Cisco MDS 9000 SAN-OS Software

Table Of Contents

Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.0(1b)

Contents

Introduction

System Requirements

Components Supported

Determining the Software Version

Image Upgrade

New Features in Cisco MDS SAN-OS Release 2.0(1b)

Cisco MDS 9216i Multiprotocol Fabric Switch

Cisco MDS 9216A Multilayer Fabric Switch

14/2-Port Multiprotocol Services Module

Graceful Shutdown

Cisco Fabric Services

Dynamic VSANs

Enhanced Zoning

Zone-Based Traffic Priority

Device Alias Distribution

Switch Security

Network Security

PortChannel Protocol

ACTIVE Mode

Autocreation

Port Tracking

Call Home

SAN Extension Tuner

Command Scheduler

Initial Setup Changes

Extended BB_Credits

Link Initialization WWN Usage

Multicast Compliance

FC ID Enhancements

Persistence by Default

Allocation for HBAs

Changed Term from FCOT to SFP

IP-ACL Enhancements

Storing the Last Core to Flash

File System Enhancements

RMON Configuration

IP Storage

FCIP Tape Acceleration

FCIP Compression Enhancement

iSNS Server

Mutual CHAP Authentication

Other IP Storage Changes

New CLI Commands

The show inventory Command

The error-enabled Command

The snmp-server enable traps Command

The Extended ping Command

Deprecated Commands

Fabric Manager Enhancements

Device Manager Enhancements

Limitations and Restrictions

Upgrading to Cisco MDS SAN-OS Release 2.0(1b) from Release 1.3(4a)

Temporary User Account

Deleting Roles

The localizedkey Option

Extended BB_Credit Support

DPVM

PortChannel Autocreation

IP-ACL Support

Port Mode for IBM FAStT 500 Storage System

FCIP Links

Fabric Manager/Device Manager Support on Windows2003

Caveats

Resolved Caveats

Open Caveats

Related Documentation

Obtaining Documentation

Cisco.com

Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information

Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.0(1b)

---

Release Date: October 22, 2004

Text Part Number: OL-6249-01 Rev. F1

This document describes the caveats and limitations for switches in the Cisco MDS 9000 Family. Use this document in conjunction with documents listed in the "Related Documentation" section.

---

Note Releases notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Family Release Note: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/prod_release_notes_list.html

---

Table 1 shows the on-line change history for this document.

Table 1 On-Line History Change 

Revision	Date	Description
A0	10/22/2004	Release notes created
B0	11/05/2004	Table 2 caption revised Table 3 correctly referenced in the Caveats section
C0	11/09/2004	Added SSE license information
D0	11/17/2004	Added DDTS CSCeg23889, image upgrade references, and FC ID information
E0	11/30/2004	Added Fabric Manager/Device Manager Support on Windows2003 information
F0	12/15/2004	Added DDTS CSCeg53094
G0	12/22/2004	Added DDTS CSCeg59198, CSCeg61535, and CSCeg58996
H0	01/14/2005	Added DDTS CSCef74578, CSCef82882, CSCef94903, CSCeg05450, CSCeg09210, CSCeg37598, CSCeg44018, CSCeg46989, CSCeg56197.
I0	02/17/2005	Added DDTS CSCef83504
J0	02/28/2005	Added DDTS CSCeg85146 and CSCin81851
K0	03/15/2005	Added DDTS CSCeh21199, CSCef56229
L0	03/24/2005	Added DDTS CSCed20053, CSCef65409, CSCef70000, CSCeg13762, CSCeg17593, CSCeg18886, CSCeg20292, CSCeg30690, CSCeg33732CSCin81760. Changed severity of DDTS CSCeg44018.
M0	04/12/2005	Added DDTS CSCeg07325, CSCeh44216, CSCeh49026, CSCeh51924
N0	04/13/2005	Added DDTS CSCeg81089
O0	5/3/2005	Added DDTS CSCeh65824
P0	5/19/2005	Removed DDTS CSCeh44216
Q0	5/24/2005	Added DDTS CSCeg66225 and CSCeh42252
R0	5/31/2005	Added DDTS CSCeh96928
S0	06/01/2005	Added DDTS CSCeg24199
T0	06/23/2005	Added DDTS CSCei25319
U0	07/29/2005	Added DDTS CSCed57251, CSCeh61610, CSCeh64080, CSCec31365, CSCeg20932, CSCeg53114, CSCeg66225, CSCeh19639, CSCeh52280, CSCeh56143, CSCeh82490, CSCeh83514, and CSCeh87985
V0	08/05/2005	Added DDTS CSCeh41099
W0	08/22/2005	Removed DDTS CSCeh61610
X0	08/23/2005	Added DDTS CSCeh61610
Y0	10/14/2005	Modified DDTS CSCeg07325
Z0	12/07/2005	Added DDTS CSCsc31424
A1	12/30/2005	Added DDTS CSCei91968
B1	05/02/2006	Added DDTS CSCeg33121, CSCei67982, CSCei91676, and CSCsc33788
C1	06/06/2006	Removed DDTS CSCed16845
D1	9/05/2006	Added DDTS CSCsd78967
E1	9/13/2006	Added DDTS CSCsf21970
F1	02/23/2007	Added DDTS CSCsg03171 and CSCsh27840.

Contents

This document includes the following sections:

•Introduction

•System Requirements

•Image Upgrade

•New Features in Cisco MDS SAN-OS Release 2.0(1b)

•Limitations and Restrictions

•Caveats

•Related Documentation

•Obtaining Documentation

•Documentation Feedback

•Cisco Product Security Overview

•Obtaining Technical Assistance

•Obtaining Additional Publications and Information

Introduction

The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. These switches combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.

The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.

System Requirements

This section describes the system requirements for Cisco MDS SAN-OS Release 2.0(1b) and includes the following topics:

•Components Supported

•Determining the Software Version

Components Supported

Table 2 lists the software and hardware components supported by the Cisco MDS 9000 Family.

---

Note To use the Cisco Storage Services Enabler package, Cisco MDS SAN-OS Release 1.3(5) or later must be installed on the MDS switch.

---

Table 2 Cisco MDS 9000 Family Supported Software and Hardware Components  

Component	Part Number	Description	Applicable Product
Software	M95S1K9-2.0.1	MDS 9500 Supervisor/Fabric-I, SAN-OS software.	MDS 9500 Series only
	M92S1K9-2.0.1	MDS 9216 Supervisor/Fabric-I, SAN-OS software.	MDS 9200 Series only
	M91S1K9-2.0.1	MDS 9100 Supervisor/Fabric-I, SAN-OS software.	MDS 9100 Series only
License	M9500SSE1K9	Storage services enabler package	MDS 9500 series with ASM
	M9500SSE1K9	Storage services enabler package	MDS 9200 series with ASM
Chassis	DS-C9509	MDS 9509 director, base configuration (9-slot modular chassis includes 7 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately).	MDS 9509 only
	DS-C9506	MDS 9506 director (6-slot modular chassis includes 4 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately).	MDS 9506 only
	DS-C9216-K9	MDS 9216 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).	MDS 9216 only
	DS-C9216A-K9	MDS 9216A 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).	MDS 9216A only
	DS-C9216i-K9	MDS 9216i 16-port semi-modular fabric switch (includes 14 1-Gbps/2-Gbps Fibre Channel ports, 2 Gigabit Ethernet ports, power supply, and expansion slot—SFPs sold separately.	MDS 9216i only
	DS-C9120-K9	MDS 9120 fixed configuration, non-modular, fabric switch (includes 4 full rate ports and 16 host-optimized ports).	MDS 9120 only
	DS-C9140-K9	MDS 9140 fixed configuration (non-modular) fabric switch (includes 8 full rate ports and 32 host-optimized ports).	MDS 9140 only
Supervisor modules	DS-X9530-SF1-K9	MDS 9500 Supervisor/Fabric-I, module.	MDS 9500 Series only
Switching modules	DS-X9016	MDS 9000 16-port 2-Gbps/1-Gbps Fibre Channel module (SFPs sold separately).	MDS 9500 Series and 9200 Series
	DS-X9032	MDS 9000 32-port 2-Gbps/1-Gbps Fibre Channel module (SFPs sold separately).
Services modules	DS-X9308-SMIP	8-port Gigabit Ethernet IP Storage Services module.
	DS-X9304-SMIP	4-port Gigabit Ethernet IP Storage Services module.
	DS-X9032-SMV	32-port Fibre Channel Advanced Services Module (ASM).
	DS-X9560-SMC	Caching Services Module (CSM).
	DS-X9302-14K9	14-port Fibre Channel/2-port Gigabit Ethernet Multiprotocol Services (MPS-14/2) module.
LC-type fiber-optic SFP1	DS-SFP-FC-2G-SW	2-Gbps/1-Gbps Fibre Channel — short wave SFP.	MDS 9000 Family
	DS-SFP-FC-2G-LW	2-Gbps/1-Gbps Fibre Channel — long wave SFP.
	DS-SFP-FCGE-SW	1-Gbps Ethernet and 2-Gbps/1-Gbps Fibre Channel—short wave SFP.
	DS-SFP-FCGE-LW	1-Gbps Ethernet and 2-Gbps/1-Gbps Fibre Channel — long wave SFP.
CWDM2	CWDM-SFP-xxxx-2G	Gigabit Ethernet and 2-Gbps/1-Gbps Fibre Channel SFP LC interface xxxx nm, where xxxx = 1470, 1490, 1510, 1530, 1550, 1570, 1590, or 1610 nm.	MDS 9000 Family
	CWDM-MUX-4	Add/drop multiplexer for four CWDM wavelengths.
	CWDM-MUX-8	Add/drop multiplexer for eight CWDM wavelengths.
	CWDM-CHASSIS-2	Two slot chassis for CWDM add/drop multiplexer(s).
Power supplies	DS-CAC-300W	300-W3 AC power supply.	MDS 9100 Series only
	DS-CAC-845W	845-W AC power supply.	MDS 9200 Series only
	DS-CAC-2500W	2500-W AC power supply.	MDS 9509 only
	DS-CDC-2500W	2500-W DC power supply.
	DS-CAC-4000W-US	4000-W AC power supply for US (cable attached).
	DS-CAC-4000W-INT	4000-W AC power supply international (cable attached).
	DS-CAC-1900W	1900-W AC power supply.	MDS 9506 only
	DS-CDC-1900W	1900-W DC power supply.
CompactFlash	MEM-MDS-FLD512M	MDS 9500 supervisor CompactFlash disk, 512MB.	MDS 9500 Series only
Port analyzer adapter	DS-PAA-2	A standalone Fibre Channel-to-Ethernet adapter that allows for simple, transparent analysis of Fibre Channel traffic in a switched fabric.	MDS 9000 Family

1 SFP = small form-factor pluggable 2 CWDM = coarse wavelength division multiplexing 3 W = Watt

Determining the Software Version

---

Note We strongly recommend that you use the latest available software release supported by your vendor for all Cisco MDS 9000 Family products.

---

To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the CLI, log into the switch and enter the show version EXEC command.

To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the Fabric Manager, view the Switches tab in the information pane, locate the switch, using the IP address, logical name, or WWN, and check its version in the Release column.

Image Upgrade

The Cisco MDS SAN-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.

You can nondisruptively upgrade to Cisco MDS SAN-OS Release 2.0(1b) from any SAN-OS software release beginning with Release 1.3(x). If you are running an older version of SAN-OS, upgrade to Release 1.3(x) and then Release 2.0(1b).

When downgrading from Cisco MDS SAN-OS Release 2.0(1b) to release 1.3(x), you might need to disable new features in release 2.0(1b) for a nondisruptive downgrade. Issuing the install all command from the CLI, or using Fabric Manager to perform the downgrade, enables the compatibility check which will indicate that the downgrade will be disruptive and the reason will be "current running-config is not supported by new image".

Compatibility check is done:

Module  bootable          Impact  Install-type  Reason

------  --------  --------------  ------------  ------

      2       yes      disruptive         reset  Current running-config is not supported 
by new image

      3       yes      disruptive         reset  Current running-config is not supported 
by new image

      5       yes      disruptive         reset  Current running-config is not supported 
by new image

      6       yes      disruptive         reset  Current running-config is not supported 
by new image

At a minimum, you need to disable the default device alias distribution feature using the no device-alias distribute command in global configuration mode. The show incompatibility system bootflash:1.3(x)_filename command determines which additional features need to be disabled.

---

Note Refer to the Determining Software Compatibility section of the Cisco 9000 Family Configuration Guide for more details.

---

New Features in Cisco MDS SAN-OS Release 2.0(1b)

Cisco MDS SAN-OS Release 2.0(1b) is a major release for switches in the Cisco MDS 9000 Family. See the "Caveats" section for details on closed and outstanding caveats and limitations.

---

Note These Release Notes are specific to this release. For the Cisco MDS SAN-OS Release 2.x documentation, set, see the "Related Documentation" section.

---

The following new features are introduced in Release 2.0(1b):

•Cisco MDS 9216i Multiprotocol Fabric Switch

•Cisco MDS 9216A Multilayer Fabric Switch

•14/2-Port Multiprotocol Services Module

•Graceful Shutdown

•Cisco Fabric Services

•Dynamic VSANs

•Enhanced Zoning

•Zone-Based Traffic Priority

•Device Alias Distribution

•Switch Security

•Network Security

•PortChannel Protocol

•Port Tracking

•Call Home

•SAN Extension Tuner

•Command Scheduler

•Initial Setup Changes

•Extended BB_Credits

•Link Initialization WWN Usage

•Multicast Compliance

•FC ID Enhancements

•Changed Term from FCOT to SFP

•IP-ACL Enhancements

•Storing the Last Core to Flash

•File System Enhancements

•RMON Configuration

•IP Storage

•New CLI Commands

•Deprecated Commands

•Fabric Manager Enhancements

Cisco MDS 9216i Multiprotocol Fabric Switch

Cisco MDS 9216i multiprotocol fabric switches contain one fixed integrated supervisor module with 14 Fibre Channel ports, 2 IP ports that can support FCIP and iSCSI protocols simultaneously, and an expansion slot that can support up to 32 additional ports (for a total of 48 ports).

The Cisco MDS 9216i switch shares a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis and consists of the following major hardware components:

•The chassis has two slots, one of which is reserved for the integrated supervisor module. The supervisor module provides supervisor functions and has 14 standard, Fibre Channel ports and two multiprotocol ports that can support FCIP and iSCSI protocols simultaneously.

•One hot-pluggable switching or services module that provides Fibre Channel or Gigabit Ethernet services.

•The backplane has direct plug-in connectivity to one switching or services module (any type).

•The hot-swappable fan module has four fans managing the airflow and cooling for the entire switch.

•These fabric switches also have the following features:

–Two redundant, hot-swappable power supplies have AC connections, each of which can supply power to a fully loaded chassis.

–The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), extended Inter-Switch Links (TE ports), loops (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access and an RS-232 (EIA/TIA-232) serial port allows switch configuration.

–Hot-swappable, small form-factor pluggable (SFP) ports can be configured with either short or long wavelength SFPs for connectivity up to 500 m and 10 km, respectively. The ports can also be configured with the extended wavelength SFPs for connectivity up to 100 km.

–The Cisco MDS 9200 Series support the IP Storage Services (IPS) module and the 14/2-port Multiprotocol Services (MPS-14/2) module. Both modules are configurable for both FCIP and iSCSI operation on a port-by-port basis. Ports configured for FCIP operation can be further configured to support up to three virtual ISL connections.

Refer to the Cisco MDS 9200 Series Hardware Installation Guide.

Cisco MDS 9216A Multilayer Fabric Switch

Cisco MDS 9216A multilayer fabric switches contain one fixed integrated supervisor module with 16 Fibre Channel ports and an expansion slot that can support up to 32 additional ports (for a total of 48 ports).

The Cisco MDS 9216 Switch and the Cisco MDS 9216A Switch share a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis and consists of the following major hardware components:

•The chassis has two slots, one of which is reserved for the integrated supervisor module. The supervisor module provides supervisor functions and has 16 standard, Fibre Channel ports.

•One hot-pluggable switching or services module that provides Fibre Channel or Gigabit Ethernet services.

•The backplane has direct plug-in connectivity to one switching or services module (any type).

•The hot-swappable fan module has four fans managing the airflow and cooling for the entire switch.

•These fabric switches also have the following features:

–Two redundant, hot-swappable power supplies have AC connections, each of which can supply power to a fully loaded chassis.

–The 1-Gbps or 2-Gbps autosensing Fibre Channel ports support Inter-Switch Links (E ports), extended Inter-Switch Links (TE ports), loops (FL and TL ports), and fabric (F ports) connectivity. Besides Telnet access, a 10/100BASE-T Ethernet port provides switch access and an RS-232 (EIA/TIA-232) serial port allows switch configuration.

–Hot-swappable, small form-factor pluggable (SFP) ports can be configured with either short or long wavelength SFPs for connectivity up to 500 m and 10 km, respectively. The ports can also be configured with the extended wavelength SFPs for connectivity up to 100 km.

–The Cisco MDS 9200 Series support the IP Storage Services (IPS) module and the 14/2-port Multiprotocol Services (MPS-14/2) module. Both modules are configurable for both FCIP and iSCSI operation on a port-by-port basis. Ports configured for FCIP operation can be further configured to support up to three virtual ISL connections.

Refer to the Cisco MDS 9200 Series Hardware Installation Guide.

14/2-Port Multiprotocol Services Module

The 14/2-port Multiprotocol Services (MPS-14/2) module allows you to use FCIP and iSCSI features. It integrates seamlessly into the Cisco MDS 9000 Family, and supports the full range of features available on other switching modules, including VSANs, security, and traffic management. The MPS-14/2 module has 14 Fibre Channel ports and two Gigabit Ethernet ports.

Refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco MDS 9500 Series Hardware Installation Guide.

Graceful Shutdown

As of Release 2.0(1b), the Cisco MDS SAN-OS software implicitly performs a graceful shutdown in response to either of the following actions:

•If you shutdown an interface operating in the E port mode

•If a Cisco MDS SAN-OS software application executes a port shutdown as part of its function

A graceful shutdown ensures that no frames are lost when the interface is shutting down. When a shutdown is triggered either by you or the Cisco MDS SAN-OS software, the switches connected to the shutdown link coordinate with each other to ensure that all frames in the ports are safely sent through the link before shutting down. This enhancement reduces the chance of frame loss.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Cisco Fabric Services

The Cisco MDS SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database distribution and to foster device flexibility. It simplifies SAN provisioning by automatically distributing configuration information to all switches in a fabric. The following Cisco MDS SAN-OS features use the CFS infrastructure:

•TACACS and RADIUS

•Dynamic Port VSAN Membership

•Distributed Device Alias Services

•iSNS

•Call Home

•Port security

•Syslog

•User and administrator roles

•IVR topology

•Fctimer

•NTP

Refer to the Cisco MDS 9000 Family Configuration Guide.

Dynamic VSANs

Port VSAN membership on the switch is assigned on a port-by-port basis. By default each port belongs to the default VSAN.

As of Cisco MDS SAN-OS Release 2.0(1b), you can dynamically assign VSAN membership to ports by assigning VSANs based on the device WWN. This method is referred to as the Dynamic Port VSAN Membership (DPVM) feature. DPVM offers flexibility and eliminates the need to reconfigure the VSAN to maintain fabric topology when a host or storage device connection is moved between two Cisco MDS switches. It retains the configured VSAN regardless of where a device is connected or moved.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Enhanced Zoning

As of Cisco MDS SAN-OS Release 2.0(1b), the zoning feature is enhanced to be compliant with FC-GS-4 and FC-SW-3. Both standards support the basic zoning and the enhanced zoning functionalities.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Zone-Based Traffic Priority

As of Cisco SAN-OS Release 2.0(1b), the zoning feature provides an additional segregation mechanism to prioritize select zones in a fabric and set up access control between devices. Using this feature, you can configure the Quality of Service (QoS) priority as a zone attribute. You can assign the QoS traffic priority attribute to be high, medium, or low. By default, zones with no specified priority are implicitly assigned a low priority. Zone-based QoS can only be implemented in Cisco MDS 9000 Family switches running Cisco MDS SAN-OS Release 2.0(1b) or later.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Device Alias Distribution

As of Cisco SAN-OS Release 2.0(1b), all switches in the Cisco MDS 9000 Family offer a new alias distribution feature called Distributed Device Alias Services (device alias). In Release 1.3 and earlier, aliases were distributed on a per VSAN basis. Using this new, enhanced service, you now have the option to distribute device alias names on a fabric-wide basis.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Switch Security

Management security in any switch in the Cisco MDS 9000 Family provides security to all management access methods including the command-line interface (CLI) or Simple Network Management Protocol (SNMP). CLI security options also apply to the Cisco MDS Fabric Manager and Device Manager.

•As of Cisco SAN-OS Release 2.0(1b), both the CLI security database and the SNMP user database are synchronized and continue to use the same password that was previously configured.

Prior to Release 2.0(1b), if a user was previously configured in one database and not the other, the user can continue using that account.

Prior to upgrading to Release 2.0(1b), if the user was present in the SNMP database and the CLI database, then the set of roles assigned to this user in Release 2.0(1b) will include the union of both sets of roles.

•If a password is trivial (short, easy-to-decipher), your password configuration is rejected. Be sure to configure a strong password. Passwords are case-sensitive. As of Release 2.0(1b), admin is not the default password for any switch in the Cisco MDS 9000 Family. You must explicitly configure a strong password.

•You can have separate AAA configurations for Telnet or SSH login, console login, iSCSI authentication, FC-SP authentication, or accounting. Server group, local, and none are the three options for any service in an AAA configuration. Each option is tried in the order specified. If all methods fail, local is tried—even if it is not specified as one of the options.

•As of Cisco SAN-OS Release 2.0(1b), the priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv option along with aes-128 token indicates that this privacy password is for generating 128-bit AES key.The AES priv password can have a minimum of 8 characters. If the passphrases are specified in clear text, you can specify a maximum of 64 characters. If you use the localized key, you can specify a maximum of 130 characters.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Network Security

The IP Security (IPsec) Protocol is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. It is developed by the Internet Engineering Task Force (IETF). IPsec provides security services at the IP layer, including protecting one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

IPsec uses the Internet Key Exchange (IKE) protocol to handle protocol and algorithm negotiation and to generate the encryption and authentication keys to be used by IPsec. While IKE can be used with other protocols, its initial implementation is with the IPsec protocol. IKE provides authentication of the IPsec peers, negotiates IPsec security associations, and establishes IPsec keys.

Refer to the Cisco MDS 9000 Family Configuration Guide.

PortChannel Protocol

The PortChannel Protocol expands the PortChannel functional model in Cisco MDS switches. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a PortChannel.

The PortChannel feature now includes a new mode (ACTIVE) and a new protocol (autocreation).

Refer to the Cisco MDS 9000 Family Configuration Guide.

ACTIVE Mode

You can configure each PortChannel with a channel group mode parameter to determine the PortChannel protocol behavior for all member ports in this channel group. In the ACTIVE mode, the member ports initiate the PortChannel protocol negotiation with peer port(s) regardless of the channel group mode of the peer port.

The default ON mode is backward compatible with the existing implementation of PortChannels in releases prior to Release 2.0(1b), where the channel group mode is implicitly assumed to be ON. In Cisco MDS SAN-OS Release 1.3 and earlier, the only available PortChannel mode was ON.

Autocreation

As of Cisco SAN-OS Release 2.0(1b), a protocol to exchange PortChannel configurations is available in all Cisco MDS switches. The autocreation mode enables ISLs with compatible parameters to automatically form channel groups without manual intervention.

Port Tracking

The Port Tracking feature is unique to the Cisco MDS 9000 Family of switches. This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device. This process of converting the indirect failure to a direct failure triggers a faster recovery process. When enabled, the port tracking feature brings down the configured links based on the failed link and forces the traffic to be redirected to another redundant link.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Call Home

As of Cisco SAN-OS Release 2.0(1b), the Call Home feature provides message throttling capabilities, periodic inventory messages, port syslog messages, and RMON alert messages.

Refer to the Cisco MDS 9000 Family Configuration Guide.

SAN Extension Tuner

The SAN extension tuner (SET) feature is unique to the Cisco MDS 9000 Family of switches. This feature helps you optimize FCIP performance by generating SCSI I/O commands and directing such traffic to a specific virtual target. You can specify the size of the test I/O transfers and how many concurrent I/Os to generate while testing. The SET reports the resulting I/Os per second (IOPS) and I/O latency, which helps you determine the number of concurrent I/Os needed to maximize FCIP throughput.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Command Scheduler

The Cisco MDS command scheduler feature helps you schedule configuration and maintenance jobs in any switch in the Cisco MDS 9000 Family. This feature is available in the Cisco SAN-OS Release 2.0(1b) software. You can use this feature to schedule jobs on a one-time basis or periodically.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Initial Setup Changes

The questions in the initial set up routine and the order in which they appear is enhanced to reflect the various changes in the Cisco SAN-OS Release 2.0(1b) software.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Extended BB_Credits

The BB_credits feature allows you to configure up to 255 receive buffers. This number is insufficient for long haul links. To facilitate BB_credits for long haul links, the extended BB_credits flow control mechanism allows you to configure up to 3,500 receive BB_credits on a Fibre Channel port. The extended BB_credit configuration takes precedence over the receive BB_credit and performance buffer configurations.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Link Initialization WWN Usage

Exchange Link Protocol (ELP) and Exchange Fabric Protocol (EFP) use WWNs during link initialization. The usage details differ based on the Cisco SAN-OS software release:

•In Cisco SAN-OS Release 1.0 and 1.1, both ELPs and EFPs use the VSAN WWN during link initialization.

•In Cisco SAN-OS Releases 1.2 and 1.3, two different WWNs are used during the link initialization process:

–ELPs use the switch WWN.

–EFPs use the VSAN WWN.

•In Cisco SAN-OS Release 2.0(1b), both ELPs and EFPs use the VSAN WWN by default during link initialization. However, the ELP usage changes based on the peer switch's usage:

–If the peer switch ELP uses the switch WWN, then the local switch also uses the switch WWN.

–If the peer switch ELP uses the VSAN WWN, then the local switch also uses the VSAN WWN.

This link initialization change between Cisco SAN-OS releases is implicit and does not require any configuration.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Multicast Compliance

Prior to Cisco SAN-OS Release 2.0(1b), the principal switch to compute the multicast tree. Now, to interoperate with other vendor switches (following FC-SW3 guidelines), the Cisco SAN-OS software uses the lowest domain switch as the root to compute the multicast tree in interop mode.

Refer to the Cisco MDS 9000 Family Configuration Guide.

FC ID Enhancements

The FC ID feature is enhanced as described in this section.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Persistence by Default

To preserve the FC IDs in your configuration, verify that the persistent Fibre Channel ID (FC ID) feature is enable before rebooting. As of SAN-OS Release 2.0(1b), this feature is enabled by default. In earlier releases, the default is disabled. For more information on persistent FC ID, see the Persistent FC IDs section in the Cisco MDS 9000 Family Configuration Guide.

Allocation for HBAs

To conserve the number of FC IDs used, Cisco MDS 9000 Family switches use a special FC ID allocation scheme.

In Cisco SAN-OS Release 1.3 and earlier, a full area is allocated to host bus adapters (HBAs). This allocation isolates them to an area and they are listed with their pWWN during a fabric login. The allocated FC IDs are cached persistently and are still available in Cisco SAN-OS Release 2.0(1b).

To allow further scalability for switches with numerous ports, the Cisco SAN-OS Release 2.0(1b) software maintains a list of HBAs, identified by their company IDs (also known as Organizational Unit Identifier, or OUI), that use the pWWN during a fabric log in. A full area is allocated to N ports with company IDs that are listed and for the others, a single FC ID is allocated. Irrespective of the kind (whole area or single) of FC ID allocated, the FC ID entries remain persistent.

Changed Term from FCOT to SFP

As of Cisco SAN-OS Release 2.0(1b), the term FCOT (Fibre Channel optical transmitter), is replaced by the term SFP (small form-factor pluggable), in the Cisco SAN-OS software and in the documentation.

Refer to the Cisco MDS 9000 Family Configuration Guide.

IP-ACL Enhancements

In Cisco SAN-OS Release 1.3 and earlier, you could only apply IP-ACLs to VSAN interfaces and the management interface. As of Cisco SAN-OS Release 2.0(1b), you can also apply IP-ACLs to Gigabit Ethernet interfaces (IPS modules) and Ethernet PortChannel interfaces.

If IP-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface to a Ethernet PortChannel group.

Do not apply IP-ACLs to only one member of a PortChannel group. Apply IP-ACLs to the entire channel group.

Refer to the Cisco MDS 9000 Family Configuration Guide.

Storing the Last Core to Flash

As of Cisco SAN-OS Release 2.0(1b), the last core dump (service core) is automatically saved to the Flash in the /mnt/pss/ partition before the switchover or reboot occurs. Three minutes after the supervisor module reboots, the saved last core is restored from the Flash partition (/mnt/pss) back to its original RAM location. This restoration is a background process and is not visible to the user.

Refer to the Cisco MDS 9000 Family Configuration Guide.

File System Enhancements

As of Cisco SAN-OS Release 2.0(1b), you can use the Tab key to complete schemes, servers, and file names available in the file system.

Refer to the Cisco MDS 9000 Family Configuration Guide.

RMON Configuration

As of Cisco SAN-OS Release 2.0(1b), you can configure RMON alarms and events by using the CLI.

Refer to the Cisco MDS 9000 Family Configuration Guide.

IP Storage

This section includes the following subsections:

•FCIP Tape Acceleration

•FCIP Compression Enhancement

•iSNS Server

•Mutual CHAP Authentication

•Other IP Storage Changes

Refer to the Cisco MDS 9000 Family Configuration Guide.

FCIP Tape Acceleration

Tapes are storage devices that store and retrieve user data sequentially. Applications that access tape drives normally have only one SCSI WRITE operation outstanding to it. This single command process limits the benefit of the write acceleration feature when using an FCIP tunnel over a long-distance WAN link. It impacts backup and archive performance because each SCSI WRITE operation does not complete until the host receives a good status response from the tape drive.

The FCIP tape acceleration feature is introduced in Cisco SAN-OS Release 2.0(1b) to improve tape backup and archive operations by allowing faster data streaming from the host to the tape over the WAN link.

FCIP Compression Enhancement

The FCIP compression feature is enhanced to support new compression modes

•mode 1 is recommended for link with bandwidth higher than 25 Mbps.

•mode 2 is recommended for link with bandwidth lower than 25 Mbps but higher than 10 Mbps.

•mode 3 is recommended for link with bandwidth lower than 10 Mbps.

These three modes replace the high-throughput and high-comp-ratio modes available in Cisco SAN-OS Release 1.3.

When you upgrade from Cisco SAN-OS Release 1.3, the high-throughput configuration becomes mode 1 and the high-comp-ratio configuration becomes mode 3.

When you downgrade from Cisco SAN-OS Release 2.0(1b) to Cisco SAN-OS Release 1.3 release, all modes (mode 1, mode 2, and mode 3) in Cisco SAN-OS Release 2.0(1b) become high-throughput mode in Cisco SAN-OS Release 1.3.

iSNS Server

The iSNS server allows existing TCP/IP networks to function more effectively as storage area networks by automating the discovery, management, and configuration of iSCSI devices. It also provides device registration, state change notification, and remote domain discovery services.

Mutual CHAP Authentication

The IPS module supports a mechanism for the iSCSI initiator to authenticate the switch using the switch user name and password during the iSCSI CHAP authentication login.

Other IP Storage Changes

The following settings are enhanced in Cisco SAN-OS Release 2.0(1b):

•Forwarding mode—The store-and-forward mode is the default iSCSI forwarding mode.

•Time stamp control—The default value for packet acceptance is 2000 microseconds. In Cisco SAN-OS Release 1.3 and earlier, the burst size was 1000 microseconds.

•Maximum delay jitter—The default value for FCIP interface is 1000 microseconds. In Cisco SAN-OS Release 1.3, the burst size was 100 microseconds.

•Monitoring window congestion—The default burst size is 50 KB. In Cisco SAN-OS Release 1.3 and earlier, the burst size was 10 KB.

•Write acceleration—FCIP write acceleration works even if the FCIP port is part of a PortChannel. In releases prior to SAN-OS 2.0(1b) FCIP write acceleration does not work if the FCIP port is part of a PortChannel.

New CLI Commands

Several new CLI commands support the new features in this software release. Other commands introduced or significantly enhanced in Release 2.0(1b) are addressed in this section.

Refer to the Cisco MDS 9000 Family Configuration Guide and the Cisco MDS 9000 Family Command Reference.

The show inventory Command

To view information on the field replaceable units (FRUs) in the switch, including product IDs, serial numbers, and version IDs, use the show inventory command.

The error-enabled Command

To enable the error-enabled message display, use the aaa authentication login error-enable command.

To disable the error-enabled message display, use the no aaa authentication login error-enable command.

To view the current display status, use the show aaa authentication login error-enable command.

The snmp-server enable traps Command

To enable a specific SNMP trap (for example, fcdomain traps) notification use the snmp-server enable traps fcdomain command.

To disable the specified SNMP trap notification use the no snmp-server enable traps fcdomain command.

The Extended ping Command

The ping command now provides additional options to verify the connectivity of a remote host or server. To specify these additional parameters, type ping at the CLI switch prompt and press Enter.

Deprecated Commands

The following commands are deprecated in Cisco SAN-OS Release 2.0(1b):

•The quiesce interface and the quiesce no interface commands. This functionality is now replaced by the graceful shutdown functionality that is automatically available in all switches in the Cisco MDS 9000 Family (see the "Graceful Shutdown" section). These commands continue to be available in Cisco SAN-OS Release 1.3.

•The aaa accounting logsize and the no aaa accounting logsize command. By default about 250 KB of accounting log is automatically displayed.

•The fcinterop fcid-allocation command. This command is replaced by the fcid-allocation area company-id command.

•The ip-compression high-throughput and the ip-compression high-comp-ratio commands. Use the ip-compression mode (mode 1, 2, 3, or auto) command instead.

Fabric Manager Enhancements

The Cisco MDS 9000 Family Fabric Manager enhancements are as follows:

•Fabric Manager Web Services (to access network management and performance information)

–Event logs and statistics

–Historical performance reports

–Inventory summary reports

–Administrative capabilities

•Supports enhanced Zoning

•Cisco Fabric Manager physical attributes filtering

•Rearranged Logical and Physical panes

•Displays SANs and multiple fabrics

•Detachable tables in Information pane

•Login screen enhancements

– Simple versus complex

– Load from database

– Can sync server to same NIC as client

•Enclosures in map can bring up customized application when you right-click

•Displays every VSAN island without collapsing them

•LUN IDs are now associated with targets

•FDMI and name server information is collated for initiators (hosts)

•Enclosures are global across SANs

•Performance Manager Wizard enhancements

– Interpolation

– Adaptive baseline thresholds

– Compression

– Enhanced collection capabilities

•FCIP wizard enhancements

– Encryption

– Compression

•FICON enhancements

– Displays FICON port numbers on map

– Can assign FICON ports for FCIP PortChannels

•Zoning enhancements

– Aliases treated as groups

– Many types of aliases

– Can rename zonesets, zones, and aliases

– Backup and restore zone database

– Enhanced zoning

•Cisco SAN-OS Release 2.0(1b) enhancements also include the following features:

– DPVM wizard

– CFS

– Zone-based QoS

– IKE/IPsec

– Port tracking

– DNS

Device Manager Enhancements

The Cisco MDS 9000 Family Device Manager enhancements are as follows:

•MPS 14/2 support

•AES support (authentication algorithm)

•FCIP interfaces displayed in physical view

•Cisco SAN-OS Release 2.0(1b) enhancements also include the following features:

– Auto trunk

– Port tracking

– DNS

– Tape acceleration

– IPS encryption

– CFS

– DPVM

•Gigabit Ethernet TCP statistics

•Multicast root

•FCID area allocation

•Additional (and more accurate) flash file manipulation capabilities

•Reads syslog information from the Fabric Manager server

•Summary view enhancements

– Displays Ethernet PortChannel members

– Displays the Gigabit Ethernet port associated with FCIP

– Displays FCIP compression information

•Ability to power down a line card

Refer to the Cisco MDS 9000 Fabric Manager Guide.

Limitations and Restrictions

The following limitations and restrictions apply to all switches in the Cisco MDS 9000 Family:

•Upgrading to Cisco MDS SAN-OS Release 2.0(1b) from Release 1.3(4a)

•Temporary User Account

•Deleting Roles

•The localizedkey Option

•Extended BB_Credit Support

•DPVM

•PortChannel Autocreation

•IP-ACL Support

•Port Mode for IBM FAStT 500 Storage System

•FCIP Links

•Fabric Manager/Device Manager Support on Windows2003

Upgrading to Cisco MDS SAN-OS Release 2.0(1b) from Release 1.3(4a)

This procedure applies to Fabric Manager and Device Manager applications using Cisco MDS SAN-OS Release 1.3(4a) software.

To upgrade a switch from 1.3(4a) to 2.0(1b), use Device Manager to copy the image files to bootflash and then use Fabric Manager to perform the upgrade.

To copy the image files from a server or PC to bootflash, follow these steps:

---

Step 1 Start TFTP, FTP, SCP, or SFTP on the server or PC where you have the image files stored.

Step 2 In Device Manager, select Admin > Flash Files. You see the bootflash directory listed for the supervisor's local partition, by default.

Step 3 Select the device and partition from the drop-down lists for the directory containing the file you want to copy.

Step 4 Click the Copy button to open the Copy dialog box.

Step 5 Select the protocol you want to use to perform the copy procedure.

Step 6 Enter the address of the source server.

Step 7 If necessary, enter your remote username and password on that server.

Step 8 Click the ... button after the SourceName field to browse for the source file on your local PC or on the server, depending on the type of copy.

Step 9 Enter the destination name for the file.

---

Note If you are copying to Flash, the file name must be of the form
[device>:][<partition>:]<file>

where <device> is a value obtained from the Flash device name,
<partition> is obtained from the Flash partition name
and <file> is any character string that does not have embedded colon characters.

---

Step 10 Click Apply.

---

To upgrade using Fabric Manager, use the Software Install Wizard. Software upgrades may be disruptive under the following conditions:

•A single supervisor system with kickstart or system image changes.

•A dual supervisor system with incompatible system software images.

---

Note Before you use the Software Install Wizard, verify that the standby supervisor management port is connected.

---

To use the Software Install Wizard, follow these steps:

---

Step 1 Open the Software Install Wizard by clicking on its icon in the toolbar.

You see the Software Install Wizard.

Step 2 Select the switches that you want to upgrade or install images from the displayed list.

You must select at least one switch to proceed. When finished, click Next.

Step 3 Specify the new images to use for each switch model.

To use images that are already downloaded (the file is already on the bootflash), check the Skip Image Download check box.

Step 4 Double-click the table cell under System, Kickstart, or Asm-sfn to see a drop-down list of images to choose from.

Step 5 Select an image to use for the upgrade.

You must select at least one image for each switch to proceed.

---

Note There is no limit to the number of switches you can upgrade. However, the upgrade is a serial process; that is, only a single switch is upgraded at a time.

---

Step 6 Start the upgrade.

If you check version check before the upgrade process is started, a version check is done. This check provides information about the impact of the upgrade for each module on the switch. It also shows any HA-related incompatibilities that might result. You see a final dialog box at this stage, prompting you to confirm that this check should be performed.

---

Caution If version check is enabled, the upgrade will proceed even if your version is newer than the version you are installing.

---

---

Note Before exiting the session, be sure the upgrade process is complete. The wizard will display a status as it goes along. Check the lower left-hand corner of the wizard for the status message Upgrade Finished. First, the wizard displays the message Success followed a few seconds later by InProgress Polling. Then the wizard displays a second message Success before displaying the final Upgrade Finished.

---

Refer to the Cisco MDS 9000 Fabric Manager Guide.