cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
663
Views
0
Helpful
2
Replies

Understanding MDS 9000 Hardware zoning

ronald.hooker
Level 1
Level 1

How do you show the military SAN security professionals in the Cisco CLI MDS-9500 using hardware zoning?

I tried the “show fcns database detail” command in CLI and it showing a hard-address of 0x00000.

2 Replies 2

tblancha
Cisco Employee
Cisco Employee

For what field is it showing 0x000000? Mostly likely the device did not register anything for that field.

dmcloon
Level 1
Level 1

Use the "show zone status" command and look for the string "hard-zoning: enabled".

For example,

avalanche# show zone status vsan 380

VSAN: 380 default-zone: permit distribute: full Interop: default

mode: basic merge-control: allow

session: none

hard-zoning: enabled broadcast: disabled

Default zone:

qos: none broadcast: disabled ronly: disabled

Full Zoning Database :

DB size: 1268 bytes

Zonesets:2 Zones:10 Aliases: 0

Active Zoning Database :

DB size: 480 bytes

Name: Zoneset1 Zonesets:1 Zones:11

Status:

If that still does not convince them, attach to each linecard and check the hardware tables for the ACL entries.

For example,

avalanche# attach mod 3

Attaching to module 3 ...

To exit type 'exit', to abort type '$.'

Last login: Thu Jul 3 10:53:28 2008 from sup2 on pts/0

module-3# show process acltcam fwd-engine 0 input vsan 380 match-exact

luxor_instance: 0, direction: 0, entry_type: 4

RangeLow: 0, RangeHi: 32759, Det_range_hi: 32759

Input ACL Entries

-------------------------------------------------------------------------------------------------------

cl - tcam class, rctl - R_CTL, si - src_index, at - andiamo type,

fct - FC_TYPE, fctl - F_CTL, sh - security header, sof - SOF, cc - command code, lun - LUN number

tr - target reset, lr - lun reset fr - fcp read command, fw - fcp write command

ipda - ip dest address, dport - dest UPD/TCP port,prot - src UPD/TCP port or proto field in ip hdr

sy - SYN presen, fi - FIN RST present, fr - fragmented frame, en - protocol encripted

adj - adjacency index, pri - acl priority, stats - adj/flow stats, ce - count egress,

up - QoS user priority, vld - rewrite up, cw - CSCTL rewrite

-------------------------------------------------------------------------------------------------------

Loc cl vsan s_id d_id si up sof at rctl fct fctl sh oxid cc | pri mod ctl adj up vld cw stats ce

Loc cl vsan s_id d_id si up sof lun tr lr fr fw | pri mod ctl adj up vld cw stats ce

Loc cl vsan s_id d_id si up sof ipda dport prot sy fi fr en | pri mod ctl adj up vld cw stats ce

-------------------------------------------------------------------------------------------------------

013e 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 4 | 0 0 0 0 0 0 0 45 0

0140 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 90 | 0 0 0 0 0 0 0 45 0

0142 2 17c 0 fffffe 32 0 4 0 23 1 0 0 0 2 | 0 0 0 0 0 0 0 45 0

0144 2 17c 0 fffffe 32 0 4 0 23 1 0 0 0 1 | 0 0 0 0 0 0 0 45 0

0146 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 5 | 0 0 0 0 0 0 0 45 0

0148 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 51 | 0 0 0 0 0 0 0 45 0

0154 2 17c 5006ef fffb00 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0

0156 2 17c 5006ef 5006ef 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0

0158 2 17c 5006ef fffff0 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0

01d8 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 4 | 0 0 0 0 0 0 0 45 0

01da 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 90 | 0 0 0 0 0 0 0 45 0

01dc 2 17c 0 fffffe 21 0 4 0 23 1 0 0 0 2 | 0 0 0 0 0 0 0 45 0

01de 2 17c 0 fffffe 21 0 4 0 23 1 0 0 0 1 | 0 0 0 0 0 0 0 45 0

01e0 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 5 | 0 0 0 0 0 0 0 45 0

01e2 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 51 | 0 0 0 0 0 0 0 45 0

..snip..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: