Configuring IP Services
This chapter includes the following topics:
Information About IP Services
Cisco MDS 9000 Family switches can route IP traffic between Ethernet and Fibre Channel interfaces. The IP static routing feature is used to route traffic between VSANs. To do so, each VSAN must be in a different IP subnetwork. Each Cisco MDS 9000 Family switch provides the following services for network management systems (NMSs):
-
IP forwarding on the out-of-band Ethernet interface (mgmt0) on the front panel of the supervisor modules.
-
IP forwarding on in-band Fibre Channel interface using the IP over Fibre Channel (IPFC) function—IPFC specifies how IP frames can be transported over Fibre Channel using encapsulation techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the Fibre Channel network without using an overlay Ethernet network.
-
IP routing (default routing and static routing)—If your configuration does not need an external router, you can configure a default route using static routing.
Switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. VRRP is a restartable application that provides a redundant, alternate path to the gateway switch.
Note For information about configuring IPv6, see Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
This section includes the following topics:
Traffic Management Services
In-band options are compliant with and use the RFC 2625 standards. An NMS host running the IP protocol over an Fibre Channel interface can access the switch using the IPFC functionality. If the NMS does not have a Fibre Channel HBA, in-band management can still be performed using one of the switches as an access point to the fabric as shown in Figure 41-1.
Figure 41-1 Management Access to Switches
Management Interface Configuration
The management interface on the switch allows multiple simultaneous Telnet or SNMP sessions. You can remotely configure the switch through the management interface, but first you must configure IP version 4 (IPv4) parameters (IP address, subnet mask) or an IP version 6 (IPv6) address and prefix length so that the switch is reachable. For information on configuring IPv6 addresses, see Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
On director class switches, a single IP address is used to manage the switch. The active supervisor module's management (mgmt0) interface uses this IP address. The mgmt0 interface on the standby supervisor module remains in an inactive state and cannot be accessed until a switchover happens. After a switchover, the mgmt0 interface on the standby supervisor module becomes active and assumes the same IP address as the previously active supervisor module.
Note The port on the Ethernet switch to which the MDS management interface is connected should be configured as a host port (also known as access port) instead of a switch port. Spanning tree configuration for that port (on the Ethernet switch) should disabled. This helps avoid the delay in the MDS management port coming up due to delay from Ethernet spanning tree processing that the Ethernet switch would run if enabled. For Cisco Ethernet switches, use either the switchport host command in Cisco IOS is or the set port host command in the Catalyst OS. Refer to the configuration guide for your Ethernet switch.
Note Before you begin to configure the management interface manually, obtain the switch’s IP address and IP subnet mask. Also make sure the console cable is connected to the console port.
About the Default Gateway
You can configure a default gateway IPv4 address on your Cisco MDS 9000 Family switch.
The default gateway IPv4 address should be configured along with the IPv4 static routing attributes (IP default network, destination prefix, and destination mask, and next hop address). If you configure the static route IP forwarding and the default-network details, these IPv4 addresses will be used regardless of the default-gateway being enabled or disabled.
The default gateway IPv4 address should be configured along with the IPv4 static routing attributes commands (IP default network, destination prefix, and destination mask, and next hop address).
Tip If you configure the static route IP forwarding and the default-network details, these IPv4 addresses will be used regardless of the default-gateway being enabled or disabled. If these IP addresses are configured but not available, the switch will fall back to using the default gateway IP address, if you have configured it. Be sure to configure IP addresses for all entries in the switch.
Use the
ip default-gateway
command to configure the IP address for a switch’s default gateway and the
show ip route
command to verify that the IPv4 address for the default gateway is configured.
IPv4 Default Network Configuration
If you assign the IPv4 default network address, the switch considers routes to that network as the last resort. If the IPv4 default network address is not available, the switch uses the IPv4 default gateway address. For every network configured with the IPv4 default network address, the switch flags that route as a candidate default route, if the route is available.
Tip If you configure the static route IP forwarding and the default network details, these IPv4 addresses will be used regardless of the default gateway being enabled or disabled. If these IPv4 addresses are configured and not available, the switch will fall back to using the default gateway IPv4 address, if you have configured it. Be sure to configure IPv4 addresses for all entries in the switch if you are using IPv4.
When the Ethernet interface is configured, the switch should point to the gateway router for the IP network. The host accesses the gateway using a gateway switch. This gateway switch is configured as the default gateway. The other switches in the fabric that are connected to the same VSAN as the gateway switch can also be connected through the gateway switch. Every interface connected to this VSAN should be configured with the VSAN IPv4 address of the gateway switch as shown in Figure 41-2.
Figure 41-2 Overlay VSAN Functionality
In Figure 41-1, switch A has the IPv4 address 1.12.11.1, switch B has the IPv4 address 1.12.11.2, switch C has the IPv4 address 1.12.11.3, and switch D has the IPv4 address 1.12.11.4. Switch A is the gateway switch with the Ethernet connection. The NMS uses the IPv4 address 1.1.1.10 to connect to the gateway switch. Frames forwarded to any switch in the overlaid VSAN 1 are routed through the gateway switch. Configuring the gateway switch’s IPv4 address (1.12.11.1) in the other switches enable the gateway switch to forward the frame to the intended destination. Similarly, if a non-gateway switch in the VSAN forwards a frame to the Ethernet, the frame is routed through the gateway switch.
When forwarding is disabled (default), IP frames are not sent from one interface to another. In these cases, the software performs local IP routing between two switches using the in-band option for Fibre Channel traffic and the mgmt0 option for Ethernet traffic.
When a VSAN is created, a VSAN interface is not created automatically. You need to specifically create the interface.
IPFC
IPFC provides IP forwarding on in-band switch management over a Fibre Channel interface (rather than out-of-band using the Gigabit Ethernet mgmt 0 interface). You can be use IPFC to specify that IP frames can be transported over Fibre Channel using encapsulation techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the Fibre Channel network without using an overlay Ethernet network.
Once the VSAN interface is created, you can specify the IP address for that VSAN. You can assign an IPv4 address or an IPv6 address.
Note See the Chapter 44, “Configuring IPv6 for Gigabit Ethernet Interfaces” for information about configuring IPv6 on the Cisco MDS 9000 Family switches.
About IPv4 Static Routes
Static routing is a mechanism to configure IPv4 routes on the switch. You can configure more than one static route.
If a VSAN has multiple exit points, configure static routes to direct traffic to the appropriate gateway switch. IPv4 routing is disabled by default on any gateway switch between the out-of-band management interface and the default VSAN, or between directly connected VSANs.
If your network configuration does not need an external router, you can configure IPv4 static routing on your MDS switch.
Note For information about IPv6 static routing, see the Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
About Overlay VSANs
VSANs enable deployment of larger SANs by overlaying multiple logical SANs, each running its own instance of fabric services, on a single large physical network. This partitioning of fabric services reduces network instability by containing fabric reconfiguration and error conditions within an individual VSAN. VSANs also provide the same isolation between individual VSANs as physically separated SANs. Traffic cannot cross VSAN boundaries and devices may not reside in more than one VSAN. Because each VSAN runs separate instances of fabric services, each VSAN has its own zone server and can be zoned in exactly the same way as SANs without VSAN capability.
About VRRP
Cisco MDS 9000 Family switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. VRRP provides a redundant alternative path to the gateway switch, which has connectivity to the NMS. VRRP has the following features:
-
VRRP is a restartable application.
-
When a VRRP master fails, the VRRP backup takes over within three times the advertisement time.
-
VRRP over Ethernet, VRRP over VSAN, and Fibre Channel functions are implemented as defined in RFC 2338 and the draft-ietf-vrrp-ipv6 specification.
-
A virtual router is mapped to each VSAN and Ethernet interface with its unique virtual router IP, virtual router MAC, and VR ID.
-
VR IDs can be reused in multiple VSANs with different virtual router IP mapping.
-
Both IPv4 and IPv6 is supported.
-
The management interface (mgmt 0) supports only one virtual router group. All other interfaces each support up to seven virtual router groups, including both IPv4 and IPv6 combined. Up to 255 virtual router groups can be assigned in each VSAN.
-
VRRP security provides three options, including no authentication, simple text authentication, and MD5 authentication.
Note If you are using IPv6, you must either configure an IPv6 address on the interface or enable IPv6 on the interface. For more information about IPv6, see Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
In Figure 41-3, switch A is the VRRP master and switch B is the VRRP backup switch. Both switches have an IP address to VRRP mapping configured. The other switches set switch A as the default gateway. If switch A fails, the other switches do not have to change the routing configurations as switch B automatically becomes the master and takes over the function of a gateway.
Figure 41-3 VRRP Functionality
In Figure 41-4, the fabric example has two virtual router groups (VR1 and VR 2) because a virtual router cannot span across different types of interfaces. In both switch 1 and switch 2, the Ethernet interface is in VR 1 and the FC interface is in VR 2. Each virtual router is uniquely identified by the VSAN interface and the VR ID.
Figure 41-4 Redundant Gateway
DNS Server Configuration
The DNS client on the switch communicates with the DNS server to perform the IP address-name server correspondence.
The DNS server may be dropped after two attempts because of one of the following reasons:
-
The IP address or the switch name is wrongly configured.
-
The DNS server is not reachable because external reasons (reasons beyond our control).
Note When accessing a Telnet host, if the DNS server is not reachable (for any reason) the switch login prompt may take a longer time to appear. If so, verify that the DNS server is accurately configured and reachable.
Guidelines and Limitations
Follow these guidelines to configure IPFC:
1. Create the VSAN to use for in-band management, if necessary.
2. Configure an IPv4 address and subnet mask for the VSAN interface.
3. Enable IPv4 routing.
4. Verify connectivity.
Default Settings
Table 41-1
lists the default settings for DNS features.
Table 41-1 Default DNS Settings
|
|
Domain lookup
|
Disabled
|
Domain name
|
Disabled
|
Domains
|
None
|
Domain server
|
None
|
Maximum domain servers
|
6
|
Table 41-2
lists the default settings for VRRP features.
Table 41-2 Default VRRP Settings
|
|
Virtual router state
|
Disabled
|
Maximum groups per VSAN
|
255
|
Maximum groups per Gigabit Ethernet port
|
7
|
Priority preemption
|
Disabled
|
Virtual router priority
|
100 for switch with secondary IP addresses
255 for switches with the primary IP address
|
Priority interface state tracking
|
Disabled
|
Advertisement interval
|
1 second for IPv4
100 centiseconds for IPv6
|
Configuring IP Services
This section includes the following topics:
Configuring Management Interface
To configure the mgmt0 Ethernet interface for IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config terminal
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface mgmt0
switch(config-if)#
|
Enters the interface configuration mode on the management Ethernet interface (mgmt0).
|
Step 3
|
switch(config-if)#
ip address 10.1.1.1 255.255.255.0
|
Enters the IPv4 address (10.1.1.1) and IPv4 subnet mask (255.255.255.0) for the management interface.
|
Step 4
|
switch(config-if)#
no shutdown
|
Enables the interface.
|
To configure the mgmt0 Ethernet interface for IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config terminal
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface mgmt0
switch(config-if)#
|
Enters the interface configuration mode on the management Ethernet interface (mgmt0).
|
Step 3
|
switch(config-if)#
ipv6 address 2001:0db8:800:200c::417a/64
|
Enters the IPv6 address (2001:0DB8:800:200C::417A) and IPv6 prefix length (/64) for the management interface and enables IPv6 processing on the interface.
|
switch(config-if)# ipv6 enable
|
Automatically configures a link-local IPv6 address on the interface and enables IPv6 processing on the interface.
|
Step 4
|
switch(config-if)#
no shutdown
|
Enables the interface.
|
To configure the mgmt0 Ethernet interface using Device Manager for IPv6, follow these steps:
Step 1 Select
Interface > Mgmt > Mgmt0
.
Step 2 Enter the description.
Step 3 Select the administrative state of the interface.
Step 4 Check the
CDP
check box to enable CDP.
Step 5 Enter the IP address mask.
Step 6 Click
Apply
to apply the changes.
Configuring the Default Gateway
To configure the default gateway, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip default-
gateway 1.12.11.1
|
Configures the IPv4 address for the default gateway.
|
To configure an IP route, follow these steps:
Step 1 Select Switches > Interfaces > Management, and select IP in the Physical Attributes pane.
Step 2 Click the Route tab in the information pane.
You see the IP route window showing the switch name, destination, mask, gateway, metric, interface, and active status of each IP route.
Step 3 Click the Create Row icon to add a new IP route.
Step 4 Complete the fields in this window.
-
Enter the switch name in the Switch field.
-
Configure a static route, by entering the destination network ID and subnet mask in the Routedest and Mask fields.
-
Configure a default gateway by entering the IP address of the seed switch in the Gateway field.
-
Set the Metric and Interface fields.
Note With Cisco NX-OS Release 4.2(1) and later, CPP interfaces also are available for selection when you create a new IP route.
Step 5 Click the Create icon.
To configure an IP route or identify the default gateway using Device Manager, follow these steps:
Step 1 Choose IP > Routes.
You see the IP Routes window.
Step 2 Create a new IP route or identify the default gateway on a switch by clicking Create.
Step 3 Complete the fields in this window.
-
Enter the switch name in the Switch field.
-
Configure a static route, by entering the destination network ID and subnet mask in the Routedest and Mask fields.
-
Configure a default gateway by entering the IP address of the seed switch in the Gateway field.
-
Set the Metric and Interface fields.
Note With Cisco NX-OS Release 4.2(1) and later, CPP interfaces also are available for selection when you create a new IP route.
If you choose the CPP interface, the switch uses the input CPP-assigned IP address and mask to generate the IP route prefix.
Step 4 Click Create to add the IP route.
Note You cannot delete the switch-generated IP route for the CPP interface. If you try to delete the IP route for the CPP interface, SNMP displays this error message:
ip: route type not supported.
Configuring Default Networks using IPV4
To configure default networks using IPv4 addresses, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip default-
network 190.10.1.0
|
Configures the IPv4 address for the default network (190.10.1.0).
|
switch(config)#
ip route 10.0.0.0 255.0.0.0 131.108.3.4
switch(config)#
ip default-network 10.0.0.0
|
Defines a static route to network 10.0.0.0 as the static default route.
|
Configuring an IPv4 Address in a VSAN
To create a VSAN interface and configure an IPv4 address for that interface, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Configures the interface for the specified VSAN (10).
|
Step 3
|
switch(config-if)#
ip address 10.0.0.12 255.255.255.0
|
Configures the IPv4 address and netmask for the selected interface.
|
Step 4
|
switch(config-if)#
no shutdown
|
Enables the interface.
|
Enabling IPv4 Routing
By default, the IPv4 routing feature is disabled in all switches.
To enable the IPv4 routing feature, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip routing
|
Enables IPv4 routing (disabled by default).
|
Step 3
|
switch(config)#
no ip routing
|
Disables IPv4 routing and reverts to the factory settings.
|
Configuring IPv4 Static Routes
To configure an IPv4 static route, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip route
network IP address netmask next hop IPv4 address
distance
number
interface
vsan number
For example:
switch(config)#
ip route 10.0.0.0 255.0.0.0 20.20.20.10 distance 10 interface vsan 1
switch(config)#
|
Configures the static route for the specified IPv4 address, subnet mask, next hop, distance, and interface.
|
Configuring Overlay VSANs
To configure an overlay VSAN, follow these steps:
Step 1 Add the VSAN to the VSAN database on all switches in the fabric.
Step 2 Create a VSAN interface for the VSAN on all switches in the fabric. Any VSAN interface belonging to the VSAN has an IP address in the same subnet. Create a route to the IPFC cloud on the IP side.
Step 3 Configure a default route on every switch in the Fibre Channel fabric pointing to the switch that provides NMS access.
Step 4 Configure the default gateway (route) and the IPv4 address on switches that point to the NMS as shown in Figure 41-5.
Figure 41-5 Overlay VSAN Configuration Example
Note To configure the management interface displayed in Figure 41-5, set the default gateway to an IPv4 address on the Ethernet network.
The following procedure configures an overlay VSAN in one switch. This procedure must be repeated for each switch in the fabric.
To configure an overlay VSAN in one switch (using the example in Figure 41-5), follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
vsan database
switch-config-vsan-db#
|
Configures the VSAN database.
|
Step 3
|
switch--config-vsan-db#
vsan 10 name MGMT_VSAN
|
Defines the VSAN in the VSAN database on all of the switches in the Fibre Channel fabric.
|
Step 4
|
switch--config-vsan-db#
exit
switch(config)#
|
Exits the VSAN database mode.
|
Step 5
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Creates a VSAN interface (VSAN 10).
|
Step 6
|
switch(config-if)#
ip address 10.10.10.0 netmask 255.255.255.0
|
Assigns an IPv4 address and subnet mask for this switch.
|
Step 7
|
switch(config-if)#
no shutdown
|
Enables the configured interface.
|
Step 8
|
switch(config-if)#
end
switch#
|
Exits to EXEC mode.
|
Step 9
|
switch#
exit
|
Exits the switch and returns to the NMS. In this example the NMS is assumed to be on the same subnet of the Ethernet management interface of the edge that provides access to the Fibre Channel fabric.
|
To configure the NMS station displayed in Figure 41-5, follow this step:
|
|
|
Step 1
|
nms#
route ADD 10.10.10.0 MASK 255.255.255.0 172.22.93.74
|
Defines a static route on the NMS pointing to the management interface of the edge switch that provides access to the Fibre Channel fabric.
|
Configuring Multiple VSANs
More than one VSAN can be used to segment the management network in multiple subnets. An active interface must be present on the switch for the VSAN interface to be enabled.
To configure multiple VSANs, follow these steps:
Step 1 Add the VSAN to the VSAN database on any switch in the fabric.
Step 2 Create a VSAN interface for the appropriate VSAN on any switch in the fabric.
Step 3 Assign an IP address on every VSAN interface on the same subnet as the corresponding VSAN.
Step 4 Define the multiple static routes on the Fibre Channel switches and the IP cloud as shown in Figure 41-6.
Figure 41-6 Multiple VSAN Configuration Example
To configure an overlay VSAN (using the example in Figure 41-6), follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
vsan database
switch-config-vsan-db#
|
Configures the VSAN database.
|
Step 3
|
switch-config-vsan-db#
vsan 10 name MGMT_VSAN_10
switch-config-vsan-db#
|
Defines the VSAN in the VSAN database on all of the switches in VSAN 10.
|
Step 4
|
switch-config-vsan-db#
exit
switch(config)#
|
Exits the VSAN database configuration submode.
|
Step 5
|
switch-config-vsan-db#
vsan 11 name MGMT_VSAN_11
switch-config-vsan-db#
|
Defines the VSAN in the VSAN database on all of the switches in VSAN 11.
|
Step 6
|
switch-config-vsan-db#
exit
switch(config)#
|
Exits the VSAN database configuration submode.
|
Step 7
|
switch(config)# i
nterface vsan 10
switch(config-if)#
|
Enters the interface configuration submode for VSAN 10.
|
Step 8
|
switch(config-if)#
ip address 10.10.10.0 netmask 255.255.255.0
switch(config-if)#
|
Assigns an IPv4 address and subnet mask for this interface.
|
Step 9
|
switch(config-if)#
no shutdown
|
Enables the configured interface for VSAN 10.
|
Step 10
|
switch(config-if)#
exit
switch(config)#
|
Exits the VSAN 10 interface mode.
|
Step 11
|
switch(config)# i
nterface vsan 11
switch(config-if)#
|
Enters the interface configuration submode for VSAN 11.
|
Step 12
|
switch(config-if)#
ip address 11.11.11.0 netmask 255.255.255.0
switch(config-if)#
|
Assigns an IPv4 address and subnet mask for this interface.
|
Step 13
|
switch(config-if)#
no shutdown
|
Enables the configured interface for VSAN 11.
|
Step 14
|
switch(config-if)#
end
switch#
|
Exits to EXEC mode.
|
Step 15
|
switch#
exit
|
Exits the switch and returns to the NMS. In this example the NMS is assumed to be on the same subnet of the Ethernet management interface of the edge that provides access to the Fibre Channel fabric.
|
Step 16
|
NMS#
route ADD 10.10.10.0 MASK 255.255.255.0 172.22.93.74
|
Defines a static route on the NMS pointing to the management interface of the edge switch that provides access to the IPv4 cloud.
|
Step 17
|
NMS#
route ADD 11.11.11.0 MASK 255.255.255.0 172.22.93.74
|
Defines a static route for VSAN 11 on the NMS pointing to the management interface of the edge switch that provides access to the Fibre Channel fabric.
|
Step 18
|
switch#
route 10.10.10.0 255.255.255.0 next_hop 11.11.11.35
|
Defines the route to reach subnet 10 from subnet 11.
|
Configuring VRRP
This section describes how to configure VRRP and includes the following topics:
Adding and Deleting a Virtual Router
All VRRP configurations should be replicated across switches in a fabric that runs VRRP.
Note The total number of VRRP groups that you can configure on a Gigabit Ethernet port, including main interfaces and subinterfaces, cannot exceed seven. This limitation applies to both IPv4 and IPv6 groups.
To create or remove a VR for IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates VR ID 250.
|
switch(config-if)#
no vrrp 250
|
Removes VR ID 250.
|
To create or remove a VR for IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp ipv6 250
switch(config-if-vrrp-ipv6)#
|
Creates VR ID 250.
|
switch(config-if)#
no vrrp ipv6 250
|
Removes VR ID 250.
|
Virtual Router Initiation
By default, a virtual router is always disabled. VRRP can be configured only if this state is enabled. Be sure to configure at least one IP address, either IPv4 or IPv6, before attempting to enable a VR.
To enable or disable a virtual router configure for IPv4, follow these steps:
|
|
|
Step 1
|
switch(config-if-vrrp)#
no
shutdown
|
Enables VRRP configuration.
|
switch(config-if-vrrp)#
shutdown
|
Disables VRRP configuration.
|
To enable or disable a virtual router configured for IPv6, follow these steps:
|
|
|
Step 1
|
switch(config-if-vrrp-ipv6)#
no
shutdown
|
Enables VRRP configuration.
|
switch(config-if-vrrp-ipv6)#
shutdown
|
Disables VRRP configuration.
|
Adding Virtual Router IP Addresses
One virtual router IP address can be configured for a virtual router. If the configured IP address is the same as the interface IP address, this switch automatically owns the IP address. You can configure either an IPv4 address or an IPv6 address.
According to the VRRP specification, the master VRRP router drops the packets addressed to the virtual router's IP address because the virtual router is only intended as a next-hop router to forward packets. In MDS switches however, some applications require that packets addressed to virtual router's IP address be accepted and delivered to them. By using the
secondary
option to the virtual router IPv4 address, the VRRP router will accept these packets when it is the master.
To manage IP addresses for virtual routers from Device Manager, follow these steps:
Step 1 Choose IP > VRRP. You see the Operations tab of the VRRP dialog box.
Step 2 Click the IP Addresses tab on the VRRP dialog box.
Step 3 To create a new VRRP entry, click Create. You see the Create VRRP IP Addresses window.
Step 4 Complete the fields in this window to create a new VRRP IP address, and click OK or Apply.
To configure an IPv4 address for a virtual router, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
interface ip address 10.0.0.12 255.255.255.0
|
Configures an IPv4 address and subnet mask. The IPv4 address must be configured before the VRRP is added.
|
Step 4
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates VR ID 250.
|
Step 5
|
switch(config-if-vrrp)#
address 10.0.0.10
|
Configures the IPv4 address for the selected VR.
Note This IP v4address should be in the same subnet as the IPv4 address of the interface.
|
switch(config-if-vrrp)#
no address 10.0.0.10
|
Removes the IP address for the selected VR.
|
Step 6
|
switch(config-if-vrrp)# address 10.0.0.10 secondary
|
Configures the IP address (10.0.0.10) as secondary for the selected VR.
Note The secondary option should be used only with applications that require VRRP routers to accept the packets sent to the virtual router's IP address and deliver to them. For example, iSNS requires this option (see the “Enabling the iSNS Server” section).
|
switch(config-if-vrrp)# no address 10.0.0.10 secondary
|
Removes the IP address (10.0.0.10) as secondary for the selected VR.
|
To configure an IPv6 address for a virtual router, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
interface ipv6 address 2001:0db8:800:200c::417a/64
|
Configures an IP address and prefix. The IPv6 address must be configured before the VRRP is added.
|
Step 4
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates VR ID 200.
|
Step 5
|
switch(config-if-vrrp-ipv6)#
address 2001:0db8:800:200c::417a
|
Assigns single primary link-local IPv6 address or one of the multiple secondary IPv6 addresses.
Note If this IPv6 address is the same as the physical IPv6 address, this switch is automatically the owner of this IPv6 address.
|
switch(config-if-vrrp-ipv6)#
no address 2001:0db8:800:200c::417a
|
Removes the IPv6 address for the selected VR.
|
Setting the Priority for the Virtual Router
The valid range to assign a virtual router priority is 1 to 254 with 1 being the lowest priority and 254 being the highest priority. The default value is 100 for switches with secondary IP addresses and 255 for switches with the primary IP address.
To set the priority for a virtual router using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
priority 2
|
Configures the priority for the selected VRRP.
Note Priority 255 cannot be preempted.
|
switch(config-if-vrrp)#
no priority
|
Reverts to the default value (100 for switch with the secondary IPv4 addresses and 255 for switches with the primary IPv4 address).
|
To set the priority for a virtual router using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
priority 2
|
Configures the priority for the selected VRRP.
Note Priority 255 cannot be preempted.
|
switch(config-if-vrrp-ipv6)#
no priority
|
Reverts to the default value (100 for switch with the secondary IPv6 addresses and 255 for switches with the primary IPv6 address).
|
Setting the Time Interval for Advertisement Packets
The valid time range for an advertisement packet on an interface using IPv4 is between 1 and 255 seconds. The default value is 1 (one) second. If the switch has the primary IP address, this time must be specified.
To set the time interval for advertisement packets for a virtual router using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 50
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
advertisement-interval 15
|
Sets the interval time in seconds between sending advertisement frames. The range is 1 to 255.
|
switch(config-if-vrrp)
#
no advertisement-interval
|
Reverts to the default value (1 second).
|
To set the time interval for advertisement packets for a virtual router using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
advertisement-interval 150
|
Sets the interval time in centiseconds between sending advertisement frames. The range is 100 to 4095. The default is 100 centiseconds.
|
switch(config-if-vrrp-ipv6)#
no advertisement-interval
|
Reverts to the default value (100 centiseconds).
|
Configuring or Enabling Priority Preemption
You can enable a higher-priority backup virtual router to preempt the lower-priority master virtual router.
Note If the virtual IP address is also the IP address for the interface, then preemption is implicitly applied.
Note The VRRP preemption is not supported on IP storage Gigabit Ethernet interfaces.
To enable or disable preempting when using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
preempt
|
Enables the higher priority backup virtual router to preempt the lower priority master virtual router.
Note This preemption does not apply to the primary IP address.
|
switch(config-if-vrrp)#
no preempt
|
Disables (default) the preempt option and allows the master to keep its priority level.
|
To enable or disable preempting when using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
preempt
|
Enables the higher priority backup virtual router to preempt the lower priority master virtual router.
Note This preemption does not apply to the primary IP address.
|
switch(config-if-vrrp-ipv6)#
no preempt
|
Disables (default) the preempt option and allows the master to keep its priority level.
|
Setting Virtual Router Authentication
VRRP security provides three options, including simple text authentication, MD5 authentication, and no authentication.
-
Simple text authentication uses a unique, 1 to 8 character password that is used by all switches participating in the same virtual router. This password should be different from other security passwords.
-
MD5 authentication uses a unique, 16 character key that is shared by all switches participating in the same virtual router. This secret key is shared by all switches in the same virtual router.
-
No authentication is the default option.
You can configure the key using the authentication option in the VRRP submode and distribute it using the configuration file. The security parameter index (SPI) settings assigned in this option should be unique for each VSAN.
Note All VRRP configurations must be duplicated.
Note VRRP router authentication does not apply to IPv6.
To set an authentication option for a virtual router, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
1
switch(config-if)#
|
Configures a VSAN interface (VSAN 1).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
authentication text password
|
Assigns the simple text authentication option and specifies the password for this option.
|
switch(config-if-vrrp)#
authentication md5 password2003 spi 0x2003
|
Assigns the MD5 authentication option and specifies the key and the unique SPI value for this option. The SPI and the valid range is 0x100 to 0xFFFFFFFF.
|
switch(config-if-vrrp)
#
no authentication
|
Assigns the no authentication option, which is the default.
|
Tracking the Interface Priority
Interface state tracking changes the priority of the virtual router based on the state of another interface in the switch. When the tracked interface is down, the priority reverts to the priority value for the virtual router (see the “Setting the Priority for the Virtual Router” section). When the tracked interface is up, the priority of the virtual router is restored to the interface state tracking value. You can track the state of either a specified VSAN interface or the management interface (mgmt 0). The interface state tracking feature is disabled by default.
Note For interface state tracking to function, you must enable preemption on the interface.
To track the interface priority for a virtual router using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
preempt
|
Enables priority preemption.
|
Step 5
|
switch(config-if-vrrp)#
track interface mgmt 0 priority 2
|
Specifies the priority of the virtual router to be modified based on the state of the management interface.
|
switch(config-if-vrrp)#
no track
|
Disables the tracking feature.
|
To track the interface priority for a virtual router using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
preempt
|
Enables priority preemption.
|
Step 5
|
switch(config-if-vrrp-ipv6)#
track interface mgmt 0 priority 2
|
Specifies the priority of the virtual router to be modified based on the state of the management interface.
Note You must enable IPv6 on the tracked interface for the priority tracking to take affect (see the “Configuring Basic Connectivity for IPv6” section). If IPv6 is not enabled, the interface state is treated as down by VRRP over IPv6, regardless of the actual state of the interface.
|
switch(config-if-vrrp-ipv6)#
no track
|
Disables the tracking feature.
|
Configuring DNS Server
To configure a DNS server, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip domain-lookup
|
Enables the IP Domain Naming System (DNS)-based host name-to-address translation.
|
switch(config)#
no
ip domain-lookup
|
Disables (default) the IP DNS-based host name-to-address translation and reverts to the factory default.
|
Step 3
|
switch(config)#
ip domain-name cisco.com
|
Enables the default domain name feature used to complete unqualified host names. Any IP host name that does not contain a domain name (that is, any name without a dot) will have the dot and cisco.com appended to it before being added to the host table.
|
switch(config)#
no
ip domain-name cisco.com
|
Disables (default) the domain name.
|
Step 4
|
switch(config)#
ip domain-list harvard.edu
switch(config)#
ip domain-list stanford.edu
switch(config)#
ip domain-list yale.edu
|
Defines a filter of default domain names to complete unqualified host names by using the ip domain-list global configuration command. You can define up to 10 domain names in this filter. To delete a name from a filter, use the no form of this command.
|
switch(config)#
no
ip domain-list
|
Deletes the defined filter and reverts to factory default. No domains are configured by default.
|
Note If you have not configured a domain list, the domain name that you specified with the ip domain-name global configuration command is used. If you configured a domain list, the default domain name is not used. The ip domain-list command is similar to the ip domain-name command, except that with the ip domain-list command you can define a list of domains, each to be tried in turn.
|
Step 5
|
switch(config)#
ip name-server 15.1.0.1 2001:0db8:800:200c::417a
|
Specifies the first address (15.1.0.1) as the primary server and the second address (2001:0db8:800:200c::417a) as the secondary server. You can configure a maximum of six servers.
|
switch(config)#
no
ip name-server
|
Deletes the configured server(s) and reverts to factory default. No server is configured by default.
|
Note
|
Alternatively, you can configure the DNS entry using the switch names (instead of IP addresses). The configured switch name automatically looks up the corresponding IP address.
|
Verifying IP Services Configuration
To display IP services configuration information, perform one of the following tasks:
|
|
show ip routing
|
Displays the IP routing status.
|
show arp
|
Displays the ARP table.
|
switch(config)# no arp 172.2.0.1
|
Removes an ARP entry from the ARP table.
|
clear arp-cache
|
Delete all entries from the ARP table. The ARP table is empty by default.
|
show vrrp vr 7 interface vsan 2 configuration
|
Displays IPv4 VRRP configured information
|
show vrrp vr 7 interface vsan 2 status
|
Displays IPv4 VRRP status information.
|
show vrrp vr 7 interface vsan 2 statistics
|
Displays IPv4 VRRP statistics.
|
show vrrp ipv6 vr 1
|
Displays IPv6 VRRP information.
|
show vrrp ipv6 vr 1 interface gigabitethernet 1/5 configuration
|
Displays IPv6 VRRP interface configuration information.
|
show vrrp ipv6 vr 1 interface gigabitethernet 1/5 status
|
Displays IPv6 VRRP interface status information.
|
show vrrp ipv6 vr 1 interface gigabitethernet 1/5 statistics
|
Displays IPv6 VRRP statistics.
|
show vrrp statistics
|
Displays VRRP cumulative statistics.
|
switch# clear vrrp Statistics
|
Clears VRRP statistics.
|
clear vrrp vr 1 interface vsan 1
|
Clears VRRP statistics on a specified interface.
|
clear vrrp ipv4 vr 7 interface vsan 2
|
Clears VRRP IPv4 statistics on a specified interface.
|
clear vrrp ipv6 vr 7 interface vsan 2
|
Clears VRRP IPv6 statistics on a specified interface.
|
show hosts
|
Displays configured host details.
|
This section includes the following topics:
Verifying the Default Gateway Configuration
Use the
show ip route
command to verify the default gateway configuration.
Codes: C - connected, S - static Gateway of last resort is 1.12.11.1 S 5.5.5.0/24 via 1.1.1.1, GigabitEthernet1/1 C 1.12.11.0/24 is directly connected, mgmt0 C 1.1.1.0/24 is directly connected, GigabitEthernet1/1 C 3.3.3.0/24 is directly connected, GigabitEthernet1/6 C 3.3.3.0/24 is directly connected, GigabitEthernet1/5 S 3.3.3.0/24 via 1.1.1.1, GigabitEthernet1/1
Verifying the VSAN Interface Configuration
Use the
show interface vsan
command to verify the configuration of the VSAN interface.
Note You can see the output for this command only if you have previously configured a VSAN interface.
switch# show interface vsan 1 vsan1 is down (Administratively down) WWPN is 10:00:00:0c:85:90:3e:85, FCID not assigned Internet address is 10.0.0.12/24 MTU 1500 bytes, BW 1000000 Kbit 0 packets input, 0 bytes, 0 errors, 0 multicast 0 packets output, 0 bytes, 0 errors, 0 dropped
Verifying the IPv4 Routing Configuration
Use the
show ip routing
command to verify the IPv4 routing configuration.
switch(config)# show ip routing
Verifying IPv4 Static Route Information
Use the
show ip route
command to verifying the IPv4 static route configuration.
switch# show ip route configured Destination Gateway Mask Metric Interface default 172.22.95.1 0.0.0.0 0 mgmt0 10.1.1.0 0.0.0.0 255.255.255.0 0 vsan1 172.22.95.0 0.0.0.0 255.255.255.0 0 mgmt0
Use the
show ip route
command to verifying the active and connected IPv4 static route.
Codes: C - connected, S - static Default gateway is 172.22.95.1 C 172.22.95.0/24 is directly connected, mgmt0 C 10.1.1.0/24 is directly connected, vsan1
Example 41-1 Displays the IP Routing Status
Displaying and Clearing ARPs
Address Resolution Protocol (ARP) entries in Cisco MDS 9000 Family switches can be displayed, deleted, or cleared. The ARP feature is enabled on all switches.
-
Use the
show arp
command to display the ARP table.
Protocol Address Age (min) Hardware Addr Type Interface Internet 171.1.1.1 0 0006.5bec.699c ARPA mgmt0 Internet 172.2.0.1 4 0000.0c07.ac01 ARPA mgmt0
-
Use the
no
arp
command in configuration mode to remove an ARP entry from the ARP table.
switch(config)# no arp 172.2.0.1
-
Use the
clear arp
command to delete all entries from the ARP table. The ARP table is empty by default.
Displaying IPv4 VRRP Information
Use the
show vrrp vr
command to display configured IPv4 VRRP information (see Examples
41-2
to
41-4
).
Example 41-2 Displays IPv4 VRRP Configured Information
switch# show vrrp vr 7 interface vsan 2 configuration tracking interface vsan1 priority 2
Example 41-3 Displays IPv4 VRRP Status Information
switch# show vrrp vr 7 interface vsan 2 status MAC address 00:00:5e:00:01:07
Example 41-4 Displays IPv4 VRRP Statistics
switch# show vrrp vr 7 interface vsan 2 statistics Advertisement Interval Error 0 Invalid Authentication Type 0 Mismatch Authentication 0
Displaying IPv6 VRRP Information
Use the
show vrrp ipv6 vr
command to display configured IPv6 VRRP information (see Example 41-5 through Example 41-9).
Example 41-5 Displays IPv6 VRRP Information
switch# show vrrp ipv6 vr 1 Interface VR IpVersion Pri Time Pre State VR IP addr --------------------------------------------------------------------------- GigE1/5 1 IPv6 100 100cs master 2004::1 GigE1/6 1 IPv6 100 100cs backup 2004::1
Example 41-6 Displays IPv6 VRRP Interface Configuration Information
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 configuration IPv6 vr id 1 configuration advertisement-interval 100
Example 41-7 Displays IPv6 VRRP Interface Status Information
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 status MAC address 00:00:5e:00:02:01 Operational state: master Master IP address: fe80::20c:30ff:feda:96dc
Example 41-8 Displays IPv6 VRRP Statistics
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 statistics Advertisement Interval Error 0
Displaying VRRP Statistics
Use the
show vrrp statistics
command to display configured IPv6 VRRP information (see Example
41-9
).
Example 41-9 Displays VRRP Cumulative Statistics
switch# show vrrp statistics
Clearing VRRP Statistics
Use the
clear vrrp statistics
command to clear all the VRRP statistics for all interfaces on the switch (see Example 41-10).
Example 41-10 Clears VRRP Statistics
switch# clear vrrp Statistics
Use the
clear vrrp vr
command to clear both the IPv4 and IPv6 VRRP statistics for a specified interface (see Example 41-10).
Example 41-11 Clears VRRP Statistics on a Specified Interface
switch# clear vrrp vr 1 interface vsan 1
Use the
clear vrrp ipv4
command to clear all the statistics for the specified IPv4 virtual router (see Example 41-12).
Example 41-12 Clears VRRP IPv4 Statistics on a Specified Interface
switch# clear vrrp ipv4 vr 7 interface vsan 2
Use the
clear vrrp ipv6
command to clear all the statistics for the specified IPv6 virtual router (see Example 41-13).
Example 41-13 Clears VRRP IPv6 Statistics on a Specified Interface
switch# clear vrrp ipv6 vr 7 interface vsan 2
Displaying DNS Host Information
Use the
show hosts
command to display the DNS configuration (see Example 41-14).
Example 41-14 Displays Configured Host Details
Default domain is cisco.com
Domain list: ucsc.edu harvard.edu yale.edu stanford.edu
Name/address lookup uses domain service
Name servers are 15.1.0.1 15.2.0.0
Configuration Examples for IP Services
This section describe an example configuration for IPFC. Figure 41-7 shows an example network.
The example network has the following links:
-
Switch_1 is connected to the main network by the mgmt 0 interface and to the fabric by an ISL.
-
Switch_2 and Switch_3 are connected to the fabric by an ISL but are not connected to the main network.
Figure 41-7 IPFC Example Network
The following steps show how to configure Switch_1 in the example network in Figure 41-7:
Step 1 Create the VSAN interface and enter interface configuration submode.
switch_1(config)# interface vsan 1
Step 2 Configure the IP address and subnet mask.
switch_1(config-if)# ip address 10.1.1.1 255.0.0.0
Step 3 Enable the VSAN interface and exit interface configuration submode.
switch_1(config-if)# no shutdown switch_1(config-if)# exit
Step 4 Enable IPv4 routing.
switch_1(config)# ip routing
Step 5 Display the routes.
Codes: C - connected, S - static C 172.16.1.0/23 is directly connect, mgmt0 C 10.0.0.0./8 is directly connected, vsan1
The following steps show how to configure Switch_2 in the example network in Figure 41-7:
Step 1 Enable the mgmt 0 interface.
Note Configure this switch using the console connection.
switch_2(config)# interface mgmt 0 switch_2(config-if)# no shutdown switch_2(config-if)# exit
Step 2 Create the VSAN interface and enter interface configuration submode.
switch_2(config)# interface vsan 1
Step 3 Configure the IP address and subnet mask.
switch_2(config-if)# ip address 10.1.1.2 255.0.0.0
Step 4 Enable the VSAN interface and exit interface configuration submode.
switch_2(config-if)# no shutdown switch_2(config-if)# exit
Step 5 Enable IPv4 routing.
switch_2(config)# ip routing
Step 6 Display the routes.
Codes: C - connected, S - static C 10.0.0.0./8 is directly connected, vsan1
Step 7 Verify the connectivity to Switch_1.
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.618 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.528 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.567 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 4998 ms rtt min/avg/max/mdev = 0.528/0.570/0.618/0.057 ms
The following steps show how to configure Switch_3 in the example network in Figure 41-7:
Step 1 Enable the mgmt 0 interface.
Note Configure this switch using the console connection.
switch_3(config)# interface mgmt 0 switch_3(config-if)# no shutdown switch_3(config-if)# exit switch_3(config)# interface vsan 1
Step 2 Configure the IP address and subnet mask.
switch_3(config-if)# ip address 10.1.1.3 255.0.0.0
Step 3 Enable the VSAN interface and exit interface configuration submode.
switch_3(config-if)# no shutdown switch_3(config-if)# exit
Step 4 Enable IPv4 routing.
switch_3(config)# ip routing
Step 5 Display the routes.
Codes: C - connected, S - static C 10.0.0.0./8 is directly connected, vsan1
Step 6 Verify the connectivity to Switch_1.
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=1.19 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.510 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.653 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008 ms rtt min/avg/max/mdev = 0.510/0.787/1.199/0.297 ms
Field Descriptions for IP Services
This section describes the field descriptions.
IP Routes
|
|
Routing Enabled
|
When this check box is enabled, the switch is acting as in IP router.
|
Destination, Mask, Gateway
|
The value that identifies the local interface through which the next hop of this route should be reached.
|
Metric
|
The primary routing metric for this route.
|
Interface
|
The local interface through which the next hop of this route should be reached.
|
Active
|
Indicates whether the route is active.
|
IP Statistics ICMP
|
|
InParmProbs
|
The number of ICMP Parameter Problem messages received.
|
OutParmProbs
|
The number of ICMP Parameter Problem messages sent.
|
InSrcQuenchs
|
The number of ICMP Source Quench messages received.
|
InRedirects
|
The number of ICMP Redirect messages received.
|
InEchos
|
The number of ICMP Echo (request) messages received.
|
InEchoReps
|
The number of ICMP Echo Reply messages received.
|
InTimestamps
|
The number of ICMP Timestamp (request) messages received.
|
InTimestampReps
|
The number of ICMP Timestamp Reply messages received.
|
InAddrMasks
|
The number of ICMP Address Mask Request messages received.
|
InAddrMaskReps
|
The number of ICMP Address Mask Reply messages received.
|
InDestUnreachs
|
The number of ICMP Destination Unreachable messages received.
|
InTimeExcds
|
The number of ICMP Time Exceeded messages received.
|
OutSrcQuenchs
|
The number of ICMP Source Quench messages sent.
|
OutRedirects
|
The number of ICMP Redirect messages sent. For a host, this value will always be N/A, since hosts do not send redirects.
|
OutEchos
|
The number of ICMP Echo (request) messages sent.
|
OutEchoReps
|
The number of ICMP Echo Reply messages sent.
|
OutTimestamps
|
The number of ICMP Timestamp (request) messages sent.
|
OutTimestampReps
|
The number of ICMP Timestamp Reply messages sent.
|
OutAddrMasks
|
The number of ICMP Address Mask Request messages sent.
|
OutAddrMaskReps
|
The number of ICMP Address Mask Reply messages sent.
|
OutDestUnreachs
|
The number of ICMP Destination Unreachable messages sent.
|
OutTimeExcds
|
The number of ICMP Time Exceeded messages sent.
|
IP Statistics IP
|
|
InHdrErrors
|
The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
|
InAddrErrors
|
The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity. For entities that are not IP routers, and do not forward datagrams, this counter includes datagrams discarded because the destination address was not a local address.
|
InUnknownProtos
|
The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.
|
InDiscards
|
The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly.
|
OutDiscards
|
The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (for example, for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such frames met this (discretionary) discard criterion.
|
OutNoRoutes
|
The number of IP datagrams discarded because no route could be found to transmit them to their destination. Note that this counter includes any frames counted in ipForwDatagrams which meet this no-route criterion. Note that this includes any datagrams which a host cannot route because all of its default routers are down.
|
FragFails
|
The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be, for example, because their Don't Fragment flag was set.
|
ReasmFails
|
The number of failures detected by the IP reassembly algorithm (for example, timed out, errors, etc). Note that this is not necessarily a count of discarded IP fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received.
|
InReceives
|
The total number of input datagrams received from interfaces, including those received in error.
|
InDelivers
|
The total number of input datagrams successfully delivered to IP user protocols (including ICMP).
|
OutRequests
|
The total number of IP datagrams which local IP user protocols (including ICMP) supplied to IP in requests for transmission. Note that this counter does not include any datagrams counted in ipForwDatagrams.
|
ForwDatagrams
|
The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP routers, this counter will include only those frames which were source-routed via this entity, and the Source-Route option processing was successful.
|
FragOKs
|
The number of IP datagrams that have been successfully fragmented at this entity.
|
FragCreates
|
The number of IP datagram fragments that have been generated as a result of fragmentation at this entity.
|
ReasmReqds
|
The number of IP fragments received which needed to be reassembled at this entity.
|
ReasmOKs
|
The number of IP datagrams successfully reassembled.
|
IP Statistics SNMP
|
|
BadVersions
|
The total number of SNMP messages which were delivered to the SNMP entity and were for an unsupported SNMP version.
|
BadCommunityNames
|
The total number of SNMP messages delivered to the SNMP entity which used a SNMP community name not known to said entity.
|
BadCommunityUses
|
The total number of SNMP messages delivered to the SNMP entity which represented an SNMP operation which was not allowed by the SNMP community named in the message.
|
ASNParseErrs
|
The total number of ASN.1 or BER errors encountered by the SNMP entity when decoding received SNMP messages.
|
TooBigs
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is tooBig.
|
SilentDrops
|
The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the size of a reply containing an alternate Response-PDU with an empty variable-bindings field was greater than either a local constraint or the maximum message size associated with the originator of the request.
|
ProxyDrops
|
The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the transmission of the (possibly translated) message to a proxy target failed in a manner (other than a timeout) such that no Response-PDU could be returned.
|
NoSuchNames
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is noSuchName.
|
BadValues
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is badValue.
|
ReadOnlys
|
The total number valid SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is readOnly. It should be noted that it is a protocol error to generate an SNMP PDU which contains the value readOnly in the error-status field, as such this is provided as a means of detecting incorrect implementations of the SNMP.
|
GenErrs
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is genErr.
|
Pkts
|
The total number of messages delivered to the SNMP entity from the transport service.
|
GetRequests
|
The total number of SNMP Get-Request PDUs which have been accepted and processed by the SNMP protocol entity.
|
GetNexts
|
The total number of SNMP Get-Next PDUs which have been accepted and processed by the SNMP protocol entity.
|
SetRequests
|
The total number of SNMP Set-Request PDUs which have been accepted and processed by the SNMP protocol entity.
|
OutTraps
|
The total number of SNMP Trap PDUs which have been generated by the SNMP protocol entity.
|
OutGetResponses
|
The total number of SNMP Get-Response PDUs which have been generated by the SNMP protocol entity.
|
OutPkts
|
The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service.
|
TotalReqVars
|
The total number of MIB objects which have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs.
|
TotalSetVars
|
The total number of MIB objects which have been altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
|
IP Statistics UDP
|
|
InErrors
|
The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port.
|
InDatagrams
|
The total number of UDP datagrams delivered to UDP users.
|
OutDatagrams
|
The total number of UDP datagrams sent from this entity.
|
NoPorts
|
The total number of received UDP datagrams for which there was no application at the destination port.
|
mgmt0 Statistics
|
|
InErrors
|
Total number of received errors on the interface.
|
OutErrors
|
Total number of transmitted errors on the interface.
|
InDiscards
|
Total number of received discards on the interface.
|
OutDiscards
|
Total number of transmitted discards on the interface.
|
RxBytes
|
Total number of bytes received.
|
TxBytes
|
Total number of bytes transmitted.
|
RxFrames
|
Total number of frames received.
|
TxFrames
|
Total number of frames transmitted.
|
TCP UDP TCP
|
|
State
|
The state of this TCP connection.
|
TCP UDP UDP
|
|
Port
|
The local port number for this UDP listener.
|
VRRP General
|
|
IP Address Type, VrId, Interface
|
The IP address type (IPv4, IPv6, or DNS), the virtual router ID, and the interface.
|
Admin
|
The admin state of the virtual router (active or notInService).
|
Oper
|
The current state of the virtual router. There are three defined values:
-
initialize— Indicates that all the virtual router is waiting for a startup event.
-
backup— Indicates the virtual router is monitoring the availability of the master router.
-
master— Indicates that the virtual router is forwarding frames for IP addresses that are associated with this router.
|
Priority
|
Specifies the priority to be used for the virtual router master election process. Higher values imply higher priority. A priority of 0 is sent by the master router to indicate that this router has ceased to participate in VRRP and a backup virtual router should transition to become a new master. A priority of 255 is used for the router that owns the associated IP address(es).
|
AdvInterval
|
The time interval, in seconds, between sending advertisement messages. Only the master router sends VRRP advertisements.
|
PreemptMode
|
Controls whether a higher priority virtual router will preempt a lower priority master.
|
UpTime
|
When this virtual router transitioned out of initialized.
|
Version
|
The VRRP version on which this VRRP instance is running.
|
AcceptMode
|
Controls whether a virtual router in Master state will accept packets addressed to the address owner's IPv6 address as its own if it is not the IPv6 address owner. If true, the virtual router in Master state will accept. If false, the virtual router in Master state will not accept.
|
VRRP IP Addresses
|
|
Interface, VRRP ID, IP Address
|
Interface, Virtual Router Redundancy Protocol ID, and associated IP address.
|
VRRP Statistics
|
|
IP Address Type, VrId, Interface
|
The IP address type (IPv4, IPv6, or DNS), the virtual router ID, and the interface.
|
LastAdvRx
|
The total number of VRRP advertisements received by this virtual router.
|
Protocol Traffic MasterIpAddr
|
The master router's real (primary) IP address. This is the IP address listed as the source in VRRP advertisement last received by this virtual router.
|
Protocol Traffic BecomeMaster
|
The total number of times that this virtual router's state has transitioned to MASTER.
|
Priority 0 Rx
|
The total number of VRRP frames received by the virtual router with a priority of 0.
|
Priority 0Tx
|
The total number of VRRP frames sent by the virtual router with a priority of 0.
|
AuthErrors InvalidType
|
The total number of frames received with an unknown authentication type.
|
Other Errors dvIntervalErrors
|
The total number of VRRP advertisement frames received for which the advertisement interval is different than the one configured for the local virtual router.
|
Other Errors IpTtlErrors
|
The total number of VRRP frames received by the virtual router with IP TTL (time-to-live) not equal to 255.
|
Other Errors InvalidTypePktsRcvd
|
The number of VRRP frames received by the virtual router with an invalid value in the type field.
|
Other Errors AddressListErrors
|
The total number of frames received for which the address list does not match the locally configured list for the virtual router.
|
OtherErrors PacketLengthErrs
|
The total number of frames received with a frame length less than the length of the VRRP header.
|
RefreshRate
|
The interval of time between refreshes.
|
CDP General
|
|
Enable
|
Whether the Cisco Discovery Protocol is currently running. Entries in CacheTable are deleted when CDP is disabled.
|
MessageInterval
|
The interval at which CDP messages are to be generated. The default value is 60 seconds.
|
HoldTime
|
The time for the receiving device holds CDP message. The default value is 180 seconds.
|
LastChange
|
When the cache table was last changed.
|
CDP Neighbors
|
|
Switch
|
The Internet address for this entity.
|
Local Interface
|
A unique value that identifies the interface on this FCIP device to which this link pertains.
|
DeviceName
|
The remote device's name. By convention, it is the device's fully qualified domain name.
|
DeviceID
|
The device ID string as reported in the most recent CDP message.
|
DevicePlatform
|
The version string as reported in the most recent CDP message.
|
Interface
|
The port ID string as reported in the most recent CDP message.
|
IPAddress
|
The (first) network-layer address of the device's SNMP-agent as reported in the address TLV of the most recently received CDP message.
|
NativeVLAN
|
The remote device's interface's native VLAN, as reported in the most recent CDP message. The value 0 indicates no native VLAN field (TLV) was reported in the most recent CDP message.
|
PrimaryMgmtAddr
|
Indicates the (first) network layer address at which the device will accept SNMP messages as reported in the most recently received CDP message.
|
SecondaryMgmtAddr
|
Indicates the alternate network layer address at which the device will accept SNMP messages as reported in the most recently received CDP message.
|
iSNS Profiles
|
|
Addr
|
The address of the iSNS server.
|
Port
|
The TCP port of the iSNS server.
|
iSNS Servers
|
|
Name
|
The name of the iSNS server.
|
TcpPort
|
The TCP port used for iSNS messages. If TCP is not supported by this server, the value is 0.
|
Uptime
|
The time the server has been active.
|
ESI Non Response Threshold
|
The number of ESI messages that will be sent without receiving a response before an entity is unregistered from the iSNS database.
|
# Entities
|
The number of entities registered in iSNS on the server.
|
# Portals
|
The number of portals registered in iSNS on the server.
|
# Portal Groups
|
The number of portal groups registered in iSNS on the server.
|
# iSCSI Devices
|
The number of iSCSI Nodes registered in iSNS on the server.
|
iSNS Entities
|
|
Entity ID
|
The iSNS entity identifier for the entity.
|
Last Accessed
|
The time the entity was last accessed.
|
iSNS Cloud Discovery
|
|
AutoDiscovery
|
Whether automatic cloud discovery is turned on or off.
|
DiscoveryDelay
|
Time duration between successive IP cloud discovery runs.
|
Discovery
|
The IP network discovery command to be executed.
-
all- Run IP network discovery for all the gigabit Ethernet interfaces in the fabric.
-
noOp (default)- No operation is performed.
|
CommandStatus
|
The status of the license install / uninstall / update operation.
-
success— Discovery operation completed successfully.
-
nProgress— Discovery operation is in progress.
-
none— No discovery operation is performed.
-
NoIpNetworkNameSpecified— IP Cloud name not specified.
-
invalidNetworkName— IP Cloud is not configured.
-
NoIPSPortNameSpecified— Gigabit Ethernet port if index not specified.
-
invalidIPSPortName— Invalid Gigabit Ethernet port interface.
-
generalISNSFailure— General ISNS server failure.
|
iSNS Clouds
|
|
Id
|
The ID of the IP cloud.
|
Switch WWN
|
The WWN of the switch in this table.
|
iSNS Cloud Interfaces
|
|
Name, Switch WWN, Interface, Address
|
The name, switch WWN, interface, and address of the cloud.
|
Monitor Dialog Controls
|
|
Line Chart
|
Opens a new window with a line chart representation of the data.
|
Area Chart
|
Opens a new window with an area chart representation of the data.
|
Bar Chart
|
Opens a new window with a bar chart representation of the data.
|
Pie Chart
|
Opens a new window with a pie chart representation of the data.
|
Reset Cumulative Counters
|
Resets the counters to 0 if the Column Data display mode is set to Cumulative.
|
Export to File
|
Opens a standard Save dialog box. The data is saved as a .TXT file.
|
Print
|
Opens a standard Print dialog box.
|
Update Frequency
|
The interval at which the data is updated in the monitor dialog.
|
Column Data
|
Specifies the type of data that is displayed in the monitor dialog.
-
Absolute Value— Displays the total amount since the switch was booted. This is the default for error monitoring.
-
Cumulative—Displays the total amount since the dialog was opened. You can reset the counters by clicking the Reset Cumulative Counters button, to gather a new set of cumulative data.
-
Minimum/sec— Displays the minimum value per second at every refresh interval.
-
Maximum/sec— Displays the maximum value per second at every refresh interval.
-
Last Value/sec— Displays the most recent value per second at every refresh interval. This is the default setting for traffic monitoring.
|
Elapsed
|
The amount of time that has elapsed since the dialog was opened. You can reset this counter by clicking the Reset Cumulative Counters button, to gather a new set of cumulative data.
|
iSNS Details iSCSI Nodes
|
|
Name
|
The iSCSI name of the initiator or target associated with the storage node.
|
Type
|
The Node Type bit-map defining the functions of this iSCSI node, where 31 is a Target, 30 is an Initiator, 29 is a Control, and all others are reserved.
|
Alias
|
The Alias name of the iSCSI node.
|
ScnBitmap
|
The State Change Notification (SCN) bitmap for a node.
|
WWN Token
|
An optional globally unique 64-bit integer value that can be used to represent the world wide node name of the iSCSI device in a Fibre Channel fabric.
|
AuthMethod
|
The iSCSI authentication method enabled for this iSCSI node.
|
iSNS Details Portals
|
|
Addr
|
The Internet address for this portal.
|
TcpPort
|
The port number for this portal.
|
SymName
|
The optional Symbolic Name for this portal.
|
EsiInterval
|
The Entity Status Inquiry (ESI) Interval for this portal.
|
TCP ESI
|
The TCP port number used for ESI monitoring.
|
TCP Scn
|
The TCP port used to receive SCN messages from the iSNS server.
|
SecurityInfo
|
Security attribute settings for the portal as registered in the Portal Security Bitmap attribute.
|
Additional References
For additional information related to implementing IP storage, see the following section:
Related Document
|
|
Cisco MDS 9000 Family Command Reference
|
Cisco MDS 9000 Family Command Reference, Release 5.0(1a)
|
Standards
|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
–
|
RFCs
|
|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified.
|
–
|
MIBs
|
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified.
|
To locate and download MIBs, go to the following URL:
http://www.cisco.com/dc-os/mibs
|
Configuring IP Services
This chapter includes the following topics:
Information About IP Services
Cisco MDS 9000 Family switches can route IP traffic between Ethernet and Fibre Channel interfaces. The IP static routing feature is used to route traffic between VSANs. To do so, each VSAN must be in a different IP subnetwork. Each Cisco MDS 9000 Family switch provides the following services for network management systems (NMSs):
-
IP forwarding on the out-of-band Ethernet interface (mgmt0) on the front panel of the supervisor modules.
-
IP forwarding on in-band Fibre Channel interface using the IP over Fibre Channel (IPFC) function—IPFC specifies how IP frames can be transported over Fibre Channel using encapsulation techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the Fibre Channel network without using an overlay Ethernet network.
-
IP routing (default routing and static routing)—If your configuration does not need an external router, you can configure a default route using static routing.
Switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. VRRP is a restartable application that provides a redundant, alternate path to the gateway switch.
Note For information about configuring IPv6, see Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
This section includes the following topics:
Traffic Management Services
In-band options are compliant with and use the RFC 2625 standards. An NMS host running the IP protocol over an Fibre Channel interface can access the switch using the IPFC functionality. If the NMS does not have a Fibre Channel HBA, in-band management can still be performed using one of the switches as an access point to the fabric as shown in Figure 41-1.
Figure 41-1 Management Access to Switches
Management Interface Configuration
The management interface on the switch allows multiple simultaneous Telnet or SNMP sessions. You can remotely configure the switch through the management interface, but first you must configure IP version 4 (IPv4) parameters (IP address, subnet mask) or an IP version 6 (IPv6) address and prefix length so that the switch is reachable. For information on configuring IPv6 addresses, see Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
On director class switches, a single IP address is used to manage the switch. The active supervisor module's management (mgmt0) interface uses this IP address. The mgmt0 interface on the standby supervisor module remains in an inactive state and cannot be accessed until a switchover happens. After a switchover, the mgmt0 interface on the standby supervisor module becomes active and assumes the same IP address as the previously active supervisor module.
Note The port on the Ethernet switch to which the MDS management interface is connected should be configured as a host port (also known as access port) instead of a switch port. Spanning tree configuration for that port (on the Ethernet switch) should disabled. This helps avoid the delay in the MDS management port coming up due to delay from Ethernet spanning tree processing that the Ethernet switch would run if enabled. For Cisco Ethernet switches, use either the switchport host command in Cisco IOS is or the set port host command in the Catalyst OS. Refer to the configuration guide for your Ethernet switch.
Note Before you begin to configure the management interface manually, obtain the switch’s IP address and IP subnet mask. Also make sure the console cable is connected to the console port.
About the Default Gateway
You can configure a default gateway IPv4 address on your Cisco MDS 9000 Family switch.
The default gateway IPv4 address should be configured along with the IPv4 static routing attributes (IP default network, destination prefix, and destination mask, and next hop address). If you configure the static route IP forwarding and the default-network details, these IPv4 addresses will be used regardless of the default-gateway being enabled or disabled.
The default gateway IPv4 address should be configured along with the IPv4 static routing attributes commands (IP default network, destination prefix, and destination mask, and next hop address).
Tip If you configure the static route IP forwarding and the default-network details, these IPv4 addresses will be used regardless of the default-gateway being enabled or disabled. If these IP addresses are configured but not available, the switch will fall back to using the default gateway IP address, if you have configured it. Be sure to configure IP addresses for all entries in the switch.
Use the
ip default-gateway
command to configure the IP address for a switch’s default gateway and the
show ip route
command to verify that the IPv4 address for the default gateway is configured.
IPv4 Default Network Configuration
If you assign the IPv4 default network address, the switch considers routes to that network as the last resort. If the IPv4 default network address is not available, the switch uses the IPv4 default gateway address. For every network configured with the IPv4 default network address, the switch flags that route as a candidate default route, if the route is available.
Tip If you configure the static route IP forwarding and the default network details, these IPv4 addresses will be used regardless of the default gateway being enabled or disabled. If these IPv4 addresses are configured and not available, the switch will fall back to using the default gateway IPv4 address, if you have configured it. Be sure to configure IPv4 addresses for all entries in the switch if you are using IPv4.
When the Ethernet interface is configured, the switch should point to the gateway router for the IP network. The host accesses the gateway using a gateway switch. This gateway switch is configured as the default gateway. The other switches in the fabric that are connected to the same VSAN as the gateway switch can also be connected through the gateway switch. Every interface connected to this VSAN should be configured with the VSAN IPv4 address of the gateway switch as shown in Figure 41-2.
Figure 41-2 Overlay VSAN Functionality
In Figure 41-1, switch A has the IPv4 address 1.12.11.1, switch B has the IPv4 address 1.12.11.2, switch C has the IPv4 address 1.12.11.3, and switch D has the IPv4 address 1.12.11.4. Switch A is the gateway switch with the Ethernet connection. The NMS uses the IPv4 address 1.1.1.10 to connect to the gateway switch. Frames forwarded to any switch in the overlaid VSAN 1 are routed through the gateway switch. Configuring the gateway switch’s IPv4 address (1.12.11.1) in the other switches enable the gateway switch to forward the frame to the intended destination. Similarly, if a non-gateway switch in the VSAN forwards a frame to the Ethernet, the frame is routed through the gateway switch.
When forwarding is disabled (default), IP frames are not sent from one interface to another. In these cases, the software performs local IP routing between two switches using the in-band option for Fibre Channel traffic and the mgmt0 option for Ethernet traffic.
When a VSAN is created, a VSAN interface is not created automatically. You need to specifically create the interface.
IPFC
IPFC provides IP forwarding on in-band switch management over a Fibre Channel interface (rather than out-of-band using the Gigabit Ethernet mgmt 0 interface). You can be use IPFC to specify that IP frames can be transported over Fibre Channel using encapsulation techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the Fibre Channel network without using an overlay Ethernet network.
Once the VSAN interface is created, you can specify the IP address for that VSAN. You can assign an IPv4 address or an IPv6 address.
Note See the Chapter 44, “Configuring IPv6 for Gigabit Ethernet Interfaces” for information about configuring IPv6 on the Cisco MDS 9000 Family switches.
About IPv4 Static Routes
Static routing is a mechanism to configure IPv4 routes on the switch. You can configure more than one static route.
If a VSAN has multiple exit points, configure static routes to direct traffic to the appropriate gateway switch. IPv4 routing is disabled by default on any gateway switch between the out-of-band management interface and the default VSAN, or between directly connected VSANs.
If your network configuration does not need an external router, you can configure IPv4 static routing on your MDS switch.
Note For information about IPv6 static routing, see the Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
About Overlay VSANs
VSANs enable deployment of larger SANs by overlaying multiple logical SANs, each running its own instance of fabric services, on a single large physical network. This partitioning of fabric services reduces network instability by containing fabric reconfiguration and error conditions within an individual VSAN. VSANs also provide the same isolation between individual VSANs as physically separated SANs. Traffic cannot cross VSAN boundaries and devices may not reside in more than one VSAN. Because each VSAN runs separate instances of fabric services, each VSAN has its own zone server and can be zoned in exactly the same way as SANs without VSAN capability.
About VRRP
Cisco MDS 9000 Family switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. VRRP provides a redundant alternative path to the gateway switch, which has connectivity to the NMS. VRRP has the following features:
-
VRRP is a restartable application.
-
When a VRRP master fails, the VRRP backup takes over within three times the advertisement time.
-
VRRP over Ethernet, VRRP over VSAN, and Fibre Channel functions are implemented as defined in RFC 2338 and the draft-ietf-vrrp-ipv6 specification.
-
A virtual router is mapped to each VSAN and Ethernet interface with its unique virtual router IP, virtual router MAC, and VR ID.
-
VR IDs can be reused in multiple VSANs with different virtual router IP mapping.
-
Both IPv4 and IPv6 is supported.
-
The management interface (mgmt 0) supports only one virtual router group. All other interfaces each support up to seven virtual router groups, including both IPv4 and IPv6 combined. Up to 255 virtual router groups can be assigned in each VSAN.
-
VRRP security provides three options, including no authentication, simple text authentication, and MD5 authentication.
Note If you are using IPv6, you must either configure an IPv6 address on the interface or enable IPv6 on the interface. For more information about IPv6, see Chapter44, “Configuring IPv6 for Gigabit Ethernet Interfaces”
In Figure 41-3, switch A is the VRRP master and switch B is the VRRP backup switch. Both switches have an IP address to VRRP mapping configured. The other switches set switch A as the default gateway. If switch A fails, the other switches do not have to change the routing configurations as switch B automatically becomes the master and takes over the function of a gateway.
Figure 41-3 VRRP Functionality
In Figure 41-4, the fabric example has two virtual router groups (VR1 and VR 2) because a virtual router cannot span across different types of interfaces. In both switch 1 and switch 2, the Ethernet interface is in VR 1 and the FC interface is in VR 2. Each virtual router is uniquely identified by the VSAN interface and the VR ID.
Figure 41-4 Redundant Gateway
DNS Server Configuration
The DNS client on the switch communicates with the DNS server to perform the IP address-name server correspondence.
The DNS server may be dropped after two attempts because of one of the following reasons:
-
The IP address or the switch name is wrongly configured.
-
The DNS server is not reachable because external reasons (reasons beyond our control).
Note When accessing a Telnet host, if the DNS server is not reachable (for any reason) the switch login prompt may take a longer time to appear. If so, verify that the DNS server is accurately configured and reachable.
Guidelines and Limitations
Follow these guidelines to configure IPFC:
1. Create the VSAN to use for in-band management, if necessary.
2. Configure an IPv4 address and subnet mask for the VSAN interface.
3. Enable IPv4 routing.
4. Verify connectivity.
Default Settings
Table 41-1
lists the default settings for DNS features.
Table 41-1 Default DNS Settings
|
|
Domain lookup
|
Disabled
|
Domain name
|
Disabled
|
Domains
|
None
|
Domain server
|
None
|
Maximum domain servers
|
6
|
Table 41-2
lists the default settings for VRRP features.
Table 41-2 Default VRRP Settings
|
|
Virtual router state
|
Disabled
|
Maximum groups per VSAN
|
255
|
Maximum groups per Gigabit Ethernet port
|
7
|
Priority preemption
|
Disabled
|
Virtual router priority
|
100 for switch with secondary IP addresses
255 for switches with the primary IP address
|
Priority interface state tracking
|
Disabled
|
Advertisement interval
|
1 second for IPv4
100 centiseconds for IPv6
|
Configuring IP Services
This section includes the following topics:
Configuring Management Interface
To configure the mgmt0 Ethernet interface for IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config terminal
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface mgmt0
switch(config-if)#
|
Enters the interface configuration mode on the management Ethernet interface (mgmt0).
|
Step 3
|
switch(config-if)#
ip address 10.1.1.1 255.255.255.0
|
Enters the IPv4 address (10.1.1.1) and IPv4 subnet mask (255.255.255.0) for the management interface.
|
Step 4
|
switch(config-if)#
no shutdown
|
Enables the interface.
|
To configure the mgmt0 Ethernet interface for IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config terminal
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface mgmt0
switch(config-if)#
|
Enters the interface configuration mode on the management Ethernet interface (mgmt0).
|
Step 3
|
switch(config-if)#
ipv6 address 2001:0db8:800:200c::417a/64
|
Enters the IPv6 address (2001:0DB8:800:200C::417A) and IPv6 prefix length (/64) for the management interface and enables IPv6 processing on the interface.
|
switch(config-if)# ipv6 enable
|
Automatically configures a link-local IPv6 address on the interface and enables IPv6 processing on the interface.
|
Step 4
|
switch(config-if)#
no shutdown
|
Enables the interface.
|
To configure the mgmt0 Ethernet interface using Device Manager for IPv6, follow these steps:
Step 1 Select
Interface > Mgmt > Mgmt0
.
Step 2 Enter the description.
Step 3 Select the administrative state of the interface.
Step 4 Check the
CDP
check box to enable CDP.
Step 5 Enter the IP address mask.
Step 6 Click
Apply
to apply the changes.
Configuring the Default Gateway
To configure the default gateway, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip default-
gateway 1.12.11.1
|
Configures the IPv4 address for the default gateway.
|
To configure an IP route, follow these steps:
Step 1 Select Switches > Interfaces > Management, and select IP in the Physical Attributes pane.
Step 2 Click the Route tab in the information pane.
You see the IP route window showing the switch name, destination, mask, gateway, metric, interface, and active status of each IP route.
Step 3 Click the Create Row icon to add a new IP route.
Step 4 Complete the fields in this window.
-
Enter the switch name in the Switch field.
-
Configure a static route, by entering the destination network ID and subnet mask in the Routedest and Mask fields.
-
Configure a default gateway by entering the IP address of the seed switch in the Gateway field.
-
Set the Metric and Interface fields.
Note With Cisco NX-OS Release 4.2(1) and later, CPP interfaces also are available for selection when you create a new IP route.
Step 5 Click the Create icon.
To configure an IP route or identify the default gateway using Device Manager, follow these steps:
Step 1 Choose IP > Routes.
You see the IP Routes window.
Step 2 Create a new IP route or identify the default gateway on a switch by clicking Create.
Step 3 Complete the fields in this window.
-
Enter the switch name in the Switch field.
-
Configure a static route, by entering the destination network ID and subnet mask in the Routedest and Mask fields.
-
Configure a default gateway by entering the IP address of the seed switch in the Gateway field.
-
Set the Metric and Interface fields.
Note With Cisco NX-OS Release 4.2(1) and later, CPP interfaces also are available for selection when you create a new IP route.
If you choose the CPP interface, the switch uses the input CPP-assigned IP address and mask to generate the IP route prefix.
Step 4 Click Create to add the IP route.
Note You cannot delete the switch-generated IP route for the CPP interface. If you try to delete the IP route for the CPP interface, SNMP displays this error message:
ip: route type not supported.
Configuring Default Networks using IPV4
To configure default networks using IPv4 addresses, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip default-
network 190.10.1.0
|
Configures the IPv4 address for the default network (190.10.1.0).
|
switch(config)#
ip route 10.0.0.0 255.0.0.0 131.108.3.4
switch(config)#
ip default-network 10.0.0.0
|
Defines a static route to network 10.0.0.0 as the static default route.
|
Configuring an IPv4 Address in a VSAN
To create a VSAN interface and configure an IPv4 address for that interface, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Configures the interface for the specified VSAN (10).
|
Step 3
|
switch(config-if)#
ip address 10.0.0.12 255.255.255.0
|
Configures the IPv4 address and netmask for the selected interface.
|
Step 4
|
switch(config-if)#
no shutdown
|
Enables the interface.
|
Enabling IPv4 Routing
By default, the IPv4 routing feature is disabled in all switches.
To enable the IPv4 routing feature, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip routing
|
Enables IPv4 routing (disabled by default).
|
Step 3
|
switch(config)#
no ip routing
|
Disables IPv4 routing and reverts to the factory settings.
|
Configuring IPv4 Static Routes
To configure an IPv4 static route, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip route
network IP address netmask next hop IPv4 address
distance
number
interface
vsan number
For example:
switch(config)#
ip route 10.0.0.0 255.0.0.0 20.20.20.10 distance 10 interface vsan 1
switch(config)#
|
Configures the static route for the specified IPv4 address, subnet mask, next hop, distance, and interface.
|
Configuring Overlay VSANs
To configure an overlay VSAN, follow these steps:
Step 1 Add the VSAN to the VSAN database on all switches in the fabric.
Step 2 Create a VSAN interface for the VSAN on all switches in the fabric. Any VSAN interface belonging to the VSAN has an IP address in the same subnet. Create a route to the IPFC cloud on the IP side.
Step 3 Configure a default route on every switch in the Fibre Channel fabric pointing to the switch that provides NMS access.
Step 4 Configure the default gateway (route) and the IPv4 address on switches that point to the NMS as shown in Figure 41-5.
Figure 41-5 Overlay VSAN Configuration Example
Note To configure the management interface displayed in Figure 41-5, set the default gateway to an IPv4 address on the Ethernet network.
The following procedure configures an overlay VSAN in one switch. This procedure must be repeated for each switch in the fabric.
To configure an overlay VSAN in one switch (using the example in Figure 41-5), follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
vsan database
switch-config-vsan-db#
|
Configures the VSAN database.
|
Step 3
|
switch--config-vsan-db#
vsan 10 name MGMT_VSAN
|
Defines the VSAN in the VSAN database on all of the switches in the Fibre Channel fabric.
|
Step 4
|
switch--config-vsan-db#
exit
switch(config)#
|
Exits the VSAN database mode.
|
Step 5
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Creates a VSAN interface (VSAN 10).
|
Step 6
|
switch(config-if)#
ip address 10.10.10.0 netmask 255.255.255.0
|
Assigns an IPv4 address and subnet mask for this switch.
|
Step 7
|
switch(config-if)#
no shutdown
|
Enables the configured interface.
|
Step 8
|
switch(config-if)#
end
switch#
|
Exits to EXEC mode.
|
Step 9
|
switch#
exit
|
Exits the switch and returns to the NMS. In this example the NMS is assumed to be on the same subnet of the Ethernet management interface of the edge that provides access to the Fibre Channel fabric.
|
To configure the NMS station displayed in Figure 41-5, follow this step:
|
|
|
Step 1
|
nms#
route ADD 10.10.10.0 MASK 255.255.255.0 172.22.93.74
|
Defines a static route on the NMS pointing to the management interface of the edge switch that provides access to the Fibre Channel fabric.
|
Configuring Multiple VSANs
More than one VSAN can be used to segment the management network in multiple subnets. An active interface must be present on the switch for the VSAN interface to be enabled.
To configure multiple VSANs, follow these steps:
Step 1 Add the VSAN to the VSAN database on any switch in the fabric.
Step 2 Create a VSAN interface for the appropriate VSAN on any switch in the fabric.
Step 3 Assign an IP address on every VSAN interface on the same subnet as the corresponding VSAN.
Step 4 Define the multiple static routes on the Fibre Channel switches and the IP cloud as shown in Figure 41-6.
Figure 41-6 Multiple VSAN Configuration Example
To configure an overlay VSAN (using the example in Figure 41-6), follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
vsan database
switch-config-vsan-db#
|
Configures the VSAN database.
|
Step 3
|
switch-config-vsan-db#
vsan 10 name MGMT_VSAN_10
switch-config-vsan-db#
|
Defines the VSAN in the VSAN database on all of the switches in VSAN 10.
|
Step 4
|
switch-config-vsan-db#
exit
switch(config)#
|
Exits the VSAN database configuration submode.
|
Step 5
|
switch-config-vsan-db#
vsan 11 name MGMT_VSAN_11
switch-config-vsan-db#
|
Defines the VSAN in the VSAN database on all of the switches in VSAN 11.
|
Step 6
|
switch-config-vsan-db#
exit
switch(config)#
|
Exits the VSAN database configuration submode.
|
Step 7
|
switch(config)# i
nterface vsan 10
switch(config-if)#
|
Enters the interface configuration submode for VSAN 10.
|
Step 8
|
switch(config-if)#
ip address 10.10.10.0 netmask 255.255.255.0
switch(config-if)#
|
Assigns an IPv4 address and subnet mask for this interface.
|
Step 9
|
switch(config-if)#
no shutdown
|
Enables the configured interface for VSAN 10.
|
Step 10
|
switch(config-if)#
exit
switch(config)#
|
Exits the VSAN 10 interface mode.
|
Step 11
|
switch(config)# i
nterface vsan 11
switch(config-if)#
|
Enters the interface configuration submode for VSAN 11.
|
Step 12
|
switch(config-if)#
ip address 11.11.11.0 netmask 255.255.255.0
switch(config-if)#
|
Assigns an IPv4 address and subnet mask for this interface.
|
Step 13
|
switch(config-if)#
no shutdown
|
Enables the configured interface for VSAN 11.
|
Step 14
|
switch(config-if)#
end
switch#
|
Exits to EXEC mode.
|
Step 15
|
switch#
exit
|
Exits the switch and returns to the NMS. In this example the NMS is assumed to be on the same subnet of the Ethernet management interface of the edge that provides access to the Fibre Channel fabric.
|
Step 16
|
NMS#
route ADD 10.10.10.0 MASK 255.255.255.0 172.22.93.74
|
Defines a static route on the NMS pointing to the management interface of the edge switch that provides access to the IPv4 cloud.
|
Step 17
|
NMS#
route ADD 11.11.11.0 MASK 255.255.255.0 172.22.93.74
|
Defines a static route for VSAN 11 on the NMS pointing to the management interface of the edge switch that provides access to the Fibre Channel fabric.
|
Step 18
|
switch#
route 10.10.10.0 255.255.255.0 next_hop 11.11.11.35
|
Defines the route to reach subnet 10 from subnet 11.
|
Configuring VRRP
This section describes how to configure VRRP and includes the following topics:
Adding and Deleting a Virtual Router
All VRRP configurations should be replicated across switches in a fabric that runs VRRP.
Note The total number of VRRP groups that you can configure on a Gigabit Ethernet port, including main interfaces and subinterfaces, cannot exceed seven. This limitation applies to both IPv4 and IPv6 groups.
To create or remove a VR for IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates VR ID 250.
|
switch(config-if)#
no vrrp 250
|
Removes VR ID 250.
|
To create or remove a VR for IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan 10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp ipv6 250
switch(config-if-vrrp-ipv6)#
|
Creates VR ID 250.
|
switch(config-if)#
no vrrp ipv6 250
|
Removes VR ID 250.
|
Virtual Router Initiation
By default, a virtual router is always disabled. VRRP can be configured only if this state is enabled. Be sure to configure at least one IP address, either IPv4 or IPv6, before attempting to enable a VR.
To enable or disable a virtual router configure for IPv4, follow these steps:
|
|
|
Step 1
|
switch(config-if-vrrp)#
no
shutdown
|
Enables VRRP configuration.
|
switch(config-if-vrrp)#
shutdown
|
Disables VRRP configuration.
|
To enable or disable a virtual router configured for IPv6, follow these steps:
|
|
|
Step 1
|
switch(config-if-vrrp-ipv6)#
no
shutdown
|
Enables VRRP configuration.
|
switch(config-if-vrrp-ipv6)#
shutdown
|
Disables VRRP configuration.
|
Adding Virtual Router IP Addresses
One virtual router IP address can be configured for a virtual router. If the configured IP address is the same as the interface IP address, this switch automatically owns the IP address. You can configure either an IPv4 address or an IPv6 address.
According to the VRRP specification, the master VRRP router drops the packets addressed to the virtual router's IP address because the virtual router is only intended as a next-hop router to forward packets. In MDS switches however, some applications require that packets addressed to virtual router's IP address be accepted and delivered to them. By using the
secondary
option to the virtual router IPv4 address, the VRRP router will accept these packets when it is the master.
To manage IP addresses for virtual routers from Device Manager, follow these steps:
Step 1 Choose IP > VRRP. You see the Operations tab of the VRRP dialog box.
Step 2 Click the IP Addresses tab on the VRRP dialog box.
Step 3 To create a new VRRP entry, click Create. You see the Create VRRP IP Addresses window.
Step 4 Complete the fields in this window to create a new VRRP IP address, and click OK or Apply.
To configure an IPv4 address for a virtual router, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
interface ip address 10.0.0.12 255.255.255.0
|
Configures an IPv4 address and subnet mask. The IPv4 address must be configured before the VRRP is added.
|
Step 4
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates VR ID 250.
|
Step 5
|
switch(config-if-vrrp)#
address 10.0.0.10
|
Configures the IPv4 address for the selected VR.
Note This IP v4address should be in the same subnet as the IPv4 address of the interface.
|
switch(config-if-vrrp)#
no address 10.0.0.10
|
Removes the IP address for the selected VR.
|
Step 6
|
switch(config-if-vrrp)# address 10.0.0.10 secondary
|
Configures the IP address (10.0.0.10) as secondary for the selected VR.
Note The secondary option should be used only with applications that require VRRP routers to accept the packets sent to the virtual router's IP address and deliver to them. For example, iSNS requires this option (see the “Enabling the iSNS Server” section).
|
switch(config-if-vrrp)# no address 10.0.0.10 secondary
|
Removes the IP address (10.0.0.10) as secondary for the selected VR.
|
To configure an IPv6 address for a virtual router, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
interface ipv6 address 2001:0db8:800:200c::417a/64
|
Configures an IP address and prefix. The IPv6 address must be configured before the VRRP is added.
|
Step 4
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates VR ID 200.
|
Step 5
|
switch(config-if-vrrp-ipv6)#
address 2001:0db8:800:200c::417a
|
Assigns single primary link-local IPv6 address or one of the multiple secondary IPv6 addresses.
Note If this IPv6 address is the same as the physical IPv6 address, this switch is automatically the owner of this IPv6 address.
|
switch(config-if-vrrp-ipv6)#
no address 2001:0db8:800:200c::417a
|
Removes the IPv6 address for the selected VR.
|
Setting the Priority for the Virtual Router
The valid range to assign a virtual router priority is 1 to 254 with 1 being the lowest priority and 254 being the highest priority. The default value is 100 for switches with secondary IP addresses and 255 for switches with the primary IP address.
To set the priority for a virtual router using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
priority 2
|
Configures the priority for the selected VRRP.
Note Priority 255 cannot be preempted.
|
switch(config-if-vrrp)#
no priority
|
Reverts to the default value (100 for switch with the secondary IPv4 addresses and 255 for switches with the primary IPv4 address).
|
To set the priority for a virtual router using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
priority 2
|
Configures the priority for the selected VRRP.
Note Priority 255 cannot be preempted.
|
switch(config-if-vrrp-ipv6)#
no priority
|
Reverts to the default value (100 for switch with the secondary IPv6 addresses and 255 for switches with the primary IPv6 address).
|
Setting the Time Interval for Advertisement Packets
The valid time range for an advertisement packet on an interface using IPv4 is between 1 and 255 seconds. The default value is 1 (one) second. If the switch has the primary IP address, this time must be specified.
To set the time interval for advertisement packets for a virtual router using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 50
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
advertisement-interval 15
|
Sets the interval time in seconds between sending advertisement frames. The range is 1 to 255.
|
switch(config-if-vrrp)
#
no advertisement-interval
|
Reverts to the default value (1 second).
|
To set the time interval for advertisement packets for a virtual router using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
advertisement-interval 150
|
Sets the interval time in centiseconds between sending advertisement frames. The range is 100 to 4095. The default is 100 centiseconds.
|
switch(config-if-vrrp-ipv6)#
no advertisement-interval
|
Reverts to the default value (100 centiseconds).
|
Configuring or Enabling Priority Preemption
You can enable a higher-priority backup virtual router to preempt the lower-priority master virtual router.
Note If the virtual IP address is also the IP address for the interface, then preemption is implicitly applied.
Note The VRRP preemption is not supported on IP storage Gigabit Ethernet interfaces.
To enable or disable preempting when using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
preempt
|
Enables the higher priority backup virtual router to preempt the lower priority master virtual router.
Note This preemption does not apply to the primary IP address.
|
switch(config-if-vrrp)#
no preempt
|
Disables (default) the preempt option and allows the master to keep its priority level.
|
To enable or disable preempting when using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
preempt
|
Enables the higher priority backup virtual router to preempt the lower priority master virtual router.
Note This preemption does not apply to the primary IP address.
|
switch(config-if-vrrp-ipv6)#
no preempt
|
Disables (default) the preempt option and allows the master to keep its priority level.
|
Setting Virtual Router Authentication
VRRP security provides three options, including simple text authentication, MD5 authentication, and no authentication.
-
Simple text authentication uses a unique, 1 to 8 character password that is used by all switches participating in the same virtual router. This password should be different from other security passwords.
-
MD5 authentication uses a unique, 16 character key that is shared by all switches participating in the same virtual router. This secret key is shared by all switches in the same virtual router.
-
No authentication is the default option.
You can configure the key using the authentication option in the VRRP submode and distribute it using the configuration file. The security parameter index (SPI) settings assigned in this option should be unique for each VSAN.
Note All VRRP configurations must be duplicated.
Note VRRP router authentication does not apply to IPv6.
To set an authentication option for a virtual router, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
1
switch(config-if)#
|
Configures a VSAN interface (VSAN 1).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
authentication text password
|
Assigns the simple text authentication option and specifies the password for this option.
|
switch(config-if-vrrp)#
authentication md5 password2003 spi 0x2003
|
Assigns the MD5 authentication option and specifies the key and the unique SPI value for this option. The SPI and the valid range is 0x100 to 0xFFFFFFFF.
|
switch(config-if-vrrp)
#
no authentication
|
Assigns the no authentication option, which is the default.
|
Tracking the Interface Priority
Interface state tracking changes the priority of the virtual router based on the state of another interface in the switch. When the tracked interface is down, the priority reverts to the priority value for the virtual router (see the “Setting the Priority for the Virtual Router” section). When the tracked interface is up, the priority of the virtual router is restored to the interface state tracking value. You can track the state of either a specified VSAN interface or the management interface (mgmt 0). The interface state tracking feature is disabled by default.
Note For interface state tracking to function, you must enable preemption on the interface.
To track the interface priority for a virtual router using IPv4, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
10
switch(config-if)#
|
Configures a VSAN interface (VSAN 10).
|
Step 3
|
switch(config-if)#
vrrp 250
switch(config-if-vrrp)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp)#
preempt
|
Enables priority preemption.
|
Step 5
|
switch(config-if-vrrp)#
track interface mgmt 0 priority 2
|
Specifies the priority of the virtual router to be modified based on the state of the management interface.
|
switch(config-if-vrrp)#
no track
|
Disables the tracking feature.
|
To track the interface priority for a virtual router using IPv6, follow these steps:
|
|
|
Step 1
|
switch#
config t
|
Enters configuration mode.
|
Step 2
|
switch(config)#
interface vsan
12
switch(config-if)#
|
Configures a VSAN interface (VSAN 12).
|
Step 3
|
switch(config-if)#
vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
|
Creates a virtual router.
|
Step 4
|
switch(config-if-vrrp-ipv6)#
preempt
|
Enables priority preemption.
|
Step 5
|
switch(config-if-vrrp-ipv6)#
track interface mgmt 0 priority 2
|
Specifies the priority of the virtual router to be modified based on the state of the management interface.
Note You must enable IPv6 on the tracked interface for the priority tracking to take affect (see the “Configuring Basic Connectivity for IPv6” section). If IPv6 is not enabled, the interface state is treated as down by VRRP over IPv6, regardless of the actual state of the interface.
|
switch(config-if-vrrp-ipv6)#
no track
|
Disables the tracking feature.
|
Configuring DNS Server
To configure a DNS server, follow these steps:
|
|
|
Step 1
|
switch#
config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
switch(config)#
ip domain-lookup
|
Enables the IP Domain Naming System (DNS)-based host name-to-address translation.
|
switch(config)#
no
ip domain-lookup
|
Disables (default) the IP DNS-based host name-to-address translation and reverts to the factory default.
|
Step 3
|
switch(config)#
ip domain-name cisco.com
|
Enables the default domain name feature used to complete unqualified host names. Any IP host name that does not contain a domain name (that is, any name without a dot) will have the dot and cisco.com appended to it before being added to the host table.
|
switch(config)#
no
ip domain-name cisco.com
|
Disables (default) the domain name.
|
Step 4
|
switch(config)#
ip domain-list harvard.edu
switch(config)#
ip domain-list stanford.edu
switch(config)#
ip domain-list yale.edu
|
Defines a filter of default domain names to complete unqualified host names by using the ip domain-list global configuration command. You can define up to 10 domain names in this filter. To delete a name from a filter, use the no form of this command.
|
switch(config)#
no
ip domain-list
|
Deletes the defined filter and reverts to factory default. No domains are configured by default.
|
Note If you have not configured a domain list, the domain name that you specified with the ip domain-name global configuration command is used. If you configured a domain list, the default domain name is not used. The ip domain-list command is similar to the ip domain-name command, except that with the ip domain-list command you can define a list of domains, each to be tried in turn.
|
Step 5
|
switch(config)#
ip name-server 15.1.0.1 2001:0db8:800:200c::417a
|
Specifies the first address (15.1.0.1) as the primary server and the second address (2001:0db8:800:200c::417a) as the secondary server. You can configure a maximum of six servers.
|
switch(config)#
no
ip name-server
|
Deletes the configured server(s) and reverts to factory default. No server is configured by default.
|
Note
|
Alternatively, you can configure the DNS entry using the switch names (instead of IP addresses). The configured switch name automatically looks up the corresponding IP address.
|
Verifying IP Services Configuration
To display IP services configuration information, perform one of the following tasks:
|
|
show ip routing
|
Displays the IP routing status.
|
show arp
|
Displays the ARP table.
|
switch(config)# no arp 172.2.0.1
|
Removes an ARP entry from the ARP table.
|
clear arp-cache
|
Delete all entries from the ARP table. The ARP table is empty by default.
|
show vrrp vr 7 interface vsan 2 configuration
|
Displays IPv4 VRRP configured information
|
show vrrp vr 7 interface vsan 2 status
|
Displays IPv4 VRRP status information.
|
show vrrp vr 7 interface vsan 2 statistics
|
Displays IPv4 VRRP statistics.
|
show vrrp ipv6 vr 1
|
Displays IPv6 VRRP information.
|
show vrrp ipv6 vr 1 interface gigabitethernet 1/5 configuration
|
Displays IPv6 VRRP interface configuration information.
|
show vrrp ipv6 vr 1 interface gigabitethernet 1/5 status
|
Displays IPv6 VRRP interface status information.
|
show vrrp ipv6 vr 1 interface gigabitethernet 1/5 statistics
|
Displays IPv6 VRRP statistics.
|
show vrrp statistics
|
Displays VRRP cumulative statistics.
|
switch# clear vrrp Statistics
|
Clears VRRP statistics.
|
clear vrrp vr 1 interface vsan 1
|
Clears VRRP statistics on a specified interface.
|
clear vrrp ipv4 vr 7 interface vsan 2
|
Clears VRRP IPv4 statistics on a specified interface.
|
clear vrrp ipv6 vr 7 interface vsan 2
|
Clears VRRP IPv6 statistics on a specified interface.
|
show hosts
|
Displays configured host details.
|
This section includes the following topics:
Verifying the Default Gateway Configuration
Use the
show ip route
command to verify the default gateway configuration.
Codes: C - connected, S - static Gateway of last resort is 1.12.11.1 S 5.5.5.0/24 via 1.1.1.1, GigabitEthernet1/1 C 1.12.11.0/24 is directly connected, mgmt0 C 1.1.1.0/24 is directly connected, GigabitEthernet1/1 C 3.3.3.0/24 is directly connected, GigabitEthernet1/6 C 3.3.3.0/24 is directly connected, GigabitEthernet1/5 S 3.3.3.0/24 via 1.1.1.1, GigabitEthernet1/1
Verifying the VSAN Interface Configuration
Use the
show interface vsan
command to verify the configuration of the VSAN interface.
Note You can see the output for this command only if you have previously configured a VSAN interface.
switch# show interface vsan 1 vsan1 is down (Administratively down) WWPN is 10:00:00:0c:85:90:3e:85, FCID not assigned Internet address is 10.0.0.12/24 MTU 1500 bytes, BW 1000000 Kbit 0 packets input, 0 bytes, 0 errors, 0 multicast 0 packets output, 0 bytes, 0 errors, 0 dropped
Verifying the IPv4 Routing Configuration
Use the
show ip routing
command to verify the IPv4 routing configuration.
switch(config)# show ip routing
Verifying IPv4 Static Route Information
Use the
show ip route
command to verifying the IPv4 static route configuration.
switch# show ip route configured Destination Gateway Mask Metric Interface default 172.22.95.1 0.0.0.0 0 mgmt0 10.1.1.0 0.0.0.0 255.255.255.0 0 vsan1 172.22.95.0 0.0.0.0 255.255.255.0 0 mgmt0
Use the
show ip route
command to verifying the active and connected IPv4 static route.
Codes: C - connected, S - static Default gateway is 172.22.95.1 C 172.22.95.0/24 is directly connected, mgmt0 C 10.1.1.0/24 is directly connected, vsan1
Example 41-1 Displays the IP Routing Status
Displaying and Clearing ARPs
Address Resolution Protocol (ARP) entries in Cisco MDS 9000 Family switches can be displayed, deleted, or cleared. The ARP feature is enabled on all switches.
-
Use the
show arp
command to display the ARP table.
Protocol Address Age (min) Hardware Addr Type Interface Internet 171.1.1.1 0 0006.5bec.699c ARPA mgmt0 Internet 172.2.0.1 4 0000.0c07.ac01 ARPA mgmt0
-
Use the
no
arp
command in configuration mode to remove an ARP entry from the ARP table.
switch(config)# no arp 172.2.0.1
-
Use the
clear arp
command to delete all entries from the ARP table. The ARP table is empty by default.
Displaying IPv4 VRRP Information
Use the
show vrrp vr
command to display configured IPv4 VRRP information (see Examples
41-2
to
41-4
).
Example 41-2 Displays IPv4 VRRP Configured Information
switch# show vrrp vr 7 interface vsan 2 configuration tracking interface vsan1 priority 2
Example 41-3 Displays IPv4 VRRP Status Information
switch# show vrrp vr 7 interface vsan 2 status MAC address 00:00:5e:00:01:07
Example 41-4 Displays IPv4 VRRP Statistics
switch# show vrrp vr 7 interface vsan 2 statistics Advertisement Interval Error 0 Invalid Authentication Type 0 Mismatch Authentication 0
Displaying IPv6 VRRP Information
Use the
show vrrp ipv6 vr
command to display configured IPv6 VRRP information (see Example 41-5 through Example 41-9).
Example 41-5 Displays IPv6 VRRP Information
switch# show vrrp ipv6 vr 1 Interface VR IpVersion Pri Time Pre State VR IP addr --------------------------------------------------------------------------- GigE1/5 1 IPv6 100 100cs master 2004::1 GigE1/6 1 IPv6 100 100cs backup 2004::1
Example 41-6 Displays IPv6 VRRP Interface Configuration Information
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 configuration IPv6 vr id 1 configuration advertisement-interval 100
Example 41-7 Displays IPv6 VRRP Interface Status Information
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 status MAC address 00:00:5e:00:02:01 Operational state: master Master IP address: fe80::20c:30ff:feda:96dc
Example 41-8 Displays IPv6 VRRP Statistics
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 statistics Advertisement Interval Error 0
Displaying VRRP Statistics
Use the
show vrrp statistics
command to display configured IPv6 VRRP information (see Example
41-9
).
Example 41-9 Displays VRRP Cumulative Statistics
switch# show vrrp statistics
Clearing VRRP Statistics
Use the
clear vrrp statistics
command to clear all the VRRP statistics for all interfaces on the switch (see Example 41-10).
Example 41-10 Clears VRRP Statistics
switch# clear vrrp Statistics
Use the
clear vrrp vr
command to clear both the IPv4 and IPv6 VRRP statistics for a specified interface (see Example 41-10).
Example 41-11 Clears VRRP Statistics on a Specified Interface
switch# clear vrrp vr 1 interface vsan 1
Use the
clear vrrp ipv4
command to clear all the statistics for the specified IPv4 virtual router (see Example 41-12).
Example 41-12 Clears VRRP IPv4 Statistics on a Specified Interface
switch# clear vrrp ipv4 vr 7 interface vsan 2
Use the
clear vrrp ipv6
command to clear all the statistics for the specified IPv6 virtual router (see Example 41-13).
Example 41-13 Clears VRRP IPv6 Statistics on a Specified Interface
switch# clear vrrp ipv6 vr 7 interface vsan 2
Displaying DNS Host Information
Use the
show hosts
command to display the DNS configuration (see Example 41-14).
Example 41-14 Displays Configured Host Details
Default domain is cisco.com
Domain list: ucsc.edu harvard.edu yale.edu stanford.edu
Name/address lookup uses domain service
Name servers are 15.1.0.1 15.2.0.0
Configuration Examples for IP Services
This section describe an example configuration for IPFC. Figure 41-7 shows an example network.
The example network has the following links:
-
Switch_1 is connected to the main network by the mgmt 0 interface and to the fabric by an ISL.
-
Switch_2 and Switch_3 are connected to the fabric by an ISL but are not connected to the main network.
Figure 41-7 IPFC Example Network
The following steps show how to configure Switch_1 in the example network in Figure 41-7:
Step 1 Create the VSAN interface and enter interface configuration submode.
switch_1(config)# interface vsan 1
Step 2 Configure the IP address and subnet mask.
switch_1(config-if)# ip address 10.1.1.1 255.0.0.0
Step 3 Enable the VSAN interface and exit interface configuration submode.
switch_1(config-if)# no shutdown switch_1(config-if)# exit
Step 4 Enable IPv4 routing.
switch_1(config)# ip routing
Step 5 Display the routes.
Codes: C - connected, S - static C 172.16.1.0/23 is directly connect, mgmt0 C 10.0.0.0./8 is directly connected, vsan1
The following steps show how to configure Switch_2 in the example network in Figure 41-7:
Step 1 Enable the mgmt 0 interface.
Note Configure this switch using the console connection.
switch_2(config)# interface mgmt 0 switch_2(config-if)# no shutdown switch_2(config-if)# exit
Step 2 Create the VSAN interface and enter interface configuration submode.
switch_2(config)# interface vsan 1
Step 3 Configure the IP address and subnet mask.
switch_2(config-if)# ip address 10.1.1.2 255.0.0.0
Step 4 Enable the VSAN interface and exit interface configuration submode.
switch_2(config-if)# no shutdown switch_2(config-if)# exit
Step 5 Enable IPv4 routing.
switch_2(config)# ip routing
Step 6 Display the routes.
Codes: C - connected, S - static C 10.0.0.0./8 is directly connected, vsan1
Step 7 Verify the connectivity to Switch_1.
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.618 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.528 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.567 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 4998 ms rtt min/avg/max/mdev = 0.528/0.570/0.618/0.057 ms
The following steps show how to configure Switch_3 in the example network in Figure 41-7:
Step 1 Enable the mgmt 0 interface.
Note Configure this switch using the console connection.
switch_3(config)# interface mgmt 0 switch_3(config-if)# no shutdown switch_3(config-if)# exit switch_3(config)# interface vsan 1
Step 2 Configure the IP address and subnet mask.
switch_3(config-if)# ip address 10.1.1.3 255.0.0.0
Step 3 Enable the VSAN interface and exit interface configuration submode.
switch_3(config-if)# no shutdown switch_3(config-if)# exit
Step 4 Enable IPv4 routing.
switch_3(config)# ip routing
Step 5 Display the routes.
Codes: C - connected, S - static C 10.0.0.0./8 is directly connected, vsan1
Step 6 Verify the connectivity to Switch_1.
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=1.19 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.510 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.653 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008 ms rtt min/avg/max/mdev = 0.510/0.787/1.199/0.297 ms
Field Descriptions for IP Services
This section describes the field descriptions.
IP Routes
|
|
Routing Enabled
|
When this check box is enabled, the switch is acting as in IP router.
|
Destination, Mask, Gateway
|
The value that identifies the local interface through which the next hop of this route should be reached.
|
Metric
|
The primary routing metric for this route.
|
Interface
|
The local interface through which the next hop of this route should be reached.
|
Active
|
Indicates whether the route is active.
|
IP Statistics ICMP
|
|
InParmProbs
|
The number of ICMP Parameter Problem messages received.
|
OutParmProbs
|
The number of ICMP Parameter Problem messages sent.
|
InSrcQuenchs
|
The number of ICMP Source Quench messages received.
|
InRedirects
|
The number of ICMP Redirect messages received.
|
InEchos
|
The number of ICMP Echo (request) messages received.
|
InEchoReps
|
The number of ICMP Echo Reply messages received.
|
InTimestamps
|
The number of ICMP Timestamp (request) messages received.
|
InTimestampReps
|
The number of ICMP Timestamp Reply messages received.
|
InAddrMasks
|
The number of ICMP Address Mask Request messages received.
|
InAddrMaskReps
|
The number of ICMP Address Mask Reply messages received.
|
InDestUnreachs
|
The number of ICMP Destination Unreachable messages received.
|
InTimeExcds
|
The number of ICMP Time Exceeded messages received.
|
OutSrcQuenchs
|
The number of ICMP Source Quench messages sent.
|
OutRedirects
|
The number of ICMP Redirect messages sent. For a host, this value will always be N/A, since hosts do not send redirects.
|
OutEchos
|
The number of ICMP Echo (request) messages sent.
|
OutEchoReps
|
The number of ICMP Echo Reply messages sent.
|
OutTimestamps
|
The number of ICMP Timestamp (request) messages sent.
|
OutTimestampReps
|
The number of ICMP Timestamp Reply messages sent.
|
OutAddrMasks
|
The number of ICMP Address Mask Request messages sent.
|
OutAddrMaskReps
|
The number of ICMP Address Mask Reply messages sent.
|
OutDestUnreachs
|
The number of ICMP Destination Unreachable messages sent.
|
OutTimeExcds
|
The number of ICMP Time Exceeded messages sent.
|
IP Statistics IP
|
|
InHdrErrors
|
The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
|
InAddrErrors
|
The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity. For entities that are not IP routers, and do not forward datagrams, this counter includes datagrams discarded because the destination address was not a local address.
|
InUnknownProtos
|
The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.
|
InDiscards
|
The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly.
|
OutDiscards
|
The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (for example, for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such frames met this (discretionary) discard criterion.
|
OutNoRoutes
|
The number of IP datagrams discarded because no route could be found to transmit them to their destination. Note that this counter includes any frames counted in ipForwDatagrams which meet this no-route criterion. Note that this includes any datagrams which a host cannot route because all of its default routers are down.
|
FragFails
|
The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be, for example, because their Don't Fragment flag was set.
|
ReasmFails
|
The number of failures detected by the IP reassembly algorithm (for example, timed out, errors, etc). Note that this is not necessarily a count of discarded IP fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received.
|
InReceives
|
The total number of input datagrams received from interfaces, including those received in error.
|
InDelivers
|
The total number of input datagrams successfully delivered to IP user protocols (including ICMP).
|
OutRequests
|
The total number of IP datagrams which local IP user protocols (including ICMP) supplied to IP in requests for transmission. Note that this counter does not include any datagrams counted in ipForwDatagrams.
|
ForwDatagrams
|
The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP routers, this counter will include only those frames which were source-routed via this entity, and the Source-Route option processing was successful.
|
FragOKs
|
The number of IP datagrams that have been successfully fragmented at this entity.
|
FragCreates
|
The number of IP datagram fragments that have been generated as a result of fragmentation at this entity.
|
ReasmReqds
|
The number of IP fragments received which needed to be reassembled at this entity.
|
ReasmOKs
|
The number of IP datagrams successfully reassembled.
|
IP Statistics SNMP
|
|
BadVersions
|
The total number of SNMP messages which were delivered to the SNMP entity and were for an unsupported SNMP version.
|
BadCommunityNames
|
The total number of SNMP messages delivered to the SNMP entity which used a SNMP community name not known to said entity.
|
BadCommunityUses
|
The total number of SNMP messages delivered to the SNMP entity which represented an SNMP operation which was not allowed by the SNMP community named in the message.
|
ASNParseErrs
|
The total number of ASN.1 or BER errors encountered by the SNMP entity when decoding received SNMP messages.
|
TooBigs
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is tooBig.
|
SilentDrops
|
The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the size of a reply containing an alternate Response-PDU with an empty variable-bindings field was greater than either a local constraint or the maximum message size associated with the originator of the request.
|
ProxyDrops
|
The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the transmission of the (possibly translated) message to a proxy target failed in a manner (other than a timeout) such that no Response-PDU could be returned.
|
NoSuchNames
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is noSuchName.
|
BadValues
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is badValue.
|
ReadOnlys
|
The total number valid SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is readOnly. It should be noted that it is a protocol error to generate an SNMP PDU which contains the value readOnly in the error-status field, as such this is provided as a means of detecting incorrect implementations of the SNMP.
|
GenErrs
|
The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error-status field is genErr.
|
Pkts
|
The total number of messages delivered to the SNMP entity from the transport service.
|
GetRequests
|
The total number of SNMP Get-Request PDUs which have been accepted and processed by the SNMP protocol entity.
|
GetNexts
|
The total number of SNMP Get-Next PDUs which have been accepted and processed by the SNMP protocol entity.
|
SetRequests
|
The total number of SNMP Set-Request PDUs which have been accepted and processed by the SNMP protocol entity.
|
OutTraps
|
The total number of SNMP Trap PDUs which have been generated by the SNMP protocol entity.
|
OutGetResponses
|
The total number of SNMP Get-Response PDUs which have been generated by the SNMP protocol entity.
|
OutPkts
|
The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service.
|
TotalReqVars
|
The total number of MIB objects which have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs.
|
TotalSetVars
|
The total number of MIB objects which have been altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
|
IP Statistics UDP
|
|
InErrors
|
The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port.
|
InDatagrams
|
The total number of UDP datagrams delivered to UDP users.
|
OutDatagrams
|
The total number of UDP datagrams sent from this entity.
|
NoPorts
|
The total number of received UDP datagrams for which there was no application at the destination port.
|
mgmt0 Statistics
|
|
InErrors
|
Total number of received errors on the interface.
|
OutErrors
|
Total number of transmitted errors on the interface.
|
InDiscards
|
Total number of received discards on the interface.
|
OutDiscards
|
Total number of transmitted discards on the interface.
|
RxBytes
|
Total number of bytes received.
|
TxBytes
|
Total number of bytes transmitted.
|
RxFrames
|
Total number of frames received.
|
TxFrames
|
Total number of frames transmitted.
|
TCP UDP TCP
|
|
State
|
The state of this TCP connection.
|
TCP UDP UDP
|
|
Port
|
The local port number for this UDP listener.
|
VRRP General
|
|
IP Address Type, VrId, Interface
|
The IP address type (IPv4, IPv6, or DNS), the virtual router ID, and the interface.
|
Admin
|
The admin state of the virtual router (active or notInService).
|
Oper
|
The current state of the virtual router. There are three defined values:
-
initialize— Indicates that all the virtual router is waiting for a startup event.
-
backup— Indicates the virtual router is monitoring the availability of the master router.
-
master— Indicates that the virtual router is forwarding frames for IP addresses that are associated with this router.
|
Priority
|
Specifies the priority to be used for the virtual router master election process. Higher values imply higher priority. A priority of 0 is sent by the master router to indicate that this router has ceased to participate in VRRP and a backup virtual router should transition to become a new master. A priority of 255 is used for the router that owns the associated IP address(es).
|
AdvInterval
|
The time interval, in seconds, between sending advertisement messages. Only the master router sends VRRP advertisements.
|
PreemptMode
|
Controls whether a higher priority virtual router will preempt a lower priority master.
|
UpTime
|
When this virtual router transitioned out of initialized.
|
Version
|
The VRRP version on which this VRRP instance is running.
|
AcceptMode
|
Controls whether a virtual router in Master state will accept packets addressed to the address owner's IPv6 address as its own if it is not the IPv6 address owner. If true, the virtual router in Master state will accept. If false, the virtual router in Master state will not accept.
|
VRRP IP Addresses
|
|
Interface, VRRP ID, IP Address
|
Interface, Virtual Router Redundancy Protocol ID, and associated IP address.
|
VRRP Statistics
|
|
IP Address Type, VrId, Interface
|
The IP address type (IPv4, IPv6, or DNS), the virtual router ID, and the interface.
|
LastAdvRx
|
The total number of VRRP advertisements received by this virtual router.
|
Protocol Traffic MasterIpAddr
|
The master router's real (primary) IP address. This is the IP address listed as the source in VRRP advertisement last received by this virtual router.
|
Protocol Traffic BecomeMaster
|
The total number of times that this virtual router's state has transitioned to MASTER.
|
Priority 0 Rx
|
The total number of VRRP frames received by the virtual router with a priority of 0.
|
Priority 0Tx
|
The total number of VRRP frames sent by the virtual router with a priority of 0.
|
AuthErrors InvalidType
|
The total number of frames received with an unknown authentication type.
|
Other Errors dvIntervalErrors
|
The total number of VRRP advertisement frames received for which the advertisement interval is different than the one configured for the local virtual router.
|
Other Errors IpTtlErrors
|
The total number of VRRP frames received by the virtual router with IP TTL (time-to-live) not equal to 255.
|
Other Errors InvalidTypePktsRcvd
|
The number of VRRP frames received by the virtual router with an invalid value in the type field.
|
Other Errors AddressListErrors
|
The total number of frames received for which the address list does not match the locally configured list for the virtual router.
|
OtherErrors PacketLengthErrs
|
The total number of frames received with a frame length less than the length of the VRRP header.
|
RefreshRate
|
The interval of time between refreshes.
|
CDP General
|
|
Enable
|
Whether the Cisco Discovery Protocol is currently running. Entries in CacheTable are deleted when CDP is disabled.
|
MessageInterval
|
The interval at which CDP messages are to be generated. The default value is 60 seconds.
|
HoldTime
|
The time for the receiving device holds CDP message. The default value is 180 seconds.
|
LastChange
|
When the cache table was last changed.
|
CDP Neighbors
|
|
Switch
|
The Internet address for this entity.
|
Local Interface
|
A unique value that identifies the interface on this FCIP device to which this link pertains.
|
DeviceName
|
The remote device's name. By convention, it is the device's fully qualified domain name.
|
DeviceID
|
The device ID string as reported in the most recent CDP message.
|
DevicePlatform
|
The version string as reported in the most recent CDP message.
|
Interface
|
The port ID string as reported in the most recent CDP message.
|
IPAddress
|
The (first) network-layer address of the device's SNMP-agent as reported in the address TLV of the most recently received CDP message.
|
NativeVLAN
|
The remote device's interface's native VLAN, as reported in the most recent CDP message. The value 0 indicates no native VLAN field (TLV) was reported in the most recent CDP message.
|
PrimaryMgmtAddr
|
Indicates the (first) network layer address at which the device will accept SNMP messages as reported in the most recently received CDP message.
|
SecondaryMgmtAddr
|
Indicates the alternate network layer address at which the device will accept SNMP messages as reported in the most recently received CDP message.
|
iSNS Profiles
|
|
Addr
|
The address of the iSNS server.
|
Port
|
The TCP port of the iSNS server.
|
iSNS Servers
|
|
Name
|
The name of the iSNS server.
|
TcpPort
|
The TCP port used for iSNS messages. If TCP is not supported by this server, the value is 0.
|
Uptime
|
The time the server has been active.
|
ESI Non Response Threshold
|
The number of ESI messages that will be sent without receiving a response before an entity is unregistered from the iSNS database.
|
# Entities
|
The number of entities registered in iSNS on the server.
|
# Portals
|
The number of portals registered in iSNS on the server.
|
# Portal Groups
|
The number of portal groups registered in iSNS on the server.
|
# iSCSI Devices
|
The number of iSCSI Nodes registered in iSNS on the server.
|
iSNS Entities
|
|
Entity ID
|
The iSNS entity identifier for the entity.
|
Last Accessed
|
The time the entity was last accessed.
|
iSNS Cloud Discovery
|
|
AutoDiscovery
|
Whether automatic cloud discovery is turned on or off.
|
DiscoveryDelay
|
Time duration between successive IP cloud discovery runs.
|
Discovery
|
The IP network discovery command to be executed.
-
all- Run IP network discovery for all the gigabit Ethernet interfaces in the fabric.
-
noOp (default)- No operation is performed.
|
CommandStatus
|
The status of the license install / uninstall / update operation.
-
success— Discovery operation completed successfully.
-
nProgress— Discovery operation is in progress.
-
none— No discovery operation is performed.
-
NoIpNetworkNameSpecified— IP Cloud name not specified.
-
invalidNetworkName— IP Cloud is not configured.
-
NoIPSPortNameSpecified— Gigabit Ethernet port if index not specified.
-
invalidIPSPortName— Invalid Gigabit Ethernet port interface.
-
generalISNSFailure— General ISNS server failure.
|
iSNS Clouds
|
|
Id
|
The ID of the IP cloud.
|
Switch WWN
|
The WWN of the switch in this table.
|
iSNS Cloud Interfaces
|
|
Name, Switch WWN, Interface, Address
|
The name, switch WWN, interface, and address of the cloud.
|
Monitor Dialog Controls
|
|
Line Chart
|
Opens a new window with a line chart representation of the data.
|
Area Chart
|
Opens a new window with an area chart representation of the data.
|
Bar Chart
|
Opens a new window with a bar chart representation of the data.
|
Pie Chart
|
Opens a new window with a pie chart representation of the data.
|
Reset Cumulative Counters
|
Resets the counters to 0 if the Column Data display mode is set to Cumulative.
|
Export to File
|
Opens a standard Save dialog box. The data is saved as a .TXT file.
|
Print
|
Opens a standard Print dialog box.
|
Update Frequency
|
The interval at which the data is updated in the monitor dialog.
|
Column Data
|
Specifies the type of data that is displayed in the monitor dialog.
-
Absolute Value— Displays the total amount since the switch was booted. This is the default for error monitoring.
-
Cumulative—Displays the total amount since the dialog was opened. You can reset the counters by clicking the Reset Cumulative Counters button, to gather a new set of cumulative data.
-
Minimum/sec— Displays the minimum value per second at every refresh interval.
-
Maximum/sec— Displays the maximum value per second at every refresh interval.
-
Last Value/sec— Displays the most recent value per second at every refresh interval. This is the default setting for traffic monitoring.
|
Elapsed
|
The amount of time that has elapsed since the dialog was opened. You can reset this counter by clicking the Reset Cumulative Counters button, to gather a new set of cumulative data.
|
iSNS Details iSCSI Nodes
|
|
Name
|
The iSCSI name of the initiator or target associated with the storage node.
|
Type
|
The Node Type bit-map defining the functions of this iSCSI node, where 31 is a Target, 30 is an Initiator, 29 is a Control, and all others are reserved.
|
Alias
|
The Alias name of the iSCSI node.
|
ScnBitmap
|
The State Change Notification (SCN) bitmap for a node.
|
WWN Token
|
An optional globally unique 64-bit integer value that can be used to represent the world wide node name of the iSCSI device in a Fibre Channel fabric.
|
AuthMethod
|
The iSCSI authentication method enabled for this iSCSI node.
|
iSNS Details Portals
|
|
Addr
|
The Internet address for this portal.
|
TcpPort
|
The port number for this portal.
|
SymName
|
The optional Symbolic Name for this portal.
|
EsiInterval
|
The Entity Status Inquiry (ESI) Interval for this portal.
|
TCP ESI
|
The TCP port number used for ESI monitoring.
|
TCP Scn
|
The TCP port used to receive SCN messages from the iSNS server.
|
SecurityInfo
|
Security attribute settings for the portal as registered in the Portal Security Bitmap attribute.
|
Additional References
For additional information related to implementing IP storage, see the following section:
Related Document
|
|
Cisco MDS 9000 Family Command Reference
|
Cisco MDS 9000 Family Command Reference, Release 5.0(1a)
|
Standards
|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
–
|
RFCs
|
|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified.
|
–
|
MIBs
|
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified.
|
To locate and download MIBs, go to the following URL:
http://www.cisco.com/dc-os/mibs
|