CMSE LG v2 PDF

CMSE
Cisco Multiprotocol
Storage Essentials
Version 2.0
Lab Guide
CLS Production Services: 07.15.05

Copyright  2005, Cisco Systems, Inc. All rights reserved.
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax
numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica
Croatia • Cyprus • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece
Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia
Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania
Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland
Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, the Cisco Square Bridge logo, Follow Me
Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play,
and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco
IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the
Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive,
GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard,
LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet,
PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus,
SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered
trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the
word partner does not imply a partnership relationship between Cisco and any other company. (0501R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO
WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY
OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO
SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-
INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE
OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be accurate, it falls
subject to the disclaimer above.
CMSE
Lab Guide
Overview
This guide includes these activities:
 Lab 2-1: Implementing FCIP with the Cisco MDS 9000 IPS Module
 Lab 2-2: Implementing FCIP High Availability
 Lab 2-3: Implementing IVR for SAN Extension
 Lab 2-4: Tuning FCIP Performance
 Lab 3-1: Implementing iSCSI with the MDS 9000 IPS Module
 Lab 3-2: Configuring Static Initiators and Targets
 Lab 3-3: Implementing Fibre Channel Access Control for iSCSI
 Lab 3-4: Implementing iSCSI Access Control
 Lab 3-5: Implementing High-Availability iSCSI Configurations
 Lab 3-6: Troubleshooting IP Storage Services
Lab 2-1: Implementing FCIP with the Cisco MDS
9000 IPS Module
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
Your customer needs to provide basic SAN extension between two sites. There is no need for
redundancy, as this is simply a proof-of-concept implementation. The customer network is
large, with many IP subnets.
In this activity, you will configure an FCIP environment using the Cisco MDS 9000 IPS
Module. After completing this activity, you will be able to meet these objectives:
 Complete the initial switch configuration process.
 Configure Gigabit Ethernet interfaces on the MDS 9000 IPS Module.
 Configure FCIP profiles.
 Create and verify an FCIP tunnel between two MDS 9000 IPS Modules.
 Create and test a file system in Windows 2000.
Visual Objective
The figure illustrates what you will accomplish in this activity.
2 Cisco Multiprotocol Storage Essentials (CMSE) v2.0 © 2005, Cisco Systems, Inc.
Required Resources
These are the resources and equipment required to complete this activity:
 A Cisco MDS 9506 Multilayer Director and a Cisco MDS 9216 Fabric Switch, each with
an MDS 9000 IPS Module.
 Two Windows 2000 servers, each with an FC HBA.
 A Just a Bunch of Disks (JBOD) with at least two disks
Command List
The table describes the commands used in this activity.
Command Description
write erase Deletes the existing startup configuration.
reload Reboots the switch.
Displays the time and date set on the MDS 9000

show clock Series Multilayer Switch.
show running Displays the current running configuration.
Copies the current running configuration to the

copy run start startup configuration.
show fcns database Displays a list of all the ports that are logged in to
[ vsan vsan-id ] the Fibre Channel Name Server (FCNS).
Displays the status of and statistics for interface fc

show interface fc slot/port slot or port.
show interface gigabitethernet Displays the status of and statistics for interface
slot/port gigabitethernet slot or port.
show interface fcip interface- Displays the status of and statistics for FCIP
number interface interface-number.
show fcip profile Displays the FCIP profile configuration.
show wwn switch Displays the local switch fabric WWN.
© 2005, Cisco Systems, Inc. Lab Guide 3

Task 1: Initial Switch Configuration
In this task, both teams will complete the initial configuration of their respective MDS 9000
Series switches for administrative password assignment, out-of-band management, and NTP
services.
Activity Procedure
Complete these steps:
Step 1 Start a console session and log in to your assigned switch using the following login
information:
Switch login: admin
Password: 1234qwer
Step 2 Clear the current startup configuration and reboot the switch. Your display should
resemble the following:
# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
# reload
This command will reboot the system. (y/n)? y
Step 3 After the switch reboots, it will automatically launch the setup utility. Answer the
questions according to the following example, replacing your pod number where
appropriate. Your display should resemble the following:
Uncompressing linecard components
INIT: Entering runlevel: 3
---- System Admin Account Setup ----
Enter the password for "admin": 1234qwer
Confirm the password for "admin": 1234qwer
---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic
configuration of the system. Setup configures only enough
connectivity for management of the system.
Please register Cisco MDS 9000 Family devices promptly with
your supplier. Failure to register may affect response times
for initial service calls. MDS devices must be registered to
receive entitled support services.
Press Enter if you want to skip any dialog. Use ctrl-c at
anytime to skip all remaining dialogs.
Would you like to enter the basic configuration

dialog(yes/no): y
Create another login account (yes/no) [n]: <Enter>
Configure read-only SNMP community string (yes/no) [n]:
<Enter>
Configure read-write SNMP community string (yes/no) [n]:
<Enter>
Enter the switch name: mdsnnnn-x (where nnnn is 9216 or 9506 and x is
your pod number; for example, the switch name for Pod 21 would be mds9216-21)
Continue with Out-of-band (mgmt0) management configuration?
(yes/no) [y]: <Enter>
Mgmt0 IP address : 10.0.x.y (where x is the pod number and y is 3 for
the MDS 9216 and y is 5 for the MDS 9506)
Mgmt0 IP netmask : 255.255.255.0
Configure the default gateway? (yes/no) [y]: <Enter>
IP address of the default gateway : 10.0.x.254
Configure advanced IP options? (yes/no) [n]: <Enter>
Enable the telnet service? (yes/no) [y]: <Enter>
Enable the ssh service? (yes/no) [n]: <Enter>
Configure the ntp server? (yes/no) [n]: y
NTP server IP address : 10.0.x.254 (where x is the pod number)
Configure default switchport interface state (shut/noshut)
[shut]: <Enter>
Configure default switchport trunk mode (on/off/auto) [on]:
<Enter>
Configure default zone policy (permit/deny) [deny]: <Enter>
Enable full zoneset distribution (yes/no) [n]: <Enter>
Step 4 Review the configuration summary and save the configuration. Your display should
The following configuration will be applied:
switchname mds9216-21
interface mgmt0
ip address 10.0.21.3 255.255.255.0
no shutdown
ip default-gateway 10.0.21.254
telnet server enable
no ssh server enable
ntp server 10.0.21.254
system default switchport shutdown
system default switchport trunk mode on
no zone default-zone permit vsan 1-4093
no zoneset distribute full vsan 1-4093
Would you like to edit the configuration? (yes/no) [n]:

<Enter>
Use this configuration and save it? (yes/no) [y]: <Enter>
[####################################### ] 100%
Step 5 After the setup utility saves the configuration, log in to the switch, using the
following login information:
Switch login: admin
Password: 1234qwer

Step 6 From the console prompt, ping your default gateway at 10.0.x.254 (where x is your
pod number). Your display should resemble the following:
# ping 10.0.21.254
PING 10.0.21.254 (10.0.21.254): 56 data bytes
64 bytes from 10.0.21.254: icmp_seq=0 ttl=255 time=3.6 ms
--- 10.0.21.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3.6/4.0/4.2 ms
Note To terminate the ping command, press Ctrl-C. Notify your instructor if you cannot ping your
default gateway.
Step 7 Verify that your system clock is synchronized with the system clock on the other
switch in your pod. Both teams should simultaneously invoke the show clock
command and verify that the results are the same on both switches.
Step 8 On both switches, configure virtual VSAN 2 and VSAN 3 and assign interfaces.
Your display should resemble the following:
# conf t
(conf)# vsan dat
(config-vsan-db)# vsan 2
(config-vsan-db)# vsan 2 interface fc1/port (where port is 6 on the
MDS 9506 and 10 on the MDS 9216)
(config-vsan-db)# vsan 3 interface fc1/port (where port is 5 on the
MDS 9506 and 6 on the MDS 9216)
(config-vsan-db)# end
Step 9 Verify the results on both switches. Your display should resemble the following:
9506# show vsan mem
vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4 fc1/7 fc1/8 fc1/9
fc1/10 fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16
vsan 2 interfaces:
fc1/6
vsan 3 interfaces:
fc1/5
vsan 4094(isolated_vsan) interfaces:
9216# show vsan mem

vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4 fc1/5 fc1/7 fc1/8
fc1/9 fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16

vsan 2 interfaces:
fc1/10
vsan 3 interfaces:
fc1/6
Activity Verification
You have completed this task when you attain this result:
 Your ports are assigned to the correct VSAN on both switches, as verified in Step 9 of this
task.
Task 2: Configuring Gigabit Ethernet Interfaces

In this task, you and your teammates will configure Gigabit Ethernet interfaces on your
respective MDS 9000 Series switches.
Activity Procedure
Complete these steps on both MDS 9000 Series switches to configure port gigE2/1 for the FCIP
tunnel:
Step 1 Log in to your Windows 2000 server as administrator using the password cisco.
Step 2 Open the Cisco Device Manager from the Windows desktop and enter the
following information in the dialog box:
 In the Device Name field, enter the IP address of your switch (configured during
the initial setup process in Task 1).
 In the User Name field, enter admin.
 In the Password field, enter 1234qwer.
 From the Local Interface list, choose the server IP address on the 10.0.x.y
network.
 Check the SNMPv3 checkbox to encrypt management traffic.
Step 3 Click Open. The Cisco Device Manager window opens, showing the Device view.

Step 4 Right-click port gigE2/1 and choose Configure.
Step 5 In the configuration dialog box, configure the following settings:

 In the Description field, enter Primary FCIP Link
 In the Admin field, click the up radio button.
 In the IP address/mask field, enter the IP address and mask for your switch
— MDS 9216: 10.1.x.11/24 (where x is your pod number)
— MDS 9506: 10.1.x.21/24 (where x is your pod number)
 Leave all other settings at their default values.
Note Typically, you should change the MTU from 1500 to 2300. An MTU of 1500 will fragment
some FC frames, which can be up to 2148 bytes. Fragmentation will reduce effective
bandwidth. However not all Ethernet switches support jumbo frames. The Ethernet switches
in this lab do not support jumbo frames. Therefore, you should leave the MTU at 1500.
Step 6 Click Apply, then click Close. You have now finished configuring the physical
properties for the Gigabit Ethernet interface.
Caution Do not proceed to the next step until both teams have completed configuring gigE2/1.
Step 7 Open a console session to your MDS 9000 Series Switch and log in using the
following login information:
Switch login: admin
Password: 1234qwer
Step 8 Display the status of your Gigabit Ethernet interface. Your display should be similar
to the following output example:
# show interface gig2/1
GigabitEthernet2/1 is up
Port description is Primary FCIP Link
Hardware is GigabitEthernet, address is 000c.300c.e978
Internet address is 10.1.21.21/24
MTU 1500 bytes
Port mode is IPS
Speed is 1 Gbps
Beacon is turned off
Auto-Negotiation is turned on
5 minutes input rate 8 bits/sec, 1 bytes/sec, 0 frames/sec
5 minutes output rate 136 bits/sec, 17 bytes/sec, 0 frames/sec
45 packets input, 5352 bytes
0 multicast frames, 0 compressed
0 input errors, 0 frame, 0 overrun 0 fifo
338 packets output, 14196 bytes, 0 underruns
0 output errors, 0 collisions, 0 fifo
0 carrier errors
Note The interface should be in an up state. If this is not the case, correct the problem before
proceeding.
Step 9 To test the Gigabit Ethernet connectivity, ping port gigE2/1 on the Gigabit Ethernet
IP address of the other team. Your display should resemble the following:
# ping 10.1.x.y (where x is your pod number and y is the last octet of the IP
address that the other team assigned to their port gig2/1)
PING 10.1.21.11 (10.1.21.11): 56 data bytes
Step 10 If the ping was successful, save your configuration using the copy run start
command.

 You can successfully ping the remote end of your Gigabit Ethernet interface.
Task 3: Configuring FCIP Profiles

In this task, you and your teammates will configure both MDS Series 9000 switches to create
an FCIP profile for the FCIP tunnel.
Activity Procedure
Step 1 From the Cisco Device Manager window menu, choose Admin > Feature Control.
Step 2 Click the Action field for the fcip feature and choose enable.
Step 3 Verify that enable is in the Action field, then click Apply.
Step 4 Click Close.
Step 5 From the Cisco Device Manager window main menu, choose IP > FCIP.
Step 6 In the FCIP dialog box, click the Profiles tab, then click Create.
Step 7 In the Create FCIP Profiles dialog box, configure the following FCIP profile
parameters:
 Profile ID: Enter your pod number.
 IP address: Choose your gigE2/1 IP address from the drop-down menu.
 Leave all other settings at their default values.

Step 8 Click Create and then click Close.
Note The following TCP parameters can be left at their default values:
TCP Port: This parameter specifies the TCP port on which FCIP listens for an incoming
connection.
SACK: TCP Selective Acknowledgment (SACK) helps overcome the limitation of multiple
lost packets during a TCP transmission.
KeepAliveTimeout: This parameter enables you to configure the interval for TCP
connections to verify if the FCIP link is functioning. Configuring a KeepAliveTimeout ensures
that an FCIP link failure is detected quickly even when there is no traffic.
MinReTxTimeout: This parameter controls the minimum amount of time TCP waits before
retransmitting.
MaxReTx: This parameter specifies the maximum number of times a packet is retransmitted
before TCP decides to close the connection.
SendBufSize: This parameter defines the required additional buffering that TCP allows
beyond the normal send window size.
MaxBandwidth, MinAvailBandwidth, and Estimated RTT: These values are used to
automatically calculate the TCP Maximum Window Size (MWS) and other TCP flow control
parameters.
PMTU Enable: Path MTU (PMTU) allows the MDS 9000 Series Multilayer Switch to
dynamically adjust the IP MTU that you configured on the Gigabit Ethernet port to the lowest
common denominator supported by all devices in the IP network. Note that all IP devices
must support PMTU for this to work.
ResetTimeout: This parameter specifies the time after which TCP tries the original MTU.
Step 9 Your FCIP configuration should look similar to the following illustration.
Note The FC host and JBOD in your pod are attached to both switches. To simulate a remote
SAN environment, you will configure your pod so that the host is visible only on the MDS
9506 Multilayer Director, and the JBOD is visible only on the MDS 9216 Fabric Switch. All of
the FC ISLs between the two switches are disabled, forcing all inter-switch traffic to travel
across the FCIP tunnel.
Step 10 On both switches, in the Cisco Device Manager window, right-click and enable the
interface that is connected to your Windows 2000 server; for example:
 On the MDS 9506, enable port fc1/5
 On the MDS 9216, enable port fc1/10
Click the Refresh button. The port should display F .
Step 11 On both switches, right-click and enable JBOD interface fc1/6.
Click the Refresh button. The port should display FL .

Note Perform the following steps on both switches.
Step 12 Using the CLI, display the status of your FCIP profile. Your display should resemble
the following output:
# show fcip profile x (where x is your pod number)
FCIP Profile 21
Internet Address is 10.1.21.21 (interface GigabitEthernet2/1)
Listen Port is 3225
TCP parameters
SACK is enabled
PMTU discovery is enabled, reset timeout is 3600 sec
Keep alive is 60 sec
Minimum retransmission timeout is 200 ms
Maximum number of re-transmissions is 4
Send buffer size is 0 KB
Maximum allowed bandwidth is 1000000 kbps
Minimum available bandwidth is 500000 kbps
Estimated round trip time is 1000 usec
Congestion window monitoring is enabled, burst size is 50KB
Configured maximum jitter is 1000 us
Step 13 Display the name server database using the show fcns database command. You
should have similar output as below, with each switch displaying several target
entries (JBOD disks) in one VSAN and one initiator (host HBA) in the other VSAN:
# show fcns database
VSAN 2:
------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
------------------------------------------------------------------------
0x6900dc NL 22:00:00:0c:50:d1:f9:13 (Seagate) scsi-fcp:target
0x6900e0 NL 22:00:00:0c:50:d1:f9:4e (Seagate) scsi-fcp:target
0x6900e1 NL 22:00:00:0c:50:dd:05:f2 (Seagate) scsi-fcp:target
0x6900e2 NL 22:00:00:0c:50:d1:d1:5d (Seagate) scsi-fcp:target
0x6900e4 NL 22:00:00:0c:50:d1:d1:44 (Seagate) scsi-fcp:target
0x6900e8 NL 22:00:00:0c:50:d1:d1:8e (Seagate) scsi-fcp:target
Total number of entries = 6
VSAN 3:
------------------------------------------------------------------------
------------------------------------------------------------------------
0xe50000 N 21:01:00:e0:8b:30:9d:3e (Qlogic) scsi-fcp:init
Step 14 If the entries are correct, save your configuration using the copy run start
command.
You have completed this task when you attain these results:
 FCIP profile parameters have been correctly configured, as verified in Step 12 of this task.
 The name server database shows each switch displaying several target entries (JBOD disks)
in one VSAN and one initiator (host HBA) in the other VSAN, as verified in Step 13 of this
task.
 You have saved your configuration.

Task 4: Configuring FCIP Tunnels
In this task, you and your teammates will configure your MDS Series 9000 Multilayer Switch
to create the FCIP tunnel.
Activity Procedure
Step 1 From the main menu in the Cisco Device Manager window, choose IP > FCIP >
Tunnels.
Step 2 Click Create. The Create FCIP Tunnels dialog box appears. In the Create FCIP
Tunnels dialog box, configure the following FCIP Tunnel parameters:
 In the ProfileId field, enter your pod number.
 In the TunnelId field, enter your pod number.
 In the RemoteIP Address field, enter the IP address of port gigE2/1 on the other
team switch.
 In the Quality of Service Control field, enter 46.
 In the Quality of Service Data field, enter 34.
 Leave the rest of the settings at their default values.
Note The QoS Control and QoS Data fields contain the Differentiated Services Code Point
(DSCP) values for TCP control connection traffic and FC data traffic, respectively. The
DSCP value of 34 for data traffic indicates priority delivery (precedence 1) and high
reliability. The DSCP value of 46 for control traffic indicates flash delivery, high reliability,
and low delay. Additional information on implementing QoS DSCP values is available at
http://www.cisco.com/warp/public/105/dscpvalues.html#dscpandassuredforwardingclasses.
Step 4 Verify that your FCIP configuration looks similar to the following display:
Step 5 Click Close.

Step 6 On both switches, enable the FCIP interface as follows:
 From the Device Manager main window, choose Interface >FCIP.
 In the FCIP Interfaces dialog box, for interface fcipx (where x is your pod
number), click the Admin field and choose up.
 Click Apply and then click Close.
Step 7 Complete this task by performing the following steps on both switches:
 From the CLI, display your switch WWN using the show wwn switch
command.
 Display the status of the FCIP tunnel using the show interface fcip x command
(where x is your pod number). Your display should resemble the following:
# show interface fcip 21
fcip21 is trunking
Hardware is GigabitEthernet
Port WWN is 20:42:00:0d:ec:09:8d:00
Peer port WWN is 20:42:00:0d:ec:0c:e6:40

Admin port mode is auto, trunk mode is on
Port mode is TE
Port vsan is 1
Speed is 1 Gbps
Trunk vsans (admin allowed and active) (1-3)
Trunk vsans (up) (1-3)
Trunk vsans (isolated) ()
Trunk vsans (initializing) ()
Using Profile id 21 (interface GigabitEthernet2/1)
Peer Information
Peer Internet address is 10.1.21.11 and port is 3225
Write acceleration mode is off
Tape acceleration mode is off
Tape Accelerator flow control buffer size is automatic
IP Compression is disabled
Special Frame is disabled
Maximum number of TCP connections is 2
Time Stamp is disabled
...
Step 8 Compare your results with the other team switch in your pod. Verify that your
switch Port WWN displayed in Step 7 is the peer Port WWN displayed on the other
switch.
Step 9 On both switches, display the name server database using the show fcns database
command. The output should be identical on both switches. Your display should
VSAN 2:
------------------------------------------------------------------------
------------------------------------------------------------------------
0xc30100 N 21:00:00:e0:8b:11:70:fd (Qlogic) scsi-fcp:init
VSAN 3:
------------------------------------------------------------------------
------------------------------------------------------------------------
0xe50000 N 21:01:00:e0:8b:30:9d:3e (Qlogic) scsi-fcp:init
Step 10 Save your configuration using the copy run start command.
 FCIP tunnel parameters have been correctly configured, as verified in Step 7.
 Your switch Port WWN displayed in Step 7 is the Peer Port WWN displayed on the other
switch, as verified in Step 8.
 The name server database displayed for both switches is identical, as verified in Step 9.
Task 5: Create and Test a File System in Windows 2000

In this task you will change the default-zone policy to permit for VSAN 2 and VSAN 3 (to
allow host-to-storage access without creating and activating zones). You will also verify the
servers see JBOD storage devices, create a disk partition on the remote storage device, format
the partition and copy a set of files to the new partition.
Activity Procedure
Step 1 On both switches, use the CLI to change the default zone policy to permit. Your
display should resemble the following:
# conf t
(config)# zone default permit vsan 2-3
(config)# end
Step 2 From your Windows 2000 server desktop, right-click My Computer and choose
Manage from the pop-up menu.
Step 3 Under Storage, choose Disk Management to display the discovered disks.
Step 4 You might be asked to write a disk signature for recently discovered disks. Choose
all the disks and continue. You should see Disk 0 and several more disks and the CD
ROM. The additional disks should be your JBOD storage devices.
Note If no additional disks appear, choose the Action > Rescan Disks menu to force Windows to
rescan the I/O bus; if that fails to produce a result, reboot the server.

Step 5 To verify the second disk is one of your JBOD storage devices, right-click the Disk
area (not the partition field), and choose Properties:
Step 6 The display should identify the Adapter Name as QLogic QLA23xx. Click OK.
Step 7 If the disk type is labeled “Dynamic” (instead of “Basic” as shown in the Step 7
illustration) then right-click in the Disk area and choose Revert to Basic Disk.
Step 8 If there are any existing partitions on the drive, delete them.
Step 9 To create a partition, right-click anywhere in the Unallocated space and choose
Create Partition. The Create Partition Wizard begins.
Step 10 In the Welcome to Create Partition Wizard window, click Next.

Step 11 In the Select Partition Type dialog box, choose Primary Partition and click Next.
Step 12 In the Specify Partition Size dialog box, enter 5000 and click Next.
Step 13 In the Assign Drive Letter or Path dialog box, choose E and click Next.
Step 14 In the Format Partition dialog box, configure the following settings:
 In the File System field, choose NTFS.
 In the Allocation unit size field, choose Default.
 In the Volume label field, choose FCIP_Volume.
 Check the Perform a Quick Format checkbox. (This is very important.)
Step 15 Click Next.
Step 16 At the Completing the Create Partition Wizard dialog box, click Finish.
Step 17 Wait a few seconds until the partition is marked Healthy.
Step 18 Log out of Windows by clicking Start > Shut down > Log off Administrator.
Step 19 When the remote desktop window disappears, return to the LabGear interface and
log in to Windows again.

Step 20 Verify your results by completing the following steps on both servers:
1. From your Windows desktop, right-click My Computer and choose Explore.
You should see the FCIP_Volume (E:) drive.
2. Double-click the newly created drive FCIP_Volume icon. A new window

will be displayed.
3. Drag and drop a folder from the Windows desktop to the new drive.
You have successfully completed this task when you attain this result:
 You were able to create a disk partition, format it, and copy files to the new file system on
each server.
Lab 2-1 Answer Key: Implementing FCIP with the IP Services
Module
When you complete this activity, your switch running configuration file will be similar to the
following, with differences that are specific to your device or workgroup. The following is a
partial output of the show run command from the MDS 9216 Fabric Switch in Pod 21 after
completing this activity.
vsan database
vsan 2
vsan 3
fcip enable
fcip profile 1
ip address 10.1.21.11
interface fcip2
use-profile 1
peer-info ipaddr 10.1.21.21
switchport mode E
no shutdown
vsan database
vsan 3 interface fc1/6
zone default-zone permit vsan 2-3
interface mgmt0
ip address 10.0.21.3 255.255.255.0
interface GigabitEthernet2/1
ip address 10.1.21.11 255.255.255.0
switchport mtu 2300
no shutdown
interface fc1/6
no shutdown
interface fc1/10
no shutdown

Lab 2-2: Implementing FCIP High Availability
Activity Objective
Your customer wants to run replication traffic over their FCIP SAN extension and desires
redundancy and load balancing. The customer wants to mitigate the amount of fabric service
disruptions. The customer also wants to mitigate the effects of TCP resets and restarts on the
FCIP tunnels. The SAN extension must be highly available and able to withstand the failure of
an MDS Series 9000 switch.
In this activity, you will create port channels between the two MDS 9000 IPS Modules. After
completing this activity, you will be able to meet these objectives:
 Clear your FCIP configuration without using the write erase command.
 Configure FCIP tunnels using the Cisco Fabric Manager FCIP wizard.
 Configure an FC PortChannel between two MDS 9000 IPS Modules.
Visual Objective
Required Resources
These are the resources and equipment required to complete this exercise:
 An MDS 9506 Multilayer Director and an MDS 9216 Fabric Switch, each with an MDS
9000 IPS Module
 Two Windows 2000 servers, each with an FC HBA
 A JBOD with at least two disks
Command List
The commands used in this exercise are described in the table.
Command Description
show interface port- Displays information on the specified PortChannel interface.

channel x
no fcip enable Disables FCIP feature.
show fcip profile Displays all configured FCIP profiles.
show fcns database Displays the name server entries.

Task 1: Clear the FCIP Configuration
In this task, both teams will clear the current FCIP configuration created in the Lab 2-1 activity
and shut down all Gigabit Ethernet interfaces.
Activity Procedure
Each team completes these steps on its respective MDS 9000 Series switch.
and password:
Switch login: admin
Password: 1234qwer
Step 2 Clear the current FCIP configuration. Your display should resemble the following:
# conf t
(config)# no fcip enable
(config)# end
Step 3 Verify the results using the show fcip profile command. The command should not
respond.
Step 4 In Cisco Device Manager, disable the Gigabit Ethernet interface and remove the
assigned IP address, as follows:
 In the Admin field, click the down radio button.
 Clear the IP Address/Mask field.
 Click Apply.
Step 5 Verify that all Gigabit Ethernet interfaces are disabled using the show interface
brief command.
You have completed this task when you have attained this result:
 All Gigabit Ethernet interfaces have been disabled, as verified in Step 5 of this task.
Task 2: Configure Two FCIP Tunnels

In this task, each team in sequence will use the Cisco Fabric Manager FCIP wizard to configure
two FCIP tunnels.
Activity Procedure
Complete these steps: (In this activity Team 1 on Server 1 will complete the steps in sequence.
Upon completion, Team 2 on Server 2 will perform the same steps.)
Step 1 Open Cisco Fabric Manager from the Windows desktop.
Step 2 In the Cisco Fabric Manager window, click the FCIP Tunnel icon on the toolbar to
open the FCIP wizard.
Note It is not necessary to enable the FCIP feature prior to launching the FCIP wizard. The wizard
will enable FCIP.

Step 3 In the dialog box titled FCIP Wizard 1 of 4: Select Switch Pair, configure the
following settings:
1. In the Between Switch field, choose the name of your switch.
2. In the And Switch field, enter the mgmt0 IP address of the other MDS 9000
Series switch in your pod.
Step 4 Click Next to continue.
Step 5 In the dialog box titled 2 of 4: Select Ethernet Ports, choose the appropriate Ethernet
ports (gigE2/1 or gigE2/2 as assigned to your team) in both panes and then click
Next.
 Team 1: Choose gigE2/1 in both lists.
 Team 2: Choose gigE2/2 in both lists.
Step 6 In the dialog box titled 3 of 4: Specify Tunnel Properties, leave all parameters with
the default values and click Next.

Step 7 In the dialog box titled 4 of 4: Create FCIP ISL, configure the following settings:
 Enter the IP Address/Mask of the Gigabit Ethernet interface for each switch in
the appropriate field:
Team 1:
— For the 9506, use 10.1.x.21/24 (where x is your pod number)
Team 2:
 In the Trunk Mode field, click the trunk radio button to enable trunk mode on
(TE_Port).
 Click Finish.
Step 8 Click Yes to enable the FCIP feature on both switches.
Step 9 From the CLI, both teams verify the FCIP configuration. Your display should
resemble the following sample output:
# show fcip profile
---------------------------------------------
ProfileId Ipaddr TcpPort
---------------------------------------------
1 10.1.21.21 3225
2 10.1.21.22 3225
Do you see two profiles? ______________________
Step 10 Verify both FCIP interfaces are active using the show interface brief command.
Record the FCIP interface numbers: FCIP________ FCIP ________
Tip Page to the bottom of the report using the space bar.
Step 11 Verify that the name server database has propagated between switches using the
show fcns database command.
Do you see entries from both switches? ________________
Step 12 From Cisco Fabric Manager, verify the FCIP links in the fabric map. Hold your
cursor over each dashed line in the right pane. Your display should resemble the
following illustration:
Step 13 From the CLI, save your configuration using the copy run start command.
 You were able to display profiles for the two FCIP tunnels.
 Both FCIP interfaces are active.
 The name server database has propagated between the switches.
 The correct FCIP links appear in the fabric map.

Task 3: Configure the FC PortChannel
In this task you will configure an FC PortChannel using the two FCIP interfaces that you
configured in Task 2.
Activity Procedure
Complete these steps: (Team 1 only on Server 1 unless otherwise indicated)
Step 1 Open Cisco Fabric Manager from the Windows desktop and connect to the MDS
9506 Multilayer Director. From the toolbar in the Cisco Fabric Manager, click the
Port Channel icon. The Port Channel wizard starts.
Step 2 In the dialog box titled 1 of 3: Select Switch Pair, choose the pair showing both
MDS 9000 Series switches and click Next to continue. You should see the label (2
ISLs) next to the switch pair.
Step 3 In the dialog box titled 2 of 3: Select ISLs, verify that both FCIP interface pairs are
in the Selected pane. Click Next to continue:
Step 4 In the dialog box titled 3 of 3: Create Port Channel, configure the following settings:
1. In the VSAN List field enter the default value (1 to 4093).
2. In the Trunk Mode field click the trunk radio button to enable trunk mode on
(TE_Port).
Step 5 Click Finish.
Step 6 A warning dialog box appears, requesting confirmation to continue. Click Yes to
create the PortChannel.
Step 7 From the CLI on both switches, display the interface table to verify that the
PortChannel is operational. Use the show interface brief command.

Step 8 Record the PortChannel number: ____________________

Step 9 Display the PortChannel database information. Your display should resemble the
following:
# show port-chan database
port-channel 1
Administrative channel mode is active
Operational channel mode is active
Last membership update succeeded
First operational port is fcip2
2 ports in total, 2 ports up
Ports: fcip2 [up] *
fcip3 [up]
Step 10 In the Cisco Fabric Manager window, verify the PortChannel by holding your cursor
over the dashed line in the right pane. The callout window will display.
Note In the following steps you will monitor activity on the PortChannel by using Cisco Device
Manager to display the link counters during file copy.
Step 11 (Team 2 only on Server 2) From the Cisco Device Manager main menu, choose
Interface > FCIP. Complete the following steps:
1. Hold down the Ctrl key and choose both FCIP interfaces.
2. From the Cisco Device Manager main menu, choose Interface > Monitor >
FCIP.
3. In the FCIP Monitor dialog box, set the Interval fields to 2s measuring
Cumulative traffic.
4. Observe the output for a few seconds. You should see the counters change on at
least one of the FCIP interfaces.

5. Start copying a large number of files (for example, the C:\Program Files folder)
to the SAN-attached volume Test_Volume.
Step 12 (Team 1 only on Server 1) From the Device Manager main menu, choose
Interface > FCIP. Disable one of the interfaces, as follows:
1. Under the Interface heading, choose the interface that you want to disable.
2. In its corresponding Admin status field, choose down.
3. Click Apply.
Step 13 Observe the counters. Notice that the counters for the “down” interface eventually
go down to zero (0). Reenable the interface by choosing up in its Admin status field,
and then clicking Apply. When the copy is completed, close all windows.
 You were able to configure an FC PortChannel with FCIP interfaces as members.
 You were able to disable one of the interfaces without disrupting a data copy to the remote
storage device.
Note If time permits, Team 1 can delete the PortChannel. Team 2 can use the PortChannel
wizard to recreate the PortChannel following the steps outlined in this activity.
Lab 2-2 Answer Key: Implementing FCIP High Availability
When you complete this activity, the running configuration file for your switch will be similar
to the following, with differences that are specific to your device or workgroup. The following
is a partial output of the show run command from the MDS 9216 Fabric Switch in Pod 21 after
vsan database
vsan 2
vsan 3
fcip enable
fcip profile 1
fcip profile 2
interface port-channel 1
channel mode active
switchport description To md95
switchport mode E
interface fcip2
use-profile 1
switchport mode E
channel-group 1 force
no shutdown
interface fcip3
use-profile 2
switchport mode E
no shutdown
vsan database
ip address 10.1.21.11 255.255.255.0
switchport mtu 2300
no shutdown
ip address 10.1.21.12 255.255.255.0
switchport mtu 2300
no shutdown
interface fc1/6
no shutdown
interface fc1/10
no shutdown

Lab 2-3: Implementing IVR for SAN Extension
Activity Objective
Your customer wants to run replication traffic over an FCIP SAN extension and desires
redundancy and load balancing. The customer wants to mitigate the amount of fabric service
disruptions. The customer also wants to mitigate the effects of TCP resets and restarts on the
FCIP tunnels. The SAN extension must be highly available, and WAN faults should not affect
the operation of the SAN devices that do not need to access the FCIP tunnel.
In this activity, you will implement IVR to allow routing between VSANs on either end of a
highly available FCIP link. After completing this activity, you will be able to meet these
objectives:
 Remove any existing FCIP and PortChannel configurations.
 Create two FCIP tunnels and aggregate the FCIP links into a PortChannel.
 Configure VSANs and assign static domain IDs.
 Configure IVR.
Visual Objective
The figures illustrate what you will accomplish in this activity.

Required Resources
9000 IPS Module.
 Two Windows 2000 servers, each with an FC HBA
Command List
Command Description
show ivr Displays IVR configuration information.
show ivr vsan-topology Displays the current IVR topology.
show ivr zoneset active Displays all active IVR zone sets.
show fcns database Displays the name server entries for all VSANs.
Displays the name server entries for the specified

show fcns data vsan vsan-id VSAN.
Job Aids
This table provides virtual SAN (VSAN) and domain ID assignments.
Domain IDs and Port VSAN Assignments
Switch VSAN 2 VSAN 3 VSAN 4 VSAN 5 VSAN 99
Domain ID na na 14 15 92
MDS 9216
Port assignment na na fc1/10 fc1/6 na
Domain ID 12 13 na na 95
MDS 9506
Port assignment fc1/6 fc1/5 na na na
Task 1: Remove FCIP and PortChannel Configurations
In this task, both teams will clear the current FCIP configuration and PortChannel created in
Lab 2-2.
Activity Procedure
and password:
Switch login: admin
Password: 1234qwer
# conf t
(config)# end
Step 3 Verify the results using the show fcip profile command. You should not see any
FCIP profiles.
Step 4 Delete the PortChannel as follows:
 From the Cisco Device Manager menu, choose Interface > Port Channels.
 In the Port Channels dialog box, chose the PortChannel that you created in Lab
2-2, and click Delete.
Step 5 Click Close.
Step 6 Verify that the Gigabit Ethernet interfaces are active, with assigned IP addresses,
and that the PortChannel is removed from the database using the following two
commands:
# show interface brief | in Gig
# show port-chan database

Task 2: Create Two FCIP Tunnels and Aggregate the FCIP Links
into a PortChannel
In this task, each team in sequence will use the FCIP wizard from Cisco Fabric Manager to
configure two FCIP tunnels between your switches.
 Team 1 on Server 1 will create the first FCIP tunnel.
 Team 2 on Server 2 will create the second FCIP tunnel.
 Team 2 will then configure a PortChannel using both FCIP interfaces as members.
Activity Procedure
Complete these steps: (Unless otherwise indicated, both teams will complete each step.)
Step 1 (Team 1 only) In Cisco Fabric Manager, launch the FCIP wizard and create the first
FCIP tunnel using the following specifications:
 Ethernet ports: Use gigE2/1 from both switches.
 Ethernet IP Address/Mask settings:
— For the MDS 9506 Multilayer Director use 10.1.x.21/24 (where x is your
pod number).
— For the MDS 9216 Fabric Switch use 10.1.x.11/24 (where x is your pod
number).
 Set the Trunk Mode option to trunk.
Caution Do not proceed until Team 1 completes the first FCIP tunnel.
Step 2 (Team 2 only) In Cisco Fabric Manager, launch the FCIP wizard and create the
second FCIP tunnel using the following specifications:
 Ethernet ports: Use gigE2/2 from both switches.
 Ethernet IP Address/Mask settings:
— For the MDS 9506 Multilayer Director use 10.1.x.22/24 (where x is your
pod number).
— Set the Trunk Mode option to trunk.
Step 3 From the CLI, verify the FCIP configuration using the show fcip profile command.
Your display should resemble the following output:
---------------------------------------------
---------------------------------------------
1 10.1.21.21 3225
2 10.1.21.22 3225
Do you see two profiles? ______________________
Step 4 Verify that both FCIP interfaces are active using the show interface brief | in fcip
command.
Record the FCIP interface numbers: FCIP________ FCIP ________
show fcns database command.
Do you see entries from both switches? ________________
Step 6 From Cisco Fabric Manager, verify the FCIP links. Hold your cursor over each
dashed line in the right pane. Your display should resemble the following
illustration:
Step 8 (Team 2 only on Server 2) To create a PortChannel between the switches, complete
the following steps:
1. From Cisco Fabric Manager, launch the PortChannel wizard and create a
PortChannel with the FCIP interfaces as a member. For the Trunk Mode
option, choose trunk to enable trunk mode on (TE_Port). Leave the VSAN
List with the default value (1-4093).
2. From the CLI, display the interface table to verify that the PortChannel is
operational. Use the show interface brief | in port command.
3. Display the PortChannel database information using the show port-chan
database command. Your display should resemble the following sample
output:
port-channel 1
First operational port is fcip2
Ports: fcip2 [up] *
fcip3 [up
 You were able to create the FC PortChannel with FCIP interfaces as members.

Task 3: Configure VSANs and Assign Static Domain IDs
In this task, each team will create VSANs and assign ports and static domain IDs for each
VSAN on their respective switches. This is required when you implement IVR without network
address translation (NAT).
Activity Procedure
Complete the following steps: (Unless otherwise indicated, both teams will complete each
step.)
Step 1 From the Cisco Device Manager menu, choose FC > VSANs > Create. The Create
VSAN General dialog box appears.
Step 2 Create the transit VSAN (VSAN 99) using the following information:
 In the VSAN id field, enter 99.
 In the Name field, enter Transit-VSAN.
Step 4 (Team 2 only on the MDS 9216 Fabric Switch) In the VSAN window, delete VSAN
2 and VSAN 3, as follows:
 In the VSAN ID column, hold down the Shift key and select both row 2 (for
VSAN 2) and row 3 (for VSAN 3) together.
 Click Delete.
Step 5 (Team 2 only on the MDS 9216 Fabric Switch) Create VSAN 4 and VSAN 5 with
the following interface members:
 VSAN 4: fc1/10
 VSAN 5: fc1/6

Step 6 (Team 1 only on the MDS 9506 Multilayer Director) From the Cisco Device
Manager menu, choose FC > VSANs. The VSAN window appears. Choose the
Membership tab and verify the port membership on the MDS 9506 Multilayer
Director.
Step 7 Before proceeding to assign static domain IDs in Cisco Device Manager, both teams
should verify that the port VSAN membership is configured as follows:
 MDS 9506 Multilayer Director: VSAN 2 is fc1/6; VSAN 3 is fc1/5.
 MDS 9216 Fabric Switch: VSAN 4 is fc1/0; VSAN 5 is fc1/6.
Step 8 From the Cisco Device Manager menu, choose FC > Domain Manager > Domains
to display the current domain ID assignments. The output will appear similar to the
following illustrations:
 For the MDS 9506 Multilayer Director:
 For the MDS 9216 Fabric Switch:
Note Notice that your switch is both the local and principal switch for the unique VSANs (2, 3, 4,
and 5). The results for VSAN 1 and VSAN 99 will vary. The domain IDs for all VSANs will
vary.
Caution Perform the following five steps in sequence on the specified switch.
Step 9 (Team 1 only on the MDS 9506 Multilayer Director):

1. Choose the Configuration tab and configure static domain IDs with the
following specifications:
 VSAN 2: Domain 12
 Type: static
 Restart: disruptive
2. Click Apply.
3. Click Yes to confirm the change, then click Refresh.
Tip You may need to click Refresh multiple times until the display updates.

Step 10 (Team 2 only on the MDS 9216 Fabric Switch)
1. Choose the Configuration tab and configure static domain IDs with the
following specifications:
 Type: static
 Restart: disruptive
2. Click Apply.
3. Click Yes to confirm the change, then click Refresh.
Step 11 Choose the Domains tab and verify that the domain IDs are set according to the
specifications. The output should appear similar to the following illustrations:
MDS 9506 Multilayer Director:
MDS 9216 Fabric Switch:
Note Local and principal switch assignments may or may not change for VSAN 99.
 You have successfully created VSANs on your assigned switch with the specified port
members for your assigned switch.
 You have successfully configured the domain IDs according to the specifications for your
assigned switch.

Task 4: Configure IVR
In this task, each team will run the IVR Zone wizard in Cisco Fabric Manager to configure an
IVR zone set that connects the server on their switch to storage on the other switch across the
transit VSAN.
Activity Procedure 1: Team 2

In this activity, Team 2 on the MDS 9216 Fabric Switch will create an IVR zone set that
connects the JBOD in VSAN 2 on the MDS 9506 Multilayer Director with Server 2 in VSAN 4
on the MDS 9216 Fabric Switch over transit VSAN 99.
Step 1 Create the first IVR zone in Cisco Fabric Manager. From Cisco Fabric Manager,
click the IVR Zone Wizard icon on the tool bar to open the wizard.
Step 2 In the dialog box titled IVR Zone Wizard 1 of 5, move VSANs 1, 3, and 5 from the
Selected pane to the Available pane. (Hold down the Ctrl key and select VSANs 1,
3, and 5 and Click the Left Arrow  button. The selected VSANs will move to the
Available pane.)
Step 4 In the dialog box titled 2 of 5: Select End Devices, choose the initiator device from
VSAN 4 and one JBOD disk from VSAN 2, from the table in the Available pane and
click Add to move them to the Selected pane.
Step 6 In the dialog box titled 3 of 5: Select Transition VSAN, choose VSAN 99 from the
drop-down menu and click Next.

Step 7 In the dialog box titled 4 of 5: Select Zone, accept the default zone and zone set
names and click Next.
Step 8 In the dialog box titled 5 of 5: Review Actions, click Finish.
Step 9 In the Save Configuration dialog box, click Continue Activation to confirm IVR
zone distribution and save the running configuration:
Step 10 In the dialog box titled 5 of 5: Review Actions, observe the IVR creation progress.
Wait for the Success notice at the bottom of the screen, and click Close.
Step 11 Verify the IVR configuration using the show ivr command. Your display should
resemble the following output:
mds9216# show ivr
Inter-VSAN Routing is enabled
Inter-VSAN enabled switches
---------------------------
AFID VSAN DOMAIN CAPABILITY SWITCH WWN
------------------------------------------------------------
1 4 0x e( 14) 00000001 20:00:00:0d:ec:0c:e6:40 *
1 99 0x5c( 92) 00000001 20:00:00:0d:ec:0c:e6:40 *
1 99 0x5f( 95) 00000001 20:00:00:0d:ec:09:8d:00
Total: 3 IVR-enabled VSAN-Domain pairs
Inter-VSAN topology status

--------------------------
Current Status: Inter-VSAN topology is ACTIVE
Last activation time: Sat Feb 26 11:56:00 2005
Inter-VSAN zoneset status

-------------------------
name : IvrZoneSet1
state : activation success
last activate time : Sat Feb 26 11:56:00 2005
Fabric distribution status

-----------------------
fabric distribution disabled
last action : none
last action result : none
last action failure cause : success

Step 12 Display the active IVR zone set using the show ivr zoneset active command. Your
mds9216# show ivr zoneset active
zoneset name IvrZoneSet1
zone name IvrZone1
* pwwn 21:00:00:e0:8b:11:70:fd vsan 4
* pwwn 22:00:00:0c:50:d1:d1:44 vsan 2
Step 13 Display the name server database for the transit VSAN (99) and edge VSAN (2 or
4). Your display should resemble the following:
mds9216# show fcns data vsan 4
VSAN 4:
--------------------------------------------------------------
--------------------------------------------------------------
0x0c00e4 NL 22:00:00:0c:50:d1:d1:44 (Seagate) scsi-fcp:target
0x0e0000 N 21:00:00:e0:8b:11:70:fd (Qlogic) scsi-fcp:init
mds9216# show fcns data vsan 99

VSAN 99:
--------------------------------------------------------------
--------------------------------------------------------------
0x0e0000 N 21:00:00:e0:8b:11:70:fd (Qlogic) scsi-fcp:init
Step 14 Display the IVR VSAN topology. Your display should resemble the following:
md9216# show ivr vsan-topology
AFID SWITCH WWN Active Cfg. VSANS
-----------------------------------------------------
1 20:00:00:0d:ec:09:8d:00 yes yes 2,99
1 20:00:00:0d:ec:0c:e6:40 * yes yes 4,99
Total: 2 entries in active and configured IVR VSAN-Topology
Step 15 Record the last 3 bytes of the pWWN of the JBOD disk (Seagate):
________:________:________
Activity Procedure 2: Team 1
In this activity, Team 1 on the MDS 9506 Multilayer Director will modify the existing IVR
zone set (IvrZoneSet1) by adding a second IVR zone (IvrZone2) that connects the JBOD in
VSAN 5 on the MDS 9216 Fabric Switch with Server 1 in VSAN 3 on the MDS 9506 over
transit VSAN 99.
Step 1 From Cisco Fabric Manager, open the IVR Zone Wizard from the toolbar.
Step 2 In the dialog box titled 1 of 5: Select VSANs, remove VSANs 1, 2, and 4 from the
Selected pane by clicking the Left Arrow between the panes.
Step 3 In the dialog box titled 2 of 5: Select End Devices, choose the initiator device from
VSAN 3 and one JBOD disk from VSAN 5. Click Next.
Caution Do not choose the same target device as recorded in the previous procedure. Consult with
Team 2 to make sure that you are not using the same disk device.
Step 4 In the dialog box titled 3 of 5: Select Transition VSAN, choose VSAN 99 from the
drop-down menu.
Step 5 In the dialog box titled 4 of 5: Select Zone, accept the default zone and zone set
names, and click Next.
Note The IVR zone set name (IvrZoneSet1) was created by Team 2 in the previous procedure.
Step 6 In the dialog box titled 5 of 5: Review Actions, click Finish.

Step 7 Click Continue Activation to confirm IVR zone distribution and save the running
configuration.

Step 8 Verify the IVR configuration using the show ivr vsan-topology command and the
show ivr zoneset active command. Your display should resemble the following:
md9506# show ivr vsan-topology
AFID SWITCH WWN Active Cfg. VSANS
-----------------------------------------------------------
1 20:00:00:0d:ec:09:8d:00 * yes yes 2-3,99
1 20:00:00:0d:ec:0c:e6:40 yes yes 4-5,99
Total: 2 entries in active and configured IVR VSAN-Topology
md9506# show ivr zoneset active

zoneset name IvrZoneSet1
zone name IvrZone1
* pwwn 21:00:00:e0:8b:11:70:fd vsan 4
* pwwn 22:00:00:0c:50:d1:d1:44 vsan 2
zone name IvrZone2

* pwwn 21:01:00:e0:8b:30:9d:3e vsan 3
* pwwn 21:00:00:0c:50:d1:d1:5d vsan 5
Step 10 Verify that your IVR configuration is successful and that both servers can access
their JBOD disk. From your Windows server, open Disk Management and verify
that you have a single FC disk available.
Step 11 Right-click the disk, choose Properties, and verify that the adapter name is listed as
QLogic QLA23xx PCI FC Adapter.
 You have configured a PortChannel aggregating two FCIP interfaces.
 You have configured two IVR zones in the same IVR zone set.
 Each server has accessed its assigned JBOD disk.

Lab 2-3 Answer Key: Implementing IVR for SAN Extension
vsan database
vsan 4
vsan 5
vsan 99 name "Transit-VSAN"
fcip enable
fcdomain domain 14 static vsan 4
fcip profile 1
fcip profile 2
interface port-channel 1
channel mode active
switchport description To md95
switchport mode E
interface fcip2
use-profile 1
switchport mode E
no shutdown
interface fcip3
use-profile 2
switchport mode E
no shutdown
vsan database
ivr enable
ivr vsan-topology database
autonomous-fabric-id 1 switch-wwn 20:00:00:0d:ec:09:8d:00 vsan-
ranges 2-3,99
autonomous-fabric-id 1 switch-wwn 20:00:00:0d:ec:0c:e6:40 vsan-
ranges 4-5,99
ivr vsan-topology activate
ivr zone name IvrZone1
member pwwn 21:00:00:e0:8b:11:70:fd vsan 4
member pwwn 22:00:00:0c:50:d1:d1:44 vsan 2
ivr zone name IvrZone2
member pwwn 21:01:00:e0:8b:30:9d:3e vsan 3
member pwwn 21:00:00:0c:50:d1:d1:5d vsan 5
ivr zoneset name IvrZoneSet1
member IvrZone1
member IvrZone2
ivr zoneset activate name IvrZoneSet1 force
zoneset activate name nozoneset vsan 4
zoneset activate name nozoneset vsan 5
ip address 10.1.21.11 255.255.255.0
switchport mtu 2300
no shutdown
ip address 10.1.21.12 255.255.255.0
switchport mtu 2300
no shutdown
interface fc1/6
no shutdown
interface fc1/10
no shutdown

Lab 2-4: Tuning FCIP Performance
Activity Objective
In this activity, you will use the SAN extension tuner to generate test workloads on the SAN,
observe the resulting performance metrics, and tune TCP parameters to improve performance
based on the observed metrics. After completing this exercise, you will be able to meet these
objectives:
 Clear any existing FCIP configuration.
 Configure a new FCIP tunnel.
 Configure the SAN extension tuner and tune TCP parameters to improve the performance
of the FCIP link.
Visual Objective
Required Resources
9000 IPS Module
 Two Windows 2000 servers, each with an FC HBA.
Command List
Command Description
san-ext-tuner enable Enables the SAN extension tuner feature.
[no] fcip enable Enables or disables the FCIP feature.
Displays all connected devices on this

show flogi database switch.
iscsi enable Enables the iSCSI feature.
show interface Displays interface configuration information.
show fcip profile Displays all current FCIP profiles.
Creates a virtual node WWN using

nWWN 1:00:00:00:00:00:00:00 1:00:00:00:00:00:00:00.
nport pWWN 1:00:00:00:00:00:00:01 Creates a virtual port WWN using

vsan vsan-id interf gig slot/port 1:00:00:00:00:00:00:01.
copy run bootflash:<file> Creates a file on bootflash.
Specifies a data pattern file for SAN

data-pattern bootflash:<file> extension tuner.
write command-id id target pwwn Generates a write command for SAN

transfer-size 1024000 outstanding- extension tuner.
ios 2 continuous
show san-ext-tuner interface gig
slot/port nport pwwn Displays the counters for the SAN extension
1:0:0:0:0:0:0:1 vsan vsan-id tuner Gigabit Ethernet port.
counters
Stops the specified command id in SAN
stop command id extension tuner.
Enables write acceleration for an FCIP

write interface.

Task 1: Clear the FCIP Configuration
In this task, both teams will clear the current FCIP configuration created in the Lab 2-3 activity
and shut down all Gigabit Ethernet interfaces.
Activity Procedure
information:
Switch login: admin
Password: 1234qwer
# conf t
(config)# end
Step 3 Verify the results using the show fcip profile command.
Note With FCIP disabled, the command should error out.
Step 4 Verify that the Gigabit Ethernet interfaces are still configured and enabled using the
show interface gig 2/1 brief command.
Task 2: Configure an FCIP Tunnel

In this task, Team 1 on Server 1 will use the FCIP wizard from Cisco Fabric Manager to
configure a single FCIP tunnel between the switches.
Activity Procedure
Complete these steps: (both teams unless otherwise indicated)
Step 1 (Team 1 only.) Open Cisco Fabric Manager and then open the FCIP wizard. In the
FCIP wizard, configure a single FCIP tunnel using the following settings:
 gigE2/1 for both switches
 MDS 9506 Multilayer Director IP address: 10.1.x.21/24 (where x is your pod
number)
 MDS 9216 Fabric Switch IP address: 10.1.x.11/24 (where x is your pod number)
 Trunk Mode: trunk (TE_Port)
 All other parameters at default values
 Click Yes to enable the FCIP feature on both switches.
Step 2 (Both teams.) From the CLI, verify the FCIP configuration. Your display should
# show fcip profile
---------------------------------------------
---------------------------------------------
1 10.1.21.21 3225
Step 3 Verify that the FCIP interface is active using the show interface brief command.
Record the FCIP interface number: FCIP________
following two commands:
# show flogi database
The name server (FCNS) database should report devices from both switches in each VSAN.
Step 5 In Cisco Fabric Manager, verify the FCIP link. Hold your cursor over each dashed
line in the right pane. Your display should resemble the following illustration:
 You were able to configure an FCIP tunnel.
 You have verified the FCIP link.
 You have saved your configuration.

Task 3: Configure the SAN Extension Tuner
In this task, you will configure the SAN extension tuner on both switches. These steps must be
performed concurrently on both switches.
Activity Procedure
Step 1 From the CLI, create VSAN 100 and set the default zone policy to permit on both
switches. Your display should resemble the following:
# conf t
(config)# vsan database
(config-vsan-db)# exit
(config)# zone default-zone permit vsan 100
Note VSAN 100 will be used to isolate the SAN extension tuner (SET) virtual initiator and target
from physical initiators and targets. Setting the default zone policy to permit, while not a
best practice, allows SET virtual initiators and targets to communicate.
Step 2 Enable SET and iSCSI on both switches using the following commands:
(config)# san-ext-tuner enable
(config)# iscsi enable
Step 3 Enable Gigabit Ethernet interface 2/2 on both switches using the following
commands:
(config)# interface gigabitethernet 2/2
(config-if)# no shutdown
Step 4 Enable the iSCSI interface on both switches using the following commands:
(config-if)# interface iscsi 2/2
(config-if)# no shutdown
(config-if)# end
Step 5 Verify that the interfaces are up on both switches using the following commands:
# show interface iscsi 2/2 brief
# show interface gig 2/2 brief
Step 6 Create a file named test on bootflash to use as a data pattern for SAN extension
tuner. Use the copy run bootflash:test command.
Step 7 Create a virtual node WWN and port WWN and specify the data pattern file. Your
# san-ext-tuner
(san-ext)# nWWN nwwn
(san-ext)# nport pWWN pwwn vsan 100 interf gig 2/2
(san-ext)# data-pattern bootflash:test
Note MDS 9506 Multilayer Director: nwwn is 1:0:0:0:0:0:0:0; pwwn is 1:0:0:0:0:0:0:1.
MDS 9216 Fabric Switch: nwwn is 2:0:0:0:0:0:0:0; pwwn is 2:0:0:0:0:0:0:1.
Caution Do not proceed until the previous steps have been performed on both switches.
Step 8 On both switches, generate a continuous write command to the virtual N_Port on the
other MDS 9000 Series switch using the following command:
(san-ext-nport)# write command-id 1 target pwwn transfer-size
1024000 outstanding-ios 2 continuous
Note MDS 9506 Multilayer Director: target pwwn is 2:0:0:0:0:0:0:1; MDS 9216 Fabric Switch:
target pwwn is 1:0:0:0:0:0:0:1.
Step 9 Verify that the virtual N_Ports are present in the fabric login (FLOGI) and FCNS
databases. Your display should resemble the following:
(san-ext-nport)# end
# show flogi database vsan 100
# show fcns database vsan 100

Step 10 From Cisco Device Manager, choose the Summary View to monitor ISL link
utilization.
Step 11 From the Device View in Cisco Device Manager, monitor Gigabit Ethernet interface
2/1. Right-click gigE2/1 and choose Monitor.
Step 12 Change the Interval field to 2s and change the Column Data field to Average/Sec.
Step 13 Observe the traffic data. Verify that there is activity.
Note If there is no activity, verify the SAN extension configuration on both switches.
Step 14 From the CLI, display the SAN extension tuner counter for gigE2/2. Your display
should resemble the following:
# show san-ext-tuner interfac gig2/2 nport pwwn n vsan 100
counter
Note On the MDS 9506 Multilayer Director, n is 1:0:0:0:0:0:0:1. On the MDS 9216 Fabric Switch,
n is 2:0:0:0:0:0:0:1.
Statistics for nport

Node name 01:00:00:00:00:00:00:00 Port name
01:00:00:00:00:00:00:01
I/Os per sec : 220
Reads : 0%
Writes : 100%
Egress throughput : 109.96 MBs/sec (Max - 114.45 MBs/sec)
Ingress throughput : 0.03 MBs/sec (Max - 114.24 MBs/sec)
Average response time : Read - 0 us, Write - 9179 us
Minimum response time : Read - 5370 us, Write - 4875 us
Maximum response time : Read - 49891 us, Write - 35704 us
Errors : 0
Record the average response time: ___________________________
Note You may need to reinvoke the command several times before a nonzero value appears.
Step 15 On both switches, enable write acceleration on the FCIP interface. Your display
# conf
(config)# interface fcip n ( n = FCIP number from Task 2 Step 4 )
(config-if)# write
Caution Do not proceed until the previous step has been performed on both switches.
Step 16 While still in configuration mode, display the SAN extension tuner counter for
gigE2/2. Your display should resemble the following:
(config-if)# do show san-ext-tuner interfac gig2/2 nport pwwn
n vsan 100 counter (where NDS1 n is 1:0:0:0:0:0:0:1 and MDS2 n is
2:0:0:0:0:0:0:1)
Statistics for nport
Node name 01:00:00:00:00:00:00:00 Port name
01:00:00:00:00:00:00:01
I/Os per sec : 228
Reads : 0%
Writes : 100%
Egress throughput : 114.33 MBs/sec (Max - 114.45 MBs/sec)
Ingress throughput : 0.03 MBs/sec (Max - 114.24 MBs/sec)
Average response time : Read - 0 us, Write - 8842 us
Minimum response time : Read - 5370 us, Write - 4802 us

Maximum response time : Read - 49891 us, Write - 35704 us
Errors : 26
Record the average response time: ___________________________
What was the effect of enabling write acceleration? You should see a slight decrease
in response time after enabling write acceleration. You may also see errors, because
enabling write acceleration is disruptive and forces the FCIP tunnel to reestablish the
link.
Note You may need to reinvoke the command several times before a nonzero value appears.
Step 17 Stop the I/O on both switches. Your display should resemble the following:
# san-ext-tuner
(san-ext)# nport pWWN n vsan 1 interfac gig 2/2
(san-ext-nport)# stop command-id 1
(san-ext-nport)# end (where MDS1 n is 1:0:0:0:0:0:0:1 and MDS2 n is
2:0:0:0:0:0:0:1)
 You have successfully created a virtual node and port WWNs on both switches.
 You have created a data pattern file on the bootflash file system.
 You have verified that the virtual N_Ports are present in the FLOGI and FCNS databases.
 You have generated write traffic between SET virtual initiators and targets.
 You have used the Cisco Device Manager and the CLI to monitor ISL link utilization.
 You have enabled write acceleration and observed the performance impact.
Lab 3-1: Implementing iSCSI with the MDS 9000
IPS Module
Complete this activity to practice what you learned in the related lesson.
Activity Objective
Your customer wants to use a low-cost SAN interconnect to provide access from servers to FC-
attached storage. The customer would like to start out with a basic configuration to attach a
Windows 2000 host to the Cisco MDS 9000 Series switches via the MDS 9000 IPS Module.
Initially, you will implement a simple IP-SAN configuration using the dynamic initiator and
target configuration features of the MDS 9000 IPS Module. You will then verify that the
servers are able to initiate a discovery session with the MDS 9000 IPS Module and that the host
iSCSI initiator has connectivity to the dynamically imported targets.
In this activity, you will configure the Gigabit Ethernet interfaces on the MDS 9000 IPS
Module using the GUI. You will establish and verify iSCSI connectivity between a Windows
2000 host and the MDS 9000 Series Multilayer Switch. You will then provision FC storage
targets to the iSCSI host initiator and verify that the storage is accessible from the host. After
 Perform initial setup of the MDS 9000 Series switches.
 Configure static IP routing on the Gigabit Ethernet port of an MDS 9000 IPS Module and
provision dynamic iSCSI initiators.
 Provision virtual iSCSI targets and verify iSCSI connectivity between the iSCSI host
initiator and the FC storage targets.
Visual Objective

Required Resources
 An MDS 9506 Multilayer Director switch and an MDS 9216 Fabric Switch, each with an
MDS 9000 IPS Module
 Two Windows 2000 servers, each with the Microsoft iSCSI Initiator software driver
installed
Command List
Command Description
iscsi enable Globally enables the iSCSI feature.
Changes the default zone policy to permit for the

zone default permit vsan x specified VSAN.
show ips ip route Displays the IP routes associated with the specified
interface gig x/y Gigabit Ethernet interface.
show ips arp interface gig Displays the Address Resolution Protocol (ARP) cache
x/y for the specified interface.
show ips stats ip Displays IP statistics for the specified interface.

interface gig x/y
Displays the status of all interfaces, including Ethernet
show interface brief and iSCSI interfaces.
show iscsi initiator Shows all iSCSI nodes that are remote to the switch.
summary
show iscsi initiator Shows information for all iSCSI ports.
iscsi-session
attach module Connects you directly to a specific module in the switch.
debug ips ipstack icmp Enables debugging for the IPS manager.
port x/y
debug ips iscsi login port Enables debugging for the iSCSI flow.
x/y
Task 1: Initial Switch Configuration
In this task, you will complete the following activities:
 Erase the existing configuration.
 Set up the initial switch configuration.
 Create VSANs and assign interfaces.
 Permit communication between members of the default zone.
Activity Procedure
information:
Switch login: admin
Password: 1234qwer
# write erase
# reload
Step 3 After the switch reboots, it will automatically launch the setup utility. Answer the
questions according to the following example, replacing variables with your pod
number where appropriate:
Uncompressing linecard components
INIT: Entering runlevel: 3
---- System Admin Account Setup ----
Enter the password for "admin": 1234qwer
Confirm the password for "admin": 1234qwer
---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic
configuration of the system. Setup configures only enough
connectivity for management of the system.
Please register Cisco MDS 9000 Family devices promptly with
your supplier. Failure to register may affect response times
for initial service calls. MDS devices must be registered to
receive entitled support services.
Press Enter if you want to skip any dialog. Use ctrl-c at
anytime to skip all remaining dialogs.
Would you like to enter the basic configuration

dialog(yes/no): y
Create another login account (yes/no) [n]: <Enter>
Configure read-only SNMP community string (yes/no) [n]:
<Enter>

Configure read-write SNMP community string (yes/no) [n]:
<Enter>
Enter the switch name: mdsnnnn-x (where nnnn is 9216 or 9506 and x is
your pod number; for example, Pod 21 is mds9216-21)
Continue with Out-of-band (mgmt0) management configuration?
(yes/no) [y]: <Enter>
Mgmt0 IP address : 10.0.X.Y (where x is your pod number; y is 3 for
MDS 9216 and y is 5 for MDS 9506)
Mgmt0 IP netmask : 255.255.255.0
Configure the default gateway? (yes/no) [y]: <Enter>
IP address of the default gateway : 10.0.X.254 (where x is your
pod number)
Configure advanced IP options? (yes/no) [n]: <Enter>
Enable the telnet service? (yes/no) [y]: <Enter>
Enable the ssh service? (yes/no) [n]: <Enter>
Configure the ntp server? (yes/no) [n]: y
NTP server IP address : 10.0.X.254 (where x is your pod number)
Configure default switchport interface state (shut/noshut)
[shut]: <Enter>
Configure default switchport trunk mode (on/off/auto) [on]:
<Enter>
Configure default zone policy (permit/deny) [deny]: <Enter>
Enable full zoneset distribution (yes/no) [n]: <Enter>
Step 4 Review the configuration summary and save the configuration. Your display should
The following configuration will be applied:
switchname mds9216-21
interface mgmt0
ip address 10.0.21.3 255.255.255.0
no shutdown
ip default-gateway 10.0.21.254
telnet server enable
no ssh server enable
ntp server 10.0.21.254
system default switchport shutdown
system default switchport trunk mode on
no zone default-zone permit vsan 1-4093
no zoneset distribute full vsan 1-4093
Would you like to edit the configuration? (yes/no) [n]:

<Enter>
Use this configuration and save it? (yes/no) [y]: <Enter>
Step 5 After the setup utility completes the save, log in to the switch using the following
login information:
Switch login: admin
Password: 1234qwer
Step 6 From the console prompt, ping 10.0.X.254 (where X is your pod number). Your
# ping 10.0.21.254
PING 10.0.21.254 (10.0.21.254): 56 data bytes
Note To terminate the ping command, press Ctrl-C. Notify your instructor if you cannot ping your
default gateway.
Step 7 Both teams should verify that their system clocks are synchronized. Simultaneously
invoke the show clock command:
Step 8 On both switches, configure VSANs 2 and 3 and assign interface fc1/6. You must
create both VSANs on both switches, but you will assign fc1/6 to only one VSAN
depending on which switch you are using.
# conf t
(conf)# vsan database
(config-vsan-db)# vsan 2 (Both switches)
(config-vsan-db)# vsan 3 (Both switches)
(config-vsan-db)# vsan 2 interface fc1/6 (MDS 9506 only)
(config-vsan-db)# vsan 3 interface fc1/6 (MDS 9216 only)
(config-vsan-db)# end
Step 9 Verify your results with the show vsan membership command. Your display
9506# show vsan membership
vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4 fc1/7 fc1/8 fc1/9
fc1/10
fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16
vsan 2 interfaces:
fc1/6
vsan 3 interfaces:
9216# show vsan membership

vsan 1 interfaces:
fc1/1 fc1/2 fc1/3 fc1/4 fc1/5 fc1/7 fc1/8
fc1/9
fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16
vsan 2 interfaces:
vsan 3 interfaces:
fc1/6

Step 10 On both switches, configure default zone permit settings for VSANs 2 and 3. Your
# conf t
Note Remember that the default zone policy is set on a per-switch basis. Therefore, you must set
the default zone policy to permit for both VSANs on both switches.
Note It is not recommended to allow unzoned devices to communicate. However, in this lab it will
simplify the configuration. In subsequent labs you will change your configuration to conform
to best practices by implementing zoning for iSCSI hosts and virtual targets.
 Verify that your ports are assigned to the correct VSAN.
Task 2: Basic iSCSI Configuration
In this task, both teams will complete the following activities on their respective switches:
 Enable iSCSI on the switch.
 Enable iSCSI interface VSAN membership
 Configure the Gigabit Ethernet interface.
 Verify connectivity between the Windows 2000 host and the switch.
 Set up the switch so no Challenge Handshake Authentication Protocol (CHAP)
authentication is required.
 Turn on iSCSI on interface 2/1.
Activity Procedure
Step 1 From your MDS 9000 Series Multilayer switch console, execute the following
command to verify that iSCSI is enabled on your switch:
# show i? (no space before the question mark)
Note If iSCSI is enabled, IPS, iSCSI, and iSNS options will appear under the show i? command.
If these options are absent, then iSCSI must be globally enabled.
Step 2 From the CLI, enable iSCSI and verify the results. Your display should resemble the
following:
# conf t
(config)# iscsi enable
(config)# end
# show i?
ilc-helper ilc-nvram in-order-guarantee incompatibility
install interface inventory ip
ipconf ipfc ips iscsi
isns
Step 3 Enable iSCSI interface VSAN membership using the following commands:
# conf t
(config)# iscsi interface vsan-membership
(config)# end
Step 4 Log in to your assigned Windows 2000 server as administrator with password cisco.

Step 5 In Cisco Device Manager, right-click gigE 2/1 and choose Configure.
Step 6 In the configuration dialog box, choose the GigE tab and configure the following
settings:
 In the Description field, enter the description: Primary iSCSI interface.
 Next to the Admin label, click the Up radio button.
 In the IP Address/Mask box, enter the IP address: 10.1.X.Y/24 (where X is your
pod number; Y is 11 for MDS 9216, and Y is 21 for MDS 9506).
 In the IscsiAuthMethod field check none, and ensure that the chap check box
is unchecked.
Note The subnet for the IPS interfaces is 10.1.x.y subnet, where all iSCSI traffic will run. All
management traffic will run on the 10.0.x.y subnet.
Step 7 Click Apply.

Step 8 In the configuration dialog box, choose the iSCSI tab and configure the following
settings:
 In the Description box, enter Client n (where n is the number of your Windows
2000 server; n is 1 for MDS 9506 and n is 2 for MDS 9216).
 Next to the Admin label, click the Up radio button.
 In the PortVSAN field, choose the membership:
— 2 (MDS 9506 only)
— 3 (MDS 9216 only)
 Next to the Initiator ID Mode label, click the name radio button. This tells the
switch to use iSCSI IQN names to identify iSCSI initiators.
Step 9 Click Yes to confirm your changes.
Step 10 Click Apply, and then click Close.
Step 11 In the Cisco Device Manager main window, click the Refresh Display button. You
should see interface 2/1 displayed as active, with the symbol I in the port indicator.
This indicates that iSCSI is active on that port.
Step 12 Globally configure iSCSI authentication. From the Cisco Device Manager menu,
choose IP > iSCSI.
Step 13 Click the Globals tab and configure the following settings:
 Next to the AuthMethod label, check the none check box, and ensure that the
chap check box is unchecked.
 Leave the InitiatorIdle Timeout field setting at the default value.

Step 15 From the MDS CLI, verify the route table for interface 2/1. Your display should
# show ips ip route interface gigabitethernet 2/1
Codes: C - connected, S - static
No default gateway
C 10.1.22.0/24 is directly connected, GigabitEthernet2/1
Note Connected (C) identifies the subnet in which the interface is configured (directly connected
to the interface). Static (S) identifies the static routes that go through the router.
Step 16 To verify your network configuration, execute a ping command from your Windows
server to the IP address that you assigned to interface 2/1. Your display should
> ping 10.1.22.2
Pinging 10.1.22.2 with 32 bytes of data:
Reply from 10.1.22.2: bytes=32 time<10ms TTL=128
...
If the ping fails, verify the following items, and then repeat the ping command:
 The Gigabit Ethernet interface is in the up state.
 The IP address of the iSCSI initiator is configured correctly.
 The IP route is configured correctly.
Step 17 Open the Microsoft iSCSI Initiator control panel from the shortcut on the desktop.
Step 18 Choose the Target Portals tab from iSCSI Initiators Properties
Step 19 Click Add
Step 20 Enter the IP address of the switch gigE2/1 interface: 10.1.x.y (where x is your pod
number and y is 21 for the MDS 9506 or 11 for the MDS 9216)
Step 21 Click OK.
Step 22 Click OK to close the iSCSI Initiator Properties.
Step 23 On the MDS console, verify the connection by viewing the ARP cache. (x is 2 if you
are working on the MDS 9216 and x is 6 if you are working on the MDS 9506.)
Your display should resemble the following:
# show ips arp interface gigabitethernet 2/1
Protocol Address Age(min) Hardware Addr Type Interface
Gateway IP
Internet 10.1.x.2 0 000b.fdd5.807f ARPA GigabitEthernet2/3
Internet 10.1.x.6 4 000b.fdd5.807f ARPA GigabitEthernet2/3
Step 24 Display and verify IP statistics. Your display should resemble the following:
# show ips stats ip interface gigabitethernet 2/1
Internet Protocol Statistics for port GigabitEthernet2/3
44 total received, 44 good, 0 error
0 reassembly required, 0 reassembled ok, 0 dropped after
timeout
44 packets sent, 0 outgoing dropped, 0 dropped no route
0 fragments created, 0 cannot fragment
Step 25 Verify that the gig2/1 physical port and the iscsi2/1 logical port are both up. Use the
show interface brief command.
 You have enabled iSCSI on the switch.
 You have enabled iSCSI interface VSAN membership on the switch.
 You have configured the Gigabit Ethernet interface.
 You have configured iSCSI on interface 2/1.
 You have verified connectivity between the Windows 2000 host and the switch.
 You have configured the iSCSI initiator target portal.

Task 3: Import and Discover iSCSI Targets
In this task, you will complete the following activities:
 Enable the FC interface for the JBODs.
 Dynamically import iSCSI targets.
 Map iSCSI initiators to FC targets with a discovery session.
 Verify iSCSI connectivity to FC storage targets.
Activity Procedure 1: Import iSCSI Targets

Both teams complete these steps to import the JBOD disks as virtual iSCSI targets:
Step 1 In Cisco Device Manager, enable the JBOD connected to port fc1/6. Right-click
port 1/6 and choose Enable.
Step 2 From the Cisco Device Manager menu, choose FC > Name Server. Click the
General tab if necessary to view the FCNS database. You should see six Type NL
targets and one Type N iSCSI initiator.
Step 3 Click Close.
Step 4 From the Cisco Device Manager menu, choose the IP > iSCSI menu, and click the
Targets tab.
Step 5 Check the Dynamically Import FC Targets check box and click Apply.
Step 6 Wait a few seconds, then click Refresh.
Note The display should not change. At this point, you should not see any virtual iSCSI targets.
FC targets are not actually imported until at least one iSCSI initiator logs in and initiates a
discovery session.
Step 7 Click Close.

Activity Procedure 2: Discover iSCSI Targets
You will now start a discovery session to allow the iSCSI initiator to discover the iSCSI targets
through the switch. The iSCSI initiator drivers have already been installed on the Windows
2000 servers for each pod.
Complete these steps on both Windows 2000 servers in your pod:
Step 1 Open the iSCSI Initiator Configuration application by double-clicking the Microsoft
iSCSI Initiator shortcut on the desktop.
Step 2 Click the Available Targets tab and click the Refresh button.
Step 3 Choose a target name and click the Log On button.
Step 4 In the Log On to Target dialog box, ensure that all check boxes are cleared, and
click OK.
Step 5 The target status will change to “Connected.”
Step 6 Repeat steps 3 and 4 to log on to the remaining inactive targets.

Complete these steps from the CLI on both switches to verify results:
Step 1 Return to the Cisco Device Manager iSCSI dialog box. On the Targets tab, click
Refresh. You should now see six targets.
Step 2 Display iSCSI virtual targets with the show iscsi virtual-target command. Your
display should resemble the following sample output.
# show iscsi virtual-target
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc35
Port WWN 22:00:00:0c:50:d1:bc:35 , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc6d
Port WWN 22:00:00:0c:50:d1:bc:6d , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1d191
Port WWN 22:00:00:0c:50:d1:d1:91 , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd0493
Port WWN 22:00:00:0c:50:dd:04:93 , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd054d
Port WWN 22:00:00:0c:50:dd:05:4d , VSAN 2
Auto-created node
target: iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd878c
Port WWN 22:00:00:0c:50:dd:87:8c , VSAN 2
Auto-created node
Step 3 Display active iSCSI sessions with the show iscsi session command. Your display
should resemble the following sample output:
# show iscsi session
Initiator iqn.1991-05.com.microsoft:p22-server1
Initiator ip addr (s): 10.1.22.2
Session #1
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc35
VSAN 2, ISID 400001370008, Status active, no reservation
Session #2
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1bc6d
VSAN 2, ISID 40000137000b, Status active, no reservation
Session #3
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50d1d191
VSAN 2, ISID 40000137000c, Status active, no reservation
Session #4
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd0493
VSAN 2, ISID 40000137000d, Status active, no reservation
Session #5
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd054d
VSAN 2, ISID 40000137000e, Status active, no reservation
Session #6
Target iqn.1987-05.com.cisco:05.mds9506.02-01.2200000c50dd878c
VSAN 2, ISID 40000137000f, Status active, no reservation
Step 4 Display the contents of the Fibre Channel Name Server database with the show fcns
database command. Your display should resemble the following sample output:
# sh fcns da
VSAN 2:
--------------------------------------------------------------------------
FCID TYPE PWWN VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x0c00dc NL 22:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target
0x0c00e0 NL 22:00:00:0c:50:dd:04:93 (Seagate) scsi-fcp:target
0x0c00e1 NL 22:00:00:0c:50:d1:bc:35 (Seagate) scsi-fcp:target
0x0c00e2 NL 22:00:00:0c:50:dd:87:8c (Seagate) scsi-fcp:target
0x0c00e8 NL 22:00:00:0c:50:d1:bc:6d (Seagate) scsi-fcp:target
0x0c0100 N 24:02:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init isc..w

Step 5 Display interface status with the show interface brief command. Your display
MDS9506# show interface brief
-------------------------------------------------------------------------------
Interface Vsan Admin Admin Status FCOT Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
-------------------------------------------------------------------------------
fc1/6 2 auto on up swl FL 2 --
-------------------------------------------------------------------------------
Interface Status IP Address Speed MTU Port
Channel
-------------------------------------------------------------------------------
GigabitEthernet2/1 up 10.1.22.21/24 1 Gbps 1500 --
-------------------------------------------------------------------------------
Interface Status Oper Mode Oper Speed
(Gbps)
-------------------------------------------------------------------------------
iscsi2/1 up ISCSI 1
Step 6 Display the iSCSI initiator with the show iscsi initiator command. Your display
MDS 9506
# show iscsi initiator
iSCSI Node name is iqn.1991-05.com.microsoft:p22-server1
iSCSI alias name:
Node WWN is 24:01:00:0d:ec:09:77:02 (dynamic)
Member of vsans: 2
Number of Virtual n_ports: 1
Virtual Port WWN is 24:02:00:0d:ec:09:77:02 (dynamic)
Interface iSCSI 2/1, Portal group tag: 0x80
VSAN ID 2, FCID 0x0c0100
MDS 9216
# sh iscsi initiator
iSCSI Node name is iqn.1991-05.com.microsoft:p22-server2
iSCSI alias name:
Node WWN is 21:01:00:0d:ec:0c:d5:02 (dynamic)
Member of vsans: 3
Virtual Port WWN is 21:02:00:0d:ec:0c:d5:02 (dynamic)
VSAN ID 3, FCID 0xef0100
Step 7 Save your configuration by completing the following steps on both switches:
1. From the CLI, save your configuration using the copy run start command.
2. Back up your running configuration to the TFTP server using the following
command:
# copy run tftp://10.0.0.198/podx/fname-nnnn-iscsi1.cfg
(where x is your pod number, fname is your first name, and nnnn is either 9506 or
9216)

Lab 3-1 Answer Key: Implementing iSCSI With the IP Services
Module
vsan database
vsan 2
vsan 3
iscsi enable
iscsi interface vsan-membership
iscsi import target fc
vsan database
vsan 3 interface iscsi2/1
zone default-zone permit vsan 2
interface iscsi2/1
switchport description Client 1
no shutdown
iscsi authentication none
ip address 10.1.22.11 255.255.255.0
switchport description Primary iSCSI Interface
no shutdown
interface fc1/6
no shutdown
Lab 3-2: Configuring Static Initiators and Targets
Activity Objective
To provide a higher level of security for an iSCSI environment, your customer wants to
statically assign initiators to the MDS 9000 Series Multilayer Switch after allowing them to be
dynamically discovered. The customer would also like to statically assign iSCSI targets to
statically configured iSCSI initiators.
In this activity, you will configure iSCSI initiators by letting the initiators dynamically enter the
iSCSI environment, and then statically assigning them to the MDS 9000 Series Multilayer
Switch for security reasons. You will statically configure targets that have been discovered
dynamically. After completing this activity, you will be able to meet these objectives:
 Restore your saved configuration from the previous lab.
 Create static iSCSI initiators.
 Create static iSCSI storage targets.
 Verify iSCSI target properties in Windows 2000.
Visual Objective

Required Resources
9000 IPS Module
installed
Command List
Command Description
Enables iSCSI feature on an MDS 9000 Series Multilayer

iscsi enable Switch
Disables iSCSI feature on an MDS 9000 Series Multilayer

no iscsi enable Switch.
sh iscsi virtual-target Lists all the active iSCSI virtual targets.
sh iscsi initiator Displays iSCSI information for the initiators.
sh iscsi session Lists all the active iSCSI initiator or target sessions.
Task 1: Restoring Your Saved Configuration

In this task you will load you configuration from the TFTP server and restore the basic iSCSI
configuration that you saved at the end of Lab 3-1.
Activity Procedure
Follow these steps on both switches:
Step 1 From the CLI, restore the configuration you saved at the end of Lab 3-1 using the
following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi1.cfg run (where x
is your pod number, fname is your first name, and nnnn is either 9506 or 9216.)
Step 2 From the CLI, copy the running-config file to the startup-config file using the copy
run start command.
Follow these steps to verify that the configuration has been successfully restored:
Step 1 From the Windows 2000 server, double-click the Microsoft iSCSI Initiator
shortcut on the Windows desktop.
Step 2 Click the Target Portals tab.
Step 3 Click Add.
Step 4 In the IP address or DNS name field, enter the IP address of the switch gigE2/1
interface: 10.1.x.y (where x is your pod number, and y is 21 for the MDS 9506 or 11
for the MDS 9216).
Step 5 Click OK.

Step 6 Click the Available Targets tab.
Step 7 Click Refresh, and confirm that the status of all targets is “Connected.”

Task 2: Creating Static iSCSI Initiators
In this task you will change the iSCSI initiators (the Windows 2000 server) that you configured
in Lab 3-1 from a dynamic initiator to a static initiator. You will also change the initiator name
from IQN format to the workstation IP address. The steps in this activity must be completed on
the MDS 9506 Multilayer Director and the MDS 9216 Fabric Switch.
Activity Procedure
Step 1 From the CLI, convert the dynamic initiator to a static initiator with the iscsi
initiator command. Your display should resemble the following:
# conf t
(config)# iscsi initiator ip-address 10.1.x.y (where x is your pod
number and y is 2 for the 9506 or 6 for the 9216)
(config-iscsi-init)# static nWWN system-assign
(config-iscsi-init)# static pWWN system-assign 1
(config-iscsi-init)# end
Step 2 Open Cisco Device Manager.

Step 3 From the Cisco Device Manager main menu, choose IP > iSCSI.
Step 4 Double-click the VSAN Membership column for the initiator name that contains an
IP address and assign VSAN membership as follows.
 MDS 9506: VSAN 2
 MDS 9216: VSAN 3
Step 5 If there is another iSCSI initiator with an IQN name (for example, iqn.1991-
05.com.microsoft:p22-server1), select it and click Delete. Click Yes to confirm the
deletion.
Step 6 Click Apply.
Step 7 Close the Cisco Device Manager iSCSI dialog box.
Follow these steps to verify that the dynamic iSCSI initiator has been converted to a static
initiator.
Step 1 From the CLI, view the running-config file using the show run command.
Step 2 Locate and confirm the static initiator configuration. Your display should provide
information similar to what is shown in following output sample:
iscsi initiator ip-address 10.1.2.2
static nWWN 24:03:00:0d:ec:09:77:02
static pWWN 24:04:00:0d:ec:09:77:02
Step 3 View the iSCSI initiator with the show iscsi initiator command. Your display
iSCSI Node name is 10.1.22.2
iSCSI Initiator name: iqn.1991-05.com.microsoft:p22-server1
iSCSI alias name:
Node WWN is 24:03:00:0d:ec:09:77:02 (configured)
Member of vsans: 2

Task 3: Creating Static iSCSI Storage Targets
After you have statically configured the iSCSI initiator to the switch, you must also statically
map the virtual iSCSI targets (the JBOD disks). In this task, you will turn one of the dynamic
iSCSI targets that you imported in Lab 3-1 into a static iSCSI target.
Activity Procedure 1: Statically Map Targets

Complete this procedure on both switches to statically map iSCSI targets.
Step 2 Uncheck the Dynamically Import FC Targets check box.
Step 3 In the Targets tab, click Apply, then click Refresh. You should no longer see any
targets in the dialog box.
Step 4 Click Create.
Step 5 In the Create iSCSI Targets dialog box, configure the following settings for each
switch:
 In the iSCSI Name field, enter iqn.iscsidiskdrive1 for MDS 9506 or
iqn.iscsidiskdrive2 for MDS 9216.
Note The IQN name must be at least 16 characters.
 Click the Down Arrow next to the Port WWN field. Choose the WWN of the
first target (for MDS 9506) or the second target (for MDS 9216) listed in the
Port WWN drop-down menu.
 In the Initiator Access area, choose the List option and type the IP address of the
static initiator that you configured for your switch: 10.1.x.y/24 (where x is your
pod number, and y is 2 for MDS 9506 or 6 for MDS 9216). Remember to add
the subnet mask /24 after the IP address!
 Under Advertised Interfaces, choose the Select from List option, and then
choose the gigE2/1 check box.
Step 6 Click Create and Close.

Step 7 Verify that the static target assignment appears on the iSCSI Targets tab.
Step 8 Click Close to close the iSCSI dialog box.
Activity Procedure 2: Log On to Static Targets

Complete the following steps on both Windows 2000 servers.
Step 1 Double-click the Microsoft iSCSI Initiator shortcut on the Windows desktop.
Step 2 Click the Active Sessions tab.
Step 3 Select each target in turn and click Log Off to remove all of the dynamic targets that
you previously created.
Note If you see a warning dialog box that tells you that a target cannot be logged off because it is
in use, click OK, and then attempt to log off that target again.
Step 5 Click Refresh.

Step 6 Highlight the static target (iqn.iscsidiskdriven).
Step 7 Click Log On to connect to the target.
Step 8 Click OK to continue.
Step 9 Verify that the target is shown with a “Connected” status.

Follow these steps to verify that the dynamic iSCSI targets have been removed and that a static
target has been created on each switch.
Step 1 From the CLI, view iSCSI initiators with the show iscsi initiator command. Your
display should resemble the following output example:
iSCSI Initiator name: 10.1.22.6
iSCSI alias name:
Node WWN is 21:03:00:0d:ec:0c:d5:02 (configured)
Member of vsans: 3
Virtual Port WWN is 21:02:00:0d:ec:0c:d5:02 (configured)
Step 2 Verify iSCSI virtual targets with the show iscsi virtual-target command. Your
display should resemble the following output example:
# show iscsi virtual-target
target: iqn.iscsidiskdrive2
* Port WWN 21:00:00:0c:50:d1:bc:6d
Configured node
No. of advertised interface: 1
GigabitEthernet 2/1
No. of initiators permitted: 1
initiator 10.1.22.6/24 is permitted
all initiator permit is disabled
trespass support is disabled
revert to primary support is disabled
Step 3 View name server registration of iSCSI initiators with the show fcns database
command. Your display should resemble the following output example:
VSAN 2:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x0c0101 N 24:04:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init isc..w
Step 4 View iSCSI session information with the show iscsi session command. Your display
should resemble the following output example:
Initiator 10.1.22.6
Initiator name 10.1.22.6
Session #1
Target iqn.iscsidiskdrive2
Task 4: Verifying iSCSI Target Properties

In this task you will verify that the iSCSI static initiator has access to the iSCSI static target
from the Windows 2000 Logical Disk Manager
Caution Be careful when working in Disk Administrator. Never make any configuration changes to
disks 0 or 1.
Activity Procedure
Step 1 On your Windows 2000 server desktop, right-click My Computer and choose
Manage.
Step 2 In the Computer Management window, choose Storage > Disk Management.
Step 3 In the lower right pane of Disk Manager, you will see several disk drives. Scroll
down in that panel and right-click each disk (one at a time) and choose Properties.
(Be sure to right-click the box that says Disk N, not the volume area to the right.)

Step 4 Locate the iSCSI disk by looking for the adapter name Microsoft iSCSI Initiator.
Step 5 Click OK to close Disk Properties.

Step 6 Click Close in the Computer Management window.
command:
9216)
Lab 3-2 Answer Key: Configuring Static Initiators and Targets
partial output of the show run command from the MDS 9216 in Pod 22 after completing this
activity.
vsan database
vsan 2
vsan 3
iscsi enable
vsan database
vsan 3
static nWWN 21:03:00:0d:ec:0c:d5:02
static pWWN 21:04:00:0d:ec:0c:d5:02
iscsi virtual-target name iqn.iscsidiskdrive2
pWWN 21:00:00:0c:50:d1:bc:6d
advertise interface GigabitEthernet2/1
initiator ip address 10.1.22.6 permit
interface iscsi2/1
no shutdown
ip address 10.1.22.11 255.255.255.0
no shutdown
interface fc1/6
no shutdown

Lab 3-3: Implementing Fibre Channel Access
Control for iSCSI
Exercise Objective
To provide a higher level of security for a iSCSI environment, your customer wants to segment
statically assigned initiators into separate VSANs, then further secure access by configuring
zoning for all iSCSI hosts and targets.
In this activity, you will zone your statically assigned iSCSI initiators and targets. After
 Restore your saved configuration.
 Configure zoning using iSCSI initiators and targets.
Visual Objective
Required Resources
9000 IPS Module
 Two Windows 2000 servers, each with the Microsoft iSCSI Initiator driver installed
Command List
Command Description
vsan database Enter the VSAN database submode.
vsan vsan-id Specifies the VSAN ID.
Displays information about configured VSAN

show vsan membership membership.
show iscsi initiator Displays the configured information for the iSCSI initiator.
configured
debug ips iscsi flow Enables debugging for the IPS iSCSI flow.
undebug all Turns off all debugging.
show zoneset active Shows only active zone sets.
show iscsi session Lists all the active iSCSI initiator or target sessions.

In this task you will restore the basic iSCSI configuration that you saved at the end of Lab 3-2.
Activity Procedure
Follow these steps on both switches:
Step 1 From the CLI, restore the configuration you saved at the end of Lab 3-2 using the
following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi2.cfg run (where x
is your pod number, fname is your first name, and nnnn is either 9506 or 9216.)
Step 2 From the CLI, copy the running-config file to the startup-config file using the copy
run start command.
Follow these steps to verify that the configuration has been successfully restored:
Step 1 From the Windows 2000 server, double-click the Microsoft iSCSI Initiator
shortcut on the Windows desktop.
Step 2 Click the Target Portals tab from iSCSI Initiators Properties

Step 3 Click Add.
number, and y is 21 for the MDS 9506 or 11 for the MDS 9216).
Step 5 Click OK.
Step 7 Click Refresh, and confirm that the status of the target is “Connected.”
Task 2: Configuring Zones
In this task, you will configure zones and zone sets for your iSCSI devices. You will configure
zoning in VSAN 2 on the MDS 9506 Multilayer Director and in VSAN 3 on the MDS 9216
Fabric Switch.
Activity Procedure
Complete these steps on both switches.
Step 1 From the CLI, configure default zone permit settings for VSAN 2 and VSAN 3 to
deny access.
# conf t
(config)# no zone default-zone permit vsan 2 (MDS 9506 only)
(config)# no zone default-zone permit vsan 3 (MDS 9216 only)
Step 2 From a Windows 2000 desktop, open Cisco Fabric Manager

Step 3 In the Logical Domains pane, expand the tree view by clicking on the Plus [+] sign
next to your assigned VSAN.
 If you are working on the MDS 9506 expand VSAN 2.
 If you are working on the MDS 9216 expand VSAN 3.
Step 4 Right-click Default Zone and choose Edit Local Full Zone Database.
Step 5 In the Edit Local Full Zone Database window choose Zonesets, and then click the
Insert button.

Step 6 Click OK to accept the default zone set name ZoneSet1.
Step 7 In the Edit Local Full Zone Database window choose Zones, and then click the
Insert button.
Step 8 Click OK to accept the default zone name Zone1.
Step 9 Expand the Zonesets and Zones folders by clicking on the Plus [+] signs next to
each folder.

Step 10 Hold down the Ctrl key to choose multiple end devices for Zone1:
 Both teams will choose the iSCSI initiator on iscsi2/1.
 On the MDS 9506, select the first disk target.
 On the MDS 9216, select the second disk target listed.
MDS 9506 
MDS 9216 
9506 & 9216 
Step 11 Add the selected devices to Zone1 by dragging them into Zone1 below the Zones
folder.
Step 12 Click Zone1 and add Zone1 to ZoneSet1 by dragging it into ZoneSet1.

Step 13 Activate ZoneSet1 by clicking Activate.
Step 14 Check the Save Running to Startup Configuration check box and click Continue
Activation to activate ZoneSet1.
Step 15 You will see zone set activation status and a “Success” message in the lower left
corner of the Edit Local Full Zone Database window when the activation has
completed.
Step 16 When activation has completed and the configuration has been saved, click Close.
Step 17 Open the Microsoft iSCSI Initiator control panel from the shortcut on the
Windows 2000 desktop.
Step 19 Click Log Off.

Step 20 On both switches, enter the following command:
# debug ips iscsi flow
Step 21 Return to the Microsoft iSCSI Initiator control panel.

Step 23 Click Log On.

Step 24 Click OK in the Log On to Target dialog box.
Step 25 Return to the CLI and view the debug output. Your display should resemble the
following sample output:
MDS9506# 2005 Apr 5 13:11:20 ips: Session Create init: iqn.1991-
05.com.microsot:p22-server1, ip addr: 10.1.22.2, target
iqn.iscsidiskdrive1
2005 Apr 5 13:11:20 ips: matched ip address configured initiator
2005 Apr 5 13:11:20 ips: Fc-port(5) pwwn 2404000dec097702 pgt 128
iscsi-if-index 0b080000 intf 02080000
2005 Apr 5 13:11:20 ips: Created session(14288) target name
iqn.iscsidiskdrive1 isid 400001370016 for initiator(5)
2005 Apr 5 13:11:20 ips: Target iqn.iscsidiskdrive1 a virtual
target checking access
2005 Apr 5 13:11:20 ips: Node iqn.iscsidiskdrive1 is allowed to
be advertised
to if_index 0x2080000, initiator iqn.1991-5.com.microsoft:p22-
server1
2005 Apr 5 13:11:20 ips: fc_port(5) Querying NS for target
pwwn:[2200000c50d1b35] sec pwwn:[0] wait 1
2005 Apr 5 13:11:20 ips: Got NS tgt response fc_port(5) sid
000c0101 vsan 2 did 000c00e1
2005 Apr 5 13:11:20 ips: Sending Session Create Response for
init_name:[iqn.1991-05.com.microsoft:p22-server1]
target_name:[iqn.iscsidiskdrive1] isid:[400001370016]
Step 26 Turn off debugging with the undebug all command.
Complete these steps on both the MDS 9506 Multilayer Director and the MDS 9216 Fabric
Switch:
Step 1 From the CLI, display the iSCSI initiator. Your display should resemble the
MDS9506# sh iscsi initiator
iSCSI Initiator name: iqn.1991-05.com.microsoft:p22-server1
iSCSI alias name:
Member of vsans: 2
Virtual Port WWN is 24:04:00:0d:ec:09:77:02 (configured)
Step 2 From the CLI, display all active zone sets. Your display should resemble the
# show zoneset active
MDS9506# show zoneset active
zoneset name ZoneSet1 vsan 2
zone name Zone1 vsan 2
* fcid 0x0c00e1 [pwwn 22:00:00:0c:50:d1:bc:35]
* fcid 0x0c0101 [pwwn 24:04:00:0d:ec:09:77:02]

Step 3 From the CLI, display all iSCSI sessions. Your display should resemble the
MDS9216# show iscsi session
Initiator 10.1.22.6
Initiator name iqn.1991-05.com.microsoft:p22-server2
Session #1
command:
9216)
Lab 3-3 Answer Key: Implementing Fibre Channel Access
Control for iSCSI
vsan database
vsan 2
vsan 3
iscsi enable
vsan database
vsan 3
pWWN 21:00:00:0c:50:d1:bc:6d
zone broadcast enable vsan 3
zone name Zone1 vsan 3
member pwwn 21:00:00:0c:50:d1:bc:6d
member pwwn 21:04:00:0d:ec:0c:d5:02
zoneset name ZoneSet1 vsan 3
member Zone1
zoneset activate name ZoneSet1 vsan 3
interface iscsi2/1
no shutdown
ip address 10.1.22.11 255.255.255.0
no shutdown
interface fc1/6
no shutdown

Lab 3-4: Implementing iSCSI Access Control
Activity Objective
Your customer wants all iSCSI initiators to have secured access to the Fibre Channel fabric,
and the customer wants to manage this security from a central location.
In this activity, you will configure IP ACLs, iSCSI target advertising, and CHAP authentication
on the MDS 9000 IPS Module. You will also configure the MDS 9000 IPS Module to use
RADIUS to authenticate iSCSI initiators using the CHAP protocol. After completing this
activity, you will be able to meet these objectives:
 Restore your saved configuration.
 Configure IP ACLs to restrict iSCSI initiator access to virtual iSCSI targets.
 Configure target advertising to restrict visibility of virtual iSCSI targets.
 Configure CHAP authentication for iSCSI initiators.
 Configure a RADIUS server using Windows Internet Authentication Service (IAS).
 Configure the MDS 9000 IPS Module to use a RADIUS server to authenticate iSCSI
initiators.
Visual Objective
Required Resources
9000 IPS Module
installed
Command List
Command Description
show ip access-list Displays a summary of the specified IP-ACL.

list-name
debug ipacl all Enables debugging for all IP ACL features.
debug aaa events Enables debugging for AAA events.
show authentication Displays the configured authentication parameters.
show interface Displays the description of the Gigabit Ethernet interface in the
gigabitethernet specified slot/port.
slot/port
show radius-server Displays all configured RADIUS server parameters.
debug radius aaa- Enables RADIUS AAA request low-level debugging.

request-lowlevel

This lab requires your pod to be set up with a basic iSCSI configuration with static initiators
and targets. This will allow you to focus on configuring the security features of the switch.
Therefore, in this task you restore your saved configuration from the end of Lab 3-2.
Note Note that you must restore your saved configuration to the startup configuration, not the
running configuration as you did in the previous labs. When you restore to the running
configuration, the saved configuration is merged with the running configuration. This was an
acceptable method in the previous labs, but in this case you need to erase the FC access
control configuration from Lab 3-3. Therefore, you must restore to the startup configuration.
When you restore to the startup configuration and reload, the saved configuration replaces
the running configuration.

Activity Procedure
Complete these steps to load your configuration from the TFTP server:
Step 1 Erase your current startup configuration.
# write erase
Step 2 Copy the configuration you saved at the end of Lab 3-2 to the startup configuration
using the following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi2.cfg start
9216)
Step 3 Reload the switch using the reload command.
Complete these steps to verify that the configuration has been successfully restored:
Windows desktop.
Step 3 Click Add.
Step 5 Click OK.
Step 7 Click Refresh and confirm that the status of the target is “Connected.”

Task 2: Configuring IP ACLs for iSCSI
In this task you will configure IP ACLs for your Gigabit Ethernet interfaces.
Activity Procedure
Step 1 Open the Cisco Device Manager.
Step 2 From the Device Manager main menu, choose Security > IP ACL.
Step 3 From the IP ACL menu click the Profiles tab.

Step 4 In the IP ACL window, click Create.
Step 5 In the Create IP ACL Profiles dialog box, enter ACL1 in the Name field.
Step 6 Click Create then click Close.
Step 7 In the IP ACL window, click the Profiles tab, choose the newly created IP ACL
profile name, and click Rules.
Step 8 In the IP ACL Profile rules window, click Create.

Step 9 In the Create IP Filter dialog box, configure the following settings to create an IP
filter that will allow access only from the static initiator configured locally on the
MDS 9000 Series Multilayer Switch:
 In the Index field, enter 1.
 Set the Action option to permit.
 Set the Protocol field to 0 IP.
 In the Source area, configure the following:
— In the Address field, enter the IP address of the server that has been
configured as the static initiator for this switch.
— In the Wildcard field, enter 0.0.0.0.
— In the Ports field, enter 0.
— In the To field, enter 65535.
 In the Destination area, configure the following:
— In the Address field, enter the IP address of the gigE2/1 interface.
Step 10 Click Create, then click Close.
Step 11 Create a second IP filter to deny ICMP echo from the server that is not configured
locally as a static initiator on this MDS 9000 Series Multilayer Switch. Configure
the following parameters for the IP filter:
 In the Index field, enter 2.
 Set the Action option to deny.
 Set the Protocol field to 1 ICMP.
 In the Source area, configure the following:
— In the Address field, enter the IP address of the server that has not been
configured as the static initiator for this switch.
 In the Destination area, configure the following:
— In the Address field, enter the IP address of the gigE2/1 interface
 In the Other area, set the ICMP Type to 8 echo.

Step 13 In the IP ACL Profile rules window, confirm the rules that you created for the IP
ACL Profile.
Step 14 Click Close.

Step 15 In the IP ACL window, click the Interfaces tab, and then click Create.
Step 16 In the Create IP ACL Interfaces dialog box, click the […] button beside the Interface
field to apply the IP ACL inbound to the gigE2/1 interface.
Step 17 Click the gigE2/1 interface and confirm that the mgmt0 Logical Interface check box
is unchecked.
Step 18 Click OK.
Step 19 From the ProfileName field list, choose ACL1.

Step 21 In the IP ACL dialog box click the Interfaces tab, and confirm that the profile name
has been applied to the gigE2/1 interface inbound.
Step 22 Click Close.

Step 23 Open the CLI for the MDS 9000 Series Multilayer Switch console and use the show
ip access-list <profile> command to display the IP ACL detail. Your display should
resemble the following output example:
MDS9506# show ip access-list ACL1
ip access-list ACL1 permit ip 10.1.22.2 0.0.0.0 10.1.22.21 0.0.0.0
(0 matches)
ip access-list ACL1 deny icmp 10.1.22.6 0.0.0.0 10.1.22.21 0.0.0.0
icmp-type etho (0 matches)
Step 24 Enable debug output for the IP ACL with the debug ipacl all command:

Complete these steps to verify your IP ACL configuration:
Note If you are working on the MDS 9506, you will use the Microsoft iSCSI Initiator control panel
on Server1 to log in to the iSCSI target, and then attempt to ping gigE2/1 from Server2.
If you are working on the MDS 9216, you will use the Microsoft iSCSI Initiator control panel
on Server2 to log in to the iSCSI target, and then attempt to ping gigE2/1 from Server1.
Step 1 From the desktop of the server that is configured as the static initiator for this
switch, open the Microsoft iSCSI Initiator control panel.
Step 2 Click the Active Sessions tab, and then click Log Off.
Step 3 Click the Available Targets tab, and then click Log On.
Step 4 Click OK in the Log On to Target dialog box.

Step 5 Go to the desktop of the other server—the one that is not configured as a static
initiator for the switch being tested.
Step 6 Open a Windows command prompt. From the Windows desktop, click Start > Run,
type cmd, and then click OK.
Step 7 Use the ping command to test connectivity to the IP address of the gigE2/1
interface. Your display should resemble the following:
C:\Documents and Settings\Admin>ping 10.1.22.21
Pinging 10.1.22.21 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.22.21:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The expected result of the ping is Request timed out for the four ICMP packets
sent. There should be no ICMP echo due to the application of the second IP ACL
deny rule.

Step 8 Return to the switch CLI interface and use the show ip access-list profile command
to display the debug information for the IP ACL, where profile is the profile name
you created in Activity Procedure Step 5. Your display should resemble the
following:
MDS9506# show ip access-list ACL1
2005 Apr 6 10:24:54 ipacl: Received query one profile 256 filters
prof ACL1 no-index (id 10fc03h size 80)
(1 matches)
icmp-type echo (4 matches)
2005 Apr 6 10:24:54 ipacl: Read stats for rule 0 for chain acl1 :
0, 0
2005 Apr 6 10:24:54 ipacl: adding 0 packets for filter at 0
2005 Apr 6 10:24:54 ipacl: Read stats for rule 1 for chain acl1 :
0, 0
2005 Apr 6 10:24:54 ipacl: adding 0 packets for filter at 0
2005 Apr 6 10:24:54 ipacl: IPT read counters for chain acl1
2005 Apr 6 10:24:54 ipacl: gigE_stats->num_filter_stats 2,
payload_size 64
2005 Apr 6 10:24:54 ipacl: adding 1 packets to 0 for filter at 0
2005 Apr 6 10:24:54 ipacl: adding 4 packets to 0 for filter at 0
2005 Apr 6 10:24:54 ipacl: gigE read counters for filter ACL1
2005 Apr 6 10:24:54 ipacl: Sent PROFILE VALID, 2 filters (id
10fc03h size 364)
You should observe that the login attempt from the first server generated one match
against the first rule of the IP ACL, permitting access from the host you specified.
You should observe four matches for the second rule of the IP ACL you created to
deny ICMP echos—one for each packet that was sent to the gigE2/1 IP address with
the ping command performed in Step 7.
Step 9 Turn off debugging with the undebug all command.
Task 3: Configuring iSCSI Target Advertisement
In this task you will configure target advertisement for your iSCSI interfaces.
Activity Procedure
Complete these steps on both the MDS 9506 Multilayer Director and the MDS 9216 Fabric
Switch:
Step 1 From the Cisco Device Manager, choose IP > iSCSI.
Step 2 In the iSCSI dialog box, click the Targets tab.

Step 3 Choose the iSCSI name of the target iqn.iscsidiskdrive1 and click the Edit
Advertised button.
Step 4 In the Advertised Interfaces dialog box, choose interface gigE2/1 and click Delete.
Step 5 Click Yes to confirm the deletion.

Step 7 In the Create Advertised Interface dialog box, choose gigE2/2 in the Interface drop-
down menu. Note that your server is actually connected to interface gigE2/1, not
gigE2/2.
Step 9 Click Close to close the Advertised Interfaces window.
Complete the following steps from Server1 and Server2:
Step 1 From the desktop of the server that is configured as the static initiator for this
switch, open the Microsoft iSCSI Initiator control panel.

Step 3 Observe the status of iqn.iscsidiskdrive1 and confirm that the status is
“Reconnecting.” The iSCSI initiator cannot connect to the target because you
changed the advertised interface.
Step 4 Return to the Cisco Device Manager iSCSI Targets dialog box.
Step 5 Select the iSCSI name of the target iqn.iscsidiskdrive1 and click Edit Advertised.
Step 6 Select the interface gigE2/2 and click Delete.

Step 7 Click Yes to confirm the deletion.

Step 9 In the Create Advertised Interface dialog box, choose gigE2/1 from the Interface
drop-down menu. This is the correct interface for your server.
Step 11 Click Close to close the Advertised Interfaces window.
Step 12 Return to the Microsoft iSCSI Initiator control panel.

Step 14 Observe the status of iqn.iscsidiskdrive1 and confirm that the status is “Connected.”

Task 4: Configuring CHAP Authentication for iSCSI
In this task you will configure CHAP authentication for your iSCSI initiators.
Activity Procedure 1: Enable CHAP on the MDS 9000 IPS Module

Complete these steps on both switches:
Step 1 From Cisco Device Manager, right-click the gigE2/1 interface and choose
Configure.
Step 2 In the gigE2/1 dialog box, change the IscsiAuthMethod to chap for interface
gigE2/1.
Step 5 Click the Globals tab and change the AuthMethod from none to chap.

Step 6 Click Apply, then click Close.
Step 7 From the Cisco Device Manager main menu, choose Security > iSCSI.
Step 8 In the iSCSI Security dialog box, configure the following settings:
 In the iSCSI User field, enter the IP address of the locally configured iSCSI
initiator.
 In the Password and Confirm Password fields, enter mds9000labchap.
Activity Procedure 2: Enable CHAP on the iSCSI Initiator
Complete these steps on both servers:
Step 1 From the Windows 2000 desktop, open the Microsoft iSCSI Initiator control panel.
Step 2 Click the Initiator Settings tab.
Step 3 In the Change to: field in the Change Initiator Node Name area, type the iSCSI
username that you configured in Step 8. This should match the IP address of the
iSCSI initiator: 10.1.x.y (where x is your pod number and y is 2 for Server1 or 6 for
Server2).
Step 4 Click Change.
Step 6 Click Remove to delete the configured target portal.

Step 7 Click Add to create a new target portal configuration.
Step 8 In the IP address or DNS name field, enter the IP address of interface gigE2/1 on
your switch: 10.1.x.y (where x is your pod number and y is 21 for the MDS 9506 or
11 for the MDS 9216).
Step 9 Click Advanced to configure the CHAP parameters for the discovery session.
Step 10 Check the CHAP logon information check box.
Step 11 Enter mds9000labchap in the Target Secret field.
Note CHAP passwords must be between 12 and 16 characters.
Step 12 Click OK to close the Advanced Settings window.
Step 13 Click OK to close the Add Target Portal window.
Complete these steps to verify that your iSCSI initiator is authenticating with the switch:
Step 1 From the switch CLI, issue the following command to debug CHAP authentication:
MDS9506# debug aaa events
Step 2 Return to the Microsoft iSCSI Initiator control panel and click the Active Sessions
tab.
Step 3 Click Log Off.


Step 6 Click Advanced in the Log On to Target dialog box.

Step 10 Click OK to close the Log On to Target window.
Step 11 Return to the switch CLI and observe the debug output:
2005 Apr 6 16:57:56 aaa: LOCAL Authentication req
2005 Apr 6 16:57:56 aaa: doing chap authentication for
user:10.1.22.2
2005 Apr 6 16:57:56 aaa: password:mds9000labchap, chap_id:8
2005 Apr 6 16:57:56 aaa: aaa_send_client_response for
authentication. session-> flags=11
2005 Apr 6 16:57:56 aaa: aaa_cleanup_session
2005 Apr 6 16:57:56 aaa: mts_drop of request msg
2005 Apr 6 16:57:56 aaa: Fall back method local succeeded
Step 12 Turn off all debugging with the undebug all command.
 You view debug output that shows that CHAP authentication has occurred.
 The Microsoft iSCSI Initiator properties Available Target and Active Sessions tabs both
reflect a status of “Connected.”

Task 5: Configuring the Windows 2000 RADIUS Service
In this task you will configure IAS on your server to support RADIUS authentication.
Note If you are working alone you will configure Server 1 and the MDS 9506 Multilayer Director. If
you are working in teams, one team will configure Server 1 and the MDS 9506 Multilayer
Director, and the other team will configure Server 2 and the MDS 9216 Fabric Switch.
Activity Procedure
Complete these steps on the server.
Step 1 From your server desktop, right-click My Computer and choose Manage.
Step 2 Expand Local Users and Groups in the left pane, then right-click Users and choose
New User.
Step 3 Enter the iSCSI Security User name that you used in the previous task: 10.1.x.y
(where x is your pod number and y is the last octet of the IP address of your iSCSI
initiator—2 on Server 1 and 6 on Server 2).
Step 4 Enter mds9000labchap in the Password and Confirm password fields.

Step 5 Check the Password never expires check box.
Step 6 Clear the User cannot change password and Account is disabled check boxes.
Step 8 Right-click the username you created and choose Properties.
Step 9 In the Properties dialog box, click the Dial-in tab.

Step 10 Click the Allow Access radio button.
.
Step 11 Click Apply, then click OK.
Step 12 Open the Windows IAS configuration tool by choosing Start > Programs >
Administrative Tools > Internet Authentication Service.
Note If IAS is not already installed on your Windows 2000 server, you can install it by clicking:
Start > Settings > Control Panel > Add/Remove Programs > Add/Remove Windows
Components > Networking Services > Details > Internet Authentication Service.
Step 13 From the Internet Authentication Service (Local) tree view, right click the Clients
folder and chose New Client.
Step 14 In the Add Client dialog box, configure the following settings:
 In the Friendly name field, enter the client name in the format MDSnnnn, where
nnnn is either 9506 or 9216 and correlates with your assigned switch.
 Confirm that the Protocol field is set to RADIUS.
Step 15 Click Next.

Step 16 In the Add RADIUS Client dialog box, configure the following settings:
 In the Client address (IP or DNS) field, enter the mgmt0 IP address of your
MDS switch: 10.0.x.y (where x is your pod number and y is either 3 for the MDS
9216 or 5 for the MDS 9506).
 In the Shared Secret and Confirm Shared Secret fields, enter mds9000labchap.
Step 17 Click Finish and verify that the client you configured appears in the Details pane of
the IAS Clients folder.
Step 18 Right-click Remote Access Policies from the IAS tree view and choose New
Remote Access Policy.
Step 19 In the Add Remote Access Policy dialog box, specify iSCSI_HOST as the name for
the new Remote Access Policy in the Policy Friendly Name field.
Step 20 Click Next.

Step 21 In the Add Remote Access Policy dialog box, click Add.

Step 22 In the Select Attribute dialog box, choose Client-IP-Address as the attribute to add,
and then click Add.
Step 23 In the Client IP Address dialog box, enter 10.*.*.* as the wild card for the Client-IP-
Address attribute and then click OK.
Step 24 In the Add Remote Access Policy dialog box, ensure that the “Client IP Address
matches ″10.*.*.*″ ” condition appears in the Conditions field, then click Next.
Step 25 In the Add Remote Access Policy dialog box, click the Grant remote access
permission radio button and then click Next.

Step 26 Click Edit Profile to specify the user profile.
Step 27 In the Edit Dial-in Profile dialog box, click the Authentication tab.
Step 28 Check the Encrypted Authentication (CHAP) authentication check box as the
method to be used for this connection.
Step 29 Click Apply and then click OK.

Step 30 Click No when prompted to view the Dial-in Settings Help topic.

Step 31 Click Finish to close the Add Remote Access Policy dialog box.
 The new iSCSI_HOST policy appears in the right pane of the Internet Authentication
Services dialog box. (If you do not see the policy, ensure that the Remote Access Policies
item is selected in the left pane.)
Task 6: Configuring RADIUS Authentication
In this task, you will configure your MDS 9000 Series Multilayer Switch to use RADIUS for
iSCSI CHAP authentication.
Note If you are working alone you will configure the MDS 9506 Multilayer Director. If you are
working in teams, one team will configure the MDS 9506 Multilayer Director, and the other
team will configure the MDS 9216 Fabric Switch.
Activity Procedure
Step 1 From the switch CLI, execute the show authentication command.
Step 2 Confirm that the current local authentication mechanism for iSCSI is not enabled.
Step 3 Execute the following command to display the configuration of interface gig2/1:
# show interface gig2/1
Step 4 Confirm that the current interface authentication mechanism for iSCSI is CHAP.
Step 5 From the Cisco Device Manager main menu, choose Security > AAA.
Step 6 Click the Servers tab, and click Create.

Step 7 In the Create AAA Servers dialog box, configure the following settings for the
RADIUS server:
 Choose the radius protocol.
 Enter 1 in the Index field.
 In the Name or IP Address field, enter the IP address of the server that you
configured with IAS: 10.0.x.y (where x is your pod number and y is the last octet
of the IP address of the server management interface). This is the IP address that
the MDS 9000 Series Multilayer Switch will use for the RADIUS server.
Confirm that it is on the same subnet as the MDS mgmt0 interface—the second
octet should be 0.
 In the AuthPort field, enter 1812.
 In the AcctPort field, enter 1813.
 In the KeyType field, click the plain radio button.
 In the Key field, enter mds9000labchap.
 In the TimeOut field, enter 5.
 In the Retransmits field, enter 2.

Step 9 Click the Server Groups tab and confirm that the RADIUS Server IP address
appears in the ServerIdList field.
Step 10 Click the Applications tab and enter 1 in the “iSCSI,all,authentication” row of the
ServerGroupIdList column.
Step 11 Click Apply and then click Close.
Step 12 From the CLI, enter the show radius-server command and verify your
configuration. Your display should resemble the following:
MDS9506# show radius-server
retransmission count:1
timeout value:1
total number of servers:1
following RADIUS servers are configured:
10.0.22.2:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
timeout:5
retries:2
Step 13 From the Cisco Device Manager, right-click gigE2/1 and choose Configure.
Step 14 In the configuration dialog box, click the iSCSI tab and click the passThrough
radio button in the ForwardingMode field.
Step 15 Click the ipaddress radio button in the Initiator ID Mode field.
Complete these steps to verify that RADIUS authentication is active and that the iSCSI initiator
can still authenticate with the switch:
Step 1 From the LabGear interface, click the console link for your switch to start a new
CLI session. If you already have a console session open, just log out and log in
again.
Step 2 From the CLI, enter the show authentication command. Your display should
# show authentication
authentication method:radius
console:not enabled
telnet/ssh:not enabled
iscsi:enabled
authentication method:local
console:not enabled
telnet/ssh:not enabled
iscsi:not enabled
Confirm that RADIUS is the only authentication method enabled for iSCSI. Under
authentication method:local, you should see iscsi:not enabled.
Step 3 Enter the debug radius aaa-request-lowlevel command to view RADIUS
authentication of the iSCSI CHAP session.

Step 4 Return to the server desktop. In the Microsoft iSCSI Initiator control panel, click
the Active Sessions tab and click Log Off.

Step 7 Click Advanced on the Log On to Target dialog box.


Step 11 Click OK to close the Log On to Target window.
Step 12 Return to the switch CLI and observe the debug output of the iSCSI authentication
request. Your display should resemble the following:
MDS9506# debug radius aaa-request-lowlevel
MDS9506# 2005 Apr 7 15:34:42 radius: process_aaa_radius_request:
entering for aaa session id 0
2005 Apr 7 15:34:42 radius: received CHAP authentication request for
10.1.22.2
2005 Apr 7 15:34:42 radius: get_radius_server_group_info: entering...
2005 Apr 7 15:34:42 radius: radius_request_process: event:
FIRST_REQUEST, switch to first server
2005 Apr 7 15:34:42 radius: radius_request_process_next_server:
entering...
2005 Apr 7 15:34:42 radius: radius_request_process_next_server:
looping thru servers in servergroup...
2005 Apr 7 15:34:42 radius: process_aaa_radius_request: returning
TRUE...
2005 Apr 7 15:34:42 radius: chap_data_available_func: entering for
aaa session 0
2005 Apr 7 15:34:42 radius: chap_data_available_func: RADIUS server
sent accept for authentication aaa session 0
2005 Apr 7 15:34:42 radius: chap_reply: entering for aaa session: 0
2005 Apr 7 15:34:42 radius: send_aaa_radius_resp_mts: entering for
aaa session 0
2005 Apr 7 15:34:42 radius: send_aaa_radius_resp_mts: exiting for aaa
session
2005 Apr 7 15:34:42 radius: chap_reply: exiting for aaa session: 0
Step 13 Turn off all debugging with the undebug all command.
command:
9216)
 The RADIUS server “sent accept” message appears in the debug output.
 In the Microsoft iSCSI Initiator Properties dialog box, the connection state of all iSCSI
targets is “Connected.”

Lab 3-4 Answer Key: Implementing iSCSI Access Control
activity.
vsan database
vsan 2
vsan 3
iscsi enable
vsan database
icmp-type echo
vsan 3
iscsi authentication chap
pWWN 21:00:00:0c:50:d1:bc:6d
radius-server host 10.0.22.6 key 7 pzw9000qsemmql authentication
accounting timeout 5 retransmit 2
username 10.1.22.6 password 7 pzw9000qsemmql iscsi
snmp-server host 10.1.22.2 version 2c public udp-port 1164
snmp-server host 10.1.22.6 version 2c public udp-port 1163
aaa authentication iscsi default group radius
interface iscsi2/1
switchport initiator id ip-address
mode pass-thru
no shutdown
iscsi authentication chap
ip address 10.1.22.11 255.255.255.0
ip access-group ACL1 in
no shutdown
interface fc1/6
no shutdown
Lab 3-5: Implementing High-Availability iSCSI
Configurations
Activity Objective
The customer would like to implement a highly available iSCSI interconnect environment. You
must ensure that the redundancy is in place in both the front-end network, which connects the
iSCSI host (initiator) to the MDS 9000 Series Multilayer Switch, and the back-end network,
which connects the iSCSI client to storage targets.
In this activity, you will configure the Virtual Router Redundancy Protocol (VRRP) so that the
iSCSI connection can survive the failure of an MDS 9000 Series Multilayer Switch or Ethernet
interface. You will then configure the target portal multipathing feature on the MDS 9000
Series Multilayer Switch to provide high availability on the back end. After completing this
activity, you will be able to meet these objectives:
 Restore your previous configuration.
 Configure VRRP for iSCSI initiators.
 Implement target portal multipathing.
 Test and verify the configuration.
Visual Objective

Required Resources
 Two Windows 2000 clients with Microsoft iSCSI Initiator software drivers installed
 MDS 9216 Fabric Switch and MDS 9506 Multilayer Director switches with an MDS 9000
IPS Module
Command List
Command Description
show iscsi initiator Displays configuration information for all configured iSCSI
initiators.
show iscsi virtual-target Displays configuration information for all configured iSCSI
virtual targets.
show fcns database Displays the contents of the Fibre Channel Name Server
database
show iscsi session Displays information about all active iSCSI sessions.
int interface Enters interface configuration submode for interface.
channel-group auto Enables PortChannel autocreation for an interface.
sh port-channel database Displays configuration information for all configured

PortChannels.
iscsi initiator ip-address Creates a static iSCSI initiator with the name ip-address.
ip-address
show vrrp Displays configuration and status information about all
configured VRRP virtual routers.

This lab requires your pod to be set up with a basic iSCSI configuration with static initiators
and targets. This will allow you to focus on configuring the security features of the switch.
Therefore, in this task you restore your saved configuration from the end of Lab 3-2.
Note Note that you must restore your saved configuration to the startup configuration, not the
running configuration as you did in the previous labs. When you restore to the running
configuration, the saved configuration is merged with the running configuration. This was an
acceptable method in the previous labs, but in this case you need to erase the FC access
control configuration from Lab 3-4. Therefore, you must restore to the startup configuration.
When you restore to the startup configuration and reload, the saved configuration replaces
the running configuration.
Activity Procedure
Complete these steps to load your configuration from the TFTP server:
Step 1 Erase your current startup configuration.
# write erase
Step 2 Copy the configuration you saved at the end of Lab 3-2 to the startup configuration
using the following command.
# copy tftp://10.0.0.198/podx/fname-nnnn-iscsi2.cfg start
9216)
Step 3 Reload the switch using the reload command.
Complete these steps to verify that the configuration has been successfully restored:
Windows desktop.
Step 3 Click Add.
Step 5 Click OK.

Step 7 Click Refresh and confirm that the status of the target is “Connected.”
Step 8 Display configured iSCSI initiators with the show iscsi initiator command. Your
display should resemble the following example:
MDS 9506# show iscsi initiator
iSCSI alias name:
Member of vsans: 2
Virtual Port WWN is 24:04:00:0d:ec:09:77:02 (configured)
MDS 9216# show iscsi initiator

iSCSI alias name:
Node WWN is 21:03:00:0d:ec:0c:d5:02 (configured)
Member of vsans: 3
Virtual Port WWN is 21:04:00:0d:ec:0c:d5:02 (configured)
Step 9 Display configured iSCSI virtual targets with the show iscsi virtual-target
command. Your display should resemble the following example:
MDS 9506# show iscsi virtual-target
* Port WWN 22:00:00:0c:50:d1:bc:35
Configured node
GigabitEthernet 2/1
MDS 9216# show iscsi virtual-target
* Port WWN 21:00:00:0c:50:d1:bc:6d
Configured node
GigabitEthernet 2/1
Step 10 Display name server information with the show fcns database command. Your
MDS 9506# show fcns database
VSAN 2:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x0c0101 N 24:04:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init
isc..w
VSAN 3:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0xef00dc NL 21:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target

0xef00e0 NL 21:00:00:0c:50:dd:04:93 (Seagate) scsi-fcp:target
0xef00e1 NL 21:00:00:0c:50:d1:bc:35 (Seagate) scsi-fcp:target
0xef00e2 NL 21:00:00:0c:50:dd:87:8c (Seagate) scsi-fcp:target
0xef00e4 NL 21:00:00:0c:50:d1:d1:91 (Seagate) scsi-fcp:target
0xef00e8 NL 21:00:00:0c:50:d1:bc:6d (Seagate) scsi-fcp:target
0xef0101 N 21:04:00:0d:ec:0c:d5:02 (Cisco) scsi-fcp:init
isc..w
MDS 9216# show fcns database

VSAN 2:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x0c0101 N 24:04:00:0d:ec:09:77:02 (Cisco) scsi-fcp:init
isc..w
VSAN 3:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0xef00dc NL 21:00:00:0c:50:dd:05:4d (Seagate) scsi-fcp:target
0xef00e0 NL 21:00:00:0c:50:dd:04:93 (Seagate) scsi-fcp:target
0xef00e1 NL 21:00:00:0c:50:d1:bc:35 (Seagate) scsi-fcp:target
0xef00e2 NL 21:00:00:0c:50:dd:87:8c (Seagate) scsi-fcp:target
0xef00e4 NL 21:00:00:0c:50:d1:d1:91 (Seagate) scsi-fcp:target
0xef00e8 NL 21:00:00:0c:50:d1:bc:6d (Seagate) scsi-fcp:target
0xef0101 N 21:04:00:0d:ec:0c:d5:02 (Cisco) scsi-fcp:init
isc..w
Step 11 Display iSCSI session information with the show iscsi session command. Your
MDS 9506# show iscsi session
Initiator 10.1.22.2
Session #1

Initiator 10.1.22.6
Session #1

Task 2: Configuring VRRP
In this task, you will configure VRRP to provide redundancy from the front-end IP network to
the MDS 9000 IPS Modules on both MDS 9000 Series switches. As part of this task, you will
complete the following procedures:
 Configure gigE2/2 interfaces for use with VRRP.
 Configure virtual routers.
Note If you are working alone in your pod, you must perform this task on both switches.
Activity Procedure 1: Configure Interface gigE2/2 for Use with VRRP

Complete these steps on both switches:
Step 1 Open Cisco Device Manager and log in to your switch.
Step 2 Right-click gigE2/2 and select Configure.
Step 3 Configure the following settings on the GigE tab:
 Description: Secondary iSCSI Interface
 Admin: up
 IP Address/Mask: 10.1.x.y/24 (where x is your pod number, and y is 22 for the
MDS 9506 or 12 for the MDS 9216)
 iSCSIAuthMethod: check none and ensure that chap is not checked
Step 4 Click Apply.
Step 5 Click the iSCSI tab and configure the following settings:
 Admin: up
 Port VSAN: MDS 9506 is VSAN 3, MDS 9216 is VSAN 2
 Initiator ID Mode: ipaddress
Step 6 Click Apply.

Step 7 Click Yes to confirm your changes.
Step 8 Click Close.

Activity Procedure 2: Configure Virtual Routers on the MDS 9506 Multilayer Director
Complete this procedure on the MDS 9506 Multilayer Director. If you are working on the MDS
9216 Fabric Switch, skip this procedure and proceed to Activity Procedure 3.
Step 1 In Cisco Device Manager, choose the IP > VRRP.
Step 2 Click Create to create the first VRID (21).
Step 3 Configure the Create VRRP General dialog box with the following settings:
 Interface: gigE2/1
 VrId: 21
 Priority: 200
 PreemptMode: Unchecked

Step 5 To create the second VRID (11), configure the Create VRRP General dialog box
with the following settings:
 VrId: 11
 Priority: 200
Step 7 Click the IP Addresses tab.
Step 9 To create the IP address used by the first VRID (21), configure the Create VRRP
IP Addresses dialog box with the following settings:
 VrId: 21
 IpAddr: 10.1.x.21 (where x is your pod number)

Step 11 To create the IP address used by the second VRID (11), configure the Create VRRP
 VrId: 11
Step 12 Click Create and then click Close. The IP addresses will appear in the VRRP IP
Addresses tab.

Step 13 Click the VRRP General tab.
Step 14 Click within the Status Admin field and change the status from down to up for both
interfaces and VRIDs.
Step 15 Click Apply and leave the VRRP dialog box open.
Activity Procedure 3: Configure Virtual Routers on the MDS 9216 Fabric Switch
Complete this procedure on the MDS 9216 Fabric Switch. If you are working on the MDS 9506
Multilayer Director, skip this procedure and proceed to Activity Verification.
Step 1 From Cisco Device Manager, select the IP > VRRP menu.
Step 2 Click Create to create the first VRID (21).
Step 3 Configure the Create VRRP General dialog box with the following settings:
 VrId: 21
 Priority: 90
Step 5 To create the second VRID (11), configure the Create VRRP General dialog box
with the following settings:
 VrId: 11
 Priority: 90
Step 6 Click Create, and then click Close.
Step 7 Click the IP Addresses tab.
Step 9 To create the IP address used by the first VRID (21), configure the Create VRRP
 VrId: 21

Step 11 To create the IP address used by the second VRID (11), configure the Create VRRP
 VrId: 11

Step 12 Click Create and then click Close. The IP addresses will appear in the VRRP IP
Addresses tab.
Step 13 Click the VRRP General tab.

Step 14 Click in the Status Admin field and change the status from down to up for both
interfaces and VRIDs.
Step 15 Click Apply. Leave the VRRP dialog box open.
When you and your teammates have completed the VRRP configuration on both switches,
complete these steps on both switches to verify your configuration:
Step 1 In the VRRP dialog box, click Refresh.
Step 2 Compare the values in the Status Admin, Status Oper, and Priority fields with the
results shown here:
Status
Switch Interface, VRID Priority
Admin Oper
gigE2/1, 21 up master 200

MDS 9506
gigE2/2, 11 up backup 200
gigE2/1, 11 up master 90
MDS 9216
gigE2/2, 21 up backup 90
You have successfully completed this task when you attain the following results:
 VRID 11 master interface is MDS 9216 gigE2/1, backup interface is MDS 9506 gigE2/2
 VRID 21 master interface is MDS 9506 gigE2/1, backup interface is MDS 9216 gigE2/2
To summarize, you and your teammates have worked together to create two virtual routers:
 VRID 11 provides redundancy for the initiators connected to gigE2/1 on the MDS 9216
Fabric Switch via a backup interface on gigE2/2 on the MDS 9506 Multilayer Director.
 VRID 21 provides redundancy for the initiators connected to gigE2/1 on the MDS 9506
Multilayer Director via a backup interface on gigE2/2 on the MDS 9216 Fabric Switch.
Note The configured priority has not determined which interface is the master. This is because
you configured each VRID IP address to match the IP address of one of the switch
interfaces (gigE2/1). Therefore, that interface automatically assumes the highest priority.

Activity Procedure 4: Create a PortChannel
In this procedure, you will bring up the ISLs between the switches in your pod. Both teams
should complete this procedure.
Step 1 Using the CLI, configure PortChannel autocreation for interfaces fc1/7, fc1/8, and
fc1/9, and enable the interfaces:
# conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)# int fc1/7-9
(config-if)# channel-group auto
(config-if)# no shut
(config-if)# end
Step 2 When both teams have completed Step 1, verify that the PortChannel has been
created successfully and that all interfaces are up:
# sh port-channel database
port-channel 128
Channel is auto created
First operational port is fc1/7
Ports: fc1/7 [up] *
fc1/8 [up]
fc1/9 [up]
Activity Procedure 5: Configure Secondary iSCSI Static Initiators on Both Switches

In this procedure, you will replicate the existing iSCSI static initiators on both switches to
allow for the failover of the iSCSI session when using VRRP. Both teams should complete
these steps.
Step 1 Open Cisco Fabric Manager.
Step 2 In the Physical Attributes pane, choose End Devices > iSCSI.
Step 3 In the details pane, click the Initiators tab.
Step 4 Locate the iSCSI initiator that was configured on the other switch. In other words, if
you are working on the MDS 9506 Multilayer Director, locate the static initiator
configured on the MDS 9216 Fabric Switch. If you are working on the MDS 9216
Fabric Switch, locate the static initiator configured on the MDS 9506 Multilayer
Director. Document the following details of that initiator:
Parameter Value
Name of other switch 9216
IP address
VSAN
Node WWN (nWWN)
Port WWN (pWWN)
Step 5 Using the CLI on the other switch, replicate the static initiator that you documented
in Step 4 using the iscsi initiator ip-address command. In other words, if you are
working on the MDS 9506 Multilayer Director, create a duplicate static initiator on
the MDS 9216 Fabric Switch. If you are working on the MDS 9216 Fabric Switch,
create a duplicate static initiator on the MDS 9506 Multilayer Director. Your display
should resemble the following examples:
MDS 9216# conf t
MDS 9506(config)# iscsi initiator ip-address 10.1.22.6
MDS 9506(config-iscsi-init)# vsan 3
MDS 9506(config-iscsi-init)# static nWWN 21:03:00:0d:ec:0c:d5:02
MDS 9506(config-iscsi-init)# static pWWN 21:04:00:0d:ec:0c:d5:02
MDS 9506(config-iscsi-init)# end
MDS 9216# conf t

MDS 9216(config)# iscsi initiator ip-address 10.1.22.2
MDS 9216(config-iscsi-init)# vsan 2
MDS 9216(config-iscsi-init)# static nWWN 24:03:00:0d:ec:09:77:02
MDS 9216(config-iscsi-init)# static pWWN 24:04:00:0d:ec:09:77:02
MDS 9216(config-iscsi-init)# end

Step 6 When Steps 1 through 5 have been completed on both switches, click the Refresh
button in the Cisco Fabric Manager toolbar. You should see four initiators in the
details pane that is accessed this way: Click the Initiators tab, then choose Fabric
Manager > Physical Attributes > End Devices > iSCSI.
Task 3: Configuring Target Portal Multipathing
In this task you will configure Target Portal Multipathing to provide redundant paths from the
logical iSCSI interfaces to the Fibre Channel JBOD disks. The JBOD is dual-ported to both
switches in your pod. In this task, you will complete the following procedures:
 Configure secondary port WWNs and iSCSI targets
 Configure secondary iSCSI static initiators
Activity Procedure 1: Configure Secondary Port WWNs and iSCSI Targets on the
MDS 9506
Complete these steps if you are configuring the MDS 9506 Multilayer Director. If you are
configuring the MDS 9216 Fabric Switch, proceed to Activity Procedure 2.
Step 1 In Cisco Device Manager, choose IP > iSCSI.
Step 2 Click the Targets tab.
Step 3 Click in the Primary Port WWN field and press Ctrl-C to copy the Primary Port
WWN.
Step 4 Click in the Secondary Port WWN field and press Ctrl-V to paste the Primary Port
WWN.
Step 5 Double-click the Secondary Port WWN field and edit the first two numbers of the
WWN:
 If the Primary Port WWN begins with 22, change the Secondary Port WWN to
begin with 21.
begin with 22.
Note Dual-ported Seagate FC disk drives, like the drives used in this lab, have one port WWN
that begins with 21 and another port WWN that begins with 22.
Step 6 Click Apply.

Step 7 In Cisco Device Manager, log in to the MDS 9216 Fabric Switch.
Step 8 From Cisco Device Manager, choose IP > iSCSI.

Step 11 Configure the failover path to the iSCSI target with the following settings:
 iSCSI Name: iqn.iscsidiskdrive1
 Port WWN: Click the Port WWN that matches the Secondary Port WWN from
Step 5.
 Initiator Access: Click the List radio button and enter 10.1.x.2/24 (where x is
your pod number).
 Advertised Interfaces: Click the Select from List radio button and check
gigE2/2.

Step 13 The iSCSI Name iqn.iscsidiskdrive1 target will appear in the iSCSI Targets tab.
Step 14 Select the Primary Port WWN and press Ctrl-C to copy the Primary Port WWN.
Step 15 Click within the Secondary Port WWN field and press Ctrl-V to paste the Primary
Port WWN.
Step 16 Double-click the Secondary Port WWN and edit the first two numbers:
begin with 21.
begin with 22.
Step 17 Click Apply.

Step 18 Select the Initiators tab.
Step 19 Double-click the VSAN Membership field.
Step 20 For both iSCSI Initiators, set the VSAN Membership to 2-3. This is necessary
because one port of the JBOD is in VSAN 2 and the other port is in VSAN 3.

Activity Procedure 2: Configure Secondary Port WWNs and iSCSI Targets on the
MDS 9216
Complete these steps if you are configuring the MDS 9216. If you are configuring the MDS
9506, proceed to Task 4.
Step 1 In Cisco Device Manager, choose IP > iSCSI.
Step 3 Select Primary Port WWN and press Ctrl-C to copy the Primary Port WWN.
Step 4 Click within the Secondary Port WWN field and press Ctrl-V to paste the Primary
Port WWN.
Step 5 Double-click the Secondary Port WWN and edit the first two numbers of the WWN:
begin with 21.
begin with 22.
Note Dual-ported Seagate FC disk drives, like the drives used in this lab, have one port WWN
that begins with 21 and another port WWN that begins with 22.
Step 6 Click Apply.

Step 7 In Cisco Device Manager, log in to the MDS 9506 Multilayer Director.
Step 8 Choose IP > iSCSI.
Step 11 Configure the failover path to the iSCSI target with the following settings:
 iSCSI Name: iqn.iscsidiskdrive2
 Port WWN: Select the Port WWN that matches the Secondary Port WWN from
Step 5.
 Initiator Access: Click the List radio button and enter 10.1.x.6/24 (where x is
your pod number).
 Advertised Interfaces: Click the Select from List radio button and check
gigE2/2.

Step 13 The iSCSI Name iqn.iscsidiskdrive2 target will appear in the iSCSI Targets tab.
Step 14 Select Primary Port WWN for the iSCSI Name iqn.iscsidiskdrive2 target and
press Ctrl-C to copy the Primary Port WWN.
Step 15 Click in the Secondary Port WWN field and press Ctrl-V to paste the Primary Port
WWN.

Step 16 Double-click the copied Secondary Port WWN and edit the first two numbers:
begin with 21.
begin with 22.
Step 17 Click Apply.

Step 18 Select the Initiators tab.
Step 19 Double-click the VSAN Membership field.
Step 20 For both iSCSI initiators, set the VSAN Membership to 2-3. This is necessary
because one port of the JBOD is in VSAN 2 and the other port is in VSAN 3.
Task 4: Verifying High Availability
In this task you will demonstrate the reliability of your configuration.
Activity Procedure 1: Test VRRP
Caution Wait until the team working on the other switch and Windows 2000 server are ready to
proceed before you test VRRP. Both teams should work together to perform this procedure.
Complete these steps on your assigned switch and Windows 2000 server:
Step 1 Open the Microsoft iSCSI Initiator control panel.
Step 2 Click the Active Sessions tab from iSCSI Initiator Properties. Click Refresh and
verify that the status is “Connected.”

Step 3 Display the VRRP status on your assigned switch using the show vrrp command.
Your display should resemble the following example:
MDS 9506# show vrrp
Interface VR Status
------------------------------------------
GigabitEthernet2/1 21 master
GigabitEthernet2/2 11 backup
MDS 9216# show vrrp

Interface VR Status
------------------------------------------
GigabitEthernet2/2 21 backup
Step 4 Display the iSCSI session status on both switches with the show iscsi session
command. Your display should resemble the following. Take note of which IP
address is displayed on your switch (10.1.x.2 or 10.1.x.6). At this point, the IP
address should be the IP address of your iSCSI initiator.
Initiator 10.1.22.2
Session #1

Initiator 10.1.22.6
Session #1
Step 5 Disable Gigabit Ethernet port 2/1:

MDS 9506# conf t
MDS 9506(config)# int gig 2/1
MDS 9506(config-if)# shut
MDS 9506(config-if)# end
MDS 9216# conf t

MDS 9216(config)# int gig 2/1
MDS 9216(config-if)# shut
MDS 9216(config-if)# end
Step 6 Return to the Windows 2000 server desktop. In the Microsoft iSCSI Initiator control
panel, observe the status of the active session. Do this on both servers.
Step 7 Click Refresh. The status of both sessions might show “Reconnecting” and then
“Connected” as the virtual router fails over to the switch that is the VRRP backup.
Step 8 Display the VRRP status on both switches with the show vrrp command. Your
MDS 9506# show vrrp
Interface VR Status
-------------------------------------------------------
GigabitEthernet2/1 21 init
MDS 9216# sh vrrp

Interface VR Status
-------------------------------------------------------
GigabitEthernet2/1 11 init

Step 9 Display the iSCSI session status on both switches with the show iscsi session
command. Your display should resemble the following. Note that the initiator that is
connected to each switch is now the initiator that was formerly connected to the
other switch.
Initiator 10.1.22.6
Session #1

Initiator 10.1.22.2
Session #1
Step 10 Reenable Gigabit Ethernet port 2/1 with the no shutdown command.
Step 11 Execute the show vrrp command again and verify that the virtual router interfaces
have returned to their original state as displayed in Step 3.
Activity Procedure 2: Test Target Portal Multipathing
Caution Wait until the team working on the other switch and Windows 2000 server are ready to
proceed before you test target portal multipathing. Both teams should work together to
perform this procedure.
Complete these steps on the specified device:

Step 1 On the MDS 9506 Multilayer Director, disable port fc1/6 (which connects to your
JBOD).
Step 2 On the Active Session tab on both Windows 2000 servers, click Refresh. The status
should still display “Connected” for the active session.
Step 3 Click the Available Targets tab and click Refresh. The status should still display
“Connected” for the target.
Step 4 On the MDS 9506 Multilayer Director, reenable port fc1/6.
Step 5 On the MDS 9216 Fabric Switch, disable port fc1/6.
Step 6 On the Active Session tab on both Windows 2000 servers, click Refresh. The status
should still display “Connected” for the active session.
Step 7 Click the Available Targets tab and click Refresh. The status should still display
“Connected” for the target.
Step 8 On the MDS 9216 Fabric Switch, reenable port fc1/6.
You have successfully completed this task when you attain these results:
 You observe the transfer of VRRP master operations and failover of iSCSI initiators when
disabling Gigabit Ethernet interfaces.
 The status of all iSCSI target sessions remains “Connected” when one of the JBOD
interfaces is disabled.

Lab 3-5 Answer Key: Implementing High-Availability iSCSI
Configurations
activity.
vsan database
vsan 2
vsan 3
iscsi enable
vsan database
vsan 2
vsan 3
vsan 2
vsan 3
static nWWN 24:03:00:0d:ec:09:77:02
static pWWN 24:04:00:0d:ec:09:77:02
pWWN 22:00:00:0c:50:d1:bc:35 secondary-pWWN 21:00:00:0c:50:d1:bc:35
pWWN 21:00:00:0c:50:d1:bc:6d secondary-pWWN 22:00:00:0c:50:d1:bc:6d
interface iscsi2/1
no shutdown
interface iscsi2/2
no shutdown
interface iscsi2/3
interface iscsi2/4
ip address 10.1.22.11 255.255.255.0
no shutdown
vrrp 11
priority 90
address 10.1.22.11
no shutdown
ip address 10.1.22.12 255.255.255.0
no shutdown
vrrp 21
priority 90
address 10.1.22.21
no shutdown
interface fc1/6
no shutdown
interface fc1/7
channel-group auto
no shutdown
interface fc1/8
channel-group auto
no shutdown
interface fc1/9
channel-group auto
no shutdown

Lab 3-6: Troubleshooting IP Storage Services
Complete this lab exercise to practice what you learned in the related lessons.
Activity Objective
In this activity, you will use various CLI commands to diagnose configuration problems with
FCIP and iSCSI. After completing this activity, you will be able to:
 Diagnose and resolve Gigabit Ethernet port, FCIP profile, and FCIP tunnel configuration
errors.
 Diagnose and resolve FCIP high-availability configuration issues.
 Diagnose and resolve basic iSCSI connectivity issues.
 Diagnose and resolve iSCSI high-availability configuration issues.
Required Resources
 An MDS 9506 Multilayer Director switch and an MDS 9216 Fabric Switch: each with an
MDS 9000 IPS Module
 Two Windows 2000 servers, each with a Fibre Channel HBA and the Microsoft iSCSI
Initiator software driver installed
 Configuration files for each of the tasks. The configuration files are stored on the lab
backbone server (BB_Server) at 10.0.0.198.
Command List
Command Description
copy To save a backup of the system software, use the copy

command in EXEC mode.
reload Use the reload command to reboot the system, or to reboot a

specific module.
ping To diagnose basic network connectivity, use the ping (packet

internet groper) command in EXEC mode.
Displays all fabric login (FLOGI) sessions through all interfaces

show flogi database across all VSANs.
show vsan membership Displays information about configured VSAN membership.
show interface brief Displays the summary status of all interfaces.
Displays the status of and statistics for Fiber Channel interface

show interface fcx/y x/y.
show interface port- Displays information on the specified PortChannel interface.

channel x
show ip route Displays the IP routes currently active.
show fcip profile Displays all configured FCIP profiles.
show interface fcip x Displays the status of and statistics for FCIP interface x.
show iscsi global Displays global iSCSI configured information.
show iscsi virtual- Lists all the active iSCSI virtual targets.
target
show vrrp Displays the VRRP configuration information.
Job Aids
Please refer to the tables in Appendix A of the Accessing the Remote Lab section on page 213
to determine the correct IP addresses for the management and Gigabit Ethernet interfaces of the
switches in your pod.

Task 1: Troubleshoot Basic FCIP Configuration Issues
In this task, you will resolve configuration issues with an FCIP tunnel.
Problem Statement
A remote SAN is being set up by a customer storage-testing group to validate new human
resources software. A member of the engineering team used files from the production SAN for
the initial configuration. The engineer modified the files and loaded them on the MDS 9506
Multilayer Director and MDS 9216 Fabric Switch before leaving for an extended sabbatical in
Antarctica. Unfortunately, the engineer did not adequately test the configuration before leaving,
and mobile phones do not appear to work in Antarctica. You have been asked to come in and
resolve the issues.
To complete your task, you must resolve any configuration issues on the MDS 9000 Series
switches, then verify that the Windows 2000 server that is attached to the MDS 9216 Fabric
Switch in your pod can access the JBOD that is attached to the MDS 9506 Multilayer Director
through an FCIP tunnel between the MDS 9000 IPS Modules.
Note There might be more than one item that must be corrected for each problem. You can
troubleshoot them in any order.
Visual Objective
The figure illustrates the configuration that you will troubleshoot in this task.
Activity Procedure 1: Loading the Configuration
Complete these steps to copy and load the Task 1 configuration files:
Step 1 Log in to your MDS 9000 Series Multilayer Switch CLI as admin with password
1234qwer.
# write erase
# reload
Step 3 After the switch has reloaded, run the initial setup to configure the following:
 Admin password: 1234qwer
 Switch name: mdsnnnn-x (where nnnn is 9216 or 9506 and x is your pod
number; for example, Pod 21 is mds9216-21)
 Mgmt0 IP address: 10.0.x.y (where x is your pod number, y is 3 for MDS 9216
and y is 5 for MDS 9506)
 Mgmt0 IP netmask: 255.255.255.0
 Default gateway: 10.0.x.254 (where x is your pod number)
 NTP server IP address: 10.0.x.254 (where x your pod number)
Note Accept the default for all other settings in the initial setup.
Step 4 Copy the starting configuration for this task to your switch running configuration.
Replace the variable x with your pod number.
 If you are working on the MDS 9216 Fabric Switch, use the following
command:
# copy tftp://10.0.0.198/podx/cmse/9216-tt-1 run
 If you are working on the MDS 9506 Multilayer Director, use the following
command:
Step 5 Your prompt should look similar to the following example: (TT1 indicates trouble
ticket 1.)
MDS9216-xx(TT1)#

Activity Procedure 2: Troubleshooting
Complete these steps to begin gathering information:
Step 1 Display the interface table using the show int brief command.
Is the FCIP tunnel up?
 Yes  No
What is the FCIP interface number? _______________________________
Record the Gigabit Ethernet IP address: _______________________________
Step 2 Display all FCIP profiles and record the profile ID using the show fcip profile
command.
FCIP profile ID: ____________________________________________
Step 3 Display your FCIP profile using the show fcip profile x command (where x is your
profile ID).
Is your profile bound to the correct IP address?  Yes  No
Is your profile bound to the correct Gigabit Ethernet port?  Yes  No
Step 4 Enter the show interface fcip 2 command.
Are there any TCP active connections?  Yes  No
Step 5 From the MDS 9216 Fabric Switch, try to ping the Gigabit Ethernet interface of the
MDS 9506 Multilayer Director. Then try pinging in the reverse direction. Complete
the following table:
Ping from, to Successful?
MDS 9216 to MDS 9506  Yes  No
MDS 9506 to MDS 9216  Yes  No
Step 6 Document your IP routing configuration in the following table:
Switch Route
MDS 9216
MDS 9506
Step 7 Display the FLOGI database for both switches. Complete the following table:
Switch Host visible? Storage visible?
MDS 9216  Yes  No  Yes  No
Step 8 Display the FCNS database for both switches. Complete the following table:
Switch Host visible? Storage visible?
Step 9 Document your FCIP profile configurations in the following table:
Switch Profile ID IP Address Status
MDS 9216
MDS 9506
Step 10 Document your FCIP interface configurations in the following table:
Switch Interface ID User Profile Peer IP Address Status

ID
MDS 9216
MDS 9506
Step 11 View your active zone configuration and note any problems in the following table:
Switch Zone configuration problems?
MDS 9216
MDS 9506

You should now have sufficient information to diagnose and correct the problems. Document
your results in the table.
Problem Solution
 The show fcns database command shows that your VSAN contains host and storage ports
from different domains (different switches).
 Your Windows 2000 server can access the JBOD across the FCIP tunnel.
Task 2: Troubleshoot FCIP High-Availability Configuration
Issues
In this task, you will resolve configuration issues with an FCIP high-availability configuration.
Problem Statement
To minimize downtime between sites, your customer has decided to implement redundant
connections for high availability over the WAN, for the customer’s mission-critical OLTP
software. Upon returning from sabbatical in Antarctica, the SAN administrator attempted to
configure a PortChannel between the switches. Unfortunately, the administrator suffered
extreme frostbite during the sabbatical, and cannot type very well. You have been asked to
determine why there is no connectivity between the data centers and to resolve any issues.
To complete your task, you must resolve any configuration issues on the MDS 9000 Series
switches, then verify that the Windows 2000 server that is attached to the MDS 9216 Fabric
Switch in your pod can access the JBOD that is attached to the MDS 9506 Multilayer Director
through the PortChannel between the MDS 9000 IPS Modules.
Visual Objective

Complete these steps to load the Task 2 configuration files:
Step 1 Complete Task 1: Steps 1 to 3 of Activity Procedure 1: Loading the Configuration.
command:
# copy tftp://10.0.0.198/podx/config/cmse/9216-tt-2 run
command:
# copy tftp://10.0.0.198/podx/config/cmse/9506-tt-2 run
Step 3 Your prompt should look similar to the following example. (TT2 indicates trouble
ticket 2.)
MDS9216-xx(TT2)#

Complete these steps to begin gathering information:
Step 1 Display the interface table using the show int brief command.
Are the FCIP tunnels up?  Yes  No
What are the FCIP interface numbers? _______________________________
Record each Gigabit Ethernet IP address:
______________________________ ________________________________
Record the PortChannel ID: _________________________
Step 2 Display all FCIP profiles using the show fcip profile command, and record the
profile ID.
Record the FCIP profile IDs: ________________________
Step 3 Enter the show port-channel database command.
What is the operational state of each interface? __________________
Step 4 Display the PortChannel interface report using the following command:
# show interface port-channel x (where x is the PortChannel number)
What is the operational state? _____________________
Record the allowed VSANs: ________________________
Record the VSANs that are up: _____________________
Problem Solution
 The show fcns database command shows that your VSAN contains host and storage ports
from different domains (different switches).
 Your Windows 2000 server can access the JBOD across the FCIP tunnel.
 You can bring down one of the Gigabit Ethernet interfaces without losing connectivity
from your host to the storage targets.

Task 3: Troubleshoot Basic iSCSI Configuration Issues
In this task, you will resolve basic iSCSI connectivity issues.
Problem Statement
On Friday, you completed a basic iSCSI configuration for a production SAN for your customer.
Over the weekend, one of the customer SAN administrators came into the office and started
going through some labs from their IP storage course—on the production SAN. Now nothing
works, and the administrator has fled the country. You have been tasked with resolving the
problems.
Visual Objective
command:
command:
Step 3 Reboot your switch after you have loaded the configuration file. Use the reload
command.
Step 4 Log in to your switch. Your prompt should look similar to the following example:
(TT3 indicates trouble ticket 3.)
MDS9216-xx(TT3)#

Complete these steps to begin gathering information.
Step 1 Enter the show int fc 1/6 command.
Is the Fibre Channel interface up? Yes No
Step 2 Display the FLOGI database for your switch.
Is the storage visible? Yes No
Step 3 Display the FCNS database for your switch.
Is the storage visible? Yes No
Step 4 Enter the show int gig 2/1 command. Yes No
Is the Gigabit Ethernet interface up? Yes No
What is the IP address of the Gigabit Ethernet interface? _____________
Can you ping your Windows 2000 initiator? Yes No
Step 5 Enter the show int iscsi 2/1 command.
Is the iSCSI interface up? Yes No
Step 6 From your client workstation, determine the following:
What is the IP address of your workstation? ______________
Are the correct iSCSI drivers installed? Yes No
Can you ping the configured discovery address? Yes No
Can you ping from your switch Gigabit Ethernet interface? Yes No

Problem Solution
 Both initiators have access to their configured targets, and the iSCSI initiator driver
remains in an active connection state for discovery and normal iSCSI sessions.
 The output of the sh iscsi session command displays status “active” for initiator session 1
and target session 2.
Task 4: Troubleshooting iSCSI High-Availability Configuration
Issues
In this task, you will resolve configuration issues with iSCSI high-availability features.
Problem Statement
Your customer chose VRRP to provide higher availability for the implementation of iSCSI.
Soon after doing so, someone tripped over a cable that was connected to one of the IPS-8
modules—and the iSCSI hosts lost access to their storage. Claiming that there is a problem
with the VRRP implementation, they call you in again to investigate the problem
Visual Objective

command:
command:
Step 3 Reboot your switch after you have loaded the configuration file. Use the reload
command.
Step 4 Log in to your switch. Your prompt should look similar to the following example:
(TT4 indicates trouble ticket 4.)
MDS9216-xx(TT4)#
Note This task will require you to work closely with the other switch in your pod. You will have to
exchange information with the other people on your team.
Complete these steps to begin gathering information.

Step 1 Confirm the VSAN configuration on your switch.
Has your VSAN been created? Yes No
Has your partner VSAN been created? Yes No
Step 2 Confirm the VRRP configuration on your switch.
Step 3 What is the IP for VRRP group number 101 on the 9506? _____________
What is the IP for VRRP group number 102 on the 9506? _____________
Step 4 Verify the default zone policy in both VSANs.
Is the policy of the default zone permit for both VSANs? Yes No
Step 5 Verify the advertised interfaces of the virtual targets.
Are the advertised interfaces correct? Yes No
Step 6 Verify that authentication is set to none globally and is not configured on the
advertised interfaces.
Is authentication enforced at either level? Yes No
Problem Solution
 Both initiators have access to their configured targets, and the iSCSI initiator driver
remains in an “active” connection state for discovery and normal iSCSI sessions.
 Failover completes successfully when the gigE2/1 port is disabled on either switch.
 Failback completes successfully when the gigE2/1 port is reenabled.

Accessing the Remote Lab
On your local PC or laptop, start Internet Explorer and enter the URL http://www.labgear.net
to access your remote lab pods. A login screen will be displayed as shown in Figure 1.
Note You must use Internet Explorer version 5 or above.
Figure 1. LabGear login screen
Enter the username and password that you have been given and click Login.
The username will be in the form “PXX-nnnnn”, where XX is the number of the equipment pod
you will be using, and nnnnn is the event number for your lab session. The password will be a
short string of five random characters, like “jsdor”.
After You Log In
After you have entered the correct username and password, you will be presented with a
display like that shown in Figure 2.
Figure 2. LabGear Interface After a Successful Login
This is the main lab interface. You will access all of the lab equipment from this interface.
Along the top of the page is a title bar that contains some useful information:
 User: This shows your pod and session ID.
 Pod: You will use this pod number throughout all of the labs.
 Remaining Time: This shows how much time remains in your remote lab session.
Figure 3. Example Title Bar

Connecting to Devices in the Pod
Some devices have Console, MSTS, or VNC labels associated with them. The presence of this
type of label means that you can access the device. Console devices (like the MDS 9216 Fabric
Switch) do not have a graphic display, while MSTS and VNC devices (like the Windows 2000
management workstation) are GUI interfaces. The MDS 9506 Multilayer Director has two
supervisor modules, so there are two console buttons.
Figure 4. Desktops and Consoles
Connecting to Console (Command-Line) Devices
Clicking Console for a particular device brings up a console window from which you can
control a device just as if you were sitting right next to it. You have as much control over the
device as if your PC were directly attached to the device via a serial cable.
Note After you connect to a console device by clicking the Console button, you must press Enter
to see the device’s login prompt. If you do not see a green “online” indicator in the upper
right corner of the window, as shown in Figure 5, or if nothing happens when you press
Enter, you might need to clear the console line as described below.
Figure 5. Example Console Window
Figure 5 shows a typical device console window. The title bar says P22 - MDS9506 This
indicates that you are on Pod 3 and connected to the console of the MDS 9216 in that pod.
Along the bottom of the console window are buttons that allow you to:
 Reconnect to and disconnect from the device.
 Open scratch pads and paste console copy buffer contents to them; you can use scratch
pads as a clipboard to copy and paste text from window to window.
 Send a break signal to the device.
Note If the Tab key does not work for command completion in the CLI, you might need to disable
Sun Java on your local workstation or laptop. To do so, open Internet Explorer, choose
Tools > Internet Options, click the Advanced tab, uncheck Java (Sun), and click OK. If
you do not see the Java (Sun) option in Internet Explorer, click Start > Settings > Control
Panel | Java Plug-in, uncheck Enable Java Plug-in, and click Apply. Be sure to perform
these steps on your workstation or laptop, not on the remote PCs in the lab pod. Restart
your browser after disabling Sun Java.

Connecting to Desktop (GUI) Devices
Clicking on the MSTS for a workstation brings up a remote desktop window from which you
can control the workstation just as if you were sitting at its keyboard. Figure 6 shows a sample
Windows 2000 login screen.
Figure 6. Windows Login Screen
All Windows or Solaris applications that you will use in the labs run on the remote
workstations. For example, to manage a switch in your pod using Cisco Fabric Manager, you
must first log in to one of the workstations in your lab, and then start Cisco Fabric Manager
from the remote desktop.
MSTS and VNC

Two methods are provided for connecting to the Windows 2000 servers in your pod: Microsoft
Terminal Services (MSTS) and Virtual Network Computing (VNC). Use MSTS if possible,
because it has better performance. If MSTS does not work, use VNC instead.
Passwords
Use the following passwords:
 The username for the MDS 9000 Series switches is admin, and the default password is
1234qwer.
 The username for the Windows 2000 servers is administrator, and the password is cisco.
 The VNC password (which might be necessary to access the servers) is cisco1.
If You Get Stuck!
Rarely, a device’s console will not respond to your keystrokes (usually this happens if you have
left the console idle for an extended period). You can clear the console line to regain access to a
device by performing the following procedure.
Along the top of your pod display screen is a menu bar with a number of buttons, as shown in
Figure 7. To clear a console line or power a device on or off, first click the Device
Management button.
Figure 7. Accessing the Device Management Window
Clicking the Device Management button (1) brings up a Device Control window as shown in
Figure 8.
Figure 8. Device Control window
From the Device Control window you can control a device’s power, clear console lines, and
check general device status. Choose a device name, such as the MDS9216 switch (2): The right
side of the window will display the various functions you can perform on that device. You can
apply or remove power, or clear the console line (to free up a hung console session) by clicking
the Clear Console Line button (3).

Daily Pre- and Post-Lab Tasks
At the end of each day, all servers and MDS 9000 Series switches are reimaged. You must save
your switch configuration to the TFTP server at the end of each day, and restore your
configuration from the TFTP server at the start of each day to begin where you finished from
the previous day’s exercises.
Saving Your Session

To save your session at the end of each day:
Step 1 From the LabGear window, choose the Configuration Management menu.
Step 2 Choose Save > Current Config.
Step 3 A progress window will be displayed. Do not close this window until the save
operation is completed.
Figure 9. Saving Your Session
Restoring Your Session

To restore your saved configuration at the beginning of each day:
Step 4 From the LabGear window, choose the Configuration Management menu.
Step 5 Choose Restore> User Configurations> Append Last Saved Config (Fast).
Note Be sure to choose Append Config rather than Restore Config.
Step 6 A progress window will be displayed. Do not close this window until the restore
operation is completed.
Figure 10. Restoring Your Session
Appendix A: Pod Device Names and Addresses
Table 1: mgmt0 IP Addresses MASK = 255.255.255.0
Switch Pod 1 Pod 2 Pod 3 Pod 4 Pod 5 Pod 6

MDS 9216 10.0.1.3 10.0.2.3 10.0.3.3 10.0.4.3 10.0.5.3 10.0.6.3
MDS 9506 10.0.1.5 10.0.2.5 10.0.3.5 10.0.4.5 10.0.5.5 10.0.6.5
Default
10.0.1.254 10.0.2.254 10.0.3.254 10.0.4.254 10.0.5.254 10.0.6.254
gateway
MDS 9216 10.0.7.3 10.0.8.3 10.0.9.3 10.0.10.3 10.0.11.3 10.0.12.3
MDS 9506 10.0.7.5 10.0.8.5 10.0.9.5 10.0.10.5 10.0.11.5 10.0.12.5
Default
10.0.7.254 10.0.8.254 10.0.9.254 10.0.10.254 10.0.11.254 10.0.12.254
gateway
MDS 9216 10.0.13.3 10.0.14.3 10.0.15.3 10.0.16.3 10.0.17.3 10.0.18.3
MDS 9506 10.0.13.5 10.0.14.5 10.0.15.5 10.0.16.5 10.0.17.5 10.0.18.5
Default
10.0.13.254 10.0.14.254 10.0.15.254 10.0.16.254 10.0.17.254 10.0.18.254
gateway
Table 2: FCIP Interfaces MASK = 255.255.255.0
Switch Port Pod 1 Pod 2 Pod 3 Pod 4 Pod 5 Pod 6
MDS 2/1 10.1.1.11 10.1.2.11 10.1.3.11 10.1.4.11 10.1.5.11 10.1.6.11

9216 2/2 10.1.1.12 10.1.2.12 10.1.3.12 10.1.4.12 10.1.5.12 10.1.6.12
MDS 2/1 10.1.1.21 10.1.2.21 10.1.3.21 10.1.4.21 10.1.5.21 10.1.6.21

9506 2/2 10.1.1.22 10.1.2.22 10.1.3.22 10.1.4.22 10.1.5.22 10.1.6.22
MDS 2/1 10.1.7.11 10.1.8.11 10.1.9.11 10.1.10.11 10.1.11.11 10.1.12.11

9216 2/2 10.1.7.12 10.1.8.12 10.1.9.12 10.1.10.12 10.1.11.12 10.1.12.12
MDS 2/1 10.1.7.21 10.1.8.21 10.1.9.21 10.1.10.21 10.1.11.21 10.1.12.21

9506 2/2 10.1.7.22 10.1.8.22 10.1.9.22 10.1.10.22 10.1.11.22 10.1.12.22
MDS 2/1 10.1.13.11 10.1.14.11 10.1.15.11 10.1.16.11 10.1.17.11 10.1.18.11

9216 2/2 10.1.13.12 10.1.14.12 10.1.15.12 10.1.16.12 10.1.17.12 10.1.18.12
MDS 2/1 10.1.13.21 10.1.14.21 10.1.15.21 10.1.16.21 10.1.17.21 10.1.18.21

9506
2/2 10.1.13.22 10.1.14.22 10.1.15.22 10.1.16.22 10.1.17.22 10.1.18.22

Table 3: Domain IDs and Port VSAN assignments
Switch VSAN 2 VSAN 3 VSAN 4 VSAN 5 VSAN 99
Domain ID na na 14 15 92
MDS 9216
Port assignment na na fc1/10 fc1/6 na
Domain ID 12 13 na na 95
MDS 9506
Port assignment fc1/6 fc1/5 na na na
Table 4: Gigabit Ethernet / iSCSI Interfaces MASK = 255.255.255.0
MDS 2/1 10.1.1.11 10.1.2.11 10.1.3.11 10.1.4.11 10.1.5.11 10.1.6.11

9216 2/2 10.1.1.12 10.1.2.12 10.1.3.12 10.1.4.12 10.1.5.12 10.1.6.12
MDS 2/1 10.1.1.21 10.1.2.21 10.1.3.21 10.1.4.21 10.1.5.21 10.1.6.21

9506 2/2 10.1.1.22 10.1.2.22 10.1.3.22 10.1.4.22 10.1.5.22 10.1.6.22
MDS 2/1 10.1.7.11 10.1.8.11 10.1.9.11 10.1.10.11 10.1.11.11 10.1.12.11

9216 2/2 10.1.7.12 10.1.8.12 10.1.9.12 10.1.10.12 10.1.11.12 10.1.12.12
MDS 2/1 10.1.7.21 10.1.8.21 10.1.9.21 10.1.10.21 10.1.11.21 10.1.12.21

9506 2/2 10.1.7.22 10.1.8.22 10.1.9.22 10.1.10.22 10.1.11.22 10.1.12.22
MDS 2/1 10.1.13.11 10.1.14.11 10.1.15.11 10.1.16.11 10.1.17.11 10.1.18.11

9216 2/2 10.1.13.12 10.1.14.12 10.1.15.12 10.1.16.12 10.1.17.12 10.1.18.12
MDS 2/1 10.1.13.21 10.1.14.21 10.1.15.21 10.1.16.21 10.1.17.21 10.1.18.21

9506
2/2 10.1.13.22 10.1.14.22 10.1.15.22 10.1.16.22 10.1.17.22 10.1.18.22

CMSE LG v2 PDF

Uploaded by

Copyright:

Available Formats

You might also like

CMSE LG v2 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CMSE LG v2 PDF

Uploaded by

Copyright:

Available Formats

CMSE

CLS Production Services: 07.15.05

write erase Deletes the existing startup configuration.

reload Reboots the switch.

Displays the time and date set on the MDS 9000

show running Displays the current running configuration.

Copies the current running configuration to the

Displays the status of and statistics for interface fc

show fcip profile Displays the FCIP profile configuration.

show wwn switch Displays the local switch fabric WWN.

© 2005, Cisco Systems, Inc. Lab Guide 3

---- Basic System Configuration Dialog ----

Would you like to enter the basic configuration

Would you like to edit the configuration? (yes/no) [n]:

© 2005, Cisco Systems, Inc. Lab Guide 5

9216# show vsan mem

fc1/9 fc1/11 fc1/12 fc1/13 fc1/14 fc1/15 fc1/16

Task 2: Configuring Gigabit Ethernet Interfaces

© 2005, Cisco Systems, Inc. Lab Guide 7

Step 5 In the configuration dialog box, configure the following settings:

© 2005, Cisco Systems, Inc. Lab Guide 9

Task 3: Configuring FCIP Profiles

© 2005, Cisco Systems, Inc. Lab Guide 11

© 2005, Cisco Systems, Inc. Lab Guide 13

© 2005, Cisco Systems, Inc. Lab Guide 15

Step 3 Click Create and then click Close.

Step 5 Click Close.

© 2005, Cisco Systems, Inc. Lab Guide 17

Task 5: Create and Test a File System in Windows 2000

© 2005, Cisco Systems, Inc. Lab Guide 19

Step 10 In the Welcome to Create Partition Wizard window, click Next.

© 2005, Cisco Systems, Inc. Lab Guide 21

2. Double-click the newly created drive FCIP_Volume icon. A new window

© 2005, Cisco Systems, Inc. Lab Guide 23

show interface port- Displays information on the specified PortChannel interface.

show fcip profile Displays all configured FCIP profiles.

show fcns database Displays the name server entries.

© 2005, Cisco Systems, Inc. Lab Guide 25

Task 2: Configure Two FCIP Tunnels

© 2005, Cisco Systems, Inc. Lab Guide 27

Step 4 Click Next to continue.

© 2005, Cisco Systems, Inc. Lab Guide 29

Step 8 Click Yes to enable the FCIP feature on both switches.

© 2005, Cisco Systems, Inc. Lab Guide 31

© 2005, Cisco Systems, Inc. Lab Guide 33

Step 8 Record the PortChannel number: ____________________

© 2005, Cisco Systems, Inc. Lab Guide 35

© 2005, Cisco Systems, Inc. Lab Guide 37

© 2005, Cisco Systems, Inc. Lab Guide 39

show ivr Displays IVR configuration information.

show ivr vsan-topology Displays the current IVR topology.

Displays the name server entries for the specified

Domain IDs and Port VSAN Assignments

Switch VSAN 2 VSAN 3 VSAN 4 VSAN 5 VSAN 99

Step 5 Click Close.

© 2005, Cisco Systems, Inc. Lab Guide 41

© 2005, Cisco Systems, Inc. Lab Guide 43

Step 3 Click Create and then click Close.