Planning for Cisco switches and fabrics
IBM® Storage Insights uses NX-API to manage Cisco switches and fabrics.
Supported switches and fabrics
You must have NX-OS Release 8.4(x) or 8.5(1), or 9.2(1a)
and must enable NX-API on your MDS Cisco switches before you can add them for
monitoring in IBM Storage
Insights.
- The following Cisco switches are not supported for monitoring at this time:
- Nexus family switches
- Switches with the following SAN Extension module installed: DS-X9334-K9. To view the installed
modules, use the
show mod
command on the switch CLI.
- You can't monitor the IP storage modules (ethernet ports) or the Fibre Channel over IP (FCIP) tunnels on Cisco switches.
For a complete list of the switches that are supported, see https://www.ibm.com/support/pages/node/6465529.
Connection credentials for monitoring Cisco switches and fabrics
- Performance metadata
- Asset, configuration, and status metadata
Entering configuration mode
To run commands that change switch configuration settings, you must enter configuration mode on the switch. Use the terminal as the source of commands. To enter configuration mode, run the following command:
switch_name# configure terminal
After you run this command, the prompt will include "(config)" to indicate that you are in configuration mode:
switch_name(config)#
Configuring message severity levels for event processing
For IBM Storage Insights to process events from Cisco switches, you must configure the log message severity levels of the syslog messages for the switches.
- Use the Device Manager, which is one of the Cisco Fabric Manager applications.
- Use the CLI for a switch.
- Using the Device Manager
-
To configure the message severity levels of a switch by using the Device Manager, complete the following steps:
- In Device Manager, click .
- In the Switch Logging tab, select the following options:
- TerminalEnable
- LineCardEnable
- Select the following message severity levels:
Table 1. Message Severity Level TerminalMsgSeverity notice(6) LinecardMsgSeverity info(7) LogFileMsgSeverity info(7) - Click Apply.
- Using the CLI
-
To configure the message severity levels of a switch by using the CLI, complete the following steps:
- Access the CLI of the switch through SSH.
- Run the following command:
The output of the command includes the following information:switch_name# show logging
WhereLogging logfile: enabled logfile-name: Severity - debugging Size - ######
logfile-name
represents the name of the log file. - Run the following commands:
Whereswitch# configure terminal switch(config)# logging monitor 6 switch(config)# logging module 7 switch(config)# logging logfile logfile-name 7 switch(config)# exit switch# copy run start
logfile-name
is the name of the log file from step 2.
Enabling NX-API and HTTPS
- To verify that the switch uses NX-OS Release 8.4(1) or later, run the following
command:
switch_name# show version
Important: If the NX-OS Release is less than 8.4(1), you must upgrade the NX-OS to Release 8.4(1) or later to add the switch. - To verify that NX-API is enabled, run the following command:
switch_name# show feature | grep nxapi
If NX-API is enabled, the following text is displayed:
nxapi 1 enabled- If NX-API is disabled, run the following command to enable
it:
switch_name# configure terminal
switch_name(config)# feature nxapi
- To view the details of the NX-API configuration, including NX-API status, ports, and the HTTPS
certificate, run the following command:
switch_name# show nxapi
The output includes the following key information:- NX-API: Enabled
- You can also confirm the same by running the command in step 2.
- HTTP Port: Disabled
- HTTP is disabled by default. If you must enable HTTP due to internal requirements, run the
following command:
switch_name(config)# nxapi http port 8080
To disable the HTTP again, run the following command:
switch_name(config)# no nxapi http
- HTTPS Port: 8443
- When you enable NX-API, HTTPS is enabled automatically with a self-signed certificate that
expires after one day. By default, HTTPS is configured to use port 8443.
If port 8443 is not configured on the switch, run the following command:
switch_name(config)# nxapi https port 8443
To use a port other than 8443, substitute a different port number in the command.
Remember: If the Cisco chassis is configured to run NX-API with HTTPS on port 443, it creates a conflict with the web server that runs on the same port. So, do not use the port 443. Use another unused port number. - SSH Certificate Information:
- SSH certificate includes an expiration date and the certificate content.
Security
From Cisco NX-OS Release 8.4(x), when NX-API is enabled over HTTPS, a self signed certificate is created that expires after 24 hours. If you use expired certificate, the browser displays a warning about security vulnerabilities. It is recommended to use a valid certificate from a certificate authority to minimize the security threats. For more information on how to get the valid certificate and import on the switch, see the Configuring Certificate Authorities and Digital Certificates section in the Cisco MDS 9000 Series Security Configuration Guide, Release 8.x.
Saving NX-API configuration changes
After you make changes to the running NX-API configuration, you must save the configuration of the switch to the startup configuration so that the changes persist after the switch is rebooted. You can save the configuration from outside the configure terminal.
Run the following command to save the current configuration to be used when the switch is restarted:
switch_name# copy running-config startup-config
Other useful NX-API commands
Other NX-API commands that might be useful are listed in the following table.
Command Description | Commands |
---|---|
Show whether HTTPS is enabled. |
|
Configure the switch to use a port other than 8443 with HTTPS.
Restriction: Don't use port 443 because this port is already used by the web UI of the switch. |
|
Create a user with network-operator role. |
|
Disable HTTP access. |
|