Unofficial Cisco MDS Release 3.x CLI Config Guide Errata

Document ID: OL-16484-01, Cisco MDS SAN-OS Release 3.x

Page 1-4 shows 9124 with 8 base ports 8 licensed for growth. Should be 8 base ports, which can goto 8 or 16 additional ports

Page 1-4
Cisco Fabric Switch for HP c-Class BladeSystem (24 ports; 14 internal 2/4 Gbps, and 6 full-rate
ports)

I believe you mean 24 ports; 16 internal 2/4 Gbps, and 8 full-rate ports? You basically give the same settings for the IBM blade switch but this is a 24 port not a 20 port.

Page: Unknown
The CLI and Fabric Mgr guides state there is 64 Buffer Credits per port group for 9134 switch, and 64 Credits per port default. This is not true. There is 64 Credits per port group but only 16 per 4GB port default, and 64 per 10GB port default.

Page: 17-8
Config Guide states:

About PortChannel Configuration
Before configuring a PortChannel, consider the following guidelines:
• Configure the PortChannel across switching modules to prevent redundancy on switching module
reboots or upgrades.

This should say “Configure the PortChannel across switching modules to implement redundancy on switching module
reboots or upgrades.” not prevent.

Page: 18-6
Document states:
“About Autoreconfiguring Merged Fabrics
By default, the autoreconfigure option is disabled. When you join two switches belonging to two
different stable fabrics that have overlapping domains, the following cases apply:
• If the autoreconfigure option is enabled on both switches, a disruptive reconfiguration phase is
started.
• If the autoreconfigure option is disabled on either or both switches, the links between the two
switches become isolated.
The autoreconfigure option takes immediate effect at runtime. You do not need to restart the fcdomain.
If a domain is currently isolated due to domain overlap, and you later enable the autoreconfigure option
on both switches, the fabric continues to be isolated. If you enabled the autoreconfigure option on both
switches before connecting the fabric, a disruptive reconfiguration (RCF) will occur. A disruptive
reconfiguration may affect data traffic. You can nondisruptively reconfigure the fcdomain by changing
the configured domains on the overlapping links and getting rid of the domain overlap.”

I am not sure that the statement in bold is correct. Reconfiguration (as in changing) of domains is always disruptive.

Page: 18-7
Starting on page 18-7, the example is using VSAN 3, but in the configuration steps 3 and 4 are showing VSAN 1, instead of 3

Page: 21-2

This page refers to EMF SRDF. It should say “EMC SRDF”.

Page: 27-4

This page incorrect states that fcns reject-duplicate-pwwn is disabled by default. Testing indicates that this is in fact enabled by default.

Page: 29-12
switch(config)# ficon slot 3 assign port-numbers 0-15, 0-15

I am not sure if this is valid. If you assign port number 0-15 for physical ports 1-16, how can you assign 0-15 for ports 17-32?

Pages: 32-21 and 34-40
Tables: 32-2 and 34-3
This table incorrectly states that the default Authentication Port is 1821. This is incorrect. The default authentication port is 1812.

Page: 32-32

This page incorrectly states that you can disable password verification with aaa authentication login none command. This is not correct as this does not work.

Page: 33-2
The example for configuring snmp location and contact information is repeated twice in a row, and is redundant.

Page: 36-2
Step 2 says “Specifies the for OCSP to use to check for
revoked certificates.”

Grammar is incorrect

Page: 37-35

This page is showing IPSec encryption of an FCIP tunnel. The example shows setting an IPSec ACL for Switch A in Step 3 as follows:
sw10.1.1.100# conf t
sw10.1.1.100(config)# ip access-list acl1 permit tcp 10.10.100.231 0.0.0.0 range port 3260 3260 10.10.100.232 0.0.0.0
This is incorrect. The above ACL would be for use with iSCSI and was taken from a previous example. FCIP uses different ports. Furthermore, later on in this example in Step 8 when outputs of show crypto map domain ipsec and show crypto spd domain ipsec are shown, the ACL is different, it is an IP ACL and not a TCP based ACL.

The ACL is shown correct in Step 11 when Switch C is being configured.

Page: 43-3

Figure: 43-3 is titled as “Fibre Channel SAN View—iSCSHI Host as an HBA” this should say “Fibre Channel SAN View—iSCSI Host as an HBA”

Page 43-16
Document States:

Proxy- Initiator Mode

In the event that the Fibre Channel storage device requires explicit LUN access control for every host using the transparent initiator mode (presenting one iSCSI host as one Fibre Channel host) means every iSCSI host has to be configured statically. This can mean several configuration tasks for each iSCSI host. In this case, using the proxy initiator mode simplifies the configuration.

This really doesn’t make much sense. Basically what I gather you are trying to say is that if you need to do detailed zoning, so that each initiator can For example talk to different luns, then use transparent initiator mode. I think this is being said in a confusing way in my opinion, and its said much better In earlier parts of the documentation.

The last sentence however “In this case, using the proxy initiator mode simplifies the configuration.”. In what case? The only case described is one Where you would need transparent initiator mode. It would make sense to say “In the case you don’t need this, using the proxy initiator mode simplifies the configuration.” Or just something more clear. Have a few different people read that and I think you will see where I am coming from.

Note: Cisco Documentation team has internally re-written this as:
“In the event that the Fiber Channel storage device requires explicit LUN access control for every host, use the transparent initiator mode (presenting one iSCSI host as one Fiber Channel host), every iSCSI host has to be configured statically. This situation can require several configuration tasks for each iSCSI host. If you do not need explicit LUN access control, using the proxy initiator mode simplifies the configuration.”

Page: 44-1
“IP forwarding or in-band Fibre Channel interface using the IP over Fibre Channel (IPFC) function—IPFC specifies how IP frames can be transported over Fibre Channel using encapsulation techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the Fibre Channel network without using an overlay Ethernet network.
• IP routing (default routing and static routing)—If your configuration”

The above paragraph should say “IP forwarding on” not “IP forwarding or”.

Page: 44-10
Says

Step 1 Disable the mgmt 0 interface.

Should say
Step 1 Enable the mgmt 0 interface.

page: 44-13
Diagram 44-4 shows a route from the IP network to the IPFC cloud which has an incorrect gateway. Gateway shown in diagram is 172.23.93.74, however it shows 172.23.84.74 configured on the device, so something is not correct.

Page 44-15
Figure 44-5 shows incorrect ip default-gateway

Page 44-17
States in one bullet:

• Interface Mgmt 0 supports only one VRRP group. All other interface supports up to 7 virtual router groups, including both IPv4 and IPv6 combined.

Then states two bullets later:

• The management interface (mgmt 0) supports only one virtual router group. All other interfaces each support up to seven virtual router groups, including both IPv4 and IPv6 combined. Up to 255 virtual router groups can be assigned in each VSAN.

This is very redundant and can be combined into one bullet.

Page: 46-1
States:
In large scale iSCSI deployments where the Fibre Channel storage subsystems require explicit LUN access control for every host device, use of proxy-initiator mode simplifies the configuration.

I think what is meant here is:
In large scale iSCSI deployments where the Fibre Channel storage subsystems DO NOT require explicit LUN access control for every host device, use of proxy-initiator mode simplifies the configuration.

The way its written sounds like if you have a large scale deployment where you need explicit LUN access control you can use proxy-initiator, but its really the opposite.

Page 53-9
Information is repeated twice on the same page:

Caution By default, SPAN frames are dropped if the sum of the bandwidth of the source interfaces exceed the bandwidth of the destination port. With a higher value, the SPAN traffic has a higher probability of reaching the SPAN destination port instead of being dropped at the expense of data traffic throughput.

Caution The span drop-threshold can be changed only if no span sessions are currently active on the switch.

Caution By default, SPAN frames are dropped if the sum of the bandwidth of the source interfaces exceed the bandwidth of the destination port. With a higher value, the SPAN traffic has a higher probability of reaching the SPAN destination port instead of being dropped at the expense of data traffic throughput.

Caution The span drop-threshold can be changed only if no span sessions are currently active on the switch.

Page 53-10
Document states:
You can specify multiple SPAN source interfaces in Rx and Tx directions.
You cannot mix ingress and egress interfaces in the same SPAN session. The SPAN will reject any configuration that mixes Rx ad Tx directions. However, you can specify multiple SPAN source interfaces in a single direction.

Example 53-3 Configuring Cisco MDS 9124 for Multiple SPAN Interfaces
switch(config-span)# span session 1
switch(config-span)# destination interface fc1/1
switch(config-span)# source interface fc1/2 rx
switch(config-span)# source interface fc1/2 tx

The above states “You cannot mix ingress and egress interfaces in the same SPAN session”, then the example that follows shows this being done. Which is correct?
It then says “however, you can specify multiple SPAN source interfaces in a single direction”, yet the example clearly shows multiple SPAN source interfaces in multiple directions,
Not a single direction.

Certainly there is either a mistake in the wording or the example.

Page: 53-19

States:
“The following configurations must be performed on each switch in the end-to-end path of the Fibre Channel tunnel in which RSPAN is to be implemented:
– Trunking must be enabled (enabled by default).
– VSAN interface must be configured.
– The Fibre Channel tunnel feature must be enabled (disabled by default).
– IP routing must be enabled (disabled by default).”

This is not correct. IP routing does not have to be enabled, unless there is a specific topology where IP routing is necessary. It is worded as if it is a requirement but it is in fact not.

On the same page I find this block of text very vague and confusing:

“Note If the IP address is in the same subnet as the VSAN, the VSAN interface does not have to be configured for all VSANs on which the traffic is spanned.”

This should be made more clear. I assume you may be saying that if the source and destination of the tunnels are on the same subnet, then you don’t have to configure the VSAN interface for each switch in the path? I am not sure.

Page 54-1
The first part of the paragraph is missing for the “About System Message Logging” section, it reads:

About System Message Logging

properly configured system message logging server. You can also monitor system messages remotely by accessing the switch through Telnet, SSH, or the console port, or by viewing the logs on a system message logging server.

Obviously there was a part of this paragraph that got chopped off somewhere.

Pages: 59-6 and 59-8

These pages talk about an active mode of fcanalyzer. Although it can be configured it has no effect. It appears that this functionality doesn’t actually exist in Cisco Fabric Analyzer.

Page 59-29

States “The following example shows how to set up and use the network simulator to introduce a network delay simulation. For continuity, the procedures for creating the Gigabit Ethernet interfaces and enabling the FCIP tunnels are included.”

Issue:

There is no information contained in the example given that shows the configuration or enabling of FCIP interfaces. This however would be very nice to have in the documentation for IPS network simulator, an example showing complete configuration of Gigabit Ethernet interfaces and FCIP tunnels to go along with the Network Simulator.

Leave a Reply