Cisco SFS 7000 Series Product Family Command Reference, Release 2.7.0
Using the CLI
Download this chapter
Using the CLIUsing the CLI
Download the complete book
Full Book PDFFull Book PDF (PDF - 4 MB)
 Feedback

Table Of Contents

Using the CLI

Setting up the Switch

Starting A CLI Session

Logging In

Authentication

Customizing the Login Prompt

Entering CLI Modes

Using User Execute Mode

Using Privileged Execute Mode

Using Global Configuration Mode

Exiting CLI Modes

Quick Help

Command Abbreviation

Editing the CLI

Exiting the CLI Session

Specifying Modules and Ports

Slot#/Port# Pairs

Ranges

Lists

The "all" Keyword

Using the Documentation

Synopsis

Syntax

Platform Availability

Command Modes

Privilege Level

Usage Guidelines

Examples

Defaults

Related Commands


Using the CLI

This chapter provides a general overview of the Cisco Server Switch command line interface (CLI). It describes how to start a CLI session, how to enter commands, and how to view online help. Details about individual commands appear later in this document.

The following sections appear in this chapter:

Setting up the Switch

Starting A CLI Session

Entering CLI Modes

Exiting CLI Modes

Quick Help

Editing the CLI

Exiting the CLI Session

Specifying Modules and Ports

Using the Documentation

Setting up the Switch

The first time that you access your Server Switch, you must connect a management station, such as a PC or Linux terminal, to the Serial Console port on your Server Switch. After you establish this connection, you can configure the management ports on your Server Switch so that you can perform configuration tasks with a telnet session, Element Manager, or Chassis Manager.

Note SFS Server Switch product configurations with TopspinOS release 2.3.x and higher use a 128-bit MD5-based hashing scheme to store passwords.

To configure a Server Switch through the Serial Console port, perform the following steps:

Step 1 Connect a PC or terminal to the Serial Console port. For detailed instructions, see the appropriate hardware guide for your Server Switch model.

Step 2 Open a terminal emulation program (such as HyperTerminal for Windows), and configure session parameters as follows:

Baud: 9600 b/s

Data Bits: 8

Parity: None

Stop Bits: 1

Flow control: None

Step 3 Attach both power plugs to the Server Switch chassis to power up the Server Switch. The CLI login prompt appears on the management station terminal.

Starting A CLI Session

The CLI login prompt automatically appears in a terminal window when you connect the serial port of a computer to the Serial Console port. It also appears when you launch a telnet session to an Ethernet Management port. The user account that you use to log in determines your level of access. By default, you can log in as "super," "admin," or "guest." Table 1-1 lists and describes user login privileges.

Table 1-1 Privilege Levels 

User Log-in
Privileges

super

The super user has unrestricted privileges. Use this account for initial configuration. This user may view and modify a configuration, as well as administer user accounts and access privileges. This user configures the console and management ports for initial Server Switch setup. This login uses "super" as the default password.

admin

The admin user has general read-write privileges. This user may view and modify the current configuration. However, the admin user can change only its own user information, such as the admin password. This login uses "admin" as the default password.

guest

The guest user has read-only privileges. This user may only view the current configuration. The guest user cannot make any changes during the CLI session. When you first bring up your Server Switch, you must enable this login. (See the "username" section). This login uses "guest" as the default password.


In addition to the default user accounts described above, there are administrative roles that may be assigned to individual user accounts. Roles allow granular levels of privileges. For example, you can create separate FibreChannel, Ethernet, or InfiniBand administrators, who only need access to specific subsystems. The Server Switch combines multiple roles with read and read-write access for flexible control.

Note If a user does not have access to particular functionality, that functionality will not appear in the CLI, on-line help, or any GUI management windows.

The unrestricted (super) administrator assigns these roles. Table 1-2 lists and describes these access levels.

Table 1-2 Access Levels 

Role
Description

ib-ro

InfiniBand read-only access.

ib-rw

InfiniBand read-write access.

ip-ethernet-ro

Ethernet read-only access.

ip-ethernet-rw

Ethernet read-write access.

fc-ro

FibreChannel read-only access.

fc-rw

FibreChannel read-write access.

unrestricted-rw

Read-write access to all network configuration commands.


To configure accounts, see the username command in the "username" section.

Logging In

At the CLI prompt, enter the appropriate username and password to log in as the super user. 

 Login: super

Password: xxxxx

SFS-7000P>

You are now logged in as an administrator and can view and configure the CLI configuration.

Note Server Switches support up to three concurrent CLI sessions.

Authentication

You can use any of the authentication methods shown in Table 1-3.

Table 1-3 Authentication Methods for Logging In

Authentication
How it Works

local

Verifies against the chassis database.

local and then RADIUS

Verifies against the chassis database then checks the RADIUS server.

RADIUS and then local

Checks the RADIUS server and then verifies against the chassis database.

local and then TACAS

Verifies against the chassis database then checks the TACAS client.

TACAS and then local

Checks the TACAS client and then verifies against the chassis database.


When local authentication is in effect and a user logs in, the user must be configured as a CLI user. The login username and password are verified against the local CLI user database. If a match is found, the login succeeds, and the user is assigned a pre-configured privilege level.

When TACACS+ authentication is in effect, the login username and password are passed to the TACACS+ server for verification. The TACACS+ server verifies the login username and password, and it sends back a reply. No TACACS+ user information is stored locally. The show user all command shows local users only.

The config TACACS-server host command (see config TACACS-server host) configures the IP address of TACACS+ servers. There can be three TACACS+ servers configured. The first server is queried, the second server is queried if the first server is not reachable, and the third server is queried if the both of the other servers are not reachable.

Cisco supports only TACACS+ authentication; therefore, no privilege level is verified against the TACACS+ server. All users authenticated by the TACACS+ server are given unrestricted rights. If a TACACS+ user makes changes to system configuration, the log will include the TACACS+ username and the config information, just as it does for a local user.

Like RADIUS users, the TACACS+ users do not have associating SNMP community strings. There are no SNMP logins for TACACS+ users.

Note The following are limitations to TACACS+ authentication:
TACACS+ authorization and accounting are not supported.
TACACS+ single-connection not supported. Each login authentication makes its own connection to the TACACS+ server.
TACACS+ user privilege level is always unrestricted.

Customizing the Login Prompt

The CLI checks the file login-banner for customized text to include in the prompt. Use the copy command to place a file named login-banner in the config directory of the switch. You can do this with FTP:

copy ftp://user:xxx.x.x.x/my-banner config:login-banner

Entering CLI Modes

The CLI uses the following three command modes:

User Execute mode

Privileged Execute mode

Global Configuration mode

Note Global Configuration mode includes a number of submodes.

The commands that you can execute depend upon the current command mode and your user login. You may enter a question mark (?) at the CLI prompt to list the commands available to the current user identity in the current mode.

Using User Execute Mode

All CLI sessions begin in User Execute mode. This mode provides commands for viewing some of the system configuration and some user information. Guest users may only work in User Exec mode. From User Exec mode, authorized users can access Privileged Execute mode.

Using Privileged Execute Mode

When you enter the enable command in User Execute mode, you enter Privileged Execute mode. From Privileged Exec mode, you can view the entire system configuration and all user information. From this mode, you can perform certain high-level administrative tasks, such as save the current configuration and set the system clock. You can also access Global Configuration mode. You must enter Privileged Execute mode before you can enter Global Configuration mode. Only administrative and unrestricted users may enter Privileged Exec mode. 

 # telnet SFS-7000P

Login: super

Password: xxxx

SFS-7000P> enable

SFS-7000P#

Mode changes are reflected in changes to the CLI prompt. When you transition from User Exec mode to Privileged Exec mode, the prompt changes from SFS-7000P> to SFS-7000P#.

Using Global Configuration Mode

You enter Global Configuration mode from Privileged Exec mode. Global Configuration (config) mode configures system-level attributes, such as SNMP, SNMP agents, and networks. To enter config mode, enter either the configure terminal or the configure command in Privileged Exec mode. 

 SFS-7000P# configure terminal

SFS-7000P(config)#

When you transition from Privileged Execute to Global Configuration mode, the prompt changes from SFS-7000P# to SFS-7000P(config)#.

To configure particular elements of the Server Switch, you must enter a configuration submode specific to that element. All Ethernet, FibreChannel, and InfiniBand configuration occurs in submodes. In submodes, you can assign IP addresses to interface gateway ports, set connection speeds, set connection types, and so on.

To enter the Ethernet Interface Configuration (config-if-ether) submode from Global Configuration mode, enter the interface command, specify the interface type, and specify the port(s) to configure. 

 SFS-7000P(config)# interface ethernet 4/1-4/4

SFS-7000P(config-if-ether-4/1-4/4)#

The commands that you enter in a configuration submode apply to the specified modules and ports. The Ethernet Management port, however, does not require you to specify a port number because there is only one active Ethernet Management port during a system session. 

 SFS-7000P(config)# interface mgmt-ethernet

SFS-7000P(config-if-mgmt-ethernet)#

Exiting CLI Modes

Most commands are mode-dependent. For example, you can configure clock settings in Global Configuration mode only. To configure the system, you must enter and exit CLI modes. The exit command returns you to the previous mode. 

 SFS-90(config-if-fc-5/1)# exit

SFS-90(config)# exit

SFS-90#

Note If you enter the exit command in User Exec mode or Privileged Exec mode, your telnet session ends.

You may also enter the exit command with the all keyword to return to User Exec mode in one step. 

 SFS-90(config-if-fc-5/1)# exit all

SFS-90>

To return to User Exec mode from Privileged Exec mode, enter the disable command. 

 SFS-90# disable

SFS-90>

Quick Help

You can enter the question mark (?) at the CLI prompt to display one of three types of user information.

Step 1 Enter a question mark (?) at the CLI prompt at any time to display the commands that you can enter. Only those commands that are appropriate to the current mode and user login appear. 

 SFS-7000P> ?

Exec Commands:

 broadcast            - Write message to all users logged in

 enable               - Turn on privileged commands

 exit                 - Exit current mode

 help                 - Show command help

 history              - Show command history

 login                - Login as a different user

 logout               - Logout of this system

 ping                 - Send echo messages

 show                 - Show running system information

 terminal             - Set terminal line parameters

 who                  - Display users currently logged in

 write                - Write text to another user

Step 2 Enter part of a command string, and end it with a question mark (?) to display options that you can use to complete the string. 

 SFS-7000P> b?

 broadcast

Step 3 Enter a command (or enough of a command for the CLI to uniquely identify it), and then enter a space and a question mark (?) to display available arguments to follow the command. 

 SFS-7000P> broadcast ?

 String               - Message to broadcast. Enclose multi-word strings within

                        double-quotes.


SFS-7000P> broadcast

After the CLI displays the help information, the Server Switch prints the command string up to the question mark on the input line and waits for you to complete the string. You do not have to retype the string.

Command Abbreviation

To facilitate command entry, you do not need to enter CLI commands in their entirety. You may enter just enough of each command or argument to make it uniquely identifiable.

When enough characters have been entered to uniquely identify a command or keyword in a command string, you may leave the partially-typed command or keyword, enter a space, and then add additional keywords or arguments, or you can press the Tab key to complete the commands or keywords to improve readability. 

 SFS-7000P(config)# fc ?

 srp                  - Configure FC SRP

 srp-global           - Configure FC SRP-global parameters

SFS-7000P(config)# fc srp- ?

 enable               - Enable FC SRP

 gateway-portmask-pol - Configure FC SRP-global gateway-portmask-policy

 itl                  - Configure FC SRP-global ITL

 lun-policy           - Configure FC SRP-global lun-policy

 target-portmask-poli - Configure FC SRP-global target portmask policy

SFS-7000P(config)# fc srp- gate ?

 restricted           - Configure FC SRP gateway-portmask-policy restricted

SFS-7000P(config)# fc srp- gate res ?

<cr>

SFS-7000P(config)# fc srp- gate res

In the preceding example, srp- is short for srp-global, gate is short for gateway-portmask-policy, and res is short for restricted.

Editing the CLI

Command-line editing lets you modify a command line command that you have just entered or a command line that you entered previously in the CLI session. The CLI supports a variety of ways to move about and edit the currently displayed command line. Table 1-4 lists and describes these options.

Table 1-4 Key Stroke Shortcuts 

Key Strokes
Description

Ctrl-a

Moves the cursor to the beginning of the line.

Ctrl-b

Moves the cursor left (back) one character.

Ctrl-d

Deletes the current character.

Ctrl-e

Moves the cursor to the end of the line.

Ctrl-f

Moves the cursor to the right (forward) one character.

Ctrl-k

Deletes text from cursor to the end of the line.

Ctrl-l

Refreshes the input line.

Ctrl-n

Displays the next command in the history queue.

Ctrl-p

Displays the previous command in the history queue.

Ctrl-q

Returns to User Exec mode.

Note If a command is entered on the command line, execute the command before returning to User Execute mode.

Ctrl-t

Transposes the current and previous characters.

Ctrl-u

Deletes all text to the left of the cursor.

Ctrl-w

Deletes the text of a word up to cursor.

Ctrl-z

Returns you to Privileged Exec mode.

Esc-b

Moves the cursor left (back) one word.

Esc-c

Converts characters, from the cursor to the end of the word, to upper case.

Esc-d

Deletes characters from the cursor through remainder of the word.

Esc-f

Moves the cursor right (forward) one word.

Esc-l

Converts characters, from the cursor to the end of the word, to lower case.

down-arrow

Displays the next command in the history queue.

up-arrow

Displays the previous command in the history queue.

left-arrow

Moves the cursor left (back) one character.

right-arrow

Moves the cursor right (forward) one character.


Exiting the CLI Session

To exit the CLI session, return to User Exec mode or Privileged Exec mode, and enter the logout command or the exit command. The CLI session ends. 

 SFS-90(config-if-fc-5/1)# exit all

SFS-90> logout

Login:

Note If you use Telnet or SSH to run a remote CLI session, the connection closes when you log out. Conversely, when you terminate a telnet or SSH session, you log out of the Server Switch.

Specifying Modules and Ports

To configure one or more ports on one or more modules, specify the ports when you enter the configuration submode. Many CLI commands allow you to enter the following:

A slot#/port# pair.

A range of pairs.

A list of pairs.

The all keyword.

Slot#/Port# Pairs

A slot#/port# pair (sometimes referred to as the card#/port# pair) is a slash-separated (/) pair of numbers. The first number indicates the slot in which the interface module resides, and the second number represents a port on that module. See your hardware documentation to identify slot numbers and port numbers.

Note With hardware platforms with no removable modules, such as the Cisco 4x InfiniBand Switch Module for IBM BladeCenter, or the Cisco SFS 7000, the slot number defaults to 1.

Ranges

A range is a dash-separated (-) set of two slot#/port# pairs. A range may span multiple modules of the same interface type. Module and port numbers in a range must both appear in ascending order. That is, specify the lower module and port number in the first slot#/port# pair and the higher module and port number in the second slot#/port# pair.

Note Do not insert spaces between elements in the range.

The range 3/2-4/3 indicates all ports starting with module 3, port 2, up to and including module 4, and port 3. (This example assumes that modules 3 and 4 are of the same interface type.)

Lists

A list is a comma-separated (,) series of slot#/port# pairs and/or ranges. Sequencing of pairs in the list is not important. You may specify pairs in any order you wish; however, the data returned is displayed in numerical sequence with the lowest slot#/port# pair first. Do not insert spaces between elements in the list. For example, 3/1,3/3,4/3 indicates ports 1 and 3 on interface module 3 and port 3 on interface module 4. (This example assumes that modules 3 and 4 are of the same interface type.) You can include ranges in lists.

3/1,4/1-4/4,5/1

The preceding example assumes that modules 3, 4, and 5 are of the same interface type.

The "all" Keyword

The all keyword indicates all the ports of all the modules of a specific type of interface. That is, all Ethernet, FibreChannel, or InfiniBand interface modules. The subsequent prompt will appear as though you entered the ports as a list.

Using the Documentation

The command descriptions in this book provide quick access to the information about each command. This book divides each command description into subsections, so you can go directly to the desired information.

Synopsis

The Synopsis subsection provides a brief, high-level description of the command.

Syntax

The Syntax subsection provides the command syntax. The following conventions apply:

Text in bold font represents text that you enter exactly as it appears.

Text in italicized font represents variables that you replace with actual values when you enter a command at the command line.

Square brackets ([,]) enclose optional syntax. Do not enter square brackets in the CLI.

Braces ({,}) enclose required syntax choices. Do not enter braces in the CLI.

The pipe character (|) delineates between selections in syntax. That is, if command X requires argument Y or argument Z, but not both at the same time, the syntax will appear as follows:

X {Y | Z}

A table that describes all syntax arguments follows the syntax line(s).

Note Input strings, such as device names and descriptions, must be contiguous without any intervening spaces or blanks. In the event that you wish to enter a multi-word string, enclose the string within double-quotes (","); otherwise the CLI parses each word as a separate argument, which results in a syntax violation.

Platform Availability

The platform subsection indicates the platform or platforms (such as Cisco SFS 3001, Cisco SFS 7000, Cisco SFS 7008, Cisco SFS 3012, InfiniBand Switch Module for IBM BladeCenter) on which you may execute the command.

Command Modes

The Command Modes subsection indicates the command mode or submode that you must enter to execute the command.

Privilege Level

The Privilege Level subsection indicates the user permissions that are required to execute the command. For example, there are commands that only an unrestricted read-write user (for example, a super user) can execute that a user with general read-write permissions (admin) cannot.

Usage Guidelines

The Usage Guidelines subsection supplies additional information and details to help you use a command to its full potential.

Examples

The examples subsection shows actual command entry and CLI output. 

 SFS-7000P# show interface gateway 5

=============================Gateway Information================================

                  gateway : 5

                     name : 5/0

                     type : fc-gateway

                     desc : 5/0 (320)

              last-change : none

                      mtu : 0

             admin-status : up

              oper-status : up

SFS-7000P#

Defaults

The Defaults subsection lists command default behavior or values.

Related Commands

The Related Commands subsection provides hypertext links to related CLI commands.