General Prerequisites
This section includes the following topics:
Before you begin
Before you can install Cisco DCNM, ensure that the Cisco DCNM system meets the following prerequisites:
-
Before installing Cisco DCNM, ensure that the host name is mapped with the IP address in the hosts file under the following location:
-
Microsoft Windows–C:\WINDOWS\system32\drivers\etc\hosts
-
Linux–/etc/hosts
Note
If Oracle RAC is chosen as the database for Cisco DCNM, ensure that the database host IP addresses and virtual IP addresses are added to the hosts file with their host-names.
-
-
For RHEL, the maximum shared memory size must be 256 MB or more. To configure the maximum shared memory to 256 MB, use the following command:
sysctl -w kernel.shmmax=268435456
This setting, kernel.shmmax=268435456, should be saved in the /etc/sysctl.conf file. If this setting is not present or if it is less than 268435456, the Cisco DCNM server will fail after the server system is rebooted. For more information, visit the following URL:
http://www.postgresql.org/docs/8.3/interactive/kernel-resources.htmlThe server system must be registered with the DNS servers. The server hosting DCNM application must be dedicated to run DCNM alone and must not be shared with any other applications which utilizes memory and system resources.
-
While using Remote PostgreSQL Database server, ensure that the Cisco DCNM Host IP addresses are added to the pg_hba.conf file present in the PostgreSQL installation directory. After the entries are added, restart the database.
-
Users installing Cisco DCNM must have full administrator privileges to create user accounts and start services. Users should also have access to all ports. For more information, see Running Cisco DCNM Behind a Firewall.
-
When you connect to the server for the first time, Cisco DCNM checks to see if you have the correct Sun Java Virtual Machine version installed on your local workstation. Cisco DCNM desktop clients look for version 1.8(x) during installation. If required, install the Sun Java Virtual Machine software.
Note
When launching the Cisco DCNM installer, the console command option is not supported.
Note
Using the Cisco DCNM installer in GUI mode requires that you must log in to the remote server using VNC or XWindows. Using Telnet or SSH to install Cisco DCNM in GUI mode is not possible.
Before you can use Cisco DCNM to manage network switches, you must complete the following tasks:
-
Install a supervisor module on each switch that you want to manage.
-
Configure the supervisor module with the following values using the setup routine or the CLI:
-
IP address assigned to the mgmt0 interface
-
SNMP credentials (v3 user name and password or v1/v2 communities), maintaining the same user name and password for all the switches in the fabric.
-
Initial Setup Routine
The first time that you access a Cisco NXOS-based switch for MDS or Nexus, it runs a setup program that prompts you for the IP address and other configuration information necessary for the switch to communicate over the supervisor module Ethernet interface. This information is required to configure and manage the switch. All Cisco Nexus or Cisco MDS switches have the network administrator as a default user (Admin). You cannot change the default user at any time. You must explicitly configure a strong password for any switch in the Cisco Nexus or Cisco MDS. The setup scenario differs based on the subnet to which you are adding the new switch:
-
Out-of-band management—This feature provides a connection to the network through a supervisor module front panel Ethernet port.
-
In-band management—This feature provides IP over Fibre Channel (IPFC) to manage the switches. The in-band management feature is transparent to the network management system (NMS).
Note |
IP address for a Cisco Nexus switch or a Cisco MDS switch can be set via CLI or USB key or POAP. |
Preparing to Configure the Switch
Before you configure a switch in the Cisco Nexus or Cisco MDS 9000 Family for the first time, you need the following information:
-
Administrator password, including:
-
Creating a password for the administrator (required).
-
Creating an additional login account and password (optional).
-
-
IP address for the switch management interface—The management interface can be an out-of-band Ethernet interface or an in-band Fibre Channel interface (recommended).
-
Subnet mask for the switch's management interface (optional).
-
IP addresses, including:
-
Destination prefix, destination prefix subnet mask, and next-hop IP address if you want to enable IP routing. Also, provide the IP address of the default network (optional).
-
Otherwise, provide an IP address of the default gateway (optional).
-
-
SSH service on the switch—To enable this optional service, select the type of SSH key (dsa/rsa/rsa1) and number of key bits (768 to 2048).
-
DNS IP address (optional).
-
Default domain name (optional).
-
NTP server IP address (optional).
-
SNMP community string (optional).
-
Switch name—This is your switch prompt (optional).
Note |
Be sure to configure the IP route, the IP default network address, and the IP default gateway address to enable SNMP access. If IP routing is enabled, the switch uses the IP route and the default network IP address. If IP routing is disabled, the switch uses the default gateway IP address. |
Note |
You should verify that the Cisco DCNM-SAN Server host name entry exists on the DNS server, unless the Cisco DCNM-SAN Server is configured to bind to a specific interface during installation. |
Default Login
All Cisco Nexus and Cisco MDS 9000 Family switches have the network administrator as a default user (Admin). You cannot change the default user at any time (see the Security Configuration Guide, Cisco DCNM for SAN).
You have an option to enforce a secure password for any switch in the Cisco MDS 9000 Family. If a password is trivial (short, easy-to-decipher), your password configuration is rejected. Be sure to configure a secure password (see the Security Configuration Guide, Cisco DCNM for SAN). If you configure and subsequently forget this new password, you have the option to recover this password (see the Security Configuration Guide, Cisco DCNM for SAN).
Note |
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM application might not function properly:
|
Setup Options
The setup scenario differs based on the subnet to which you are adding the new switch. You must configure a Cisco MDS 9000 Family switch or a Cisco Nexus switch with an IP address to enable management connections from outside of the switch (see Management Access to Switches).
Assigning Setup Information
This section describes how to initially configure the switch for both out-of-band and in-band management.
Note |
Press Ctrl + C at any prompt to skip the remaining configuration options and proceed with what is configured until that point. Entering a new password for the administrator is a requirement and cannot be skipped. |
Tip |
If you do not wish to answer a previously configured question, or if you wish to skip answers to any questions, press Enter . If a default answer is not available (for example, switch name), the switch uses what was previously configured and skips to the next question. |
Configuring Out-of-Band Management
You can configure both in-band and out-of-band configuration together by entering Yes in both in the following procedure.
Procedure
Step 1 |
Power on the switch. Switches in the Cisco Nexus and Cisco MDS 9000 Family boot automatically.
|
||
Step 2 |
Enter Yes to enforce a secure password. |
||
Step 3 |
Enter yes to enter the setup mode.
The setup utility guides you through the basic configuration process. Press Ctrl + C at any prompt to end the configuration process. |
||
Step 4 |
Enter the new password for the administrator (Admin is the default).
|
||
Step 5 |
Enter yes (no is the default) to create additional accounts.
While configuring your initial setup, you can create an additional user account (in the network administrator role) in addition to the administrator’s account. See the Security Configuration Guide, Cisco DCNM for SAN for information on default roles and permissions.
|
||
Step 6 |
Enter yes (no is the default) to create an SNMPv3 account.
|
||
Step 7 |
Enter yes (no is the default) to configure the read-only or read-write SNMP community string.
|
||
Step 8 |
Enter a name for the switch.
|
||
Step 9 |
Enter yes (yes is the default) to configure out-of-band management.
|
||
Step 10 |
Enter yes (yes is the default) to configure the default gateway (recommended).
|
||
Step 11 |
Enter yes (no is the default) to configure advanced IP options such as in-band management, static routes, default network, DNS, and domain name.
|
||
Step 12 |
Enter yes (no is the default) to enable Telnet service.
|
||
Step 13 |
Enter yes (no is the default) to enable the SSH service.
|
||
Step 14 |
Enter the SSH key type.
|
||
Step 15 |
Enter the number of key bits within the specified range.
|
||
Step 16 |
Enter yes (no is the default) to configure the NTP server.
|
||
Step 17 |
Enter noshut (shut is the default) to configure the default switch port interface to the shut state.
|
||
Step 18 |
Enter on (on is the default) to configure the switch port trunk mode.
|
||
Step 19 |
Enter no (no is the default) to configure switchport port mode F.
|
||
Step 20 |
Enter permit (deny is the default) to deny a default zone policy configuration.
This step permits traffic flow to all members of the default zone. |
||
Step 21 |
Enter yes (no is the default) to disable a full zone set distribution (see the Fabric Configuration Guide, Cisco DCNM for SAN). Disables the switch-wide default for the full zone set distribution feature.
You see the new configuration. Review and edit the configuration that you have just entered. |
||
Step 22 |
Enter no (no is the default) if you are satisfied with the configuration.
|
||
Step 23 |
Enter yes (yes is default) to use and save this configuration:
|
Configuring In-Band Management
The in-band management logical interface is VSAN 1. This management interface uses the Fibre Channel infrastructure to transport IP traffic. An interface for VSAN 1 is created on every switch in the fabric. Each switch should have its VSAN 1 interface that is configured with an IP address in the same subnetwork. A default route that points to the switch that provides access to the IP network should be configured on every switch in the Fibre Channel fabric (see Fabric Configuration Guide, Cisco DCNM for SAN).
Note |
You can configure both in-band and out-of-band configuration together by entering in the following procedure. |
Procedure
Step 1 |
Power on the switch. Switches in the Cisco MDS 9000 Family boot automatically. |
||
Step 2 |
Enter the new password for the administrator.
The password can contain a combination of alphabets, numeric, and special characters. The password can contain a combination of alphabets, numeric, and special characters. Do not use any of these special characters in the DCNM password for any deployment mode: <SPACE> & $ % ‘ “ ^ = < > ; : |
||
Step 3 |
Enter yes to enter the setup mode.
The setup utility guides you through the basic configuration process. Press Ctrl-C at any prompt to end the configuration process. |
||
Step 4 |
Enter no (no is the default) if you do not wish to create more accounts.
|
||
Step 5 |
Configure the read-only or read-write SNMP community string. |
||
Step 6 |
Enter a name for the switch.
|
||
Step 7 |
Enter no (yes is the default) at the configuration prompt to configure out-of-band management.
|
||
Step 8 |
Enter yes (yes is the default) to configure the default gateway.
|
||
Step 9 |
Enter yes (no is the default) to configure advanced IP options such as in-band management, static routes, default network, DNS, and domain name.
|
||
Step 10 |
Enter no (yes is the default) to disable Telnet service.
|
||
Step 11 |
Enter yes (no is the default) to enable the SSH service.
|
||
Step 12 |
Enter the SSH key type (see the Security Configuration Guide, Cisco DCNM for SAN) that you want to generate.
|
||
Step 13 |
Enter the number of key bits within the specified range.
|
||
Step 14 |
Enter no (no is the default) to configure the NTP server.
|
||
Step 15 |
Enter shut (shut is the default) to configure the default switch port interface to the shut state.
|
||
Step 16 |
Enter auto (off is the default) to configure the switch port trunk mode.
|
||
Step 17 |
Enter deny (deny is the default) to deny a default zone policy configuration.
This step denies traffic flow to all members of the default zone. |
||
Step 18 |
Enter no (no is the default) to disable a full zone set distribution.
This step disables the switch-wide default for the full zone set distribution feature. You see the new configuration. Review and edit the configuration that you have entered. |
||
Step 19 |
Enter no (no is the default) if you are satisfied with the configuration.
|
||
Step 20 |
Enter yes (yes is default) to use and save this configuration.
|
Using the setup Command
To make changes to the initial configuration at a later time, you can enter the setup command in EXEC mode.
switch# setup
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup always assumes a predefined defaults irrespective
of the current system configuration when invoked from CLI.
Press Enter incase you want to skip any dialog. Use ctrl-c at anytime
to skip away remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
The setup utility guides you through the basic configuration process.
Starting a Switch in the Cisco MDS 9000 Family
The following procedure is a review of the tasks you should have completed during hardware installation, including starting up the switch. These tasks must be completed before you can configure the switch.
Note |
You must use the CLI for initial switch start up. |
Procedure
Step 1 |
Verify the following physical connections for the new Cisco MDS 9000 Family switch:
|
||
Step 2 |
Verify that the default console port parameters are identical to those of the computer terminal (or terminal server) attached to the switch console port:
|
||
Step 3 |
Power on the switch. The switch boots automatically and the switch# prompt appears in your terminal window. |
Accessing the Switch
After initial configuration, you can access the switch in one of the three ways:
-
Serial console access—You can use a serial port connection to access the CLI.
-
In-band IP (IPFC) access—You can use Telnet or SSH to access a switch in the Cisco MDS 9000 Family or use SNMP to connect to a Cisco DCNM-SAN application.
-
Out-of-band (10/100BASE-T Ethernet) access—You can use Telnet or SSH to access a switch in the Cisco MDS 9000 Family or use SNMP to connect to a Cisco DCNM-SAN application.
After initial configuration, you can access the switch in one of three ways (see Switch Access Options):
-
Serial console access—You can use a serial port connection to access the CLI.
-
In-band IP (IPFC) access—You can use Telnet or SSH to access a switch in the Cisco MDS 9000 Family or use Cisco DCNM-SAN to access the switch.
-
Out-of-band (10/100BASE-T Ethernet) access—You can use Telnet or SSH to access a switch in the Cisco MDS 9000 Family or use Cisco DCNM-SAN to access the switch.