07-02-2008 06:54 AM
How do you show the military SAN security professionals in the Cisco CLI MDS-9500 using hardware zoning?
I tried the âshow fcns database detailâ command in CLI and it showing a hard-address of 0x00000.
07-02-2008 04:11 PM
For what field is it showing 0x000000? Mostly likely the device did not register anything for that field.
07-02-2008 04:59 PM
Use the "show zone status" command and look for the string "hard-zoning: enabled".
For example,
avalanche# show zone status vsan 380
VSAN: 380 default-zone: permit distribute: full Interop: default
mode: basic merge-control: allow
session: none
hard-zoning: enabled broadcast: disabled
Default zone:
qos: none broadcast: disabled ronly: disabled
Full Zoning Database :
DB size: 1268 bytes
Zonesets:2 Zones:10 Aliases: 0
Active Zoning Database :
DB size: 480 bytes
Name: Zoneset1 Zonesets:1 Zones:11
Status:
If that still does not convince them, attach to each linecard and check the hardware tables for the ACL entries.
For example,
avalanche# attach mod 3
Attaching to module 3 ...
To exit type 'exit', to abort type '$.'
Last login: Thu Jul 3 10:53:28 2008 from sup2 on pts/0
module-3# show process acltcam fwd-engine 0 input vsan 380 match-exact
luxor_instance: 0, direction: 0, entry_type: 4
RangeLow: 0, RangeHi: 32759, Det_range_hi: 32759
Input ACL Entries
-------------------------------------------------------------------------------------------------------
cl - tcam class, rctl - R_CTL, si - src_index, at - andiamo type,
fct - FC_TYPE, fctl - F_CTL, sh - security header, sof - SOF, cc - command code, lun - LUN number
tr - target reset, lr - lun reset fr - fcp read command, fw - fcp write command
ipda - ip dest address, dport - dest UPD/TCP port,prot - src UPD/TCP port or proto field in ip hdr
sy - SYN presen, fi - FIN RST present, fr - fragmented frame, en - protocol encripted
adj - adjacency index, pri - acl priority, stats - adj/flow stats, ce - count egress,
up - QoS user priority, vld - rewrite up, cw - CSCTL rewrite
-------------------------------------------------------------------------------------------------------
Loc cl vsan s_id d_id si up sof at rctl fct fctl sh oxid cc | pri mod ctl adj up vld cw stats ce
Loc cl vsan s_id d_id si up sof lun tr lr fr fw | pri mod ctl adj up vld cw stats ce
Loc cl vsan s_id d_id si up sof ipda dport prot sy fi fr en | pri mod ctl adj up vld cw stats ce
-------------------------------------------------------------------------------------------------------
013e 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 4 | 0 0 0 0 0 0 0 45 0
0140 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 90 | 0 0 0 0 0 0 0 45 0
0142 2 17c 0 fffffe 32 0 4 0 23 1 0 0 0 2 | 0 0 0 0 0 0 0 45 0
0144 2 17c 0 fffffe 32 0 4 0 23 1 0 0 0 1 | 0 0 0 0 0 0 0 45 0
0146 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 5 | 0 0 0 0 0 0 0 45 0
0148 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 51 | 0 0 0 0 0 0 0 45 0
0154 2 17c 5006ef fffb00 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0
0156 2 17c 5006ef 5006ef 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0
0158 2 17c 5006ef fffff0 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0
01d8 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 4 | 0 0 0 0 0 0 0 45 0
01da 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 90 | 0 0 0 0 0 0 0 45 0
01dc 2 17c 0 fffffe 21 0 4 0 23 1 0 0 0 2 | 0 0 0 0 0 0 0 45 0
01de 2 17c 0 fffffe 21 0 4 0 23 1 0 0 0 1 | 0 0 0 0 0 0 0 45 0
01e0 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 5 | 0 0 0 0 0 0 0 45 0
01e2 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 51 | 0 0 0 0 0 0 0 45 0
..snip..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: