Field Guide · SAN Operations
Cisco MDS NX-OS Command Reference for Production SAN Operators
A practical operational reference for Cisco MDS 9000 Series multilayer SAN directors and fabric switches running NX-OS. Every command listed includes what it shows, when to run it, and a representative output captured from production directors.
config terminal required. Every output shown is representative of a production MDS 9710 director running NX-OS 9.4(1a) — exact field labels and counter names may differ slightly across releases.
01Switch identity & system
Use these commands to confirm what hardware you’re connected to, when it last booted, and what software image is running. They are typically the first 30 seconds of any troubleshooting session — TAC will ask for several of these in the first reply.
show switch
Quick summary of the chassis model, image, and inventory header. The first command after a fresh SSH session.
switch# show switch
Switch: MDS9710
Switch Inventory:
System Serial Number : JAF1840AEAB
System Model : DS-C9710
NXOS Version : 9.4(1a)
Number of Slots : 10
show switchname
Displays the configured switch hostname. Useful in scripted environments to confirm you’re on the intended fabric.
switch# show switchname
fab-a-mds9710-01
show switchname serialnum
The hostname and chassis serial number on one line — handy when raising a TAC SR or filling out asset records.
switch# show switchname serialnum
fab-a-mds9710-01 : JAF1840AEAB
show switch serialnum
Compact form returning just the chassis serial number. Same value used for entitlement and warranty lookups.
switch# show switch serialnum
JAF1840AEAB
show wwn switch
Displays the switch’s base WWN. This is the seed WWN from which interface WWNs and the fabric Principal Switch identity are derived. Required when joining a switch to an existing fabric with strict fabric-binding.
switch# show wwn switch
Switch WWN is 20:00:54:7f:ee:1a:bc:80
show hardware
Long-form hardware inventory: chassis, supervisors, modules, fans, power supplies, with serial numbers, hardware revisions, and uptime. The single most useful command for hardware audit purposes.
switch# show hardware
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2024, Cisco Systems, Inc. All rights reserved.
Software
BIOS: version 3.1.0
kickstart: version 9.4(1a)
system: version 9.4(1a)
Hardware
cisco MDS 9710 (10 Slot) Chassis ("Supervisor Module-4")
Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz with 16400028 kB of memory.
Processor Board ID JAF1840AEAB
Device name: fab-a-mds9710-01
bootflash: 3915776 kB
Kernel uptime is 145 day(s), 7 hour(s), 22 minute(s), 4 second(s)
show clock
Current system time, timezone, and clock source (NTP synced or local). Critical when correlating logs across fabrics.
switch# show clock
22:18:47.336 UTC Mon May 18 2026
show clock detail
Adds timezone offset, daylight-saving status, and skew details. Use when you suspect NTP drift between switches.
switch# show clock detail
22:18:51.118 UTC Mon May 18 2026
Time source is NTP
Summer time is not in effect.
show system uptime
Time since last reboot — short, scriptable form.
switch# show system uptime
System start time: Tue Dec 24 14:56:43 2025
System uptime: 145 days, 7 hours, 22 minutes, 4 seconds
Kernel uptime: 145 days, 7 hours, 22 minutes, 4 seconds
Active supervisor uptime: 145 days, 7 hours, 22 minutes, 4 seconds
show system resources
Live CPU and memory utilisation snapshot. Spot-check after a config push or during a perceived slowness window.
switch# show system resources
Load average: 1 minute: 0.41 5 minutes: 0.38 15 minutes: 0.35
Processes : 1142 total, 2 running
CPU states : 2.3% user, 4.1% kernel, 93.6% idle
Memory usage: 16400028K total, 4882104K used, 11517924K free
show system default switchport
Shows the chassis-wide port defaults (mode, speed, rate-mode). If new interfaces are coming up in an unexpected mode, this is where to start.
switch# show system default switchport
System default port state is shut
System default port mode is auto
System default port speed is auto
System default trunk mode is on
System default port rate mode is shared
System default port-vsan is 1
show system redundancy status
Status of supervisor redundancy in dual-sup chassis (MDS 9710, 9706). Confirms HA standby is Active and image versions match before any maintenance window.
switch# show system redundancy status
Redundancy mode
---------------
administrative: HA
operational: HA
This supervisor (sup-1)
-----------------------
Redundancy state: Active
Supervisor state: Active
Other supervisor (sup-2)
------------------------
Redundancy state: Standby
Supervisor state: HA standby
show system login failures
Recent failed login attempts. Spot-check during a security audit or after suspected unauthorised access.
switch# show system login failures
USERNAME LINE FROM FAILURE COUNT
admin ttyS0 - 0
operator pts/0 10.12.4.55 3
show system auto-collect tech-support
Status of the periodic auto-collected show tech-support archive. Cisco TAC’s preferred starting artefact when you open an SR — confirm it’s enabled before you hit a problem.
switch# show system auto-collect tech-support
Auto-collect: Enabled
Trigger: Every reload event
Retention: Last 4 archives
Location: bootflash:autocollect_tac/
show system error-id list
Lists all NX-OS error identifiers known to the running image. Use to translate cryptic syslog error codes into something searchable.
switch# show system error-id list Error-Id Error description ----------------- ---------------------------------------------------------- 0x4035000F Port suspended due to flapping 0x402000EC Port disabled by fabric binding policy 0x40060010 FLOGI rejected: duplicate FCID ... (truncated)
show system error-id 0x402000EC
Decode a specific error ID — name, the module that emits it, and a short rationale.
switch# show system error-id 0x402000EC
Err code : 0x402000EC
Err name : fabric-binding-deny
Component : fabric-binding
Detail : Switch peer is not permitted by the active fabric-binding database.
show system reset-reason module 5
Why a given module (here slot 5) last reset. The kind of question you’d otherwise reverse-engineer from console logs and uptime.
switch# show system reset-reason module 5
--- reset reason for module 5 ---
1) At 224057 usecs after Mon May 13 03:14:08 2024
Reason: Reset triggered due to HA policy of Reset
Service: Module not responding to keepalives
Version: 9.4(1a)
show feature
Lists which optional NX-OS features are enabled. If a command is “not recognised”, first check whether the feature is enabled.
switch# show feature
Feature Name Instance State
-------------------- -------- --------
ssh 1 enabled
telnet 1 disabled
tacacs 1 enabled
npiv 1 enabled
fport-channel-trunk 1 enabled
fcsp 1 disabled
fabric-binding 1 enabled
port-security 1 disabled
show users
Active logged-in users with their TTY and source IP. Confirms who else is on the switch right now.
switch# show users
NAME LINE TIME IDLE FROM
admin pts/0 May 18 22:00 . 10.12.4.10
operator pts/1 May 18 21:43 00:17 10.12.4.55
show user-account
All locally-defined user accounts, their roles, and password expiry state.
switch# show user-account
user:admin
this user account has no expiry date
roles:network-admin
user:operator
this user account has no expiry date
roles:network-operator
show boot
Currently-staged boot image variables. What the switch will load on its next reload.
switch# show boot
Current Boot Variables:
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
Boot Variables on next reload:
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
show boot current
What the currently running image set is. Compare with show boot to detect a staged-but-not-yet-loaded image.
switch# show boot current
Current Boot Variables:
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
show boot variables
Same as show boot but laid out explicitly per supervisor — useful in dual-sup chassis.
switch# show boot variables
sup-1
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
sup-2
kickstart variable = bootflash:/m9700-sf4ek9-kickstart-mz.9.4.1a.bin
system variable = bootflash:/m9700-sf4ek9-mz.9.4.1a.bin
show boot module
Shows whether any per-module images (EPLDs / line-card images) are staged. Mostly used in EPLD upgrade procedures.
switch# show boot module
Module image variables for next reload:
Module 1 : Default
Module 2 : Default
Module 5 : Default (Supervisor)
Module 6 : Default (Supervisor)
02Environment & hardware inventory
These commands surface the physical state of the chassis: power, temperature, fan health, modules. Run them when investigating thermal events, PSU faults, or before a maintenance window.
show environment
All environmental telemetry in one pass — fans, power, temperature sensors, voltage.
switch# show environment
Power Supply:
-----------------------------------------------------
PS Model Power Power Status
(Watts) (Amp)
-----------------------------------------------------
1 DS-CAC-3000W 3000.00 250.00 Ok
2 DS-CAC-3000W 3000.00 250.00 Ok
3 DS-CAC-3000W 3000.00 250.00 Ok
4 DS-CAC-3000W --- --- Absent
Fan:
------------------------------------------------------
Fan Model Hw Direction Status
------------------------------------------------------
Fan1 DS-C9710-FAN 1.0 front-to-back Ok
Fan2 DS-C9710-FAN 1.0 front-to-back Ok
Fan3 DS-C9710-FAN 1.0 front-to-back Ok
Temperature:
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
-------------------------------------------------------------------
1 Asic-1 90 75 42 Ok
5 CPU 90 75 38 Ok
6 CPU 90 75 39 Ok
show environment power
Just the power section of show environment. Useful when a PSU alarm is paging.
switch# show environment power
Voltage: 12 Volts
PS Model Power Status
(Watts)
1 DS-CAC-3000W 3000.00 Ok
2 DS-CAC-3000W 3000.00 Ok
3 DS-CAC-3000W 3000.00 Ok
4 DS-CAC-3000W --- Absent
Mod Model Power Power Status
Requested Allocated
(Watts) (Watts)
1 DS-X9648-1536K9 640 640 Powered-up
2 DS-X9648-1536K9 640 640 Powered-up
show environment temperature
Just the temperature sensors. Useful before/after airflow changes.
switch# show environment temperature
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
1 Intake 65 55 29 Ok
1 Outlet 80 70 38 Ok
1 Asic-1 90 75 42 Ok
5 CPU 90 75 38 Ok
show environment fan
Just the fan tray section. Check after a fan-tray swap or following a thermal alarm.
switch# show environment fan
Fan Model Hw Direction Status
Fan1 DS-C9710-FAN 1.0 front-to-back Ok
Fan2 DS-C9710-FAN 1.0 front-to-back Ok
Fan3 DS-C9710-FAN 1.0 front-to-back Ok
Zone Speed: 80%
show inventory
Full physical inventory — chassis, supervisors, line cards, PSUs, fans — with PIDs and serials. Cisco TAC will ask for this output verbatim.
switch# show inventory
NAME: "Chassis", DESCR: "MDS 9710 (10 Slot) Chassis"
PID: DS-C9710 , VID: V01 , SN: JAF1840AEAB
NAME: "Slot 1", DESCR: "1/10/40 Gbps Ethernet/FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290ABC
NAME: "Slot 5", DESCR: "Supervisor Module-4"
PID: DS-X97-SF4-K9 , VID: V02 , SN: JAE21290DEF
NAME: "Power Supply 1", DESCR: "3000W AC PSU"
PID: DS-CAC-3000W , VID: V01 , SN: ART2128X1234
show inventory chassis
Just the chassis-level entry (no modules / PSUs / fans).
switch# show inventory chassis
NAME: "Chassis", DESCR: "MDS 9710 (10 Slot) Chassis"
PID: DS-C9710 , VID: V01 , SN: JAF1840AEAB
show inventory module
Only the line cards and supervisors — no chassis envelope, no PSUs, no fans.
switch# show inventory module
NAME: "Slot 1", DESCR: "1/10/40 Gbps Ethernet/FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290ABC
NAME: "Slot 2", DESCR: "32 Gbps FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290XYZ
NAME: "Slot 5", DESCR: "Supervisor Module-4"
PID: DS-X97-SF4-K9 , VID: V02 , SN: JAE21290DEF
show inventory module 1
Detail for a single module slot.
switch# show inventory module 1
NAME: "Slot 1", DESCR: "1/10/40 Gbps Ethernet/FC Module"
PID: DS-X9648-1536K9 , VID: V01 , SN: JAE21290ABC
show inventory fans
Fan tray entries only.
switch# show inventory fans
NAME: "Fan Tray 1", DESCR: "MDS 9710 Fan Module"
PID: DS-C9710-FAN , VID: V01 , SN: ART2128F1234
NAME: "Fan Tray 2", DESCR: "MDS 9710 Fan Module"
PID: DS-C9710-FAN , VID: V01 , SN: ART2128F5678
show inventory power_supply
PSU entries only — confirm part number and serial during a TAC RMA.
switch# show inventory power_supply
NAME: "Power Supply 1", DESCR: "3000W AC PSU"
PID: DS-CAC-3000W , VID: V01 , SN: ART2128X1234
NAME: "Power Supply 2", DESCR: "3000W AC PSU"
PID: DS-CAC-3000W , VID: V01 , SN: ART2128X5678
show hardware internal mgmt0 stats
Low-level stats from the management Ethernet interface. Useful when you suspect packet loss into the switch from a management plane perspective.
switch# show hardware internal mgmt0 stats
mgmt0 statistics:
rx_packets : 1840452312
rx_bytes : 244091245612
rx_errors : 0
rx_drops : 17
tx_packets : 1442118203
tx_bytes : 198443110987
tx_errors : 0
tx_drops : 0
03System health
The show system health family runs the chassis’s built-in diagnostic loop and reports the most recent results. Cisco TAC requests these whenever a port behaves abnormally on otherwise-healthy hardware.
show system health
Top-level summary of online diagnostic state across modules.
switch# show system health
Current health information for module 1
Test Frequency Status Action
InternalPortLoopback 60 sec OK Notify
ASICRegisterCheck 60 sec OK Notify
PrimaryBootROM On Demand OK Notify
SecondaryBootROM On Demand OK Notify
show system health module 1
Same view, scoped to a single slot.
switch# show system health module 1
Current health information for module 1
Test Frequency Status Action
InternalPortLoopback 60 sec OK Notify
ASICRegisterCheck 60 sec OK Notify
show system health statistics
Cumulative pass/fail counters since the last reload.
switch# show system health statistics
Test statistics for module 1
Test Run-Count Pass-Count Fail-Count
InternalPortLoopback 209400 209400 0
ASICRegisterCheck 209400 209400 0
PrimaryBootROM 4 4 0
show system health statistics module 1
Per-slot view of the above.
switch# show system health statistics module 1
Test statistics for module 1
Test Run-Count Pass-Count Fail-Count
InternalPortLoopback 209400 209400 0
ASICRegisterCheck 209400 209400 0
show system health statistics loopback
Loopback test counters across all monitored interfaces. A growing fail-count points to a bad transceiver or an ASIC path issue.
switch# show system health statistics loopback
Interface Run-Count Pass-Count Fail-Count
fc1/1 209400 209400 0
fc1/2 209400 209400 0
fc1/3 209400 209400 0
fc1/4 209400 209398 2
show system health statistics loopback module 1
Scoped to module 1.
switch# show system health statistics loopback module 1
Interface Run-Count Pass-Count Fail-Count
fc1/1 209400 209400 0
fc1/2 209400 209400 0
fc1/4 209400 209398 2
show system health statistics loopback interface fc1/1
Single-interface view — useful when chasing a specific port flap.
switch# show system health statistics loopback interface fc1/1
Interface Run-Count Pass-Count Fail-Count
fc1/1 209400 209400 0
04Processes
NX-OS is a Linux-based OS. These commands surface the same process and memory data you’d see from ps and top, but scoped to NX-OS services.
show processes
All processes with state and short-name. The PID column feeds many other commands in this section.
switch# show processes
PID State PC Start_cnt TTY Type Process
1 S 7f8a14e000 1 - O init
1213 S 7f8a18c000 1 - O bgp
1234 S 7f8a19a000 1 - O fcns
1287 S 7f8a1a3000 2 - O zone-mgr
show processes cpu
CPU utilisation per process, sorted highest first by default.
switch# show processes cpu
PID Runtime(ms) Invoked uSecs 1Sec Process
1213 148723 3402102 436 1.2 bgp
1234 88401 1284037 688 0.8 fcns
1287 62120 943122 659 0.4 zone-mgr
show processes cpu sort 5min
Sorted by 5-minute average. Use this when chasing a slow leak rather than a momentary spike.
switch# show processes cpu sort 5min
PID 1Sec 1Min 5Min Process
1213 1.2 1.4 1.5 bgp
1234 0.8 0.9 1.1 fcns
1287 0.4 0.5 0.6 zone-mgr
show processes memory
Memory usage per process — total and resident.
switch# show processes memory
PID MemAlloc MemLimit MemUsed StackSize Process
1213 12582912 52428800 8388608 2097152 bgp
1234 8388608 52428800 4194304 2097152 fcns
1287 16777216 52428800 12582912 2097152 zone-mgr
show processes memory sort
Same as above, sorted by MemUsed descending — top consumer at the top.
switch# show processes memory sort
PID MemUsed MemAlloc Process
1287 12582912 16777216 zone-mgr
1213 8388608 12582912 bgp
1234 4194304 8388608 fcns
show processes memory shared
Shared-memory regions used by NX-OS subsystems (PSS shared memory blocks). A bloated shared-memory segment can indicate a leak in subsystem persistence.
switch# show processes memory shared
Component Shared Memory Statistics
Component Size (KB) Used (KB) Free (KB)
PSS-fcns 8192 1248 6944
PSS-zone 4096 892 3204
PSS-flogi 2048 412 1636
show processes log
Index of crashed-process logs (one row per crash event).
switch# show processes log
Process PID Normal-exit Stack Core Log-create-time
fcns 1234 N Y Y May 3 02:14:11
zone-mgr 1287 N Y N May 9 18:42:30
show processes log details
Verbose form — every captured field for each crash log.
switch# show processes log details
Service: fcns
Description: Fibre Channel Name Server
Started at Mon May 18 14:43:21 2026 (483102 us)
Stopped at Wed May 20 02:14:11 2026 (211049 us)
Uptime: 1 day 11 hours 30 minutes
Start type: SRV_OPTION_RESTART_STATEFUL (1)
Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (3)
Exit code: signal 11 (no core)
show processes log pid 1234
Detail for one specific crash event by PID.
switch# show processes log pid 1234 Service: fcns PID: 1234 Started at Mon May 18 14:43:21 2026 Stopped at Wed May 20 02:14:11 2026 Stack trace: 0x7f8a1234abcd in fcns_handle_request() 0x7f8a1234ef01 in fcns_main_loop() ... (truncated)
05Interfaces (FC / Mgmt / Port-Channel)
The show interface family is the workhorse of any SAN troubleshooting session. Each variant trades depth for scan-ability — brief forms for sweep, counter forms for drill-down, transceiver forms for layer-1 questions.
show interface
All interfaces, all detail — counters, status, speed, mode, VSAN. The most verbose interface view available.
switch# show interface
fc1/1 is up
Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN)
Port WWN is 20:01:54:7f:ee:1a:bc:80
Admin port mode is auto, trunk mode is on
Port mode is F, FCID is 0x0b0100
Port vsan is 100
Speed is 32 Gbps
Transmit B2B Credit is 64
Receive B2B Credit is 64
1234567 frames input, 985432109 bytes
0 discards, 0 errors
2345678 frames output, 1843102100 bytes
0 discards, 0 errors
show interface brief
One row per interface — status, VSAN, mode, speed. Best for rapid fabric scan.
switch# show interface brief
Interface Vsan Admin Admin Status SFP Oper Oper Port-channel
Mode Trunk Type Mode Speed
fc1/1 100 auto on up swl F 32 --
fc1/2 100 auto on up swl F 32 --
fc1/3 100 auto on up swl F 32 --
fc1/4 1 auto on down -- -- -- --
show interface description
Interface descriptions — what each port is wired to, per the operator’s documentation.
switch# show interface description
Interface Description
fc1/1 ESX01-vmhba2
fc1/2 ESX02-vmhba2
fc1/3 ESX03-vmhba2
mgmt0 OOB-mgmt-vlan104
show interface detail-counters
Layer-2 frame counters in deep detail. Includes ordered sets, BB_credit, class-of-service counters, error sub-types.
switch# show interface detail-counters
fc1/1
1234567 frames input, 985432109 bytes
0 class-2 frames, 0 bytes
1234567 class-3 frames, 985432109 bytes
0 BB_credit transitions to zero
0 LRR input, 0 LRR output
0 OLS input, 0 OLS output
0 NOS input, 0 NOS output
0 fragmented frames, 0 invalid CRC
show interface counters brief
One-line-per-port summary of in/out frame counts and discards.
switch# show interface counters brief
Interface Input (rate is 5 min avg) Output (rate is 5 min avg)
Rate Total Rate Total
fc1/1 124 Mbit/s 1234567 162 Mbit/s 2345678
fc1/2 88 987654 104 1098765
show interface bbcredit
Per-port BB_credit configuration and the live remaining-credit indicator. Tracks fabric slow-drain and credit starvation.
switch# show interface bbcredit
Interface Tx-BB_credit Rx-BB_credit BB_credit_to_Zero
fc1/1 64 64 0
fc1/2 64 64 0
fc1/3 64 64 27
fc1/4 16 16 1842
show interface mgmt
Management Ethernet port (mgmt0) configuration and counters.
switch# show interface mgmt
mgmt0 is up
Internet Address is 10.12.4.20/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
full-duplex, 1000 Mb/s
1840452312 packets input, 244091245612 bytes
0 input errors, 0 drops, 0 overrun
1442118203 packets output, 198443110987 bytes
0 output errors, 0 collisions
show interface fc1/1
Detail for a single FC port — same depth as show interface, scoped to one port.
switch# show interface fc1/1
fc1/1 is up
Port WWN is 20:01:54:7f:ee:1a:bc:80
Port mode is F, FCID is 0x0b0100
Port vsan is 100
Speed is 32 Gbps
1234567 frames input, 985432109 bytes
0 discards, 0 errors
show interface fc1/1 description
Just the description line for the port.
switch# show interface fc1/1 description
Interface Description
fc1/1 ESX01-vmhba2
show interface fc1/1 | include Speed
Pipe-filter trick to extract just the speed line. The | include <pattern> filter works on any show output and is the most common way to scrape a single field.
switch# show interface fc1/1 | include Speed
Speed is 32 Gbps
show interface fc1/1 | include vsan
Same pattern — pull just the VSAN line. Useful in scripts that walk many ports.
switch# show interface fc1/1 | include vsan
Port vsan is 100
show interface fc1/1-5 brief
Brief view restricted to a port range. Works with -, comma, or list syntax (e.g. fc1/1-5,fc1/8).
switch# show interface fc1/1-5 brief
Interface Vsan Admin Status Oper Oper
Mode Mode Speed
fc1/1 100 auto up F 32
fc1/2 100 auto up F 32
fc1/3 100 auto up F 32
fc1/4 1 auto down -- --
fc1/5 100 auto up F 16
show interface transceiver
SFP/SFP+ inventory across all ports — wavelength, vendor, part number, serial. Hardware audit gold.
switch# show interface transceiver
fc1/1 sfp is present
Name is CISCO-FINISAR
Manufacturer's part number is FTLF8529P3BCV-C2
Serial number is FN21XX0123ABC
Nominal bitrate is 28100 MBit/sec
Cisco product id is DS-SFP-FC32G-SW
Cisco vendor id is V01
show interface transceiver details
Same as above, plus live diagnostics — temperature, voltage, RX/TX power. Use to find an over-temperature optic or a fading transmitter.
switch# show interface transceiver details
fc1/1 sfp is present
Cisco product id is DS-SFP-FC32G-SW
Serial number is FN21XX0123ABC
SFP Detail Diagnostics Information
Current Alarms Warnings
Measurement High Low High Low
Temperature 48.21 C 80 -10 75 -5
Voltage 3.34 V 3.7 2.9 3.6 3.0
Current 6.84 mA 12 1 10 2
Tx Power -2.43 dBm 1.7 -8.2 -1.3 -7.2
Rx Power -2.78 dBm 3.0 -13.9 0.0 -12.9
show interface fc1/1 transceiver
Just the transceiver inventory line for a single port.
switch# show interface fc1/1 transceiver
fc1/1 sfp is present
Name is CISCO-FINISAR
Cisco product id is DS-SFP-FC32G-SW
Serial number is FN21XX0123ABC
Nominal bitrate is 28100 MBit/sec
show interface fc1/1 transceiver details
Live diagnostics for a single port — the four diag values you’d capture for a TAC SR about a flaky port.
switch# show interface fc1/1 transceiver details
fc1/1 sfp is present
Serial number is FN21XX0123ABC
Temperature 48.21 C
Voltage 3.34 V
Current 6.84 mA
Tx Power -2.43 dBm
Rx Power -2.78 dBm
show interface port-channel 1
Port-channel summary — member ports, aggregate status, mode, VSAN.
switch# show interface port-channel 1
port-channel1 is trunking
Port WWN is 24:01:54:7f:ee:1a:bc:80
Admin port mode is E, trunk mode is on
Port mode is TE
Speed is 64 Gbps
Trunk vsans (admin allowed and active) (1,100-102)
Trunk vsans (up) (1,100-102)
Member[1] : fc1/9
Member[2] : fc1/10
show interface port-channel 1 brief
One-line summary.
switch# show interface port-channel 1 brief
Interface Vsan Admin Admin Status Oper Oper
Mode Trunk Mode Speed
port-channel 1 1 E on trunking TE 64
show interface port-channel 1 trunk vsan
VSAN trunk state across the port-channel.
switch# show interface port-channel 1 trunk vsan
port-channel1 is trunking
Vsan 1 is up
Vsan 100 is up
Vsan 101 is up
Vsan 102 is up
show interface port-channel 1 trunk vsan 100
Trunk state for one specific VSAN — useful when ISL is up but VSAN 100 traffic is failing.
switch# show interface port-channel 1 trunk vsan 100
port-channel1 is trunking
Vsan 100 is up
Last error: --
06FLOGI (Fabric Login)
FLOGI database tracks which N_Port WWNs have logged into which switch port, and the FCID each was assigned. First place to look when a server says “my HBA isn’t visible to the fabric”.
show flogi database
All FLOGI entries on the switch. Each row is one HBA port login.
switch# show flogi database
INTERFACE VSAN FCID PORT NAME NODE NAME
fc1/1 100 0x0b0100 21:00:00:00:00:00:00:11 20:00:00:00:00:00:00:11
fc1/2 100 0x0b0200 21:00:00:00:00:00:00:12 20:00:00:00:00:00:00:12
fc1/3 100 0x0b0300 21:00:00:00:00:00:00:13 20:00:00:00:00:00:00:13
fc1/5 100 0x0b0500 50:01:43:80:24:11:11:11 50:01:43:80:24:11:11:10
Total number of flogi = 4.
show flogi database details
Adds the symbolic port name (vendor-supplied HBA description) and other FC-2 layer attributes.
switch# show flogi database details
fc1/1
pWWN : 21:00:00:00:00:00:00:11
nWWN : 20:00:00:00:00:00:00:11
fcid : 0x0b0100
port-name : Emulex LightPulse LPe35002-M2
class : 3
speed : 32 Gbps
bb_credit : 64
show flogi database fcid 0x0b0100
Look up by FCID.
switch# show flogi database fcid 0x0b0100
INTERFACE VSAN FCID PORT NAME NODE NAME
fc1/1 100 0x0b0100 21:00:00:00:00:00:00:11 20:00:00:00:00:00:00:11
show flogi database interface fc1/1
What’s logged in on one specific port.
switch# show flogi database interface fc1/1
INTERFACE VSAN FCID PORT NAME NODE NAME
fc1/1 100 0x0b0100 21:00:00:00:00:00:00:11 20:00:00:00:00:00:00:11
show flogi database vsan 10
Everything logged into one VSAN.
switch# show flogi database vsan 10
INTERFACE VSAN FCID PORT NAME
fc2/1 10 0x0e0100 21:00:00:24:ff:8a:11:11
fc2/2 10 0x0e0200 21:00:00:24:ff:8a:22:22
Total number of flogi = 2.
show flogi internal errors
Counters of FLOGI-process internal errors. Spot-check when seeing intermittent HBA login failures with no other obvious cause.
switch# show flogi internal errors
FLOGI Error Counters:
invalid_flogi_format : 0
flogi_reject_duplicate : 2
flogi_reject_zone_policy : 0
flogi_timeout : 1
show flogi internal event-history interface fc1/1
Time-ordered history of every FLOGI state-machine event on one port. Critical for diagnosing intermittent login failures or HBA timeouts.
switch# show flogi internal event-history interface fc1/1
FLOGI history for fc1/1
[2026 May 17 08:14:22.301 UTC] FSM: fc1/1: FLOGI received from 21:00:00:00:00:00:00:11
[2026 May 17 08:14:22.302 UTC] FSM: fc1/1: FLOGI accept sent, FCID 0x0b0100
[2026 May 17 08:14:22.310 UTC] FSM: fc1/1: PLOGI to fabric controller
[2026 May 17 08:14:22.345 UTC] FSM: fc1/1: SCR registered
show flogi internal event-history vsan 11
VSAN-scoped event history. Use when a VSAN is misbehaving and you suspect a recurring login pattern.
switch# show flogi internal event-history vsan 11
FLOGI history for VSAN 11
[2026 May 17 08:14:11.022 UTC] vsan-11: FLOGI on fc1/5 from 21:00:00:00:00:11:22:33
[2026 May 17 08:14:11.024 UTC] vsan-11: FCID 0x0e0500 assigned
07FCNS (Fibre Channel Name Server)
Name Server is the fabric-wide directory of every WWN, its FCID, FC-4 types (SCSI initiator, target, NVMe-FC, etc.), and vendor metadata. After FLOGI, this is the second place to look when an HBA “isn’t visible” — FLOGI passed but the device didn’t register.
show fcns database
All registered devices in the fabric, all VSANs.
switch# show fcns database
VSAN 100:
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
0x0b0100 N 21:00:00:00:00:00:00:11 (Emulex) scsi-fcp:init
0x0b0200 N 21:00:00:00:00:00:00:12 (Emulex) scsi-fcp:init
0x0b0500 N 50:01:43:80:24:11:11:11 (Pure Storage) scsi-fcp:target
Total number of entries = 3
show fcns database detail
Verbose form — fabric port name, hard address, symbolic name, OS type, etc.
switch# show fcns database detail
VSAN:100 FCID:0x0b0100
port-wwn (vendor) :21:00:00:00:00:00:00:11 (Emulex)
node-wwn :20:00:00:00:00:00:00:11
class :2,3
fc4-types:fc4_features :scsi-fcp:init
symbolic-port-name :Emulex LightPulse LPe35002-M2 FC Adapter
symbolic-node-name :ESX01.example.local
port-type :N
fabric-port-wwn :20:01:54:7f:ee:1a:bc:80
connected interface :fc1/1
switch name :fab-a-mds9710-01
show fcns database vsan 1
Devices registered in a specific VSAN.
switch# show fcns database vsan 1
VSAN 1:
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
0x010000 N 20:00:54:7f:ee:1a:bc:80 (Cisco) ipfc
Total number of entries = 1
show fcns database detail vsan 1
Verbose-per-VSAN view.
switch# show fcns database detail vsan 1
VSAN:1 FCID:0x010000
port-wwn (vendor) :20:00:54:7f:ee:1a:bc:80 (Cisco)
fc4-types:fc4_features :ipfc
symbolic-port-name :fab-a-mds9710-01
port-type :F
show fcns database fcid 0x0b0100
Lookup by FCID. Often used in scripted reverse-lookup.
switch# show fcns database fcid 0x0b0100
VSAN:100 FCID:0x0b0100
port-wwn (vendor) :21:00:00:00:00:00:00:11 (Emulex)
fc4-types:fc4_features :scsi-fcp:init
connected interface :fc1/1
show fcns statistics
Per-VSAN FCNS request/response counters. A high reject-count usually means a misbehaving HBA or storage controller.
switch# show fcns statistics
Statistics for VSAN: 100
number of GA_NXT requests received : 1248
number of GA_NXT rejects : 0
number of GPN_ID requests received : 8912
number of GPN_ID rejects : 4
number of RNN_ID requests received : 12
08VSAN
VSANs partition a single physical fabric into multiple logical fabrics with independent zoning, name servers, and FSPF instances. They are the foundation of MDS multi-tenancy.
show vsan
All configured VSANs and their state.
switch# show vsan
vsan 1 information
name:VSAN0001 state:active
operational state:up
vsan 100 information
name:Prod-VSAN state:active
operational state:up
vsan 101 information
name:Dev-VSAN state:active
operational state:up
vsan 4079 (evfp_isolated_vsan)
vsan 4094 (isolated_vsan)
show vsan 100
Detail for one VSAN.
switch# show vsan 100
vsan 100 information
name:Prod-VSAN state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up
show vsan usage
Count of allocated vs available VSAN IDs.
switch# show vsan usage
4 vsans configured
configured vsans:1,100-102
vsans available for configuration:2-99,103-4078
show vsan membership
Which interfaces are members of which VSANs, fabric-wide on the local switch.
switch# show vsan membership
vsan 1 interfaces:
fc1/4 fc1/8 mgmt0
vsan 100 interfaces:
fc1/1 fc1/2 fc1/3 fc1/5 fc1/6 fc1/7
port-channel1
vsan 101 interfaces:
fc2/1 fc2/2 fc2/3 fc2/4
show vsan 100 membership
Just one VSAN’s member list.
switch# show vsan 100 membership
vsan 100 interfaces:
fc1/1 fc1/2 fc1/3
fc1/5 fc1/6 fc1/7
port-channel1
show vsan membership interface fc1/1
Reverse lookup: which VSAN is one specific interface a member of.
switch# show vsan membership interface fc1/1
fc1/1
vsan:100
allowed list:1-4093
09Zoning
Zoning enforces which initiator pWWNs can communicate with which target pWWNs. Each VSAN has its own zoning database. The active zoneset is what’s enforced on the fabric — the configured zoneset is the editable working copy until you zoneset activate.
show zone
All zones in the configured zoneset, all VSANs.
switch# show zone
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
pwwn 50:01:43:80:24:22:22:22
zone name esx02_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:12
pwwn 50:01:43:80:24:11:11:11
zone name backup_server_to_libraries vsan 101
pwwn 21:00:00:24:ff:8a:11:11
pwwn 50:0a:09:84:80:11:22:33
show zone vsan 100
Zones scoped to one VSAN.
switch# show zone vsan 100
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
pwwn 50:01:43:80:24:22:22:22
show zone active
The active zoneset across all VSANs. This is what the fabric actually enforces. The * next to an FCID means the device is currently logged in (FLOGI present, FCNS-registered).
switch# show zone active
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
* fcid 0x0b0501 [pwwn 50:01:43:80:24:22:22:22]
show zone active vsan 100
Active zoneset for one VSAN.
switch# show zone active vsan 100
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
show zone status
Per-VSAN zoning state — full vs basic mode, default-policy, propagation method, distribution state.
switch# show zone status
VSAN: 1 default-zone: deny distribute: active only Interop: default
mode: basic merge-control: allow
hard-zoning: enabled smart-zoning: disabled
VSAN: 100 default-zone: deny distribute: full Interop: default
mode: enhanced merge-control: allow
hard-zoning: enabled smart-zoning: enabled
show zone status vsan 100
Just one VSAN’s zoning state.
switch# show zone status vsan 100
VSAN: 100 default-zone: deny distribute: full Interop: default
mode: enhanced merge-control: allow
hard-zoning: enabled smart-zoning: enabled
show zone name zone123
Look up one zone by name.
switch# show zone name esx01_to_purearray
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
pwwn 50:01:43:80:24:22:22:22
show zone member pwwn 21:00:00:00:00:00:00:11
Reverse lookup — every zone that contains a given pWWN. Indispensable when adding a new LUN: “where is this initiator already zoned?”
switch# show zone member pwwn 21:00:00:00:00:00:00:11
pwwn 21:00:00:00:00:00:00:11
Zone: esx01_to_purearray VSAN: 100
Zone: esx01_to_netapp VSAN: 100
show zoneset
All configured zonesets.
switch# show zoneset
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
zone name esx02_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:12
pwwn 50:01:43:80:24:11:11:11
show zoneset active
Active zoneset across all VSANs — the operational source of truth.
switch# show zoneset active
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
show zoneset vsan 100
Configured zonesets for one VSAN.
switch# show zoneset vsan 100
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
pwwn 21:00:00:00:00:00:00:11
pwwn 50:01:43:80:24:11:11:11
show zoneset active vsan 100
The actively enforced zoneset for one VSAN.
switch# show zoneset active vsan 100
zoneset name prod_zoneset_v12 vsan 100
zone name esx01_to_purearray vsan 100
* fcid 0x0b0100 [pwwn 21:00:00:00:00:00:00:11]
* fcid 0x0b0500 [pwwn 50:01:43:80:24:11:11:11]
10Device-Alias
Device-alias is the fabric-wide friendly-name database — maps a human-readable label like esx01_hba1 to a pWWN. Used so zone definitions read in terms of server roles rather than 16-hex-character pWWNs.
show device-alias status
State of the device-alias service: fabric mode (enhanced vs basic), commit/abort posture.
switch# show device-alias status
Fabric Distribution: Enabled
Database:- Device Aliases 27 Mode: Enhanced
Locked By:- None
Pending Database:- Device Aliases 0 Mode: Enhanced
show device-alias database
The full alias-to-pWWN database.
switch# show device-alias database
device-alias name esx01_hba1 pwwn 21:00:00:00:00:00:00:11
device-alias name esx02_hba1 pwwn 21:00:00:00:00:00:00:12
device-alias name esx03_hba1 pwwn 21:00:00:00:00:00:00:13
device-alias name purearray-ct0-fc0 pwwn 50:01:43:80:24:11:11:11
device-alias name purearray-ct0-fc1 pwwn 50:01:43:80:24:11:11:12
device-alias name purearray-ct1-fc0 pwwn 50:01:43:80:24:22:22:22
Total number of entries = 27
show device-alias name server1_hba1
Look up one alias.
switch# show device-alias name esx01_hba1
device-alias name esx01_hba1 pwwn 21:00:00:00:00:00:00:11
11Fabric-Binding
Fabric-binding enforces an allowlist of switch WWNs permitted to join a given VSAN’s fabric. Together with port-security it’s the standard mechanism for preventing a rogue switch from being inserted into a regulated SAN.
show fabric-binding status
Activation state for fabric-binding across all VSANs.
switch# show fabric-binding status
VSAN 100 :Activated database
VSAN 101 :Activated database
VSAN 102 :No Active database
show fabric-binding status vsan 100
State for one VSAN.
switch# show fabric-binding status vsan 100
VSAN 100 :Activated database
show fabric-binding database
The configured (editable) database of permitted peer switch WWNs.
switch# show fabric-binding database
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
101 20:64:00:05:30:00:24:81 21(0x15)
show fabric-binding database vsan 100
Configured database for one VSAN.
switch# show fabric-binding database vsan 100
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
show fabric-binding database active
The active database — what’s currently being enforced. Compare with show fabric-binding database to spot un-activated changes.
switch# show fabric-binding database active
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
101 20:64:00:05:30:00:24:81 21(0x15)
show fabric-binding database active vsan 100
Active database scoped to one VSAN.
switch# show fabric-binding database active vsan 100
Vsan Logging-in Switch WWN Domain-id
100 20:64:00:05:30:00:24:81 11(0x0b)
100 20:64:00:05:30:00:24:82 12(0x0c)
show fabric-binding violations
Recent denial events — peer switches that attempted to join but were rejected. A non-zero count here usually means an unauthorised ISL attempt or a stale binding entry.
switch# show fabric-binding violations
Vsan Switch WWN [Domain] Last-Time [Repeat] Reason
100 20:64:00:11:22:33:44:55 [13(0x0d)] 2026 May 17 14:22:01 [4] sWWN not in DB
101 20:64:00:11:22:33:44:55 [21(0x15)] 2026 May 17 14:22:03 [1] sWWN not in DB
show fabric-binding violations vsan 100
Violations scoped to one VSAN.
switch# show fabric-binding violations vsan 100
Vsan Switch WWN [Domain] Last-Time [Repeat] Reason
100 20:64:00:11:22:33:44:55 [13(0x0d)] 2026 May 17 14:22:01 [4] sWWN not in DB
Operating Notes
Pipe filters. Every show command supports | include <pattern>, | exclude <pattern>, | begin <pattern>, | count, | no-more. Use | no-more in scripts to suppress paging.
Output redirection. show <command> > bootflash:filename.txt saves output to flash for later TAC upload. > tftp://server/path writes it directly off-box.
Show tech-support. When TAC asks for diagnostics, show tech-support details is the standard package. Pair with show logging onboard for hardware-level event history.
Default zone policy. If a device appears in FLOGI/FCNS but cannot see its expected target, check show zone status vsan <n> for default-zone: deny vs default-zone: permit. In production fabrics the policy should always be deny.
Active vs configured. Many MDS objects exist in two forms — active (enforced) and configured (editable). Zoneset, fabric-binding, port-security, and device-alias all follow this pattern. When something looks right in the configured form but the fabric doesn’t behave that way, you’ve forgotten to activate.
Need help running these in your environment?
Our SAN engineers operate Cisco MDS fabrics for enterprises that have moved off OEM maintenance — including emergency triage, EOSL extension, and migration planning. Bring your show tech-support output and we’ll walk through it together.
Book a 30-minute engineering call →No prep slides required · References available under NDA · Multi-OEM coverage across Dell EMC, HPE, IBM, NetApp