620-000134-00011/2001Initial release of Manual
620-000134-10005/2002Updates for E/OS 2.0
620-000134-20008/2002Updates for E/OS 3.0
620-000134-30009/2002Updates for E/OS 4.0
620-000134-40010/2002Updates for E/OS 4.1
620-000134-50010/2002Updates for E/OS 4.1 CD-ROM final
620-000134-6002/2003Updates for E/OS 5.1 and EFCM 7.1
620-000134-6017/2003Updates for E/OS 5.5
620-000134-70010/2003Updates for E/OS 6.0
620-000134-71012/2003Updates for E/OS 6.1
620-000134-7206/2004Updates for E/OS 6.2
620-000134-73001/2005Updates for E/OS 7.0
No part of this publication may be reproduced or distributed in any form or by any means, or stored in a
database or retrieval system, without the prior written consent of McDATA Corporation. The information
contained in this document is subject to change without notice. McDATA Corporation assumes no
responsibility for any errors that may appear.
All computer software programs, including but not limited to microcode, described in this document are
furnished under a license, and may be used or copied only in accordance with the terms of such license.
McDATA either owns or has the right to license the computer software programs described in this document.
McDATA Corporation retains all rights, title and interest in the computer software programs.
McDATA Corporation makes no warranties, expressed or implied, by operation of law or otherwise, relating
to this document, the products or the computer software programs described herein. McDATA
CORPORATION DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
A PARTICULAR PURPOSE. In no event shall McDATA Corporation be liable for (a) incidental, indirect,
special, or consequential damages or (b) any damages whatsoever resulting from the loss of use, data or
profits, arising out of this document, even if advised of the possibility of such damages.
Enterprise Operating System Command Line Interface User Manual
property of such parties and are reprinted with limited use permission. All other trademarks are the property
of their respective companies. All specifications subject to change.
Enterprise Operating System Command Line Interface User Manual
iii
iv
Enterprise Operating System Command Line Interface User Manual
B-1Commands and Releases ............................................................................. B-1
Table s
xiii
Tab les
xiv
Enterprise Operating System Command Line Interface User Manual
Preface
This publication is part of the documentation suite that supports the
McDATA® Sphereon™ 3016 Fabric Switch, Sphereon 3032 Fabric
Switch, Sphereon 3216 Fabric Switch, Sphereon 3232 Fabric Switch,
Sphereon 4300 Fabric Switch, Sphereon 4500 Fabric Switch,
Intrepid
®
6064 Director, and Intrepid 6140 Director.
Who Should Use This
Manual
This publication describes the commands that can be entered through
the Command Line Interface (CLI) for the Intrepid
®
6064 Director,
and Intrepid 6140 Director, Sphereon™ 3016 Switch, Sphereon 3032
Switch, Sphereon 3216 Switch, Sphereon 3232 Switch, Sphereon 4300
Switch, and Sphereon 4500 Switch. (A limited number of these
commands are available on the ED-5000 Director.) Access through a
Telnet client is presumed.
This publication is intended for data center administrators and
customer support personnel, who can either enter the commands
manually or write a script containing them. However, the primary
purpose of the Command Line Interface is for scripts written by these
administrators and personnel for use in a host-based scripting
environment. Therefore, this publication presumes that the user is
familiar with:
•Establishing and using a Telnet session
•Using the command line of a terminal
•Writing scripts
•Networking, SAN, and zoning concepts
•McDATA products in the user’s network
Preface
xv
Preface
The publications listed in Related Publications provide considerable
information about both concepts and McDATA products.
Organization of This
Manual
This publication is organized as follows:
•Chapter 1,Introduction, provides an introduction and overview of
the Command Line Interface.
•Chapter 2,CLI Commands, describes the Command Line Interface
commands, including their syntax, purpose, and parameters, as
well as examples of their usage and any output that they
generate.
•Appendix A, Error Messages lists and explains error messages that
may appear while using the CLI.
•Appendix B, Commands and Corresponding Releases lists each
command in the CLI and the release in which the command was
added to the CLI.
•The Glossary defines terms, abbreviations, and acronyms used in
this manual.
•An Index is also provided.
Manual UpdatesCheck the McDATA web site at www.mcdata.com for possible
updates or supplements to this manual.
xvi
Related PublicationsOther publications that provide additional information about the
products mentioned in this manual are:
•Configuration Backup and Restore Utility Installation and User Guide
(958-000370)
•Products in a SAN Environment - Planning Manual (620-000124)
•McDATA ED-5000 Director Element Manager User Manual
(620-000176)
•Intrepid 6064 Director Installation and Service Manual (620-000108)
•Intrepid 6140 and 6064 Directors Element Manager User Manual
(620-000172)
•Intrepid 6140 Director Installation and Service Manual (620-000157)
•E/OSn SNMP Support Manual (620-000226)
•SANpilot User Manual (620-000160)
Enterprise Operating System Command Line Interface User Manual
•Sphereon 3016 and 3216 Fabric Switch Element Manager User Manual
(620-000174)
•Sphereon 3016 and 3216 Fabric Switches Installation and Service Manual (620-000154)
•Sphereon 3032 and 3232 Fabric Switch Element Manager User Manual
(620-000173)
•Sphereon 3032 and 3232 Fabric Switches Installation and Service Manual (620-000155)
•Sphereon 4300 Fabric Switch Installation and Service Manual
(620-000171)
•Sphereon 4500 Fabric Switch Installation and Service Manual
(620-000159)
•Sphereon 4500 Fabric Switch Element Manager User Manual
(620-000175)
Manual ConventionsThe following notational conventions are used in this document:
Preface
ConventionMeaning
BoldKeyboard keys, buttons and switches on hardware products,
and screen prompts for the Command Line Interface.
Italic
Monospaced
NOTE: A note presents important information that is not hazard-related.
ATTENTION! An attention notice presents important information about
activities that could result in loss of equipment function or loss of data.
Outside book references, names of user interface windows,
buttons, and dialog boxes.
Command syntax, examples of commands, output.
Where to Get HelpFor technical support, McDATA end-user customers should call the
phone number located on the service label attached to the front or
rear of the hardware product.
For IBM products, contact IBM for technical support, which includes
hardware support, all product repairs, and ordering of spare parts.
Go to:
http://www.ibm.com/servers/storage/support/san/index.html.
Preface
xvii
Preface
McDATA’s “Best in Class” Solution Center provides a single point of
contact for customers seeking help with McDATA software products.
The Solution Center will research, explore, and resolve inquiries or
service requests regarding McDATA products and services. The
Solution Center is staffed 24 hours a day, 7 days a week, including
holidays.
NOTE: To expedite warranty entitlement, please have your product serial
number available.
McDATA Corporation
380 Interlocken Crescent
Broomfield, CO 80021
NOTE: Customers who purchased the hardware product from a company
other than McDATA should contact that company’s service representative for
technical support.
Forwarding
Publication
Comments
We sincerely appreciate any comments about this publication. Did
you find this manual easy or difficult to use? Did it lack necessary
information? Were there any errors? Could its organization be
improved?
Please send your comments via e-mail, our home page, or FAX.
Identify the manual, and provide page numbers and specific detail.
Thank you.
E-mail:pubsmgr@mcdata.com
Home Page: http://www.mcdata.com
Fax:Technical Communi cation s Manager
(720) 558-8999
Ordering PublicationsTo order a paper copy of this manual, contact your McDATA
representative, or use the contact information listed below.
xviii
Enterprise Operating System Command Line Interface User Manual
Phone: (800) 545-5773 and select the option for information on
McDATA’s complete family of enterprise-to-edge SAN solutions.
Preface
Fax: (720) 558-4193
TrademarksThe following terms, indicated by a registered trademark symbol (®)
or trademark symbol (™) on first use in this publication, are
trademarks of McDATA Corporation in the United States, other
countries, or both:
All other trademarked terms, indicated by a registered trademark
symbol (®) or trademark symbol (™) on first use in this publication,
are trademarks of their respective owners in the United States, other
countries, or both.
Preface
xix
Preface
xx
Enterprise Operating System Command Line Interface User Manual
1
Introduction
This chapter introduces the Command Line Interface (CLI) and
describes the essentials for using the CLI commands.
•Command Line Interface Overview......................................................1-2
•Entering Command Line Interface Commands....................................1-3
•Logging In and Logging Out..............................................................1-14
•Using the commaDelim Command ....................................................1-17
•Handling Command Line Interface Errors.........................................1-18
•Using the Command Line Interface Help...........................................1-19
•Backup and Restoration......................................................................1-23
Introduction
1-1
Command Line Interface Overview
1
Command Line Interface Overview
The Command Line Interface (CLI) is a feature that provides an
alternative to Graphical User Interface (GUI) and web-based (HTTP)
interface products for director and switch management capabilities.
The CLI can only be used through a Telnet client session in an
out-of-band management environment, using the Ethernet port in the
director or switch. Although the primary use of the CLI is in
host-based scripting environments, the CLI commands can also be
entered directly at a command line. Any hardware platform that
supports the Telnet client software can be used.
The primary purpose of the CLI is to automate management of a
large number of switches with the use of scripts.
Because the CLI is not an interactive interface, no prompts are
displayed to guide the user through a task. If an interactive interface
is needed, use the GUI-based or web-based SAN management
applications instead of the CLI.
1-2
Enterprise Operating System Command Line Interface User Manual
Entering Command Line Interface Commands
Entering Command Line Interface Commands
The CLI commands can be entered directly at the command line of a
terminal or coded in a script.
Note that the CLI commands are not case sensitive.
1
Documentation
Conventions
Navigation
Conventions
Throughout this publication, periods are used to separate the
components of a command name. However, the periods cannot be
included when the command is actually entered at the terminal or
coded in a script. (How to enter the commands is explained in
Navigation of the CLI Command Tree on page 1-12.)
Even though the commands cannot be entered with the periods, the
command line prompts do include the periods.
Config.Port>
Basic command line navigation conventions are supported. The
following table includes the asynchronous commands that are
recognized by the CLI.
Table 1-1CLI Command Tree Navigation Conventions
Character SequenceCommon NameAction or Description
<CR>Carriage ReturnPass a completed line to the
parser.
<DEL>DeleteBackspace one character
and delete the character.
<NL>New LinePass a completed line to the
<SP>SpaceUsed to separate keywords.
#Pound SignUsed to designate
?Question MarkProvide help information.
“Quotation MarkUsed to surround a single
^AControl-APosition the cursor to the
parser.
comments in a script.
token.
start of the line.
Introduction
1-3
Entering Command Line Interface Commands
1
Table 1-1CLI Command Tree Navigation Conventions (Continued)
Character SequenceCommon NameAction or Description
^BControl-BPosition the cursor left one
character.
^DControl-DDelete the current character.
^EControl-EPosition the cursor to the
end of the line.
^FControl-FPosition the cursor right one
character.
^HControl-HBackspace one character
and delete the character.
^ITabComplete the current
keyword.
^KControl-KDelete to the end of the line.
^LControl-LRedraw the line.
^NControl-NMove down one line in the
command history.
^PControl-PMove up one line in the
command history.
^RControl-RRedraw the line.
^UControl-UClear the input and reset the
line buffer.
^XControl-XClear the input and reset the
line buffer.
<ESC>[AUp ArrowMove up one line in the
command history.
<ESC>[BDown ArrowMove down one line in the
command history.
<ESC>[CRight ArrowPosition the cursor right one
character.
<ESC>[DLeft ArrowPosition the cursor left one
character.
1-4
Enterprise Operating System Command Line Interface User Manual
Entering Command Line Interface Commands
1
Command Tree
The command tree of the CLI begins from the root. Table 1-2 shows
the CLI command tree. The commands in the four extended branches
(config, maint, perf, and show) are described in Chapter 2,CLI
Commands.
The following commands are not listed in the command tree, but are
globally available and are documented in this chapter:
•login (see login on page 1-15)
•logout (see logout on page 1-16)
•commaDelim (see Using the commaDelim Command on page 1-17)
Table 1-2 shows the command tree hierarchy from the root, reading
from left to right.
Table 1-2CLI Command Tree
config---------- enterpriseFabMode--- setState
features ----------------- enterpriseFabMode
ficonMS
installKey
NPIV
openSysMS
openTrunking
show
fencing------------------- addPolicy
addPort
deletePolicy
removePort
setParams
setState
show
showTypeT able
ficonCUPZoning------- addControlHost
deleteControlHost
setState
show
ficonMS------------------ setMIHPTO
setState
show
Introduction
1-5
Entering Command Line Interface Commands
1
Table 1-2CLI Command Tree (Continued)
ip-------------------------- ethernet
lineSpeed
show
setHostCtrlState
NPIV---------------------maxPortIDs
setState
show
openSysMS------------setState
port ----------------------- blocked
fan
name
rxCredits
show
showPortAddr
speed
swapPortByAddr
swapPortByNum
type
switchBinding
snmp
switch
system
thresholdAlerts--------alerts
log
zoning
Entering Command Line Interface Commands
1
Note that the commands are shown, with the exception of the zoning
commands, in alphabetical order to make them easier to locate.
Although the commands can be entered in any order, depending on
the results desired, the order shown in Table 1-2,CLI Command Tree,
page 1-5 for the zoning commands is a typical order in which the
zoning commands are entered.
Note that the order in which commands are entered determines the
order in which the show commands display the values. Refer to
Chapter 2,CLI Commands for examples of show commands output.
Introduction
1-11
Entering Command Line Interface Commands
1
Navigation of the
CLI Command Tree
Once the administrator or operator logs in and receives the Root>
prompt, the CLI commands are accessed by navigating up and down
the CLI command tree.
To move from the root through the any of the four extended branches,
enter the name of the next branch as shown in Table 1-2,CLI
Command Tree, page 1-5. For example, to use the config.port.name
command to configure the name for port 4 on the switch, this series of
commands is entered:
Root> config
Config> port
Config.Port> name 4 "Sam’s Tape Drive"
At this point, to enter the maint.port.beacon command to set the
beaconing state of port 4, the following series of commands is
entered:
Note that you must return all the way to the root of the tree to
transition to another extended branch. When traversing back to the
root, the name of each branch cannot be used. Instead use the
double-dot command (two periods) to move back towards the root.
Note that only one double-dot command may be entered at a time.
1-12
One approach to making the navigation more concise is to use the
root command to jump directly to the root of the CLI command tree.
The previous example, which shows stepping back to the root with
the double-dot command, is simplified as follows:
Config.Port> root
Root> maint
Maint> port
Maint.Port> beacon 4 true
Another approach to making the navigation more concise is to use
the complete command syntax from the Root> prompt each time. For
example, to issue the config.port.name command and then the
maint.port.beacon command, the commands are entered as follows:
Root> config port name 4 "Sam’s Tape Drive"
Root> maint port beacon 4 true
Enterprise Operating System Command Line Interface User Manual
Entering Command Line Interface Commands
As shown in this example, use of the complete command syntax
avoids navigating up and down the branches of the CLI command
tree, and the prompt stays at the root. The use of complete command
syntax is particularly useful when writing scripts.
When coding a script, remember to code the appropriate character
sequences, which are described in Navigation Conventions on page 1-3.
Root> config port name 4 "Sam’s Tape Drive"<CR>
Root> maint port beacon 4 true<CR>
1
Limitation on
Movements
As the commands are entered, they are recorded in a history log.
Note these limitations on movement that result from use of the
history log:
•If a command has more than 60 characters, the command runs,
but the command is not recorded in the history log, and the
position in the tree does not change, as shown in the following
example. Because the command is not recorded in the history, a
subsequent asynchronous command (navigation command)
cannot depend on it.
•Whenever the position in the CLI command tree moves to a new
branch (for example, config to maint, config to config.port, or
config.port to config), the history log is cleared. In this case, any
asynchronous commands (for example, the up-arrow command
<ESC>[A or the up-arrow keyboard symbol) cannot move the
position back towards the root, as shown in this example:
Root> config
Root.Config> port
Root.Config.Port> <ESC>[A
Root.Config.Port>
Parameters
Some command parameters accept character strings that include
spaces. Quotation marks are required when a string includes spaces.
Config.System> location Building_24_Room_16
Config.System> location "Building 24 Room 16"
Introduction
1-13
Logging In and Logging Out
1
If spaces are not included in a parameter that accepts a string, the
quotation marks are not required around that string.
To include quotation marks in a string, use the escape character (\)
before the quotation marks.
A null string can be created by using the quotation marks without
any space between them.
Config.System> location ""
Output
All output from the CLI commands is limited to the standard 80
columns supported by most Telnet interfaces. The output is
left-justified.
Logging In and Logging Out
The CLI allows a single Telnet client to be connected to the switch. If a
Telnet client logs out, or if after 15 minutes of inactivity the client’s
access times out, another Telnet client may log in. Also note that the
Telnet client (user) must log in any time the director or switch is
restarted because the current user’s access is lost. Examples of a
restart include an IPL and any power-off situation.
User Access Rights
The CLI supports two user access rights: administrator and operator.
A user who logs in with administrator access rights can use all of the
commands described in this publication. Operator access rights grant
permission to use only the perf and show branches of the CLI
command tree (for example, the perf.traffic and show.system
commands) with the following exceptions: operator rights cannot
access the show.preferredPath, show.security, and
show.thresholdAlerts commands. Operators can also execute the
globally available commands (login, logout, and commaDelim).
Passwords and
Secrets
1-14
Enterprise Operating System Command Line Interface User Manual
Some commands require the user to enter a password or secret before
the command can be executed.
Passwords can be ASCII characters in the range of 32 to 126.
Secrets can be any ASCII character (0-255). Non-printable and
extended ASCII characters can be entered by using a backslash. Two
Logging In and Logging Out
hexadecimal characters must follow the backslash. All printable
ASCII characters can be entered using the keyboard or using its
hexadecimal value except for the backslash character. If a backslash
is desired as part of the password its hexadecimal representation
must be used. Spaces are valid, but if they appear at the begging of
the password then they will be ignored. The following are examples
of valid secrets.
simplesecret****
This is an example of a secret that does not use any special characters.
\40\72\A3\F9\12\13\14\15\16\17\18\19\55\33\87\42
This is an example of a secret of length 4 that is configured using the
hexadecimal representation.
a9p\40\40xx\44\88kutfe\89h
This is an example of a secret that has a length of 7 characters that are
composed of a mix using hexadecimal and the printable ASCII
characters.
1
login
Syntaxlogin
PurposeThis command allows a Telnet client to connect to the switch.
DescriptionThis command allows the user to log in with either administrator or
operator access rights. The default passwords are password.
The login command is called automatically by the CLI each time a
new Telnet session is activated, as well as each time new
administrator access rights are configured.
After the login command is issued, the Username: prompt
automatically displays. After a valid user name is entered, the
Password: prompt automatically displays. After the corresponding
valid password is entered, the Root> prompt displays. At this
prompt the user may enter any of the commands included in
Table 1-2,CLI Command Tree, page 1-5.
When users are prompted to change the password when logging in,
they can enter the default password (password). This will be accepted.
However, at the next login, they will again be required to change the
password, if the default password is still being used. When the user
Introduction
1-15
Logging In and Logging Out
1
enters the default password when prompted to change the password,
the data portion of the security log entry for CLI login includes
“password not changed.”
A user name and password can be set by the administrator through
the config.security.authentication.user.add command or through the
config.security.authentication.user.modify command.
The access rights chosen for the CLI are completely independent of
the other product interfaces, for example, SNMP or McDATA product
interfaces.
ParametersThis command has no parameters.
Command Examples
logout
Syntaxlogout
PurposeThis command allows a Telnet client to disconnect from the switch.
DescriptionThis command logs out the single Telnet client connected to the
ParametersThis command has no parameters.
Command Examples
login
Username: Administrator
Password: password
login
Username: Operator
Password: password
switch. This command can be entered at any point in the command
tree.
Root> logout
Config> logout
1-16
Enterprise Operating System Command Line Interface User Manual
Config.Port> logout
Using the commaDelim Command
Note that the output examples shown in the other sections of this
publication presume that commaDelim is off.
commaDelim
SyntaxcommaDelim enable
PurposeThis command enables the user to obtain displayed information in
comma-delimited, rather than tabular, format. Tabular format is the
default.
DescriptionThis command can be entered at any point in the command tree.
ParameterThis command has one parameter
enableSpecifies the comma-delineated state for
output. Valid values are true and false. Boolean 1
and 0 may be substituted as values.
Using the commaDelim Command
1
Command Examples
Root> commaDelim true
Config> commaDelim 1
Config.Port> commaDelim false
Output ExampleOutput displayed in commaDelim mode is as follows:
•An error associated with the interface. For example, a keyword is
misspelled or does not exist.
Root> confg
Error 234: Invalid Command
•An error associated with fabric or switch issues. For example, a
parameter error is detected by the switch, where port 24 is
entered for a switch that supports only 16 ports.
Root> config port name 24 "Port 24"
Error 218: Invalid Port Number
In either case, the command is ignored. The CLI remains at the point
it was before the command was entered.
The error messages, including error number and error, are listed in
Appendix A, Error Messages.
1-18
Enterprise Operating System Command Line Interface User Manual
Using the Command Line Interface Help
The question mark (?) can be used within a command to obtain
certain information:
•If the question mark is used in place of a command keyword, all
the keywords at that level of the CLI command tree display.
Root> config system ?
Command identified
contact - Set the system contact attribute
date - Set the system date and time
description - Set the system description attribute
location - Set the system location attribute
name - Set the system name attribute
show - Display the system configuration
•If the question mark is used at the end of a recognized command,
any parameters for that command display.
Root> config port name ?
- name <portNumber> <portName>
Using the Command Line Interface Help
1
•If the question mark is used after one or more characters of a
keyword, any keywords at that level of the CLI command tree
display.
Root> config s?
security snmp switch system
Introduction
1-19
Commenting Scripts
1
Commenting Scripts
The pound sign (#) can be used to add comments in a script file. The
pound sign must be the first character in the line; the CLI ignores
everything after the pound sign in that line. The following lines are
valid:
Root> #Change port 3 to an E_Port<CR>
Root> config port<CR>
config.port> ##################<CR>
config.port> ## Begin Script ##<CR>
config.port> ##################<CR>
The pound sign cannot be used after any other characters (a
command, for example) to start a comment. The following is an
invalid script line:
Root> maint system beacon true # Turn on beaconing<CR>
To correct the previous script line, move the comment either before or
after the line with the command. For example, the following
examples are both valid:
Root> # Turn on beaconing<CR>
Root> maint system beacon true<CR>
Root> maint system beacon true<CR>
Root> # Turn on beaconing<CR>
ATTENTION! Comments of over 200 characters in length may cause
unpredictable system behavior. Limit comments to 200 characters per line.
1-20
Enterprise Operating System Command Line Interface User Manual
ED-5000 Director
ED-5000 Director
1
A subset of the CLI commands described in this publication are
available on the ED-5000 Director™. The globally available
commands (login, logout, and commaDelim) are described
previously in this chapter. The following config, maint, and show
commands are described in Chapter 2,CLI Commands.
Table 1-3CLI Command Tree for the ED-5000 Director
show
maint --------------------- system ------------------resetConfig
show --------------------- ip -------------------------- ethernet
port ----------------------- config
info
status
switch
system
zoning
Introduction
1-21
Telnet Session
1
Telnet Session
The CLI can be accessed through a Telnet client session in an
out-of-band management environment, using the Ethernet port in the
director or switch. It can also be accessed using Secure Shell (SSH).
Although the primary use of the CLI is in host-based scripting
environments, the CLI commands can also be entered directly at a
command line. Any hardware platform that supports the Telnet client
software can be used.
NOTE: You can use the Configure option in the GUI-based or web-based
interfaces to enable/disable Telnet access. Telnet access is enabled by default.
Any changes to the enabled state of the Telnet server are retained through
system restarts and power cycles.
Ethernet
Connection Loss
If the Ethernet cable is disconnected from the director or switch
during a Telnet session, one of three scenarios is possible:
•Replace the Ethernet cable before the client connection times out,
and the Telnet session will continue.
•Wait 15 minutes until the client connection times out; then replace
the Ethernet cable and restart the connection.
•If the client connection has already timed out, replace the
Ethernet cable. Open a GUI-based or web-based interface
SAN-management window. Toggle the enabled state of the CLI,
thereby clearing the client connection. Restart the client
connection.
Once the client connection is reestablished, verify your
configuration’s completeness and accuracy.
1-22
Enterprise Operating System Command Line Interface User Manual
Backup and Restoration
A standalone Configuration Backup and Restore (CBR) utility is
available for customers that do not use EFCM for backing up and
restoring user configuration data. You can use this utility to backup
and restore configuration data from all switch and director products
running E/OS versions 4.0 and higher. The CBR utility is available for
no charge in the Technical Documents section of the McDATA
website at www.mcdata.com or by contacting your sales
representative or service provider
The procedures for system backup and restoration are documented in
the Configuration Backup and Restore Utility Installation and User Guide
(958-000370), which is also available at www.mcdata.com.
Backup and Restoration
1
Introduction
1-23
Backup and Restoration
1
1-24
Enterprise Operating System Command Line Interface User Manual
2
CLI Commands
This chapter describes the Command Line Interface (CLI) commands,
including their syntax, purpose, and parameters, as well as examples
of their usage and any output that they generate.
Most of the commands in this chapter are listed in alphabetical order
to make them easy to locate. Although the commands can be entered
in any order, depending on the results desired (so long as the tree
structure is followed), the order used herein for the zoning
commands follows a typical order of entry. The various show
commands are usually entered at the end of a group of other
commands to verify configuration changes.
New and Changed Commands
The following CLI commands are new for this edition of the
Enterprise Operating System Command Line Interface User Manual:
•config.fencing.addPolicy on page 2-10
•config.fencing.addPort on page 2-10
•config.fencing.deletePolicy on page 2-11
•config.fencing.removePort on page 2-12
•config.fencing.setParams on page 2-12
•config.fencing.setState on page 2-14
•config.fencing.show on page 2-14
•config.fencing.showTypeTable on page 2-16
•config.ficonCUPZoning.addControlHost on page 2-16
•config.ficonCUPZoning.deleteControlHost on page 2-17
•config.ficonCUPZoning.setState on page 2-17
•config.ficonCUPZoning.show on page 2-18
•config.ficonMS.setMIHPTO on page 2-18
•config.ficonMS.show on page 2-20
•config.ip.lineSpeed on page 2-21
•config.NPIV.maxPortIDs on page 2-22
•config.NPIV.maxPortIDs on page 2-22
2-2
Enterprise Operating System Command Line Interface User Manual
•config.NPIV.setState on page 2-23
New and Changed Commands
•config.NPIV.show on page 2-23
•config.port.rxCredits on page 2-26
•config.port.show on page 2-27
•config.port.showPortAddr on page 2-28
•config.port.swapPortByAddr on page 2-30
•config.port.swapPortByNum on page 2-30
•config.security.authentication.interface api.outgoing on page 2-33
•config.security.authentication.interface.api.sequence on page 2-33
•config.security.authentication.interface.cli.sequence on page 2-34
•config.security.authentication.interface.eport.outgoing on page 2-34
•config.security.authentication.interface.eport.sequence on page 2-35
•config.security.authentication.interface.nport.outgoing on page 2-36
•config.security.authentication.interface.nport.sequence on page 2-36
2
•config.security.authentication.interface.osms.setKey on page 2-38
•config.security.authentication.interface.osms.outgoing on page 2-37
•config.security.authentication.interface.serial.enhancedAuth on
page 2-38
•config.security.authentication.interface.show on page 2-39
•config.security.authentication.interface.web.sequence on page 2-39
•config.security.authentication.port.override on page 2-40
•config.security.authentication.port.show on page 2-41
•config.security.authentication.RADIUS.deadtime on page 2-42
•config.security.authentication.RADIUS.deleteServer on page 2-43
•config.security.authentication.RADIUS.attempts on page 2-42
•config.security.authentication.RADIUS.server on page 2-43
•config.security.authentication.RADIUS.show on page 2-44
•config.security.authentication.RADIUS.timeout on page 2-45
•config.security.authentication.switch.setSecret on page 2-45
•config.security.authentication.user on page 2-46
CLI Commands
2-3
New and Changed Commands
2
•config.security.authentication.user.add on page 2-46
•config.security.authentication.user.delete on page 2-47
•config.security.authentication.user.modify on page 2-48
•config.security.authentication.user.role on page 2-49
•config.security.authentication.user.show on page 2-50
•config.security.switchAcl.addRange on page 2-62
•config.security.switchAcl.deleteRange on page 2-63
•config.security.switchAcl.setState on page 2-63
•config.security.switchAcl.show on page 2-64
•config.security.ssh.resetKeys on page 2-61
•config.security.ssh.setState on page 2-61
•config.security.ssh.show on page 2-61
•config.switch.zoneFlexPars on page 2-80
•perf.thresholdAlerts.show on page 2-127
•show.auditLog on page 2-139
•show.epFrameLog.config on page 2-140
•show.epFrameLog.filterClassFFrames on page 2-140
•show.epFrameLog.noWrap on page 2-142
•show.epFrameLog.wrap on page 2-143
•show.fabric.principal on page 2-148
•show.fabric.topology on page 2-149
•show.fabricLog.noWrap on page 2-145
•show.fabricLog.wrap on page 2-146
•show.fencing.policies on page 2-150
•show.ficonCUPZoning on page 2-152
•show.ficonMS on page 2-152
•show.NPIV.config on page 2-159
•show.openSysMS.config on page 2-160
2-4
Enterprise Operating System Command Line Interface User Manual
•show.port.opticEDD on page 2-169
config
config
2
•show.port.opticInfo on page 2-170
•show.port.profile on page 2-171
•show.port.showPortAddr on page 2-173
•show.security.log on page 2-181
•show.security.switchAcl on page 2-183
The config branch of the CLI command tree contains commands that
set parameter values on the switch or director. These values are not
temporary (session) values, but are retained across power cycles.
The commands in the config branch can only be accessed by a user
with administrator level user rights.
CLI commands are activated on the switch immediately, except as
noted.
In general, the config naming commands (except for the
config.zoning commands) use the USASCII character set. All of the
characters in this 128-character set (the first 7-bit subset of the
ISO-8859-1 Latin-1 character set) are valid. Any exceptions are noted
in the specific command descriptions.
config.enterpriseFabMode.setState
SyntaxsetState enterpriseFabModeState
PurposeThis command sets the Enterprise Fabric Mode state for the fabric.
The SANtegrity™ feature key must be installed to activate the
Enterprise Fabric Mode state.
NOTE: The command config.features.enterpriseFabMode on page 2-6 has
functionality that is identical to this command.
ParametersThis command has one parameter.
enterpriseFabModeStateSpecifies whether enterpriseFabMode is
active. Valid values are activate and
deactivate. Boolean 1 and 0 may be
substituted as values.
NOTE: You cannot activate Enterprise Fabric Mode while Open Trunking is
enabled.
config.features.enterpriseFabMode
SyntaxenterpriseFabMode enterpriseFabModeState
PurposeThis command sets the Enterprise Fabric Mode state for the fabric.
The SANtegrity™ feature key must be installed to activate the
Enterprise Fabric Mode state.
ParametersThis command has one parameter.
enterpriseFabModeStateSpecifies whether enterpriseFabMode is
active. Valid values are activate and
deactivate. Boolean 1 and 0 may be
substituted as values.
Command Example
config.features.ficonMS
SyntaxficonMS ficonMSState
PurposeThis command sets the enabled state of the FICON Management
Root> config features enterpriseFabMode 1
NOTE: The command config.enterpriseFabMode.setState on page 2-5 has
functionality that is identical to this command.
Server. The FICON Management Server feature key must be installed
in order to enable the FICON Management Server State. (The
Sphereon 4300 and Sphereon 4500 switches do not accept this
command.)
NOTE: This command is displayed on a Sphereon 3016 and 3216 only if
the feature key is installed.
2-6
Enterprise Operating System Command Line Interface User Manual
NOTE: If the FICON Management Server is enabled, the default
management style is the FICON Management Style. The Open Systems
Management Style cannot be used.
ParametersThis command has one parameter.
ficonMSStateSpecifies whether the FICON Management
Server is enabled. Valid values are enable and
disable. Boolean 1 and 0 may be substituted as
values.
config
2
Command Example
config.features.installKey
SyntaxinstallKey featureKey
PurposeThis command allows the user to install a feature set that is enabled
ParametersThis command has one parameter.
Root> config features ficonMS 1
NOTE: The command config.ficonMS.setState on page 2-19 has functionality
that is identical to this command.
by the provided feature key. The switch can be either offline or online
when this command is executed.
NOTE: If any currently installed features are being removed by the new
feature key, the switch must be offline when the command is given.
featureKeySpecifies the key you have received to enable
optional software feature on a specific product.
A feature key is a string of case-sensitive,
alphanumeric ASCII characters.
The number of characters may vary in the
format; however, the key must be entered
exactly, including the hyphens. An example of a
feature key format is XxXx-XXxX-xxXX-xX.
Command Example
Root> config features installKey AaBb-CCdD-eeFF-gH
CLI Commands
2-7
config
2
config.features.NPIV
SyntaxsetState NPIVState
PurposeThis command sets the enabled state of the NPIV feature. The NPIV
feature key must be installed in order to enable this feature.
ParametersThis command has one parameter.
NPIVStateValid values are enable and disable. Boolean 1 and
0 may be substituted as values.
Command Example
Root> config features NPIV enable
NOTE: The command config.NPIV.setState on page 2-23 has functionality that
is identical to this command.
config.features.openSysMS
SyntaxopenSysMS openSysMSState
PurposeThis command sets the enabled state of the Open Systems
Management Server (OSMS). OSMS is a feature that allows host
control and inband management of the director or switch through a
management application that resides on an open-systems
interconnection (OSI) device.
ParametersThis command has one parameter.
osmsStateSpecifies whether the Open Systems
Management Server is enabled. Valid values are
enable and disable. Boolean 1 and 0 may be
substituted as values.
Command Example
config.features.openTrunking
SyntaxopenTrunking openTrunkingState
2-8
Enterprise Operating System Command Line Interface User Manual
Root> config features openSysMS 1
NOTE: The command config.openSysMS.setState on page 2-24 has
functionality that is identical to this command.
PurposeThis command sets the enabled state of the OpenTrunking feature.
The OpenTrunking feature key must be installed in order to enable
open trunking.
ParametersThis command has one parameter.
openTrunkingStateThis parameter can be set to enable or disable
the OpenTrunking feature. Boolean 1 and 0
may be substituted as values.
config
2
Command Example
config.features.show
Syntaxshow
PurposeThis command shows the product feature information configured for
ParametersThis command has no parameters.
Command Example
OutputThe product feature data is displayed as a table that includes the
Root> config features openTrunking 1
NOTE: The command perf.openTrunking.setState on page 2-107 has
functionality that is identical to this command.
this switch.
Root> config features show
following properties.
Installed Feature
Set
The feature set installed using a feature key.
Only installed keys are displayed.
FeatureIndividual features within each set. In many
StateThe state of the individual feature. Fabric-wide
cases, there is only one feature within each
feature set.
features are displayed as Active/Inactive.
Features related to the switch are displayed as
Enabled/Disabled.
CLI Commands
2-9
config
2
Output ExampleThe output from the config.features.show command displays as
NOTE: The command show.features on page 2-150.has functionality that is
identical to this command.
config.fencing.addPolicy
SyntaxaddPolicy name
PurposeThis command configures a new fencing policy and assigns it a name.
The new policy is assigned default settings, which must be changed
before the policy is activated.
ParametersThis command has one parameter.
Command Example
config.fencing.addPort
SyntaxaddPort name portNumber
PurposeThis command adds a port to the specified fencing policy.
See config.fencing.setParams on page 2-12 for default settings.
nameSpecifies the name of the new fencing
policy. This name can consist of any
printable USASCII characters up to a
maximum length of 63 characters. This
name is case-sensitive.
Root> config fencing addPolicy Policy2
NOTE: The maximum number of policies supported is 14.
2-10
Enterprise Operating System Command Line Interface User Manual
ParametersThis command has two parameters.
nameThe name of the fencing policy.
portNumberThe new port number to add to the
fencing policy, or all, which will add all of
the individual ports to the fencing policy.
Valid values for the port number are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
NOTE: A range of ports is not accepted as a valid input to this command
(e.g., “0-29” is not acceptable).
config
2
The port values can also be substituted with one of the following
keywords that will remove all the ports from the alert, and then use a
specific type of port instead of individual port numbers.
Valid values are:
•eport - This will add all active E ports
NOTE: A fencing policy is not allowed to contain both port types and
individual ports.
Command ExampleRoot> config fencing addPort 24
Root> config fencing addPort eport
config.fencing.deletePolicy
SyntaxdeletePolicy name
PurposeThis command deletes a specified fencing policy. Only disabled
fencing policies can be deleted.
CLI Commands
2-11
config
2
ParametersThis command has one parameter.
nameThe name of the fencing policy. You can
also enter all for this argument. This will
delete all of the configured fencing
policies.
Command Example
Root> config fencing deletePolicy Policy1
config.fencing.removePort
SyntaxremovePort name portNumber
PurposeThis command removes a port from the specified fencing policy.
ParametersThis command has two parameters.
nameThe name of the fencing policy.
portNumberThe new port number to remove from the
fencing policy, or all, which will remove
all of the individual ports from the
fencing policy.
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
Command Example
config.fencing.setParams
SyntaxsetParams name typeNumber limit period
PurposeThis command sets the type, limit and period values for a specified
2-12
Enterprise Operating System Command Line Interface User Manual
Root> config fencing removePort 24
fencing policy.
ParametersThis command has four parameters.
nameThe name of the fencing policy.
typeNumberThis must be entered as a number that
corresponds to an entry in the table
shown below.
limitThe count of fencing violations that must
occur within the specified period in order
for a port to be automatically disabled.
Acceptable values are in the range of
1-255.
You may also enter default for this
argument, which will set the default limit
value for this fencing policy type.
periodThe number of seconds in which the
violation count must equal or exceed the
threshold limit in order for a port to be
fenced.
config
2
You may also enter default for this
argument, which will set the default
period for this fencing policy type.
NOTE: The interval value is a fixed length amount of time. This interval is
not a rolling window interval.
Type
Number
Policy Type
Default Limit
Value
Default Period Value
1Protocol Errors 5300 seconds
Type
NumberPolicy TypeLimit Value RangePeriod Value Range
1Protocol Errors 1 - 25560 - 1800 seconds
CLI Commands
2-13
config
2
Command ExampleThe meaning for each of these inputs can best be described using the
following example sentence:
If ports 0,1, or 2 have more than 5 protocol errors on a single port
within a period of 30 minutes, disable the offending port.
Where:
Port list= 0, 1, 2
Fencing Type= Protocol Errors
Limit= 5
Period= 1800 seconds
config.fencing.setState
SyntaxsetState name enabledState
PurposeThis command sets the enabled state of the specified fencing policy. A
ParametersThis command has two parameters.
Command Example
config.fencing.show
Syntaxshow [name]
PurposeThis command displays the settings for fencing policies.
policy cannot be activated if it contains ports that are already
controlled by a different fencing policy of the same type.
nameThe name of the fencing policy.
enabledStateSets the fencing policy enabled state.
Valid values are enable and disable.
Boolean 1 and 0 values may also be
substituted.
Root> config fencing setState enable
2-14
Enterprise Operating System Command Line Interface User Manual
ParametersThis command has one optional parameter.
nameThe name of the fencing policy.
When no parameters are specified, the command will display the
name, type, and state of all policies. If you use the optional
parameter, it will display all the information about the policy.
NOTE: When the name parameter isn't supplied, then only 50 characters of
the names of the policies will be displayed. You will have to enable Comma
Delimited Mode to view the full name.
Command ExampleRoot> config fencing show
Root> config fencing show Policy_1
OutputIf you do not specify the name parameter, then the output shows the
following information.
config
2
NameThe name of the policy. This will be
concatenated to 50 characters in the
summary display. The policy full name
will be shown in comma delim mode.
PortsThe ports to which the fencing policy will
be applied
TypeThe type of the fencing policy.
LimitThe number of offenses that are allowed
before a port is disabled.
PeriodThe amount of time that limit of number
of offenses must exceed before a port is
fenced.
StateThe enabled state of the fencing policy.
Output ExampleThe output from the config.fencing.show command displays as
PurposeThis command removes one or all control hosts from the Control
Host List used to determine the FICON host(s) capable of viewing all
ports. This list overrides the FCZ port visibility mask.
ParametersThis command has one parameter:
hostNodeWwnThe node WWN of the desired control
host, entered in colon-delimited notation
(e.g., 01:02:03:04:05:06:07:08). You can also
enter all to remove the entire list, if no
attached hosts have supervisory
privileges.
config
2
Command Example
Root> config ficonCUPZoning deleteControlHost all
config.ficonCUPZoning.setState
SyntaxsetState ficonCUPZoningState
PurposeThis command sets the enabled state of FICON CUP Zoning. The
FICON Management Server feature key must be installed in order to
enable the FICON CUP Zoning State. (The Sphereon 4300 and
Sphereon 4500 switches do not accept this command.)
NOTE: If the FICON Management Server is enabled, the default
management style is the FICON Management Style. The Open Systems
Management Style cannot be used.
ParametersThis command has one parameter.
ficonCUPZoningStateSpecifies whether the FICON Management
Server is enabled. Valid values are enable
and disable. Boolean 1 and 0 may be
substituted as values.
PurposeThis command sets the enabled state of the FICON Management
ParametersThis command has one parameter.
Root> config ficonms setMIHPTO 180
Server. The FICON Management Server feature key must be installed
in order to enable the FICON Management Server State. (The
Sphereon 4300 and Sphereon 4500 switches do not accept this
command.)
NOTE: This command is displayed on a Sphereon 3016 only if the feature
key is installed.
NOTE: If the FICON Management Server is enabled, the default
management style is the FICON Management Style. The Open Systems
Management Style cannot be used.
ficonMSStateSpecifies whether the FICON Management
Command Example
Root> config ficonMS setState 1
NOTE: The command config.features.ficonMS on page 2-6 has functionality
that is identical to this command.
Server is enabled. Valid values are enable and
disable. Boolean 1 and 0 may be substituted as
values.
CLI Commands
2-19
config
2
config.ficonMS.show
Syntaxshow
PurposeThis command shows the Ficon MS settings
ParametersThis command has no parameters.
Command Example
Output The data is displayed as a table that includes the following
Output ExampleThe output from the config ficonMS show command displays as
PurposeThis command sets the Ethernet network settings.
Root> config ficonMS show
information:
Ficon MS StateThe state of the FICON MS feature.
Ficon MIHPTOThe FICON MIHPTO value in seconds.
follows:
Ficon MS State: Disabled
Ficon MIHPTO (seconds): 180
ATTENTION! The Telnet connection can be lost when these Ethernet
network settings are changed.
2-20
Enterprise Operating System Command Line Interface User Manual
NOTE: If the IP address is reconfigured, your Telnet client must be
reconnected to the new IP address. A new login will be requested.
ParametersThis command has three parameters.
ipAddressSpecifies the new IP address for the director or
switch. The address must be entered in dotted
decimal format (for example, 10.0.0.0).
gatewayAddressSpecifies the new gateway address for the
Ethernet interface. The address must be entered
in dotted decimal format (for example, 0.0.0.0).
subnetMaskSpecifies the new subnet mask for the Ethernet
interface. The address must be entered in dotted
decimal format (for example, 255.0.0.0).
config
2
Command Example
config.ip.lineSpeed
SynopsislineSpeed speed duplex
PurposeThis command sets the Ethernet line speed
ParametersThis command has two parameters. One of the parameters is optional
Command Example
Root> config ip ethernet 10.0.0.0 0.0.0.0 255.0.0.0
depending on the combination.
speedThe line speed. Options are auto, 10, or
100. If auto is entered then the optional
duplex should not be entered.
duplexThe duplex mode for the connection.
Options are full or half.
Root> config ip lineSpeed 10 half
config.ip.show
Syntaxshow
PurposeThis command shows the LAN configuration.
ParametersThis command has no parameters.
Command Example
Root> config ip show
CLI Commands
2-21
config
2
OutputThe LAN configuration data is displayed as a table that includes the
following properties.
IP AddressThe IP address.
Output ExampleThe output from the config.ip.show command displays as follows.
config.NPIV.maxPortIDs
SyntaxmaxPortIDs portNumber maxIDs
PurposeThis command configures the maximum number of NPIV logins that
Parameters This command has two parameters.
Gateway
The gateway address.
Address
Subnet MaskThe subnet mask.
IP Address: 10.0.0.0
Gateway Address: 0.0.0.0
Subnet Mask: 255.0.0.0
are allowed on the specified port.
portNumberSpecifies the port number. Valid values
are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
all - applies the maxIDs parameter value
to every port on the product
Command ExampleRoot> config NPIV maxPortIDs 128
2-22
Enterprise Operating System Command Line Interface User Manual
maxIDsSpecifies the maximum number of NPIV
logins allowed on the specified port.Valid
values are in the range 1-256.
Root> config NPIV portNumber 60
config.NPIV.setState
SyntaxsetState NPIVEnabledState
PurposeThis command sets enabled state of the NPIV feature. The NPIV
ParametersThis command has one parameter.
config
2
feature key must be installed in order to enable this feature.
NPIVEnabledStateThis parameter can be set to enable or disable.
Boolean 1 and 0 values may also be
substituted.
Command Example
config.NPIV.show
Syntaxshow
PurposeThis command displays the current NPIV configuration for all ports.
Parameters This command has no parameters.
Command Example
Output This command displays the following NPIV configuration data:
Root> config NPIV setState enable
Root> config NPIV show
NPIV stateThe current enabled/disabled state of the NPIV
feature.
Max Allowed NPIV Login Table. A table mapping each port
number on the switch to a corresponding max
number of NPIV logins setting.
Output Example The output from the config.NPIV.show command displays as follows:
NPIV state: Enabled
PortMax Allowed NPIV Logins
---------------------------
110
210
310
40
50
CLI Commands
2-23
config
2
6130
...
NOTE: The command show.NPIV.config on page 2-159 has functionality that
is the same as this command.
config.openSysMS.setHostCtrlState
SyntaxsetHostCtrlState HostContrlState
PurposeThis command sets the enabled state of the Open Systems
Management Server Host Control.
ParametersThis command has one parameter:
HostContrlStateThis parameter can be set to enable or
disable. Boolean 1 and 0 values may also
be substituted.
Command Example
Root> config openSysMS setHostCtrlState enable
config.openSysMS.setState
SyntaxsetState osmsState
PurposeThis command sets the enabled state of the Open Systems
Management Server (OSMS). OSMS is a feature that allows host
control and inband management of the director or switch through a
management application that resides on an open-systems
interconnection (OSI) device.
ParametersThis command has one parameter.
osmsStateSpecifies whether the Open Systems
Command Example
Root> config openSysMS setState 1
Management Server is enabled. Valid values are
enable and disable. Boolean 1 and 0 may be
substituted as values.
2-24
Enterprise Operating System Command Line Interface User Manual
config.port.blocked
Syntaxblocked portNumber blockedState
PurposeThis command sets the blocked state for a port.
ParametersThis command has two required parameters.
config
2
NOTE: The command config.features.openSysMS on page 2-8 has functionality
that is identical to this command.
portNumberSpecifies the port number. Valid values are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
Command Examples
config.port.fan
Syntaxfan portNumber fanOn
PurposeThis command sets the fabric address notification (FAN) state for a
blockedStateSpecifies the blocked state for the port. Valid
values are true and false. Boolean 1 and 0 may be
substituted as values.
Root> config port blocked 4 false
Root> config port blocked 4 0
port (Sphereon 4300 and Sphereon 4500 switches only). This
configuration can be applied to any port regardless of its current
configuration. The FAN value is applied at the time the port is
configured and operated in a loop.
CLI Commands
2-25
config
2
ParametersThis command has two required parameters.
portNumberSpecifies the port number. Valid values are:
0–23 for the Sphereon 4500
fanOnSpecifies the FAN state for the port. Valid values
are true and false. Boolean 1 and 0 may be
substituted as values.
Command Example
config.port.name
Syntaxname portNumber portName
PurposeThis command sets the name for a port.
ParametersThis command has two required parameters.
Root> config port fan 4 1
portNumberSpecifies the port number. Valid values are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
portNameSpecifies the name for the port. The port name
must not exceed 24 characters in length.
Command Example
config.port.rxCredits
SyntaxrxCredits portNumber numRxCredits
PurposeThis command is used to set the number of initial BB Credits for a
2-26
Enterprise Operating System Command Line Interface User Manual
Root> config port name 4 Sam’s tape drive
given port. The number of credits assigned must fall between the
minimum and maximum allowed values for the port.
ParametersThis command has two required parameters:
portNumberSpecifies the port number. Valid values
are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
numBBCreditsSpecifies the number of Rx BB Credits to
assign the specified port.
For the Sphereon 4300 and Sphereon 4500
the RxCredits per port must be between 2
and 12. The total number of Rx Credits
assigned across all ports must not exceed
the maximum pool size of 150.
For the Intrepid family, the RxCredits per
FPM/UPM port must be between 1 and
60. The RxCredits per XPM port must be
between 4 and 400. There is no pool
limitation.
config
2
Command Example
config.port.show
Syntaxshow portNumber
Purpose This command displays the current configuration for the specified
ParametersThis command has one parameter.
Root> config port rxCredits 8 40
port.
portNumberSpecifies the port number. Valid values are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
CLI Commands
2-27
config
2
Command ExampleRoot> config port show 4
OutputThis command displays as a table that includes the following
properties.
Port NumberThe port number.
NameThe configured port name.
BlockedThe blocked state. Valid values are true and false.
values are true and false. (Sphereon 4300 and
Sphereon 4500 switches only.)
TypeThe port type. Valid values are:
•F Port
•E Port
•G Port
• Fx Port (Sphereon 4300 and Sphereon 4500 only)
• Gx Port (Sphereon 4300 and Sphereon 4500 only)
Output ExampleThe output from the config.port.show command displays as follows.
Port Number:4
Name:Sam’s tape drive
Blocked:false
Type:F Port
Speed:2 Gb/sec
Rx BB Credits:12
config.port.showPortAddr
SyntaxshowPortAddr
PurposeThis command displays the port address configuration for all ports.
NOTE: The command show.port.showPortAddr on page 2-173 has functionality
that is the same as this command.
SpeedThe port speed. Valid values are 1 Gb/sec, 2 Gb/sec,
and Negotiate.
Rx BB CreditsThe number of configured Rx BB Credits.
2-28
Enterprise Operating System Command Line Interface User Manual
ParametersThis command has no parameters.
config
2
Command Example
OutputThe port configuration is shown as a table of properties. The
Output Example
Root> config port showPortAddr
following properties are displayed:
PortThe port number
Original AddrThe original port address of the port
Current AddrThe current port address of the port
Swapped Port NumIf the port is swapped with another port,
it will show the port number of the port it
is swapped with.
PortOriginal AddrCurrent Addr SwappedPort Num
----------------------------- ----------------
044
155
2673
3762
488
599
6aa
7bb
8cc
...
config.port.speed
Syntaxspeed portNumber portSpeed
PurposeThis command sets the speed for a port. A port can be configured to
operate at 1 Gb/sec, 2 Gb/sec, or a negotiated speed. The port speed
can be set only to 1 Gb/sec if the switch speed is 1 Gb/sec. An
attempt to set the port speed to 2 Gb/sec or to negotiate in a switch
with a 1 Gb/sec switch speed results in an error message.
If the port speed is set to negotiate, the port and the device to which it
is attached negotiate the data speed setting to either 1 Gb/sec or 2
Gb/sec.
CLI Commands
2-29
config
2
ATTENTION! Port speed changes temporarily disrupt port data transfers.
ParametersThis command has two required parameters.
portNumberSpecifies the port number. Valid values are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
portSpeedSpecifies the speed of the port. Valid values are
1g, 2g, and negotiate.
Command Examples
Root> config port speed 4 2g
Root> config port speed 6 negotiate
config.port.swapPortByAddr
SyntaxswapPortByAddr portAddr1 portAddr2
PurposeThis command will swap two ports given the port addresses. The
ports must be offline to perform this operation.
ParametersThis command has two required parameters:
portAddr1Port address, in hexidecimal format, of
portAddr2Port address, in hexidecimal format, of
Command Example
Root> config port swapPortByAddr 1e 1f
the desired port to be swapped
the desired port to be swapped
config.port.swapPortByNum
SyntaxswapPortByNum portNum1 portNum2
2-30
Enterprise Operating System Command Line Interface User Manual
PurposeThis command will swap two ports given the port numbers. The
ports must be offline to perform this operation.
ParametersThis command has two required parameters:
portNum1Port number, in hexidecimal format, of
the desired port to be swapped
portNum2Port number, in hexidecimal format, of
the desired port to be swapped
config
2
Command Example
config.port.type
Syntaxtype portNumber portType
PurposeThis command sets the allowed type for a port.
Root> config port swapPortByAddr 1e 1f
A port can be configured as an F_Port, an E_Port, or a G_Port. On a
Sphereon 4300 or Sphereon 4500, a port can also be an Fx_port or
Gx_port.
NOTE: On the Sphereon 4300 Switch, the E_Port, G_Port, and GX_Port
options are not valid, unless the Fabric Capable feature is enabled. For more
information, see the McDATA Sphereon 4300 Switch Installation and Service Manual (620-000171).
The port configurations function as follows:
•F_Port—cannot be used as an interswitch link, but may attach to a
device with an N_Port.
•E_Port—only other switches may attach to this type of port.
•G_Port—either a device or another switch may attach to this type
•Fx_Port — allows Arbitrated Loop operation in addition to the
•Gx_Port—allows Arbitrated Loop operation in addition to the
of port.
functionality of an F_Port. (Sphereon 4300 and Sphereon 4500
only.)
functionality of an F_Port or an E_Port. (Sphereon 4300 and
Sphereon 4500 only.)
CLI Commands
2-31
config
2
ParametersThis command has two required parameters.
portNumberSpecifies the port number. Valid values are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
portTypeSpecifies the type of the port. Valid values for the
port type are:
eport
fport
gport
fxport (Sphereon 4300 and Sphereon 4500 only)
gxport (Sphereon 4300 and Sphereon 4500 only)
Command ExampleRoot> config port type 4 fport
config.security
The security command on the configuration branch enters the
security configuration branch. All commands under this branch
operate on a particular security attribute.
Some security configuration commands (namely those under the
fabricBinding branch) are different from other CLI commands in that
they are not single action commands that take effect immediately.
These commands implement a rudimentary membership list editor.
A user works on a temporary copy of a membership list in the editor
and can perform actions such as adding or deleting fabric members.
The edited copy can then be activated to the fabric. It should be noted
that not all verification of membership lists can be made in the
pending copy. Therefore, it is possible that a user will build up a
pending membership list definition without errors, but will
encounter errors when saving to the fabric. It should also be noted
that the state of the pending configuration must be set to 'restrict' in
order to make any changes to the (pending) fabric membership list.
2-32
Enterprise Operating System Command Line Interface User Manual
PurposeThis command sets the FCCT key that is associated to the single
OSMS username. This username is a static entry in the local
authentication database. This user is not viewable. This command
effectively sets the key that will be used in all OSMS authenticated
requests. This entry in the user database is only used for the OSMS
interface, and cannot be changed.
After issuing this command, you are directed to a password prompt
where the actual 16-byte key is entered. After entering the new secret,
it must be confirmed in the following prompt. After confirmation,
you will be returned to the initial prompt that the command was
executed from. No characters will be echoed back to the screen when
entering a password, or when confirming a password.
NOTE: The SANtegrity Authentication feature key must be installed to
configure the FCCT key.
ParametersThis command has no required parameters.
PurposeThis command sets the enhanced serial authentication state.
Enhanced Serial Authentication will require a user to enter a
password when gaining access to the serial port interface.
ParametersThis command has one parameter:
enhancedAuthStateThis parameter enables and disables
enhanced authentication on the serial
port interface. Accepted values for this
parameter are enable or disable. Boolean 1
and 0 values may also be substituted.
2-38
Enterprise Operating System Command Line Interface User Manual
Command ExampleRoot> config security authentication serial enhancedAuth
enable
config.security.authentication.interface.show
Syntaxshow interface
PurposeThis command displays the settings in the local authentication
database for a single interface.
NOTE: The SANtegrity Authentication feature key must be installed to view
the eport and nport information, and the OSMS information.
ParametersThis command has one parameter.
interfaceThe interface that will be displayed. Valid
values for this parameter are:
cli
web
osms
api
serial
eport
nport.
config
2
Command Example
Root> config security authentication interface show Web
Output ExampleThe output for the config.security.authentication.interface.show
command displays as follows:
Interface: Web
Outgoing: N/A
Incoming: N/A
Sequence: Local, RADIUS
PurposeThis command sets the outgoing override state for a single port. This
setting allows you to override the default outgoing authentication
state for either the E_port or N_port interface. The default setting will
cause the port to use the outgoing state configure for the
corresponding interface (either E_port or N_port).
NOTE: This command requires that the SANtegrity Authentication feature
key be installed.
2-40
Enterprise Operating System Command Line Interface User Manual
ParametersThis command has one required parameter, and one optional
parameter:
portNumberSpecifies the port number. Valid values
are:
0–11 for the Sphereon 4300
0–15 for the Sphereon 3016 and 3216
0–23 for the Sphereon 4500
0–31 for the Sphereon 3032 and 3232
0–63 for the Intrepid 6064
0–127 and 132–143 for the Intrepid 6140
overrideStateThis parameter sets the outgoing
authentication state for the specified port.
Valid values are enable, disable, or default.
Boolean 1 and 0 values may also be
substituted.
config
2
Command Example
Root> config security authentication port override 138
enable
config.security.authentication.port.show
Syntaxshow
PurposeThis command displays a table displaying the outgoing override
state for each port.
ParametersThis command has no parameters.
Command Example
OutputThis command displays all valid user names in the local database for
PurposeThis command configures the number of attempts a packet will be
sent to a RADIUS server if a response is not received before the
timeout. After the transmit attempt limit is reached, the switch will, if
applicable, move on to the next defined RADIUS server. The default
is 3 attempts.
ParametersThis command has two required parameters:
PurposeThis command configures the number of minutes a RADIUS server is
marked as “dead”. If a RADIUS server does not respond to an
authentication request, it can be marked as “dead” for a specified
time interval. This may speed up authentication by eliminating
timeouts and retransmissions. If no alternate RADIUS servers are
available (when only one server is configured or when all are marked
dead), then the deadtime is ignored. Deadtime may be 0 to 1440
minutes. The default is 0.
2-42
Enterprise Operating System Command Line Interface User Manual
ParametersThis command has one required parameter:
minutesThe number of minutes a RADIUS server
is marked “dead” before it is contacted
again. Valid values are between 0 and
PurposeThis command removes a RADIUS server from the RADIUS server
list. If you delete a server, and there are servers configured in higher
numbered slots, these servers will be automatically moved up to the
first available slots.
ParametersThis command has one required parameter.
PurposeThis command adds or modifies one RADIUS server, at a given
index, that will be used for authentication. Servers are queried in the
order listed, so the primary server must be the first one in the list.
There are three slots available for RADIUS servers. Servers will be
added into the list by the index value. The range is 1 to 3. If a server is
added and there is an empty slot before that server, it will be shifted
up to the empty slot. The IP:port is the IP address and the UDP port
on the RADIUS server.
NOTE: If you want to configure a RADIUS server without a key, you must
specify the key as "". The set of double quotes is an empty string in the CLI.
CLI Commands
2-43
config
2
ParametersThis command has one required parameter, and two optional
parameters:
indexIndex of the RADIUS server (1-3) to
add/modify.
IPIP address of the server.
portThe UDP port number.
Command Example
Root> config security authentication RADIUS server 3
14.2.114.183:6
config.security.authentication.RADIUS.show
Syntaxshow
PurposeThis command displays the current RADIUS server configuration.
ParametersThis command has no parameters.
Command Example
OutputThis command displays all three configured RADIUS servers.
Root> config security authentication RADIUS show
DeadtimeThe amount of time a server is marked as
“dead”.
ServerThe IP address and UDP port of the
configured RADIUS server.
AttemptsThe number of transmit attempts.
TimeoutThe timeout value for a server in seconds.
Output Example The output for the config.security.authentication.RADIUS.show
2-44
Enterprise Operating System Command Line Interface User Manual
PurposeThis command sets the CHAP secret that is associated with the
switch. This command effectively sets the secret for the local WWN
username in the local authentication user database. The switch secret
is used for all incoming CHAP challenges on the E port and N port
interfaces.
After issuing this command, you are directed to a “password”
prompt where the actual 16-byte secret is entered. After entering the
new secret, it must be confirmed in the following prompt. After
confirmation, you are returned to the initial prompt that the
command was executed from. No characters will be echoed back to
the screen when entering a password, or when confirming a
password. See Passwords and Secrets on page 1-14 for valid characters.
NOTE: The SANtegrity Authentication feature key must be installed to
configure switch secret.
ParametersThis command has no required parameters.
One of the fundamental concepts of the authentication portion of the
Command Line Interface is that all secured interfaces have
interchangeable users that are stored in a single local authentication
user database. In the past, CLI has supported authorization for only
two username/password pairs (one Administrator-level and another
Operator-level). These two username/password pairs were also
unique to CLI interface. With this release, a CLI user can now
configure multiple users for his own interface, as well as for other
management entities and FC connections. For this reason, the
security.userrights branch of commands has been removed from the
command tree.
config.security.authentication.user.add
Syntaxadd username interface1 [interface2]
PurposeThis command adds a new user to the local authentication database.
Each user can be assigned a combination of interfaces that will
authenticate the new username/password combination. After
executing this command, the user will be moved to a new password
prompt where the user will enter a password; the password must
then be confirmed in next prompt. After confirming the new
password, the user will be returned to the initial prompt. No
characters will be echoed back to the screen when entering a
password, or when confirming a password.
All new users will be assigned a role of “none”; a subsequent “role”
command must be executed to assign a role. Web and CLI users must
be assigned a role before they can access the CLI or Web interfaces.
NOTE: The SANtegrity Authentication feature key must be installed to
configure E port and N port usernames.
ParametersThis command has two required parameters, and an additional
password parameter at the prompt after the command.
2-46
Enterprise Operating System Command Line Interface User Manual
usernameThe new user name that will be added to
the local authentication database. If the
entered user name already exists in the
user database, an error will be shown.
This parameter can be from 1-23
characters in length for an API, Web or
CLI username. E Port and N Port
usernames must be entered as a standard
colon delimited WWN. All characters in
the printable USASCII character set are
valid with the exception of spaces, single
quotes, and double quotes.
interfacesThis is a list of interfaces that will be
assigned to the associated username.
Accepted values for this parameter are:
cli
web
api
eport
nport
config
2
passwordSets the password for the new login
NOTE: Currently the only possible combination of multiple interfaces
is (Web and CLI).
Command Example
Root> config security authentication user add
01:2A:3f:4:5:0:0 eport
config.security.authentication.user.delete
Syntaxdelete username
username. This parameter can be from
1-24 characters in length for a Web or CLI
password. CHAP secrets and FCCT keys
must be exactly 16 bytes long for API,
OSMS, E Port, and N Port interfaces. This
parameter will not be echoed to the
screen. See Passwords and Secrets on
page 1-14 for valid characters.
CLI Commands
2-47
config
2
PurposeThis command deletes an entry from the local authentication
database. Both the Web and CLI interfaces must have at least one
valid username with an “Administrator” role.
ParametersThis command has one parameter:
usernameA valid username in the local
authentication database.
Command Example
Root> config security authentication user delete
01:2A:3f:4:5:0:0
config.security.authentication.user.modify
Syntaxmodify username interface1 [interface2]
PurposeThis command modifies an existing user in the local authentication
database. The user password and the combination of interfaces can be
modified with this command. After executing this command, you are
prompted to enter a password, similar to behavior of the user.add
command.
The role of a user will remain the same unless the currently assigned
role is invalid for the new combination of interfaces. If the role is no
longer valid for an interface combination, the role will be changed
back to “none”. At least one username with an “Administrator” role
must exist in the user database at all times for both the Web and CLI
interfaces.
NOTE: The SANtegrity Authentication feature key must be installed to
configure E port and N port usernames.
2-48
Enterprise Operating System Command Line Interface User Manual
ParametersThis command has two required parameters, and an additional
password parameter at the prompt after the command:
usernameThe existing user name whose fields will
be modified in the local authentication
database. If the entered user name does
not exist in the user database, an error
will be shown. This parameter can be
from 1-23 characters in length for an API,
Web or CLI username. E Port and N Port
usernames must be entered as a standard
colon delimited WWN. All characters in
the printable USASCII character set are
valid with the exception of spaces, single
quotes, and double quotes.
interfacesThis is a list of interfaces that will be
assigned to the associated username.
Accepted values for this parameter are:
cli
web
api
eport
nport.
config
2
passwordSets the password for the existing
username. This parameter can be from
1-24 characters in length for a Web or CLI
username. CHAP secrets must be exactly
16 bytes long for API, OSMS, E Port, and
N Port interfaces. This parameter will not
be echoed to the screen. See Passwords and
Secrets on page 1-14 for valid characters.
NOTE: Currently the only possible combination of multiple interfaces is
(Web and CLI) or (E port or N port).
Command ExampleRoot> config security authentication user modify
01:2A:3f:4:5:0:0 nport
config.security.authentication.user.role
Syntaxrole username privilegeLevel
CLI Commands
2-49
config
2
PurposeThis command sets the role value that is associated to an existing
username. The role value can either be set to an administrator or an
operator. This value defaults to “none” when the user is first added to
the database. This value must be changed for all new CLI and Web
users before they will be allowed access to their respective interfaces.
ParametersThis command has two required parameters:
usernameA valid Web or CLI username in the local
authentication database.
privilegeLevelThis parameter assigns the privilege level
to a username. Currently only Web and
CLI users can be assigned a role value.
This parameter must be either
administrator or operator.
Command Example
Root> config security authentication user role
01:2A:3f:4:5:0:0 administrator
config.security.authentication.user.show
Syntaxshow interface
PurposeThis command displays a single interface from the local
authentication database.
ParametersThis command has one optional parameter:
interfaceThe interface that will be displayed.
Accepted values for this parameter are:
cli
web
api
eport
nport.
Command Example
Output ExampleThe output for the config.security.authentication.user.show
2-50
Enterprise Operating System Command Line Interface User Manual
Root> config security authentication user show web
Fabric Binding functionality, provided by the SANtegrity Binding
feature, allows you to bind the switch or director to specified fabrics
so that it can communicate only with those fabrics. With Fabric
Binding enabled, the product can communicate only with fabrics that
are included in the Fabric Binding Membership List (FBML).
Using Fabric Binding, you can allow specific switches to attach to
specific fabrics in the SAN. This provides security from accidental
fabric merges and potential fabric disruption when fabrics become
segmented because they cannot merge.
config
2
Fabric Binding
Commands
Fabric Binding
Membership
Terminology
The config.security.fabricBinding commands function in a different
way from most CLI commands, which are single action commands
that take effect immediately. Most of the Fabric Binding commands
affect a temporary copy of an FBML in the work area, which is called
the Pending FBML. When this temporary copy, the pending list, is
activated to the fabric, it is called the Active FBML.
ATTENTION! One factor to consider, when using CLI commands to view
and configure Fabric Binding settings, is that the SANpilot
change Fabric Binding status and FBMLs, if it is used at the same time as the
CLI.
®
interface can
Because not all the verification of the Pending FBML can occur on the
temporary copy in the work area, it is possible, however unlikely, that
the copy of the list encounters no errors until the list is activated to
the fabric.
NOTE: A Sphereon 4300 Switch cannot participate in a fabric, unless the
Fabric Capable feature is enabled. For more information, see the McDATA Sphereon 4300 Switch Installation and Service Manual (620-000171).
Two types of FBMLs are configured using the CLI:
CLI Commands
2-51
config
2
•Active FBML: When fabric binding is active, the active FBML is
the list of fabric members with which the product is allowed to
communicate. If fabric binding is disabled, this list is empty.
•Pending FBML: A list used to configure an FBML before it is
made active on the product. Changes to the pending FBML are
not implemented in the fabric until they are saved and activated
using the config.security.fabricBinding.activatePending command as
documented on page 2-53.
The following terms apply to the switches and directors that are part
of the FBMLs:
•Local: The switch or director product that you are configuring.
This is a required FBML member.
•Attached: A switch or director that is currently in a fabric with the
local product. Any switch and director that is attached is a
required FBML member.
•Unattached: A switch or director that is not currently in a fabric
with the local product. These switches and directors are
unattached if they have been added manually to the pending
FBML, or if they segmented from the local fabric.
Enable/Disable and
Online State Functions
In order for Fabric Binding to function, specific operating parameters
and optional features must be enabled. Also, there are specific
requirements for disabling these parameters and features when the
director or switch is offline or online. Be aware of the following:
•Because switches are bound to a fabric by World Wide Name
(WWN) and domain ID, the Insistent Domain ID option in the
Configure Switch Parameters dialog box is automatically enabled if
Fabric Binding is enabled. You cannot disable Insistent Domain
ID while Fabric Binding is active and the switch is online.
•If Fabric Binding is enabled and the switch is online, you cannot
disable Insistent Domain ID.
•If Fabric Binding is enabled and the director is offline, you can
disable Insistent Domain ID, but this will disable Fabric Binding.
•You cannot disable Fabric Binding if Enterprise Fabric Mode is
enabled. However, if Enterprise Fabric Mode is disabled, you can
disable Fabric Binding.
NOTE: Fabric Binding can be disabled when the switch is offline.
2-52
Enterprise Operating System Command Line Interface User Manual
config.security.fabricBinding.activatePending
SyntaxactivatePending
PurposeThis command activates the fabric binding configuration contained in
the pending work area to the fabric. The Pending FBML becomes the
Active FBML, and fabric binding is made functional.
NOTE: This command takes effect immediately. The CLI verifies the list
before activating it to the fabric.
PurposeThis command clears the Pending FBML in the working area.
Members that are attached remain in the list, because the Pending
FBML must contain all attached members to become active.
NOTE: This information is not saved to the fabric until the activatePending
command is issued. When the list is cleared, the CLI automatically adds the
managed switch to the Pending FBML.
ParametersThis command has no parameters.
Command Example
2-54
Enterprise Operating System Command Line Interface User Manual
Root> config security fabricBinding clearMemList
config.security.fabricbinding.deactivateFabBind
SyntaxdeactivateFabBind
PurposeThis command deactivates the active FBML on the fabric. The Active
FBML is erased when this command is executed.
NOTE: This command takes effect immediately in the fabric.