Field Guide · SAN Operations
Cisco MDS NX-OS Command Reference for Production SAN Operators
This guide consolidates the Cisco NX-OS commands storage and SAN engineers actually use to validate health, troubleshoot fabric issues, inspect zoning, verify optics, and accelerate incident response. Every command includes what it shows, when to run it, and a representative output captured from production directors.
config terminal required. Every output shown is representative of a production MDS 9710 director running NX-OS 9.4(1a) — exact field labels and counter names may differ slightly across releases.
When a host cannot see its storage, walk the chain in this order: interface up → FLOGI present → FCNS registered → zone active. The overwhelming majority of "missing LUN" escalations we take resolve at one of those four checkpoints — in that order — before anyone needs to touch the array.
QSMost-used Cisco NX-OS commands
If you only bookmark one table, make it this one. These are the commands MDS operators run constantly — each links to its full entry with output and interpretation below.
| Command | What it answers | Typical cadence |
|---|---|---|
show interface brief | Are the ports up, in the right VSAN, at the right speed? | Constantly |
show flogi database | Which HBAs and array ports are logged into this switch? | Every login issue |
show fcns database | What is registered in the fabric, per VSAN? | Every visibility issue |
show zoneset active | What zoning is the fabric actually enforcing? | Every change window |
show zone status vsan <n> | Zoning mode, default policy, distribution state | Every change window |
show environment | Fans, power, temperature in one pass | Daily / on alarm |
show system resources | CPU and memory right now | Daily / on slowness |
show processes cpu | Which process is consuming the CPU? | Incidents |
show inventory | PIDs and serials for every FRU — TAC asks verbatim | Audits / RMAs |
show interface transceiver details | Live optic diagnostics: temperature, voltage, RX/TX power | Optic checks |
show logging logfile | What has the switch been complaining about? | First command in any incident |
show tech-support details | The full TAC evidence package | Escalations |
IXCommands by outcome
Start from what you need, not from what the command is called.
- Need to verify zoning →
show zoneset active,show zone status vsan,show zone member pwwn - Need to validate optics →
show interface transceiver details,show interface fcX/Y transceiver details - Need to identify WWNs →
show flogi database,show fcns database detail,show device-alias database - Need to collect TAC evidence →
show tech-support details,show inventory,show logging logfile - Need to confirm switch health →
show environment,show system health,show system resources - Need to see who or what is in the fabric →
show fcns database,show vsan membership,show users
01System health
Is the switch itself healthy right now? Environmental telemetry, online diagnostics, supervisor redundancy, and time sync — the layer to clear before blaming the fabric.
Healthy: all sensors Ok, diagnostics pass, redundancy Active/Standby, NTP synced.
Warning: single fan or temperature sensor trending high; clock skew between fabrics.
Critical: power redundancy lost, failed module diagnostics, supervisor not in standby.
Next: on any Critical, capture show logging logfile and show environment output, then check PSU/fan FRUs in show inventory before scheduling replacement.
show environment
All environmental telemetry in one pass — fans, power, temperature sensors, voltage.
switch# show environment
Power Supply:
-----------------------------------------------------
PS Model Power Power Status
(Watts) (Amp)
-----------------------------------------------------
1 DS-CAC-3000W 3000.00 250.00 Ok
2 DS-CAC-3000W 3000.00 250.00 Ok
3 DS-CAC-3000W 3000.00 250.00 Ok
4 DS-CAC-3000W --- --- Absent
Fan:
------------------------------------------------------
Fan Model Hw Direction Status
------------------------------------------------------
Fan1 DS-C9710-FAN 1.0 front-to-back Ok
Fan2 DS-C9710-FAN 1.0 front-to-back Ok
Fan3 DS-C9710-FAN 1.0 front-to-back Ok
Temperature:
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
-------------------------------------------------------------------
1 Asic-1 90 75 42 Ok
5 CPU 90 75 38 Ok
6 CPU 90 75 39 Ok
show environment power
Just the power section of show environment. Useful when a PSU alarm is paging.
switch# show environment power
Voltage: 12 Volts
PS Model Power Status
(Watts)
1 DS-CAC-3000W 3000.00 Ok
2 DS-CAC-3000W 3000.00 Ok
3 DS-CAC-3000W 3000.00 Ok
4 DS-CAC-3000W --- Absent
Mod Model Power Power Status
Requested Allocated
(Watts) (Watts)
1 DS-X9648-1536K9 640 640 Powered-up
2 DS-X9648-1536K9 640 640 Powered-up
show environment temperature
Just the temperature sensors. Useful before/after airflow changes.
switch# show environment temperature
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
1 Intake 65 55 29 Ok
1 Outlet 80 70 38 Ok
1 Asic-1 90 75 42 Ok
5 CPU 90 75 38 Ok
show environment fan
Just the fan tray section. Check after a fan-tray swap or following a thermal alarm.
switch# show environment fan
Fan Model Hw Direction Status
Fan1 DS-C9710-FAN 1.0 front-to-back Ok
Fan2 DS-C9710-FAN 1.0 front-to-back Ok
Fan3 DS-C9710-FAN 1.0 front-to-back Ok
Zone Speed: 80%
show system health
Top-level summary of online diagnostic state across modules.
switch# show system health
Current health information for module 1
Test Frequency Status Action
InternalPortLoopback 60 sec OK Notify
ASICRegisterCheck 60 sec OK Notify
PrimaryBootROM On Demand OK Notify
SecondaryBootROM On Demand OK Notify
show system health module 1
Same view, scoped to a single slot.
switch# show system health module 1
Current health information for module 1
Test Frequency Status Action
InternalPortLoopback 60 sec OK Notify
ASICRegisterCheck 60 sec OK Notify
show system health statistics
Cumulative pass/fail counters since the last reload.
switch# show system health statistics
Test statistics for module 1
Test Run-Count Pass-Count Fail-Count
InternalPortLoopback 209400 209400 0
ASICRegisterCheck 209400 209400 0
PrimaryBootROM 4 4 0
show system health statistics module 1
Per-slot view of the above.
switch# show system health statistics module 1
Test statistics for module 1
Test Run-Count Pass-Count Fail-Count
InternalPortLoopback 209400 209400 0
ASICRegisterCheck 209400 209400 0
show system health statistics loopback
Loopback test counters across all monitored interfaces. A growing fail-count points to a bad transceiver or an ASIC path issue.
switch# show system health statistics loopback
Interface Run-Count Pass-Count Fail-Count
fc1/1 209400 209400 0
fc1/2 209400 209400 0
fc1/3 209400 209400 0
fc1/4 209400 209398 2
show system health statistics loopback module 1
Scoped to module 1.
switch# show system health statistics loopback module 1
Interface Run-Count Pass-Count Fail-Count
fc1/1 209400 209400 0
fc1/2 209400 209400 0
fc1/4 209400 209398 2
show system health statistics loopback interface fc1/1
Single-interface view — useful when chasing a specific port flap.
switch# show system health statistics loopback interface fc1/1
Interface Run-Count Pass-Count Fail-Count
fc1/1 209400 209400 0
show system redundancy status
Status of supervisor redundancy in dual-sup chassis (MDS 9710, 9706). Confirms HA standby is Active and image versions match before any maintenance window.
switch# show system redundancy status
Redundancy mode
---------------
administrative: HA
operational: HA
This supervisor (sup-1)
-----------------------
Redundancy state: Active
Supervisor state: Active
Other supervisor (sup-2)
------------------------
Redundancy state: Standby
Supervisor state: HA standby
show system reset-reason module 5
Why a given module (here slot 5) last reset. The kind of question you’d otherwise reverse-engineer from console logs and uptime.
switch# show system reset-reason module 5
--- reset reason for module 5 ---
1) At 224057 usecs after Mon May 13 03:14:08 2024
Reason: Reset triggered due to HA policy of Reset
Service: Module not responding to keepalives
Version: 9.4(1a)
show clock
Current system time, timezone, and clock source (NTP synced or local). Critical when correlating logs across fabrics.
switch# show clock
22:18:47.336 UTC Mon May 18 2026
show clock detail
Adds timezone offset, daylight-saving status, and skew details. Use when you suspect NTP drift between switches.
switch# show clock detail
22:18:51.118 UTC Mon May 18 2026
Time source is NTP
Summer time is not in effect.
show system uptime
Time since last reboot — short, scriptable form.
switch# show system uptime
System start time: Tue Dec 24 14:56:43 2025
System uptime: 145 days, 7 hours, 22 minutes, 4 seconds
Kernel uptime: 145 days, 7 hours, 22 minutes, 4 seconds
Active supervisor uptime: 145 days, 7 hours, 22 minutes, 4 seconds
02Interface validation
Port state, configuration, descriptions, and optic health. Link-layer truth — but remember: a port can be up with a dying transmitter behind it.
Healthy: expected ports up, correct VSAN and speed, optic RX/TX power well inside vendor thresholds.
Warning: RX or TX power drifting toward threshold; CRC or discard counters creeping between reads.
Critical: port up but optic over-temperature or power below threshold; repeated link flaps.
Next: failing optics get replaced at the next window — capture show interface fcX/Y transceiver details before and after; flapping ports get show flogi internal event-history.
show interface brief
One row per interface — status, VSAN, mode, speed. Best for rapid fabric scan.
switch# show interface brief
Interface Vsan Admin Admin Status SFP Oper Oper Port-channel
Mode Trunk Type Mode Speed
fc1/1 100 auto on up swl F 32 --
fc1/2 100 auto on up swl F 32 --
fc1/3 100 auto on up swl F 32 --
fc1/4 1 auto on down -- -- -- --
show interface
All interfaces, all detail — counters, status, speed, mode, VSAN. The most verbose interface view available.
switch# show interface
fc1/1 is up
Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN)
Port WWN is 20:01:54:7f:ee:1a:bc:80
Admin port mode is auto, trunk mode is on
Port mode is F, FCID is 0x0b0100
Port vsan is 100
Speed is 32 Gbps
Transmit B2B Credit is 64
Receive B2B Credit is 64
1234567 frames input, 985432109 bytes
0 discards, 0 errors
2345678 frames output, 1843102100 bytes
0 discards, 0 errors
show interface description
Interface descriptions — what each port is wired to, per the operator’s documentation.
switch# show interface description
Interface Description
fc1/1 ESX01-vmhba2
fc1/2 ESX02-vmhba2
fc1/3 ESX03-vmhba2
mgmt0 OOB-mgmt-vlan104
show interface fc1/1
Detail for a single FC port — same depth as show interface, scoped to one port.
switch# show interface fc1/1
fc1/1 is up
Port WWN is 20:01:54:7f:ee:1a:bc:80
Port mode is F, FCID is 0x0b0100
Port vsan is 100
Speed is 32 Gbps
1234567 frames input, 985432109 bytes
0 discards, 0 errors
show interface fc1/1 description
Just the description line for the port.
switch# show interface fc1/1 description
Interface Description
fc1/1 ESX01-vmhba2
show interface fc1/1 | include Speed
Pipe-filter trick to extract just the speed line. The | include <pattern> filter works on any show output and is the most common way to scrape a single field.
switch# show interface fc1/1 | include Speed
Speed is 32 Gbps
show interface fc1/1 | include vsan
Same pattern — pull just the VSAN line. Useful in scripts that walk many ports.
switch# show interface fc1/1 | include vsan
Port vsan is 100
show interface fc1/1-5 brief
Brief view restricted to a port range. Works with -, comma, or list syntax (e.g. fc1/1-5,fc1/8).
switch# show interface fc1/1-5 brief
Interface Vsan Admin Status Oper Oper
Mode Mode Speed
fc1/1 100 auto up F 32
fc1/2 100 auto up F 32
fc1/3 100 auto up F 32
fc1/4 1 auto down -- --
fc1/5 100 auto up F 16
show interface transceiver
SFP/SFP+ inventory across all ports — wavelength, vendor, part number, serial. Hardware audit gold.
switch# show interface transceiver
fc1/1 sfp is present
Name is CISCO-FINISAR
Manufacturer's part number is FTLF8529P3BCV-C2
Serial number is FN21XX0123ABC
Nominal bitrate is 28100 MBit/sec
Cisco product id is DS-SFP-FC32G-SW
Cisco vendor id is V01
show interface transceiver details
Same as above, plus live diagnostics — temperature, voltage, RX/TX power. Use to find an over-temperature optic or a fading transmitter.
switch# show interface transceiver details
fc1/1 sfp is present
Cisco product id is DS-SFP-FC32G-SW
Serial number is FN21XX0123ABC
SFP Detail Diagnostics Information
Current Alarms Warnings
Measurement High Low High Low
Temperature 48.21 C 80 -10 75 -5
Voltage 3.34 V 3.7 2.9 3.6 3.0
Current 6.84 mA 12 1 10 2
Tx Power -2.43 dBm 1.7 -8.2 -1.3 -7.2
Rx Power -2.78 dBm 3.0 -13.9 0.0 -12.9
show interface fc1/1 transceiver
Just the transceiver inventory line for a single port.
switch# show interface fc1/1 transceiver
fc1/1 sfp is present
Name is CISCO-FINISAR
Cisco product id is DS-SFP-FC32G-SW
Serial number is FN21XX0123ABC
Nominal bitrate is 28100 MBit/sec
show interface fc1/1 transceiver details
Live diagnostics for a single port — the four diag values you’d capture for a TAC SR about a flaky port.
switch# show interface fc1/1 transceiver details
fc1/1 sfp is present
Serial number is FN21XX0123ABC
Temperature 48.21 C
Voltage 3.34 V
Current 6.84 mA
Tx Power -2.43 dBm
Rx Power -2.78 dBm
show interface mgmt
Management Ethernet port (mgmt0) configuration and counters.
switch# show interface mgmt
mgmt0 is up
Internet Address is 10.12.4.20/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
full-duplex, 1000 Mb/s
1840452312 packets input, 244091245612 bytes
0 input errors, 0 drops, 0 overrun
1442118203 packets output, 198443110987 bytes
0 output errors, 0 collisions
show hardware internal mgmt0 stats
Low-level stats from the management Ethernet interface. Useful when you suspect packet loss into the switch from a management plane perspective.
switch# show hardware internal mgmt0 stats
mgmt0 statistics:
rx_packets : 1840452312
rx_bytes : 244091245612
rx_errors : 0
rx_drops : 17
tx_packets : 1442118203
tx_bytes : 198443110987
tx_errors : 0
tx_drops : 0
show interface port-channel 1
Port-channel summary — member ports, aggregate status, mode, VSAN.
switch# show interface port-channel 1
port-channel1 is trunking
Port WWN is 24:01:54:7f:ee:1a:bc:80
Admin port mode is E, trunk mode is on
Port mode is TE
Speed is 64 Gbps
Trunk vsans (admin allowed and active) (1,100-102)
Trunk vsans (up) (1,100-102)
Member[1] : fc1/9
Member[2] : fc1/10
show interface port-channel 1 brief
One-line summary.
switch# show interface port-channel 1 brief
Interface Vsan Admin Admin Status Oper Oper
Mode Trunk Mode Speed
port-channel 1 1 E on trunking TE 64
show interface port-channel 1 trunk vsan
VSAN trunk state across the port-channel.
switch# show interface port-channel 1 trunk vsan
port-channel1 is trunking
Vsan 1 is up
Vsan 100 is up
Vsan 101 is up
Vsan 102 is up
show interface port-channel 1 trunk vsan 100
Trunk state for one specific VSAN — useful when ISL is up but VSAN 100 traffic is failing.
switch# show interface port-channel 1 trunk vsan 100
port-channel1 is trunking
Vsan 100 is up
Last error: --
03SAN fabric visibility
Who and what is in the fabric: the name server, VSAN topology, and fabric-binding membership. The fabric-wide view that single-switch commands cannot give you.
Healthy: every expected device registered in FCNS, VSANs active, zero fabric-binding violations.
Warning: FCNS reject counters climbing; devices registered in unexpected VSANs.
Critical: expected device absent from FCNS while FLOGI shows it logged in; fabric-binding violations incrementing.
Next: absent-from-FCNS goes to the host-cannot-see-storage runbook; binding violations mean an unauthorised ISL attempt or a stale entry — treat as security until proven otherwise.
show fcns database
All registered devices in the fabric, all VSANs.
switch# show fcns database
VSAN 100:
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
0x0b0100 N 21:00:00:00:00:00:00:11 (Emulex) scsi-fcp:init
0x0b0200 N 21:00:00:00:00:00:00:12 (Emulex) scsi-fcp:init
0x0b0500 N 50:01:43:80:24:11:11:11 (Pure Storage) scsi-fcp:target
Total number of entries = 3
show fcns database detail
Verbose form — fabric port name, hard address, symbolic name, OS type, etc.
switch# show fcns database detail
VSAN:100 FCID:0x0b0100
port-wwn (vendor) :21:00:00:00:00:00:00:11 (Emulex)
node-wwn :20:00:00:00:00:00:00:11
class :2,3
fc4-types:fc4_features :scsi-fcp:init
symbolic-port-name :Emulex LightPulse LPe35002-M2 FC Adapter
symbolic-node-name :ESX01.example.local
port-type :N
fabric-port-wwn :20:01:54:7f:ee:1a:bc:80
connected interface :fc1/1
switch name :fab-a-mds9710-01
show fcns database vsan 1
Devices registered in a specific VSAN.
switch# show fcns database vsan 1
VSAN 1:
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
0x010000 N 20:00:54:7f:ee:1a:bc:80 (Cisco) ipfc
Total number of entries = 1
show fcns database detail vsan 1
Verbose-per-VSAN view.
switch# show fcns database detail vsan 1
VSAN:1 FCID:0x010000
port-wwn (vendor) :20:00:54:7f:ee:1a:bc:80 (Cisco)
fc4-types:fc4_features :ipfc
symbolic-port-name :fab-a-mds9710-01
port-type :F
show fcns database fcid 0x0b0100
Lookup by FCID. Often used in scripted reverse-lookup.
switch# show fcns database fcid 0x0b0100
VSAN:100 FCID:0x0b0100
port-wwn (vendor) :21:00:00:00:00:00:00:11 (Emulex)
fc4-types:fc4_features :scsi-fcp:init
connected interface :fc1/1
show fcns statistics
Per-VSAN FCNS request/response counters. A high reject-count usually means a misbehaving HBA or storage controller.
switch# show fcns statistics
Statistics for VSAN: 100
number of GA_NXT requests received : 1248
number of GA_NXT rejects : 0
number of GPN_ID requests received : 8912
number of GPN_ID rejects : 4
number of RNN_ID requests received : 12
show vsan
All configured VSANs and their state.
switch# show vsan
vsan 1 information
name:VSAN0001 state:active
operational state:up
vsan 100 information
name:Prod-VSAN state:active
operational state:up
vsan 101 information
name:Dev-VSAN state:active
operational state:up
vsan 4079 (evfp_isolated_vsan)
vsan 4094 (isolated_vsan)
show vsan 100
Detail for one VSAN.
switch# show vsan 100
vsan 100 information
name:Prod-VSAN state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up
show vsan usage
Count of allocated vs available VSAN IDs.
switch# show vsan usage
4 vsans configured
configured vsans:1,100-102
vsans available for configuration:2-99,103-4078
show vsan membership
Which interfaces are members of which VSANs, fabric-wide on the local switch.
switch# show vsan membership
vsan 1 interfaces:
fc1/4 fc1/8 mgmt0
vsan 100 interfaces:
fc1/1 fc1/2 fc1/3 fc1/5 fc1/6 fc1/7
port-channel1
vsan 101 interfaces:
fc2/1 fc2/2 fc2/3 fc2/4
show vsan 100 membership
Just one VSAN’s member list.
switch# show vsan 100 membership
vsan 100 interfaces:
fc1/1 fc1/2 fc1/3
fc1/5 fc1/6 fc1/7
port-channel1
show vsan membership interface fc1/1
Reverse lookup: which VSAN is one specific interface a member of.
switch# show vsan membership interface fc1/1
fc1/1
vsan:100
allowed list:1-4093
show wwn switch
Displays the switch’s base WWN. This is the seed WWN from which interface WWNs and the fabric Principal Switch identity are derived. Required when joining a switch to an existing fabric with strict fabric-binding.
switch# show wwn switch
Switch WWN is 20:00:54:7f:ee:1a:bc:80
show fabric-binding status
Activation state for fabric-binding across all VSANs.
switch# show fabric-binding status
VSAN 100 :Activated database
VSAN 101 :Activated database
VSAN 102 :No Active database
show fabric-binding status vsan 100
State for one VSAN.
switch# show fabric-binding status vsan 100
VSAN 100 :Activated database
show fabric-binding database
The configured (editable) database of permitted peer switch WWNs.
switch# show fabric-binding database
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
101 20:64:00:05:30:00:24:81 21(0x15)
show fabric-binding database vsan 100
Configured database for one VSAN.
switch# show fabric-binding database vsan 100
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
show fabric-binding database active
The active database — what’s currently being enforced. Compare with show fabric-binding database to spot un-activated changes.
switch# show fabric-binding database active
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
101 20:64:00:05:30:00:24:81 21(0x15)
show fabric-binding database active vsan 100
Active database scoped to one VSAN.
switch# show fabric-binding database active vsan 100
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
show fabric-binding violations
Recent denial events — peer switches that attempted to join but were rejected. A non-zero count here usually means an unauthorised ISL attempt or a stale binding entry.
switch# show fabric-binding violations
Vsan Switch WWN [Domain] Last-Time [Repeat] Reason
100 20:64:00:11:22:33:44:55 [13(0x0d)] 2026 May 17 14:22:01 [4] sWWN not in DB
101 20:64:00:11:22:33:44:55 [21(0x15)] 2026 May 17 14:22:03 [1] sWWN not in DB
show fabric-binding violations vsan 100
Violations scoped to one VSAN.
switch# show fabric-binding violations vsan 100
Vsan Switch WWN [Domain] Last-Time [Repeat] Reason
100 20:64:00:11:22:33:44:55 [13(0x0d)] 2026 May 17 14:22:01 [4] sWWN not in DB
04Zoning
What is allowed to talk to what. Zoning is enforced per VSAN, and the active zoneset — not the configured one — is the law of the fabric. Device-alias entries are the naming layer under it. For the change-control side, see the MDS zoning field guide; to generate the CLI itself, use the zone command generator.
Healthy: active zoneset matches the configured zoneset, default-zone policy deny, every zone member starred (logged in).
Warning: configured differs from active — an uncommitted change is waiting to surprise someone.
Critical: default-zone permit in production, or a just-activated zoneset missing members that were present before.
Next: diff show zoneset active against your pre-change archive; an unstarred member means the device is zoned but not logged in — go to login troubleshooting.
show zone
All zones in the configured zoneset, all VSANs.
switch# show zone
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
pwwn 50:01:43:80:24:22:22:22
zone name esx02_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:12
pwwn 50:01:43:80:24:11:11:11
zone name backup_server_to_libraries vsan 101
pwwn 21:00:00:24:ff:8a:11:11
pwwn 50:0a:09:84:80:11:22:33
show zone vsan 100
Zones scoped to one VSAN.
switch# show zone vsan 100
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
pwwn 50:01:43:80:24:22:22:22
show zone active
The active zoneset across all VSANs. This is what the fabric actually enforces. The * next to an FCID means the device is currently logged in (FLOGI present, FCNS-registered).
switch# show zone active
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
* fcid 0x0b0501 [pwwn 50:01:43:80:24:22:22:22]
show zone active vsan 100
Active zoneset for one VSAN.
switch# show zone active vsan 100
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
show zone status
Per-VSAN zoning state — full vs basic mode, default-policy, propagation method, distribution state.
switch# show zone status
VSAN: 1 default-zone: deny distribute: active only Interop: default
mode: basic merge-control: allow
hard-zoning: enabled smart-zoning: disabled
VSAN: 100 default-zone: deny distribute: full Interop: default
mode: enhanced merge-control: allow
hard-zoning: enabled smart-zoning: enabled
show zone status vsan 100
Just one VSAN’s zoning state.
switch# show zone status vsan 100
VSAN: 100 default-zone: deny distribute: full Interop: default
mode: enhanced merge-control: allow
hard-zoning: enabled smart-zoning: enabled
show zone name zone123
Look up one zone by name.
switch# show zone name esx01_to_purearray
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
pwwn 50:01:43:80:24:22:22:22
show zone member pwwn 21:00:00:00:00:00:00:11
Reverse lookup — every zone that contains a given pWWN. Indispensable when adding a new LUN: “where is this initiator already zoned?”
switch# show zone member pwwn 21:00:00:00:00:00:00:11
pwwn 21:00:00:00:00:00:00:11
Zone: esx01_to_purearray VSAN: 100
Zone: esx01_to_netapp VSAN: 100
show zoneset
All configured zonesets.
switch# show zoneset
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
zone name esx02_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:12
pwwn 50:01:43:80:24:11:11:11
show zoneset active
Active zoneset across all VSANs — the operational source of truth.
switch# show zoneset active
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
show zoneset vsan 100
Configured zonesets for one VSAN.
switch# show zoneset vsan 100
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
show zoneset active vsan 100
The actively enforced zoneset for one VSAN.
switch# show zoneset active vsan 100
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
show device-alias status
State of the device-alias service: fabric mode (enhanced vs basic), commit/abort posture.
switch# show device-alias status
Fabric Distribution: Enabled
Database:- Device Aliases 27 Mode: Enhanced
Locked By:- None
Pending Database:- Device Aliases 0 Mode: Enhanced
show device-alias database
The full alias-to-pWWN database.
switch# show device-alias database
device-alias name esx01_hba1 pwwn 21:00:00:00:00:00:00:11
device-alias name esx02_hba1 pwwn 21:00:00:00:00:00:00:12
device-alias name esx03_hba1 pwwn 21:00:00:00:00:00:00:13
device-alias name purearray-ct0-fc0 pwwn 50:01:43:80:24:11:11:11
device-alias name purearray-ct0-fc1 pwwn 50:01:43:80:24:11:11:12
device-alias name purearray-ct1-fc0 pwwn 50:01:43:80:24:22:22:22
Total number of entries = 27
show device-alias name server1_hba1
Look up one alias.
switch# show device-alias name esx01_hba1
device-alias name esx01_hba1 pwwn 21:00:00:00:00:00:00:11
05Login troubleshooting (FLOGI)
Fabric login: the moment an HBA or array port joins the fabric. No FLOGI, no FCNS registration, no zoning match — nothing works. This is checkpoint two in the triage chain.
Healthy: every expected port present in the FLOGI database with the right VSAN and FCID.
Warning: FLOGI internal error counters incrementing; logins present but flapping in event-history.
Critical: port up with no FLOGI entry — the device is powered and linked but not joining the fabric.
Next: port-level event history (show flogi internal event-history interface) tells you whether the login attempt arrives at all; if it never arrives, the problem is host-side HBA or cabling, not the switch.
show flogi database
All FLOGI entries on the switch. Each row is one HBA port login.
switch# show flogi database
INTERFACE VSAN FCID PORT NAME NODE NAME
fc1/1 100 0x0b0100 21:00:00:00:00:00:00:11 20:00:00:00:00:00:00:11
fc1/2 100 0x0b0200 21:00:00:00:00:00:00:12 20:00:00:00:00:00:00:12
fc1/3 100 0x0b0300 21:00:00:00:00:00:00:13 20:00:00:00:00:00:00:13
fc1/5 100 0x0b0500 50:01:43:80:24:11:11:11 50:01:43:80:24:11:11:10
Total number of flogi = 4.
show flogi database details
Adds the symbolic port name (vendor-supplied HBA description) and other FC-2 layer attributes.
switch# show flogi database details
fc1/1
pWWN : 21:00:00:00:00:00:00:11
nWWN : 20:00:00:00:00:00:00:11
fcid : 0x0b0100
port-name : Emulex LightPulse LPe35002-M2
class : 3
speed : 32 Gbps
bb_credit : 64
show flogi database fcid 0x0b0100
Look up by FCID.
switch# show flogi database fcid 0x0b0100
INTERFACE VSAN FCID PORT NAME NODE NAME
fc1/1 100 0x0b0100 21:00:00:00:00:00:00:11 20:00:00:00:00:00:00:11
show flogi database interface fc1/1
What’s logged in on one specific port.
switch# show flogi database interface fc1/1
INTERFACE VSAN FCID PORT NAME NODE NAME
fc1/1 100 0x0b0100 21:00:00:00:00:00:00:11 20:00:00:00:00:00:00:11
show flogi database vsan 10
Everything logged into one VSAN.
switch# show flogi database vsan 10
INTERFACE VSAN FCID PORT NAME
fc2/1 10 0x0e0100 21:00:00:24:ff:8a:11:11
fc2/2 10 0x0e0200 21:00:00:24:ff:8a:22:22
Total number of flogi = 2.
show flogi internal errors
Counters of FLOGI-process internal errors. Spot-check when seeing intermittent HBA login failures with no other obvious cause.
switch# show flogi internal errors
FLOGI Error Counters:
invalid_flogi_format : 0
flogi_reject_duplicate : 2
flogi_reject_zone_policy : 0
flogi_timeout : 1
show flogi internal event-history interface fc1/1
Time-ordered history of every FLOGI state-machine event on one port. Critical for diagnosing intermittent login failures or HBA timeouts.
switch# show flogi internal event-history interface fc1/1
FLOGI history for fc1/1
[2026 May 17 08:14:22.301 UTC] FSM: fc1/1: FLOGI received from 21:00:00:00:00:00:00:11
[2026 May 17 08:14:22.302 UTC] FSM: fc1/1: FLOGI accept sent, FCID 0x0b0100
[2026 May 17 08:14:22.310 UTC] FSM: fc1/1: PLOGI to fabric controller
[2026 May 17 08:14:22.345 UTC] FSM: fc1/1: SCR registered
show flogi internal event-history vsan 11
VSAN-scoped event history. Use when a VSAN is misbehaving and you suspect a recurring login pattern.
switch# show flogi internal event-history vsan 11
FLOGI history for VSAN 11
[2026 May 17 08:14:11.022 UTC] vsan-11: FLOGI on fc1/5 from 21:00:00:00:00:11:22:33
[2026 May 17 08:14:11.024 UTC] vsan-11: FCID 0x0e0500 assigned
06Inventory & identity
Identity, hardware, software, features, and accounts: what this switch is, what is installed in it, and what will boot next. The section TAC quotes back to you.
Healthy: inventory matches your CMDB, boot variables match the running image, no unexpected local accounts.
Warning: staged boot image differs from running — someone prepared an upgrade and stopped; feature enabled that nobody documented.
Critical: serials that do not match asset records (wrong FRU swapped in), or unknown user accounts.
Next: reconcile against IPAM/CMDB and the lifecycle plan; unknown accounts go to security review, not cleanup.
show switch
Quick summary of the chassis model, image, and inventory header. The first command after a fresh SSH session.
switch# show switch
Switch: MDS9710
Switch Inventory:
System Serial Number : JAF1840AEAB
System Model : DS-C9710
NXOS Version : 9.4(1a)
Number of Slots : 10
show switchname
Displays the configured switch hostname. Useful in scripted environments to confirm you’re on the intended fabric.
switch# show switchname
fab-a-mds9710-01
show switchname serialnum
The hostname and chassis serial number on one line — handy when raising a TAC SR or filling out asset records.
switch# show switchname serialnum
fab-a-mds9710-01 : JAF1840AEAB
show switch serialnum
Compact form returning just the chassis serial number. Same value used for entitlement and warranty lookups.
switch# show switch serialnum
JAF1840AEAB
show hardware
Long-form hardware inventory: chassis, supervisors, modules, fans, power supplies, with serial numbers, hardware revisions, and uptime. The single most useful command for hardware audit purposes.
switch# show hardware
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2024, Cisco Systems, Inc. All rights reserved.
Software
BIOS: version 3.1.0
kickstart: version 9.4(1a)
system: version 9.4(1a)
Hardware
cisco MDS 9710 (10 Slot) Chassis ("Supervisor Module-4")
Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz with 16400028 kB of memory.
Processor Board ID JAF1840AEAB
Device name: fab-a-mds9710-01
bootflash: 3915776 kB
Kernel uptime is 145 day(s), 7 hour(s), 22 minute(s), 4 second(s)
show inventory
Full physical inventory — chassis, supervisors, line cards, PSUs, fans — with PIDs and serials. Cisco TAC will ask for this output verbatim.
switch# show inventory
NAME: "Chassis", DESCR: "MDS 9710 (10 Slot) Chassis"
PID: DS-C9710 , VID: V01 , SN: JAF1840AEAB
NAME: "Slot 1", DESCR: "1/10/40 Gbps Ethernet/FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290ABC
NAME: "Slot 5", DESCR: "Supervisor Module-4"
PID: DS-X97-SF4-K9 , VID: V02 , SN: JAE21290DEF
NAME: "Power Supply 1", DESCR: "3000W AC PSU"
PID: DS-CAC-3000W , VID: V01 , SN: ART2128X1234
show inventory chassis
Just the chassis-level entry (no modules / PSUs / fans).
switch# show inventory chassis
NAME: "Chassis", DESCR: "MDS 9710 (10 Slot) Chassis"
PID: DS-C9710 , VID: V01 , SN: JAF1840AEAB
show inventory module
Only the line cards and supervisors — no chassis envelope, no PSUs, no fans.
switch# show inventory module
NAME: "Slot 1", DESCR: "1/10/40 Gbps Ethernet/FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290ABC
NAME: "Slot 2", DESCR: "32 Gbps FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290XYZ
NAME: "Slot 5", DESCR: "Supervisor Module-4"
PID: DS-X97-SF4-K9 , VID: V02 , SN: JAE21290DEF
show inventory module 1
Detail for a single module slot.
switch# show inventory module 1
NAME: "Slot 1", DESCR: "1/10/40 Gbps Ethernet/FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290ABC
show inventory fans
Fan tray entries only.
switch# show inventory fans
NAME: "Fan Tray 1", DESCR: "MDS 9710 Fan Module"
PID: DS-C9710-FAN , VID: V01 , SN: ART2128F1234
NAME: "Fan Tray 2", DESCR: "MDS 9710 Fan Module"
PID: DS-C9710-FAN , VID: V01 , SN: ART2128F5678
show inventory power_supply
PSU entries only — confirm part number and serial during a TAC RMA.
switch# show inventory power_supply
NAME: "Power Supply 1", DESCR: "3000W AC PSU"
PID: DS-CAC-3000W , VID: V01 , SN: ART2128X1234
NAME: "Power Supply 2", DESCR: "3000W AC PSU"
PID: DS-CAC-3000W , VID: V01 , SN: ART2128X5678
show feature
Lists which optional NX-OS features are enabled. If a command is “not recognised”, first check whether the feature is enabled.
switch# show feature
Feature Name Instance State
-------------------- -------- --------
ssh 1 enabled
telnet 1 disabled
tacacs 1 enabled
npiv 1 enabled
fport-channel-trunk 1 enabled
fcsp 1 disabled
fabric-binding 1 enabled
port-security 1 disabled
show boot
Currently-staged boot image variables. What the switch will load on its next reload.
switch# show boot
Current Boot Variables:
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
Boot Variables on next reload:
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
show boot current
What the currently running image set is. Compare with show boot to detect a staged-but-not-yet-loaded image.
switch# show boot current
Current Boot Variables:
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
show boot variables
Same as show boot but laid out explicitly per supervisor — useful in dual-sup chassis.
switch# show boot variables
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
sup-2
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
show boot module
Shows whether any per-module images (EPLDs / line-card images) are staged. Mostly used in EPLD upgrade procedures.
switch# show boot module
Module image variables for next reload:
Module 1 : Default
Module 2 : Default
Module 5 : Default (Supervisor)
Module 6 : Default (Supervisor)
show system default switchport
Shows the chassis-wide port defaults (mode, speed, rate-mode). If new interfaces are coming up in an unexpected mode, this is where to start.
switch# show system default switchport
System default port state is shut
System default port mode is auto
System default port speed is auto
System default trunk mode is on
System default port rate mode is shared
System default port-vsan is 1
show users
Active logged-in users with their TTY and source IP. Confirms who else is on the switch right now.
switch# show users
NAME LINE TIME IDLE FROM
admin pts/0 May 18 22:00 . 10.12.4.10
operator pts/1 May 18 21:43 00:17 10.12.4.55
show user-account
All locally-defined user accounts, their roles, and password expiry state.
switch# show user-account
user:admin
this user account has no expiry date
roles:network-admin
user:operator
this user account has no expiry date
roles:network-operator
07Performance
CPU, memory, process behavior, and the frame-level counters that expose slow-drain and credit starvation — the usual suspects behind “storage feels slow but nothing is down.”
Healthy: CPU spiky but recovering, memory flat over weeks, zero remaining-credit stalls, discard counters static.
Warning: 5-minute CPU average climbing across days; one process growing in show processes memory sort; BB_credit remaining frequently at zero on one port.
Critical: sustained credit starvation on an ISL (slow-drain), or memory growth that does not plateau — leak until proven otherwise.
Next: for slow-drain, find the slowest device behind the port (show interface bbcredit plus FCNS lookup); for leaks, capture show processes memory shared and open a TAC SR with the trend, not a snapshot.
show system resources
Live CPU and memory utilisation snapshot. Spot-check after a config push or during a perceived slowness window.
switch# show system resources
Load average: 1 minute: 0.41 5 minutes: 0.38 15 minutes: 0.35
Processes : 1142 total, 2 running
CPU states : 2.3% user, 4.1% kernel, 93.6% idle
Memory usage: 16400028K total, 4882104K used, 11517924K free
show processes
All processes with state and short-name. The PID column feeds many other commands in this section.
switch# show processes
PID State PC Start_cnt TTY Type Process
1 S 7f8a14e000 1 - O init
1213 S 7f8a18c000 1 - O bgp
1234 S 7f8a19a000 1 - O fcns
1287 S 7f8a1a3000 2 - O zone-mgr
show processes cpu
CPU utilisation per process, sorted highest first by default.
switch# show processes cpu
PID Runtime(ms) Invoked uSecs 1Sec Process
1213 148723 3402102 436 1.2 bgp
1234 88401 1284037 688 0.8 fcns
1287 62120 943122 659 0.4 zone-mgr
show processes cpu sort 5min
Sorted by 5-minute average. Use this when chasing a slow leak rather than a momentary spike.
switch# show processes cpu sort 5min
PID 1Sec 1Min 5Min Process
1213 1.2 1.4 1.5 bgp
1234 0.8 0.9 1.1 fcns
1287 0.4 0.5 0.6 zone-mgr
show processes memory
Memory usage per process — total and resident.
switch# show processes memory
PID MemAlloc MemLimit MemUsed StackSize Process
1213 12582912 52428800 8388608 2097152 bgp
1234 8388608 52428800 4194304 2097152 fcns
1287 16777216 52428800 12582912 2097152 zone-mgr
show processes memory sort
Same as above, sorted by MemUsed descending — top consumer at the top.
switch# show processes memory sort
PID MemUsed MemAlloc Process
1287 12582912 16777216 zone-mgr
1213 8388608 12582912 bgp
1234 4194304 8388608 fcns
show processes memory shared
Shared-memory regions used by NX-OS subsystems (PSS shared memory blocks). A bloated shared-memory segment can indicate a leak in subsystem persistence.
switch# show processes memory shared
Component Shared Memory Statistics
Component Size (KB) Used (KB) Free (KB)
PSS-fcns 8192 1248 6944
PSS-zone 4096 892 3204
PSS-flogi 2048 412 1636
show interface detail-counters
Layer-2 frame counters in deep detail. Includes ordered sets, BB_credit, class-of-service counters, error sub-types.
switch# show interface detail-counters
fc1/1
1234567 frames input, 985432109 bytes
0 class-2 frames, 0 bytes
1234567 class-3 frames, 985432109 bytes
0 BB_credit transitions to zero
0 LRR input, 0 LRR output
0 OLS input, 0 OLS output
0 NOS input, 0 NOS output
0 fragmented frames, 0 invalid CRC
show interface counters brief
One-line-per-port summary of in/out frame counts and discards.
switch# show interface counters brief
Interface Input (rate is 5 min avg) Output (rate is 5 min avg)
Rate Total Rate Total
fc1/1 124 Mbit/s 1234567 162 Mbit/s 2345678
fc1/2 88 987654 104 1098765
show interface bbcredit
Per-port BB_credit configuration and the live remaining-credit indicator. Tracks fabric slow-drain and credit starvation.
switch# show interface bbcredit
Interface Tx-BB_credit Rx-BB_credit BB_credit_to_Zero
fc1/1 64 64 0
fc1/2 64 64 0
fc1/3 64 64 27
fc1/4 16 16 1842
08Incident runbooks
Three playbooks for the calls that actually come in. Each step links to the command family that answers it.
Runbook 1 · Host cannot see storage
show interface brief— host port and array port both up, correct VSAN? Down → physical layer: optic, cable, host HBA. Stop here.show flogi database— both WWPNs logged in? Missing → FLOGI event-history for that port; problem is below the fabric.show fcns database— both registered in the same VSAN? Logged in but unregistered → FCNS statistics for rejects.show zoneset active vsan <n>— initiator and target in a common active zone, both starred? Unstarred or absent → zoning change never activated; compare configured vs active.- All four pass → the fabric is delivering frames; move the investigation to array masking/LUN mapping and host multipathing.
Runbook 2 · Fabric instability (flaps, resets, weirdness)
show logging logfile— establish the first failure timestamp and the error-IDs around it. Decode unknowns withshow system error-id.show hardware/show system reset-reason module— did a module reset? Why?show processes cpu— control-plane saturation co-timed with the instability?show interface counters brieftwice, two minutes apart — which counters are actually moving?- Pattern repeats on a cadence → suspect a flapping optic or a misbehaving device; isolate the port before it destabilises the VSAN.
Runbook 3 · Slow storage performance, nothing down
show system resources— rule the control plane out first; data plane is ASIC, but a starved control plane delays logins and zoning ops.show interfaceon the host, ISL, and array ports — errors, discards, utilisation.show interface bbcredit— remaining-credit at or near zero on any port in the path is slow-drain until proven otherwise.- Find the slowest consumer behind the starved port via
show fcns databaseand quarantine or rate-limit it; the fix is at the device, not the ISL you are tempted to upgrade.
Escalation taking too long?
WUC engineers assist with SAN diagnostics, zoning reviews, fabric validation, and remediation planning — on Cisco MDS estates inside and outside OEM support.
Talk to engineering →09Escalation collection
Evidence first, opinions second. These commands build the package that gets a TAC SR moving — crash logs, the system log, error decoding, and the full tech-support bundle.
Healthy: auto-collect tech-support enabled, crash-log index empty, log noise understood.
Warning: recurring error-IDs you cannot yet explain; login failures clustering from one source.
Critical: any entry in show processes log — a process crashed and left forensics behind.
Next: collect before you change anything: tech-support to bootflash per switch, exact timestamps, then escalate with the package — or bring it to us and skip the queue.
show system auto-collect tech-support
Status of the periodic auto-collected show tech-support archive. Cisco TAC’s preferred starting artefact when you open an SR — confirm it’s enabled before you hit a problem.
switch# show system auto-collect tech-support
Auto-collect: Enabled
Trigger: Every reload event
Retention: Last 4 archives
Location: bootflash:autocollect_tac/
show system error-id list
Lists all NX-OS error identifiers known to the running image. Use to translate cryptic syslog error codes into something searchable.
switch# show system error-id list Error-Id Error description ----------------- ---------------------------------------------------------- 0x4035000F Port suspended due to flapping 0x402000EC Port disabled by fabric binding policy 0x40060010 FLOGI rejected: duplicate FCID ... (truncated)
show system error-id 0x402000EC
Decode a specific error ID — name, the module that emits it, and a short rationale.
switch# show system error-id 0x402000EC
Err code : 0x402000EC
Err name : fabric-binding-deny
Component : fabric-binding
Detail : Switch peer is not permitted by the active fabric-binding database.
show system login failures
Recent failed login attempts. Spot-check during a security audit or after suspected unauthorised access.
switch# show system login failures
USERNAME LINE FROM FAILURE COUNT
admin ttyS0 - 0
operator pts/0 10.12.4.55 3
show processes log
Index of crashed-process logs (one row per crash event).
switch# show processes log
Process PID Normal-exit Stack Core Log-create-time
fcns 1234 N Y Y May 3 02:14:11
zone-mgr 1287 N Y N May 9 18:42:30
show processes log details
Verbose form — every captured field for each crash log.
switch# show processes log details
Service: fcns
Description: Fibre Channel Name Server
Started at Mon May 18 14:43:21 2026 (483102 us)
Stopped at Wed May 20 02:14:11 2026 (211049 us)
Uptime: 1 day 11 hours 30 minutes
Start type: SRV_OPTION_RESTART_STATEFUL (1)
Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (3)
Exit code: signal 11 (no core)
show processes log pid 1234
Detail for one specific crash event by PID.
switch# show processes log pid 1234 Service: fcns PID: 1234 Started at Mon May 18 14:43:21 2026 Stopped at Wed May 20 02:14:11 2026 Stack trace: 0x7f8a1234abcd in fcns_handle_request() 0x7f8a1234ef01 in fcns_main_loop() ... (truncated)
show logging logfile
The persistent system log. The first command in any incident: establish what the switch logged, and exactly when, before anyone forms a theory.
switch# show logging logfile | last 5
2026 Jun 10 14:02:11 fab-a-mds9710-01 %PORT-5-IF_UP: %$VSAN 100%$ Interface fc1/12 is up
2026 Jun 10 14:02:11 fab-a-mds9710-01 %FLOGI-1-MSG_FLOGI: %$VSAN 100%$ FLOGI from 21:00:f4:e9:d4:54:ab:10 (fc1/12)
2026 Jun 10 14:07:43 fab-a-mds9710-01 %PORT-5-IF_DOWN_LINK_FAILURE: %$VSAN 100%$ Interface fc1/12 is down (Link failure)
2026 Jun 10 14:07:51 fab-a-mds9710-01 %PORT-5-IF_UP: %$VSAN 100%$ Interface fc1/12 is up
2026 Jun 10 14:12:09 fab-a-mds9710-01 %DEVICE-ALIAS-3-VALIDATION_FAILED: Validation failed, reverting session
show tech-support details
The full diagnostic bundle Cisco TAC expects with an SR. Multi-megabyte — never page it to a terminal; redirect to bootflash and pull the file off the switch.
switch# show tech-support details > bootflash:ts-fab-a-mds9710-01-20260611.txt switch# dir bootflash: | include ts- 68472113 Jun 11 02:14:55 2026 ts-fab-a-mds9710-01-20260611.txt
Cisco MDS Incident Command Checklist
The five phases above — baseline, triage, evidence, escalation, change-window validation — as a printable one-pager for the rack door. Name and work email, and it is yours.
Operating Notes
Pipe filters. Every show command supports | include <pattern>, | exclude <pattern>, | begin <pattern>, | count, | no-more. Use | no-more in scripts to suppress paging.
Output redirection. show <command> > bootflash:filename.txt saves output to flash for later TAC upload. > tftp://server/path writes it directly off-box.
Show tech-support. When TAC asks for diagnostics, show tech-support details is the standard package. Pair with show logging onboard for hardware-level event history.
Default zone policy. If a device appears in FLOGI/FCNS but cannot see its expected target, check show zone status vsan <n> for default-zone: deny vs default-zone: permit. In production fabrics the policy should always be deny.
Active vs configured. Many MDS objects exist in two forms — active (enforced) and configured (editable). Zoneset, fabric-binding, port-security, and device-alias all follow this pattern. When something looks right in the configured form but the fabric doesn’t behave that way, you’ve forgotten to activate.
High CPU during maintenance windows may be normal. Zoneset activation, FCNS bursts after an array reboot, and tech-support collection all spike the control plane. Judge CPU against what the fabric is doing, not against a quiet-day baseline.
Do not rely on interface status alone for SAN health. A port can be up with a failing transmitter, credit starvation, or a device that logged in and registered nothing. Up means layer 1; health means FLOGI, FCNS, and clean counters.
Collect baseline outputs before escalation — and before change windows. The diff between baseline and broken is the fastest path TAC has; without a baseline, every anomaly becomes a debate.
FAQFrequently asked questions
Q01What is Cisco NX-OS?
NX-OS is the network operating system on Cisco data-center platforms, including the MDS 9000 SAN switch family. On MDS it succeeded SAN-OS, and these commands target NX-OS 8.x and 9.x on MDS directors and fabric switches.
Q02What commands show zoning?
show zoneset active shows what the fabric enforces; show zone status vsan shows mode and default policy; show zone member pwwn reverse-looks-up where a WWN is zoned. Remember: configured and active are different databases.
Q03How do I collect diagnostics for Cisco TAC?
Redirect show tech-support details to bootflash per affected switch, add show inventory and show logging logfile, note the first-failure timestamp, and attach all of it to the SR at open time — not after the first round-trip.
Q04How do I validate fabric login?
Two layers: show flogi database proves the device logged into the switch; show fcns database proves it registered with the fabric name server. A device present in FLOGI but absent from FCNS is a fabric-services problem, not a link problem.
Q05How do I check SFP health?
show interface transceiver details reports live temperature, voltage, and RX/TX power per optic against vendor thresholds. Capture it before and after replacing an optic — the before output is your evidence, the after output is your proof.
Q06Are these commands safe to run in production?
Yes — everything on this page is a read-only show variant, safe from user EXEC mode with no config terminal. The one caution is volume: redirect show tech-support details to a file rather than the terminal.
Q07What is a VSAN?
A virtual SAN: an independent fabric — its own FLOGI, FCNS, and zoning — multiplexed onto shared hardware. Almost every command here takes a vsan argument because state is kept per VSAN, not per switch.
Q08What is the difference between the active and configured zoneset?
The configured zoneset is the editable working copy; the active zoneset is what the fabric enforces. Changes take effect only on zoneset activate. When behavior contradicts what the config shows, compare the two — someone forgot to activate.
References
- Cisco Systems. Cisco MDS 9000 Series Command Reference, Release 9.x. The authoritative syntax reference for every command on this page.
- Cisco Systems. MDS 9000 NX-OS and SAN-OS Command References. Per-release command reference index, SAN-OS 1.x through NX-OS 9.x.
Running Cisco MDS in production?
Bring us the outputs this page taught you to collect. WUC SAN engineers deliver fabric assessments, health reviews, configuration and zoning reviews, and migration planning — for MDS estates inside and outside OEM support, under post-OEM storage maintenance.
- Fabric assessment
- Health review
- Configuration review
- Migration planning
Prefer to talk it through first?
Book a technical consultation → View managed servicesNo prep slides required · References available under NDA · Multi-OEM coverage across Dell EMC, HPE, IBM, NetApp