Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Understanding MDS 9000 Hardware zoning

How do you show the military SAN security professionals in the Cisco CLI MDS-9500 using hardware zoning?

I tried the “show fcns database detail” command in CLI and it showing a hard-address of 0x00000.

2 REPLIES
Cisco Employee

Re: Understanding MDS 9000 Hardware zoning

For what field is it showing 0x000000? Mostly likely the device did not register anything for that field.

Bronze

Re: Understanding MDS 9000 Hardware zoning

Use the "show zone status" command and look for the string "hard-zoning: enabled".

For example,

avalanche# show zone status vsan 380

VSAN: 380 default-zone: permit distribute: full Interop: default

mode: basic merge-control: allow

session: none

hard-zoning: enabled broadcast: disabled

Default zone:

qos: none broadcast: disabled ronly: disabled

Full Zoning Database :

DB size: 1268 bytes

Zonesets:2 Zones:10 Aliases: 0

Active Zoning Database :

DB size: 480 bytes

Name: Zoneset1 Zonesets:1 Zones:11

Status:

If that still does not convince them, attach to each linecard and check the hardware tables for the ACL entries.

For example,

avalanche# attach mod 3

Attaching to module 3 ...

To exit type 'exit', to abort type '$.'

Last login: Thu Jul 3 10:53:28 2008 from sup2 on pts/0

module-3# show process acltcam fwd-engine 0 input vsan 380 match-exact

luxor_instance: 0, direction: 0, entry_type: 4

RangeLow: 0, RangeHi: 32759, Det_range_hi: 32759

Input ACL Entries

-------------------------------------------------------------------------------------------------------

cl - tcam class, rctl - R_CTL, si - src_index, at - andiamo type,

fct - FC_TYPE, fctl - F_CTL, sh - security header, sof - SOF, cc - command code, lun - LUN number

tr - target reset, lr - lun reset fr - fcp read command, fw - fcp write command

ipda - ip dest address, dport - dest UPD/TCP port,prot - src UPD/TCP port or proto field in ip hdr

sy - SYN presen, fi - FIN RST present, fr - fragmented frame, en - protocol encripted

adj - adjacency index, pri - acl priority, stats - adj/flow stats, ce - count egress,

up - QoS user priority, vld - rewrite up, cw - CSCTL rewrite

-------------------------------------------------------------------------------------------------------

Loc cl vsan s_id d_id si up sof at rctl fct fctl sh oxid cc | pri mod ctl adj up vld cw stats ce

Loc cl vsan s_id d_id si up sof lun tr lr fr fw | pri mod ctl adj up vld cw stats ce

Loc cl vsan s_id d_id si up sof ipda dport prot sy fi fr en | pri mod ctl adj up vld cw stats ce

-------------------------------------------------------------------------------------------------------

013e 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 4 | 0 0 0 0 0 0 0 45 0

0140 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 90 | 0 0 0 0 0 0 0 45 0

0142 2 17c 0 fffffe 32 0 4 0 23 1 0 0 0 2 | 0 0 0 0 0 0 0 45 0

0144 2 17c 0 fffffe 32 0 4 0 23 1 0 0 0 1 | 0 0 0 0 0 0 0 45 0

0146 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 5 | 0 0 0 0 0 0 0 45 0

0148 2 17c 0 fffffe 32 0 4 0 22 1 0 0 0 51 | 0 0 0 0 0 0 0 45 0

0154 2 17c 5006ef fffb00 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0

0156 2 17c 5006ef 5006ef 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0

0158 2 17c 5006ef fffff0 32 0 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 0

01d8 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 4 | 0 0 0 0 0 0 0 45 0

01da 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 90 | 0 0 0 0 0 0 0 45 0

01dc 2 17c 0 fffffe 21 0 4 0 23 1 0 0 0 2 | 0 0 0 0 0 0 0 45 0

01de 2 17c 0 fffffe 21 0 4 0 23 1 0 0 0 1 | 0 0 0 0 0 0 0 45 0

01e0 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 5 | 0 0 0 0 0 0 0 45 0

01e2 2 17c 0 fffffe 21 0 4 0 22 1 0 0 0 51 | 0 0 0 0 0 0 0 45 0

..snip..

353
Views
0
Helpful
2
Replies