About this Course

Configuring Cisco MDS 9000 Series Switches (DCMDS) v1.0 is a five-day lecture and lab course, using NX-OS v5.2.6b & DCNM v6.1.2, that provides students with fundamental skills in configuring Cisco MDS 9000 Series switches.

Course topics include setting up the switch, configuring interfaces, virtual SANs (VSANs), domains, zones, PortChannels, management security, and Fibre Channel over IP (FCIP) tunnels.

Audience Profile

The primary audience for this course is as follows:

• Field engineers

The secondary audience for this course is as follows:

• Systems engineers

At Course Completion

Upon completing this course, the learner will be able to meet these overall objectives:

• Identify the components, services, and features of the Cisco MDS 9000 Series switch platform that can be used to improve the availability, scalability, performance, and manageability of the SAN
• Describe how to install and configure the Cisco MDS 9000 switch and perform the initial software configuration process
• Explain how to implement the logical topology that is specified by a SAN design, so that connectivity between end devices can be verified
• Describe the traffic management features associated with Intelligent Network Services for the Cisco MDS 9000 switches in order to configure basic traffic management services for the SAN
• Describe how to configure Fibre Channel over Ethernet (FCoE), modules on Cisco MDS 9500 Series switches
• Explain how to implement security so that management access is secure, and that only trusted devices are allowed to connect to the fabric.
• Describe how to use FCIP to implement appropriate solutions for SAN extension solutions

Prerequisites

The knowledge and skills that a student must have before attending this course are these:

• Basic understanding of data storage hardware components and protocols, including SCSI and Fibre Channel
• Basic understanding of network protocols, including Ethernet and IP
• Recommended: Cisco CCNA certification

Course Outline

Module 1: Cisco MDS 9000 Series Switch Platform

Lesson 1:

Introducing the Cisco MDS 9000 Series Switch Platform This lesson is an overview of Cisco MDS 9000 Series Multilayer Switches, including director-class switches, and the line card modules that provide device connectivity. Upon completing this lesson, the student will be able to describe the components of the Cisco MDS 9000 Series switch platform in order to select the appropriate components for the SAN environment. This ability includes being able to meet these objectives:

• Describe Cisco MDS 9100, MDS 9200, and MDS 9500 Series fabric switches
• Describe Cisco MDS 9000 Series line card modules
• Describe Cisco MDS 9500 Series Supervisor Modules
• Describe Cisco MDS 9500 Series Fabric Modules

Lesson 2:

Implementing Integrated Management This lesson describes and explains the configuration and the use of Cisco Nexus Operating System (NX-OS) on the Cisco MDS 9000 Series and Cisco Nexus product lines. It also describes the features and applications of Cisco Data Center Network Manager for SAN (Cisco DCNM-SAN). It closes with a description of the Cisco Performance Manager and the Cisco Traffic Analyzer. Upon completing this lesson, the student will be able to describe the Cisco NX-OS Management Services provided by the Cisco MDS 9000 Series switches and identify access to the CLI through the console and Mgmt0 interfaces. This ability includes being able to meet these objectives:

• Explain the architecture of Cisco NX-OS on the Cisco MDS 9000 Series and Cisco Nexus product lines
• Describe the Cisco NX-OS CLI and explain how it is used to configure the Cisco MDS 9000 Series switches and obtain status information
• Describe the installation, connectivity, functions, and capabilities of Cisco DCNM-SAN standalone
• Describe how to manage a Cisco MDS Series switch or director using the Cisco MDS management software tool
• Describe the architecture and features of the Cisco DCNM-SAN Server
• Describe the capabilities and applications of Cisco Performance Manager and Cisco Traffic Analyzer

Module 2: System Installation and Initial Configuration

Lesson 1:

Performing the Initial Switch Configuration When an MDS switch is restarted, the switch goes through a boot sequence to load the kickstart and system files from the internal bootflash. This lesson explains the boot sequence, and then explains how to perform the initial switch configuration process and install Cisco Data Center Network Manager for SAN and Cisco Device Manager.Upon completing this lesson, the student will be able to perform the initial switch configuration process and install Cisco DCNM-SAN and Cisco Device Manager. This ability includes being able to meet these objectives:

• Describe the boot sequence and purpose of each of the system memory areas
• Describe the steps necessary to complete the initial setup routine on a newly installed switch
• Describe the purpose and settings of default values to manage the switch successfully
• Outline the process for completing the initial switch configuration and for creating a simple SAN using Cisco DCNM-SAN and Cisco Device Manager
• Explain the setup of the classroom lab environment

Lesson 2:

Installing and Licensing Cisco NX-OS Software This lesson describes each of the NX-OS licenses packages and what is provided.Upon completing this lesson, the student will be able to explain the installation and licensing of Cisco NX-OS software. This ability includes being able to meet these objectives:

• Describe the software licensing practices for the Cisco MDS 9000 Series
• Describe the guidelines for successful image installation and upgrade
• Describe the mechanisms for upgrading the Cisco MDS 9000 Series switch software image
• Describe how to successfully downgrade a Cisco NX-OS version that is incompatible with the current configuration

Module 3: Building a SAN Fabric

Lesson 1:

Configuring Interfaces This lesson describes how to configure Fibre Channel interfaces. It also describes the various port modes available in a SAN.Upon completing this lesson, the student will be able to configure Fiber Channel interfaces. This ability includes being able to meet these objectives:

• Describe the basic interface configuration that is required on the switch
• Describe the guidelines for configuring bandwidth
• Describe the different BB_Credits available on the Cisco MDS 9000 Series switch and modules
• Describe the trunking feature of the Cisco MDS 9000 Series switches

• Lesson 2:

• Using FLOGI and FCNS Databases This lesson describes the fabric login (FLOGI) and the Fibre Channel Name Server (FCNS) databases.Upon completing this lesson, the student will be able to explain the use of fabric login (FLOGI) and FCNS databases. This ability includes being able to meet these objectives:

• Describe the device login sequence
• Describe the use of the FLOGI and FCNS database for device registration
• Describe the function of Fibre Channel ID (FCID) persistenc

Lesson 3:

Configuring VSANs This lesson explains how virtual storage area networks (VSANs) can be used in a physical SAN fabric, how to configure VSANs, and the purpose of the default VSAN.Upon completing this lesson, the student will be able to explain how to configure VSANs. This ability includes being able to meet these objectives:

• Describe how VSANs provide logical separation of Fabric Services in a unified physical infrastructure
• Describe the process of creating VSANs and assigning interface members
• Describe the process for displaying the attributes of configured VSANs
• Present and describe the recommended practices for creating and managing VSAN

Lesson 4:

Managing Domains This lesson explains the purpose of Fibre Channel domains, their behavior in a virtual storage area network (VSAN) environment, and how to prevent fabric isolation. The lesson describes how the Cisco MDS 9000 Series Multilayer Switches allocate Fibre Channel IDs (FCIDs) and describes how to configure static domain IDs and FCID.After completing this lesson, the student will be able to explain the purpose of Fibre Channel domains, their behavior in a virtual storage area network (VSAN) environment, and how to prevent fabric isolation. This ability includes being able to meet these objectives:

• Describe how to configure domain IDs within a VSAN
• Configure the principal switch priority
• Describe the steps to manually configure domain ID settings
• Describe how to view configured and run-time fcdomain information from the CLI and Cisco Device Manager
• Configure Cisco Fabric Services distribution of allowed domain ID lists
• List and describe the configuration settings that determine whether switches achieve adjacency or become isolated during a fabric merge event
• Describe the effects of configuring the auto-reconfigure, rcf-reject, and fcdomain options for fabric merge options

Lesson 5:

Configuring Cisco NPV and NPIV This lesson explains the Cisco N-Port Virtualizer (NPV) and N-Port ID Virtualization (NPIV).Upon completing this lesson, the student will be able to configure both the Cisco NPV and NPIV. This ability includes being able to meet these objectives:

• Describe the benefits of Cisco NPV
• Describe how NPIV provides a means to assign multiple FCID to a single N Port

Lesson 6:

Configuring PortChannels This lesson describes how to configure and manage PortChannels and trunking fabric ports (TF Ports).Upon completing this lesson, the student will be able to configure PortChannels. This ability includes being able to meet these objectives:

• Describe the purpose and use of PortChannel functionality on the Cisco MDS 9000 Series Multilayer Switches
• Explain how to configure PortChannels
• Describe the interface configuration for a PortChannel, including interface addition and deletion
• Describe how to configure the PortChannel protocol
• Describe how to configure F and TF PortChannels
• Explain how to verify the PortChannel configuration

Lesson 7:

Configuring Distributed Device Aliases This lesson explains the difference between a Fibre Channel alias and a distributed device alias. It also covers the use and the proper configuration of a distributed device alias. Upon completing this lesson, the student will be able to configure distributed device aliases. This ability includes being able to meet these objectives:

• Describe the function of distributed device aliases
• Describe the function of existing zone aliases
• Explain how to configure the distributed device alias database
• Explain how to configure distributed device aliases in a multiswitch fabric
• Explain how to verify the distributed device alias database configuration

Lesson 8:

Implementing Zoning This lesson explains the differences between basic and enhanced zoning, how to configure zoning, and how to manage zone sets. The lesson also discusses the causes of zone merge conflicts and the tools available on the Cisco MDS 9000 Series Multilayer Switches to identify and resolve conflicts in the SAN.Upon completing this lesson, the student will be able to implement zoning. This ability includes being able to meet these objectives:

• Describe the purpose and use of zoning within Fibre Channel SANs
• Describe the zone configuration process
• Explain how to verify the zone configuration
• Describe how to configure zone set distribution
• Explain how to merge zones and zone configurations without causing fabric disruption
• Explain how to recover from a zone merge failure
• Describe how to rename, clone, copy, back up, and restore a zone set
• Describe the enhanced zoning feature and configuration requirements
• Describe the process of committing configuration changes to the zone database in enhanced mode
• Describe how to configure and use zone attribute groups
• Describe read-only zone features and configuration
• Describe recommended zoning practices

Module 4: Intelligent SAN Fabric Services

Lesson 1:

Implementing Cisco MDS Data MobilityManager Data migration is the process of copying data from an existing storage device to a new storage device. This lesson discusses the Cisco MDS Data MobilityManager (DMM) for the Cisco MDS 9000 Switch family and its configuration process.Upon completing this lesson, the student will be able to explain how to configure the Cisco MDS Data MobilityManager (DMM) feature. This ability includes being able to meet these objectives:

• Describe the purpose of the Cisco DMM
• Describe DMM SAN topologies
• Describe how to install and configure the Cisco DMM software and prepare for data migration
• Describe how to use the DMM GUI for data migratio

Lesson 2:

Implementing Cisco SANTap This lesson is an overview of Cisco MDS 9000 SANTap service. Cisco SANTap is one of the Intelligent Storage Services features supported on the Storage Services Module Series.Upon completing this lesson, the student will describe the purpose of the Cisco SANTap and how it can be configured to support nondisruptive data migration between data centers. This ability includes being able to meet these objectives:

• Describe the deployment of Cisco SANTap Services
• Describe how to install and configure Cisco SANTap

Lesson 3:

Monitoring Traffic Flow This lesson is an overview of how to monitor all of the network traffic flow on the SAN fabric.Upon completing this lesson, the student will be able to explain how to capture and monitor Fibre Channel Protocol data.This lesson explains how to use Wireshark and SPAN ports to capture Fibre Channel Protocol traffic for analysis and how to use the built-in Cisco Fabric Analyzer to monitor traffic flow to and from the supervisor. This ability includes being able to meet these objectives:

• Describe how to configure a SPAN session
• Explain the capabilities and limitations of RSPAN sessions
• Describe how to install and configure the Cisco MDS 9000 Port Analyzer Adapter
• Explain the use of the Cisco Fabric Analyzer feature
• Describe how to configure Wireshark to capture and view protocol traces

Module 5: Fibre Channel over Ethernet Implementation

Lesson 1:

Fibre Channel over Ethernet This lesson explains FCoE. The student will discover the advantages of FCoE, how the Data Center Bridging Exchange (DCBX) protocol eases discovery and configuration of Data Center Bridging (DCB) capable devices, and what features a DCB capable device can provide. Upon completing this lesson, the student will be able to describe the FCoE, DCBX and DCB features of the Cisco MDS 9000 Switch. This ability includes being able to meet these objectives:

• Describe the consolidation benefits of Unified I/O and the data center Ethernet enhancements that provide a lossless fabric.
• Explain the FCoE protocol and how Fibre Channel frames are encapsulated in Ethernet frames.
• Describe the FCoE adapters and software stack, and explain their features and benefits.
• Explain the FCoE addressing scheme and how an FCoE node can acquire a unique MAC address from the FCoE Forwarder (FCF).
• Describe FCoE Initialization Protocol (FIP).

Lesson 2:

Configuring Multihop FCoE on the MDS 9500 This lesson describes how to configure the Cisco MDS 9500 Series modules to enable multihop FCoE traffic in a SAN environment. Upon completing this lesson, the student will be able to configure the Cisco MDS9500 Series for FCoE. This ability includes being able to meet these objectives:

• Describe the use of FCoE modules on the Cisco MDS 9500 Series directors
• Describe how the MDS 9500 Series can be configured to enable multihop FCoE frames to traverse a Unified Fabric

Module 6: Security Implementation

Lesson 1:

Improving Management Security Management security in the Cisco MDS 9000 Series switches provides security to all management access methods including the CLI or Simple Network Management Protocol (SNMP). You can access the CLI using the console (serial connection), through Telnet, or SSH. Normal SNMP security mechanisms apply to all applications that use SNMPfor example, Cisco Data Center Network Manager (DCNM) for SAN and Cisco Device Manager.Role-based access control (RBAC) limits access to switch operations by assigning users to roles. The Cisco MDS 9000 Series switches perform authentication that is based on roles. The switch supports two roles: network-administrator and network operator. Upon completing this lesson, the student will be able to explain how to configure secure management protocols and role-based access control. The student will be able to meet these objectives:

• Describe the secure protocols that can be employed to provide secure access to Cisco MDS 9000 Series management ports
• Describe how to configure SSH services including how digital certificates can be used to enhance scalability and management of SSH
• Describe the use of RBAC for secure SAN management and the RBAC configuration step

Lesson 2:

Configuring AAA Services The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a Cisco MDS 9000 Series Switch. The MDS switch uses Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control device Plus (TACACS+) protocols, or Lightweight Directory Access Protocol (LDAP) to provide solutions using local or remote AAA servers.Based on the user ID and the password combination that is provided, switches perform local authentication or authorization using the local database or remote authentication or authorization using AAA servers. A preshared secret key provides security for communication between the switch and AAA servers. This secret key can be configured for all AAA servers or for only a specific AAA server. This security mechanism provides a central management capability for AAA servers.Upon completing this lesson, the student will be able to describe and configure AAA service options on the Cisco MDS900 Series. The student will be able to meet these objectives:

• Describe the AAA solutions and services that are available on the Cisco MDS 9000 Series switch platform
• Describe the authentication process and how to implement AAA services
• Configure AAA service options for server monitoring and directed requests
• Explain the process of distributing AAA configurations when using Cisco Fabric Services
• Configure NTP services

Lesson 3:

Implementing Port and Fabric Security All switches in the Cisco MDS 9000 Series provide port security features that reject intrusion attempts from unauthorized devices and report these intrusions to the administrator. Port Security protects Fibre Channel ports at the interface level that are connected to other switches and end-devices. Fabric binding protects the fabric by blocking unauthorized switches from joining the fabric.Upon completing this lesson, the student will be able to do the following:

• Explain how to configure port security on the Cisco MDS 9000 Series Switches
• Explain the process of distributing and merging port security configurations when using Cisco Fabric Services
• Explain the fabric binding feature to support Cisco Fibre Connection (FICON) and Fibre Channel virtual storage networks (VSANs)

Lesson 4:

Configuring FC-SP Fibre Channel Security Protocol (FC-SP) capabilities provide switch-switch and host-switch authentication to overcome security challenges for enterprise-wide fabrics. Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) is an FC-SP protocol that provides authentication between Cisco MDS 9000 Family switches and other devices. DH-CHAP consists of the CHAP protocol that is combined with the Diffie-Hellman exchange. This lesson explains how DH-CHAP can be used to authenticate access to the Cisco MDS 9000 switch and how Certification Authorities (CAs) can provide digital certificates.Upon completing this lesson, the student will be able to meet these objectives:

• Explain how switch-to-switch and host-to-switch authentication is implemented on the Cisco MDS 9000 Series switch
• Explain the purpose of CAs and digital certificates and how to configure them on the Cisco MDS 9000 Series switches

Lesson 5:

Implementing Link Encryption Data integrity and confidentiality is a top priority for customers. Storage networks may span large areas or multiple sites, and relying solely on physical security is not practical. Two requirements that are essential for secure communications are authentication and encryption.IP Security (IPsec) Protocol is a framework of open standards that were developed by the Internet Engineering Task Force (IETF). The protocol provides data confidentiality, data integrity, and data authentication between participating peers. IPsec provides security services at the IP layer, including protecting one or more data flows for iSCSI hosts, or between a pair of Fiber Channel over IP (FCIP) gateways over an IP WAN.Fibre Channel link encryption is supported by the Cisco TrustSec feature, on high performance and advanced 8-Gb/s line card modules. It encrypts the data flow between Cisco MDS switches connected over an Inter-Switch Link (ISL) or dense wavelength division multiplexing (DWDM) or Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) WAN between two data centers. Upon completing this lesson, the student will be able to describe and configure the Cisco TrustSec feature. Upon completing this lesson, the student will be able to meet the following objectives:

• Describe IPsec and how to configure IPsec on the Cisco MDS 9000 Series Switches
• Describe the Cisco LinkSec Encryption feature and its configuration

Lesson 6:

Implementing Cisco Storage Media Encryption Cisco MDS 9000 Storage Media Encryption (SME) encrypts data at rest on heterogeneous tape devices, virtual tape libraries, and disk arrays. This innovative Cisco solution is completely integrated with Cisco MDS 9000 Switches and Cisco DCNM-SAN Server. It can be used to deploy and manage highly available encryption services, without rewiring or reconfiguring SANs or installing additional ones.Upon completing this lesson, the student will be able to meet these objectives:

• Explain the Cisco SME solution
• Discuss Cisco SME installation requirements
• Describe Cisco SME interface configuration
• Describe Cisco SME cluster management
• Describe Cisco SME tape configuration
• Describe Cisco SME key management
• Discuss Cisco SME best practices
• Describe the offline data recovery in Cisco SME

Module 7: FCIP Implementation

Lesson 1:

Creating an FCIP Tunnel This lesson explains how to create an FCIP tunnel between two Cisco MDS 9000 Series Switches with Gigabit Ethernet ports that have support for the FCIP protocol. FCIP is a protocol that allows Fibre Channel frames to be encapsulated and carried over TCP/IP and therefore extends the distance limitations of the Fibre Channel protocol.Upon completing this lesson, the student will be able to create an FCIP tunnel on the Cisco MDS 9000 Series Switch. The student will be able to meet these objectives:

• Describe the process of configuring FCIP
• Describe the process of configuring Gigabit Ethernet interfaces and static IP routes
• Describe the process of enabling FCIP and configuring the FCIP profiles and interfaces that define the FCIP tunnel
• Explain how to use the Cisco DCNM-SAN FCIP wizard
• Explain VLAN subinterface configuration requirement

Lesson 2:

Configuring FCIP High Availability A single FCIP tunnel is potentially a single point of failure and will cause disruption in the SAN fabric if the tunnel fails. It is good practice to combine two or more FCIP interfaces together in a PortChannel between MDS switches. This lesson is designed to show you how to use Fibre Channel PortChannels to provide high availability for FCIP environments. Upon completing this lesson, the student will be able to configure PortChannels with FCIP tunnels. The student will be able to meet these objectives:

• Describe guidelines for using PortChannels with FCIP links
• Describe the steps to configure PortChannels with FCIP tunnels
• Describe how to use the CLI or Cisco DCNM-SAN to verify that the PortChannels are operational

Lesson 3:

Implementing IVR for SAN Extension When two MDS switches are joined by an ISL or FCIP tunnel, then both switches merge into a single fabric. If the link should fail, then both switches will segment into two separate fabrics causing significant disruption to the connected devices. This lesson explains how to implement Inter-VSAN Routing (IVR) in order to extend the SAN capabilities to multiple VSANs and minimize disruption due to link failure.Upon completing this lesson, the student will be able to configure IVR on the MDS 9000 Series Switches. The student will be able to meet these objectives:

• Describe the purpose and use of IVR
• Describe the use of IVR zones and IVR zone sets
• Describe the process of configuring IVR
• Describe the IVR verification commands and tools
• Describe recommended practices for using and configuring IVR

Lesson 4:

Tuning FCIP Performance The Fibre Channel over IP (FCIP) profile contains a number of configurable parameters that affect the behavior of traffic flow through an FCIP tunnel over an IP WAN. In this lesson, the student will learn to identify the parameters that must be tuned to optimize performance across the Cisco FCIP tunnel.Upon completing this lesson, the student will be able to tune FCIP performance. The student will be able to meet these objectives:

• Identify the parameters of an FCIP configuration that are tuned to improve performance
• Describe how to configure TCP timeout and retransmit and Selective Acknowledgment (SACK) parameters
• Describe how to configure the IP MTU size and PMTU discovery
• Explain the flow control process on an FCIP link
• Explain how TCP packet shaping improves the performance of storage traffic on an IP network
• Describe the process of configuring FCIP compression
• Explain how FCIP write acceleration and FCIP tape acceleration improve performance of storage traffic over the WAN
• Explain the deployment and configuration requirements for using Cisco IOA.
• Explain how to configure IP QoS parameters to prioritize FCIP control and data traffic
• Describe how to use SAN Extension Turner to generate test workloads and measure performance

 

Lab Outline

• Lab 2-1: Initial Setup
• Lab 2-2: Upgrading Switch Software
• Lab 3-1: Configuring Interfaces
• Lab 3-2: Creating VSANs
• Lab 3-3: Configuring Cisco NPV and NPIV
• Lab 3-4: Configuring PortChannels
• Lab 3-5: Distributing DDAS with Cisco Fabric Services
• Lab 3-6: Configuring Zones
• Lab 4-1: Configuring Cisco DMM
• Lab 4-2: Using SPAN and the PAA-2
• Lab 6-1: Configuring AAA Services
• Lab 6-2: Implementing Port and Fabric Security
• Lab 6-3: Configuring Cisco Storage Media Encryption
• Lab 7-1: Implementing an FCIP Tunnel
• Lab 7-2: Configuring FCIP High Availability
• Lab 7-3: Implementing IVR for SAN Extension
• Lab 7-4: Tuning FCIP Performance