Cisco Nexus 5500 Series NX-OS Configuration Manual
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
First Published: January 29, 2014
Last Modified: May 22, 2014
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-30895-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWAREOF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2014 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
CHAPTER 1
CHAPTER 2
Preface xix
Audience xix
Document Conventions xix
Related Documentation for Cisco Nexus 5500 Series NX-OS Software xxi
Documentation Feedback xxii
Obtaining Documentation and Submitting a Service Request xxiii
Overview 1
SAN Switching Overview 1
Configuring Fibre Channel Interfaces 5
Configuring Fibre Channel Interfaces 5
Information About Fibre Channel Interfaces 5
Licensing Requirements for Fibre Channel 5
QOS Requirements for Fibre Channel 5
Physical Fibre Channel Interfaces 6
Virtual Fibre Channel Interfaces 6
VF Port 6
VE Ports 7
VNP Ports 8
Interface Modes 8
E Port 9
F Port 9
NP Port 9
TE Port 9
TF Port 10
TNP Port 10
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 iii
Contents
SD Port 10
Auto Mode 10
Interface States 10
Administrative States 10
Operational States 11
Reason Codes 11
Buffer-to-Buffer Credits 14
Configuring Fibre Channel Interfaces 15
Configuring a Fibre Channel Interface 15
Configuring a Range of Fibre Channel Interfaces 15
Setting the Interface Administrative State 15
Configuring Interface Modes 16
Configuring Fibre Channel Interfaces 17
Configuring Unified Ports 17
Configuring the Interface Description 18
Configuring Port Speeds 19
Autosensing 19
Configuring SD Port Frame Encapsulation 19
Configuring Receive Data Field Size 20
Understanding Bit Error Thresholds 20
Configuring Buffer-to-Buffer Credits 21
Configuring Global Attributes for Fibre Channel Interfaces 22
Configuring Switch Port Attribute Default Values 22
Information About N Port Identifier Virtualization 23
Enabling N Port Identifier Virtualization 23
Example Port Channel Configurations 24
Verifying Fibre Channel Interfaces 25
Verifying SFP Transmitter Types 25
Verifying Interface Information 25
Verifying BB_Credit Information 26
Default Fibre Channel Interface Settings 27
CHAPTER 3
Configuring Fibre Channel Domain Parameters 29
Information About Domain Parameters 29
Fibre Channel Domains 29
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
iv OL-30895-01
Contents
Domain Restarts 30
Restarting a Domain 31
Domain Manager Fast Restart 31
Enabling Domain Manager Fast Restart 31
Switch Priority 32
Configuring Switch Priority 32
About fcdomain Initiation 33
Disabling or Reenabling fcdomains 33
Configuring Fabric Names 33
Incoming RCFs 34
Rejecting Incoming RCFs 34
Autoreconfiguring Merged Fabrics 35
Enabling Autoreconfiguration 35
Domain IDs 36
Domain IDs - Guidelines 36
Configuring Static or Preferred Domain IDs 38
Allowed Domain ID Lists 39
Configuring Allowed Domain ID Lists 39
CFS Distribution of Allowed Domain ID Lists 40
Enabling Distribution 40
Locking the Fabric 40
Committing Changes 41
Discarding Changes 41
Clearing a Fabric Lock 42
Displaying CFS Distribution Status 42
Displaying Pending Changes 42
Displaying Session Status 42
Contiguous Domain ID Assignments 43
Enabling Contiguous Domain ID Assignments 43
FC IDs 43
Persistent FC IDs 44
Enabling the Persistent FC ID Feature 44
Persistent FC ID Configuration Guidelines 45
Configuring Persistent FC IDs 45
Unique Area FC IDs for HBAs 46
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 v
Contents
Configuring Unique Area FC IDs for an HBA 46
Persistent FC ID Selective Purging 48
Purging Persistent FC IDs 48
Verifying the fcdomain Configuration 48
Default Settings for Fibre Channel Domains 49
CHAPTER 4
Configuring N Port Virtualization 51
Configuring N Port Virtualization 51
Information About NPV 51
NPV Overview 51
NPV Mode 52
Server Interfaces 52
NP Uplinks 53
FLOGI Operation 53
NPV Traffic Management 54
Automatic Uplink Selection 54
Traffic Maps 54
Disruptive Load Balancing 55
NPV Traffic Management Guidelines 55
NPV Guidelines and Limitations 55
Configuring NPV 56
Enabling NPV 56
Configuring NPV Interfaces 57
Configuring an NP Interface 57
Configuring a Server Interface 58
Configuring NPV Traffic Management 58
Configuring NPV Traffic Maps 58
Enabling Disruptive Load Balancing 59
Verifying NPV 59
Verifying NPV Examples 60
Verifying NPV Traffic Management 61
CHAPTER 5
Configuring FCoE NPV 63
Information About FCoE NPV 63
FCoE NPV Model 65
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
vi OL-30895-01
Contents
Mapping Requirements 66
Port Requirements 67
NPV Features 67
vPC Topologies 68
Supported and Unsupported Topologies 69
Guidelines and Limitations 73
FCoE NPV Configuration Limits 73
Default Settings 74
Enabling FCoE and Enabling NPV 75
Enabling FCoE NPV 75
Configuring NPV Ports for FCoE NPV 76
Verifying FCoE NPV Configuration 76
CHAPTER 6
Configuration Examples for FCoE NPV 77
Configuring VSAN Trunking 83
Configuring VSAN Trunking 83
Information About VSAN Trunking 83
VSAN Trunking Mismatches 84
VSAN Trunking Protocol 84
Configuring VSAN Trunking 85
Guidelines and Limitations 85
Enabling or Disabling the VSAN Trunking Protocol 85
Trunk Mode 85
Configuring Trunk Mode 86
Trunk-Allowed VSAN Lists 87
Configuring an Allowed-Active List of VSANs 89
Displaying VSAN Trunking Information 90
Default Settings for VSAN Trunks 90
CHAPTER 7
Configuring SAN Port Channels 93
Configuring SAN Port Channels 93
Information About SAN Port Channels 93
Understanding Port Channels and VSAN Trunking 94
Understanding Load Balancing 95
Configuring SAN Port Channels 97
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 vii
Contents
SAN Port Channel Configuration Guidelines 99
F and TF Port Channel Guidelines 99
Creating a SAN Port Channel 100
About Port Channel Modes 100
Configuring Active Mode SAN Port Channel 101
About SAN Port Channel Deletion 102
Deleting SAN Port Channels 102
Interfaces in a SAN Port Channel 102
About Interface Addition to a SAN Port Channel 103
Compatibility Check 103
Suspended and Isolated States 104
Adding an Interface to a SAN Port Channel 104
Forcing an Interface Addition 104
CHAPTER 8
About Interface Deletion from a SAN Port Channel 105
Deleting an Interface from a SAN Port Channel 105
SAN Port Channel Protocol 106
About Channel Group Creation 106
Autocreation Guidelines 108
Enabling and Configuring Autocreation 109
About Manually Configured Channel Groups 109
Converting to Manually Configured Channel Groups 109
Example Port Channel Configurations 109
Verifying SAN Port Channel Configuration 110
Default Settings for SAN Port Channels 111
Configuring and Managing VSANs 113
Configuring and Managing VSANs 113
Information About VSANs 113
VSAN Topologies 113
VSAN Advantages 116
VSANs Versus Zones 116
Guidelines and Limitations for VSANs 117
About VSAN Creation 118
Creating VSANs Statically 118
Port VSAN Membership 119
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
viii OL-30895-01
Contents
Assigning Static Port VSAN Membership 120
Displaying VSAN Static Membership 120
Default VSANs 121
Isolated VSANs 121
Displaying Isolated VSAN Membership 122
Operational State of a VSAN 122
Static VSAN Deletion 122
Deleting Static VSANs 123
About Load Balancing 123
Configuring Load Balancing 123
Interop Mode 125
Displaying the Static VSAN Configuration 125
CHAPTER 9
Default Settings for VSANs 125
Configuring and Managing Zones 127
Information About Zones 127
Information About Zoning 127
Zoning Features 127
Zoning Example 129
Zone Implementation 130
Active and Full Zone Sets 130
Configuring a Zone 133
Configuration Examples 133
Zone Sets 134
Activating a Zone Set 135
Default Zone 135
Configuring the Default Zone Access Permission 136
FC Alias Creation 136
Creating FC Aliases 137
Creating FC Aliases Example 137
Creating Zone Sets and Adding Member Zones 138
Zone Enforcement 139
Zone Set Distribution 140
Enabling Full Zone Set Distribution 140
Enabling a One-Time Distribution 140
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 ix
Contents
Recovering from Link Isolation 141
Importing and Exporting Zone Sets 142
Zone Set Duplication 142
Copying Zone Sets 143
Renaming Zones, Zone Sets, and Aliases 143
Cloning Zones, Zone Sets, FC Aliases, and Zone Attribute Groups 144
Clearing the Zone Server Database 145
Verifying the Zone Configuration 145
Enhanced Zoning 146
Enhanced Zoning 146
Changing from Basic Zoning to Enhanced Zoning 147
Changing from Enhanced Zoning to Basic Zoning 148
Enabling Enhanced Zoning 148
CHAPTER 10
Modifying the Zone Database 149
Releasing Zone Database Locks 150
Merging the Database 150
Configuring Zone Merge Control Policies 151
Default Zone Policies 152
Configuring System Default Zoning Settings 152
Verifying Enhanced Zone Information 153
Compacting the Zone Database 153
Analyzing the Zone and Zone Set 154
Default Settings for Zones 154
Distributing Device Alias Services 155
Distributing Device Alias Services 155
Information About Device Aliases 155
Device Alias Features 155
Device Alias Requirements 156
Zone Aliases Versus Device Aliases 156
Device Alias Databases 157
Creating Device Aliases 157
Device Alias Modes 158
Device Alias Mode Guidelines and Limitations for Device Alias Services 158
Configuring Device Alias Modes 159
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
x OL-30895-01
Contents
Device Alias Distribution 160
Locking the Fabric 160
Committing Changes 160
Discarding Changes 161
Overriding the Fabric Lock 162
Disabling and Enabling Device Alias Distribution 162
Legacy Zone Alias Configuration 163
Importing a Zone Alias 163
Device Alias Database Merge Guidelines 164
Verifying the Device Alias Configuration 164
Default Settings for Device Alias Services 165
CHAPTER 11
Configuring Fibre Channel Routing Services and Protocols 167
Information About Fibre Channel Routing Services and Protocols 167
Information About FSPF 168
FSPF Examples 168
Fault Tolerant Fabric Example 168
Redundant Link Example 169
FSPF Global Configuration 169
SPF Computational Hold Times 170
Link State Records 170
Configuring FSPF on a VSAN 170
Resetting FSPF to the Default Configuration 171
Enabling or Disabling FSPF 171
Clearing FSPF Counters for the VSAN 172
FSPF Interface Configuration 172
FSPF Link Cost 172
Configuring FSPF Link Cost 173
Hello Time Intervals 173
Configuring Hello Time Intervals 173
Dead Time Intervals 174
Configuring Dead Time Intervals 174
Retransmitting Intervals 175
Configuring Retransmitting Intervals 175
About Disabling FSPF for Specific Interfaces 176
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 xi
Contents
Disabling FSPF for Specific Interfaces 176
Clearing FSPF Counters for an Interface 176
FSPF Routes 177
Fibre Channel Routes 177
Configuring Fibre Channel Routes 177
In-Order Delivery 178
Reordering Network Frames 179
Reordering SAN Port Channel Frames 180
About Enabling In-Order Delivery 180
Enabling In-Order Delivery 180
Enabling In-Order Delivery for a VSAN 181
Displaying the In-Order Delivery Status 182
Configuring the Drop Latency Time 182
CHAPTER 12
Displaying Latency Information 183
Flow Statistics Configuration 183
Flow Statistics 183
Counting Aggregated Flow Statistics 183
Counting Individual Flow Statistics 184
Clearing FIB Statistics 184
Displaying Flow Statistics 184
Default Settings for FSFP 185
Managing FLOGI, Name Server, FDMI, and RSCN Databases 187
Managing FLOGI, Name Server, FDMI, and RSCN Databases 187
Fabric Login 187
Name Server Proxy 188
About Registering Name Server Proxies 188
Registering Name Server Proxies 188
Rejecting Duplicate pWWNs 188
Rejecting Duplicate pWWNs 189
Name Server Database Entries 189
Displaying Name Server Database Entries 190
FDMI 190
Displaying FDMI 191
RSCN 191
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xii OL-30895-01
Contents
About RSCN Information 191
Displaying RSCN Information 191
Multi-pid Option 192
Configuring the multi-pid Option 192
Suppressing Domain Format SW-RSCNs 192
Clearing RSCN Statistics 193
Configuring the RSCN Timer 193
Verifying the RSCN Timer Configuration 194
RSCN Timer Configuration Distribution 194
Enabling RSCN Timer Configuration Distribution 195
Locking the Fabric 195
Committing RSCN Timer Configuration Changes 196
CHAPTER 13
CHAPTER 14
Discarding the RSCN Timer Configuration Changes 196
Clearing a Locked Session 197
Displaying RSCN Configuration Distribution Information 197
Default Settings for RSCN 197
Discovering SCSI Targets 199
Discovering SCSI Targets 199
Information About SCSI LUN Discovery 199
About Starting SCSI LUN Discovery 199
Starting SCSI LUN Discovery 200
About Initiating Customized Discovery 200
Initiating Customized Discovery 200
Displaying SCSI LUN Information 201
Configuring iSCSI TLV 203
Information about iSCSI TLV 203
iSCSI TLV Configuration 203
Identifying iSCSI Traffic 203
Configuring Type QoS Policies 204
Configuring No-Drop Policy Maps 205
Applying System Service Policies 206
iSCSI TLV and FCoE Configuration 207
Identifying iSCSI and FCoE Traffic 207
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 xiii
Contents
Configuring Type QoS Policies 208
Configuring No-Drop Policy Maps 209
Applying System Service Policies 212
CHAPTER 15
Advanced Fibre Channel Features 213
Advanced Fibre Channel Features and Concepts 213
Fibre Channel Timeout Values 213
Timer Configuration Across All VSANs 213
Timer Configuration Per-VSAN 214
fctimer Distribution 215
Enabling or Disabling fctimer Distribution 215
Committing fctimer Changes 216
Discarding fctimer Changes 216
Overriding the Fabric Lock 216
Fabric Database Merge Guidelines 217
Verifying Configured fctimer Values 217
World Wide Names 218
Verifying the WWN Configuration 218
Link Initialization WWN Usage 218
Configuring a Secondary MAC Address 219
CHAPTER 16
FC ID Allocation for HBAs 219
Default Company ID List 220
Verifying the Company ID Configuration 220
Switch Interoperability 221
About Interop Mode 221
Configuring Interop Mode 1 224
Verifying Interoperating Status 225
Default Settings for Advanced Fibre Channel Features 229
Configuring FC-SP and DHCHAP 231
Information About FC-SP and DHCHAP 231
Fabric Authentication 231
Configuring DHCHAP Authentication 232
DHCHAP Compatibility with Fibre Channel Features 233
About Enabling DHCHAP 233
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xiv OL-30895-01
Contents
Enabling DHCHAP 233
DHCHAP Authentication Modes 234
Configuring the DHCHAP Mode 235
DHCHAP Hash Algorithm 236
Configuring the DHCHAP Hash Algorithm 236
DHCHAP Group Settings 237
Configuring the DHCHAP Group Settings 237
DHCHAP Password 237
Configuring DHCHAP Passwords for the Local Switch 238
Password Configuration for Remote Devices 238
Configuring DHCHAP Passwords for Remote Devices 239
DHCHAP Timeout Value 239
CHAPTER 17
Configuring the DHCHAP Timeout Value 239
Configuring DHCHAP AAA Authentication 240
Displaying Protocol Security Information 240
Configuration Examples for Fabric Security 241
Default Settings for Fabric Security 242
Configuring Port Security 245
Configuring Port Security 245
Information About Port Security 245
Port Security Enforcement 246
Auto-Learning 246
Port Security Activation 246
Configuring Port Security 247
Configuring Port Security with Auto-Learning and CFS Distribution 247
Configuring Port Security with Auto-Learning without CFS 248
Configuring Port Security with Manual Database Configuration 248
Enabling Port Security 249
Port Security Activation 249
Activating Port Security 249
Database Activation Rejection 250
Forcing Port Security Activation 250
Database Reactivation 251
Auto-Learning 252
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 xv
Contents
About Enabling Auto-Learning 252
Enabling Auto-Learning 252
Disabling Auto-Learning 253
Auto-Learning Device Authorization 253
Authorization Scenario 254
Port Security Manual Configuration 255
WWN Identification Guidelines 255
Adding Authorized Port Pairs 256
Port Security Configuration Distribution 257
Enabling Port Security Distribution 257
Locking the Fabric 258
Committing the Changes 258
Discarding the Changes 258
CHAPTER 18
Activation and Auto-Learning Configuration Distribution 259
Merging the Port Security Database 261
Database Interaction 261
Database Scenarios 263
Copying the Port Security Database 264
Deleting the Port Security Database 264
Clearing the Port Security Database 264
Displaying Port Security Configuration 265
Default Settings for Port Security 265
Configuring Fabric Binding 267
Configuring Fabric Binding 267
Information About Fabric Binding 267
Licensing Requirements for Fabric Binding 267
Port Security Versus Fabric Binding 267
Fabric Binding Enforcement 268
Configuring Fabric Binding 269
Configuring Fabric Binding 269
Enabling Fabric Binding 269
Switch WWN Lists 269
Configuring Switch WWN List 270
Fabric Binding Activation and Deactivation 270
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xvi OL-30895-01
Contents
Activating Fabric Binding 271
Forcing Fabric Binding Activation 271
Copying Fabric Binding Configurations 272
Clearing the Fabric Binding Statistics 272
Deleting the Fabric Binding Database 272
Verifying the Fabric Binding Configuration 273
Default Settings for Fabric Binding 273
CHAPTER 19
CHAPTER 20
Configuring Fabric Configuration Servers 275
Configuring Fabric Configuration Servers 275
Information About FCS 275
FCS Characteristics 276
FCS Name Specification 277
Displaying FCS Information 277
Default FCS Settings 277
Configuring Port Tracking 279
Configuring Port Tracking 279
Information About Port Tracking 279
Default Settings for Port Tracking 280
Configuring Port Tracking 281
Enabling Port Tracking 281
Configuring Linked Ports 282
Operationally Binding a Tracked Port 282
Tracking Multiple Ports 282
Tracking Multiple Ports 283
Monitoring Ports in a VSAN 283
Monitoring Ports in a VSAN 284
Forcefully Shutting down 284
Forcefully Shutting Down a Tracked Port 285
Displaying Port Tracking Information 285
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 xvii
Contents
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xviii OL-30895-01
Preface
The preface contains the following sections:
Audience, page xix
•
Document Conventions, page xix
•
Related Documentation for Cisco Nexus 5500 Series NX-OS Software, page xxi
•
Documentation Feedback, page xxii
•
Obtaining Documentation and Submitting a Service Request, page xxiii
•
Audience
This publication is for network administrators who configure and maintain Cisco Nexus devices and Cisco
Nexus 2000 Series Fabric Extenders.
Document Conventions
Note
OL-30895-01 xix
As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have
modified the manner in which we document configuration tasks. As a result of this, you may find a
deviation in the style used to describe these tasks, with the newly included sections of the document
following the new format.
Command descriptions use the following conventions:
DescriptionConvention
bold
Italic
Bold text indicates the commands and keywords that you enter literally
as shown.
Italic text indicates arguments for which the user supplies the values.
Square brackets enclose an optional element (keyword or argument).[x]
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
Document Conventions
Preface
DescriptionConvention
[x | y]
Square brackets enclosing keywords or arguments separated by a vertical
bar indicate an optional choice.
{x | y}
Braces enclosing keywords or arguments separated by a vertical bar
indicate a required choice.
[x {y | z}]
Nested set of square brackets or braces indicate optional or required
choices within optional or required elements. Braces and a vertical bar
within square brackets indicate a required choice within an optional
element.
variable
Indicates a variable for which you supply values, in context where italics
cannot be used.
string
A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
Examples use the following conventions:
DescriptionConvention
Terminal sessions and information the switch displays are in screen font.screen font
Information you must enter is in boldface screen font.boldface screen font
Note
Caution
italic screen font
Arguments for which you supply values are in italic screen font.
Nonprinting characters, such as passwords, are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
!, #
An exclamation point (!) or a pound sign (#) at the beginning of a line
of code indicates a comment line.
This document uses the following conventions:
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Means reader be careful. In this situation, you might do something that could result in equipment damage
or loss of data.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xx OL-30895-01
Preface
Related Documentation for Cisco Nexus 5500 Series NX-OS Software
Related Documentation for Cisco Nexus 5500 Series NX-OS
Software
The entire Cisco NX-OS 5500 Series documentation set is available at the following URL:
http://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/
tsd-products-support-series-home.html
Release Notes
The release notes are available at the following URL:
http://www.cisco.com/en/US/products/ps9670/prod_release_notes_list.html
Configuration Guides
These guides are available at the following URL:
http://www.cisco.com/en/US/products/ps9670/products_installation_and_configuration_guides_list.html
The documents in this category include:
Cisco Nexus 5500 Series NX-OS Adapter-FEX Configuration Guide
•
Cisco Nexus 5500 Series NX-OS FabricPath Configuration Guide
•
Cisco Nexus 5500 Series NX-OS FCoE Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Fundamentals Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Interfaces Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Layer 2 Switching Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Multicast Routing Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Quality of Service Configuration Guide
•
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Security Configuration Guide
•
Cisco Nexus 5500 Series NX-OS System Management Configuration Guide
•
Cisco Nexus 5500 Series NX-OS Unicast Routing Configuration Guide
•
Installation and Upgrade Guides
These guides are available at the following URL:
http://www.cisco.com/en/US/products/ps9670/prod_installation_guides_list.html
The document in this category include:
Cisco Nexus 5500 Series NX-OS Software Upgrade and Downgrade Guides
•
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 xxi
Documentation Feedback
Licensing Guide
The License and Copyright Information for Cisco NX-OS Software is available at http://www.cisco.com/en/
US/docs/switches/datacenter/sw/4_0/nx-os/license_agreement/nx-ossw_lisns.html.
Command References
These guides are available at the following URL:
http://www.cisco.com/en/US/products/ps9670/prod_command_reference_list.html
The documents in this category include:
Cisco Nexus 5500 Series NX-OS Fabric Extender Command Reference
•
Cisco Nexus 5500 Series NX-OS FabricPath Command Reference
•
Cisco Nexus 5500 Series NX-OS Fundamentals Command Reference
•
Cisco Nexus 5500 Series NX-OS Interfaces Command Reference
•
Cisco Nexus 5500 Series NX-OS Layer 2 Interfaces Command Reference
•
Preface
Cisco Nexus 5500 Series NX-OS Multicast Routing Command Reference
•
Cisco Nexus 5500 Series NX-OS Quality of Service Command Reference
•
Cisco Nexus 5500 Series NX-OS Security Command Reference
•
Cisco Nexus 5500 Series NX-OS System Management Command Reference
•
Cisco Nexus 5500 Series NX-OS TrustSec Command Reference
•
Cisco Nexus 5500 Series NX-OS Unicast Routing Command Reference
•
Cisco Nexus 5500 Series NX-OS Virtual Port Channel Command Reference
•
Technical References
The Cisco Nexus 5500 Series NX-OS MIB Reference is available at http://www.cisco.com/en/US/docs/switches/
datacenter/nexus5500/sw/mib/reference/NX5500_MIBRef.html.
Error and System Messages
The Cisco Nexus 5500 Series NX-OS System Message Guide is available at http://www.cisco.com/en/US/docs/
switches/datacenter/nexus5500/sw/system_messages/reference/sl_nxos_book.html.
Troubleshooting Guide
The Cisco Nexus 5500 Series NX-OS Troubleshooting Guide is available at http://www.cisco.com/en/US/
docs/switches/datacenter/nexus5500/sw/troubleshooting/guide/N5K_Troubleshooting_Guide.html.
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments
to: ciscodfa-docfeedback@cisco.com.
We appreciate your feedback.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xxii OL-30895-01
Preface
Obtaining Documentation and Submitting a Service Request
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service
request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's
New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 xxiii
Obtaining Documentation and Submitting a Service Request
Preface
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
xxiv OL-30895-01
Overview
This chapter contains the following sections:
SAN Switching Overview, page 1
•
SAN Switching Overview
This chapter provides an overview of SAN switching for Cisco NX-OS devices. This chapter includes the
following sections:
Fibre Channel Interfaces
Fibre Channel ports are optional on the Cisco Nexus device.
Each Fibre Channel port can be used as a downlink (connected to a server) or as an uplink (to the data center
SAN fabric).
Domain Parameters
CHAPTER 1
The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID distribution,
FC ID allocation, and fabric reconfiguration functions as described in the FC-SW-2 standards. The domains
are configured per VSAN . If you do not configure a domain ID, the local switch uses a random ID.
N Port Virtualization
Cisco NX-OS software supports industry-standard N port identifier virtualization (NPIV), which allows
multiple N port fabric logins concurrently on a single physical Fibre Channel link. HBAs that support NPIV
can help improve SAN security by enabling zoning and port security to be configured independently for each
virtual machine (OS partition) on a host. In addition to being useful for server connections, NPIV is beneficial
for connectivity between core and edge SAN switches.
VSAN Trunking
Trunking, also known as VSAN trunking, enables interconnect ports to transmit and receive frames in more
than one VSAN over the same physical link. Trunking is supported on E ports and F ports.
SAN Port Channels
PortChannels aggregate multiple physical ISLs into one logical link with higher bandwidth and port resiliency
for Fibre Channel traffic. With this feature, up to 16 expansion ports (E-ports) or trunking E-ports (TE-ports)
can be bundled into a PortChannel. ISL ports can reside on any switching module, and they do not need a
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 1
SAN Switching Overview
designated master port. If a port or a switching module fails, the PortChannel continues to function properly
without requiring fabric reconfiguration.
Cisco NX-OS software uses a protocol to exchange PortChannel configuration information between adjacent
switches to simplify PortChannel management, including misconfiguration detection and autocreation of
PortChannels among compatible ISLs. In the autoconfigure mode, ISLs with compatible parameters
automatically form channel groups; no manual intervention is required.
PortChannels load balance Fibre Channel traffic using a hash of source FC-ID and destination FC-ID, and
optionally the exchange ID. Load balancing using PortChannels is performed over both Fibre Channel and
FCIP links. Cisco NX-OS software also can be configured to load balance across multiple same-cost FSPF
routes.
Virtual SANs
Virtual SANs (VSANs) partition a single physical SAN into multiple VSANs. VSANs allow the Cisco NX-OS
software to logically divide a large physical fabric into separate, isolated environments to improve Fibre
Channel SAN scalability, availability, manageability, and network security.
Each VSAN is a logically and functionally separate SAN with its own set of Fibre Channel fabric services.
This partitioning of fabric services greatly reduces network instability by containing fabric reconfiguration
and error conditions within an individual VSAN. The strict traffic segregation provided by VSANs can ensure
that the control and data traffic of a specified VSAN are confined within the VSAN's own domain, which
increases SAN security. VSANs can reduce costs by facilitating consolidation of isolated SAN islands into a
common infrastructure without compromising availability.
You can create administrator roles that are limited in scope to certain VSANs. For example, you can set up a
network administrator role to allow configuration of all platform-specific capabilities and other roles to allow
configuration and management only within specific VSANs. This approach improves the manageability of
large SANs and reduces disruptions due to human error by isolating the effect of a user action to a specific
VSAN whose membership can be assigned based on switch ports or the worldwide name (WWN) of attached
devices.
VSANs are supported across Fibre Channel over IP (FCIP) links between SANs, which extends VSANs to
include devices at a remote location. The Cisco SAN switches also implement trunking for VSANs. Trunking
allows Inter-Switch Links (ISLs) to carry traffic for multiple VSANs on the same physical link.
Zoning
Overview
Zoning provides access control for devices within a SAN. The Cisco NX-OS software supports the following
types of zoning:
N port zoning-Defines zone members based on the end-device (host and storage) port.
•
WWN
◦
Fibre Channel identifier (FC-ID)
◦
Fx port zoning-Defines zone members based on the switch port.
•
WWN
◦
WWN plus the interface index, or domain ID plus the interface index
◦
Domain ID and port number (for Brocade interoperability)
•
iSCSI zoning-Defines zone members based on the host zone.
•
iSCSI name
◦
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
2 OL-30895-01
Overview
SAN Switching Overview
IP address
◦
LUN zoning-When combined with N port zoning, logical unit number (LUN) zoning helps ensure that
•
LUNs are accessible only by specific hosts, providing a single point of control for managing heterogeneous
storage-subsystem access.
Read-only zones-An attribute can be set to restrict I/O operations in any zone type to SCSI read-only
•
commands. This feature is useful for sharing volumes across servers for backup, data warehousing, and
so on.
Broadcast zones-An attribute can be set for any zone type to restrict broadcast frames to members of
•
the specific zone.
To provide strict network security, zoning is always enforced per frame using access control lists (ACLs) that
are applied at the ingress switch. All zoning polices are enforced in the hardware, and none of them cause
performance degradation. Enhanced zoning session-management capabilities further enhance security by
allowing only one user at a time to modify zones.
Device Alias Services
The software supports Device Alias Services (device alias) on per VSAN and fabric wide. Device alias
distribution allows you to move host bus adapters (HBAs) between VSANs without manually reentering alias
names.
Fibre Channel Routing
Fabric Shortest Path First (FSPF) is the protocol used by Fibre Channel fabrics. FSPF is enabled by default
on all Fibre Channel switches. You do not need to configure any FSPF services except in configurations that
require special consideration. FSPF automatically calculates the best path between any two switches in a
fabric. Specifically, FSPF is used to perform these functions:
Dynamically compute routes throughout a fabric by establishing the shortest and quickest path between
•
any two switches.
Select an alternative path if a failure occurs on a given path. FSPF supports multiple paths and
•
automatically computes an alternative path around a failed link. FSPF provides a preferred route when
two equal paths are available.
SCSI Targets
Small Computer System Interface (SCSI) targets include disks, tapes, and other storage devices. These targets
do not register logical unit numbers (LUNs) with the name server. The SCSI LUN discovery feature is initiated
on demand, through CLI or SNMP. This information is also synchronized with neighboring switches, if those
switches belong to the Cisco Nexus device.
Advanced Fibre Channel Features
You can configure Fibre Channel protocol-related timer values for distributed services, error detection, and
resource allocation.
You must uniquely associate the WWN to a single switch. The principal switch selection and the allocation
of domain IDs rely on the WWN. Cisco Nexus devices support three network address authority (NAA) address
formats.
Fibre Channel standards require that you allocate a unique FC ID to an N port that is attached to an F port in
any switch. To conserve the number of FC IDs used, Cisco Nexus devices use a special allocation scheme.
FC-SP and DHCHAP
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 3
SAN Switching Overview
The Fibre Channel Security Protocol (FC-SP) provides switch-to-switch and hosts-to-switch authentication
to overcome security challenges for enterprise-wide fabrics. The Diffie-Hellman Challenge Handshake
Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco SAN
switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman
exchange.
With FC-SP, switches, storage devices, and hosts can prove their identity through a reliable and manageable
authentication mechanism. With FC-SP, Fibre Channel traffic can be secured per frame to prevent snooping
and hijacking even over untrusted links. A consistent set of policies and management actions are propagated
through the fabric to provide a uniform level of security across the entire fabric.
Port Security
The port security feature prevents unauthorized access to a switch port by binding specific world-wide names
(WWNs) that have access to one or more given switch ports.
When port security is enabled on a switch port, all devices connecting to that port must be in the port security
database and must be listed in the database as bound to a given port. If both of these criteria are not met, the
port will not achieve an operationally active state and the devices connected to the port will be denied access
to the SAN.
Fabric Binding
Overview
Fabric binding ensures Inter-Switch Links (ISLs) are enabled only between specified switches in the fabric
binding configuration, which prevents unauthorized switches from joining the fabric or disrupting the current
fabric operations. This feature uses the Exchange Fabric Membership Data (EEMD) protocol to ensure that
the list of authorized switches is identical in all of the switches in a fabric.
Fabric Configuration Servers
The Fabric Configuration Server (FCS) provides discovery of topology attributes and maintains a repository
of configuration information of fabric elements. A management application is usually connected to the FCS
on the switch through an N port. Multiple VSANs constitute a fabric, where one instance of the FCS is present
per VSAN.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
4 OL-30895-01
Configuring Fibre Channel Interfaces
This chapter contains the following sections:
Configuring Fibre Channel Interfaces, page 5
•
Configuring Fibre Channel Interfaces
Information About Fibre Channel Interfaces
Licensing Requirements for Fibre Channel
On Cisco Nexus devices, Fibre Channel capability is included in the Storage Protocol Services license.
Ensure that you have the correct license installed (N5010SS or N5020SS) before using Fibre Channel interfaces
and capabilities.
CHAPTER 2
Note
You can configure virtual Fibre Channel interfaces without a Storage Protocol Services license, but these
interfaces will not become operational until the license is activated.
QOS Requirements for Fibre Channel
The FCoE QoS must be configured if the following types of interfaces are in use:
Native FC - for FC
•
FCoE - for vFC
•
FC and FCoE - for FC and vFC
•
The FCoE QoS must be added even if Ethernet is not configured on the switch.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 5
Information About Fibre Channel Interfaces
The following commands will enable the default QoS configuration which must be configured for native FC
or FCoE or FC and FCoE:
switch(config)# system qos
switch(config-sys-qos)# service-policy type queuing input fcoe-default-in-policy
switch(config-sys-qos)# service-policy type queuing output fcoe-default-out-policy
switch(config-sys-qos)# service-policy type qos input fcoe-default-in-policy
switch(config-sys-qos)# service-policy type network-qos fcoe-default-nq-policy
Physical Fibre Channel Interfaces
Cisco Nexus devices support up to sixteen physical Fibre Channel (FC) uplinks through the use of two, optional
explansion modules. The first module contains eight FC interfaces. The second module includes four Fibre
Channel ports and four Ethernet ports.
Each Fibre Channel port can be used as a downlink (connected to a server) or as an uplink (connected to the
data center SAN network). The Fibre Channel interfaces support the following modes: E, F, NP, TE, TF,
TNP, SD, and Auto.
Virtual Fibre Channel Interfaces
Configuring Fibre Channel Interfaces
VF Port
Fibre Channel over Ethernet (FCoE) encapsulation allows a physical Ethernet cable to simultaneously carry
Fibre Channel and Ethernet traffic. In Cisco Nexus devices, an FCoE-capable physical Ethernet interface can
carry traffic for one virtual Fibre Channel (vFC) interface.
Like any interface in Cisco NX-OS, vFC interfaces are manipulable objects with properties such as configuration
and state. Native Fibre Channel and vFC interfaces are configured using the same CLI commands.
vFC interfaces support only F mode and operate in trunk mode only.
The following capabilities are not supported for virtual Fibre Channel interfaces:
SAN port channels.
•
The SPAN destination cannot be a vFC interface.
•
Buffer-to-buffer credits.
•
Exchange link parameters (ELP), or Fabric Shortest Path First (FSPF) protocol.
•
Configuration of physical attributes (speed, rate, mode, transmitter information, MTU size).
•
Port tracking.
•
vFC interfaces always operate in trunk mode; vFC interfaces do not operate in any other mode. You can
configure allowed VSANs on a vFC by using the switchport trunk allowed vsan command under the vfc
interface (which is similar to FC TF and TE ports). For vFC interfaces that are connected to hosts, port VSAN
is the only VSAN that supports logins (FLOGI). We recommend that you restrict the allowed VSANs for
such vFC interfaces to the port VSAN by using the switchport trunk allowed vsan command in the interface
mode to configure a VF port.
Includes support for 160 vFC interfaces.
The vFC VSAN assignment and the global VLAN-to-VSAN mapping table enables the Cisco Nexus device
to choose the appropriate VLAN for a VF port.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
6 OL-30895-01
Loading...