Beruflich Dokumente
Kultur Dokumente
com
Cisco CLI
By
sanaswati
Switch Configuration
Set a user password
switch# username admin password NEWPASSWORD
Set banner
switch# banner motd #
**********************************************************************
** YOUR MESSAGE **
**********************************************************************
#
Define VSANs
switch# vsan database
switch# vsan 1 suspend
switch# vsan 111 name FABRIC_A
switch# vsan 111 interface bay 1-16
http://www.sanspire.com/cisco-cli/
Configure SNMP
switch# snmp-server community eccuser group network-admin
switch# snmp-server community onaro group network-operator
switch# logging server 192.168.1.50 facility local0
switch# no logging console
switch# snmp-server enable traps
switch# snmp-server host 192.168.2.1 traps version 2c public udp-port 162
Zone Maintenance
Creating zone
Basic Zoning
switch# zone name servername_arrayname_portname vsan 111
switch# member pwwn 10:00:00:00:00:00:00:00
switch# member pwwn 50:00:00:80:50:A0:0B:40
switch# zoneset name FABRIC_A vsan 111
switch# member servername_arrayname_portname
switch# zoneset distribute vsan 111
switch# zoneset activate name FABRIC_A vsan 111
Enhanced Zoning
switch# zone name servername_arrayname_portname vsan 111
switch# member pwwn 10:00:00:00:00:00:00:00
switch# member pwwn 50:06:04:84:52:A9:0B:43
switch# zoneset name FABRIC_A vsan 111
switch# member servername_arrayname_portname
switch# zoneset activate name FABRIC_A vsan 111
switch# zone commit vsan 111
To discard the changes to enhanced zone database and close the session
switch# no zone commit vsan
111
To forcefully apply the changes to enhanced zone database and close the vsan session
created by another user
switch# zone commit vsan 3
force
To forcefully discard the changes to enhanced zone database and close the vsan session
created by another user
switch# no zone commit vsan 3
force
To clear the lock on remote switches, if sesson locks remain on remote swtiches even after
using no zone commit vsan
switch# clear zone lock vsan
2
To see the status of IVR zoneset (it will tell you whether a zone is being activated at the
moment)
switch# show ivr zoneset status
To rename a zone
switch# zone rename old_name new_name vsan 111
switch# zone distribute vsan 111
switch# zone activate name FABRIC_A vsan 111
To connect to an interconnect 3
hpchassis# connect interconnect 3
Switch Maintenance
To check time out drops recorded in switch
switch# show logging onboard timeoutdrops
To suspend a VSAN
To see whether the route to virtual domain is flapping Output below shows it is flapping
every 2 seconds or so
Time
---Mon Jan 16 00:54:36
Mon Jan 16 00:54:38
Mon Jan 16 00:54:40
Mon Jan 16 00:54:42
Mon Jan 16 00:54:44
Mon Jan 16 00:54:46
Mon Jan 16 00:54:47
Mon Jan 16 00:54:49
Mon Jan 16 00:54:51
switch#
switch#
switch#
usage
switch#
switch#
switch#
switch#
switch#
switch#
switch#
system
system
system
system
system
system
system
internal
internal
internal
internal
internal
internal
internal
rib
rib
rib
rib
rib
rib
rib
multicast
summary
sync-log label
sync-log multicast
sync-log unicast
vsan-attributes
vsan-rewrite
To check LSR owner for the virtual domain representing VSAN 111 in VSAN 130
switch#
switch#
switch#
count
switch#
To check clock
switch# show clock
To see the processes that are currently consuming more than 0% CPU on the switch. As
this command provides a snapshot of the moment it is executed, it is often necessary to
run this command multiple times for several minutes (depending on the frequency of CPU
spikes)
switch# show process cpu | ex
0.0%
To produce graphical output showing CPU usage history over the last 60 secs, 60 mins,
and last 72 hrs
switch# show processes CPU
history
To check the status of internal xbar communication links between system and modules
switch# show system internal xbar
all
switch#
switch#
switch#
switch#
log
switch#
switch#
switch#
show
show
show
show
hardware
hardware internal version
hardware ipc-channel status
hardware internal ipc-channel event-
To show fcs IE
switch# show fcs
ie
switch#
switch#
switch#
switch#
info
show
show
show
show
fspf
fspf database
fspf interface
fspf internal
To turn it off
switch# no switchport
beacon
# show port-channel
database
# show port-channel summary
# poweroff module 1
# no poweroff module 1
OR
# reload module
1
Situations
Resolving enhanced zoning lock issues
Step 1
Use the show zone status vsan command to determine the lock holder. If the lock holder is on this
switch, the command output shows the user. If the lock holder is on a remote switch, the command output shows
the domain ID of the remote switch.
switch# show zone status vsan 6 </h5>
VSAN: 6 default-zone: deny distribute: active only Interop: default
mode: enhanced merge-control: allow session: cli [admin] <---- user admin has
lock
hard-zoning: enabled
if not on this switch:
VSAN: 6 default-zone: deny distribute: active only Interop: default
session: remote [dom: 239][ip: 192.168.1.1] ? <---- Switch with the lock
Step 2:
Log on to the switch > 192.168.1.1. Use the no zone commit vsan command on the switch that holds the lock to
release the lock if you are the holder of the lock.
switch# zone commit vsan
6
Step 3:
Use the no zone commit vsan force command on the switch that holds the lock to release the lock if another user
holds the lock.
switch# no zone commit vsan 6
force
Note Verify that no valid configuration change is in progress before you clear a lock.
Step 4:
If problems persist, use the clear zone lock command to remove the lock from the switch. This should
only be done on the switch that holds the lock.
switch# clear zone lock vsan
6
Step 1
So first login to web browser of switchname-m.
Click on Interconnect Bay -> 3. Cisco MDS 9124e 24-Port blah -> Virtual Buttons tab on the right -> Reset
Step 2
As soon as you click, okay rush to putty and login to switchname-m, run connect interconnect 3 and hit enter
twice to see console and hit entering control+C like there is no tomorrow. Let someone else do this if you are
slow. Once at loader prompt, type the following commands:
loader> dir
bootflash:
Step 3
Boot the kickstart image.
loader> boot kickstart_image (eg: boot m9100-s2ek9-kickstartmz.3.1.3a.bin)
Step 4
Verify that you now see the boot prompt, switch(boot)#.
Step 5
Enter configuration mode:
switch(boot)# config
t
Step 6
Enter a new admin password.
switch(boot)(config)# admin-password <new
password>
switch(boot)(config)# exit
Step 7
View the system image in bootflash
switch(boot)# dir bootflash:
For example: m9100-s2ek9mz.3.1.3a.bin
Step 8
Load the system image.
switch(boot)# load bootflash:system_image
For example: load bootflash:m9100-s2ek9mz.3.1.3a.bin
Step 9
Verify that you now see the Cisco MDS 9124e Switch login prompt, switch login#.
If the switch comes up and admin password still doesnt work, you will need to follow up to step 10 again. Reset
the admin-password again but instead of exit, run do write erase this will erase all the configuration. And then
carry on with steps 7, 8, and 9.
While configuring the switch, if you get error message Fabric is already locked what to
do?
Check current locks
switch# show cfs lock
Application: flex-attach
Scope
: Physical-fc-ip
-------------------------------------------------------------------------------Switch WWN
IP Address
User Name
User Type
-------------------------------------------------------------------------------20:00:54:7f:ee:68:18:40 172.17.233.57
admin
CLI/SNMP
v3
Total number of entries = 1
switch# clear flex-attach session
switch# show cfs lock
switch#
interface ext
interface ext
interface ext
interface ext
How to switch over (failover) from active or standby supervisor and viceversa?
For high availability, you need to connect the ethernet port for both active and standby supervisors to the same
network or virtual LAN. The active supervisor owns the one IP address used by these ethernet connections. On a
switchover, the newly activated supervisor takes over this IP address.
switch# show module
Mod Ports Module-Type
--- ----- -------------------------------1
48
1/2/4/8 Gbps FC Module
2
48
1/2/4/8 Gbps FC Module
7
0
Supervisor/Fabric-2a
standby
8
0
Supervisor/Fabric-2a
Model
-----------------DS-X9248-96K9
DS-X9248-96K9
DS-X9530-SF2AK9
Status
-----------ok
ok
ha-
DS-X9530-SF2AK9
active *
After enabling the flex-attach, vpwwn doesnt come up as you would have expected.
Instead of coming up with 20:01, 20:02 etc it shows 10:00s. Exact reason for this is not
known but below mentioned work around works.
You will have to disable cfs when it couldnt connect automatically to its cfs peers you can see this by checking
if it picks up other 9124e peer ips.
switchA(config)# show cfs peers name flex-attach
Scope
: Physical-fc-ip
------------------------------------------------------------------------Switch WWN
IP Address
------------------------------------------------------------------------20:00:54:7f:ee:0c:f4:d8 192.168.1.1
[Local]
switchA
Total number of entries = 1
Workaround is to disable cfs and then down the bay interfaces and commit flex-attach. However you dont have
the reassurance that the WWNs selected for the switch are unique on the fabric which is what the cfs peer
distribute is checking. This wont be an issue unless we are merging with another fabric in the future.
So here are the commands to do it;
switch# no cfs distribute (and select Y)
switchA# show cfs status
switchA# interface bay 1-16
switchA# shutdown
switchA# flex-attach virtual-pwwn auto interface bay 116
switchA# flex-attach commit
switchA# show flex-attach pending
SANSPIRE 2014. All Rights Reserved.