Cisco MDS 9513/9509 LDAP/AD Auth via SSH & Fabric Manager

Similar Messages

• Discovery of MDS IBM FC Bladecenter by Cisco MDS 9513

  Hi all,
  Supose I have "9513", connected to it several "Bladecenters" and several "9513" switches.
  My wish is to discover the attached switches with CLI commands.
  The additional 9513 I can recognize with "show topology" that gives me the attached (trunk, port-channel) switches IP.
  How can discover the blades? I would like to somehow to get their IPs.
  Best regards,
  Igor.   

  Another question:
  The output of "show fcs database" at MDS 9513 I get:
       FCS Local Database in VSAN: 1
       Switch WWN               : XX:XX:XX:XX:XX:XX:XX:XX
       Switch Domain Id         : 0x05(5)
       Switch Mgmt-Addresses    : snmp://10.235.159.60/eth-ip
                                  http://10.235.159.60/eth-ip
       Fabric-Name              : YY:YY:YY:YY:YY:YY:YY:YY
  How can I get the "Fabric-Name" from BLADE switches?
  Regards,
  Igor.

• Best Design practices of SAN with the MDS 9513,MDS 9509 and Brocade 8510

  Hi
        Am searching best design to implement CISCO MDS 9513,9509, Brocade 8510,Storage and UCS all clubbed in the topology. And please suggest me any tool to compare MDS and Brocade 8510 performance.

  Boomi,
  Both MDS and Brocade will serve basic features of Storage networking. Both can be mix and match to achieve redundancy, which you already have. However, if you are looking for any tool or perfmon then there isn't much to compare. You can use IOmeter or Akkori. I see that you have enterprise level hardware in your setup. Not sure what other line cards you have installed and what application are running through, and if you have remote sites (SAN islands) then the real difference of features and best practices can be discussed. For example, IVR, FCIP, ISCSI, FCoE, etc.
  Thanks,
  Nisar
  Sent from Cisco Technical Support iPad App

• Migrating from Brocade 2800/ 3900 to Cisco MDS 9509

  What is the best procedure from migrating from Brocade 2800/3900/12000 to Cisco MDS 9509 especially connected to HP-UX and AIX server.
  Without any Downtime I should be able to migrate these servers.
  I thought about these options:
  1. Use vgexport and vgimport or exportvg and importvg (AIX) after connecting to Cisco MDS. But this requires complete downtime on the application.
  2. Take one path down or HBA down and switch the cable and vgextend the devices.
  Please let me know if somebody has procedure.
  I was successful in HP-UX server using the second options but I cant see all the LUNs. That might be array specific problem also.
  If anybody has detailed procedure on migrating this scenario. please let me know.
  We are using Persistent FCIDs on our MDS switches.
  Thanks in Advance

  After connecting 1 cable from server HBA to Cisco S/w, why you are not able to see all LUNs, did you cross-check that...I mean HBA Configuration (max 256 LUNs) or Disk Array library driver to be installed on host side.if that can be sorted out, you can mirror the volumes across the disk arrays.are you using HDS Arrays? I don't know but what is vgextend command you are mentioning...
  also did you take a reboot of server or is it online addition on new LUNs...
  Also any how if you are not able to see all LUNs that is going to be an issue later as well for migration...pls cross-check that...

• Cisco MDS 9509 and HP Blade server problem

  I have a big problem , when i connected to MDS 9509 to HP VC-FC 8GB the module in MDS 9509 did not detect the HP module . I think this will be because MDS 9509 uses VSAN technology , but HP blade is not support this feature. Please help me

  I am fairly certain that the HP blade chassis has HP branded Brocade FC switches. These switches need to be placed into AG mode and rebooted. On the Cisco MDS core the NPIV feature must be enabled.
  Here is more info on the Brocade AG mode -
  http://www.brocade.com/solutions-technology/technology/platforms/fabric-os/access_gateway.page
  http://www.brocade.com/downloads/documents/data_sheets/product_data_sheets/AccessGateway_DS_02.pdf
  Cisco NPIV info
  http://www.cisco.com/en/US/prod/collateral/ps4159/ps6409/ps5989/ps9898/white_paper_c11-459263.html

• The Cisco MDS 9000 Port Analyzer Adapter

  Hi,
  At my client place, we are having an issue with BackUp via TSM and a library.
  We would like to analyse the traffic that pass in the Fiber Channel of our MDS-9513.
  From what we saw, Wireshark, our soft to analyse network traffic is only using NIC card to analyse.
  Is the only way to analyse the FC traffic to pass via "The Cisco MDS 9000 Port Analyzer Adapter" ?
  If that is the only way, is there a way tor ent this equipment for the time necesery to analyse our trace ?
  Thank you in advance for you help.
  Christian Carrier

  The Cisco Traffic Analyzer provides real-time analysis of SPAN traffic or analysis of captured traffic through a Web browser user interface. Traffic encapsulated by one or more Port Analyzer Adapters can be analyzed concurrently with a single PC and ntop, which is public domain software enhanced by Cisco for Fibre Channel traffic analysis. This Cisco Traffic Analyzer solution enables you to quickly determine the throughput for traffic between specific Fibre Channel sources and destinations, all traffic in a particular Virtual SAN (VSAN), or all network traffic. Round trip response times, SCSI I/Os per second, SCSI read vs. write traffic throughput and frame counts, SCSI session status and management task information are provided. Additional statistics are also available on Fibre Channel frame sizes and network management protocols.
  For further information click this link.
  http://www.cisco.com/en/US/products/hw/ps4159/ps4358/products_data_sheet09186a0080142d34.html#wp1002317

• MDS 9513 in a Telco Rack?

  We recently purchased 2 - MDS 9513 SAN switches.  The only place to install them in our data center is in 2 Telco racks.  I realize this is unsupported and we are on our own in terms of how to physically install this.  We have placed one on a shelf and are looking for a way to secure or fasten the system to the rack somehow.  The mounting ears can't be used because the unit is too deep to be flush mounted.
  Has anyone out there been forced to use a Telco rack?  If so, do you have any ideas on how to fasten to the rack?
  Thanks

  Jose,
  can't you move the ears back?  I just looked at our 9513's and there are what appear to be two more sets of holes on the sides for the ears. This is a picture of one or our 9509's in a telco rack and it came with the big plates that bolt to the telco rack that the switch sits on for this kind of mounting.  I believe the 9513 (and 9509) chasiss are the same as the big Catalyst switches and we have those telco rack mounted all over the place so I bet you could get some of these mounting plates from Cisco (or your reseller.)

• UCS B-Series / FC 6120 / MDS 9513: Setting up FI and B-Series in UCSM

  We are receiving FC SAN connections from an MDS 9513 we do not own, within the same physical building. We have been given a range of WWNN and WWPN to create pools in UCSM.
  I am not a storage manager, nor much of a systems manager, but I know there are more details to set up within UCSM in order to connect a blade to this SAN. I do not know the details within UCSM that have to be specified, order of operations to perform these configurations. Is there a document within Cisco Support or elsewhare to direct me through the process?

  Hi Steven,
  I believe you have already configured the FC uplink ports on the Fabric Interconnect (FI) and done the physical cabling to your MDS? If not, you need to do that first
  ++ Create the VSANs as required in the VSAN Tab in UCSM, under SAN  Cloud. Make sure that these VSAN's are defined in the MDS.
  Refer to
  http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_010110.html
  ++ Now You need to decide which ports on the FI you will use for the FC uplink and configure it as FC uplink ports from the UCSM. Make  sure that the FC uplink ports are in same VSAN as the ports in MDS which  connects to FI.
  Refer to
  http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_0101.html
  Check for the FC Uplink ports to come online. This is important. If this is done then you can go to next steps.
  Next thing is that create the WWNN Pool and WWPN Pool under the SAN tab. Refer to
  http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_011000.html
  Now you are all set. Next thing is when creating the service profile, under storage tab, create vHBA's as required, use the WWPN pool and WWNN pool that you created. Again make sure that you select the right VSAN for the vHBA's.  Provide these WWPN details to storage admin and request for the LUN's that you need to be allocated and rest will be handled from the storage admin.
  If you need more details you can always go to
  http://www.cisco.com/en/US/products/ps10281/products_installation_and_configuration_guides_list.html and select the configuration guide, either CLI or GUI according to the UCS version you are running.
  Hope this helps.

• Enabling NPIV in CISCO MDS 9500 Series

                     Hello!!!
  If i could get the response for my query.
  I need to enable NPIV as we have VM's to be created and allocate SAN storage to them so my CISCO MDS needs to have NPIV enabled. Following queries linked with this:
  1. Can i enabled NPIV on single Fibre Channel Port or it gets enabled on the complete SAN Switch
  2. Does enabling NPIV impact any other SAN operation. Also my 2- sites are connected via ISL, so is it important to enable NPIV across all my sites or i can enable it only at 1 site where my VM hosts are located.
  3. Any reference document for NPIV and related zoning concept.
  Thanks in advance.
  Faizul Mufti
  9958766711

  Hi,
  1. Can i enabled NPIV on single Fibre Channel Port or it gets enabled on the complete SAN Switch
  whole switch
  feature npiv
  2. Does enabling NPIV impact any other SAN operation. Also my 2- sites are connected via ISL, so is it important to enable NPIV across all my sites or i can enable it only at 1 site where my VM hosts are located.
  Will not impact any other SAN operation.  Non-disruptive.
  "feature npiv" is local to the switch, not fabric wide.  Use this command on any switch you want multiple flogi's on a single interface.
  3. Any reference document for NPIV and related zoning concept.
  I suggest zoning by pwwn
  Regards,
  David

• ISCSI-to-FC routing in Cisco MDS 9000 Family

  Hi,
  I'm puzzled about support for iSCSI-to-FC routing in the MDS 9000 family. Earlier hardware such as the 9216i switch and the MPS-14/2 module had a feature to allow an iSCSI Initiator to connect transparently to an FC target. This equipment is now EOL and has been replaced by models such as the 9222i switch and the 18/4 Port Multiservice Module. The datasheets for these replacements strongly imply that they support iSCSI-to-FC routing in a similar way to the earlier products - for example "iSCSI for extension of the SAN to Ethernet attached servers - Extends the benefits of Fibre Channel SAN-based storage to Ethernet attached servers".
  I tried to find some hard technical info to confirm this. Chapter 4, "Configuring iSCSI" in "Cisco MDS 9000 Family NX-OS IP Services Configuration Guide Release 5.0(1a)" says that the feature is only available on the IP Storage Module, the 9216i switch, and the MPS-14/2 module, all of which are now EOL. It doesn't mention the replacement models in connection with this functionality, though they are mentioned elsewhere in the book for other features such as FC over IP. I've searched for documentation of the iSCSI support on the new models and the only document which seems relevant is this chapter - but it says it doesn't apply to these models.
  Do the replacement models support iSCSI-to-FC routing or not? The datasheets use wording nearly identical to the earlier models in this area, so I assume they do. If they do, how is it configured and where is it documented? I sent feedback on this to the documentation feedback address a while ago, but haven't had a reply.
  Many Thanks,
                              jjf

  The "Configuring iSCSI" chapter in both 3.3.3 and 4.1.1 documentation similarly talk about IPS and 14/2 modules but make no mention of 18/4, however I've used iSCSI on the 18/4 with both releases. I can only guess the same is true for 5.0 since I have yet to load 5.0 on any switches.
  In terms of other documentation I don't think there is any, but all the required information is presented in the "Configuring iSCSI" chapters however it's not the easiest thing to understand from the documentation. Following is the overview I sent to a teammate on how to setup iSCSI.
  1. configure Ethernet ports with ip addresses
    1a. add a route to the host, iSCSI client, via the gigabit interface 2. enable iscsi on the switch
    2a. enable iscsi on the module with the gige port
    2b. 'no shut' the iscsi interface corresponding to gige port
        e.g. gige3/4 -> iscsi3/4
    2c. no additional configuration of the interfaces is needed, although at some point turning on authentication would be a good idea
  3. create iscsi initiator
    3a. use the clients ip address as the initiator name, using the node name would be better but I haven't tried it that way so ymmv
        e.g. 'iscsi initiator ip-address xxx.xxx.xxx.xxx'
    3b. use a "system assigned" nwwn and set it static
        e.g. 'static pWWN system-assign'
    3c. allocate one "system assigned" pwwn and set it static
        e.g. 'static pWWN system-assign 1'
    3d. assign vsans, an iscsi initiator can be in more than one vsan
        e.g. 'vsan xxx'
  4. create targets
     spcsw1(config)# iscsi virtual-target name iqn.000190300646.fa02cb
     spcsw1(config-iscsi-tgt)# pwwn 50:06:04:8a:d5:f0:79:a1
     spcsw1(config-iscsi-tgt)# initiator ip address xx.xx.xx.xx permit
  5. zone the iscsi initiator's pwwn to the target pwwns, use 'sh iscsi initiator configured' to see the pwwn
  6. configure the hosts iscsi initiator, usually not much more than specifying the ip address of the gige port on the MDS

• Cisco MDS 9418 switch doubt

  Hi Team,
  We have an issue, whether the cisco MDS 9418 switch supports FCIP feature.
  We are planning to migrate the data from our old data center over WAN to the EMC VNX storage box in other location.
  In our old data center we have 2 FC cisco switches connected to the EMC clariion storage array. Inorder to replicate data from clariion box to EMC VNX box over WAN ,it can be done via FCIP.
  I wanted to know if we can use insert the FCIP converters into these MDS 9418 switch or do we need to have separate FCIP converters.
  Do we need FCIP converters on both sides for doing replication over FCIP.
  For clear understanding please see the attachment.
  Will waiting for your response......
  Regards,
  Pranav.

  Hi,
  Since the 9148 does not have IP interfaces, something will be needed to tunnel the FC into IP (FCIP) such as an MDS 9222i, which has both FC interfaces and GigE interfaces and supports FCIP.
  Regards,
  David

• AAA and Cisco MDS switches.........

  have configured Cisco ACS 4.0 (TACACS) with Windows AD for all Cisco MDS switches and it is working fine. But local "admin" access to the Cisco MDS switches via telnet is not working. At the same time , if I create a user with "network-admin" role locally, that works but not the default admin user.
  Could anyone help me in this regard.

  local. Below is the script I used to configure TACACS (Cisco ACS 4.0) on Cisco MDS switches.
  config t
  # Enable TACACS+
  tacacs+ enable
  tacacs-server host nnn.nnn.nnn.nnn key 0 xxxxxx
  tacacs-server host mmm.mmm.mmm.mmm key 0 xxxxx
  # Specify TACACS+ Server groups
  aaa group server tacacs+ tacgrp
  server nnn.nnn.nnn.nnn
  server mmm.mmm.mmm.mmm
  aaa authentication login default group tacgrp
  aaa authentication login console local
  # Enable TACACS+ Accounting
  aaa accounting default group tacgrp local
  end
  copy running-config startup-config
  Thanks
  MOhan

• AAA for Cisco MDS Switches

  I have configured Cisco ACS 4.0 (TACACS) with Windows AD for all Cisco MDS switches and it is working fine. But local "admin" access to the Cisco MDS switches via telnet is not working. At the same time , if I create a user with "network-admin" role locally, that works but not the default admin user.
  Could anyone help me in this regard.

  You have two options.
  1. Configure an "admin" user in AD. (note that you don't have to use the account named admin, you can just as easily assign a local user with the network-admin role).One thing to note, is that you normally use this local account in case the tacacs+ or radius authentication server goes down.
  You can have users configured locally and AD at the same time. If you are running AAA the default config is to check your AAA servers first, if they are not available, then to default to a local account
  2. Configure your local network-admin role user and then specify that say console access is authenticated locally, while ssh and telnet is authenticated through tacacs. This will allow you to always get in with a local account through the console, while it will force SSH and Telnet connections to authenticate through the AAA servers.
  You can find this option in Device Manager > Security > AAA > Applications
  If you found this helpful, please give it a rating.

• Scripting for Cisco MDS

  Though I know writing Scripts for Cisco MDs switches (as I don't rely on FM/DM GUI), I am wondering how to include comments in a script for better readability. Would appreciate if anyone could point me to the direction where it is been documented or how to do it.
  Thanks
  Mohan

  With regards to your questions:
  1- No, you must create the script externally to the MDS as specified in the doc listed below.
  http://www.cisco.com/univercd/cc/td/doc/product/sn5000/mds9000/1_3_1/sw_confg/cnfig.pdf
  You can however create a cron job on a host and login to the MDS via SSH providing Passwordless access to run a script. Let me know if this is something you would like to pursue.
  2- Yes, this is a feature in version 2.0(1b) which was released recently to Cisco.com, look under "Command Scheduler" in the following link.
  http://www.cisco.com/univercd/cc/td/doc/product/sn5000/mds9000/2_0/ol624901.htm

• Cisco Unity Connection with LDAP Problem

  Hello,
  I have a CUCM and Cisco Unity and an LDAP Server 2008,
  When I configure CUCM with LDAP, users are imported, but when I did the same method for integrating Cisco Unity with ldap does not work, when I click "Import User" via LDAP I find a user who call "Token_User_8b191a06-5041-4b41-bd5f-0575fde674e3" without extension, and no user is imported
  Unity Version : 9.0
  CUCM Version : 9.0
  LDAP : Windows 2008 Server
  Regards,
  Younes CHAFI.

  Ok, there sre two things to do now..
  1. Restart CUC..If you have already done that, then do opion 2
  Utils service system restart
  2. Take captures from cuc.. (once you start the capture, then go and try and force the ldap sync)
  https://supportforums.cisco.com/docs/DOC-11599
  Instead of using RTMT to collect the files, you can also use a SFTP tool like free FTPD..
  Example below:
  admin: utils network capture file mycap count 100000 size all host all 10.5.244.10
  Executing command with options:
  size=all count=100000 interface=eth0
  src= dest= port=
  ip=10.3.2.21
  The trace continues until you press Ctrl-C.
  Step 3: Download the Trace File
  OK, so now you have a file somewhere on the system with the data that you would really like to view.  You have to download it to your machine.  You will need a running SFTP server on the target machine.  You can use openSSH on linux/unix, freeFTPd, copSSH, or something similar.
  admin:file get activelog platform/cli/newcap.cap
  Collect the capture and attach here
  Please rate all useful posts
  "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"