b:08:f9:55 vsan 30 autonomous-fabric-id 1
zone name IvrZone2

* pwwn 21:00:00:00:87:6e:ad:38 vsan 40 autonomous-fabric-id 1
* pwwn 10:00:00:06:2b:08:f2:1d vsan 10 autonomous-fabric-id 1
PxMDS1#
PxMDS2# show ivr zoneset active

zoneset name IVR_Zoneset1
zone name IvrZone1
* pwwn 22:00:00:00:87:6e:45:3c vsan 20 autonomous-fabric-id 1
* pwwn 10:00:00:06:2b:08:f9:55 vsan 30 autonomous-fabric-id 1
zone name IvrZone2

* pwwn 21:00:00:00:87:6e:ad:38 vsan 40 autonomous-fabric-id 1
* pwwn 10:00:00:06:2b:08:f2:1d vsan 10 autonomous-fabric-id 1
PxMDS2#
Note The asterisk (*) next to each end device shows that the device is logged in and online.
VSAN 10:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x650000 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
0x683a82 N 21:00:00:00:87:6e:ad:38 scsi-fcp:target
VSAN 20:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x58f999 N 10:00:00:06:2b:08:f9:55 (LSI) ipfc scsi-fcp:init
VSAN 99:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x71fab0 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
0xb73f5b N 22:00:00:00:87:6e:45:3c scsi-fcp:target
0xe2f9e8 N 10:00:00:06:2b:08:f9:55 (LSI) ipfc scsi-fcp:init
0xec3adb N 21:00:00:00:87:6e:ad:38 scsi-fcp:target

PxMDS1#
Note Notice that the disk in VSAN 40 with an FCID of 0x2a00b3 is represented by a proxy FCID
of 0xec3adb in the transit VSAN 99 and by a proxy FCID 0x683a82 in VSAN 10.

VSAN 30:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x893f16 N 22:00:00:00:87:6e:45:3c scsi-fcp:target
VSAN 40:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x2a009b NL 21:00:00:00:87:6e:45:3c scsi-fcp:target
0x2a00b3 NL 21:00:00:00:87:6e:ad:38 scsi-fcp:target
0x30fa75 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
VSAN 99:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x71fab0 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
0xb73f5b N 22:00:00:00:87:6e:45:3c scsi-fcp:target
0xe2f9e8 N 10:00:00:06:2b:08:f9:55 (LSI) ipfc scsi-fcp:init
0xec3adb N 21:00:00:00:87:6e:ad:38 scsi-fcp:target

PxMDS2#
Step 4 Both teams: Verify IVR NAT translation rewrite table entries on both switches using
the show ivr internal fcid-rewrite-list command.
PxMDS1# show ivr internal fcid-rewrite-list
cur-vsan cur-sid cur-did nh-vsan nh-sid nh-did num_luns qos flag
10 0x650000 0x683a82 99 0x71fab0 0xec3adb 0 0 DONE
99 0xec3adb 0x71fab0 10 0x683a82 0x650000 0 0 DONE
20 0x65009b 0x58f999 99 0xb73f5b 0xe2f9e8 0 0 DONE
99 0xe2f9e8 0xb73f5b 20 0x58f999 0x65009b 0 0 DONE
Number of fcid-rewrite-entries : 4
PxMDS1#
PxMDS2# show ivr internal fcid-rewrite-list

cur-vsan cur-sid cur-did nh-vsan nh-sid nh-did num_luns qos flag
40 0x2a00b3 0x30fa75 99 0xec3adb 0x71fab0 0 0 DONE
99 0x71fab0 0xec3adb 40 0x30fa75 0x2a00b3 0 0 DONE
30 0x660000 0x893f16 99 0xe2f9e8 0xb73f5b 0 0 DONE
99 0xb73f5b 0xe2f9e8 30 0x893f16 0x660000 0 0 DONE
Number of fcid-rewrite-entries : 4
PxMDS2#
Step 5 Both teams: Clear the IVR configuration from your switch.
PxMDS1# config
PxMDS1(config)# no feature IVR


initials
Example

Lab 7-3: Tune FCIP Performance
Activity Objective
In this exercise, you will use SAN Extension Tuner to generate test workloads on the SAN,
observe the resulting performance metrics, and tune TCP parameters to improve performance
based on the observed metrics. After completing this exercise, you will be able to meet these
objectives:
 Configure SAN Extension Tuner
 Generate workloads with the SAN Extension Tuner and document performance
measurements
 Tune TCP parameters for FCIP performance
Visual Objective
10.1.x.5 FCIP 10.1.x.3

G1/1 G1/1
MDS1 MDS2
G1/2 G1/2
Set Set
N-port N-port
Required Resources
These are the resources and equipment required to complete this exercise:
 Two Windows, each with a Fibre Channel HBA
Command List
Command Description
show fcns database Displays the name server entries.
copy log:messages bootflash:file Creates a file on bootflash.
feature san-extension-tuner Enables the SAN extension tuner feature.
show san-ext-tuner nports Displays the SAN Extension Tuner N_ports.
write Enables write acceleration for an FCIP interface.
show san-ext-tuner interface gig

slot/port nport pwwn Displays the counters for the SAN Extension
1:0:0:0:0:0:0:1 vsan vsan-id Tuner Gigabit Ethernet port.
counters
Specifies a data pattern file for the SAN Extension
data-pattern bootflash:file Tuner.
Sets the default policy for the default zone to

zone default-zone permit vsan 1 permit.
show fcip profile Shows fcip profile info all.
show wwn switch Shows switch WWNs.
interface fcip Shows the FCIP interface.

Task 1: Set the Zoning Parameters and Tune Down TCP
Parameters
In this task, each team will set the default-zone parameter to permit, tune down the TCP
parameters, and then create a file to use as the data pattern file for testing.
Note Setting the default-zone parameter to permit is not recommended as a best practice. That
action is performed in this lab to simplify the zoning configuration setup.
Activity Procedure
Complete these steps as indicated:
Step 1 Both teams: Set the default-zone policy to permit for VSAN 1.
PxMDS1# conf
PxMDS1(config)# zone default-zone permit vsan 1
PxMDS1(config)# end
Step 2 Both teams: Use Device Manager to set the packet shaping parameters to the
following.
 tcp max-bandwidth-mbps: 100
 min-available-bandwidth-mbps: 50
 round-trip-time-ms: 20
Step 3 Both teams: Verify that the link is trunking and then display the FCIP profile
settings. Save the configuration.
PxMDS1# show interface brief | in fcip
PxMDS1# show fcip profile 1
FCIP Profile 1
Internet Address is 10.1.7.5 (interface GigabitEthernet1/1)
Tunnels Using this Profile: fcip2
Listen Port is 3225
TCP parameters
SACK is enabled
PMTU discovery is enabled, reset timeout is 3600 sec
Keep alive is 60 sec
Minimum retransmission timeout is 200 ms
Maximum number of re-transmissions is 4
Send buffer size is 0 KB
Maximum allowed bandwidth is 100000 kbps
Minimum available bandwidth is 50000 kbps
Configured round trip time is 20000 usec
Congestion window monitoring enabled, burst size is 50KB
Auto jitter detection is enabled
Step 4 Both teams: Use the system log to create a file named test on bootflash for use as a
data pattern for SAN Extension Tuner and verify the results.
Note If the test file exists on your switch, press y to overwrite.
PxMDS1# copy log:messages bootflash:test

Copy complete, now saving to disk (please wait)...
PxMDS1# dir bootflash:test
19677 Jan 25 00:24:51 2010 test
Note The log file should provide a data pattern large enough for SAN Extension Tuner, which
requires a data file over 2 KB in size.
Step 5 Both teams: Launch Device Manager and open Interface > Monitor for the FCIP
tunnel.
Step 6 Change the Interval to 5s and LastValue/sec and then leave the Monitor window
open.

Task 2: Configure the SAN Extension Tuner
In this task, each team will configure the SAN Extension Tuner using Cisco DCNM-SAN
Client and display the results. These steps must be performed in sequence as designated.
Activity Procedure
Step 1 Team 1: In the Cisco DCNM-SAN Client topology pane, right-click the FCIP tunnel
between MDS1 and MDS2 and then select SAN Extension Tuner to launch the
SAN Extension Tuner Wizard.
Step 2 In the SAN Extension Tuner Wizard stage 1 of 3: Select Ethernet Port Pair dialog,
select the gigE1/2 interface for MDS1 and MDS2 and then click the Next button.
Step 3 Click the No button when asked if you want to create and activate a zone (default-
zone policy is permit).
Step 4 In the 2 of 3: Specify Parameters dialog, accept the parameter defaults and then
check the Use Pattern File check box. Choose test from the drop-down menu and
then click the Next button.
Step 5 In the 3 of 3: Results dialog of the SAN Extension Tuner Wizard, click the Start
button to begin Tuner.

Step 6 The results pane will display the WWNs of the virtual N Ports and the I/O counters.
Step 7 Record the Average Write Response Time: ____________________

Step 8 Display the Cisco DCNM-SAN Client graphic pane.
Step 9 The SAN Extension Tuner N Ports should be visible.

Step 10 Both teams: Display the name server database and your local switch WWN.
PxMDS1# show fcns dat
VSAN 1:
-------------------------------------------------------------
--------------------------------------------------------------
0x2c00c0 N 01:02:00:0d:ec:72:7d:00 scsi-fcp 227
0x2d0060 N 01:02:00:0d:ec:72:7d:80 scsi-fcp 227
PxMDS1# show wwn switch
Switch WWN is 20:00:00:0d:ec:72:7d:00
Note The SAN Extension Tuner N Ports are a variation of the switch WWN.
Step 11 Both teams: Return to the Device Manager FCIP Monitor window and then verify
I/O activity on fcip2.
Step 12 On both switches, enable write-acceleration (for fcip write-acceleration) on the fcip
interface.
Note FCIP write-acceleration is an option available on the Cisco MDS 9222i. Cisco IOA is an
alternative. Cisco IOA is deployed on a different engine than FCIP and will be discussed
later in the lab.
PxMDS1# conf
PxMDS1 config)# int fcip 2
PxMDS1(config-if)# write-accelerator
Caution Do not proceed until the previous step has been performed on both switches.
Step 13 Team 1: In the SAN Extension Tuner dialog, click the Show button to update the
display and compare the Average Write Response from the previous display.
Step 14 Record the following SAN Extension Tuner metrics.
Egress MB/sec Ingress MB/sec Average Read Average Write

Response Time Response Time
Note The Average Write Response Time should decrease slightly as a result of the write-
accelerator feature.

Step 1 Both teams: Display the SAN Extension Tuner configuration in the running-config.
PxMDS1# show run | be tuner
feature san-ext-tuner
. . .
Note The SAN Extension Tuner configuration is not persistent. The report should display only the
feature command.
Step 2 Both teams: Display the SAN Extension Tuner N Ports.

PxMDS1# show san-ext-tuner nports
------------------------------------------------------------------
Interface NODE NAME PORT NAME VSAN
------------------------------------------------------------------
GigabitEth1/2 00:00:00:0d:ec:72:83:c0 01:02:00:0d:ec:72:83:c0 1
Step 3 On both switches, display the FLOGI database.

----------------------------------------------------------------------
----------------------------------------------------------------------
iscsi1/3 1 0x6f0140 01:02:00:0d:ec:72:83:c0 00:00:00:0d:ec:72:83:c0
PxMDS1#.
Step 4 On both switches, display the FCNS database.

VSAN 1:
----------------------------------------------------------------------
----------------------------------------------------------------------
0x6f0140 N 01:02:00:0d:ec:72:83:c0 scsi-fcp 227
0x700202 N 01:02:00:0d:ec:72:7e:00 scsi-fcp 227

PxMDS1#
Step 5 Team 1: Terminate the SAN Extension Tuner. Click the Stop button and then click
the Cancel button.
Step 6 Both teams: Verify that SAN Extension Tuner is no longer running.
PxMDS1# show san-ext-tuner nports
Note The report should display nothing.

Task 3: Deploy Cisco IOA
In this task, you will deploy Cisco IOA.
Activity Procedure
Cisco IOA must be installed on a different engine from FCIP. The Cisco MDS 9222i switch is
used in this lab, so you first need to remove the FCIP configuration currently being used. Both
teams will remove FCIP and enable an ISL between MDS1 and MDS2.
Step 1 Both teams: Clear the current startup configuration.
PxMDS1# config
PxMDS1 (config)# no boot ssi
PxMDS1 (config)# exit
PxMDS1# no feature fcip

The following message is displayed:
Note For Cisco DCNM-SAN Client to provision IOA, SSH must be enabled on the switches. SSH
is on by default. If you have disabled SSH on MDS1 and MDS2, enable SSH.
PxMDS1# conf
PxMDS1(config)# feature ssh
Step 2 Both teams: At the CLI, enable the IOA cluster and IOA features.
PxMDS1(config)# feature cluster
PxMDS1(config)# feature ioa
Step 3 Team 1: On MDS1, classify MDS1 into MySite1.

PxMDS1(config)# ioa site-local MySite1
Step 4 Team 2: On MDS2, classify MDS2 in to MySite2.

PxMDS2(config)# ioa site-local MySite2
Step 5 Both teams: Enable the IOA interface.

PxMDS1(config)# interface ioa 1/1
PxMDS2(config)# interface ioa 1/1
Note The default engine on the Cisco MDS 9222i switch is in slot 1.
Step 6 Team 1: On MDS1 only, create the IOA cluster and add MDS2.
PxMDS1(config-if)# ioa cluster MyCluster
2011 Dec 1 16:58:00 PxMDS1 %CLUSTER-2-CLUSTER_LEADER_ANNOUNCE: Node 0x1 is
the new Master of cluster 0x210f00059b7d3002 of 1 nodes
2011 Dec 1 16:58:00 PxMDS1 %CLUSTER-2-CLUSTER_QUORUM_GAIN: Cluster
0x210f00059b7d3002 now has quorum with 1 nodes
PxMDS1(config-ioa-cl)# node local

PxMDS1(config-ioa-cl-node)# node 10.0.7.5
2011 Dec 1 16:58:24 PxMDS1 last message repeated 1 time
2011 Dec 1 16:58:24 PxMDS1 %CLUSTER-2-CLUSTER_QUORUM_GAIN: Cluster
0x210f00059b7d3002 now has quorum with 2 nodes
PxMDS1(config-ioa-cl-node)#
Step 7 Both teams: At the CLI, confirm the node cluster configuration.
PxMDS1(config-ioa-cl-node)# show ioa cluster MyCluster node summary
---------------------------------------------------------------------
Switch Site Status Master Node ID
---------------------------------------------------------------------
10.0.7.5(L) MySite1 online yes 1
10.0.7.3 MySite2 online no 2
PxMDS2(config-if)# show ioa cluster MyCluster node summary

---------------------------------------------------------------------
Switch Site Status Master Node ID
---------------------------------------------------------------------
10.0.7.5 MySite1 online yes 1
10.0.7.3(L) MySite2 online no 2
PxMDS2(config-if)#
Step 8 Team 1: On MDS1, add the IOA interfaces to the cluster for MDS1 and MDS2.
PxMDS1(config-ioa-cl-node)# node local
PxMDS1(config-ioa-cl-node)# interface ioa 1/1
PxMDS1(config-ioa-cl-node)# node 10.0.7.3
PxMDS1(config-ioa-cl-node)# interface ioa 1/1
Step 9 Both teams: Verify that the IOA interface has been added to the cluster.
PxMDS1(config-ioa-cl-node)# show interface ioa 1/1
ioa1/1 is up
Member of cluster MyCluster
0 device packets in, 0 device packets out
0 device bytes in, 0 device bytes out
0 peer packets in, 0 peer packets out
0 peer bytes in, 0 peer bytes out
0 i-t create request, 0 i-t create destroy

0 i-t activate request, 0 i-t deactivate request
PxMDS2(config-if)# show interface ioa 1/1

ioa1/1 is up
Member of cluster MyCluster
0 device packets in, 0 device packets out
0 device bytes in, 0 device bytes out
0 peer packets in, 0 peer packets out
0 peer bytes in, 0 peer bytes out
0 i-t create request, 0 i-t create destroy

0 i-t activate request, 0 i-t deactivate request
PxMDS2(config-if)#
Step 10 Both teams: Verify the cluster interface summary information.

PxMDS1(config-if)# show ioa cluster MyCluster interface summary
--------------------------------------------------------------
Switch Interface Status Flows
10.0.7.5(L) ioa1/1 up 0
10.0.7.3 ioa1/1 up 0
PxMDS2(config-if)# show ioa cluster MyCluster interface summary

--------------------------------------------------------------
--------------------------------------------------------------
10.0.7.5 ioa1/1 up 0
10.0.7.3(L) ioa1/1 up 0

PxMDS2(config-if)#
Step 11 Both teams: Check the interface membership.

PxMDS1(config-if)# show ioa cluster MyCluster interface
Interface ioa1/1 belongs to 10.0.7.3(L)(M) Status is up
Interface ioa1/1 belongs to 10.0.7.5 Status is up
PxMDS2(config-if)# show ioa cluster MyCluster interface

Interface ioa1/1 belongs to 10.0.7.3(M) Status is up
Interface ioa1/1 belongs to 10.0.7.5(L) Status is up
PxMDS2(config-if)#
Step 12 Team 1: On MDS1, enable the host interface on fc1/5.

PxMDS1(config-ioa-cl-node)# interface fc 1/5
Step 13 Team 2: On MDS2, enable the JBOD disk interface on fc1/6.

PxMDS2# conf
Step 14 Team 1: On MDS1, display the FCNS database.

PxMDS1(config-zone)# show fcns database
VSAN 1:
--------------------------------------------------------------
--------------------------------------------------------------
0x6f0000 N 10:00:00:06:2b:08:f2:1d (LSI) ipfc scsi-fcp:init
..
PxMDS1(config-zone)#
Step 15 Team 1: On MDS1, create a zone and zone set for the host on MDS1 and the disk on
MDS2 using the results received in the step above.
Tip Copy and paste the pWWN from the CLI output to avoid typing errors.
PxMDS1(config-if)# zone name Zone1 vsan 1

PxMDS1(config-zone)# member pwwn <pwwn of host on MDS1>
PxMDS1(config-zone)# member pwwn <pwwn of disk on MDS2>
PxMDS1(config-zone)# zoneset name Zoneset1 vsan 1
PxMDS1(config-zoneset)# member Zone1
PxMDS1(config-zoneset)# exit
PxMDS1(config)# zoneset activate name Zoneset1 vsan 1
Step 16 Both teams: Verify activation of the zone set.

PxMDS1(config)# show zoneset active
* fcid 0x6f0000 [pwwn 10:00:00:06:2b:08:f2:1d]
* fcid 0x70009b [pwwn 21:00:00:00:87:6e:45:3c]
PxMDS1(config)#
Note The asterisk (*) next to each zone member shows that the device is connected and online.
Step 17 Team 1: On MDS1, configure the site and VSAN ID of the N Ports that will be a
part of accelerated flows.
PxMDS1# conf
PxMDS1(config)# ioa cluster MyCluster
PxMDS1(config-ioa-cl)# nport pwwn <pwwn of host on MDS1> site MySite1 vsan 1
PxMDS1(config-ioa-cl)# nport pwwn <pwwn of disk on MDS1> site MySite2 vsan 1
PxMDS1(config-ioa-cl)# end
Step 18 Both teams: Verify that the N Ports have been added to the cluster.
PxMDS1# show ioa cluster MyCluster nports
-------------------------------------------------------------
P-WWN Site Vsan
-------------------------------------------------------------
10:00:00:06:2b:08:f2:1d MySite1 1
21:00:00:00:87:6e:45:3c MySite2 1
PxMDS1# 1
Step 19 Team 1: On MDS1, before configuring IOA flows, the flow group must be created
first. Configure the flow group and flow for write acceleration as follows.
PxMDS1# conf
PxMDS1(config)# ioa cluster MyCluster
PxMDS1(config-ioa-cl)# flowgroup MyFlow
PxMDS1(config-ioa-cl-flgrp)# host <pwwn of host on MDS1> target <pwwn of disk
on MDS2>
PxMDS1(config-ioa-cl-flgrp)# end
Step 1 Both teams: Verify the cluster interface summary information.
PxMDS1# show ioa cluster MyCluster interface summary
--------------------------------------------------------------
--------------------------------------------------------------
10.0.7.5(L) ioa1/1 up 1
10.0.7.3 ioa1/1 up 1
PxMDS1#
PxMDS1# show ioa cluster MyCluster interface ioa 1/1
Interface ioa1/1 belongs to 10.0.7.3(L)(M)
Status is up
PxMDS1#
PxMDS2# show ioa cluster MyCluster interface ioa 1/1
Interface ioa1/1 belongs to 10.0.7.5(L)
Status is up
PxMDS2#
Step 2 Both teams: Verify the activation of the zone set.

* fcid 0x6f0000 [pwwn 10:00:00:06:2b:08:f2:1d]
* fcid 0x70009b [pwwn 21:00:00:00:87:6e:45:3c]
PxMDS1#
Step 3 Both teams: Verify the configured flow information.

PxMDS1# show ioa cluster MyCluster flows
------------------------------------------------------------------
Host WWN, VSAN WA TA Comp Status Switch,Interface
Target WWN Pair
------------------------------------------------------------------

10:00:00:06:2b:08:f2:1d, 1 Y N N online 10.0.7.5, ioa1/1
21:00:00:00:87:6e:45:3c 1 10.0.7.3, ioa1/1
PxMDS1#
0, Status active, no reservation


initials
Example
Answer Key:
Lab 3-1: Configure Interfaces
Upon completion, your switch running-configuration file will be similar to the following.
PxMDS1# show run
…
interface fc1/7
interface fc1/8
interface fc1/9
…
…
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
..
…
interface fc1/5
switchport mode Fx
interface fc1/6
switchport mode Fx
interface fc1/10
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8
no shutdown
interface fc1/9
no shutdown
interface fc1/10
no shutdown

Lab 3-2: Configure Port Channels
P7MDS1# show run

!Time: Tue Nov 12 18:47:44 2013
version 6.2(1)

username admin password 5 $1$JOvvDz1A$m2fc.VspxAlaH99qLC8iB/ role network-
admin
no password strength-check
ip domain-lookup
0xcdd47fe6a98eb18b942fd96481190e24
priv 0xcdd47fe6a98eb18b942fd96481190e24 localizedkey
snmp-server host 10.0.7.1 traps version 2c public udp-port 1163
vsan database
vsan 10
vsan 20
vsan 80
vsan 701
vsan 1 wwn 10:00:00:00:c9:74:4e:04 fcid 0xef0040 dynamic
vsan 1 wwn 20:06:00:0d:ec:72:7d:c0 fcid 0xef0100 area dynamic
vsan 1 wwn 20:05:00:05:73:af:91:40 fcid 0xef0000 dynamic
vsan 1 wwn 10:00:00:00:c9:74:4c:62 fcid 0xef0001 dynamic
vsan 1 wwn 10:00:00:0d:ec:72:7d:c1 fcid 0xef0060 dynamic
switchport mode E
switchport mode E
vsan database
vsan 701 interface port-channel 7
switchname P7MDS1
line console
line vty
interface fc1/5
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
switchport mode E
interface fc1/2
switchport mode E
interface fc1/1
switchport description FC Port Channel to MDS9710-A
channel-group 7 force
no shutdown
interface fc1/2
switchport description FC Port Channel to MDS9710-A
no shutdown
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8

no shutdown
interface fc1/9
no shutdown
interface fc1/10
no shutdown
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
Lab 3-3: Configure Cisco NPV and NPIV
P7MDS1# show run

!Time: Tue Nov 12 13:38:03 2013
version 6.2(1)
feature npiv

admin
ip domain-lookup
0xcdd47fe6a98eb18b942fd96481190e24

switchname P7MDS1
line console
line vty
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/10
switchport mode F
interface fc1/11
interface fc1/12

interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8
no shutdown
interface fc1/9
no shutdown
interface fc1/10
no shutdown
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
#*****************************************************************************
P7MDS4# show run

!Time: Tue Nov 12 13:38:22 2013
version 5.2(6)
username admin password 5 $1$wpO6QSJ5$hH6DVOqUcVhLP4Sd/FCiL0 role network-
admin
ip domain-lookup
0x062591a7884378ad0424c36f656a19c6
priv 0x062591a7884378ad0424c36f656a19c6 localizedkey
cfs ipv4 distribute
switchname P7MDS4
line console
line vty
feature npv
interface fc1/5
interface fc1/1
switchport mode F
interface fc1/2
switchport mode F
interface fc1/3
switchport mode F
interface fc1/4
switchport mode F
interface fc1/6
switchport mode F
interface fc1/7
switchport mode F
interface fc1/8
switchport mode F
interface fc1/9
switchport mode NP
interface fc1/10
switchport mode F
interface fc1/11
switchport mode F
interface fc1/12
switchport mode F
interface fc1/13
switchport mode NP
interface fc1/14
switchport mode F

interface fc1/15
switchport mode F
interface fc1/16
switchport mode F
interface fc1/17
switchport mode NP
interface fc1/18
switchport mode F
interface fc1/19
switchport mode F
interface fc1/20
switchport mode F
interface fc1/21
switchport mode NP
interface fc1/22
switchport mode F
interface fc1/23
switchport mode F
interface fc1/24
switchport mode F
interface fc1/5
switchport mode NP
interface fc1/1
port-license acquire
no shutdown
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
switchport trunk mode on
no shutdown
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface mgmt0
ip address 10.0.7.14 255.255.255.0
P7MDS4#

Lab 3-4: Configure VSANs, Domain Management, and
Persistent FCIDs
When you complete this activity, your switch running-configuration file will be similar to the
following, with differences that are specific to your device or workgroup.
P7MDS1# show run

!Time: Tue Nov 12 21:11:19 2013
version 6.2(1)
feature npiv
feature fport-channel-trunk

admin
ip domain-lookup
0xcdd47fe6a98eb18b942fd96481190e24
vsan database
vsan 10
vsan 20
vsan 999 name "test-999"
vsan 10 wwn 10:00:00:00:c9:74:4c:62 fcid 0x0b0000 dynamic
vsan 10 wwn 10:00:00:00:c9:74:4e:04 fcid 0x0b0099
vsan database
vsan 10 interface fc1/5
switchname P7MDS1
line console
line vty
interface fc1/5
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
switchport trunk mode off
interface fc1/6
interface fc1/7
no shutdown
interface fc1/8
no shutdown
interface fc1/9
no shutdown
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16

interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
Lab 3-5: Configure Device Aliases
Below is a sample running-config upon completion of this lab.
PxMDS1# show run

!Time: Fri Oct 11 10:11:46 2013
version 6.2(1)
feature npiv
username admin password 5 $1$XaOHjqr/$eQP0hUaGAP5fGzJdD5BRo1 role network-
admin
username student password 5 $1$4DvWpa/2$P9wqHO4loJheU9Ci65Ak2/ role network-
operator
ip domain-lookup
0xcdd47fe6a98eb18b942fd96481190e24
snmp-server user student network-operator auth md5
0xcdd47fe6a98eb18b942fd964811
90e24 priv 0xcdd47fe6a98eb18b942fd96481190e24 localizedkey
vsan database
vsan 10 name "PrimaryVSAN10"
vsan 20
vsan 80
vsan 701
do install ssi bootflash:/m9000-ek9-ssi-mz.6.2.1.bin module 1 l2-upgrade
device-alias mode enhanced
device-alias database
device-alias name pod7disk1-p1 pwwn 21:00:00:11:c6:66:3d:20
device-alias name pod7disk2-p1 pwwn 21:00:00:11:c6:66:4f:34
device-alias name pod7disk4-p1 pwwn 21:00:00:11:c6:66:3d:1f
device-alias name pod7host1-p1 pwwn 10:00:00:00:c9:74:4e:04
device-alias name pod7host2-p1 pwwn 10:00:00:00:c9:74:4c:62
device-alias name pod7host3-p1 pwwn 21:00:00:e0:8b:87:d1:fb
device-alias name pod7host3-p2 pwwn 21:01:00:e0:8b:a7:d1:fb
device-alias name pod8disk1-p1 pwwn 21:00:00:11:c6:52:55:58
device-alias name pod8disk2-p1 pwwn 21:00:00:11:c6:52:57:7b

device-alias name pod8disk4-p1 pwwn 21:00:00:11:c6:52:59:f6
device-alias name pod8host1-p1 pwwn 10:00:00:00:c9:73:46:da
device-alias name pod8host1-p2 pwwn 10:00:00:00:c9:73:46:db
device-alias name pod8host2-p1 pwwn 10:00:00:00:c9:73:45:32
device-alias name pod8host3-p1 pwwn 21:00:00:e0:8b:87:98:fa
device-alias name pod8host3-p2 pwwn 21:01:00:e0:8b:a7:98:fa
device-alias commit

! [pod7host1-p1]
! [pod7host2-p1]
vsan 10 wwn 10:00:00:00:c9:74:4e:04 fcid 0x0b0000 dynamic
! [pod7host1-p1]
vsan 10 wwn 20:06:00:0d:ec:72:7d:c0 fcid 0x0b0100 area dynamic
! [pod7host2-p1]
vsan 20 wwn 20:06:00:0d:ec:72:7d:c0 fcid 0x150000 area dynamic
vsan 20 wwn 10:00:00:00:c9:74:4e:04 fcid 0x150100 dynamic
! [pod7host1-p1]
interface vsan1
no shutdown
ip address 10.10.1.1 255.255.255.0
channel mode active
switchport mode E
switchport description To P7MDS2
channel mode active
switchport mode E
vsan database
ip routing
switchname PxMDS1
line console
line vty
boot ssi bootflash:/m9000-ek9-ssi-mz.6.2.1.bin module 1
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/10
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
switchport mode E
interface fc1/2
switchport mode E
interface fc1/10
switchport mode E
interface fc1/1
switchport description FC Port Channel to core-MDS9710-A fc1/1-2
no shutdown
interface fc1/2
no shutdown
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
fspf cost 100 vsan 20
no shutdown
interface fc1/8
no shutdown
interface fc1/9
no shutdown
interface fc1/10
no shutdown

interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
ip route 10.10.2.0 255.255.255.0 10.0.7.3
************************************************************************
PxMDS4# show run

!Time: Fri Oct 11 10:12:01 2013
version 5.2(6)
username admin password 5 $1$YbqprCCH$53JiirAnMBH5ROmDx2NQ// role network-
admin
ip domain-lookup
ip host PxMDS4 10.0.7.14
0x062591a7884378ad0424c36f656a19c6
vsan database
vsan 10
cfs ipv4 distribute
device-alias commit
vsan 1 wwn 10:00:00:00:c9:74:4c:62 fcid 0x710000 dynamic
vsan database
switchname PxMDS4
line console
line vty
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
switchport mode E
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface fc1/1
no shutdown

interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface mgmt0
ip address 10.0.7.14 255.255.255.0
PxMDS4#
Lab 3-6: Configure Zoning
When you complete this activity (and before clearing the zoning), your switch running-
configuration file will be similar to the following, with differences that are specific to your
device or workgroup.
PxMDS1(config)# show run

!Time: Fri Oct 11 14:27:49 2013
version 6.2(1)
feature npiv
admin
username student password 5 $1$4DvWpa/2$P9wqHO4loJheU9Ci65Ak2/ role network-
ope
rator
ip domain-lookup
0xcdd47fe6a98eb18b942fd96481190e24
snmp-server user student network-operator auth md5
0xcdd47fe6a98eb18b942fd964811
90e24 priv 0xcdd47fe6a98eb18b942fd96481190e24 localizedkey
vsan database
vsan 10
vsan 20
vsan 80
vsan 701

device-alias commit

! [pod7host1-p1]
! [pod7host2-p1]
! [pod7host1-p1]
! [pod7host2-p1]
! [pod7host1-p1]
channel mode active
switchport mode E
channel mode active
switchport mode E
vsan database
ip routing
switchname PxMDS1
line console
line vty
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/10
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
switchport mode E
interface fc1/2
switchport mode E
interface fc1/10
switchport mode E
!Active Zone Database Section for vsan 10
member device-alias pod7host1-p1 init
member device-alias pod7disk1-p1 target

member pwwn 10:00:00:00:c9:74:4c:62 init
! [pod7host2-p1]
member pwwn 21:00:00:11:c6:66:3d:37 target
! [pod7disk3-p1]

member host1zone
member host2zone

do clear zone database vsan 10
member device-alias pod7host1-p1
member device-alias pod7disk1-p1

member pwwn 10:00:00:00:c9:74:4c:62
! [pod7host2-p1]
member pwwn 21:00:00:11:c6:66:3d:37
! [pod7disk3-p1]

member host1zone
member host2zone

member pwwn 10:00:00:00:c9:74:4e:04 init
! [pod7host1-p1]
! [pod7disk3-p2]

member pwwn 10:00:00:00:c9:74:4e:04
! [pod7host1-p1]
member pwwn 22:00:00:11:c6:66:3d:37
! [pod7disk3-p2]
interface fc1/1
no shutdown
interface fc1/2
no shutdown
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
no shutdown
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
ip route 10.10.2.0 255.255.255.0 10.0.7.3
PxMDS1(config)#
PxMDS4# show run

!Time: Fri Oct 11 14:36:28 2013
version 5.2(6)
feature telnet
username admin password 5 $1$YbqprCCH$53JiirAnMBH5ROmDx2NQ// role network-
admin
ip domain-lookup
0x062591a7884378ad0424c36f656a19c6
vsan database
vsan 10
cfs ipv4 distribute

device-alias commit

! [pod7host2-p1]
! [pod7host2-p1]
vsan database
switchname PxMDS4
line console
line vty
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
switchport mode E
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
member device-alias pod7host1-p1 init
member device-alias pod7disk1-p1 target

member pwwn 10:00:00:00:c9:74:4c:62 init
! [pod7host2-p1]
! [pod7disk3-p1]

member host1zone
member host2zone

interface fc1/1
no shutdown
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface mgmt0
ip address 10.0.7.14 255.255.255.0
PxMDS4

Lab 4-1: Implement Cisco DMM
The switch running-configuration file will be similar to the following output:
PxMDS1# show run

!Time: Mon Oct 7 17:45:18 2013
version 6.2(1)
feature npiv
admin
ip domain-lookup
ip host MDS1 10.0.7.5
0xcdd47fe6a98eb18b942fd96481190e24
vsan database
vsan 20
vsan 80
vsan 701
device-alias name disk1-p1 pwwn 21:00:00:11:c6:66:3d:20
device-alias name disk2-p1 pwwn 21:00:00:11:c6:66:4f:34
device-alias name disk4-p1 pwwn 21:00:00:11:c6:66:3d:1f
device-alias name host1-p1 pwwn 10:00:00:00:c9:74:4e:04
device-alias name host2-p1 pwwn 10:00:00:00:c9:74:4c:62
device-alias name host3-p1 pwwn 21:00:00:e0:8b:87:d1:fb
device-alias name host3-p2 pwwn 21:01:00:e0:8b:a7:d1:fb
device-alias commit

! [host1-p1]
! [host2-p1]
! [host1-p1]
! [host2-p1]
! [host1-p1]
interface vsan1
no shutdown
ip address 10.10.1.1 255.255.255.0
channel mode active
switchport mode E
channel mode active
switchport mode F
switchport mode E
vsan database
switchname MDS1
line console
line vty
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/10
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15

interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
switchport mode E
interface fc1/2
switchport mode E
interface fc1/10
switchport mode F
member pwwn 10:00:00:00:c9:74:4e:04
! [host1-p1]
member pwwn 22:00:00:11:c6:66:3d:37
! [disk3-p2]

member Zone1
zoneset activate name DMMZoneset1 vsan 20

member pwwn 10:00:00:00:c9:74:4e:04
! [host1-p1]
member pwwn 22:00:00:11:c6:66:3d:37
! [disk3-p2]

member Zone1
interface fc1/1
no shutdown
interface fc1/2
no shutdown
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8
no shutdown
interface fc1/9
no shutdown
interface fc1/10
no shutdown
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
ip route 10.10.2.0 255.255.255.0 10.0.7.3
************************************************************
PxMDS2# show run

!Time: Mon Oct 7 17:46:19 2013
version 6.2(1)
feature npiv
username admin password 5 $1$oRN.45fs$01TV4nNAy6xUHyplyp0lf. role network-
admin
ip domain-lookup
ip host MDS2 10.0.7.3
0x03b229e43ff9c981c9b7ccae37fff665
priv 0x03b229e43ff9c981c9b7ccae37fff665 localizedkey

vsan database
vsan 10
vsan 80
vsan 702
device-alias name host3-p1 pwwn 21:00:00:e0:8b:87:d1:fb
device-alias name host3-p2 pwwn 21:01:00:e0:8b:a7:d1:fb
device-alias commit

! [host2-p2]
vsan 1 wwn 20:06:00:0d:ec:72:7a:00 fcid 0x2b0100 area dynamic
vsan 1 wwn 20:05:00:05:73:ae:dd:00 fcid 0x2b0000 dynamic
! [host1-p2]
vsan 1 wwn 24:02:00:05:73:ae:dd:00 fcid 0x2b0020 dynamic
! [host2-p2]
vsan 20 wwn 20:06:00:0d:ec:72:7a:00 fcid 0x160100 area dynamic
! [host1-p2]
interface vsan1
no shutdown
ip address 10.10.2.2 255.255.255.0
channel mode active
switchport mode E
switchport description To MDS1
channel mode active
switchport mode F
switchport mode E
vsan database
switchname MDS2
line console
line vty
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/1
interface fc1/2
interface fc1/10
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/8
switchport mode E
interface fc1/9
switchport mode E
interface fc1/1
switchport mode E
interface fc1/2
switchport mode E
interface fc1/10
switchport mode F
member pwwn 10:00:00:00:c9:74:4e:04
! [host1-p1]
member pwwn 22:00:00:11:c6:66:3d:37
! [disk3-p2]

member Zone1
zoneset activate name DMMZoneset1 vsan 20

zone name DMM_Zone_DMM_Lab1 vsan 20

member pwwn 21:b8:00:0d:ec:72:7d:82
member pwwn 22:00:00:11:c6:52:59:8c
! [disk3-p2]
member pwwn 21:00:00:11:c6:52:5b:87
! [disk4-p1]

member Zone1
member DMM_Zone_DMM_Lab1
interface fc1/1
switchport description FC Port Channel to core-MDS9710-B fc1/1-2
no shutdown
interface fc1/2
switchport description FC Port Channel to core-MDS9710-B fc1/1-2
no shutdown
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8
no shutdown
interface fc1/9
no shutdown
interface fc1/10
no shutdown
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.3 255.255.255.0
ip route 10.10.1.0 255.255.255.0 10.0.7.5
MDS2#

Lab 6-1: Configure RBAC and AAA Services
When you complete this activity (and before clearing RBAC and AAA services configuration),
your switch running-configuration file will be similar to the following, with differences that are
specific to your device or workgroup.
PxMDS1# show run
version 6.2(1)
role distribute
role name ccie-role
rule 3 permit show feature interface
rule 2 permit show feature fcns
rule 1 permit config feature zoneset
role name team1role
rule 4 permit exec
rule 3 permit show
rule 2 permit debug
rule 1 permit config
vsan policy deny
permit vsan 10-10
role name team2role
rule 4 permit exec
rule 3 permit show
rule 2 permit debug
rule 1 permit config
vsan policy deny
permit vsan 20-20
role commit
username admin password 5 $1$PB/loRsd$h7RPzs1L168dpAZAHxIZo1 role network-
admin
username labuser password 5 $1$6jhF3NP1$D34XWE8A/cm3xRfU56gU50 role ccie-role
username user1 password 5 $1$de0VNMj0$xdcndBOLg/dxz0s6IuAiQ0 role team1role
username user2 password 5 $1$KGcu3VFp$Ko9gzoU4swGjk9PQACSUu0 role team2role
username testuser1 password 5 $1$ClJPRPNf$f2xGXIk6DVS2jKBoyA0A11 role ccie-
role
username bogus password 5 $1$ClJPRPNf$f2xGXIk6DVS2jKBoyA0A11
ip domain-lookup
ip host mds1 10.0.7.5
radius-server deadtime 30
radius-server host 10.0.0.198 key 7 "pzw9000Qse" authentication accounting
radius-server host 10.0.0.198 test username bogus idle-time 20
snmp-server user user1 team1role auth md5 0xa8faca6cd6e7c84926dfd49c6043288f
snmp-server user user2 team2role auth md5 0xa8faca6cd6e7c84926dfd49c6043288f
snmp-server user labuser ccie-role auth md5 0xa8faca6cd6e7c84926dfd49c6043288f
snmp-server user testuser1 ccie-role auth md5
aaa authentication login default group radius
aaa authentication login console local
vsan database
vsan 10
vsan 20
vsan 1 wwn 10:00:00:00:c9:74:4c:10 fcid 0x2c0001 dynamic
vsan 1 wwn 10:00:00:00:c9:73:46:b6 fcid 0x2c0040 dynamic
vsan 1 wwn 20:06:00:0d:ec:72:7d:00 fcid 0x2c0100 area dynamic
vsan 1 wwn 10:00:00:0d:ec:72:7d:01 fcid 0x2c0080 dynamic
vsan 20 wwn 10:00:00:00:c9:73:46:b6 fcid 0x5f0000 dynamic
vsan 10 wwn 20:06:00:0d:ec:72:7d:00 fcid 0x0b0000 area dynamic
vsan database
vsan 20
vsan 10 interface fc1/5-6
switchname PxMDS1
line console
line vty
interface fc1/7
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
PxMDS1#

Lab 6-2: Implement Fabric and Port Security
When you complete this activity (and before disabling the security features), your switch
running-configuration file will be similar to the following, with differences that are specific to
your device or workgroup.
feature fabric-binding
fabric-binding database vsan 1
swwn 20:00:00:0d:ec:82:61:40 domain 44
swwn 20:00:00:0d:ec:72:7c:40 domain 45
fabric-binding activate vsan 1 force
feature fcsp
fcsp dhchap devicename 20:00:00:0d:ec:72:7d:80 password 7 "pzw2-002"
feature port-security
port-security database vsan 1
pwwn 10:00:00:00:c9:79:52:32 interface fc1/5
pwwn 21:00:00:11:c6:52:51:5e interface fc1/6
pwwn 21:00:00:11:c6:52:51:5e interface fc1/6
pwwn 21:00:00:11:c6:52:5b:9b interface fc1/6
pwwn 21:00:00:11:c6:52:54:2b interface fc1/6
port-security activate vsan 1 force
no port-security auto-learn vsan 1
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
no shutdown
fcsp on
interface fc1/8
no shutdown
fcsp on
interface fc1/9
no shutdown
fcsp on
Lab 7-1: Configure FCIP Tunnels and FCIP High Availability
with Port Channels
PxMDS1# show running-config
feature fcip
fcip profile 1
ip address 10.1.9.5
fcip profile 2
port 7000
ip address 10.1.9.5
fcip profile 3
fcip profile 4
port 3226
switchport mode E
channel mode active
switchport mode E
channel mode active
interface fcip1
switchport mode E
use-profile 1
no shutdown
interface fcip2
switchport mode E
use-profile 2
no shutdown
interface fcip3
switchport mode E
use-profile 3
no shutdown
interface fcip4
switchport mode E
use-profile 4
no shutdown
ip address 10.1.9.5 255.255.255.0
no shutdown
ip address 10.1.9.5 255 255.255.0

no shutdown
Lab 7-2: Implement IVR for SAN Extension
P7MDS1# show run

!Time: Sat Oct 12 19:04:08 2013
version 6.2(1)
feature fcip
feature ivr

username admin password 5 $1$I2wtKmNU$BCnT8lA.ZV.z7JMNBjaBr0 role network-
admin
ip domain-lookup
0xcdd47fe6a98eb18b942fd96481190e24
fcip profile 1
ip address 10.1.7.5
vsan database
vsan 10
vsan 20
vsan 99

interface fcip2
use-profile 1
no shutdown
vsan database

vsan 99 interface fcip2
switchname P7MDS1
line console
line vty
ivr nat
ivr distribute
interface fc1/7
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
ivr vsan-topology auto
zone name IVRZ_IvrZone2 vsan 10
member pwwn 10:00:00:00:c9:74:4e:04
member pwwn 22:00:00:11:c6:66:3d:1f
zoneset name nozoneset vsan 10

member IVRZ_IvrZone2
zoneset activate name nozoneset vsan 10

zone name IVRZ_IvrZone1 vsan 20
member pwwn 21:00:00:11:c6:66:3d:20
member pwwn 10:00:00:00:c9:74:4c:63
zoneset name nozoneset vsan 20

member IVRZ_IvrZone1
zoneset activate name nozoneset vsan 20

ivr zone name IvrZone1
member pwwn 10:00:00:00:c9:74:4c:63 vsan 30
member pwwn 21:00:00:11:c6:66:3d:20 vsan 20
ivr zone name IvrZone2
member pwwn 10:00:00:00:c9:74:4e:04 vsan 10
member pwwn 22:00:00:11:c6:66:3d:1f vsan 40
ivr zoneset name IVR_Zoneset1
member IvrZone1
member IvrZone2
ivr zoneset activate name IVR_Zoneset1 force
ivr commit
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
ip address 10.1.7.5 255.255.255.0
no shutdown
interface mgmt0
ip address 10.0.7.5 255.255.255.0
P7MDS1#

Lab 7-3 Tune FCIP Performance
When you complete this activity, your switch running configuration file will be like the
MDS-1
P7MDS1# show run
version 6.2(1)
feature iscsi
iscsi enable module 1
feature fcip
username admin password 5 $1$acxjWebk$z/.sR1xwrR6xtHj.paM7p/ role network-
admin
ip domain-lookup
0x2e50a97a5692e723ba6040b4186b4268
priv 0x2e50a97a5692e723ba6040b4186b4268 localizedkey
fcip profile 1
ip address 10.1.7.5
tcp max-bandwidth-mbps 1000 min-available-bandwidth-mbps 1000 round-trip-
time
-us 48

vsan 1 wwn 10:00:00:06:2b:08:f2:1d fcid 0x6f0000 area dynamic
vsan 1 wwn 20:06:00:05:9b:7d:30:00 fcid 0x6f0300 area dynamic
vsan 1 wwn 01:03:00:05:9b:7d:30:00 fcid 0x6f0140 dynamic
vsan 1 wwn 20:05:00:05:9b:7c:20:20 fcid 0x6f0100 dynamic
vsan 1 wwn 10:00:00:06:2b:08:f9:54 fcid 0x6f0200 area dynamic
vsan 1 wwn 24:d5:00:05:9b:7c:20:20 fcid 0x6f0120 dynamic
interface fcip2
use-profile 1
no shutdown
switchname P7MDS1
line console
line vty
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface iscsi1/1
no shutdown
interface iscsi1/2
interface iscsi1/3
interface iscsi1/4
ip address 10.1.7.5 255.255.255.0
no shutdown

interface mgmt0
ip address 10.0.7.5 255.255.255.0
P7MDS1#
MDS2
P7MDS2# show run
version 6.2(1)
feature iscsi
iscsi enable module 1
feature fcip
username admin password 5 $1$IOXr9o7z$4SsYFqEQcY0rj3/L74hSs. role network-
admin
ip domain-lookup
0x81a95c4952d64793b7cce4430678fb42
priv 0x81a95c4952d64793b7cce4430678fb42 localizedkey
fcip profile 1
ip address 10.1.7.3
tcp max-bandwidth-mbps 1000 min-available-bandwidth-mbps 1000 round-trip-
time
-us 48

vsan 1 wwn 20:06:00:05:9b:7d:06:80 fcid 0x700000 area dynamic
vsan 1 wwn 10:00:00:06:2b:08:f9:55 fcid 0x700100 area dynamic
vsan 1 wwn 10:00:00:05:9b:7d:06:81 fcid 0x700200 dynamic
vsan 1 wwn 20:05:00:05:9b:7c:20:68 fcid 0x700201 dynamic
vsan 1 wwn 21:0d:00:05:9b:7d:06:82 fcid 0x700206 dynamic
vsan 1 wwn 10:00:00:06:2b:08:f2:1c fcid 0x700300 area dynamic
vsan 1 wwn 24:d5:00:05:9b:7c:20:68 fcid 0x700205 dynamic
interface fcip2
use-profile 1
no shutdown
switchname P7MDS2
line console
line vty
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
zone name SanExtTuner-fcip2-P7MDS2 vsan 1
member pwwn 01:03:00:05:9b:7d:06:80
member pwwn 01:03:00:05:9b:7d:30:00

member SanExtTuner-fcip2-P7MDS2
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface iscsi1/1
no shutdown
interface iscsi1/2
interface iscsi1/3

interface iscsi1/4
ip address 10.1.7.5 255.255.255.0
no shutdown
interface mgmt0
ip address 10.0.7.3 255.255.255.0
Lab 7-3, Task 3: MDS1 After Configuring IOA

P7MDS1# show run
version 6.2(1)
username admin password 5 $1$0rL3h3Zk$hj0LvxmcB6TwVl.xk6Ttb1 role network-
admin
ip domain-lookup
0x2e50a97a5692e723ba6040b4186b4268
priv 0x2e50a97a5692e723ba6040b4186b4268 localizedkey
feature cluster
feature ioa
vsan 1 wwn 10:00:00:06:2b:08:f2:1d fcid 0x6f0000 area dynamic
vsan 1 wwn 20:06:00:05:9b:7d:30:00 fcid 0x6f0300 area dynamic
vsan 1 wwn 20:05:00:05:9b:7c:20:20 fcid 0x6f0100 dynamic
vsan 1 wwn 10:00:00:06:2b:08:f9:54 fcid 0x6f0200 area dynamic
vsan 1 wwn 24:d5:00:05:9b:7c:20:20 fcid 0x6f0120 dynamic
vsan 1 wwn 21:0a:00:05:9b:7d:30:02 fcid 0x6f01a0 dynamic
interface ioa1/1
no shutdown
switchname P7MDS1
line console
line vty
ioa cluster MyCluster
no shutdown
node 10.0.7.5
interface ioa1/1
node 10.0.7.3
interface ioa1/1
nport pwwn 10:00:00:06:2b:08:f2:1d site MySite1 vsan 1
nport pwwn 21:00:00:00:87:6e:45:3c site MySite2 vsan 1
flowgroup MyFlow
host 10:00:00:06:2b:08:f2:1d target 21:00:00:00:87:6e:45:3c
ioa site-local MySite1
interface fc1/7
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
member pwwn 10:00:00:06:2b:08:f2:1d
member pwwn 21:00:00:00:87:6e:45:3c

member Zone1
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
no shutdown
interface fc1/6
interface fc1/7
no shutdown
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12

interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.5 255.255.255.0
PxMDS1#
Lab 7-4, Task 5: MDS-2 After Configuring IOA

PxMDS2# show run
version 6.2(1)
username admin password 5 $1$aHwmT60f$5yNtj9M3BAY4QrVYb288p. role network-
admin
ip domain-lookup
0x81a95c4952d64793b7cce4430678fb42
priv 0x81a95c4952d64793b7cce4430678fb42 localizedkey
feature cluster
feature ioa
vsan 1 wwn 20:06:00:05:9b:7d:06:80 fcid 0x700000 area dynamic
vsan 1 wwn 10:00:00:06:2b:08:f9:55 fcid 0x700100 area dynamic
vsan 1 wwn 20:05:00:05:9b:7c:20:68 fcid 0x700201 dynamic
vsan 1 wwn 21:0d:00:05:9b:7d:06:82 fcid 0x700206 dynamic
vsan 1 wwn 10:00:00:06:2b:08:f2:1c fcid 0x700300 area dynamic
vsan 1 wwn 24:d5:00:05:9b:7c:20:68 fcid 0x700205 dynamic
interface ioa1/1
no shutdown
switchname P7MDS2
line console
line vty
no shutdown
node 10.0.7.5
interface ioa1/1
node 10.0.7.3
interface ioa1/1
nport pwwn 10:00:00:06:2b:08:f2:1d site MySite1 vsan 1
nport pwwn 21:00:00:00:87:6e:45:3c site MySite2 vsan 1
flowgroup MyFlow
host 10:00:00:06:2b:08:f2:1d target 21:00:00:00:87:6e:45:3c
ioa site-local MySite2
interface fc1/7
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/7
switchport mode E
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
no shutdown
interface fc1/7
no shutdown
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12

interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface mgmt0
ip address 10.0.7.3 255.255.255.0
PxMDS2#
DCMDS
Lab Guide Appendix

Lab Appendix Task 1: Uninstall Cisco Prime DCNM
Release 6.2(3)
As of Cisco DCNM Release 5.2, Cisco Fabric Manager and Cisco DCNM for LAN are merged
into one unified product called Cisco Data Center Network Manager (DCNM) that can manage
both LAN and SAN environments. As of Cisco Prime DCNM Release 6.2, the name Cisco
Prime DCNM-SAN Client replaces the name Cisco Fabric Manager. Cisco Prime DCNM also
contains a component called Device Manager that you will use throughout the lab exercises.
You will use Cisco Prime DCNM Release 6.2(3) in these labs.
Cisco Prime DCNM is a management system for the Cisco Unified Fabric. Cisco Prime DCNM
consists of four components, which are the Cisco Prime DCNM Unified Web Client, Cisco
Prime DCNM-SAN Client, Cisco Prime DCNM-LAN Client, and Cisco Device Manager.
Cisco Prime DCNM enables you to provision, monitor, and troubleshoot the data center
network infrastructure.
Activity Objective
In this activity, you will uninstall Cisco Prime DCNM for SAN management. Upon completing
this exercise, you will be able to meet the following objectives:
 Complete a clean uninstall of Cisco Prime DCNM
Visual Objective
P1 P2
1/6 1/6
JBOD
1/7 1/7
1/8 1/8
1/9 1/9 MDS2
MDS1
10.0.x.5 10.0.x.3
1/5 1/10 1/10 1/5
P1 P2
1/5 1/5
P2 1/1 1/1 P1
host1 MDS3 MDS4
10.0.x.13 10.0.x.14 host2
E0 10.0.x.1 E0 10.0.x.2
E1 10.1.x.2 E1 10.1.x.6
Required Resources
 Cisco MDS 9000 Series Fibre Channel switches
 Cisco Prime DCNM install file

Task 1: Uninstall the Existing Cisco Fabric Manager or Cisco
DCNM
In this task, each team will execute removal of the Cisco DCNM-SAN components from your
respective server desktop in a four-step process:
 Stop the DCNM SAN, DCNM-LAN, and DCNM SMI-S servers
 Uninstall Cisco DCNM Software
 Stop and remove the PostgreSQL database
 Clear additional folders and Java cache in the control panel
Activity Procedure
Each team will perform the following steps on their assigned server.
Note If you are working in teams within a pod, Team 1 will configure MDS1 and Team 2 will
configure MDS2. If you are working alone, you will configure MDS1.
Step 1 Authenticate to your assigned server. Log in with user name administrator and
password cisco (all lower case).
Note Before launching the uninstall, you will use the Stop DCNM Servers Icon on the desktop.
Step 2 Click the Stop DCNM Servers icon on the desktop to stop the servers before you
begin the uninstall process.
Note As an alternative, to speed up the process, stop the DCNM-SAN, DCNM-LAN, and DCNM-
SMI-S Agent Services in Computer Management > Services.
Step 3 On your student pod server, right-click the server icon and then choose Manage.
Step 4 Navigate to the Services list in the Computer Management window and manually
stop the DCNM-LAN, DCNM-SAN, and DCNM-SMI-Agent services.
Step 5 Manually stop the DCNM-LAN, DCNM-SAN, and DCNM-SMI-Agent services.

Step 6 Confirm that all three services have stopped.
Step 7 Launch removal of Cisco DCNM-SAN by clicking the Uninstall_DCNM desktop

icon.
Step 8 If the Uninstall icon is not on the desktop, locate the uninstall option by navigating
to Start > Programs > Cisco DCNM Server > Uninstall_DCNM.
Step 9 If the Uninstall icon cannot be located in the previous locations, an alternative is to
search for the Uninstall DCNM.exe file in C:\Program Files\Cisco
Systems\dcm\Uninstall_DCNM and then launch.

Step 10 In the Uninstall DCNM Dialog, click the Uninstall button.
Step 11 If the dialog asks to restart the system, click the radio button for No, I will restart
my system myself to save time. Click the Done button. You will restart the server
after the next few cleanup steps.
Step 12 The uninstaller will continue and the Cisco DCNM-SAN, Cisco DCNM-LAN and
Cisco DCNM-SMI-S Agent services will be removed from the list in the Computer
Management window.
Step 13 To ensure removal of old DCNM data in the Java cache, click Start > Settings >
Control Panel > Java.
Step 14 In the General tab, click the Settings button.

Step 15 Click the Delete Files button.
Step 16 Click the OK button to delete temporary files.
Step 17 Click the OK button to close the temporary files settings window.
Step 18 Click the OK button to close the Java control panel.
Step 19 Launch removal of the PostgreSQL database by navigating to Start > Settings >
Control Panel > Add or Remove Programs.
Step 20 Scroll down to select the PostgreSQL 8.2 or 8.3 (your version may vary) service.
Choose Remove and click Yes.
Step 21 Click the Yes button to remove PostgreSQL8.2/ 8.3 from your computer.
Step 22 Click the OK button.
Step 23 Click the OK button when notified that the uninstallation completed.

Step 24 Click the No button if prompted to restart the computer.
Note You will restart the computer after the final uninstall cleanup step.
Step 25 Open Windows Explorer.
Step 26 Browse to C:\Documents and Settings and then delete any postgres folders still
resident in the directory.
Note Certain uninstalls have required the following steps also for cleanup if a prior uninstall was
incomplete.
Step 27 Navigate to C:\Documents and Settings\Administrator. Remove any

.Cisco_MDS9000 folders.
Step 28 Navigate to C:\Program Files\Zero G Registry. Delete the

.com.zerog.registry.xml file.
Step 29 Reboot your server.
Step 30 When the server comes up, you can continue to the task to install Cisco Prime
DCNM.
Note The DCNM desktop icons and DCNM Client menu item should no longer appear.
PostgreSQL should no longer be listed as a service.


DCMDS20LG

Uploaded by

Copyright:

Available Formats

DCMDS20LG

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DCMDS20LG

Uploaded by

Copyright:

Available Formats

DCMDS

Text Part Number: 97-3314-01

1/5 1/10 1/10 1/5

host1 MDS3 MDS4

write erase Erases the switch startup configuration.

reload Reboots the switch.

show environment temp Displays the temperature sensors.

show environment power Displays the power usage and availability.

show module Displays Cisco MDS switch modules.

show inventory Displays a list of switch components.

show hardware Displays Cisco MDS hardware components.

no boot ssi Clears the ssi boot parameter.

show run Displays the running-config.

config Changes to config terminal level.

copy run start Copies the running-config to the startup-config.

© 2013 Cisco Systems, Inc. Lab Guide 3

The following message is displayed:

Type y to proceed and then press <Enter>.

Type y to proceed and then press <Enter>.

Do you want to enforce secure password standard (yes/no)[y]: <Enter>

Enter the password for "admin": 1234QWer

---- Basic System Configuration Dialog ----

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

Would you like to enter the basic configuration dialog (yes/no):y

Create another login account (yes/no) [n]: <Enter>

Configure read-only SNMP community string (yes/no) [n]: <Enter>

Configure read-write SNMP community string (yes/no) [n]: <Enter>

Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:

Configure advanced IP options? (yes/no) [n]: <Enter>

Enable the telnet service? (yes/no) [n]: <Yes>

Configure congestion/no_credit drop for fc interfaces? (yes/no) [q/quit]

Enter the type of drop to configure congestion/no_credit drop? (con/no) [c]:

Enter number of milliseconds for congestion/no_credit drop[100 - 1000] or

© 2013 Cisco Systems, Inc. Lab Guide 5

Would you like to edit the configuration? (yes/no) [n]:

!Command: show running-config

© 2013 Cisco Systems, Inc. Lab Guide 7

Mod Sw Hw World-Wide-Name(s) (WWN)

Mod MAC-Address(es) Serial-Num

* this terminal session

Step 2 Display the switch inventory.

NAME: "Slot 1", DESCR: "4x1GE IPS, 18x1/2/4Gbps FC/Sup2"

NAME: "Slot 17", DESCR: "MDS 9222i Power Supply"

NAME: "Slot 18", DESCR: "MDS 9222i Power Supply"

NAME: "Slot 19", DESCR: "MDS 9222i Fan Module"

Step 3 Display the Cisco MDS hardware components.

© 2013 Cisco Systems, Inc. Lab Guide 9

Device name: P7MDS1

Last reset at 373936 usecs after Thu Sep 5 15:33:26 2013

Reason: Reset Requested by CLI command reload

Step 4 Display the switch temperature status.

© 2013 Cisco Systems, Inc. Lab Guide 11

Mod Model Power Power Power Power Status

Power Usage Summary:

Total Power Capacity 800.10 W

Power reserved for Supervisor(s) 209.16 W

SMTP TFTP Server

© 2013 Cisco Systems, Inc. Lab Guide 13

config Enters configuration mode.

Displays the version of system software that