Cisco Nexus 6000 Series Configuration Manual

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

First Published: 2013-01-30

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

Text Part Number: OL-27932-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWAREOF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://

www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1110R)

Preface

CHAPTER 1

CHAPTER 2

Preface xv

Audience xv

Document Conventions xv

Related Documentation for Cisco Nexus 6000 Series NX-OS Software xvii

Documentation Feedback xviii

Obtaining Documentation and Submitting a Service Request xix

Overview 1

SAN Switching Overview 1

Configuring Fibre Channel Domain Parameters 5

Information About Domain Parameters 5

Fibre Channel Domains 5

Domain Restarts 6

Restarting a Domain 7

Domain Manager Fast Restart 7

Enabling Domain Manager Fast Restart 7

Switch Priority 8

Configuring Switch Priority 8

About fcdomain Initiation 9

Disabling or Reenabling fcdomains 9

Configuring Fabric Names 9

Incoming RCFs 10

Rejecting Incoming RCFs 10

Autoreconfiguring Merged Fabrics 11

Enabling Autoreconfiguration 11

Domain IDs 12

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 iii

Contents

Domain IDs - Guidelines 12

Configuring Static or Preferred Domain IDs 14

Allowed Domain ID Lists 15

Configuring Allowed Domain ID Lists 15

CFS Distribution of Allowed Domain ID Lists 16

Enabling Distribution 16

Locking the Fabric 16

Committing Changes 17

Discarding Changes 17

Clearing a Fabric Lock 18

Displaying CFS Distribution Status 18

Displaying Pending Changes 18

Displaying Session Status 18

CHAPTER 3

Contiguous Domain ID Assignments 19

Enabling Contiguous Domain ID Assignments 19

FC IDs 19

Persistent FC IDs 20

Enabling the Persistent FC ID Feature 20

Persistent FC ID Configuration Guidelines 21

Configuring Persistent FC IDs 21

Unique Area FC IDs for HBAs 22

Configuring Unique Area FC IDs for an HBA 22

Persistent FC ID Selective Purging 24

Purging Persistent FC IDs 24

Verifying the fcdomain Configuration 24

Default Settings for Fibre Channel Domains 25

Configuring N Port Virtualization 27

Information About NPV 27

NPV Overview 27

NPV Mode 28

Server Interfaces 28

NP Uplinks 29

FLOGI Operation 29

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

iv OL-27932-01

Contents

NPV Traffic Management Guidelines 30

NPV Guidelines and Limitations 30

Configuring NPV 31

Enabling NPV 31

Configuring NPV Interfaces 32

Configuring an NP Interface 32

Configuring a Server Interface 32

Configuring NPV Traffic Management 32

Configuring NPV Traffic Maps 32

Enabling Disruptive Load Balancing 33

Verifying NPV 33

Verifying NPV Examples 34

CHAPTER 4

Verifying NPV Traffic Management 35

Configuring FCoE NPV 37

Information About FCoE NPV 37

FCoE NPV Model 39

Mapping Requirements 40

Port Requirements 41

NPV Features 41

vPC Topologies 42

Supported and Unsupported Topologies 43

Guidelines and Limitations 47

FCoE NPV Configuration Limits 47

Default Settings 48

Enabling FCoE and Enabling NPV 49

Enabling FCoE NPV 49

Configuring NPV Ports for FCoE NPV 50

Verifying FCoE NPV Configuration 50

Configuration Examples for FCoE NPV 51

CHAPTER 5

Configuring VSAN Trunking 55

Information About VSAN Trunking 55

VSAN Trunking Mismatches 56

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 v

Contents

VSAN Trunking Protocol 56

Configuring VSAN Trunking 57

Guidelines and Limitations 57

Enabling or Disabling the VSAN Trunking Protocol 57

Trunk Mode 57

Configuring Trunk Mode 58

Trunk-Allowed VSAN Lists 59

Configuring an Allowed-Active List of VSANs 61

Displaying VSAN Trunking Information 62

Default Settings for VSAN Trunks 62

CHAPTER 6

Configuring and Managing VSANs 65

Information About VSANs 65

VSAN Topologies 65

VSAN Advantages 68

VSANs Versus Zones 68

Guidelines and Limitations for VSANs 69

About VSAN Creation 70

Creating VSANs Statically 70

Port VSAN Membership 71

Assigning Static Port VSAN Membership 72

Displaying VSAN Static Membership 72

Default VSANs 73

Isolated VSANs 73

Displaying Isolated VSAN Membership 73

Operational State of a VSAN 74

Static VSAN Deletion 74

Deleting Static VSANs 75

About Load Balancing 75

Configuring Load Balancing 75

Interop Mode 77

Displaying the Static VSAN Configuration 77

Default Settings for VSANs 77

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

vi OL-27932-01

Contents

CHAPTER 7

Configuring and Managing Zones 79

Information About Zones 79

Information About Zoning 79

Zoning Features 79

Zoning Example 81

Zone Implementation 81

Active and Full Zone Sets 82

Configuring a Zone 85

Configuration Examples 85

Zone Sets 86

Activating a Zone Set 87

Default Zone 87

Configuring the Default Zone Access Permission 88

FC Alias Creation 88

Creating FC Aliases 89

Creating FC Aliases Example 89

Creating Zone Sets and Adding Member Zones 90

Zone Enforcement 91

Zone Set Distribution 92

Enabling Full Zone Set Distribution 92

Enabling a One-Time Distribution 92

Recovering from Link Isolation 93

Importing and Exporting Zone Sets 94

Zone Set Duplication 94

Copying Zone Sets 95

Renaming Zones, Zone Sets, and Aliases 95

Cloning Zones, Zone Sets, FC Aliases, and Zone Attribute Groups 96

Clearing the Zone Server Database 97

Verifying the Zone Configuration 97

Enhanced Zoning 98

Changing from Basic Zoning to Enhanced Zoning 99

Changing from Enhanced Zoning to Basic Zoning 99

Enabling Enhanced Zoning 100

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 vii

Contents

Modifying the Zone Database 100

Releasing Zone Database Locks 101

Merging the Database 102

Configuring Zone Merge Control Policies 102

Default Zone Policies 103

Configuring System Default Zoning Settings 104

Verifying Enhanced Zone Information 105

Compacting the Zone Database 105

Analyzing the Zone and Zone Set 105

Default Settings for Zones 106

CHAPTER 8

Distributing Device Alias Services 107

Information About Device Aliases 107

Device Alias Features 107

Device Alias Requirements 108

Zone Aliases Versus Device Aliases 108

Device Alias Databases 109

Creating Device Aliases 109

Device Alias Modes 110

Device Alias Mode Guidelines and Limitations for Device Alias Services 110

Configuring Device Alias Modes 111

Device Alias Distribution 112

Locking the Fabric 112

Committing Changes 112

Discarding Changes 113

Overriding the Fabric Lock 114

Disabling and Enabling Device Alias Distribution 114

Legacy Zone Alias Configuration 115

Importing a Zone Alias 115

Device Alias Database Merge Guidelines 116

Verifying the Device Alias Configuration 116

Default Settings for Device Alias Services 117

CHAPTER 9

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

viii OL-27932-01

Managing FLOGI, Name Server, FDMI, and RSCN Databases 119

Contents

Managing FLOGI, Name Server, FDMI, and RSCN Databases 119

Fabric Login 119

Name Server Proxy 120

About Registering Name Server Proxies 120

Registering Name Server Proxies 120

Rejecting Duplicate pWWNs 120

Rejecting Duplicate pWWNs 121

Name Server Database Entries 121

Displaying Name Server Database Entries 122

FDMI 122

Displaying FDMI 123

RSCN 123

About RSCN Information 123

Displaying RSCN Information 123

Multi-pid Option 124

Configuring the multi-pid Option 124

Suppressing Domain Format SW-RSCNs 124

Clearing RSCN Statistics 125

Configuring the RSCN Timer 125

Verifying the RSCN Timer Configuration 126

RSCN Timer Configuration Distribution 126

Enabling RSCN Timer Configuration Distribution 127

Locking the Fabric 127

Committing RSCN Timer Configuration Changes 128

Discarding the RSCN Timer Configuration Changes 128

Clearing a Locked Session 129

Displaying RSCN Configuration Distribution Information 129

Default Settings for RSCN 129

CHAPTER 10

Discovering SCSI Targets 131

Information About SCSI LUN Discovery 131

About Starting SCSI LUN Discovery 131

Starting SCSI LUN Discovery 132

About Initiating Customized Discovery 132

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 ix

Contents

Initiating Customized Discovery 132

Displaying SCSI LUN Information 133

CHAPTER 11

Configuring FC-SP and DHCHAP 135

Information About FC-SP and DHCHAP 135

Fabric Authentication 135

Configuring DHCHAP Authentication 136

DHCHAP Compatibility with Fibre Channel Features 137

About Enabling DHCHAP 137

Enabling DHCHAP 137

DHCHAP Authentication Modes 138

Configuring the DHCHAP Mode 139

DHCHAP Hash Algorithm 140

Configuring the DHCHAP Hash Algorithm 140

DHCHAP Group Settings 141

Configuring the DHCHAP Group Settings 141

DHCHAP Password 141

Configuring DHCHAP Passwords for the Local Switch 142

Password Configuration for Remote Devices 142

CHAPTER 12

Configuring DHCHAP Passwords for Remote Devices 143

DHCHAP Timeout Value 143

Configuring the DHCHAP Timeout Value 143

Configuring DHCHAP AAA Authentication 144

Displaying Protocol Security Information 144

Configuration Examples for Fabric Security 145

Default Settings for Fabric Security 146

Configuring Port Security 149

Information About Port Security 149

Port Security Enforcement 150

Auto-Learning 150

Port Security Activation 150

Configuring Port Security 151

Configuring Port Security with Auto-Learning and CFS Distribution 151

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

x OL-27932-01

Contents

Configuring Port Security with Auto-Learning without CFS 152

Configuring Port Security with Manual Database Configuration 152

Enabling Port Security 153

Port Security Activation 153

Activating Port Security 153

Database Activation Rejection 154

Forcing Port Security Activation 154

Database Reactivation 155

Auto-Learning 156

About Enabling Auto-Learning 156

Enabling Auto-Learning 156

Disabling Auto-Learning 157

Auto-Learning Device Authorization 157

Authorization Scenario 158

Port Security Manual Configuration 159

WWN Identification Guidelines 159

Adding Authorized Port Pairs 160

Port Security Configuration Distribution 161

Enabling Port Security Distribution 161

Locking the Fabric 162

Committing the Changes 162

Discarding the Changes 162

Activation and Auto-Learning Configuration Distribution 163

Merging the Port Security Database 165

Database Interaction 165

Database Scenarios 167

Copying the Port Security Database 168

Deleting the Port Security Database 168

Clearing the Port Security Database 168

Displaying Port Security Configuration 169

Default Settings for Port Security 169

CHAPTER 13

Configuring Fabric Binding 171

Information About Fabric Binding 171

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 xi

Contents

Licensing Requirements for Fabric Binding 171

Port Security Versus Fabric Binding 171

Fabric Binding Enforcement 172

Configuring Fabric Binding 173

Enabling Fabric Binding 173

Switch WWN Lists 173

Configuring Switch WWN List 174

Fabric Binding Activation and Deactivation 174

Activating Fabric Binding 175

Forcing Fabric Binding Activation 175

Copying Fabric Binding Configurations 176

Clearing the Fabric Binding Statistics 176

CHAPTER 14

CHAPTER 15

Deleting the Fabric Binding Database 176

Verifying the Fabric Binding Configuration 177

Default Settings for Fabric Binding 177

Configuring Fabric Configuration Servers 179

Information About FCS 179

FCS Characteristics 180

FCS Name Specification 181

Displaying FCS Information 181

Default FCS Settings 181

Configuring Port Tracking 183

Information About Port Tracking 183

Default Settings for Port Tracking 184

Configuring Port Tracking 185

Enabling Port Tracking 185

Configuring Linked Ports 186

Operationally Binding a Tracked Port 186

Tracking Multiple Ports 186

Tracking Multiple Ports 187

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

xii OL-27932-01

Contents

Monitoring Ports in a VSAN 187

Monitoring Ports in a VSAN 188

Forcefully Shutting down 188

Forcefully Shutting Down a Tracked Port 188

Displaying Port Tracking Information 189

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 xiii

Contents

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

xiv OL-27932-01

Preface

The preface contains the following sections:

Audience, page xv

•

Document Conventions, page xv

•

Related Documentation for Cisco Nexus 6000 Series NX-OS Software, page xvii

•

Documentation Feedback, page xviii

•

Obtaining Documentation and Submitting a Service Request, page xix

•

Audience

This publication is for network administrators who configure and maintain Cisco Nexus devices.

Document Conventions

Note

OL-27932-01 xv

As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have modified the manner in which we document configuration tasks. As a result of this, you may find a deviation in the style used to describe these tasks, with the newly included sections of the document following the new format.

Command descriptions use the following conventions:

DescriptionConvention

bold

Italic

Bold text indicates the commands and keywords that you enter literally as shown.

Italic text indicates arguments for which the user supplies the values.

Square brackets enclose an optional element (keyword or argument).[x]

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

Document Conventions

Preface

DescriptionConvention

[x | y]

Square brackets enclosing keywords or arguments separated by a vertical bar indicate an optional choice.

{x | y}

Braces enclosing keywords or arguments separated by a vertical bar indicate a required choice.

[x {y | z}]

Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element.

variable

Indicates a variable for which you supply values, in context where italics cannot be used.

string

A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

Examples use the following conventions:

DescriptionConvention

Terminal sessions and information the switch displays are in screen font.screen font

Information you must enter is in boldface screen font.boldface screen font

Note

Caution

italic screen font

Arguments for which you supply values are in italic screen font.

Nonprinting characters, such as passwords, are in angle brackets.< >

Default responses to system prompts are in square brackets.[ ]

!, #

An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

This document uses the following conventions:

Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.

Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

xvi OL-27932-01

Preface

Documentation Feedback

Licensing Guide

The License and Copyright Information for Cisco NX-OS Software is available at http://www.cisco.com/en/

US/docs/switches/datacenter/sw/4_0/nx-os/license_agreement/nx-ossw_lisns.html.

Command References

These guides are available at the following URL:

http://www.cisco.com/c/en/us/support/switches/nexus-6000-series-switches/ products-command-reference-list.html

The documents in this category include:

Cisco Nexus 6000 Series NX-OS Fabric Extender Command Reference

•

Cisco Nexus 6000 Series NX-OS FabricPath Command Reference

•

Cisco Nexus 6000 Series NX-OS Fundamentals Command Reference

•

Cisco Nexus 6000 Series NX-OS Interfaces Command Reference

•

Cisco Nexus 6000 Series NX-OS Layer 2 Interfaces Command Reference

•

Preface

Cisco Nexus 6000 Series NX-OS Multicast Routing Command Reference

•

Cisco Nexus 6000 Series NX-OS Quality of Service Command Reference

•

Cisco Nexus 6000 Series NX-OS Security Command Reference

•

Cisco Nexus 6000 Series NX-OS System Management Command Reference

•

Cisco Nexus 6000 Series NX-OS TrustSec Command Reference

•

Cisco Nexus 6000 Series NX-OS Unicast Routing Command Reference

•

Cisco Nexus 6000 Series NX-OS Virtual Port Channel Command Reference

•

Technical References

The Cisco Nexus 6000 Series NX-OS MIB Reference is available at http://www.cisco.com/en/US/docs/switches/

datacenter/nexus6000/sw/mib/reference/NX6000_MIBRef.html.

Error and System Messages

The Cisco Nexus 6000 Series NX-OS System Message Guide is available at http://www.cisco.com/c/en/us/td/

docs/switches/datacenter/nexus6000/sw/system_messages/reference/sl_nxos_book.html.

Troubleshooting Guide

The Cisco Nexus 6000 Series NX-OS Troubleshooting Guide is available at http://www.cisco.com/c/en/us/

support/switches/nexus-6000-series-switches/tsd-products-support-troubleshoot-and-alerts.html.

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, please send your comments to: .

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

xviii OL-27932-01

Preface

Obtaining Documentation and Submitting a Service Request

We appreciate your feedback.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.

To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's

New in Cisco Product Documentation RSS feed. RSS feeds are a free service.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 xix

Obtaining Documentation and Submitting a Service Request

Preface

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

xx OL-27932-01

Overview

This chapter contains the following sections:

SAN Switching Overview, page 1

•

SAN Switching Overview

This chapter provides an overview of SAN switching for Cisco NX-OS devices. This chapter includes the following sections:

Domain Parameters

The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID distribution, FC ID allocation, and fabric reconfiguration functions as described in the FC-SW-2 standards. The domains are configured per VSAN . If you do not configure a domain ID, the local switch uses a random ID.

N Port Virtualization

CHAPTER 1

Cisco NX-OS software supports industry-standard N port identifier virtualization (NPIV), which allows multiple N port fabric logins concurrently on a single physical Fibre Channel link. HBAs that support NPIV can help improve SAN security by enabling zoning and port security to be configured independently for each virtual machine (OS partition) on a host. In addition to being useful for server connections, NPIV is beneficial for connectivity between core and edge SAN switches.

VSAN Trunking

Trunking, also known as VSAN trunking, enables interconnect ports to transmit and receive frames in more than one VSAN over the same physical link. Trunking is supported on E ports and F ports.

SAN Port Channels

PortChannels aggregate multiple physical ISLs into one logical link with higher bandwidth and port resiliency for Fibre Channel traffic. With this feature, up to 16 expansion ports (E-ports) or trunking E-ports (TE-ports) can be bundled into a PortChannel. ISL ports can reside on any switching module, and they do not need a designated master port. If a port or a switching module fails, the PortChannel continues to function properly without requiring fabric reconfiguration.

Cisco NX-OS software uses a protocol to exchange PortChannel configuration information between adjacent switches to simplify PortChannel management, including misconfiguration detection and autocreation of PortChannels among compatible ISLs. In the autoconfigure mode, ISLs with compatible parameters automatically form channel groups; no manual intervention is required.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 1

SAN Switching Overview

PortChannels load balance Fibre Channel traffic using a hash of source FC-ID and destination FC-ID, and optionally the exchange ID. Load balancing using PortChannels is performed over both Fibre Channel and FCIP links. Cisco NX-OS software also can be configured to load balance across multiple same-cost FSPF routes.

Virtual SANs

Virtual SANs (VSANs) partition a single physical SAN into multiple VSANs. VSANs allow the Cisco NX-OS software to logically divide a large physical fabric into separate, isolated environments to improve Fibre Channel SAN scalability, availability, manageability, and network security.

Each VSAN is a logically and functionally separate SAN with its own set of Fibre Channel fabric services. This partitioning of fabric services greatly reduces network instability by containing fabric reconfiguration and error conditions within an individual VSAN. The strict traffic segregation provided by VSANs can ensure that the control and data traffic of a specified VSAN are confined within the VSAN's own domain, which increases SAN security. VSANs can reduce costs by facilitating consolidation of isolated SAN islands into a common infrastructure without compromising availability.

You can create administrator roles that are limited in scope to certain VSANs. For example, you can set up a network administrator role to allow configuration of all platform-specific capabilities and other roles to allow configuration and management only within specific VSANs. This approach improves the manageability of large SANs and reduces disruptions due to human error by isolating the effect of a user action to a specific VSAN whose membership can be assigned based on switch ports or the worldwide name (WWN) of attached devices.

VSANs are supported across Fibre Channel over IP (FCIP) links between SANs, which extends VSANs to include devices at a remote location. The Cisco SAN switches also implement trunking for VSANs. Trunking allows Inter-Switch Links (ISLs) to carry traffic for multiple VSANs on the same physical link.

Zoning

Overview

Zoning provides access control for devices within a SAN. The Cisco NX-OS software supports the following types of zoning:

N port zoning-Defines zone members based on the end-device (host and storage) port.

•

WWN

◦

Fibre Channel identifier (FC-ID)

◦

Fx port zoning-Defines zone members based on the switch port.

•

WWN

◦

WWN plus the interface index, or domain ID plus the interface index

◦

Domain ID and port number (for Brocade interoperability)

•

iSCSI zoning-Defines zone members based on the host zone.

•

iSCSI name

◦

IP address

◦

LUN zoning-When combined with N port zoning, logical unit number (LUN) zoning helps ensure that

•

LUNs are accessible only by specific hosts, providing a single point of control for managing heterogeneous storage-subsystem access.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

2 OL-27932-01

Overview

SAN Switching Overview

Read-only zones-An attribute can be set to restrict I/O operations in any zone type to SCSI read-only

•

commands. This feature is useful for sharing volumes across servers for backup, data warehousing, and so on.

Broadcast zones-An attribute can be set for any zone type to restrict broadcast frames to members of

•

the specific zone.

To provide strict network security, zoning is always enforced per frame using access control lists (ACLs) that are applied at the ingress switch. All zoning polices are enforced in the hardware, and none of them cause performance degradation. Enhanced zoning session-management capabilities further enhance security by allowing only one user at a time to modify zones.

Device Alias Services

The software supports Device Alias Services (device alias) on per VSAN and fabric wide. Device alias distribution allows you to move host bus adapters (HBAs) between VSANs without manually reentering alias names.

Fibre Channel Routing

Fabric Shortest Path First (FSPF) is the protocol used by Fibre Channel fabrics. FSPF is enabled by default on all Fibre Channel switches. You do not need to configure any FSPF services except in configurations that require special consideration. FSPF automatically calculates the best path between any two switches in a fabric. Specifically, FSPF is used to perform these functions:

Dynamically compute routes throughout a fabric by establishing the shortest and quickest path between

•

any two switches.

Select an alternative path if a failure occurs on a given path. FSPF supports multiple paths and

•

automatically computes an alternative path around a failed link. FSPF provides a preferred route when two equal paths are available.

SCSI Targets

Small Computer System Interface (SCSI) targets include disks, tapes, and other storage devices. These targets do not register logical unit numbers (LUNs) with the name server. The SCSI LUN discovery feature is initiated on demand, through CLI or SNMP. This information is also synchronized with neighboring switches, if those switches belong to the Cisco Nexus device.

Advanced Fibre Channel Features

You can configure Fibre Channel protocol-related timer values for distributed services, error detection, and resource allocation.

You must uniquely associate the WWN to a single switch. The principal switch selection and the allocation of domain IDs rely on the WWN. .

Fibre Channel standards require that you allocate a unique FC ID to an N port that is attached to an F port in any switch.

FC-SP and DHCHAP

The Fibre Channel Security Protocol (FC-SP) provides switch-to-switch and hosts-to-switch authentication to overcome security challenges for enterprise-wide fabrics. The Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco SAN switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman exchange.

With FC-SP, switches, storage devices, and hosts can prove their identity through a reliable and manageable authentication mechanism. With FC-SP, Fibre Channel traffic can be secured per frame to prevent snooping

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 3

SAN Switching Overview

and hijacking even over untrusted links. A consistent set of policies and management actions are propagated through the fabric to provide a uniform level of security across the entire fabric.

Port Security

The port security feature prevents unauthorized access to a switch port by binding specific world-wide names (WWNs) that have access to one or more given switch ports.

When port security is enabled on a switch port, all devices connecting to that port must be in the port security database and must be listed in the database as bound to a given port. If both of these criteria are not met, the port will not achieve an operationally active state and the devices connected to the port will be denied access to the SAN.

Fabric Binding

Fabric binding ensures Inter-Switch Links (ISLs) are enabled only between specified switches in the fabric binding configuration, which prevents unauthorized switches from joining the fabric or disrupting the current fabric operations. This feature uses the Exchange Fabric Membership Data (EEMD) protocol to ensure that the list of authorized switches is identical in all of the switches in a fabric.

Fabric Configuration Servers

The Fabric Configuration Server (FCS) provides discovery of topology attributes and maintains a repository of configuration information of fabric elements. A management application is usually connected to the FCS on the switch through an N port. Multiple VSANs constitute a fabric, where one instance of the FCS is present per VSAN.

Overview

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

4 OL-27932-01

CHAPTER 2

Configuring Fibre Channel Domain Parameters

This chapter describes how to configure Fibre Channel domain parameters.

This chapter includes the following sections:

Information About Domain Parameters, page 5

•

Information About Domain Parameters

The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID distribution, FC ID allocation, and fabric reconfiguration functions as described in the FC-SW-2 standards. The domains are configured on a per-VSAN basis. If you do not configure a domain ID, the local switch uses a random ID.

Caution

Changes to fcdomain parameters should not be performed on a daily basis. These changes should be made by an administrator or individual who is completely familiar with switch operations.

When you change the configuration, be sure to save the running configuration. The next time you reboot the switch, the saved configuration is used. If you do not save the configuration, the previously saved startup configuration is used.

Fibre Channel Domains

The fcdomain has four phases:

• Principal switch selection—This phase guarantees the selection of a unique principal switch across the

fabric.

• Domain ID distribution—This phase guarantees that each switch in the fabric obtains a unique domain

ID.

• FC ID allocation—This phase guarantees a unique FC ID assignment to each device attached to the

corresponding switch in the fabric.

• Fabric reconfiguration—This phase guarantees a resynchronization of all switches in the fabric to ensure

they simultaneously restart a new principal switch selection phase.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 5

Fibre Channel Domains

The following figure shows an example fcdomain configuration.

Figure 1: Sample fcdomain Configuration

Configuring Fibre Channel Domain Parameters

Domain Restarts

Fibre Channel domains can be started disruptively or nondisruptively. If you perform a disruptive restart, reconfigure fabric (RCF) frames are sent to other switches in the fabric and data traffic is disrupted on all the switches in the VSAN (including remotely segmented ISLs). If you perform a nondisruptive restart, build fabric (BF) frames are sent to other switches in the fabric and data traffic is disrupted only on the switch.

If you are attempting to resolve a domain ID conflict, you must manually assign domain IDs. A disruptive restart is required to apply most configuration changes, including manually assigned domain IDs. Nondisruptive domain restarts are acceptable only when changing a preferred domain ID into a static one (and the actual domain ID remains the same).

Note

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

6 OL-27932-01

A static domain is specifically configured by the user and may be different from the runtime domain. If the domain IDs are different, the runtime domain ID changes to take on the static domain ID after the next restart, either disruptive or nondisruptive.

If a VSAN is in interop mode, you cannot disruptively restart the fcdomain for that VSAN.

Configuring Fibre Channel Domain Parameters

You can apply most of the configurations to their corresponding runtime values. Each of the following sections provide further details on how the fcdomain parameters are applied to the runtime values.

The fcdomain restart command applies your changes to the runtime settings. Use the disruptive option to apply most of the configurations to their corresponding runtime values, including preferred domain IDs.

Restarting a Domain

You can restart the fabric disruptively or nondisruptively.

Procedure

Fibre Channel Domains

PurposeCommand or Action

Step 1

Example:

switch# configure terminal switch(config)#

Step 2

Step 3

fcdomain restart vsan vsan-id

Example:

switch (config)# fcdomain restart vsan 100

switch(config)# fcdomain restart disruptive vsan

vsan-id

Example:

switch (config)# fcdomain restart disruptive vsan 101

Domain Manager Fast Restart

When a principal link fails, the domain manager must select a new principal link. By default, the domain manager starts a build fabric (BF) phase, followed by a principal switch selection phase. Both of these phases involve all the switches in the VSAN, and together take at least 15 seconds to complete. To reduce the time required for the domain manager to select a new principal link, you can enable the domain manager fast restart feature.

When fast restart is enabled and a backup link is available, the domain manager needs only a few milliseconds to select a new principal link to replace the one that failed. Also, the reconfiguration required to select the new principal link only affects the two switches that are directly attached to the failed link, not the entire VSAN. When a backup link is not available, the domain manager reverts to the default behavior and starts a BF phase, followed by a principal switch selection phase. The fast restart feature can be used in any interoperability mode.

Enters global configuration mode.configure terminal

Forces the VSAN to reconfigure without traffic disruption. The VSAN ID ranges from 1 to 4093.

Forces the VSAN to reconfigure with data traffic disruption.

Enabling Domain Manager Fast Restart

You can enable the domain manager fast restart feature.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 7

Fibre Channel Domains

Procedure

Configuring Fibre Channel Domain Parameters

PurposeCommand or Action

Step 1

Step 2

Step 3

Switch Priority

By default, the configured priority is 128. The valid range to set the priority is between 1 and 254. Priority 1 has the highest priority. Value 255 is accepted from other switches, but cannot be locally configured.

Any new switch cannot become the principal switch when it joins a stable fabric. During the principal switch selection phase, the switch with the highest priority becomes the principal switch. If two switches have the same configured priority, the switch with the lower world-wide name (WWN) becomes the principal switch.

The priority configuration is applied to runtime when the fcdomain is restarted. This configuration is applicable to both disruptive and nondisruptive restarts.

Example:

switch# configure terminal switch(config)#

fcdomain optimize fast-restart vsan vsan-id

Example:

switch(config)# fcdomain optimize fast-restart vsan 1

no fcdomain optimize fast-restart vsan vsan-id

Example:

switch(config)# no fcdomain optimize fast-restart vsan 1

Enters global configuration mode.configure terminal

Enables domain manager fast restart in the specified VSAN. The VSAN ID range is from 1 to 4093.

Disables (default) domain manager fast restart in the specified VSAN. The VSAN ID range is from 1 to 4093.

Configuring Switch Priority

You can configure the priority for the principal switch.

Procedure

PurposeCommand or Action

Step 1

Example:

switch# configure terminal switch(config)#

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

8 OL-27932-01

Enters global configuration mode.configure terminal

Configuring Fibre Channel Domain Parameters

Fibre Channel Domains

PurposeCommand or Action

Step 2

Step 3

fcdomain priority number vsan vsan-id

Example:

switch(config)# fcdomain priority 12

vsan 1

no fcdomain priority number vsan vsan-id

Example:

switch(config)# no fcdomain priority

12 vsan 1

About fcdomain Initiation

By default, the fcdomain feature is enabled on each switch. If you disable the fcdomain feature in a switch, that switch can no longer participate with other switches in the fabric. The fcdomain configuration is applied to runtime through a disruptive restart.

Disabling or Reenabling fcdomains

To disable or reenable fcdomains in a single VSAN or a range of VSANs, perform this task:

Configures the specified priority for the local switch in the specified VSAN. The fcdomain priority ranges from 1 to 254. The VSAN ID ranges from 1 to 4093.

Reverts the priority to the factory default (128) in the specified VSAN. The fcdomain priority ranges from 1 to 254. The VSAN ID ranges from 1 to 4093.

Procedure

Step 1

Step 2

Step 3

Configuring Fabric Names

You can set the fabric name value for a disabled fcdomain.

switch(config)# no fcdomain vsan vsan-id

- vsan-id

switch(config)# fcdomain vsan vsan-id

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Disables the fcdomain configuration in the specified VSAN range.

Enables the fcdomain configuration in the specified VSAN.

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

OL-27932-01 9

Fibre Channel Domains

Procedure

Configuring Fibre Channel Domain Parameters

PurposeCommand or Action

Step 1

Step 2

Step 3

Incoming RCFs

You can configure the rcf-reject option on a per-interface, per-VSAN basis. By default, the rcf-reject option is disabled (that is, RCF request frames are not automatically rejected).

The rcf-reject option takes effect immediately.

No fcdomain restart is required.

Example:

switch# configure terminal switch(config)#

fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan vsan-id

Example:

switch(config)# fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan 1

no fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan vsan-id

Example:

switch(config)# no fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan 1

Enters global configuration mode.configure terminal

Assigns the configured fabric name value in the specified VSAN. The VSAN ID ranges from 1 to 4093.

Changes the fabric name value to the factory default (20:01:00:05:30:00:28:df) in VSAN

3010. The VSAN ID ranges from 1 to 4093.

You do not need to configure the RCF reject option on virtual Fibre Channel interfaces.Note

Rejecting Incoming RCFs

You can reject incoming RCF request frames.

Procedure

PurposeCommand or Action

Step 1

Example:

switch# configure terminal switch(config)#

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

10 OL-27932-01

Enters global configuration mode.configure terminal

+ 186 hidden pages

Cisco Nexus 6000 Series Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x

CONTENTS

Preface

Audience

Document Conventions

Related Documentation for Cisco Nexus 6000 Series NX-OS Software

Documentation Feedback

Obtaining Documentation and Submitting a Service Request

Overview

SAN Switching Overview

Configuring Fibre Channel Domain Parameters

Information About Domain Parameters

Fibre Channel Domains

Domain Restarts

Restarting a Domain

Domain Manager Fast Restart

Enabling Domain Manager Fast Restart

Switch Priority

Configuring Switch Priority

About fcdomain Initiation

Disabling or Reenabling fcdomains

Configuring Fabric Names

Incoming RCFs

Rejecting Incoming RCFs