Description Downloads firmware from a remote host to the switch, installs the firmware, then resets the switch to activate the firmware. This is disruptive. The command prompts you for the following:
• The file transfer protocol (FTP or TFTP)
• IP address or DNS host name of the remote host
• An account name and password on the remote host (FTP only)
• Pathname for the firmware image file Authority Admin session
Syntax firmware install
Examples The following is an example of the firmware install command using FTP:
SN6000 FC Switch #> admin start
SN6000 FC Switch (admin) #> firmware install
The switch will be reset. This process will cause a disruption to I/O traffic.
Continuing with this action will terminate all management sessions, including any Telnet sessions. When the firmware activation is complete, you may log in to the switch again.
Do you want to continue? [y/n]: y
Press 'q' and the ENTER key to abort this command. FTP or TFTP : ftp
User Account : johndoe IP Address : 10.0.0.254 Source Filename : 8.0.00.xx_epc
About to install image. Do you want to continue? [y/n] y Connected to 10.0.0.254 (10.0.0.254).
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. 331 Password required for johndoe.
Password: xxxxxxxxx
230 User johndoe logged in. bin
200 Type set to I. verbose
Verbose mode off.
This may take several seconds... The switch will now reset. Connection closed by foreign host.
The following is an example of the firmware install command using TFTP:
SN6000 FC Switch #> admin start
SN6000 FC Switch (admin) #> firmware install
The switch will be reset. This process will cause a disruption to I/O traffic.
Continuing with this action will terminate all management sessions, including any Telnet sessions. When the firmware activation is complete, you may log in to the switch again.
Do you want to continue? [y/n]: y
Press 'q' and the ENTER key to abort this command. FTP or TFTP : tftp
IP Address : 10.0.0.254 Source Filename : 8.0.xx.xx_epc
About to install image. Do you want to continue? [y/n] y Connected to 10.0.0.254 (10.0.0.254).
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. bin
200 Type set to I. verbose
Verbose mode off.
This may take several seconds... The switch will now reset. Connection closed by foreign host.
group
Description Creates groups, manages membership within the group, and manages the membership of groups in security sets.
Authority Admin session and a Security Edit session. For information about starting a Security Edit session, see the security command. The list, members, securitysets, and type operands are available without an Admin session.
Syntax group
add [group]
copy [group_source] [group_destination] create [group] [type]
delete [group]
edit [group] [member] list
members [group]
remove [group] [member_list] rename [group_old] [group_new] securitysets [group]
type [group]
Operands add [group]
Initiates an editing session in which to specify a group member and its attributes for the existing group given by [group]. ISL, Port, and MS member attributes are described in Table 8, Table 9, and Table 10 respectively. The group name and group type attributes are read-only fields common to all three tables.
Table 8 ISL group member attributes Attribute Description
Member Worldwide name of the switch that would attach to the switch. A member cannot belong to more than one group.
Authentication Enables (Chap) or disables (None) authentication using the Challenge Handshake Authentication Protocol (CHAP). The default is None.
PrimaryHash The preferred hash function to use to decipher the encrypted primary secret sent by the ISL member. The hash functions are MD5 or SHA-1. If the ISL member does not support the primary hash, the switch will use the secondary hash.
PrimarySecret Hexadecimal string that is encrypted by the primary hash for
authentication with the ISL group member. The string has the following lengths depending on the primary hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte
SecondaryHash Hash function to use to decipher the encrypted secondary secret sent by the ISL group member. Hash values are MD5 or SHA-1. The secondary hash is used when the primary hash is not available on the ISL group member. The primary hash and the secondary hash cannot be the same.
SecondarySecret Hex string that is encrypted by the secondary hash and sent for authentication. The string has the following lengths, depending on the secondary hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte
Binding Domain ID of the switch to which to bind the ISL group member WWN. This option is available only if FabricBindingEnabled is set to True using the set config security command. 0 (zero) specifies no binding.
Table 8 ISL group member attributes (continued) Attribute Description
Table 9 Port group member attributes Attribute Description
Member WWPN for the N_Port device that would attach to the switch. A member cannot belong to more than one group. All loop device WWPNs must be included in the group, otherwise the switch port will be downed, and none of the devices will be able to log in.
Authentication Enables (Chap) or disables (None) authentication using the Challenge Handshake Authentication Protocol. The default is None.
PrimaryHash The preferred hash function to use to decipher the encrypted primary secret sent by the Port group member. The hash functions are MD5 or SHA-1. If the Port group member does not support the primary hash, the switch will use the secondary hash.
PrimarySecret Hexadecimal string that is encrypted by the primary hash for authentication with the Port group member. The string has the following lengths depending on the primary hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte
SecondaryHash Hash function to use to decipher the encrypted secondary secret sent by the Port group member. Hash values are MD5 or SHA-1. The secondary hash is used when the primary hash is not available on the Port group member. The primary hash and the secondary hash cannot be the same.
SecondarySecret Hex string that is encrypted by the secondary hash and sent for authentication. The string has the following lengths depending on the secondary hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte
Table 10 MS group member attributes Attribute Description
Member Port worldwide name for the N_Port device that would attach to the switch.
CTAuthentication Common Transport (CT) authentication. Enables (True) or disables (False) authentication for MS group members. The default is False.
Hash The hash function to use to decipher the encrypted secret sent by the MS group member. Hash values are MD5 or SHA-1.
Secret Hexadecimal string that is encrypted by the hash function for authentication with MS group members. The string has the following lengths depending on the hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte
Table 10 MS group member attributes (continued) Attribute Description
copy [group_source] [group_destination]
Creates a new group named [group_destination] and copies the membership into the new group from the group given by [group_source].
create [group] [type]
Creates a group with the name given by [group] with the type given by [type]. A group name must begin with a letter and be no longer than 64 characters. Valid characters are alphanumeric, _, $, ^, and -. The security database supports a maximum of 16 groups. If you omit [type], ISL is used. Table 11 describes the group type parameters.
Table 11 Group type parameters Parameter Description
isl Configures security for attachments to other switches. port Configures security for attachments to N_Port devices.
ms Configures security for attachments to N_Port devices that are issuing management server commands.
delete [group]
Deletes the group given by [group].
edit [group] [member]
Initiates an editing session in which to change the attributes of a worldwide name given by [member] in a group given by [group]. Member attributes that can be changed are described in
Table 12.
Table 12 Group member attributes
Attribute Description
Authentication (ISL and Port Groups)
Enables (Chap) or disables (None) authentication using the Challenge Handshake Authentication Protocol.
CTAuthentication (MS Groups)
CT authentication. Enables (True) or disables (False) authentication for MS group members. The default is False. PrimaryHash
(ISL and Port Groups)
The preferred hash function to use to decipher the encrypted primary secret sent by the member. The hash functions are MD5 or SHA-1. If the member does not support the primary hash, the switch will use the secondary hash.
PrimarySecret (ISL and Port Groups)
Hexadecimal string that is encrypted by the primary hash for authentication with the member. The string has the following lengths depending on the primary hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte SecondaryHash
(ISL and Port Groups)
Hash function to use to decipher the encrypted secondary secret sent by the group member. Hash values are MD5 or SHA-1. The
secondary hash is used when the primary hash is not available on the group member. The primary hash and the secondary hash cannot be the same.
SecondarySecret (ISL and Port Groups)
Hex string that is encrypted by the secondary hash and sent for authentication. The string has the following lengths, depending on the secondary hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte Secret
(MS Groups)
Hexadecimal string that is encrypted by the hash function for authentication with MS group members. The string has the following lengths depending on the hash function:
• MD5 hash: 16-byte
• SHA-1 hash: 20-byte Binding
(ISL Groups)
Domain ID of the switch to which to bind the ISL group member worldwide name. This option is available only if
FabricBindingEnabledis set to True using the
set config security command. 0 (zero) specifies no binding.
Table 12 Group member attributes (continued)
Attribute Description
Operands list
Displays a list of all groups and the security sets of which they are members. This operand is available without an Admin session.
members [group]
Displays all members of the group given by [group]. This operand is available without an Admin session.
remove [group] [member_list]
Remove the port/device worldwide name given by [member] from the group given by [group]. Use a <space> to delimit multiple member names in [member_list]
rename [group_old] [group_new]
Renames the group given by [group_old] to the group given by [group_new].
securitysets [group]
Displays the list of security sets of which the group given by [group] is a member. This operand is available without an Admin session.
type [group]
Displays the group type for the group given by [group]. This operand is available without an Admin session.
Notes Primary and secondary secrets are not included in a switch configuration backup. Therefore, after restoring a switch configuration, you must re-enter the primary and secondary secrets. Otherwise, the switch will isolate because of an authentication failure.
Examples The following is an example of the group add command:
SN6000 FC Switch #> admin start
SN6000 FC Switch (admin) #> security edit
SN6000 FC Switch (admin-security) #> group add Group_1
A list of attributes with formatting and default values will follow
Enter a new value or simply press the ENTER key to accept the current value with exception of the Group Member WWN field which is mandatory.
If you wish to terminate this process before reaching the end of the list press 'q' or 'Q' and the ENTER key to do so.
Group Name Group_1 Group Type ISL
Member (WWN) [00:00:00:00:00:00:00:00] 10:00:00:c0:dd:00:90:a3 Authentication (None / Chap) [None ] chap
PrimaryHash (MD5 / SHA-1) [MD5 ]
PrimarySecret (32 hex or 16 ASCII char value) [ ] 0123456789abcdef SecondaryHash (MD5 / SHA-1 / None) [ ]
SecondarySecret (40 hex or 20 ASCII char value) [ ] Binding (domain ID 1-239, 0=None) [0 ] Finished configuring attributes.
To discard this configuration use the security cancel command.
The following is an example of the group edit command:
SN6000 FC Switch #> admin start
SN6000 FC Switch (admin) #> security edit
SN6000 FC Switch (admin-security) #> group edit G1 10:00:00:c0:dd:00:90:a3 A list of attributes with formatting and current values will follow. Enter a new value or simply press the ENTER key to accept the current value.
If you wish to terminate this process before reaching the end of the list press 'q' or 'Q' and the ENTER key to do so.
Group Name g1 Group Type ISL
Group Member 10:00:00:c0:dd:00:90:a3
Authentication (None / Chap) [None] chap PrimaryHash (MD5 / SHA-1) [MD5 ] sha-1
PrimarySecret (40 hex or 20 ASCII char value) [ ]12345678901234567890 SecondaryHash (MD5 / SHA-1 / None) [None] md5
SecondarySecret (32 hex or 16 ASCII char value) [ ] 1234567890123456 Binding (domain ID 1-239, 0=None) [3 ]
Finished configuring attributes.
To discard this configuration use the security cancel command.
The following is an example of the group list command:
SN6000 FC Switch #> group list Group SecuritySet --- --- group1 (ISL) alpha group2 (Port) alpha
The following is an example of the group members command:
SN6000 FC Switch #> group members group_1 Current list of members for Group: group_1 ---
10:00:00:c0:dd:00:71:ed 10:00:00:c0:dd:00:72:45 10:00:00:c0:dd:00:90:ef 10:00:00:c0:dd:00:b8:b7