Brocade Communications Systems 53-1002745-02 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Brocade Communications Systems 53-1002745-02. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Brocade Communications Systems 53-1002745-02 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Brocade Communications Systems 53-1002745-02 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Brocade Communications Systems 53-1002745-02, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Brocade Communications Systems 53-1002745-02 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Brocade Communications Systems 53-1002745-02
- nombre de fabricante y año de fabricación del dispositivo Brocade Communications Systems 53-1002745-02
- condiciones de uso, configuración y mantenimiento del dispositivo Brocade Communications Systems 53-1002745-02
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Brocade Communications Systems 53-1002745-02 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Brocade Communications Systems 53-1002745-02 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Brocade Communications Systems en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Brocade Communications Systems 53-1002745-02, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Brocade Communications Systems 53-1002745-02, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Brocade Communications Systems 53-1002745-02. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    53-1002 7 45-02 25 March 20 13 ® Fa b r i c O S Administrat or’s Guide Suppor ting F abric OS 7 .1.0[...]

  • Página 2

    Copyright © 20 13 Brocade Communications Sys tems, Inc. All Rights Reser ved. ADX, An yIO, Brocade, Brocad e Assurance, t he B-wing symb ol, DCX, F abri c OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are regist ered trademarks, and HyperEdge, The Ef fortless Network, and The On-Demand Data Center are trademarks of Brocade Communicatio[...]

  • Página 3

    Fabric OS Administrator ’s Guide 3 53-1002745-02 Contents (High Level) Section I Standard Features Chapter 1 Understanding Fibre Channel Services . . . . . . . . . . . . . . . . . . . . . . . . . 43 Chapter 2 Performing Basic Configuration Ta sks . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Chapter 3 Performing Advanced Configuration Ta[...]

  • Página 4

    4 Fabric OS A dministr ator’s Guide 53-1002745-02 Appendix A Port Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 11 Appendix B FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5 Appendix C Hex adecimal Conv ersion . . . . . . . . . . . . . .[...]

  • Página 5

    Fabric OS Administrator ’s Guide 5 53-1002745-02 Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Suppor ted har dware and sof tware . . . . . . . . . . . . . . . . . . . . . . . . . . 34 What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 6

    6 Fabric OS A dministr ator’s Guide 53-1002745-02 Chapter 2 Performing Basic Configuration Ta sks Fabric OS ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Fabric OS command line int er face. . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6 Console sessions using the serial por t . . . . . . . . [...]

  • Página 7

    Fabric OS Administrator ’s Guide 7 53-1002745-02 Chapter 3 Performing Advanced Configuration Tasks Port Identifiers (PIDs) and PID binding ov er view . . . . . . . . . . . . . . . 79 Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Fixed add ressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 8

    8 Fabric OS A dministr ator’s Guide 53-1002745-02 Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0 7 V e rifying host syslog prior to configuring the audit log . . . . . . 1 08 Configuring an a udit log for specific event classes . . . . . . . . . 108 Duplicate PWWN handling during de vice login . [...]

  • Página 9

    Fabric OS Administrator ’s Guide 9 53-1002745-02 Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 7 Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Local account passwor ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Local user account database d[...]

  • Página 10

    10 Fabric OS A dministr ator’s Guide 53-1002745-02 T elnet pr otocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Blocking T elnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Unblocking T elne t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1[...]

  • Página 11

    Fabric OS Administrator ’s Guide 11 53-1002745-02 IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1 7 Creating an IP Filt er policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 18 Cloning an IP Filt er policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 18 Displa[...]

  • Página 12

    12 Fabric OS A dministr ator’s Guide 53-1002745-02 Chapter 9 Installing and Maintaining Firmware Firmw are download pr ocess overview . . . . . . . . . . . . . . . . . . . . . . .255 Upgrading and downg rading firmw are . . . . . . . . . . . . . . . . . . . 25 7 Considerations f or FICON CUP en vironments . . . . . . . . . . . . . 257 HA sync sta[...]

  • Página 13

    Fabric OS Administrator ’s Guide 13 53-1002745-02 Limitations and restrictions of Vir tual F abrics . . . . . . . . . . . . . . . .288 Restrictions on XI SLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289 Restrictions on mo ving por ts . . . . . . . . . . . . . . . . . . . . . . . . . .289 Enabling Virt ual F abrics mode . .[...]

  • Página 14

    14 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maint enance . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 6 Displaying e xisting zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6 Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 6 Adding de vices (mem[...]

  • Página 15

    Fabric OS Administrator ’s Guide 15 53-1002745-02 General rules f or TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356 T raffic Isolation Zone violation ha ndling f o r trunk ports . . . . . 35 7 Suppor ted configurations f or T raf fic Isolation Zoning . . . . . . . . . .358 Additional configuration rules f or enhance[...]

  • Página 16

    16 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing bottleneck de tection paramet ers . . . . . . . . . . . . . . . . . .384 Examples of applying and ch anging bottleneck dete ction paramet ers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Advance d bottleneck det ection settings . . . . . . . . . . [...]

  • Página 17

    Fabric OS Administrator ’s Guide 17 53-1002745-02 Chapter 16 Dynamic Fabric Prov isioning: Fabric-Assigned PWWN Introducti on to Dynam ic Fabric Pr o visioning using F A-PWWN . . . .425 User- and auto-assigned F A-PWW N behavior . . . . . . . . . . . . . . . . . 42 6 Checking f or duplicat e F A -PWWNs . . . . . . . . . . . . . . . . . . . . . .4[...]

  • Página 18

    18 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .454 CLI commands in an AD conte xt . . . . . . . . . . . . . . . . . . . . . . . .455 Executing a command in a differe nt AD conte x t . . . . . . . . . . .455 Displaying an Ad min Domain configur ation . . . . . . . . . .[...]

  • Página 19

    Fabric OS Administrator ’s Guide 19 53-1002745-02 Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483 Displaying installed licenses . . . . . . . . . . . . . . . . . . . . . . . . . . .484 Activ ating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .485 Dynamic Ports on Demand . . .[...]

  • Página 20

    20 Fabric OS A dministr ator’s Guide 53-1002745-02 T op T alker monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1 0 T op T alk er monitors and FC-FC routing . . . . . . . . . . . . . . . . . . . 5 11 Limitations of T op T alker monito rs . . . . . . . . . . . . . . . . . . . . . . 5 12 Adding a T op T alker [...]

  • Página 21

    Fabric OS Administrator ’s Guide 21 53-1002745-02 Chapter 22 Managing Trunking Connections T runking o verview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533 T ypes of trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534 Masterless trunking . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 22

    22 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555 Buffer -to-buff er flow contr ol . . . . . . . . . . . . . . . . . . . . . . . . . . .555 Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .556 Fibre Channel gigabit values re[...]

  • Página 23

    Fabric OS Administrator ’s Guide 23 53-1002745-02 LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .590 Use of Admin Domains with LSAN zones and FC-FC r outing .590 Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .590 LSAN zones and fabric-t o-fabric communications . . . . . . [...]

  • Página 24

    24 Fabric OS A dministr ator’s Guide 53-1002745-02[...]

  • Página 25

    Fabric OS Administrator ’s Guide 25 53-1002745-02 Figures Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Figure 3 Blade swap with Virtual Fab[...]

  • Página 26

    26 Fabric OS A dministr ator’s Guide 53-1002745-02 Figure 36 Illegal ETIZ configuration: two paths from on e port to two devices on the same remote domain 351 Figure 3 7 Illegal ETIZ configuration: two paths from one port . . . . . . . . . . . . . . . . . . . . . . 352 Figure 38 Traffic Isolation Zoning over FCR . . . . . . . . . . . . . . . . . [...]

  • Página 27

    Fabric OS Administrator ’s Guide 27 53-1002745-02 Figure 7 7 MetaSAN with imported devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 Figure 78 Sample topology (physical topology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 Figure 79 EX_Port phantom switch topology . . . . . . . . . .[...]

  • Página 28

    28 Fabric OS A dministr ator’s Guide 53-1002745-02[...]

  • Página 29

    Fabric OS Administrator ’s Guide 29 53-1002745-02 Tables Ta b l e 1 Daemons that are automatically restarted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Ta b l e 2 Terminal port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Ta b l e 3 Help topic contents . . . . . . . . . . [...]

  • Página 30

    30 Fabric OS A dministr ator’s Guide 53-1002745-02 Ta b l e 37 Supported services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Ta b l e 3 8 Implicit IP Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Ta b l e 3 9 Default IP policy r[...]

  • Página 31

    Fabric OS Administrator ’s Guide 31 53-1002745-02 Ta b l e 7 8 VCs assigned to QoS priority for frame prio ritization in CS_CTL auto mode . . 521 Ta b l e 7 9 Trunking over long-distance for the Backbones and blade s . . . . . . . . . . . . . . . 541 Ta b l e 8 0 F_Port masterless trunking consider ations . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 32

    32 Fabric OS A dministr ator’s Guide 53-1002745-02[...]

  • Página 33

    Fabric OS Administrator ’s Guide 33 53-1002745-02 About This Document In this chapter • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 • Suppor ted har dware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 • What’s new in this document . . . . . . . . [...]

  • Página 34

    34 Fabric OS A dministr ator’s Guide 53-1002745-02 • Chapter 11 , “ Administering Advanced Zoning,” pro vides proc edures for use of the Br ocade Advanced Zoning f eature. • Chapter 12, “T raf fic Isolation Zoning,” provides concepts and procedures for use of T raf fic Isolation Zones within a fabric. • Chapter 1 3, “Bottleneck De[...]

  • Página 35

    Fabric OS Administrator ’s Guide 35 53-1002745-02 The follo wing hardw are platf orms are suppor ted b y this release of Fabric OS: • Fixed-po r t switches: - Brocade 300 switch - Brocade 5 1 00 switch - Brocade 5300 switch - Brocade 54 1 0 embedded switch - Brocade 542 4 embedded switch - Brocade 5430 embedded switch - Brocade 5450 embedded sw[...]

  • Página 36

    36 Fabric OS A dministr ator’s Guide 53-1002745-02 • Updat ed the Not e in “In-flight en cr yption and compression overview” on page 393. • In “Encr yption and compression restrictions” on page 394, clarified the restrictio n about the number of ports suppor ted. • Corrected the “Example of enabling encr yption and compression on [...]

  • Página 37

    Fabric OS Administrator ’s Guide 37 53-1002745-02 Notes, cautions, and warnings The f ollowing notices and stat ements are used in this manual. They are list ed below in or der of increasing sev erity of pot ential hazards. NOTE A not e pro vides a tip, guidance or advice, emphasizes im por tant info rmation, or pr ov ides a ref erence to re la t[...]

  • Página 38

    38 Fabric OS A dministr ator’s Guide 53-1002745-02 Additional information This section lists additional Br ocade and industr y-specific docu mentation that you might find helpful. Brocade resources T o get up-to-the-minute inf ormation, go to http://my .brocade.com and regist er at no cost fo r a user ID and passwor d. For practical discussions a[...]

  • Página 39

    Fabric OS Administrator ’s Guide 39 53-1002745-02 1. Gen eral Informa tion • Switch model • Switch operating system version • Error numbers and messages received • suppor tSav e co mmand output • Detailed description of the pr oblem, including the switch o r fabric beha vior immediat ely follo wing the pr oblem, and specific qu estions [...]

  • Página 40

    40 Fabric OS A dministr ator’s Guide 53-1002745-02 Document feedback Quality is our first concern at Brocade and we ha ve made ev er y ef fort to ensure the accuracy and complet eness of this document. Ho we ver , if y ou find an error or an omission, or y ou think that a topic need s fur ther de velopment, w e want to hear from y ou. Forward y o[...]

  • Página 41

    Fabric OS Administrator ’s Guide 41 53-1002745-02 Section I Standard Features This section describes standard F abric OS f e atures, and includes th e follo wing chapters: • Chapter 1, “Understanding Fibre Channel Services” • Chapter 2, “P er forming Basic Configuration T asks” • Chapter 3, “P er forming Advanced Configuration T a[...]

  • Página 42

    42 Fabric OS A dministr ator’s Guide 53-1002745-02[...]

  • Página 43

    Fabric OS Administrator ’s Guide 43 53-1002745-02 Chapter 1 Understanding Fibre Channel Services In this chapter • Fibre Channel services ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 • Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 • Platf orm[...]

  • Página 44

    44 Fabric OS A dministr ator’s Guide 53-1002745-02 Management server 1 Management server — The management server pro v ides a single point for managing the fabric. This is the only service that users can configure. See “Management ser ver” belo w for more details Alias ser ver — The alias server keeps a gr oup of no des registered as one [...]

  • Página 45

    Fabric OS Administrator ’s Guide 45 53-1002745-02 Management server database 1 Platform services and Virtual Fabrics Each logical switch has a sep arate platf orm databa se. All platform registrations done t o a logical switch are valid only in that par t icular logical switch’s Vir tual Fabric. Activating the platform services on a switch acti[...]

  • Página 46

    46 Fabric OS A dministr ator’s Guide 53-1002745-02 Management server database 1 If the list is empty ( the default), the manageme nt ser ver is accessible t o all systems connect ed in-band to the fabric. For more access security , you can specify WWNs in the ACL so that access to the management server is restricted to only those WWNs list ed. NO[...]

  • Página 47

    Fabric OS Administrator ’s Guide 47 53-1002745-02 Management server database 1 Example of adding a member to the mana gement ser ver ACL switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 2 Port/Node WWN (in hex): [ 00:00:00:00:00:00:[...]

  • Página 48

    48 Fabric OS A dministr ator’s Guide 53-1002745-02 Management server database 1 5. At the “select” pr ompt, ent er 1 t o display the access list so y ou can verify that the WWN y ou entered w as delete d from the A CL. 6. Af ter verifying that the WWN was delet ed correctly , enter 0 at the “select” pr ompt to end the session. 7 . At the [...]

  • Página 49

    Fabric OS Administrator ’s Guide 49 53-1002745-02 Topology discovery 1 Number of Associated Node Names: 1 Associated Node Names: 10:00:00:60:69:20:15:75 Clearing the management server database Use the f ollowing pr ocedure to clea r the management server database: NOTE The command msPlClearDB is allo wed only in AD0 and AD255. 1. Connect to the s[...]

  • Página 50

    50 Fabric OS A dministr ator’s Guide 53-1002745-02 Topology discovery 1 *MS Topology Discovery enabled locally. *MS Topology Discovery Enable Operation Complete!! Disabling topology discovery Use the f ollowing pr ocedure to disable t opology discov er y: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the a[...]

  • Página 51

    Fabric OS Administrator ’s Guide 51 53-1002745-02 Device login 1 Device login A device can be storage, a host, or a switch. When new devices are introduced into the fabric, t hey must be powered on and, if a host or storage de vice, connected t o a switch. Switch-t o-switch logins (using the E_Port) are handled dif ferently than st orage and host[...]

  • Página 52

    52 Fabric OS A dministr ator’s Guide 53-1002745-02 Device login 1 Fabric login process A device p er forms a f abric login (FL OGI) to determine if a fabric is present. If a fabric is det ected then it ex changes ser vice parameters with the fabr ic controller . A successful FL OGI sends back the 2 4-bit address for the de vice in the fabric. Th [...]

  • Página 53

    Fabric OS Administrator ’s Guide 53 53-1002745-02 High availability of daemon proce sses 1 Duplicate Port World Wide Name Accor ding to Fibre Channel standards, the P o r t W orld Wide Name (PWWN) of a de vice cannot ov erlap with that of another device, thus ha ving duplicate PWWNs within the same fabric is an illegal configuratio n. If a PWWN c[...]

  • Página 54

    54 Fabric OS A dministr ator’s Guide 53-1002745-02 High availability of daemon proce sses 1 webd Webserver daemon used for W ebT ools (includes httpd as well). weblinkerd Weblinker daemon provides an HTTP i nter face to manageab ility applic ations for switch manageme nt and fabric di scovery . TA B L E 1 Daemons that are automa tically rest ar t[...]

  • Página 55

    Fabric OS Administrator ’s Guide 55 53-1002745-02 Chapter 2 Performing Basic Configuration Tasks In this chapter • Fabric OS o verview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 • Fabric OS command line int er face . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 • Passw [...]

  • Página 56

    56 Fabric OS A dministr ator’s Guide 53-1002745-02 Fabric OS c ommand line i nterface 2 Although many diffe rent sof tware and har dware configurations are test ed and suppor ted by Brocade Communications Systems, Inc., docu menting all possib le configurations a nd scenarios is bey ond the scope of this document. In some cases, earlier releases [...]

  • Página 57

    Fabric OS Administrator ’s Guide 57 53-1002745-02 Fabric OS command line interface 2 • In a Windows envir onment enter the following parameters: • In a UNIX envir onment, enter the following string at the prom pt: tip /dev/ttyb -9600 If ttyb is already in use, use tt ya instead and enter the f ollowing string at the prom pt: tip /dev/ttya -96[...]

  • Página 58

    58 Fabric OS A dministr ator’s Guide 53-1002745-02 Fabric OS c ommand line i nterface 2 Connecting to Fabr ic OS using Telnet Use the f ollowing pr ocedure to connect t o the Fabric OS using T elnet: 1. Connect through a serial por t to the swit ch that is appropriate f o r your fabric: • If Virt ual Fabrics is enabled, log in using an admin ac[...]

  • Página 59

    Fabric OS Administrator ’s Guide 59 53-1002745-02 Fabric OS command line interface 2 The commands in the f ollowing table pro vides help files f or the indicated specific t opics. Viewing a history of command line entries The CLI command histor y log file sa ves the last 5 1 2 commands from all users on a FIFO basis, and this log is persistent ac[...]

  • Página 60

    60 Fabric OS A dministr ator’s Guide 53-1002745-02 Fabric OS c ommand line i nterface 2 Example cliHistor y command output from admin login switch:admin> clihistory CLI history Date & Time Message Thu Sep 27 10:14:41 2012 admin, 10.70.12.101, clihistory Thu Sep 27 10:14:48 2012 admin, 10.70.12.101, clihistory --show switch:admin> cliHis[...]

  • Página 61

    Fabric OS Administrator ’s Guide 61 53-1002745-02 Password modification 2 Notes: • SSH login CLI logs are not recor ded in the command line history . • The CLI command log will be c ollected as part of any “suppor tsav e” operation. The command long recor d of such an oper ation will be th e equivale nt of running “cliHistory -- showal [...]

  • Página 62

    62 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 Changing the default acco unt passwords at login Use the f ollowing pr ocedure to chan ge the def ault account passwords: 1. Connect to the switch and log in usin g the defaul t administ rative ac count. 2. At each of the “Enter ne w password” pr ompts, either [...]

  • Página 63

    Fabric OS Administrator ’s Guide 63 53-1002745-02 The switch Ethernet interface 2 NOTE When you change the Etherne t interface settings, open connections su ch as SSH or T elnet may be dropped. Reconnect using the ne w Ethernet IP addr ess information or change the Ethernet setti ngs using a console sess ion throu gh the serial port to maintain y[...]

  • Página 64

    64 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 Host Name: ecp1 Gateway IP Address: 10.1.2.3 IPFC address for virtual fabric ID 123: 11.1.2.3/24 IPFC address for virtual fabric ID 45: 13.1.2.4/20 Slot 7 eth0: 11.1.2.4/24 Gateway: 11.1.2.1 Backplane IP address of CP0 : 10.0.0.5 Backplane IP address of CP1 : 10.0.[...]

  • Página 65

    Fabric OS Administrator ’s Guide 65 53-1002745-02 The switch Ethernet interface 2 Setting the static addresses for the Etherne t ne twork interface Use the f ollowing pr ocedure to set the Ethernet netw ork int e r face static addresses: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Per form the appr opriate[...]

  • Página 66

    66 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 DHCP activation Some Br ocade switches ha ve DHCP enabled by defau lt. Fabric OS suppor t f or DHCP functionality is only pro vided for Br ocade fixed- por t switches. These are list ed in the Pref ace . NOTE The Bro cade DCX and Broc ade DCX-4S Backbones do not su[...]

  • Página 67

    Fabric OS Administrator ’s Guide 67 53-1002745-02 The switch Ethernet interface 2 5. Y ou can confirm that the change has been made using the ipAddrShow command. Example of enabling DHCP for IPv4 in tera ctivel y: switch:admin> ipaddrset Ethernet IP Address [10.1.2.3]: Ethernet Subnetmask [255.255.255.0]: Fibre Channel IP Address [220.220.220.[...]

  • Página 68

    68 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 DHCP [On]: off switch:admin> Example of disa bling DHCP for IPv4 usi ng a single comman d: switch:admin> ipaddrset –ipv4 -add -dhcp OFF switch:admin> ipaddrshow SWITCH Ethernet IP Address: 10.20.134.219 Ethernet Subnetmask: 255.255.240.0 Gateway IP Addre[...]

  • Página 69

    Fabric OS Administrator ’s Guide 69 53-1002745-02 Date and time settings 2 Date and time settings Switches maintain the current dat e and time inside a battery -backed real-time clock (RT C) circuit that receives the dat e and time from the f abric ’s principal switch. Dat e and time are used for logging ev ents. Switch operation does not depen[...]

  • Página 70

    70 Fabric OS A dministr ator’s Guide 53-1002745-02 Date and time settings 2 When you set the time zone f or a switch, you can perform the f ollowing tasks: • Display all of the time zones supported in the firmw are. • Set the time zone based on a country and city combination or based on a time zone ID, such as PST . The time zone setting has [...]

  • Página 71

    Fabric OS Administrator ’s Guide 71 53-1002745-02 Date and time settings 2 Setting the time zone interactive ly Use the f ollowing pr ocedure to set the current time zone to PST using interactiv e mode: 1. Connect to the switch and log in using an account assigned to the admin role and with the chassis- rol e permissio n. 2. Enter the tsTimeZone [...]

  • Página 72

    72 Fabric OS A dministr ator’s Guide 53-1002745-02 Domain IDs 2 Use the f ollowing pr ocedure to synchr onize the local time with an e xternal sour ce: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the tsClockSer ver command. switch:admin> tsclockser ver " ntp1 ; ntp2 " In this syntax, ntp[...]

  • Página 73

    Fabric OS Administrator ’s Guide 73 53-1002745-02 Domain IDs 2 Displaying the domain IDs Use the f ollowing pr ocedure to displa y device d omain IDs: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the fabric Show command. Example output of fabric information, including the domain ID (D_I D) The princip[...]

  • Página 74

    74 Fabric OS A dministr ator’s Guide 53-1002745-02 Switch names 2 Setting the domain ID Use the f ollowing pr ocedure to set the domain ID: 1. Connect to the switch and log in on an account assigned to the admin r ole. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the Fab ri c P ar a m [...]

  • Página 75

    Fabric OS Administrator ’s Guide 75 53-1002745-02 Chassis names 2 Chassis names Brocade recommends that you cust omize the chassi s n am e fo r e a c h pl a t fo r m . So m e s y s te m l og s i d e n t if y d evi c e s by p l a t fo rm n a m e s ; i f y o u a s s i g n meaningful platform names, logs are more useful. All chassis names suppor ted[...]

  • Página 76

    76 Fabric OS A dministr ator’s Guide 53-1002745-02 Switch activation and deactivation 2 High availability considerations for fabric names Fabric names locally configured or obtained from a remote switch are sa ved in the configuration database, and then synchr onized to th e standby CP on dual-CP-based syst ems. Upgrade and downgrade consid erati[...]

  • Página 77

    Fabric OS Administrator ’s Guide 77 53-1002745-02 Switch and Backbone shutdown 2 Powering off a Brocade switch Use the f ollowing pr ocedure to gracefully shut do wn a Bro cade switch. 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the sysShutdown command. 3. Enter y at the prompt. switch:admin> syss[...]

  • Página 78

    78 Fabric OS A dministr ator’s Guide 53-1002745-02 Basic connections 2 Basic connections Bef ore connecting a switch to a fa bric that contains switches running dif ferent firmw are versions, you must first set the same por t identifica tion (PID) f o rmat on all switches. The presence of different PID f ormats in a fabric causes f abric segmenta[...]

  • Página 79

    Fabric OS Administrator ’s Guide 79 53-1002745-02 Chapter 3 Performing Advanced Configuration Tasks In this chapter • Port Identifiers (PIDs) and PID binding o ver view . . . . . . . . . . . . . . . . . . . . . . 79 • Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 •[...]

  • Página 80

    80 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 Core PID addressing mode Core PID is the default PID format fo r Brocade platfo rms. It uses the entire 2 4-bit address space of the domain, area ID, and AL_P A to determine an o bject’s address within the fabric. The Core PID is a 2 4-bit addr[...]

  • Página 81

    Fabric OS Administrator ’s Guide 81 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 • Shared area limitations are remov e d on 48-port and 64-p ort blad es. • Any port on a 48-por t or 64-por t blade can suppor t up to 256 NPIV devic es (in fixed addressing mode, only 128 NPIV de vices are suppor ted in non-VF mode and 64 NPI[...]

  • Página 82

    82 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 WWN-based PID assignment WWN-based PID assignment is disa bled by def ault. When the f e ature is enabled, bindings are created dynamically; as new devices log in, they automatic ally enter the WWN-based PID database. The bindings exist until you[...]

  • Página 83

    Fabric OS Administrator ’s Guide 83 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 Use the f ollowing pr ocedure to en able automatic PID assignment: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the configure command. 3. At the Fa br i c P ar a m ete r s prompt, type y . 4. At the WWN Ba[...]

  • Página 84

    84 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Ports Ports provide either a ph ysical or vir tual networ k connection point for a device. Br ocade devices suppor t a wide variety of ports. Port Types The following is a list of po r t types that may be par t of a Brocade de vice: • D_Port — A diagnos tic por t lets an administrator[...]

  • Página 85

    Fabric OS Administrator ’s Guide 85 53-1002745-02 Ports 3 The different blades that can be inser ted into a chassis are described as f ollows: • Control pr ocessor blades (CPs) contain communicati on por ts for system management, and are used fo r low-level, platf orm-wide tasks. • Core blades are used for intra-chassis switchin g as well as [...]

  • Página 86

    86 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Upgrade and Downgrade considerations For an upgrade, unless bo th CP8 ext e rnal Ethe rnet ports are upgraded and rebooted, the bonding fe ature will not be enabled. On a do wngrade, th e first ph ysical por t named eth0 has t o be connected f or the device t o initialize correctly ; the [...]

  • Página 87

    Fabric OS Administrator ’s Guide 87 53-1002745-02 Ports 3 Port identification by slot and port number The por t nu mber is a num ber assigned to an external por t to give it a unique ident ifier in a switch. T o select a specific por t in the Backbones, you must identify both the sl ot number and the por t number using the format slot number/port[...]

  • Página 88

    88 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Configuring a device-switch connection T o configu re an 8G (and 8G only) conn ecti on betw een a device and a switch, use the por tCfgFillWor d command. This command provides the follo wing configuration optio ns: • Mode Link Init/Fill W ord • Mode 0 IDLE/IDLE • Mode 1 ARBF/ARB F ?[...]

  • Página 89

    Fabric OS Administrator ’s Guide 89 53-1002745-02 Ports 3 1. Connect to the switch and log in us ing an account with admin permissions. 2. Ena ble the por tSwapE nable command t o enable the f eature. 3. Enter the portDisable command on each of th e sourc e and destination por ts to be swapped. switch:admin> portdisable 1 ecp:admin> portdis[...]

  • Página 90

    90 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Disabling a port Use the f ollowing pr ocedure to disable a port: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the appropriat e command based on the curre nt stat e of the port and on whether it is necessar y to specify a slot number: • T o disa[...]

  • Página 91

    Fabric OS Administrator ’s Guide 91 53-1002745-02 Ports 3 • When selecting autonegotiation, y ou can choose the specific link operating modes that are advertised to the link par tner . At least one mode mu st be adver tise d in commo n by both sides of the link. • When fo rcing th e link operating mode, bo th sides of the link must be for ced[...]

  • Página 92

    92 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Example of setting the por t mode to 1 0 Mbps half-dupl ex operation T o f o rce the link f or the eth0 interface fr om au tonego tiation to 1 0 Mbps half-duplex operation, when entering this command thr ough the serial console por t: switch:admin> ifmodeset eth0 Auto-negotiate (yes, y[...]

  • Página 93

    Fabric OS Administrator ’s Guide 93 53-1002745-02 Blade terminology and compatibility 3 Setting port speed for a port octet Y ou can use the portCfgOctetSpeedCombo command t o configure the speed f or a por t octet. Be aw are that in a Vir tual Fabrics envir onment, th is comm and applies chassis-wide and not just to the logical switch. Use the f[...]

  • Página 94

    94 Fabric OS A dministr ator’s Guide 53-1002745-02 Blade terminology and compatibility 3 TA B L E 6 Por t blade terminology , numbering, and platform support Supported on: Blade Blade ID (slotshow) DCX family DCX 8510 family Ports D efinit ion FC8-1 6 1 2 1 Y es No 16 8- Gbps port blade suppor ting 1, 2, 4, and 8 Gbps port speeds. Ports are numbe[...]

  • Página 95

    Fabric OS Administrator ’s Guide 95 53-1002745-02 Blade terminology and compatibility 3 CP blades The control processor (CP) blade provides r edundancy and acts as the main contr oller on the Brocade Backbone. The Brocade DCX and DCX 85 10 Backbone families suppor t the CP8 blades . The CP blades in the Br ocade DCX and DCX 85 1 0 Backbone famili[...]

  • Página 96

    96 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling and di sabling blades 3 Port and application blade compatibility Ta b l e 6 on page 94 identifies which port and applic ation blades are supported f or each Brocade Backbone . NOTE During pow er up of a Brocade DCX or DCX- 4S Backbo ne, if an FCOE1 0-2 4 is detect ed first bef ore any ot[...]

  • Página 97

    Fabric OS Administrator ’s Guide 97 53-1002745-02 Blade swapping 3 Enabling blades Use the f ollowing pr ocedure to enable a blade: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the bladeEnable command with the slo t number of the port blade you want to enable. ecp:admin> bladeenable 3 Slot 3 is being e[...]

  • Página 98

    98 Fabric OS A dministr ator’s Guide 53-1002745-02 Blade swapping 3 • Blade swapping is not supported when swapping to a different model o f blade or a different por t count. For e xample, you canno t swap an FC8-32 blade with an FC8-48 port blade. How blades are swapped The bladeSwap command performs the f ollowing op erations: 1. Blade select[...]

  • Página 99

    Fabric OS Administrator ’s Guide 99 53-1002745-02 Blade swapping 3 The preparation process al so includes any special handling of por ts associated with logical switches. For e xample Figure 3 shows the source blade has ports in a logical switch or logical fabric, then the corresponding destination por t s must be included in the associat ed logi[...]

  • Página 100

    100 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling and disabling switches 3 FIGURE 4 Blade swap with V ir tual Fabrics af ter the swap Swapping blade s Use the f ollowing pr ocedure to swap blades: 1. Connect to the Backbone and log in us ing an account with admin permissions. 2. Enter the bladeSwap command. If no errors are encount ere[...]

  • Página 101

    Fabric OS Administrator ’s Guide 101 53-1002745-02 Power management 3 Using switchCfgPersistentDisable Entering switchCfgPersistentDisable with no arguments disables the switch immediat ely. Example of using switchCfgP ersistentDis able command output without arguments switch:admin> switchCfgPersistentDisable Switch's persistent state set[...]

  • Página 102

    102 Fabric OS A dministr ator’s Guide 53-1002745-02 Equipmen t status 3 The power monit or compares the available po wer with the power req u ired to det ermine if there will be enough pow er to operat e. If it is predicted t o be less power a vailable than required, the pow er-off list is pr ocessed until there is enough pow er f or operation. B[...]

  • Página 103

    Fabric OS Administrator ’s Guide 103 53-1002745-02 Equipment status 3 4. Use the switchStatusShow command to further check the status of the switch. Verifying High Availability features (Backbones only) High Av ailability (HA) features provide maximum reliability and nondis ruptive management of key hardware and software modules. Use the f ollowi[...]

  • Página 104

    104 Fabric OS A dministr ator’s Guide 53-1002745-02 Track and control switch changes 3 Verifying device connectivity Use the f ollowing pr ocedure to verify device co nnectivity: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Optional : Ent er the switchShow command to v erify devices, hosts, and st orage are con[...]

  • Página 105

    Fabric OS Administrator ’s Guide 105 53-1002745-02 Track and control switch changes 3 switch:admin> trackchangesset 1 Committing configuration...done. 3. View the log using the co mmands errDump |more to displa y a page at a time or errShow to view one line at a time. 2008/10/10-08:13:36, [TRCK-1001], 5, FID 128, INFO, ras007, Successful login[...]

  • Página 106

    106 Fabric OS A dministr ator’s Guide 53-1002745-02 Track and control switch changes 3 Flash 0 0 MarginalPorts 0.00%[0] 0.00%[0] FaultyPorts 0.00%[0] 0.00%[0] MissingSFPs 0.00%[0] 0.00%[0] ErrorPorts 0.00%[0] 0.00%[0] Number of ports: 4 Setting the switch status policy threshold values Use the f ollowing pr ocedure to set the sw itch status polic[...]

  • Página 107

    Fabric OS Administrator ’s Guide 107 53-1002745-02 Audit log configuration 3 Bad Fans contributing to DOWN status: (0..2) [2] Bad Fans contributing to MARGINAL status: (0..2) [1] (output truncated) NOTE On the Broc ade Backbones, the co mmand output includes parameters relat ed to CP blades. Audit log configuration When managing SANs y ou may w a[...]

  • Página 108

    108 Fabric OS A dministr ator’s Guide 53-1002745-02 Audit log configuratio n 3 NOTE Only the active CP can generate audit messages because eve nt classes being audited occur only on the active CP . Audit messages cannot origin ate fr om other blades in a Backbone. Switch names are lo gged for switch components and Backbone names for Backbone comp[...]

  • Página 109

    Fabric OS Administrator ’s Guide 109 53-1002745-02 Duplicate PWWN handling during device login 3 4. Enter the auditCfg -- show command to vie w the filter co nfiguration and confirm that the correct ev ent classes are being audited, and the co rrect filter stat e appears (enabled or disabled). switch:admin> auditcfg --show Audit filter is enab[...]

  • Página 110

    110 Fabric OS A dministr ator’s Guide 53-1002745-02 Duplicate PWWN handling during device login 3 Setting 2, Mixed precedence When setting 2 is select ed, the precedence d e pends on the port type of the first login. • If the previo us por t is an F_Port, the first login takes precedence. • If the previous por t is an NPIV por t, the second l[...]

  • Página 111

    Fabric OS Administrator ’s Guide 111 53-1002745-02 Chapter 4 Routing Traffic In this chapter • Routing o ver view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1 • Inter -switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 4 • Gate way [...]

  • Página 112

    112 Fabric OS A dministr ator’s Guide 53-1002745-02 Routing overview 4 Paths and route selection Paths are possible ways to get fr om one switch to another . Each inter -switch lin k (ISL) has a metric cost based on bandwidth. The cumu lativ e cost is based on the sum of all costs of all tra versed ISLs. Rout e selection is the path that is chose[...]

  • Página 113

    Fabric OS Administrator ’s Guide 113 53-1002745-02 Routing overview 4 FSPF makes minimal use of the ISL bandwidth, leaving vir tually all of it available f or traf f ic. In a stable fabric, a switch transmits 64 bytes e very 20 seconds in each direction. FSPF frames hav e the highest priority in the fabric. This guarant ees that a contro l frame [...]

  • Página 114

    114 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-swi tch links 4 Inter-switch links An inter -switch link (ISL) is a link between tw o switch es, E_Port-to-E_Po r t. The por ts of the two switches automatically come o nline as E_Por ts on ce the login pr ocess finishes successfully. F or more inf ormation on the login pr ocess, ref er to[...]

  • Página 115

    Fabric OS Administrator ’s Guide 115 53-1002745-02 Inter-switch links 4 Buffer credits In or der to pre vent the dro pping of frames in the fabric, a device can ne ver send frames without the receiving device being able to receive them, so an end-to-end flow contr o l is used on the switch. Flow control in Fibre Channel uses buf fer -to-buf f er [...]

  • Página 116

    116 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-swi tch links 4 FIGURE 7 Vir tual channels on a Qo S-enabled ISL[...]

  • Página 117

    Fabric OS Administrator ’s Guide 117 53-1002745-02 Gateway links 4 Gateway links A gate way merges SANs int o a single fabric by establishing point-to-point E_P or t connectivity between tw o Fibre Channel switches that are separat ed by a ne twork wi th a prot ocol such as IP or SONET . Except f or link init ialization, gate wa ys are transparen[...]

  • Página 118

    118 Fabric OS A dministr ator’s Guide 53-1002745-02 Routing policies 4 Configuring a link through a gateway 1. Connect to the switch at one end of the gat ewa y and log in using an account assig ned to the admin role. 2. Enter the por tCfgIISLMode command. 3. Repeat steps 1 and 2 for an y additional por ts that are connected to the gat ewa y . 4.[...]

  • Página 119

    Fabric OS Administrator ’s Guide 119 53-1002745-02 Routing policies 4 Displaying the current routing policy 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aptPolicy command wi th no paramet e rs. The current policy is displa yed, follo wed b y the suppor t ed policies for th e switch. Example of the out[...]

  • Página 120

    120 Fabric OS A dministr ator’s Guide 53-1002745-02 Routing policies 4 Device-based routing Devic e-based routing optimizes r outing path select ion and utilization based on the Source ID (SID) and Destination ID (DID) of the path source and destina tion ports. As a result, ev er y distinct flow in the fabric can tak e a different path through th[...]

  • Página 121

    Fabric OS Administrator ’s Guide 121 53-1002745-02 Routing policies 4 CAUTION Setting the r outing policy is disruptive t o the fabr ic because it requires that y ou disable the switch where the routing policy is being c hanged. Setting the routing policy Use the f ollowing pr ocedure to set the r outing policy: 1. Connect to the VF swit ch and l[...]

  • Página 122

    122 Fabric OS A dministr ator’s Guide 53-1002745-02 Route selection 4 Route selection Selection of s pecific routes can be dynamic, so that the router can constantly adjust to changing network conditions; or it may be static, so that data pack ets alwa ys follo w a predetermined path. Dynamic Load Sharing The ex change-based routing polic y depen[...]

  • Página 123

    Fabric OS Administrator ’s Guide 123 53-1002745-02 Frame order delivery 4 Frame order delivery The order in which frames are deliv ered is main tained within a switch and determined b y the routing policy in effect. Th e frame delivery behaviors f or each routing policy are: • Port-based routing All frames received on an incom ing por t dest in[...]

  • Página 124

    124 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame order delivery 4 Using Frame Viewer to understand why frames are dropped When a frame is unable t o reach its destination due t o timeout, it is discar ded. Y ou can use F rame View er to find out which flo ws contained th e dropped frames, which in turn can help you determine which applic[...]

  • Página 125

    Fabric OS Administrator ’s Guide 125 53-1002745-02 Lossless Dynamic Load Sharing on ports 4 The -txpor t and -r xpor t options accept the arguments “-1” (f or fixed-port switches) or “-1/-1” (f or modular switches). These stand for “ any back -e nd port.”. Usin g this notation you can select specifically those discar ded frames that h[...]

  • Página 126

    126 Fabric OS A dministr ator’s Guide 53-1002745-02 Lossless Dynamic Load Sharing on ports 4 Y ou can disable or enable IOD when Lossless DL S is enabled. Y ou can also choose betwee n ex change- or port-based policies with Lossless DLS. Events that cause a rebalance include the following: • Adding an E_P or t • Adding a sla ve E_Port • Rem[...]

  • Página 127

    Fabric OS Administrator ’s Guide 127 53-1002745-02 Lossless Dynamic Load Sharing on ports 4 ICL limitations If ICL ports are connected during a c ore blade remov a l, it is equi valent to remo ving external E_Ports which may c ause I/O disruption on th e ICL ports that have been removed. If ICL ports are connected during a core blade insertio n, [...]

  • Página 128

    128 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling forward e rror correction (FEC) 4 T o av o id this behavior , it is recommended to define your logical switches as follows: • Define logical switches that req uir e Lossless DLS at the blade bounda r y . • Define logical switches that req uire Lossless DLS only using suppor ted blad[...]

  • Página 129

    Fabric OS Administrator ’s Guide 129 53-1002745-02 Enabling forward e rror correction (FEC) 4 Use the f ollowing pr ocedure to enable and disable FEC: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the por tCfgFec c ommand, specifying the port or range of por ts on which FEC is to be enabled. portcfgfec --e[...]

  • Página 130

    130 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame Redirection 4 Frame Redirection F rame Redirection pr ovides a means to redirect tr affic flow betw een a host and a target that use vir tualization an d encr yption applications, such as the Broc ade SAS blade and Brocade Data Migration Manager (DMM), so that those applicatio ns can perfo[...]

  • Página 131

    Fabric OS Administrator ’s Guide 131 53-1002745-02 Frame Redirection 4 Example of creating a frame redirect zone T h e f o l l o w i ng e x a m p le cr e at e s a r e di re ct zo n e , g i v e n a h os t ( 10 :10 :10 :10 :10 :10 :10 :10 ), ta rg e t (20:20:20:20: 20:20:20:20), virtual initiator ( 30:30:30:30:30:3 0:30:30), and virtual target (40:[...]

  • Página 132

    132 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame Redirection 4[...]

  • Página 133

    Fabric OS Administrator ’s Guide 133 53-1002745-02 Chapter 5 Managing User Accounts In this chapter • User accounts ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 • Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 7 • Local user account data[...]

  • Página 134

    134 Fabric OS A dministr ator’s Guide 53-1002745-02 User accounts overview 5 Fabric OS pr ovides f our opt ions for authenticating users: remote RADIUS service, remote LD AP service, remote T A CA CS+ service, and the local-swit ch user database. All options allo w users to be managed centrall y by means of the following methods: • Rem ote RA D[...]

  • Página 135

    Fabric OS Administrator ’s Guide 135 53-1002745-02 User accounts overview 5 Admin Domain considerations Legacy users with no Admin Domain specified and whose current r ole is admin will hav e access to AD0 through AD2 55 (physical f abric admin); otherwise, they will ha ve access to AD0 only . If some Ad min Domains ha ve been defined for the us [...]

  • Página 136

    136 Fabric OS A dministr ator’s Guide 53-1002745-02 User accounts overview 5 The management channel The management channel is the com municati on established between the manageme nt workstation and the switch. Ta b l e 1 4 shows the number of simu ltaneous login ses sions allowed f or each role when authenticat ed locally . The roles are displa y[...]

  • Página 137

    Fabric OS Administrator ’s Guide 137 53-1002745-02 Local database us er accounts 5 The assigned permissions can be no higher than th e admin role permission assigned t o the class. The admin role permission f or the Security class is Observe/ Modify . Theref ore, the Obser ve permission is valid. The ro le C on f i g -- show command is a vailable[...]

  • Página 138

    138 Fabric OS A dministr ator’s Guide 53-1002745-02 Local database user accounts 5 Default accounts Ta b l e 1 5 lists the predefined accounts offered by Fabr ic OS that are a vailable in the local-switch user database. The passwo rd f or all default ac counts should be changed during the initial installation and configurat ion of each switch. Ad[...]

  • Página 139

    Fabric OS Administrator ’s Guide 139 53-1002745-02 Local database us er accounts 5 3. In response to the pr ompt, ent er a passwor d f or the account. The passwor d is not displa yed when you ent er it on the command line. Deleting an account This proced ure can be per for med on local user accounts. 1. Connect to the switch and log in using an a[...]

  • Página 140

    140 Fabric OS A dministr ator’s Guide 53-1002745-02 Local user account database distribution 5 Changing the password fo r a different account 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the passwd command specifying the name of the account for which the passwor d is being changed. 3. Enter the requested [...]

  • Página 141

    Fabric OS Administrator ’s Guide 141 53-1002745-02 Password policies 5 Rejecting distributed user databases on the local switch 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the fddCfg -- localreject PWD command. Password policies The passwor d policies described in this section apply t o the local-switch [...]

  • Página 142

    142 Fabric OS A dministr ator’s Guide 53-1002745-02 Password policies 5 • Punctuation Specifies the minimum numb er of punctuation ch aracters that must appear in the passwor d. All printable, non-alphanumeric punctuation char acters ex cept the colon ( : ) are allowed. The default v alue is zero. The maximum value must be less than or equal to[...]

  • Página 143

    Fabric OS Administrator ’s Guide 143 53-1002745-02 Password policies 5 Password expiration policy The passwor d expiration policy f orces the e xpirati on of a passwor d after a configurable peri od of time. The e xpiration policy can be enf orced acr oss all user accounts or on specified users only . A w arning that passwor d expiration is appr [...]

  • Página 144

    144 Fabric OS A dministr ator’s Guide 53-1002745-02 Password policies 5 A failed login att empt counter is maintained f or ea ch user on e ach switch instance. The counters for all user accounts are reset to zero when the account lock out policy is enabled. The count er for an individual account is reset to zero when the ac count is unlocked afte[...]

  • Página 145

    Fabric OS Administrator ’s Guide 145 53-1002745-02 The boot PROM password 5 Denial of service implications The account lock out mechanism ma y be used to crea te a denial of ser vice condition when a user repeatedly att empts t o log in to an account by using an incorrect passwor d. Selected privileged accounts are ex empted fr om the account loc[...]

  • Página 146

    146 Fabric OS A dministr ator’s Guide 53-1002745-02 The boot PROM password 5 4. Enter 2. • If no password was pre viously set, the following message is display ed: Recovery password is NOT set. Please set it now. • If a password w as previously set, the f ollowing messages is displayed: Send the following string to Customer Support for passwo[...]

  • Página 147

    Fabric OS Administrator ’s Guide 147 53-1002745-02 The boot PROM password 5 • If a password w as previously set, the f ollowing messages are displayed: Send the following string to Customer Support for password recovery: afHTpyLsDo1Pz0Pk5GzhIw== Enter the supplied recovery password. Recovery Password: 6. Enter the recovery passwor d (string). T[...]

  • Página 148

    148 Fabric OS A dministr ator’s Guide 53-1002745-02 The boot PROM password 5 The f ollowing options are a vailable: 4. Enter 3. 5. At the shell pr ompt, ent er the passwd command. The passwd command o nly applies to the boot PROM passwor d when it is entered fr om the boot inter face. 6. Enter the boot PROM passw ord at the pr om pt, and then ree[...]

  • Página 149

    Fabric OS Administrator ’s Guide 149 53-1002745-02 Remote authentication 5 The passwd command applies only to the boot PROM password when it is entered from the boot interface. 8. Enter the boot PR OM password at the pr ompt, and then re-enter it when pr ompted. The passwor d mu st be eight alphanumeric char act ers (any additional characters are[...]

  • Página 150

    150 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 The suppor ted management access channels that integrat e with RADIUS, LD AP , and T A CA CS+ include serial por t, T elnet, SSH, Web T ools, and API. All these access channels require the switch I P address or name to connect. RADIUS, LDAP , and T ACA CS+ ser vers accept[...]

  • Página 151

    Fabric OS Administrator ’s Guide 151 53-1002745-02 Remote authentication 5 Supported LDAP options Ta b l e 16 su mmarizes the variou s LDAP options and Brocade suppor t for each. Command options Ta b l e 17 outlines the aaaConfig command options used to set the authentication mode. TA B L E 16 LDAP options Protocol Description Channel type Defaul[...]

  • Página 152

    152 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Setting the switch authentication mode 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aaaConfig -- authspec comman d. Fabric OS user accounts RADIUS, LD AP , and T A CA CS+ ser vers allo w you t o set up user accounts by their t[...]

  • Página 153

    Fabric OS Administrator ’s Guide 153 53-1002745-02 Remote authentication 5 RADIUS, LD AP , and T A CA CS+ suppor t all the defined RBA C roles described in Ta b l e 1 2 on page 134. Users must enter their assigned RADIUS , LDAP , or T A CA CS+ account name and passw ord when logging in to a switch that has been configured with remote authenticati[...]

  • Página 154

    154 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Fabric OS users on the RADIUS server All existing Fabric OS mechanisms for managing lo cal-switch user acco unts and passwor ds remain functional when the switch is configured to use RAD IUS. Changes made t o the local switch database do not pr opagate to the RADIUS serve[...]

  • Página 155

    Fabric OS Administrator ’s Guide 155 53-1002745-02 Remote authentication 5 Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128;ChassisRole=admin", Brocade-Passwd-ExpiryDate = "11/10/2011", Brocade-Passwd-WarnPeriod = "30" RADIUS configuration with Admi n Domains or Virtual Fabrics When configuring us ers with Admi n[...]

  • Página 156

    156 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 For e xample, on a Linux F reeRADIUS Server , the user (user-za) with the f ollowing settings takes the “zoneAdmin ” permissions, with AD m ember list: 1, 2 , 4, 5, 6, 7, 8, 9, 12 ; the Home Admin Do main will be 1. user-za Auth-Type := Local, User-Password == "p[...]

  • Página 157

    Fabric OS Administrator ’s Guide 157 53-1002745-02 Remote authentication 5 Configuring RADIUS ser vice on Linux consist s of the f ollowing tasks: • Adding the Br ocade attributes to the ser ver • Creating the user • Enabling clients Adding the Brocade attributes to the server 1. Create and sav e the file $PREFIX/etc/raddb /dictionar y .bro[...]

  • Página 158

    158 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 When y ou use netw ork informati on service (NIS) for authen tication, the only wa y to enable authentication with the pass wor d file is t o for ce the Brocade sw itch to authenticat e using password authentication pro tocol (P AP); this requ ires the -a pap option with [...]

  • Página 159

    Fabric OS Administrator ’s Guide 159 53-1002745-02 Remote authentication 5 If CHAP authentication is require d, then Wind o ws must be configured to store passwor ds wi th rev ersible encr yption. Reverse password encr yption is not the default behavior; it must be enabled. NOTE If a user is configured prior to enabling rev e rse password encrypt[...]

  • Página 160

    160 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 e. Af ter returning to the Int ernet Authentication Service window , add additional policies for all Brocade login types for which you want t o use the RADIUS ser ver . After this is done, yo u can configure the switch. NOTE Windows 2008 RADIUS (NPS) support is also av ai[...]

  • Página 161

    Fabric OS Administrator ’s Guide 161 53-1002745-02 Remote authentication 5 c. Add Brocade-VSA macro and define the attributes as f o llows: • vid (V endor-ID): 1588 • type1 (V endor- T ype): 1 • len1 (V endor-Length): >=2 FIGURE 1 1 Example of a Br ocade DCT file ####################################################################### # b[...]

  • Página 162

    162 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 FIGURE 12 Example of the dictiona.dcm f ile d. When selecting it ems from the Add R eturn List A ttribute , select Brocade-Auth-R ole and type the string Admi n . The string will equal the r ole on the switch. e. Add the Br ocade pr ofile. f. In RSA A uthentication Mana g[...]

  • Página 163

    Fabric OS Administrator ’s Guide 163 53-1002745-02 Remote authentication 5 • LDAP authentication is used on the loca l switch only and not f or the entire fabric. • Y ou can use the User- Principal-Name and not th e Common-Name f or AD LDAP authentication. T o pro vide backward compatibility , authenti cation based on the Common Name is still[...]

  • Página 164

    164 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 4. Associate the user t o the group b y adding the user to the g roup. For instructions on ho w to creat e a user ref er to www .micr osoft .com or Micr osoft documentation t o create a user in y our Active Direct or y . 5. Add the user’s Administrative Domains or Vir t[...]

  • Página 165

    Fabric OS Administrator ’s Guide 165 53-1002745-02 Remote authentication 5 3. Right click on select Properties . Click the Attribute Edit or tab. 4. Double-click the adminDescription attribute. The String Attribut e Editor dialog box opens. 5. Per fo rm the appropri ate action ba sed on whether y ou are using Admi nistrative D omains or Vir tual [...]

  • Página 166

    166 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 T w o operational modes exist in LD AP authenticati on: FIPS mo de and non-FIPS mode. This section discusse s LDAP au thentica tion in non- FIPS mode. F or information on LD AP in FIPS mode, refer t o Chapter 7, “Configuring Security Policies” . The f ollowing restric[...]

  • Página 167

    Fabric OS Administrator ’s Guide 167 53-1002745-02 Remote authentication 5 include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/local.schema ############################################### TLSCACertificateFile /root/sachin/ldapcert/cacert.pem TLSCertificateFile /root/sachin/ldapcert/serverCert.pem TLSCertifi[...]

  • Página 168

    168 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Assigning a user to a group Bef ore you can assign a user t o a group, the memberOf o verlay must be adde d to the slapd.conf file. R ef er t o “Enabling group membership” on page 166 f or details. T o creat e a group and assign a member: 1. In a .ldif file, create a [...]

  • Página 169

    Fabric OS Administrator ’s Guide 169 53-1002745-02 Remote authentication 5 Example to add a gr oup member 1. Create or edit a .ldif file with an entry similar to the f ollowing. ##########Adding an attr value dn: cn=admin,ou=groups,dc=mybrocade,dc=com changetype: modify add: member member: cn=test1,cn=Users,dc=mybrocade,dc=com 2. Enter the follow[...]

  • Página 170

    170 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 DESC 'Brocade specific data for LDAP authentication' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) objectclass ( 1.3.6.1.4.1.8412.110 NAME 'user' DESC 'Brocade switch specific person&ap[...]

  • Página 171

    Fabric OS Administrator ’s Guide 171 53-1002745-02 Remote authentication 5 objectClass: uidObject cn: Sachin sn: Mishra description: First user brcdAdVfData: HomeLF=30;LFRoleList=admin:1-128;ChassisRole=admin userPassword: pass uid: mishras@mybrocade.com The following command adds the user to the LDAP director y . > ldapadd -D cn=Sachin,dc=myb[...]

  • Página 172

    172 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Configuring the TACACS+ server on LINUX FabricOS software suppor ts T ACA CS+ authentication on a LINUX ser ver running the Open Source T ACA CS + LINUX package v4.0.4 from Cisco. T o install and config ure this sof tware, pe r form the following st eps. 1. D ownload the [...]

  • Página 173

    Fabric OS Administrator ’s Guide 173 53-1002745-02 Remote authentication 5 Configuring A dmin Domain lis ts If your netw ork uses Admin Domains, y o u should create A dmin Domain lists f or each user to identify the Admin Domains t o which the user has acc ess. Assign the follo wing k ey-value pairs to the brcd-A V--Pair1 and, optionally, br cd- [...]

  • Página 174

    174 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Configuring the pass word expiration date FabricOS lets you configure a passwor d expiration dat e for each user account and to configure a warning period f or notifying the user that the ac co unt password is about to e xpire. T o configure these values, set the f ollowi[...]

  • Página 175

    Fabric OS Administrator ’s Guide 175 53-1002745-02 Remote authentication 5 Adding an authentication server to the switch configuration 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aaaConfig -- add command. At least one authentication ser ver must be conf igured before y ou can enable the RADIUS, LD AP[...]

  • Página 176

    176 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Displaying the current au thentication configuration 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aaaConfig -- show command. If a configuration exists, its paramet ers are display ed. If the RADIUS, LDAP , or T ACA CS+ service[...]

  • Página 177

    Fabric OS Administrator ’s Guide 177 53-1002745-02 Chapter 6 Configuring Protocols In this chapter • Security pr otocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 7 7 • Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 78 • Secu[...]

  • Página 178

    178 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Copy 6 Ta b l e 2 2 des cribes additional sof tware or cer tificates that you must obtain to deplo y secure pro tocols. The security pro tocols ar e designed with the f our main use cases described in Ta b l e 2 3 . Secure Copy The Secure Copy protocol (SCP) runs on port 22. It encr ypts [...]

  • Página 179

    Fabric OS Administrator ’s Guide 179 53-1002745-02 Secure Shell protocol 6 Setting up SCP for configur ation uploads and downloads Use the f ollowing pr ocedure to configure SC P for configuration uploads a nd downloads. 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the configure command. 3. Enter y or ye [...]

  • Página 180

    180 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Shell pr otocol 6 SSH public key authentication OpenSSH public ke y authentication pro vides passw or d-less logins, known as SSH authentication, that uses public and private k ey pairs for incoming and outgoing authentication. This f ea ture allows only one allowed-user to be configured [...]

  • Página 181

    Fabric OS Administrator ’s Guide 181 53-1002745-02 Secure Shell protocol 6 Enter login name: auser Password: Public key is imported successfully. 4. T est the setup by logging in to the switch from a remote de vice, or by running a command remotely using SSH. Configuring outgoing SSH authentication Af ter the allow ed-user is configured, the rema[...]

  • Página 182

    182 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Sockets Layer p rotocol 6 Deleting public keys on the switch Use the f ollowing pr ocedure to delet e public k eys fr om the switch. 1. Connect to the switch and log in us ing an account with admin permissions. 2. Use the sshUtil delpubke y s command t o delet e public k eys. Y ou will be[...]

  • Página 183

    Fabric OS Administrator ’s Guide 183 53-1002745-02 Secure Sockets Layer protocol 6 Y ou should upgrade t o the Ja va 1.6.0 plug-in on your management w orkstation. T o find the Jav a version that is currently running, open t he Jav a consol e and look at the fir st line of the window. For more details on lev els of bro w ser and Ja va support , r[...]

  • Página 184

    184 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Sockets Layer p rotocol 6 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the secCer tUtil genkey com ma nd to g en er ate a p ub li c/p r iva te key p ai r . The syst em repor ts that this pr ocess will d isable secure pr otocols , delet e any exis [...]

  • Página 185

    Fabric OS Administrator ’s Guide 185 53-1002745-02 Secure Sockets Layer protocol 6 Obtaining certificates Once you ha ve generated a CSR, y ou will need t o follow the instructions on the websit e of the cer tificate issuing authority that you want to use; and then obtain the certif icate. Fabric OS and HTTPS suppor t the following type s of file[...]

  • Página 186

    186 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Sockets Layer p rotocol 6 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the secCer tUtil impor t co mmand. 3. Select a prot ocol, enter the IP address of the host on which the switch ce r tificate is sa ved, and enter y our login name and password [...]

  • Página 187

    Fabric OS Administrator ’s Guide 187 53-1002745-02 Secure Sockets Layer protocol 6 4. Cl ick the Intermediate or T rust ed Root tab and scroll the list to see if the r oot cer tificate is listed. T ak e the appropriat e follo wing action based on whe ther you find the certificate: • If the cer tificate is listed, you do not need to install it. [...]

  • Página 188

    188 Fabric OS A dministr ator’s Guide 53-1002745-02 Simple Network Management Prot ocol 6 Issuer: CN=Brocade, OU=Software, O=Brocade Communications, L=San Jose, ST=California, C=US Serial number: 0 Valid from: Thu Jan 15 16:27:03 PST 2007 until: Sat Feb 14 16:27:03 PST 2007 Certificate fingerprints: MD5: 71:E9:27:44:01:30:48:CC:09:4D:11:80:9D:DE:[...]

  • Página 189

    Fabric OS Administrator ’s Guide 189 53-1002745-02 Simple Network Management Protocol 6 • SW-EXTTRAP Includes the swSsn (Sof tware Serial Nu mber) as a part of Brocade SW traps. For inf ormation on Brocade MIBs, ref er to the Fab r ic O S M IB R ef er e n c e . SNMP and Virtual Fabrics When an SNMPv3 request arriv es with a part icular user nam[...]

  • Página 190

    190 Fabric OS A dministr ator’s Guide 53-1002745-02 Telnet protocol 6 SNMP security levels Use the snm pConfig -- set seclev el command to set the security le vel. For more inf orma tion about using the Br ocade SNMP agent, ref er to the Fab ri c O S M I B Ref e re n c e . SNMP configuration Use the snm pConfig -- set command to change either the[...]

  • Página 191

    Fabric OS Administrator ’s Guide 191 53-1002745-02 Telnet protocol 6 ATT ENTI ON The rule number assigned must precede the def a ult rule number f or this protocol. F or exam ple, in the defined policy , the T elnet rule number is 2. Theref ore, to ef f ectively bloc k T elnet, the rule number to assign m ust be 1. If you choose not to use 1 , yo[...]

  • Página 192

    192 Fabric OS A dministr ator’s Guide 53-1002745-02 Listener applications 6 Refe r to “Deleting a rule from an IP Filt er policy” on page 223 for more inf ormation on deleting IP filter rules. 3. T o permanently delete the policy , type the ipfilt er -- sa ve command. ATT ENTI ON If you dele ted the rule t o permit T elnet, you must add a rul[...]

  • Página 193

    Fabric OS Administrator ’s Guide 193 53-1002745-02 Ports and applications used by switches 6 Port configuration Ta b l e 27 pro vides information on por ts that the switch uses. When conf iguring the switch for various policies, tak e into consid eration firew alls and other de vice s that may sit between switches in the fabric and y our netw ork[...]

  • Página 194

    194 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports and applications used by switches 6[...]

  • Página 195

    Fabric OS Administrator ’s Guide 195 53-1002745-02 Chapter 7 Configuring Security Policies In this chapter • A CL policies ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 • A CL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 • FCS polic[...]

  • Página 196

    196 Fabric OS A dministr ator’s Guide 53-1002745-02 ACL policy management 7 Policies with the same stat e are grouped toge ther in a Policy Set . Each switch has the following two sets: • Active policy set, which contains A CL policies be ing enfor ced by the switc h. • Defined policy set, which contains a copy of all A CL policies on the swi[...]

  • Página 197

    Fabric OS Administrator ’s Guide 197 53-1002745-02 ACL policy manag ement 7 Displaying ACL policies Y ou can view the active and defined policy sets at an y time. Additionally , in a defined policy set, policies created in the same login session also appear but these policies are automatically delet ed if the you log out without sa vi ng them. 1.[...]

  • Página 198

    198 Fabric OS A dministr ator’s Guide 53-1002745-02 ACL policy management 7 Example of deleting an A CL policy switch:admin> secpolicydelete "DCC_POLICY_010" About to delete policy Finance_Policy. Are you sure (yes, y, no, n):[no] y Finance_Policy has been deleted. Adding a member to an existing ACL policy As soon as a policy has bee[...]

  • Página 199

    Fabric OS Administrator ’s Guide 199 53-1002745-02 FCS policies 7 Example of abor ting unsaved changes switch:admin> secpolicyabort Unsaved data has been aborted. All changes since the last time the secPolicySav e or secPolicyA ctivate commands w e re entered are abor ted. FCS policies Fabric configuration ser ver (FCS) policy in base F abric [...]

  • Página 200

    200 Fabric OS A dministr ator’s Guide 53-1002745-02 FCS policies 7 Ta b l e 3 0 shows the commands fo r switch operations f or Primar y FCS enforcement. In Fabric OS v7 . 1.0 an d later , to a void segmentat ion of por ts due to a member-list order mismatch, security policy members are sor ted based on WWN . By default, D CC and SCC policy member[...]

  • Página 201

    Fabric OS Administrator ’s Guide 201 53-1002745-02 FCS policies 7 Creating an FCS policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the Securi ty RBA C class of commands. 2. Enter the secPolicyCreate “FCS_POLICY” command. Example of creating an FCS policy T h e fo l l[...]

  • Página 202

    202 Fabric OS A dministr ator’s Guide 53-1002745-02 FCS policies 7 FCS policy distribution The FCS policy can be auto ma tically distribute d using the fddCfg -- fab wideset command or it can be manually distributed t o the switches using the distribut e -p command. Each swit ch that receives the FCS policy must be c onfigured to receiv e the pol[...]

  • Página 203

    Fabric OS Administrator ’s Guide 203 53-1002745-02 Device Connection Control policies 7 Device Connection Control policies Multiple Device Connection Control (DCC) policies can be used to restrict which device por ts can connect to which switch por ts. The devices can be initiators, targets, o r intermediat e devices such as SCSI rout ers and loo[...]

  • Página 204

    204 Fabric OS A dministr ator’s Guide 53-1002745-02 Device Connection Control policies 7 Creating a DCC policy DCC policies must f ollow the naming con vention “DCC_POLICY_ nnn , ” where nnn represents a unique string. The maximum length is 30 ch aracters, including the prefix DCC_POLICY_. Device ports must be specif ied by port WWN. Switch p[...]

  • Página 205

    Fabric OS Administrator ’s Guide 205 53-1002745-02 Device Connection Control policies 7 Deleting a DCC policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the Securi ty RBA C class of commands. 2. Enter the secPolicyDelet e command. Example of deleting stale DCC policies sw[...]

  • Página 206

    206 Fabric OS A dministr ator’s Guide 53-1002745-02 SCC Policies 7 Ta b l e 3 4 shows the behavior of a DCC policy creat ed ma nually with the ph ysical PWWN of a devi ce. The configurations shown in this table are the recommended configu rations when an F A-PWW N is logged into the switch. SCC Policies The switch connection control (SCC) policy [...]

  • Página 207

    Fabric OS Administrator ’s Guide 207 53-1002745-02 Authentication policy for fabric elements 7 Creating an SCC policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the Securi ty RBA C class of commands. 2. Enter the secPolicyCreate “SCC_POLICY” command. 3. Sav e or activ[...]

  • Página 208

    208 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 FIGURE 13 DH-CHA P authentication If you use DH-CHAP authen tication, then a secret k ey pair must be installed only in connect ed fabric elements. Ho wever , as co nnections are changed, ne w secre t key pairs must be installed between ne wly connec[...]

  • Página 209

    Fabric OS Administrator ’s Guide 209 53-1002745-02 Authentication policy for fabric elements 7 Virt ual F abrics consideration s The switch authentication policy appli es to all E_P or ts in a logical switch. This includes ISLs and ext ended ISLs. Authentication of e xtended ISL s between two base switches is considered peer-chassis authenticatio[...]

  • Página 210

    210 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Re-authenticating E_Ports Use the authUtil -- authinit command to re-initiat e the authentica tion on selected ports. It pro vides flexibility to initiat e authentication for specified E_Ports, a set of E_Por ts, or all E_Por ts on the switch. This c[...]

  • Página 211

    Fabric OS Administrator ’s Guide 211 53-1002745-02 Authentication policy for fabric elements 7 and CT frames, ex cept the A UTH_NEGO TIA TE ELS fr ame, are blocked b y the switch. During this time, the Fibre Channel driv er rejects all other ELS frames. The F_P or t does not f orm until the AUTH_ NE GOTIA T E i s co mpl eted. It is t he HBA &apos[...]

  • Página 212

    212 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Authentication protocols Use the authUti l command to per form the f ollowing tasks: • Display the current authentication parameters. • Select the authentication pr o tocol used be tween switches. • Select the DH (Diffie-He llman) group f or a [...]

  • Página 213

    Fabric OS Administrator ’s Guide 213 53-1002745-02 Authentication policy for fabric elements 7 Secret key pairs for DH-CHAP When you configure the switches at both ends of a link to use DH-CHAP f or authentication, you must also define a secret ke y pair —one for each end of the link. Use the secA uthSecret command to perform the f ollowing tas[...]

  • Página 214

    214 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Setting a secret key pair 1. Log in to the switch using an account with admin permissions, or an account with OM permissions for the A uthentication RBAC class of commands. 2. Enter the secAuthSecret -- se t command. The command enters int eractive m[...]

  • Página 215

    Fabric OS Administrator ’s Guide 215 53-1002745-02 Authentication policy for fabric elements 7 FCAP configuration overview Beginning with Fabric OS re lease 7 .0.0, you must configure the switch t o use third-party cer t ificates for authentication with the peer switch. T o perform authentication with FCAP pr otocol with cer tificates issued fr o[...]

  • Página 216

    216 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Exporting the CSR for FCAP Y ou will need to e xpor t the CSR file creat ed in “Generating the ke y and CSR for FCAP” section and send to a Certif icate A uthority (CA). The CA will in turn pro vide two files as outlined in “FCAP configuration [...]

  • Página 217

    Fabric OS Administrator ’s Guide 217 53-1002745-02 IP Filter policy 7 Starting FCAP authentic ation 1. Log in to the switch using an account with admin permissions, or an account with OM permissions for the A uthentication RBAC class of commands. 2. Enter the authUtil -- auth init command to star t the authentication using the newly imported cer [...]

  • Página 218

    218 Fabric OS A dministr ator’s Guide 53-1002745-02 IP Filter po licy 7 Vir tual Fabrics con siderations: Each logical switch cannot have its o wn different IP Filt er policies. IP Filter polic ies are treated as a chassis-wide configuration and are common f o r all the logical switches in the chassis. Creating an IP Filter policy Y ou can create[...]

  • Página 219

    Fabric OS Administrator ’s Guide 219 53-1002745-02 IP Filter policy 7 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and ha ving the OM permission s for the IPfilt er RBAC class of commands. 2. Enter the ipFilter –- sa ve command. Activating an IP Filter policy IP Filter policies [...]

  • Página 220

    220 Fabric OS A dministr ator’s Guide 53-1002745-02 IP Filter po licy 7 Source address For an IPv4 filt er policy , the source address has to be a 32-bit IPv4 address in dot decimal no tation. The gro up prefix has t o be a CIDR block prefix representatio n. For e xample, 208. 130.32.0/2 4 represents a 2 4-bit IPv4 prefix star ti ng from the most[...]

  • Página 221

    Fabric OS Administrator ’s Guide 221 53-1002745-02 IP Filter policy 7 Protocol T CP and UDP protocols are valid prot ocol selecti ons. Fabric OS v6.2.0 and later do not suppor t configuration to filter other pro tocols. Implicitly , ICMP type 0 and type 8 packets are alwa ys allowed to sup por t ICMP echo request and reply on commands lik e ping [...]

  • Página 222

    222 Fabric OS A dministr ator’s Guide 53-1002745-02 IP Filter po licy 7 Traffic type and destination IP The traf fic type and destina tion IP elements allow an IP policy rule to sp ecify filter enf orcement fo r IP f orwarding. The INPUT traffic type is the defa ult and restricts rules to manage traf fic on IP management inter faces, The FORW ARD[...]

  • Página 223

    Fabric OS Administrator ’s Guide 223 53-1002745-02 IP Filter policy 7 IP Filter policy enforcement A n a c t i ve I P F i l te r p o l i c y i s a f i l t e r a p p l i e d to the I P packets thr ough the manage ment inter face. IPv4 management traf fic passes through the active IP v4 filter policy , and IPv6 management traffic passes thr ough th[...]

  • Página 224

    224 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and ha ving the OM permission s for the IPfilt er RBAC class of commands. 2. Enter the ipFilter –- transabor t comman d. IP Filter policy distribution [...]

  • Página 225

    Fabric OS Administrator ’s Guide 225 53-1002745-02 Policy database distribu tion 7 • Manually distribute an A C L policy database — Ru n the distribut e command to push the local database of the specified policy type t o target switches. “ ACL policy distribution t o other switches” on page 22 7. • Fabric-wide consist ency policy — Us[...]

  • Página 226

    226 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 Use the chassisDistribute command to distribute IP fil ter po licies. T o distribute other security policies, us e the distribute command. Displaying the database distribution settings 1. Co nnect to the switch and log in using an acc o unt with admin permissions, [...]

  • Página 227

    Fabric OS Administrator ’s Guide 227 53-1002745-02 Policy database distribu tion 7 ACL policy distribution to other switches This section explains how to manually di stribute local ACL policy databases. The distribute command has the f ollowing dependencies: • All target switches must be running Fabric OS v6.2.0 or later . • All target switch[...]

  • Página 228

    228 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 Displaying the fabric-wide consistency policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with O permission fo r the FabricDistri b ution RBA C class of commands. 2. Enter the fddCfg -- showall command. Example show[...]

  • Página 229

    Fabric OS Administrator ’s Guide 229 53-1002745-02 Policy database distribu tion 7 Notes on joining a switch to the fabric When a switch is joined to a fabric with a t olerant SCC, DCC, or FCS f abric -wide consistency policy , the joining switch must hav e a m atching tolerant SC C, DCC, or FCS fabric-wide consistency policy . If the tolerant SC[...]

  • Página 230

    230 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 Non-matching fabric-wid e consistency policies Y ou may encount er one of the follo wing two scenarios described in Ta b l e 4 4 and Ta b l e 4 5 where you are merging a f abric with a strict policy to a f abric with an absent, to lerant, or non-matching strict pol[...]

  • Página 231

    Fabric OS Administrator ’s Guide 231 53-1002745-02 Management interface security 7 Management interface security Y ou can secure an Ethernet management int er f ace betw een two Brocade switc hes or Backbones by implementing I P sec and IKE policies t o creat e a tunnel that pr ot ects traf fic flows. While the tunnel must hav e a Brocade switch [...]

  • Página 232

    232 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 FIGURE 1 4 Protected endpoints conf iguration A possible dra wback of end-t o-end security is that various applications that req uire the ability t o inspect or modify a transient packet will fail wh en end-t o-end confidential ity is employ ed. Various Qo S s o l[...]

  • Página 233

    Fabric OS Administrator ’s Guide 233 53-1002745-02 Management interface security 7 FIGURE 1 6 Endpoint-to-gateway tu nnel configuration RoadWarrior configuration In endpoint-to-endpoint sec urity , pack ets are encr ypted and decrypted by the host which pr oduces or consumes the traffic. In the gate wa y-to-gate way examp le, a rout er on the net[...]

  • Página 234

    234 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 these values in negotiations t o create IP sec SAs. Y ou must creat e an SA prior to creating an SA-proposal. Y ou canno t modify an SA once it is created. Use the IP secConfig -- flush manual-sa command to remov e all SA entries fr om the k ernel SADB and re-crea[...]

  • Página 235

    Fabric OS Administrator ’s Guide 235 53-1002745-02 Management interface security 7 IP sec traffic selector The traf fic selector is a traffic filter that define s and identifies the traf fi c flow betw een two systems that hav e IP sec prot ection. IP addresses, the dire ction of traf fic flow (i nbound, outbound) and the upper la yer pr otocol a[...]

  • Página 236

    236 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 The IP secConfig command does not suppor t manipulating pre-shared ke ys corresponding to the identity of the IKE peer or gr oup of peers. Use the secCertUtil command to impor t, delete, o r display the pre-shared ke ys in the local switch database. F o r more inf[...]

  • Página 237

    Fabric OS Administrator ’s Guide 237 53-1002745-02 Management interface security 7 Example of creating an IP sec SA policy This examp le creates an IP sec SA policy named AH0 1 , which uses AH pr otection with MD5. Y ou would run this command on each switch; on each side of the tunnel so that both si des hav e the same IP sec SA policy. switch:ad[...]

  • Página 238

    238 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 1 0. V erify traf fic is prot ected. a. Initiate a telnet , SSH, or ping session from the tw o switches. b. V erify that IP traf fic is encapsulated. c. Monitor IP sec S As created using IKE fo r above traffic flow • Use the IP secConfig -– sho w manual-sa –[...]

  • Página 239

    Fabric OS Administrator ’s Guide 239 53-1002745-02 Management interface security 7 6. Impor t the pre-shared k ey file using the secCer tUtil command. The fil e name should ha ve a .psk ext ension. For more inf ormation on impor ting the pre-shared ke y file, ref er to “Installing a switch cer tificate” on page 185. 7 . Configure an IKE polic[...]

  • Página 240

    240 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 • Use the IP secConfig –-sho w policy ik e –a command with the specified operands to display IKE policies. • Use the IP secConfig –-flush manual-sa command with the specified op erands to flush the created SAs in the k ernel SADB. CAUTION Flushing SAs re[...]

  • Página 241

    Fabric OS Administrator ’s Guide 241 53-1002745-02 Chapter 8 Maintaining the Switch Configuration File In this chapter • Configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4 1 • Configuration file back up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4[...]

  • Página 242

    242 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration settin gs 8 If your user account has chassis account permissions, you can use an y of the follo wing options when uploading or downloading a configuration file: Configuration file format The configuration file is divided int o three areas: the header , the chassis section, and one [...]

  • Página 243

    Fabric OS Administrator ’s Guide 243 53-1002745-02 Configuration sett ings 8 [Active Security policies] [cryptoDev] [FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 0] date = Tue Mar 1 21:28:52 2011 [Switch Configuration Begin : 1] SwitchName = switch_2 Fabric ID = 1 [Boot Parameters] [Configuration] [Bottleneck Configuration] [Zonin[...]

  • Página 244

    244 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration file backup 8 • Licenses Lser vc – Sentinel License configuration • GE blade mode – GigE Mode configuration • FWD CHASSIS CFG – Fabric W atch configuration • FRAME LOG – F rame log configuration (enable/disable) • DMM_TB – Data migration manager configuratio n ?[...]

  • Página 245

    Fabric OS Administrator ’s Guide 245 53-1002745-02 Configuration file b ackup 8 Before you upload a configuration file, verify that y ou can reach the FTP ser ver fr om the switch. Using a T elnet connection, sa ve a back up copy of the configuration file from a logical switch to a host computer . Secure File T ransf er Prot ocol (SFTP) is now an[...]

  • Página 246

    246 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration file restorat ion 8 Configuration file restoration When you rest ore a configuratio n file, you o verwrite the existing configuration with a previously sav ed backup configuration file. CAUTION Mak e sure that t he configuration fil e you are do wnloading is compatib le with your s[...]

  • Página 247

    Fabric OS Administrator ’s Guide 247 53-1002745-02 Configuration file restoration 8 If you must set up your switch again, run the commands listed in Ta b l e 47 and s av e t he output i n a file fo rmat. Store the files in a saf e place f or emergency reference. -all The number of switches or FIDs defined in the downloaded configuration file must[...]

  • Página 248

    248 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration file restorat ion 8 CAUTION Though the switch itself has advanced error checking, the configdownload feature within Fabric OS was not designed f or users to edit, and is limited in its ability. Edit ed f iles can become corrupted and this corruption can lead to switch f a ilures. C[...]

  • Página 249

    Fabric OS Administrator ’s Guide 249 53-1002745-02 Configuration file restoration 8 Example of confi gDownload without Admin Doma ins switch:admin> configdownload Protocol (scp, ftp, local) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [<home dir>/config.txt]: Section (all|chassis|FID# [all]): [...]

  • Página 250

    250 Fabric OS A dministr ator’s Guide 53-1002745-02 Configurations across a fabric 8 Activating configDownload: Switch is disabled configDownload complete: Only zoning parameters are downloaded to ad5. Example of a non-int eractive download of all confi gurations (chassis and switches) configdownload -a -ftp 10.1.2.3,UserFoo,/pub/configurations/c[...]

  • Página 251

    Fabric OS Administrator ’s Guide 251 53-1002745-02 Configuration management for Virtual Fabrics 8 Uploading a configuration file from a switch with Virtual Fabrics enabled The configUpload command with the -vf option specif ies that co nfiguration uplo ad will upload the Vir tual Fabrics configuration instead of the non-Vir tual Fabrics configura[...]

  • Página 252

    252 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration management for Virtual Fabrics 8 Wait f or the configuration f ile to do wnload on to th e s wi tc h. Y o u m ay ne ed to r ec on ne c t to t he switch. 4. Enter the configDownload command. 5. Respond t o the prom pts. Wait f or the configur ation file to download t o the switch. 6[...]

  • Página 253

    Fabric OS Administrator ’s Guide 253 53-1002745-02 Brocade configuration form 8 Brocade configuration form Use the form in Ta b l e 4 8 as a hard cop y ref erence f or your configuration information. In the har dware ref erence manuals for the Br ocade DCX and DCX-4S Backbones, the re is a guide for FC port-setting. TA B L E 4 8 Brocade configur [...]

  • Página 254

    254 Fabric OS A dministr ator’s Guide 53-1002745-02 Brocade configuration form 8[...]

  • Página 255

    Fabric OS Administrator ’s Guide 255 53-1002745-02 Chapter 9 Installing and Maintaining Firmware In this chapter • Firmw are download pr ocess overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 • Preparing f or a firmw are download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 • Firmw are download on [...]

  • Página 256

    256 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware download process overview 9 Y ou can download Fabric OS to a Backbone, whic h is a chassis; and to a nonchassis-based system, also ref erred to as a fixed- por t switch. The dif f er ence in the download process is that Back bones hav e two CPs and fixed-port switches hav e one CP . Use[...]

  • Página 257

    Fabric OS Administrator ’s Guide 257 53-1002745-02 Firmware download process overvi ew 9 Upgrading and downgrading firmware Upgr adin g means installing a new er version of firmw a re. Downgrading means installing an older version of firm ware. In most c ases, you will be upgrading firm ware; that is, installing a new er firmware v ersion than th[...]

  • Página 258

    258 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing for a firmware download 9 Preparing for a firmware download Before ex ecuting a firmware do wnlo ad, it is recommen ded that you per form the tasks listed in this section. In the unlikely e vent of a failure or time out, these preparat or y tasks enable y o u to pr ovide your switch su[...]

  • Página 259

    Fabric OS Administrator ’s Guide 259 53-1002745-02 Preparing for a firmware download 9 5. Conn ect to the switch and log in using an account with admin pe rmissions. Enter the suppor tSav e command to retrieve all cu rrent core files prior to e xecuting the firmw are download. This inf ormation helps to troubleshoot the firm ware do wnload proces[...]

  • Página 260

    260 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware downlo ad on switches 9 Firmware download on switches Brocade fixed-port switches maintain primar y and secondar y par titions for firmw are. The firm wareDo wnload command defaults to an aut o commit option that automatically copies the firmw are from one partition to the other . NOTE [...]

  • Página 261

    Fabric OS Administrator ’s Guide 261 53-1002745-02 Firmware download on switches 9 Upgrading firmware for Br ocade fixed-port switches 1. T ake the f ollowing appropriat e action based on what ser vice you are using: • If you are using FTP , SFTP , or SCP , verify that the FTP or SSH se r ver is running on the host server and that you ha ve a v[...]

  • Página 262

    262 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware download on a Backbone 9 Firmware download on a Backbone ATTENTION T o successfully download firm ware, y ou must ha ve an active Ethernet co nnection o n each CP . Y ou can download firmw are to a Ba ckbone without disrupting the ov erall fabric if the two CP blades are installed and f[...]

  • Página 263

    Fabric OS Administrator ’s Guide 263 53-1002745-02 Firmware download on a Backbone 9 Upgrading firmware on Back bones (including blades) There is only one chassis management IP address f or the Brocade Backbones. NOTE By default, the firmw areDownload command automatically upgrades both the activ e and the standby CPs and all co-CPs on the CP bla[...]

  • Página 264

    264 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware download on a Backbone 9 If an AP blade is present : A t the point of the failo ver , an aut o lev eling process is activ ated. Aut ole veling is triggered when the activ e CP dete cts a blade that contains a different v ersion of the firmw are, regardless of which version is olde r . A[...]

  • Página 265

    Fabric OS Administrator ’s Guide 265 53-1002745-02 Firmware download from a USB device 9 Slot 7 (CP1, active): Firmware has been downloaded to the secondary partition of the switch. [5]: Mon Mar 22 04:37:24 2010 Slot 7 (CP1, standby): The firmware commit operation has started. This may take up to 10 minutes. [6]: Mon Mar 22 04:41:59 2010 Slot 7 ([...]

  • Página 266

    266 Fabric OS A dministr ator’s Guide 53-1002745-02 FIPS support 9 Downloading from the USB device using the relative path 1. Log in to the switch using an account assigned to the admin role. 2. Enter the firmw areDownload -U command. ecp:admin> firmwaredownload –U v7.1.0 Downloading from the USB devi ce using the absolute path 1. Log in to [...]

  • Página 267

    Fabric OS Administrator ’s Guide 267 53-1002745-02 FIPS support 9 NOTE If FIPS mode is enabled, all logins should be ha ndle d through SSH o r direct serial method, and the transf er pro tocol shoul d be SCP . Updating the firmware key 1. Log in to the switch as admin. 2. Enter the firm ware K eyU pdat e command and respond to the pr ompts. The f[...]

  • Página 268

    268 Fabric OS A dministr ator’s Guide 53-1002745-02 Testing and re storing firmware on switches 9 Power-on firmware checksum test FIPS requires the ch ecksums of the e xecutables an d libraries on the filesystem to be v alidated before F a bric OS modules a re launched. This is to make sure t hese f iles hav e not been changed af ter the y are in[...]

  • Página 269

    Fabric OS Administrator ’s Guide 269 53-1002745-02 Testing and restoring firmware on switches 9 User Name: userfoo File Name: /home/userfoo/v7.0.0 Password: <hidden> Do Auto-Commit after Reboot [Y]: n Reboot system after download [N]: y Firmware is being downloaded to the switch. This step may take up to 30 minutes. Checking system settings[...]

  • Página 270

    270 Fabric OS A dministr ator’s Guide 53-1002745-02 Testing and rest oring fi rmware on Backbones 9 Testing and restoring firmware on Backbones This procedure enables you to perform a firm ware download on each CP and v erify that the procedure w as successful before committing to the ne w f irmw are . The old firmware is sa ved in the secondar y[...]

  • Página 271

    Fabric OS Administrator ’s Guide 271 53-1002745-02 Testing and rest oring fi rmware on Backbones 9 8. Verify the f ailo ver . a. Connect to the Ba ckbone on the active CP , which is the f o rmer standby CP . b. Enter the haShow command to v erify that the HA sync hronization is complete. It takes a minute or tw o f or the standby CP , which is th[...]

  • Página 272

    272 Fabric OS A dministr ator’s Guide 53-1002745-02 Testing and rest oring fi rmware on Backbones 9 ATT ENTI ON Stop! If yo u hav e completed st ep 11 , then y ou hav e committ ed the firmw are on both CPs and you ha ve complete d the firmw are download pr ocedure. 12. Restore the firm ware on the standb y CP . In the current Backbone session f o[...]

  • Página 273

    Fabric OS Administrator ’s Guide 273 53-1002745-02 Validating a firmware download 9 Validating a firmware download V alidate the firm ware download b y running the f ollowing commands: firmwareSho w , firm wareDo wnloadStatus , nsSho w , nsAllShow , and fabricSh ow . All of the connected servers, st orage devices, and switches should be present i[...]

  • Página 274

    274 Fabric OS A dministr ator’s Guide 53-1002745-02 Validating a firmware download 9[...]

  • Página 275

    Fabric OS Administrator ’s Guide 275 53-1002745-02 Chapter 10 Managing Virtual Fabrics In this chapter • Vir tual Fabrics ov erview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 75 • Logical switch ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 7 6 • Logical[...]

  • Página 276

    276 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical switch overview 10 This chapter describes the log ical switch and logi cal fabric features. F or information about device sharing with Vir tual Fabrics, ref er to “FC-FC r outing and Vir tual Fabrics” on p age 606. For inf ormat ion about suppor ted swit ches and por t types, ref e r[...]

  • Página 277

    Fabric OS Administrator ’s Guide 277 53-1002745-02 Logical switch overview 10 Af ter y ou enable Vir tual Fabrics, y ou can create up t o sev en additional logical switches, depending on the switch mo del. Figure 18 shows a Vir tual Fabrics-enabled switch before and af ter it is divided into logical switches. Bef ore you create logical switches, [...]

  • Página 278

    278 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical switch overview 10 FIGURE 19 Fabric IDs assigned to logical switc hes Port assignment in logical switches Initially , all por ts belong to the default logical sw itch. When you creat e additional logical switches, they are em pty and y ou must assign por ts to those logical switches. As [...]

  • Página 279

    Fabric OS Administrator ’s Guide 279 53-1002745-02 Logical switch overview 10 A given port is always in one (and only one) lo gical switch. The following scenarios ref er to the chassis af ter port assignment in Figure 20 : • If you assign P2 to logical switch 2 , you ca nnot assign P2 to an y other logical switch. • If you w ant to remo ve a[...]

  • Página 280

    280 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical switch overview 10 FIGURE 2 1 Logical switches connected to devices and non-Virtual Fabrics switch Figure 22 shows a logical representation of the physical chassis and devices in Figure 2 1 . As shown in Figure 22 , the de vices are isolat ed into separat e fabrics. FIGURE 22 Logical swi[...]

  • Página 281

    Fabric OS Administrator ’s Guide 281 53-1002745-02 Management model for logical switches 10 Management model for logical switches Y ou can use one common I P address for the hardw are that is shared b y all of the logical switches in the chassis and you can set up individual IP v4 addresses f or each Vir tual F abric. For a management host to man[...]

  • Página 282

    282 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical fabric overview 10 Logical fabric and ISLs Figure 23 shows two physical chassis divi de d into logical switches. In Figure 23 , ISLs are used to connect the logical switches with F ID 1 and the lo gical switches with FID 1 5. The logical switches with FID 8 are each connected to a non-Vi[...]

  • Página 283

    Fabric OS Administrator ’s Guide 283 53-1002745-02 Logical fabric overview 10 Base switch and extended ISLs Another wa y to connect logical switches is t o use ext ended ISLs and base switc hes. When you divide a chassis into logical switches, y o u can designate one of the switches to be a base switch. A base switch is a special logical switch t[...]

  • Página 284

    284 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical fabric overview 10 Think of the logical switches as be ing connected with logical ISLs, as sho wn in Figure 26 . In this diagram, the logical ISLs are not connect ed to por t s because they are not ph ysical cables. They are a logical representation of the switch co nnections that are al[...]

  • Página 285

    Fabric OS Administrator ’s Guide 285 53-1002745-02 Logical fabric overview 10 By default, the physical ISL path is fa vored o ver the logical path (o ver the XISL) because the physical path has a lo wer cost. This beha vior can be changed by configuring the cost of the dedicated ph ysical ISL to match the cost of the logic al ISL. ATTENTION If yo[...]

  • Página 286

    286 Fabric OS A dministr ator’s Guide 53-1002745-02 Account management and Virtual Fabrics 10 Account management and Virtual Fabrics When user accounts are created, th ey are assigned a list of logical fa brics t o which they can log in and a home logical fabric (home FID). When you connect to a ph ysical chassis, the home FID defines the logical[...]

  • Página 287

    Fabric OS Administrator ’s Guide 287 53-1002745-02 Supported platforms for Virtual Fabrics 10 Supported port configuratio ns in Brocade Backbones Some of the ports in the Brocade DCX and DCX 85 1 0 Backb one families are not suppor ted on all types of logical switches. Ta b l e 5 0 lists the blades and ports that are supported on each type of log[...]

  • Página 288

    288 Fabric OS A dministr ator’s Guide 53-1002745-02 Limitations and restrict ions of Virtual Fabrics 10 Virtual Fabrics interaction with other Fabric OS features Ta b l e 51 lists some F a bric OS features and considerat ions that apply when using V ir tual F abrics. Limitations and restrictions of Virtual Fabrics The maximum numb er of logical s[...]

  • Página 289

    Fabric OS Administrator ’s Guide 289 53-1002745-02 Limitations and restrictions of Virtual Fabrics 10 Refe r to “Supported por t configurat ions in Brocade Backbones” on page 287 f or restrictions on the default logical switch. Restrictions on XISLs The Allo w XISL Use option under the configure command, allows a logical switch t o use XISLs [...]

  • Página 290

    290 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling Virtual Fabrics mode 10 Enabling Virtual Fabrics mode A fabric is said to be in Vir tual Fabrics mode (VF mode) when the Vir tual F abrics f eature is enabled. Before you can use the Virtual Fabrics f eatures, such as logical switch and logical fabric, you must enable VF mode. VF mode i[...]

  • Página 291

    Fabric OS Administrator ’s Guide 291 53-1002745-02 Configuring logical switches to use basic configuration values 10 Use the f ollowing pr ocedure to disable Virtual Fabrics mode: 1. Connect to the physical chassi s and log in using an account wi th the chassis-role permission. 2. Use the fos C o nf i g command to check whethe r VF mode is disabl[...]

  • Página 292

    292 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a logical switch or base switch 10 3. Enter n at the prompts to configure syst em and cfgload attribut es. Enter y at the pr ompt t o configure custom attributes. System (yes, y, no, n): [no] n cfgload attributes (yes, y, no, n): [no] n Custom attributes (yes, y, no, n): [no] y 4. Enter[...]

  • Página 293

    Fabric OS Administrator ’s Guide 293 53-1002745-02 Executing a command in a diffe rent logical switch c ontext 10 Example The f ollowing e xample creates a logical switch w ith FID 4 , and then assigns domain ID 1 4 to it. sw0:FID128:admin> lscfg --create 4 About to create switch with fid=4. Please wait... Logical Switch with FID (4) has been [...]

  • Página 294

    294 Fabric OS A dministr ator’s Guide 53-1002745-02 Deleting a lo gical switch 10 switchMode: Native switchRole: Principal switchDomain: 14 switchId: fffc0e switchWwn: 10:00:00:05:1e:82:3c:2b zoning: OFF switchBeacon: OFF FC Router: OFF Fabric Name: Fab4 Allow XISL Use: ON LS Attributes: [FID: 4, Base Switch: No, Default Switch: No, Address Mode [...]

  • Página 295

    Fabric OS Administrator ’s Guide 295 53-1002745-02 Adding and moving ports on a logical switch 10 Example of deleting the logical switch with FID 7 switch_4:FID4:admin> lscfg --delete 7 All active login sessions for FID 7 have been terminated. Switch successfully deleted. Adding and moving ports on a logical switch This procedure e x plains ho[...]

  • Página 296

    296 Fabric OS A dministr ator’s Guide 53-1002745-02 Displaying logical switch configuration 10 Displaying logical switch configuration Use the f ollowing pr ocedure to displa y the configuration f or a logical switch: 1. Connect to the physical chassi s and log in using an account wi th the chassis-role permission. 2. Enter the lsCf g command to [...]

  • Página 297

    Fabric OS Administrator ’s Guide 297 53-1002745-02 Changing a logical switch to a base switch 10 Checking and logging message: fid = 5. Please enable your switch. sw0:FID128:admin> fosexec --fid 7 -cmd "switchenable" --------------------------------------------------- "switchenable" on FID 7: Changing a logical switch to a [...]

  • Página 298

    298 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up IP addresses for a Virtual Fabric 10 Configure... Fabric parameters (yes, y, no, n): [no] y WWN Based persistent PID (yes, y, no, n): [no] Allow XISL Use (yes, y, no, n): [yes] n WARNING!! Disabling this parameter will cause removal of LISLs to other logical switches. Do you want to c[...]

  • Página 299

    Fabric OS Administrator ’s Guide 299 53-1002745-02 Configuring a logical switch to use XISLs 10 Configuring a logical switch to use XISLs When you creat e a logical switch, it is config ured t o use XISLs b y default. Use the follo w ing procedure to allow o r disallow the logical switch t o use XISLs in the base fabric. XISL use is not suppor te[...]

  • Página 300

    300 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a logical fabric using XISLs 10 Creating a logical fabric using XISLs This procedure describes ho w to creat e a logical fa bric using multiple chassis and XISLs and refers to the configuration shown in Figure 28 as an exam ple. FIGURE 28 Example of logical fabrics in multiple c hassis [...]

  • Página 301

    Fabric OS Administrator ’s Guide 301 53-1002745-02 Creating a logical fabric using XISLs 10 4. Configure the logical switches in each chassis: a. Connect to the ph ysical ch assis and log in using an ac count with the chassis-role permission. b. Create a logical switch and assign it a fabric ID f o r the logical fabric. This FID m ust be differen[...]

  • Página 302

    302 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a logical fabric using XISLs 10[...]

  • Página 303

    Fabric OS Administrator ’s Guide 303 53-1002745-02 Chapter 11 Administering Advanced Zoning In this chapter • Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 • Zoning ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304[...]

  • Página 304

    304 Fabric OS A dministr ator’s Guide 53-1002745-02 Zoning overview 11 • QoS zones Assign high or low priority t o designated tr aff ic flows. QoS zones are regular zones with additional QoS attributes specified b y a dding a QOS prefix t o the zone name. See “QoS: SID/DID traffic prioritization” on page 5 19 f or more inf ormation. • T r[...]

  • Página 305

    Fabric OS Administrator ’s Guide 305 53-1002745-02 Zoning overview 11 FIGURE 29 Zoning example Approaches to zoning Ta b l e 5 3 lis ts the various appr oaches you can tak e when implementing zo ning in a fabric. TA B L E 5 3 Approaches to fabric-based zoning Zoning approach D escription Recommended approach Single HBA Zoning by s ingle HBA most [...]

  • Página 306

    306 Fabric OS A dministr ator’s Guide 53-1002745-02 Zoning overview 11 Zone objects A zone object is any de vice in a zone, such as: • Physical port numb er or por t index on the switch • Node World Wide Name (N-WWN) • Port World Wide Name (P-WWN) Zone objects identified b y por t number or index number are specified as a pair of decimal nu[...]

  • Página 307

    Fabric OS Administrator ’s Guide 307 53-1002745-02 Zoning overview 11 The types of zone objects u sed to define a zone ca n be mixed. F or exam ple, a zone defined with the zone objects 2, 12; 2, 14; 1 0:00:00:80:33 :3f:aa:11 c ontains the de vices connect ed to domain 2, por ts 12 and 1 4, and a device with the WWN 1 0:00:00:80:33:3f:aa:1 1 (eit[...]

  • Página 308

    308 Fabric OS A dministr ator’s Guide 53-1002745-02 Zoning overview 11 The different types of zone co nfigurations are: • Defined Configur ation The complet e set of all zone objects defined in the fabric. • Ef fectiv e Configuratio n A single zone configuration that is currentl y in ef f ect. The ef fe ctive configuration is built when you e[...]

  • Página 309

    Fabric OS Administrator ’s Guide 309 53-1002745-02 Zoning overview 11 Identifying the enforced zone type Use the f ollowing pr ocedure to i dentify zone s and zone types: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the por tZoneShow command, using the follo wing syntax: portzoneshow Considerations for zo[...]

  • Página 310

    310 Fabric OS A dministr ator’s Guide 53-1002745-02 Broadcast zones 11 Best practices for zoning The f ollowing are recommendations for using zo ning: • Alwa ys zone using the highest Fabric OS-lev el switch. Switches with ea rlier Fabric OS versions do not hav e the capability to view all the functional ity that a newe r Fabric OS pr ovides, a[...]

  • Página 311

    Fabric OS Administrator ’s Guide 311 53-1002745-02 Broadcast zones 11 Figure 30 illu strates how br oadcast zones work with Admin Domains. Figure 30 shows a fabric wi th five de vices and two Admin Domains, AD1 and AD 2. Each Ad min Domain has two de vices and a broadcast zone. FIGURE 30 Broadcas t zones and Admin Domains The dott ed box represen[...]

  • Página 312

    312 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone aliases 11 High availability considerat ions with broadcast zones If a switch has broadcast zone-cap able firmw are on the active CP (Fabric OS v5.3.x or lat er) and broadcast zone-incapable firm ware on the standb y CP (Fabric OS v ersion earlier than v5.3.0), then you cannot creat e a bro[...]

  • Página 313

    Fabric OS Administrator ’s Guide 313 53-1002745-02 Zone aliases 11 Creating an alias Use the f ollowing pr ocedure to creat e an alias: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aliCreate command, using the f ollowing syntax: alicreate " aliasname ", " member [; member...]" 3. E[...]

  • Página 314

    314 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone aliases 11 inconsistent. The inconsistency will result in different Effective Zoning configurations for switches in the fabric if a zone merge or HA failover happens. To avoid inconsistency it is recommended to commit the configurations using the 'cfgenable' command. Do you still [...]

  • Página 315

    Fabric OS Administrator ’s Guide 315 53-1002745-02 Zone aliases 11 The cfgSav e command ends and commits the current zo nin g transaction buf fer to non volatile memor y . If a transaction is open on a dif ferent switch in the fabric when this command is run, the transaction on the other switch is automati cally aborted. A message displays on the[...]

  • Página 316

    316 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 Zone creation and maintenance Fabric OS allo ws you t o create zones to bett er manage de vices. Notes • Broadcast Zone : T o create a br oadcast zone, use the reser ved name “br oadcast”. Do not giv e a regular zone the name of “broadcast”. See “Broa[...]

  • Página 317

    Fabric OS Administrator ’s Guide 317 53-1002745-02 Zone creation and maintenance 11 T o creat e a br oadcast zone, use the rese r ved name “br oadcast”. 3. Enter the cfgSav e command to sav e the change to the defined configuratio n. The cfgSav e command ends and commits the current zo nin g transaction buf fer to non volatile memor y . If a [...]

  • Página 318

    318 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 Example Adding members to a zone switch:admin> zoneadd matt, "ze*; bond*; j*" switch:admin> cfgsave switch:admin> cfgshow Defined configuration: zone: matt 30:06:00:07:1e:a2:10:20; 3,2; zeus ; bond ; jake ; jeff ; jones zone: sloth bawn; bolt; [...]

  • Página 319

    Fabric OS Administrator ’s Guide 319 53-1002745-02 Zone creation and maintenance 11 alias: jeff 30:00:00:05:1e:a1:cd:02; 40:00:00:05:1e:a1:cd:04 alias: jones 7,3; 4,5 alias: zeus 4,7; 6,8; 9,2 Effective configuration: No Effective configuration: (No Access) switch:admin> switch:admin> zoneremove matt,"30:06:00:07:1e:a2:10:20; ja*; 3,2&[...]

  • Página 320

    320 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 alias: jake 4,7; 8,9; 14,11 alias: jeff 30:00:00:05:1e:a1:cd:02; 40:00:00:05:1e:a1:cd:04 alias: jones 7,3; 4,5 alias: zeus 4,7; 6,8; 9,2 Effective configuration: No Effective configuration: (No Access) switch:admin> switch:admin> zoneobjectreplace 11,2 4,8 [...]

  • Página 321

    Fabric OS Administrator ’s Guide 321 53-1002745-02 Zone creation and maintenance 11 The cfgSav e command ends and commits the current zo nin g transaction buf fer to non volatile memor y . If a transaction is open on a dif ferent switch in the fabric when this command is run, the transaction on the other switch is automati cally aborted. A messag[...]

  • Página 322

    322 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 Viewing a zone in the defined configuration Use the f ollowing pr ocedure to vie w a zone in the configuration: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the zoneShow command, using the f ollowing syntax: zoneshow[--so[...]

  • Página 323

    Fabric OS Administrator ’s Guide 323 53-1002745-02 Zone creation and maintenance 11 1,1; 1,2 alias: array1 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 alias: array2 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 Effective configuration: cfg: fabric_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 1,2 Example Addin g [...]

  • Página 324

    324 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 alias: loop1 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df 3. Enter the zone -- val ida te command to li st all zone members that are not part of the current zone enfo rcement table. No te that zone config uration names are case-sensitive; blank spaces are ign[...]

  • Página 325

    Fabric OS Administrator ’s Guide 325 53-1002745-02 Zone creation and maintenance 11 If you ent er yes, and the cfgSav e operation complet es successfully then the fo llowing RASlog message [ZONE-1 062 ] will be posted. [ZONE-1062], 620/181, FID 128, WARNING, sw0, Defined and Effective zone configurations are inconsistent, ltime:2012/09/03-23:18:3[...]

  • Página 326

    326 Fabric OS A dministr ator’s Guide 53-1002745-02 Default zoning mode 11 Default zoning mode The default zoning mode controls de vice access if zoning is not implement ed or if there is no effectiv e zone configuration. The default z oning mode has tw o options: • All Access — All devices within th e fabric can communicate with all o ther d[...]

  • Página 327

    Fabric OS Administrator ’s Guide 327 53-1002745-02 Zone database size 11 switch:admin> cfgsave WARNING!!! The changes you are attempting to save will render the Effective configuration and the Defined configuration inconsistent. The inconsistency will result in different Effective Zoning configurations for switches in the fabric if a zone merg[...]

  • Página 328

    328 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configurations 11 Zone configurations Y ou can store a number of zones in a zone conf iguration database. The maximum number of items that can be stored in the zone configuration database depends on the f ollowing criteria: • Number of switches in the f abric. • Number of b ytes f or ea[...]

  • Página 329

    Fabric OS Administrator ’s Guide 329 53-1002745-02 Zone configurations 11 Adding zones (members) to a zone configuration Use the f ollowing pr ocedure to add members t o a zone configuration: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the cfgAdd command, using the following syntax: cfgadd " cfgname[...]

  • Página 330

    330 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configurations 11 Enabling a zone configuration The f ollowing pr ocedure ends and commits the curre nt zoning transaction buf fer t o nonv olat ile memor y . If a transaction is open on a dif ferent swit ch in the fabric when this procedure is run, the transaction on the other switch is au[...]

  • Página 331

    Fabric OS Administrator ’s Guide 331 53-1002745-02 Zone configurations 11 Deleting a zone configuration Use the f ollowing pr ocedure to delet e a zone configuration: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the cfgDelete c ommand, using the f ollow ing syntax: cfgdelete " cfgname " 3. Enter[...]

  • Página 332

    332 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configurations 11 alias: array1 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 alias: array2 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 alias: loop1 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df Effective configuration: cfg: USA_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:[...]

  • Página 333

    Fabric OS Administrator ’s Guide 333 53-1002745-02 Zone object maintena nce 11 Clearing all zone configurations Use the f ollowing pr ocedure to clear all zone configurations: 1. Connect to the switch and log in usin g an account with admin permissions. 2. Use cfgClear to clear all zone information in the transaction buffer . ATT ENTI ON Be caref[...]

  • Página 334

    334 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone object maintenance 11 4. Enter the cfgShow command t o verify the new zone object is present. switch:admin> cfgshow "Test*" cfg: Test1 Blue_zone cfg: Test_cfg Purple_zone; Blue_zone switch:admin> cfgShow "US_Test1" cfg: US_Test1 Blue_zone 5. If you want the change [...]

  • Página 335

    Fabric OS Administrator ’s Guide 335 53-1002745-02 Zone object maintena nce 11 You are about to expunge one configuration or member. This action could result in removing many zoning configurations recursively. [Removing the last member of a configuration removes the configuration.] Do you want to expunge the member? (yes, y, no, n): [no] yes 4. E[...]

  • Página 336

    336 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configuration management 11 Zone configuration management Y ou can add, delet e, or remove individual elements in an existing zone configurat ion to create an appropriat e configuration for your SAN en vironment. Af ter the changes ha ve been made, sav e the configuration to ensure the conf[...]

  • Página 337

    Fabric OS Administrator ’s Guide 337 53-1002745-02 Zone merging 11 Adding a ne w fabric that has no zone configuration inf ormation to an existing fabric is v er y similar to adding a new switch. All switch es in the ne w fa bric inherit the zone configuration data. If the ex isting f abric has an effectiv e zone configur ation, then the same con[...]

  • Página 338

    338 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone merging 11 • Merging two fabrics Both fabrics hav e iden tical zones and configurations enabl ed, including the default zone mode. The two fabrics will join to mak e one larger fabric with the same zone config uration across the newly created fabric. If the two f abrics hav e dif ferent z[...]

  • Página 339

    Fabric OS Administrator ’s Guide 339 53-1002745-02 Zone merging 11 Zone merging scenarios The following tables pro vide information on merging zones and the expect ed results. • Ta b l e 5 5 on page 339: Defined and effectiv e configurations • Ta b l e 5 6 on page 340: Different cont ent • Ta b l e 57 on page 340: Different names • Ta b l[...]

  • Página 340

    340 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone merging 11 Switch A and Switch B ha ve different define d configur ations. Switch B has an ef fective configuration. defined: cfg2 zone2: ali3; ali4 effectiv e: none defined: cf g1 zone1: ali1; ali2 effective: cf g1 Clean merge. The ne w configuration will be a composit e of the two, with c[...]

  • Página 341

    Fabric OS Administrator ’s Guide 341 53-1002745-02 Zone merging 11 TA B L E 5 8 Zone merging scenarios: TI zones Description Switch A Swi tch B Expected results Switch A does not h av e T raffic Isolation (TI) zones . Switch B has TI zones. defined: cfg1 effectiv e: cfg1 defined: cf g1 TI_zone 1 effective: cfg1 Clean merge. TI zones are not aut o[...]

  • Página 342

    342 Fabric OS A dministr ator’s Guide 53-1002745-02 Concurrent zone transactions 11 NOTE When merging mixed v e rsions of F abric OS where bo th side s hav e default zone mode No A ccess set , the merge results vary depending on which switch initiates the merge. Concurrent zone transactions While working on zo ne sets, a special wor k space is pr[...]

  • Página 343

    Fabric OS Administrator ’s Guide 343 53-1002745-02 Concurrent zone transactions 11 u30:FID128:admin> cfgsave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. Multiple open transactions are pending in this fabric. Only one transaction can be saved. Please abort all unwanted[...]

  • Página 344

    344 Fabric OS A dministr ator’s Guide 53-1002745-02 Concurrent zone transactions 11[...]

  • Página 345

    Fabric OS Administrator ’s Guide 345 53-1002745-02 Chapter 12 Traffic Isolation Zoning In this chapter • T raffic Isolation Zoning ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 • Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 • T raffic Isolati[...]

  • Página 346

    346 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning overview 12 Figure 3 1 shows a fabric with a TI zone consisting of the follo wing: • N_Ports: “1,7”, “1,8”, “4,5”, and “4,6” • E_Ports: “1, 1”, “3,9”, “3, 12”, and “4,7” The dotted line indicates the dedicat ed path between the initiat[...]

  • Página 347

    Fabric OS Administrator ’s Guide 347 53-1002745-02 Traffic Isolation Zoning overview 12 For ex a mp l e , in Figure 3 1 on page 346, if the dedicated ISL be tween Domain 1 and Domain 3 goes of fline, then the f ollowing occurs, depending on the failov er option: • If failo ver is disabled f or the TI zone, the TI zone traf fic is halted until t[...]

  • Página 348

    348 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning overview 12 • Ensure that there are multiple paths be tween switches. Disabling failo ver locks the specified r oute so that only TI zone traffic can use it. Non-TI zone traf fic is excluded fr om using the dedicated path. • Y ou should enable failov er -enabled TI z[...]

  • Página 349

    Fabric OS Administrator ’s Guide 349 53-1002745-02 Traffic Isolation Zoning overview 12 FSPF routing rules and traffic isolation All traffic must use the lowest cost path. FSPF r out ing rules take pr ecedence o ver the TI zones, as described in th e follo wing situations. If the dedicate d ISL is not the lo west cost path ISL, then the fo llowin[...]

  • Página 350

    350 Fabric OS A dministr ator’s Guide 53-1002745-02 Enhanced TI zones 12 FIGURE 34 Dedicated path is not the sh or test path NOTE For inf ormat ion about setting or displaying the FSPF cost of a path, see the linkCost and top olo gy Sh ow commands in the F abric OS Command Reference . Enhanced TI zones In F abric OS v6.4.0 and later , por ts can [...]

  • Página 351

    Fabric OS Administrator ’s Guide 351 53-1002745-02 Enhanced TI zones 12 Illegal configurations with enhanced TI zones When you creat e TI zones, ensure that all traffi c fr om a port to all destinations on a remote domain ha ve the same path. Do no t create separate paths from a local por t to tw o or more ports on the same remot e domain. If the[...]

  • Página 352

    352 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning over FC routers 12 In this example traffic from the T arget to Domain 2 is routed c orrectly . Only one TI zone describes a path to Domain 2. Howe ver , bo th TI zones describe differ ent, valid paths fr om the T arget to Domain 1. Only one path will be able t o get t o [...]

  • Página 353

    Fabric OS Administrator ’s Guide 353 53-1002745-02 Traffic Isolation Zoning over FC routers 12 FIGURE 38 Traff ic Isolation Zoning over FCR In addition to setting up TI zones , you must also ensure that the devices are in an LSAN zone so that they can communicat e with each other . If failo ver is enabled and the TI path is not a vailabl e, an al[...]

  • Página 354

    354 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning over FC routers 12 TI zones within an edge fabric A TI zone within an edge fabric is used to r out e traffic between a real de vice and a proxy device through a par ticular EX_Port. For e x ample, in Figure 39 , you can set up a TI zone t o ensure that traf fic between H[...]

  • Página 355

    Fabric OS Administrator ’s Guide 355 53-1002745-02 Traffic Isolation Zoning over FC routers 12 TI zones within a backbone fabric A TI zone within a backbone fabric is used to r oute traffic within the b ackbone fabric through a par ticular ISL. For e xample, in Figure 40 , a TI zone is set up in the backbone fabric t o ensure that traf fic betwee[...]

  • Página 356

    356 Fabric OS A dministr ator’s Guide 53-1002745-02 General rules for TI zones 12 Limitations of TI zones over FC routers Be aw are of the f ollowing when configuring TI zones o ver FC r outers: • A TI zone defined within the backbone fabric do es not guarant ee that edge fabric traffic will arrive at a particu lar EX_Port. Y ou must set up a T[...]

  • Página 357

    Fabric OS Administrator ’s Guide 357 53-1002745-02 General rules for TI zones 12 For ex a mp l e , in Figure 4 1 , th e TI zone was confi gured incorrectly and E_Por t “3,9” was errone ously omitted fr om the zone. The domain 3 switch assumes that traf fic coming from E_Port 9 is not par t of the TI zone and so that traf fic is r outed t o E_[...]

  • Página 358

    358 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported configurations for Traffic Isolation Zoning 12 E-Port Trunks Trunk members in TI zone: 8 Trunk members not in TI zone: 9 10 E-Port Trunks Trunk members in TI zone: 16 Trunk members not in TI zone: 17 18 Supported configurations for Traffic Isolation Zoning The follo wing configuration [...]

  • Página 359

    Fabric OS Administrator ’s Guide 359 53-1002745-02 Limitations and restrict ions of Traffic Isolation Zoning 12 Trunking with TI zones If you implement trunking and TI z ones, you should k eep the following points in mind: • T o include a trunk group in a TI zone, you must include all por ts of the trunk in the TI zone. • T runk ed ISL por ts[...]

  • Página 360

    360 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain considerations for Traffic Isolation Zoning 12 • T o include a trunk group in a TI zone, you must include all por ts of the trunk in the TI zone. • If two N_P or ts are o nline and hav e the same sh ared area, and one of th em is configured in a TI zone, then they both must be c[...]

  • Página 361

    Fabric OS Administrator ’s Guide 361 53-1002745-02 Virtual Fabrics considerat ions for Traffic Isolation Zoning 12 Virtual Fabrics considerations for Traffic Isolation Zoning This section describes how TI zones work with Vir tual Fabrics. See Chapt e r 1 0, “Ma naging Vir tual Fabrics,” for info rmation about the Vir tual Fabrics feature, inc[...]

  • Página 362

    362 Fabric OS A dministr ator’s Guide 53-1002745-02 Virtual Fabrics considerations for Traffic Is olation Zoning 12 FIGURE 43 Creating a TI zone in a logical fabric Y ou must also create and ac tivat e a TI zone in the base fabric to reserve the XISLs f or the dedicated path. In Figure 44 , the XISLs highlight ed (by a do tted line) in the base f[...]

  • Página 363

    Fabric OS Administrator ’s Guide 363 53-1002745-02 Traffic Isolation Zoning over FC routers with Virtual Fabrics 12 Traffic Isolation Zoning over FC routers with Virtual Fabrics This section describes how you can set u p TI zones over FC rout er s in logical fab rics. Figure 45 shows two ph ysi cal chassis configured into logical switches. The in[...]

  • Página 364

    364 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a TI zone 12 Creating a TI zone Y ou create and modify T I zones using the zone command. Other zoning commands, such as zoneCrea te , aliCreat e , and cfgCreate , cannot be used to manag e TI zones. When you creat e a TI zone, you can set the state of the zone to activated or deactivat [...]

  • Página 365

    Fabric OS Administrator ’s Guide 365 53-1002745-02 Creating a TI zone 12 Example TI zone creation The follo wing examples creat e a TI zone named “bluezone”, which contains E_Ports 1, 1 and 2,4 and N_Port s 1,8 and 2,6. T o creat e a TI zone with f ailov er enabled and in the activ ated stat e (default settings): switch:admin> zone --creat[...]

  • Página 366

    366 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a TI zone 12 Creating a TI zone in a base fabric 1. Connect to the switch and log in us ing an account with admin permissions. 2. Create a “dummy” zone configuration in the base fabric. For e xample: zone --create "z1", "1,1" cfgcreate "base_config", z1[...]

  • Página 367

    Fabric OS Administrator ’s Guide 367 53-1002745-02 Modifying TI zones 12 Modifying TI zones Using the zone -- add command, y ou can add ports to an e xisting TI zone, change the failo ver option, or bo th.Y ou can also activ ate o r deactivat e the TI zone. Using the zone -- remove c o m m a n d , y o u c a n r e m o ve p o r t s f r o m ex i s t[...]

  • Página 368

    368 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing the state of a TI zone 12 Example of modifying a TI zone T o add port members to the existing TI zone bluezone: switch:admin> zone --add bluezone -p "3,4; 3,6" T o add port members to the existing TI zone in a backbone fabric: switch:admin> zone --add backbonezone -p &qu[...]

  • Página 369

    Fabric OS Administrator ’s Guide 369 53-1002745-02 Deleting a TI zone 12 Deleting a TI zone Use the zone -- delet e command t o delet e a TI zone fr om the defined configuration. This command delet es the entire zone; to only remove por t members fr om a TI zone, use the zone -- remove command, as described in “Modifying TI zones” on page 367[...]

  • Página 370

    370 Fabric OS A dministr ator’s Guide 53-1002745-02 Troubleshooting TI zone routing problems 12 Example displaying information about all TI zones in the defined conf iguration in ascendi ng order switch:admin> zone --show -ascending Defined TI zone configuration: TI Zone Name: bluezone: Port List: 8,3; 8,5; 9,2; 9,3; Configured Status: Deactiv[...]

  • Página 371

    Fabric OS Administrator ’s Guide 371 53-1002745-02 Setting up TI over FCR (sample proce dure) 12 Setting up TI over FCR (sample procedure) The f ollowing e xample shows how to se t up TI zones ov er FCR to pr ovide a dedicat ed path shown in Figure 4 7 . In this example, three TI zones are creat ed: one in each of the edge fabrics and one in the [...]

  • Página 372

    372 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up TI over FCR (sample procedure) 12 The Fabric has 3 switches b. Enter the follo wing commands to create and displa y a TI zone: E1switch:admin> zone --create -t ti TI_Zone1 -p "4,8; 4,5, 1,-1; 6,-1" E1switch:admin> zone --show Defined TI zone configuration: TI Zone Name[...]

  • Página 373

    Fabric OS Administrator ’s Guide 373 53-1002745-02 Setting up TI over FCR (sample proce dure) 12 c. E nte r t he fo llo wi ng co mm and s to re ac ti vate your current ef fective configuration and enfor ce the TI zones. E2switch:admin> cfgactvshow Effective configuration: cfg: cfg_TI zone: lsan_t_i_TI_Zone1 10:00:00:00:00:00:02:00:00 10:00:00:[...]

  • Página 374

    374 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up TI over FCR (sample procedure) 12[...]

  • Página 375

    Fabric OS Administrator ’s Guide 375 53-1002745-02 Chapter 13 Bottleneck Detection In this chapter • Bottleneck det ection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 75 • Suppor ted configurations f or bottleneck dete ct ion . . . . . . . . . . . . . . . . . . 3 77 • Credit Loss . . . . . . . . . . . . [...]

  • Página 376

    376 Fabric OS A dministr ator’s Guide 53-1002745-02 Bottleneck detection overview 13 • If the bottleneck det ection feature det ects ISL co ngestion, you can use ingress rat e limiti ng to slow down lo w priority application traf fic, if it is contribu ting to the congestion. Notes • Bottleneck detection is configured on a per-swit ch basis, [...]

  • Página 377

    Fabric OS Administrator ’s Guide 377 53-1002745-02 Supported configurations for bottleneck detection 13 Y ou can use the bot tleneckMon command to speci fy aler ting paramet ers for the fol lowing: • Whether aler ts are to be sent when a bo ttleneck condition is detect ed • The size of the time window t o look at when dete rmining whether t o[...]

  • Página 378

    378 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported configurations for bottleneck detection 13 High availability consideratio ns for bottleneck detection The bottleneck detection configuration is ma intained across a failo ver or reboot; how ev er , bottleneck statis tics collected are lost . Upgrade and downgrade considerat ions for bo[...]

  • Página 379

    Fabric OS Administrator ’s Guide 379 53-1002745-02 Credit Loss 13 Credit Loss Fabric OS v7 . 1 and later support s back-end credit lo ss det ection back-end por ts and core blades as well as on the Br ocade 5300 and 6520 switches, alth ough the support is slightly dif ferent on each devic e. See belo w f or details on these switches, and the Fabr[...]

  • Página 380

    380 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling bottleneck detecti on on a switch 13 The f ollowing credit loss reco ver y methods are supported for Brocade 6 520 back-end por ts: • For all the credit loss me thods described abo ve, a link reset will automatically be per formed, assuming that this option was enabled. See “Enablin[...]

  • Página 381

    Fabric OS Administrator ’s Guide 381 53-1002745-02 Displaying bottleneck detec tion configuration details 13 3. Repeat step 1 and step 2 on every sw itch in the fabric. NOTE Best practice is t o use the default v alues f o r the aler ting and sub-seco nd latency criterion parameters. Example of enabling bo ttleneck detection ( Recommended use cas[...]

  • Página 382

    382 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting bottleneck detection alerts 13 Switch-wide sub-second latency bottleneck criterion: ==================================================== Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: ============================ Alerts - Yes Latency threshold for ale[...]

  • Página 383

    Fabric OS Administrator ’s Guide 383 53-1002745-02 Setting bottleneck detection alerts 13 FIGURE 48 Af fe cted seconds for bottleneck d etection The -time parameter specifies the time window. F or this example, -time equals 12 seconds. The -cthresh and -lthresh paramet ers specify the thresholds on number of affect ed seconds that trigger aler ts[...]

  • Página 384

    384 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing bottleneck dete ction parameters 13 Setting a congestion alert only This exam ple enables a congesti on aler t and shows its values. Example of setting an aler t for congestion switch:admin> bottleneckmon --enable -alert=congestion switch:admin> bottleneckmon --status Bottleneck d[...]

  • Página 385

    Fabric OS Administrator ’s Guide 385 53-1002745-02 Changing bottleneck dete ction parameters 13 NOTE Entering a -- c o n f i g command changes only those settings spec if ied in the com mand; all others are lef t alone. The only e xceptions are for the -aler t (restores aler ts using recorded v alues) or -noaler t (disables all aler ts) switches.[...]

  • Página 386

    386 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing bottleneck dete ction parameters 13 Switch-wide sub-second latency bottleneck criterion: ==================================================== Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: ================================ Alerts - Yes Latency thresho[...]

  • Página 387

    Fabric OS Administrator ’s Guide 387 53-1002745-02 Changing bottleneck dete ction parameters 13 Congestion threshold for alert - 0.700 Averaging time for alert - 200 seconds Quiet time for alert - 150 seconds Per-port overrides for alert parameters: ======================================== Port Alerts? LatencyThresh CongestionThresh Time (s) QTim[...]

  • Página 388

    388 Fabric OS A dministr ator’s Guide 53-1002745-02 Advanced bottleneck detection settings 13 Switch-wide alerting parameters: ================================ Alerts - Yes Latency threshold for alert - 0.200 Congestion threshold for alert - 0.700 Averaging time for alert - 200 seconds Quiet time for alert - 150 seconds Adjusting the frequency of[...]

  • Página 389

    Fabric OS Administrator ’s Guide 389 53-1002745-02 Excluding a port from bottleneck detection 13 • Y ou want great er-than-default (sub-second) latency sensitivity on your fabric, so you set sub-second latency crit erion parameters at the time y ou enable bottleneck det ection. • Y ou want to reduce the number of aler ts you are receiving abo[...]

  • Página 390

    390 Fabric OS A dministr ator’s Guide 53-1002745-02 Excluding a port from bottleneck detection 13 For trunking, if you e xclude a sla ve por t from bo tt leneck det ect ion, the ex clusion has no effect as long as the por t is a trunk slav e. The exclusion ta kes effect only if the port becomes a trunk m aster or lea ves the trunk. Use the f ollo[...]

  • Página 391

    Fabric OS Administrator ’s Guide 391 53-1002745-02 Displaying bottleneck statistics 13 Switch-wide sub-second latency bottleneck criterion: ==================================================== Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: ================================ Alerts - Yes Latency threshold for ale[...]

  • Página 392

    392 Fabric OS A dministr ator’s Guide 53-1002745-02 Disabling bottleneck detection on a switch 13 Disabling bottleneck detection on a switch When you disable bo ttleneck detection on a sw itch, all bottleneck co nfiguration details are discarded, including the list of ex cluded por ts and non-def ault values of alerting parameters. Use the f ollo[...]

  • Página 393

    Fabric OS Administrator ’s Guide 393 53-1002745-02 Chapter 14 In-flight Encryption and Compression In this chapter • In-flight encryption and compression ov erview . . . . . . . . . . . . . . . . . . . . . . 393 • Configuring encryption and compression . . . . . . . . . . . . . . . . . . . . . . . . . . 399 • Encr yption and compression e x[...]

  • Página 394

    394 Fabric OS A dministr ator’s Guide 53-1002745-02 In-flight en cryption and compre ssion overview 14 FIGURE 49 Encr yption and compressio n on 1 6 Gbps ISLs The encr yption and compression feat ures are designed t o work only with E_P or ts, EX_Por ts, and XISL por ts (in VF mode). Encr yption an d compression are also compatible with the f oll[...]

  • Página 395

    Fabric OS Administrator ’s Guide 395 53-1002745-02 In-flight encryption and compression overview 14 Bandwidth limits Fabric OS support s up to 32 Gbps of data en cr yption and 32 Gbps of data compression per 1 6G-capable FC platf orm. This limi ts the numbe r of por ts that can hav e these f eatures enabled at any one time. Ta b l e 6 2 shows som[...]

  • Página 396

    396 Fabric OS A dministr ator’s Guide 53-1002745-02 In-flight en cryption and compre ssion overview 14 The por t level authentication security feature must be enabled before encr yption configuration can be enabled. Pre-shared secret ke ys should be co nfig ured on both ends of the ISL t o per for m authentication. Once the link has been authenti[...]

  • Página 397

    Fabric OS Administrator ’s Guide 397 53-1002745-02 In-flight encryption and compression overview 14 1 N oN oN o N o 2 N oN oN o N o 3 N oN oN o N o 4 N oN oN o N o 5 N oN oN o N o 6 N oN oN o N o 7 N oN oN o N o 8 N oN oN o N o 9 N oN oN o N o 10 No No No No 11 No No No No 12 No No No No 13 No No No No 14 No No No No 15 No No No No 16 No No Yes Y[...]

  • Página 398

    398 Fabric OS A dministr ator’s Guide 53-1002745-02 In-flight en cryption and compre ssion overview 14 portHealth: No Fabric Watch License Authentication: None portDisableReason: None portCFlags: 0x1 portFlags: 0x10000103 PRESENT ACTIVE E_PORT T_PORT T_MASTER G_PORT U_PORT ENCRYPT LOGIN LocalSwcFlags: 0x0 portType: 24.0 portState: 1 Online Protoc[...]

  • Página 399

    Fabric OS Administrator ’s Guide 399 53-1002745-02 Configuring encryption and compression 14 Virtual Fabrics considerations The E_Ports and EX_Por ts in the user-c reated logi cal switch, base switch, or default switch; and EX_Ports on base switches can suppor t encr ypti on a nd compression. Y ou ca n configure enc r yption o n X I SL p o r t s [...]

  • Página 400

    400 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring encryption and compression 14 Notes • If you ne ed to disable authentication on a por t that has encryption or compression c onfigured, you must first disable encr yption or compression on the port, and then disable authentication. • If you w ant to enable authentication acr o ss[...]

  • Página 401

    Fabric OS Administrator ’s Guide 401 53-1002745-02 Configuring encryption and compression 14 Viewing the encryption and compression configuration T o det ermine which por ts are av ailable for encrypti on or compression on each ASIC on the switch, follo w these steps: 1. Connect to the switch and log in us ing an account with admin permissions. 2[...]

  • Página 402

    402 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring encryption and compression 14 Changing port speed on encrypti on/compression enabled ports The por t speed values can be displa y ed through sev eral commands, including portStatsShow , por tEncCompShow , and por tCfgSpeed . Howe ver , the por t speed can only be changed using the po[...]

  • Página 403

    Fabric OS Administrator ’s Guide 403 53-1002745-02 Configuring encryption and compression 14 • Because enc r yption adds mo re payload to th e port in addition to compressio n, the compression ratio calculation is significantly af fected on ports con figured for both encryption and compression. This is bec ause the compressed length then also i[...]

  • Página 404

    404 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring encryption and compression 14 For additional inf ormation abou t configuring DH-C HAP authentication for E_Po r ts and EX_Por ts, see “ Authentication policy for fabric elements” on page 20 7. Configuring encryption NOTE Before performing this pr ocedure, you must authenticat e t[...]

  • Página 405

    Fabric OS Administrator ’s Guide 405 53-1002745-02 Configuring encryption and compression 14 4. Ena ble the por t with the por tEnable command. Af ter enabling the port, the new configu ration becomes active. Disabling encryption T o disable encryption on a por t, follo w these st eps: 1. Connect to the switch and log in using an account with sec[...]

  • Página 406

    406 Fabric OS A dministr ator’s Guide 53-1002745-02 Encryption and compression examples 14 Encryption and compression examples The follo wing exam ples show configuring and enabli ng encryption and compression. In this case, encr yption and compression are bein g applied t o the E_P or ts at either end of an ISL connecting a por t on a blade in a[...]

  • Página 407

    Fabric OS Administrator ’s Guide 407 53-1002745-02 Encryption and compression examples 14 Example of enabling encryption and compression on an E_Port This exam ple configures and enables encryption and compression on a giv en por t. The commands in this exam ple are shown e ntered on the Br ocade 65 10 name d ‘myswitch’. The same commands mus[...]

  • Página 408

    408 Fabric OS A dministr ator’s Guide 53-1002745-02 Encryption and compression examples 14 Are you done? (yes, y, no, n): [no] y Saving data to key store... Done. myswitch:admin> secauthsecret --show WWN DId Name ----------------------------------------------- 10:00:00:05:1e:e5:cb:00 150 dcx_150 myswitch:admin> Activate authentication Af te[...]

  • Página 409

    Fabric OS Administrator ’s Guide 409 53-1002745-02 Encryption and compression examples 14 Rate Limit OFF EX Port OFF Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay: 0(R_A_TOV) NPIV PP Limit: 126 CSCTL mode: OFF Frame Shooter Port OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: OFF myswitch:admin> Enabling compressi[...]

  • Página 410

    410 Fabric OS A dministr ator’s Guide 53-1002745-02 Encryption and compression examples 14 Examples of disabling encryption and compression This example disables the encryp tion and compression that were enabled in the previous e xample. Example Disabling encrypt ion on por t 0 myswitch:admin> portdisable 0 myswitch:admin> portcfgencrypt --[...]

  • Página 411

    Fabric OS Administrator ’s Guide 411 53-1002745-02 Working with EX_Por ts 14 Working with EX_Ports An EX_Port is a type of E_Por t (expansion por t ) that connects a Fibre Channel r outer t o an edge fabric. F rom the point of view of a switch in an edge fabric, an EX_Port appears as a normal E_Por t; It follo w s applicable Fibre Channel standar[...]

  • Página 412

    412 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 NOTE If trunking is enabled, be aw are that the por t s creating th e bandwidth limitation will f orm a trunk group, while the rest of the ports will be segmented. Example of enabling encryption and compression on an EX_Port This example co nfigures and enables encr ypti[...]

  • Página 413

    Fabric OS Administrator ’s Guide 413 53-1002745-02 Working with EX_Por ts 14 This command is used to set up secret keys for the DH-CHAP authentication. The minimum length of a secret key is 8 characters and maximum 40 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performe[...]

  • Página 414

    414 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 QOS Port AE Port Auto Disable: OFF Rate Limit OFF EX Port ON Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay: 0(R_A_TOV) NPIV PP Limit: 255 CSCTL mode: OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: ON myswitch:admin> Example Enabling comp[...]

  • Página 415

    Fabric OS Administrator ’s Guide 415 53-1002745-02 Working with EX_Por ts 14 FCR:admin> portcfgexport 1 Port 1 info Admin: enabled State: OK Pid format: core(N) Operate mode: Brocade Native Edge Fabric ID: 20 Front Domain ID: 160 Front WWN: 50:00:53:31:37:43:ee:14 Principal Switch: 8 Principal WWN: 10:00:00:05:33:13:70:3e Fabric Parameters: Au[...]

  • Página 416

    416 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed whenever a port or a switch is enabled. Warning: Please use a secure channel for setting secrets. Using an insecure channel is not safe and[...]

  • Página 417

    Fabric OS Administrator ’s Guide 417 53-1002745-02 Working with EX_Por ts 14 NPIV PP Limit: 126 CSCTL mode: OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: ON Example Enabli ng compression on the same port. The por tCfgShow command shows that both e ncr yption and compression are now enabled on this por t. edge:admin> portdisable 1 e[...]

  • Página 418

    418 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 EX_Port commands See the F abric OS Command Refe rence f or more details on these EX_Po r t -valid commands. portCfgExPort The por tCfgExPort command sets a por t to be an EX_Por t, and also sets and displays EX_Port configuration parameters (including those for encrypti[...]

  • Página 419

    Fabric OS Administrator ’s Guide 419 53-1002745-02 Chapter 15 NPIV In this chapter • NPIV ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1 9 • Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 • Enabling and disabling[...]

  • Página 420

    420 Fabric OS A dministr ator’s Guide 53-1002745-02 NPIV overview 15 Index Port Address Media Speed State Proto ============================================== 0 0 010000 id N4 Online FC F-Port 20:0c:00:05:1e:05:de:e4 0xa06601 1 1 010100 id N4 Online FC F-Port 1 N Port + 4 NPIV public 2 2 010200 id N4 Online FC F-Port 1 N Port + 119 NPIV public 3 [...]

  • Página 421

    Fabric OS Administrator ’s Guide 421 53-1002745-02 Configuring NPIV 15 Configuring NPIV The NPIV f eature is enabled by default. Y ou can set the number of virtual N_Por t_IDs per por t to a value fr om 1 throug h 255 per por t. The default setting is 126. The por tCfgNpivPort command is used t o specify the max imum numb er of virt ual N_port_ID[...]

  • Página 422

    422 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling and disab ling NPIV 15 VC Link Init OFF Locked L_Port OFF Locked G_Port OFF Disabled E_Port OFF Locked E_Port OFF ISL R_RDY Mode OFF RSCN Suppressed OFF Persistent Disable OFF LOS TOV enable OFF NPIV capability ON QOS E_Port AE Port Auto Disable: OFF Rate Limit OFF EX Port OFF Mirror Po[...]

  • Página 423

    Fabric OS Administrator ’s Guide 423 53-1002745-02 Viewing NPIV port con figuration information 15 Viewing NPIV port configuration information 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the por tCfgShow command to vie w the switch por ts information. The follo wing exam ple shows whether a port is c[...]

  • Página 424

    424 Fabric OS A dministr ator’s Guide 53-1002745-02 Viewing NPIV port configuration information 15 switch:admin> portshow 2 portName: 02 portHealth: HEALTHY Authentication: None portDisableReason: None portCFlags: 0x1 portFlags: 0x24b03 PRESENT ACTIVE F_PORT G_PORT NPIV LOGICAL_ONLINE LOGIN NOELP LED ACCEPT portType: 10.0 portState: 1Online po[...]

  • Página 425

    Fabric OS Administrator ’s Guide 425 53-1002745-02 Chapter 16 Dynamic Fabric Provisioning: Fabric-Assigned PWWN In this chapter • Introduction to Dynamic F abric Pro visioni ng using F A -P WWN . . . . . . . . . . 425 • User- and auto-assigned F A -PWWN behavior . . . . . . . . . . . . . . . . . . . . . . . 426 • Configuring F A-PWWNs . . .[...]

  • Página 426

    426 Fabric OS A dministr ator’s Guide 53-1002745-02 User- and auto-assigned FA-PWWN behavior 16 NOTE For the server to use the F A -PWWN feature , it must be using a Broc ade HBA or adapter . R efe r to the release note s f or the HBA or adapter v ersions that suppor t this feature. Some configuration of the HBA must be per formed t o use the F A[...]

  • Página 427

    Fabric OS Administrator ’s Guide 427 53-1002745-02 Configuring FA-PWWNs 16 This section includes an F A-PWWN configuration pr ocedure for each of the f ollowing two topologies: • An F A -PWWN f or an HBA de vice that is connect ed to an Acce ss Gate way switch. • An F A -PWWN f or an HBA de vice that is connect ed directly to an edge switch. [...]

  • Página 428

    428 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring FA-PWWNs 16 3. Enter the fapwwn -- show -ag all command: Y ou should see ou tput similar to the following sample. (In this example, long lines of output are shown split acr oss two lines, f or bet ter readability .) ----------------------------------------------------------- AG Port [...]

  • Página 429

    Fabric OS Administrator ’s Guide 429 53-1002745-02 Supported switches and configurations for FA-PW WN 16 3. Enter the fapwwn -- show -por t all command: Y ou should see output simi lar to the f ollowing sample. ----------------------------------------------------------------------- Port PPWWN VPWWN PID Enable MapType -----------------------------[...]

  • Página 430

    430 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration uplo ad and download considerations for FA-PWWN 16 • Access Gat ewa y platforms running F abric OS v7 .0.0 or later: - Brocade 300 - Brocade 5 1 00 - Br ocade 6505 - Brocade 65 10 • Brocade HBAs with driver version 3.0.0. 0: - Brocade 4 15 - Brocade 425 - Brocade 8 15 - Brocade[...]

  • Página 431

    Fabric OS Administrator ’s Guide 431 53-1002745-02 Restrictions of FA-PWWN 16 NOTE When creating the DCC policy , use the ph ysical de vice WWN and not the F A-PWWN. If you use DCC, a policy check is do ne on the physic al PWWN on the ser vers. In the case of an HBA, the F A -PWWN is assigned to the HBA only af ter the DCC check is successful. Re[...]

  • Página 432

    432 Fabric OS A dministr ator’s Guide 53-1002745-02 Access Gateway N_Port failover with FA-PWWN 16[...]

  • Página 433

    Fabric OS Administrator ’s Guide 433 53-1002745-02 Chapter 17 Managing Administrative Domains In this chapter • Administrativ e Domains ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 • Admin Domai n management f or physical f a bric administrators . . . . . . . . 442 • SAN management with Admin Domains . . . [...]

  • Página 434

    434 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 NOTE Do not confuse an Admin Domain number with the domain ID of a switch. T hey are two different identifiers. The Admin Domain number identifies the Admin Domain and has a range from 0 through 255. The domain ID identifies a switch in the fabric an d ha s a [...]

  • Página 435

    Fabric OS Administrator ’s Guide 435 53-1002745-02 Administrative Domai ns overview 17 Admin Domain features Admin Domains allow y ou to do the f ollowing: • Define the scope of an Admin Domain t o enco mpass ports and devices within a switch or a fab ric . • Share resources acr oss multiple Admin Domains. For e xample, you can share arra y p[...]

  • Página 436

    436 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 Ta b l e 6 5 lists each Admin Domain user type and describes its administ rative access and capabilities. User-defined Admin Domains AD1 through AD2 54 are user -defined Admin Do ma ins. These user -defined Admin Domains can be created only b y a physical fabr[...]

  • Página 437

    Fabric OS Administrator ’s Guide 437 53-1002745-02 Administrative Domai ns overview 17 For e xample, if De viceA is not a member of an y user -defined Admin Domain, then it is an implicit member of AD0. If you e xplicitly add Devic eA to AD0, then De viceA is both an implicit and an explicit member of AD0. AD0 implicit members AD0 explicit member[...]

  • Página 438

    438 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 FIGURE 54 Fabric with AD0 and AD255 Home Admin Domains and login Y ou are alwa ys logged in to an Admin Domain, and yo u can vie w and modify only the de vices in that Admin Do main. If you ha ve access to more than one Admin Domain, one of them is designated [...]

  • Página 439

    Fabric OS Administrator ’s Guide 439 53-1002745-02 Administrative Domai ns overview 17 • For user -defined accounts, the ho me Admin Domain defaults to AD0 but an administrator can set the home Admin Domain to an y Admin Domain to which the account is giv en access. • If you are in an y Admin Domain context o ther th an AD0, the A dmin Domain[...]

  • Página 440

    440 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 If a de vice is a member of an Admin D omain, th e switch port to which the de vice is connected becomes an indi rect member of that A dmin Domain and the domain,index is removed fr om the AD0 implicit membership list. NOTE If the switch domain ID changes, the[...]

  • Página 441

    Fabric OS Administrator ’s Guide 441 53-1002745-02 Administrative Domai ns overview 17 Figure 55 on page 44 1 shows an unfilt ered view of a fa bric with tw o switches, three de vices, and two Admin Domains. The de vices are labeled with device WWNs and the switches are labeled with domain IDs and sw itch WWNs. FIGURE 55 Fabric showing switch and[...]

  • Página 442

    442 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 Admin Domain compatibility, availability, and merging Admin Domains maintain continuity of ser vice for F abric OS features and operat e in mixed-re lease Fabric OS en vironments. High availability is suppor ted with some backward c[...]

  • Página 443

    Fabric OS Administrator ’s Guide 443 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 Setting the default zoning mode for Admin Domains T o begin implementing an Admin Domain structure within your SAN, y ou must first set the default zoning mode t o No Access. Y ou must be in AD0 to change the def ault zoning mode. 1.[...]

  • Página 444

    444 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 ad --select 255 5. Enter the ad -- create command using the -d optio n to specify de vice and switch por t members and the -s option to specify switch members: ad --create ad_id -d " dev_list " -s " switch_list "[...]

  • Página 445

    Fabric OS Administrator ’s Guide 445 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 Creating a new user account for managing Admin Domains 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the userConf ig -- add command using the -r option to set the role, the -a option to pro vi[...]

  • Página 446

    446 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 Removing an Admin Domain from a user account When you remo ve an Admin Domain fr om an account, all of the currently active sessions for that account are logged out. 1. Connect to the switch and log in us ing an account with admin p[...]

  • Página 447

    Fabric OS Administrator ’s Guide 447 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 Deactivating an Admin Domain If you d eactivat e an Admin Domain, the members assigned t o the Admin Domain c an no longer access their hosts or s torage unless those members are par t of another A dmin Domain. Y ou cannot log in t o[...]

  • Página 448

    448 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 • T o sa ve the Admin Domain definition, ent er ad -- sav e . • T o sav e the Admin Domain definit ion and directly apply the definit ion to the fabric, enter ad -- apply . Example of adding two switch port s, designated by doma[...]

  • Página 449

    Fabric OS Administrator ’s Guide 449 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 4. Enter the appropriate command based o n whether you want to sa ve or activat e the Admin Domain definition: • T o sa ve the Admin Domain definition, ent er ad -- sav e . • T o sav e the Admin Domain definit ion and directly ap[...]

  • Página 450

    450 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 Deleting all user-defined Admin Domains When you clear the A dmin Domain configuration, all user- defined Admin Domains are dele ted, the explicit membership list of AD0 is cleared, and a ll fabric resou rces (swi tches, ports, and [...]

  • Página 451

    Fabric OS Administrator ’s Guide 451 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 3. Enter the zone -- copy command to cop y the zones from all user -defined Admin Domains to AD0. zone --copy source_AD . source_name dest_name In this syntax, source_AD is the name of the user -defined AD fr om which y ou are copy i[...]

  • Página 452

    452 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 FIGURE 5 7 AD0 and tw o user-def ined Admin Doma ins, AD1 and A D2 At the conc lusion of the pr ocedure, all de vices and zones are mov e d to AD0, and the user -defined Admin Domains are delet ed, as shown in Figure 58 . FIGURE 58 [...]

  • Página 453

    Fabric OS Administrator ’s Guide 453 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 10:00:00:00:02:00:00:00; 10:00:00:00:03:00:00:00 Effective configuration: cfg: AD1_cfg zone: AD1_BlueZone 10:00:00:00:02:00:00:00 10:00:00:00:03:00:00:00 Zone CFG Info for AD_ID: 2 (AD Name: AD2, State: Active) : Defined configuratio[...]

  • Página 454

    454 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 Validating an Admin Domain member list Y ou can validat e the device and switch member li st. Y ou can list non-existing or offline Admin Domain memb ers. Y ou can also identify mis configurations of t he Admin Domain. The Admin Domain validation pr ocess is [...]

  • Página 455

    Fabric OS Administrator ’s Guide 455 53-1002745-02 SAN management with Adm in Domains 17 CLI commands in an AD context The CLI command input arguments are validat ed agains t the AD member list; they do not w ork with input argument s that specif y resour ces that are no t members of the current Admin Domain. All commands present filtered output,[...]

  • Página 456

    456 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 Displaying an Admin Domain configuration Y ou can displa y the membership information and zo ne database info rmation of a specified Admin Domain. Notice the f ollowing differences in the inf ormation display ed based on the Admin Domain: • AD255: If y ou d[...]

  • Página 457

    Fabric OS Administrator ’s Guide 457 53-1002745-02 SAN management with Adm in Domains 17 Y ou can not sw itc h to an othe r Admi n Do mai n conte x t from within the shell creat ed by ad -- select . Y ou must first exit the shell, and then issue the ad -- select command again. Example of sw itching to a different Admin Domain conte xt The f ollow[...]

  • Página 458

    458 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 Admin Domains, zones, and zone databases Admin Domains introduce two types of zone database nomenclature and behavior: • Roo t z o n e d a ta b as e If you do no t use Admin Domains, there is only one zone database. This legacy zone database is known as the[...]

  • Página 459

    Fabric OS Administrator ’s Guide 459 53-1002745-02 SAN management with Adm in Domains 17 The AD zone databas e also ha s the follo wing characteristics: - Each zone database has its own name spa ce. F or example, y ou can define a zone name of test_z1 in more than one Admin Domain. - There is no zone database link ed to the ph ys ical fabric (AD2[...]

  • Página 460

    460 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 LSAN zone names in AD0 are ne ver con ver ted f or backward-compatibility reasons. The auto-con verted LSAN zone name s might collide with LSAN zone names in AD0 (in the exam ple, if AD0 contains lsan_for_linux_farm_AD005, this causes a name collision). Fabri[...]

  • Página 461

    Fabric OS Administrator ’s Guide 461 53-1002745-02 Section II Licensed Features This section describes optionally licensed Broca de Fabric OS features and in cludes t he following chapters: • Chapter 18, “ Administ ering Licensing” • Chapter 19, “Int er -chassis Links” • Chapter 20, “Monit oring F abric P er forma nce” • Chapt[...]

  • Página 462

    462 Fabric OS A dministr ator’s Guide 53-1002745-02[...]

  • Página 463

    Fabric OS Administrator ’s Guide 463 53-1002745-02 Chapter 18 Administering Licensing In this chapter • Licensing ov er view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 • Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 • ICL licensing . . [...]

  • Página 464

    464 Fabric OS A dministr ator’s Guide 53-1002745-02 Licensing overview 18 Ta b l e 6 9 lis ts the optionally licensed features that are a vailable in Fabric OS 7 . 1. TA B L E 6 9 Available Brocade licenses License Description 1 0 Gigabit FCIP/Fibre Channel (10G license) • Allows 1 0 Gbps operation of FC ports on the Brocade 65 10o r 6520 switc[...]

  • Página 465

    Fabric OS Administrator ’s Guide 465 53-1002745-02 Licensing overview 18 Advanced FICON Acceleration • Allows use of specializ ed data management t echniques and au tom a ted i nte ll ig e nc e to a cc e le ra te FI C ON ta p e r e ad an d wr ite and IBM Global Mirror dat a replication operations o ver dist ance, while main taining the integrit[...]

  • Página 466

    466 Fabric OS A dministr ator’s Guide 53-1002745-02 Licensing overview 18 Enterprise ICL Allows you to connect more than four chassis in a fabric using ICLs. Y ou can connect up to f our Brocade DCX 85 10 Backbones via ICLs without this license . If the number of int erconnect ed chassis using ICLs e xceeds f our , then all of the chassi s using [...]

  • Página 467

    Fabric OS Administrator ’s Guide 467 53-1002745-02 Licensing overview 18 Ta b l e 7 0 lists licensed features, each f eature’s associ ated license name, and, if applicable, the location on the lo cal or any connecting swit ch on which the license must be installed. Integrated R outing • Allows an y por ts in Brocade 5 100, 5300, 65 10, 6520, [...]

  • Página 468

    468 Fabric OS A dministr ator’s Guide 53-1002745-02 Licensing overview 18 FCIP High Performance Extensio n ov er FCIP/FC NOTE: Local an d attached switches. License is needed on both s ides of tunnel. FCIP T runking Adv anced Extension Local and attached switches. Fibre Channel Routin g/EX_Ports Integrat ed Routing Local switch. FICON No license [...]

  • Página 469

    Fabric OS Administrator ’s Guide 469 53-1002745-02 Licensing overview 18 Logical switch No license required. N/A Long distance Extended Fabrics Local and attached switches. NO TE: License is needed on both sides of connection. NPIV No license require d. N/A OpenSSH public k ey No license requ ired. N/A Performan ce monitoring Advanced P er f orma[...]

  • Página 470

    470 Fabric OS A dministr ator’s Guide 53-1002745-02 Brocade 7800 Upgrade license 18 Brocade 7800 Upgrade license The Bro cade 7800 has f our Fibre Channel (FC) por ts and two GbE ports active by default. The number of physical por ts active on the Br ocade 7800 is fix ed. There is one upgrade license to activate the rest of the FC and GbE por ts [...]

  • Página 471

    Fabric OS Administrator ’s Guide 471 53-1002745-02 ICL licensing 18 ICL licensing Brocade ICL links operat e between the core blades of the DCX 85 10 Backbone f amily , or between th e c o r e b l a d e s o f t h e DC X a n d DC X - 4 S B a c k b on e s . T y p i c al l y, i f bo t h c or e b l a d es a r e in s t a l le d , t h en they are activ[...]

  • Página 472

    472 Fabric OS A dministr ator’s Guide 53-1002745-02 ICL licens ing 18 ICL 8-link license The ICL 8-link license activates half of the ICL bandwidth f or ea ch ICL port on the Brocade DCX platform b y enabling only half of the ICL links available. This allows y ou to purchase half the bandwidth of th e Br ocade DCX ICL ports initially an d upgrade[...]

  • Página 473

    Fabric OS Administrator ’s Guide 473 53-1002745-02 8G licensing 18 Example switchShow output if no En terprise ICL license is installed A message such as the following is displa yed if a required EICL license is not installed: 440 8 24 ------ id 16G Online FC E-Port segmented,10:00:00:05:33:0d:52:00 (No EICL License)(Trunk master) 441 8 25 ------[...]

  • Página 474

    474 Fabric OS A dministr ator’s Guide 53-1002745-02 Slot-based licensing 18 Slot-based licensing Slot-based licensing is used on th e Brocade DCX and DCX 85 10 Backbone fa milies to support the FX8-2 4 blade, and on the Brocade DCX 85 1 0 Back bone family t o suppor t the 1 6 Gbps FC port blades (FC1 6-2 4 and FC1 6-48). License capacity is equal[...]

  • Página 475

    Fabric OS Administrator ’s Guide 475 53-1002745-02 10G licen sing 18 Assigning a license to a slot Use the f ollowing pr ocedure to assign a licence t o a slot: 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions in the licens e class of RBA C commands. 2. Enter the licenseSlotCfg -add[...]

  • Página 476

    476 Fabric OS A dministr ator’s Guide 53-1002745-02 10G licen sing 18 Af ter applying a 1 0 G license to the Brocade 65 10or 6520 chassis or t o a 16 Gbps FC blade, you must also configur e the por t octet ( por tCfgOctetSpeedCo mbo command) with the correct por t octet speed gro up and configure each port to operat e at 1 0 Gbps ( por tCfgSpeed [...]

  • Página 477

    Fabric OS Administrator ’s Guide 477 53-1002745-02 10G licen sing 18 aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 10 Gigabit FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 Configured Blade Slots 1 8510-8switch:admin> licenseslotcfg -remove FTR_10G 1 8510-8switch:admin> licenseslotcfg -add FTR_10G 4 8510-8switch:admin> license[...]

  • Página 478

    478 Fabric OS A dministr ator’s Guide 53-1002745-02 Temporary licenses 18 aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 10 Gigabit FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 Configured Blade Slots 1 8510-4switch:admin> licenseslotcfg -remove FTR_10G 1 8510-4switch:admin> licenseslotcfg -add FTR_10G 7 8510-4switch:admin> li[...]

  • Página 479

    Fabric OS Administrator ’s Guide 479 53-1002745-02 Temporary licenses 18 • FICON Management Ser ver (CUP) license • Extended F abrics license • High Performance Extension ov er FCIP/FC licen se • Integrat ed Routing license • Ser ver Application Optimization license • ISL T runking license Restrictions on upgrading temporary slot-base[...]

  • Página 480

    480 Fabric OS A dministr ator’s Guide 53-1002745-02 Temporary licenses 18 Expired licenses Once a temporary license has expired, you can view it through the li censeShow command. Ex pired licenses ha ve an output string of “License ha s e x pired”. RASlog warning messages are generated ev er y hour f or licenses present in the database whic h[...]

  • Página 481

    Fabric OS Administrator ’s Guide 481 53-1002745-02 Viewing installed licenses 18 Viewing installed licenses Use the f ollowing pr ocedure to vie w all installed licenses: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the licenseShow command. Activating a license The transaction k ey is case-sensitiv e ; it[...]

  • Página 482

    482 Fabric OS A dministr ator’s Guide 53-1002745-02 Removing a licensed feature 18 Use the f ollowing pr ocedure to add a lic ensed f eature: 1. Connect to the switch and log in usin g an account with admin permissions. 2. Activate the license using the licenseA dd command. 3. Verify the lice nse was added by ent ering the licenseShow command. Th[...]

  • Página 483

    Fabric OS Administrator ’s Guide 483 53-1002745-02 Ports on Demand 18 4. Enter the licenseShow command to v erify the license is disabled. switch:admin> licenseshow bQebzbRdScRfc0iK: Entry Fabric license Fabric Watch license SybbzQQ9edTzcc0X: Fabric license switch:admin> licenseremove "bQebzbRdScRfc0iK" removing license key "[...]

  • Página 484

    484 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18 Ports on Demand is ready to be unlock ed in the swit ch firmware. Its licen se key ma y be par t of the licensed paperpack supplied with sw itch software, or y ou can purchase the license k ey separat ely from y our switch v endor . Y ou may need to gener a te a license k ey f[...]

  • Página 485

    Fabric OS Administrator ’s Guide 485 53-1002745-02 Ports on Demand 18 First Ports on Demand license - additional 16 port upgrade license SdSSc9SyRSTeXTdn: Second Ports on Demand license - additional 16 port upgrade license SdSSc9SyRSTuXTd3: Full Ports on Demand license - additional 32 port upgrade license ATTENTION If you enable or disable an act[...]

  • Página 486

    486 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18 For the embedded switch modules, the Dynamic PO D f eature detects and assigns ports to a POD license only if the ser ver blade is installed with an HBA present. A server blade that does not ha ve a functioning HBA is treated as an inactive link during initial POD por t assign[...]

  • Página 487

    Fabric OS Administrator ’s Guide 487 53-1002745-02 Ports on Demand 18 switch:admin> licenseport --method dynamic The POD method has been changed to dynamic. Please reboot the switch now for this change to take effect. 3. Enter the reboot command t o restar t the switch. switch:admin> reboot 4. Enter the licensePor t -- show command to verif[...]

  • Página 488

    488 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18 Ports assigned to the full POD license: 0, 9, 10, 11, 12, 13, 14, 15, 16, 21, 22, 23 Reserving a port license Y ou can allo cate licenses by reser ving an d releas ing POD assignments to specific ports. Disabled por ts are not candidates for aut omatic licens e assignment b y [...]

  • Página 489

    Fabric OS Administrator ’s Guide 489 53-1002745-02 Ports on Demand 18 Af ter a port is assigned to the POD set, the por t is li censed until it is ma nually remov ed from the POD por t set. When a port is released from its POD port set (Base, Single, or Double), it creat es a vacancy in that port set. Use the f ollowing pr ocedure to release a po[...]

  • Página 490

    490 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18[...]

  • Página 491

    Fabric OS Administrator ’s Guide 491 53-1002745-02 Chapter 19 Inter-chassis Links In this chapter • Inter -chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 1 • ICLs f or the Broc ade DCX 85 1 0 Backbone family . . . . . . . . . . . . . . . . . . . . 492 • ICLs f or the Brocad e DCX B[...]

  • Página 492

    492 Fabric OS A dministr ator’s Guide 53-1002745-02 ICLs for the Brocade DCX 8510 Backbone family 19 NOTE Y ou cannot inter connect a Brocade DCX Backbone f amily chassis to a Br ocade DCX 85 10 Backbone fam il y ch as si s. Ref er to the specific hardw are reference manual s for a d d i t io n a l i n fo r m ation about LED status meanings and I[...]

  • Página 493

    Fabric OS Administrator ’s Guide 493 53-1002745-02 ICLs for the Brocade DCX Backbone family 19 NOTE Brocade recommends that y o u ha ve a maximu m of eight ICLs connect ed to the same neighboring domain, with a maximum of four ICLs fr om each core blade. • The ICLs can connect t o either core blade in the neighboring chassis. Unlik e the copper[...]

  • Página 494

    494 Fabric OS A dministr ator’s Guide 53-1002745-02 Virtual Fabrics considerations for ICLs 19 FIGURE 60 DCX-4S allowed ICL connections The follo wing ICL connections are not allow ed: • ICL0 por ts to ICL0 ports • ICL1 por ts to ICL1 ports ICL trunking on the Brocade DCX and DCX-4S ICL trunk s form automatically but add itional licen s es ma[...]

  • Página 495

    Fabric OS Administrator ’s Guide 495 53-1002745-02 Supported topologies for ICL connections 19 Supported topologies for ICL connections Y ou can connect the Br ocade Backbones in a mesh topology and a core-edge t opology . A brief description of ea ch follows. (Y ou can also con nect two DCX 85 10s point-to-point.) The illustrations in this secti[...]

  • Página 496

    496 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported topologies for ICL connections 19 FIGURE 62 Full nine-mesh topology During an ICL break in the triangular t opology , the chassis that has the connections of the other two is the main chassis. Any err or messages rela ting to a break in the t opology appear in the RASlog of the main ch[...]

  • Página 497

    Fabric OS Administrator ’s Guide 497 53-1002745-02 Supported topologies for ICL connections 19 FIGURE 63 64 Gbps ICL core-edge topology[...]

  • Página 498

    498 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported topologies for ICL connections 19[...]

  • Página 499

    Fabric OS Administrator ’s Guide 499 53-1002745-02 Chapter 20 Monitoring Fabric Performance In this chapter • Advanced P er f ormance Monitoring ov erview . . . . . . . . . . . . . . . . . . . . . . . 499 • End-to-end per formance monit oring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 1 • F rame monitoring . . . . . . . [...]

  • Página 500

    500 Fabric OS A dministr ator’s Guide 53-1002745-02 Advanced Performance Monitoring overview 20 Restrictions for installing monitors • Advanced P er formance Monitoring is no t suppor ted on VE_Ports and EX_Por ts. If you issue commands f or any A dvanced P er f ormance Monit oring on VE_Ports or EX_Por ts, you will rece ive error messages. •[...]

  • Página 501

    Fabric OS Administrator ’s Guide 501 53-1002745-02 End-to-end performance monitoring 20 Access Gateway considerations for Advanced Performance Monitoring EE monitors and frame monit ors are suppor ted on switches in A ccess Gate way mode. T op T alker monitors are no t suppor t ed on these switches. EE monitors must be installed on F_Por ts. F ra[...]

  • Página 502

    502 Fabric OS A dministr ator’s Guide 53-1002745-02 End-to-end performance monitoring 20 Virt ual F abrics consideration s: If Vir tual Fabrics is enabled, the Br ocade DCX, DCX-4 S, DCX 85 1 0 and 5300 models allo w up to 256 end-to- end moni tors on one logical switch. The Br ocade 5 100, 65 10, 6520, and V A-40 FC allow up to 34 1 en d-t o-end[...]

  • Página 503

    Fabric OS Administrator ’s Guide 503 53-1002745-02 End-to-end performance monitoring 20 This monitor (Monitor 1) counts the frames that ha ve an SID of 0x0 11200 and a DID of 0x02 1e00. For Monit or 1, RX_COUNT is the number of wor ds from Host A to De v B, and TX_COUNT is the number of wo rds fr om Dev B t o Host A. Example of monit oring the tr[...]

  • Página 504

    504 Fabric OS A dministr ator’s Guide 53-1002745-02 End-to-end performance monitoring 20 The per fSetPor tEEMask command sets a mask f or the domain ID, area ID, and AL_P A of the SIDs and DIDs f or frames transmitted from and received b y the por t. Figure 65 shows the mask positions in the command. A ma sk (“ff”) is set on slot 1, port 2 to[...]

  • Página 505

    Fabric OS Administrator ’s Guide 505 53-1002745-02 Frame monitoring 20 perfmonitorshow --class monitor_class [ slotnumber /] portnumber [ interval ] Example of displaying an end-to-end monitor on a por t at 10-second intervals switch:admin> perfMonitorShow --class EE 4/5 10 Showing EE monitors 4/5 10: Tx/Rx are # of bytes 01234 --------- -----[...]

  • Página 506

    506 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame monitorin g 20 NOTE The Advanced Pe r formance Monitoring license is req uired to use the fmM onitor command. The monitoring functionality also requires the F abric Watch license. When y ou configure actions and aler ts through the fmMonit or command, F abric Watch uses thes e v alues and [...]

  • Página 507

    Fabric OS Administrator ’s Guide 507 53-1002745-02 Frame monitoring 20 The value of the o f fset must be bet ween 0 and 63, in decimal format. Byte 0 indicates the fi rst byte of the Star t of F rame (SOF), byt e 4 is the first byte of the frame header , and byt e 28 is the first byte of the pa yload. Thus, only the SOF , frame header , and first[...]

  • Página 508

    508 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame monitorin g 20 Adding frame monitors to a port If the switch does not ha ve enough resour ces to ad d a frame monitor t o a port, then other frame monitors on that port may ha ve to be delet ed to free resour ces. 1. Connect to the switch and log in us ing an account with admin permissions[...]

  • Página 509

    Fabric OS Administrator ’s Guide 509 53-1002745-02 Frame monitoring 20 Example The f ollowing e xample displays the e xisting frame types and associated bit patt erns on the switch. switch:admin> fmmonitor --show FRAME_TYPE BIT PATTERN ---------------------------------------- scsi 12,0xFF,0x08; scsiread 12,0xFF,0x08;4,0xFF,0x06;40,0xFF,0x08,0x[...]

  • Página 510

    510 Fabric OS A dministr ator’s Guide 53-1002745-02 Top Talker monitors 20 Top Talker monitors T op T alk er monitors det ermine the flows (SID and DID pairs) th at are the major users of bandwidth (after initial stabilization). T op T alker monito rs measure bandwidth usage data in rea l time and relative t o the por t on which the monitor is in[...]

  • Página 511

    Fabric OS Administrator ’s Guide 511 53-1002745-02 Top Talker monitors 20 How do T op T alker monit ors dif fer fr om EE monitors? EE monitors pro vide counter statistics f or traf fic flowing be tween a giv e n SID and DID pair . T o p T alker monit ors identify all possible SID and DID flow combinations that are possible on a giv en por t and p[...]

  • Página 512

    512 Fabric OS A dministr ator’s Guide 53-1002745-02 Top Talker monitors 20 FIGURE 66 Fabric mode Top T alker monit or s on FC r outer do not monitor any f low s FIGURE 67 Fabric mode Top T alker monito rs on FC ro uter monitor flow s over the E_Por t Limitations of Top Talker monitors Be aw are of the follo wing when using T o p T alk er monitors[...]

  • Página 513

    Fabric OS Administrator ’s Guide 513 53-1002745-02 Top Talker monitors 20 Adding a Top Talker monito r to a port (port mode) 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the per fTTmon -- add command. perfttmon --add [egress | ingress] [ slotnumber /] port The follo wing example monit ors the incoming tra[...]

  • Página 514

    514 Fabric OS A dministr ator’s Guide 53-1002745-02 Top Talker monitors 20 The output is sorted based on the data rate of each flo w . If you do not specify the number of flows t o display , then the command displa ys the top 8 flows or the total number of flo ws, whichev er is less. The f ollowing exam ple displays the t op 5 fl ows on por t 7 i[...]

  • Página 515

    Fabric OS Administrator ’s Guide 515 53-1002745-02 Trunk monitoring 20 Deleting all fabric mode Top Talker monitors 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the per fTTmon -- delete f abricmode command. perfttmon --delete fabricmode All T op T alk er monito rs are deleted. Trunk monitoring T o monitor[...]

  • Página 516

    516 Fabric OS A dministr ator’s Guide 53-1002745-02 Performance data collection 20 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter one of the f ollowing commands, depen ding on the action you w ant to perform: • T o sa ve the current EE monit or and frame monitor configuration settings into nonv ola tile m[...]

  • Página 517

    Fabric OS Administrator ’s Guide 517 53-1002745-02 Chapter 21 Optimizing Fabric Behavior In this chapter • Adaptiv e Networking ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1 7 • Ingress Rate Limiting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 18 • QoS: SID/DI[...]

  • Página 518

    518 Fabric OS A dministr ator’s Guide 53-1002745-02 Ingress Rate Limiting 21 • Ingress Rate Limiting Ingress Rate Limiting restricts the speed of traf fi c from a particular device to the switch por t. Ingress Rate Limiting req uires an Adap tiv e Netw orking license. Se e “Ingress Rate Limiting” on page 5 18 f or more inf ormation about th[...]

  • Página 519

    Fabric OS Administrator ’s Guide 519 53-1002745-02 QoS: SID/DID traffic prioritization 21 Virtual Fabrics considerations If Vir tual Fabrics is enabled, the rate limit configuration o n a por t is on a per -logical switc h basis. That is, if a por t is configured to ha ve a cer tain rate limit value, and the por t is then mov ed to a different lo[...]

  • Página 520

    520 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS: SID/DID traffic prioritization 21 Ta b l e 76 sho ws a basic comparison between CS-CTL -based and QoS zone- based prioritization. See “CS_CTL -based frame prioritizati on” on page 52 1 and “QoS zone-based traf fic prioritization” on page 523 f or detailed information about each type[...]

  • Página 521

    Fabric OS Administrator ’s Guide 521 53-1002745-02 CS_CTL-based frame prioritization 21 CS_CTL-based frame prioritization CS_CTL -based frame prioritization al lows you t o prioritize the frames betw een a host and target as having high, medium, or low priority , depending on the v alue of the CS_CTL field in the FC frame header . The CS_CTL fiel[...]

  • Página 522

    522 Fabric OS A dministr ator’s Guide 53-1002745-02 CS_CTL-based frame prioritization 21 NOTE If a switch is running a firm ware version earl ier than Fabric OS v6.0.0, the outgoing frames from that switch lose their priority . High-availability considerations for CS_CTL-based frame prioritization If the standby CP is running a Fabric OS v er sio[...]

  • Página 523

    Fabric OS Administrator ’s Guide 523 53-1002745-02 QoS zone-based traffic prioritization 21 Set CSCTL QoS Mode to 1 to enable aut o mode, establ ishing the set tings sho wn in Ta b l e 7 8 on page 52 1. Set CSCTL QoS Mode to 0 to disable aut o mode and rev er t t o default settings, sho wn in Ta b l e 7 7 on page 52 1. NOTE As noted pre viously ,[...]

  • Página 524

    524 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zone-based traffic prioritization 21 T o preserve existing trunk groups, bef ore you in stall the Adaptive Networking license, manually disable QoS on these po r ts, as described in “Manually disabling QoS on trunk ed por ts” on page 52 4. Manually disabling QoS on trunked ports NOTE QoS[...]

  • Página 525

    Fabric OS Administrator ’s Guide 525 53-1002745-02 QoS zones 21 switch:admin> portcfgshow (output truncated) Ports of Slot 0 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 -----------------+---+---+---+---+-----+---+---+---+-----+---+---+---+-----+---+---+--- Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN Fill Word 0000 0000 0000 0000 [...]

  • Página 526

    526 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zones 21 The switch automatically sets the priority for the “host,target” pairs specified in the zones according to the priority lev el (H or L) in the zone name. The flow id allows y ou to hav e contro l ov er the V C as signm ent and contr ol ov er balancing the flows throughout the fa[...]

  • Página 527

    Fabric OS Administrator ’s Guide 527 53-1002745-02 QoS zones 21 NOTE By default, QoS is enabled on 8-Gbps ports, except for long-distance 8-Gbps ports. QoS is disabled by default on all 4-Gbps por ts and long-dis tance 8-Gbps por ts. FIGURE 69 QoS with E_Por ts enabled Y ou need to enable QoS on the E_Ports on both ISLs betw een domain 3 and doma[...]

  • Página 528

    528 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zones 21 The following are requirements fo r establishing QoS o ver FCRs: • QoS ov er FC routers is supported in Br ocad e nativ e mode only . It is not supported in inter opmode 2 or int eropmode 3. • QoS ov er FC routers is suppor ted for t h e fo l lo w i ng c o n f i g u r a ti o n s[...]

  • Página 529

    Fabric OS Administrator ’s Guide 529 53-1002745-02 QoS zones 21 FIGURE 70 Traff ic prioritization in a logical fabric Supported configurations for QoS zone-based traffic prioritization The follo wing configuration rules apply to QoS zone-based traffic prioritization: • All switches in the fabric must be running Fabric OS v6.0.0 or later . ATT E[...]

  • Página 530

    530 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting QoS zone-based traffic prioritization 21 • T raffic prioritization is enfor ced on the eg ress ports only, not on the ingress ports. • T raff ic prioritization is not suppor t ed on 10-Gbps ISLs. • T raff ic prioritization is n ot suppor ted on mirrored ports. • T raff ic priorit[...]

  • Página 531

    Fabric OS Administrator ’s Guide 531 53-1002745-02 Setting QoS zone-based traffic prioritization 21 The por tCfgQos command does not affect QoS prioritization . I t only enables or disables the link to pass QoS priority traffic. NOTE QoS is enabled b y default on all ports (e x cept long-distance po r ts). If yo u use the por tCfgQos command to e[...]

  • Página 532

    532 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting QoS zone-based traffic pr ioritization over FC routers 21 Setting QoS zone-based traffic prioritization over FC routers 1. Connect to the switch in the edg e fabric and log in using an account with admin permissions. 2. Create QoS zones in the edge f abric. The QoS zones must hav e WWN m[...]

  • Página 533

    Fabric OS Administrator ’s Guide 533 53-1002745-02 Chapter 22 Managing Trunking Connections In this chapter • T runking o ver view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 • Suppor ted configurations f or trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535 • Suppor ted [...]

  • Página 534

    534 Fabric OS A dministr ator’s Guide 53-1002745-02 Trunking overview 22 Types of trunking T runking can be betw een two switches, between a switch and an Access Gat ew ay module, or between a switch and a Brocade adapt er . The types of trunking are as fo llows: • ISL trunking , or E_Port trunking, is configured on an int e r -switch link (ISL[...]

  • Página 535

    Fabric OS Administrator ’s Guide 535 53-1002745-02 Supported configurations for trunking 22 License requirements for trunking A l l t y p e s o f t r u n k i n g r e q u i r e t h e Tru n k i n g l i c e n s e . T h i s l i c e ns e m u s t b e i n s ta l l e d o n e a c h s w it c h t h a t par ticipates in trunking. ATTENTION Af ter yo u add th[...]

  • Página 536

    536 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported platforms for trunking 22 T runks operat e best when the cable length of each trunk ed link is r oughly equal t o the length of the others in the trunk. For optimal performance, no more than 30 meters dif ference is rec ommended. T runks are compatible with both shor t-wav elength (SWL[...]

  • Página 537

    Fabric OS Administrator ’s Guide 537 53-1002745-02 Recommendations for trunk groups 22 Recommendations for trunk groups T o identify the most useful tr unk gr oups, consider the f ollowin g recommendations along with the standard guidelines f or SAN design: • Evaluate the traffic patterns within the fabric. • Place trunking-capable switch es [...]

  • Página 538

    538 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring trunk groups 22 Configuring trunk groups Af ter y ou install the T runking license, you must re -initialize the por ts that are to be used in trunk groups so that the y recognize that trunking is en abled. This pr ocedure needs to be performed only once, and is required f or all type[...]

  • Página 539

    Fabric OS Administrator ’s Guide 539 53-1002745-02 Displaying trunking information 22 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the p ort Cf g T r un k P ort command to disable trunking on a por t. Enter the switchCfgT runk command t o disable trunking on all por ts on the switch. Mode 1 enables an[...]

  • Página 540

    540 Fabric OS A dministr ator’s Guide 53-1002745-02 Trunk Area and Admin Dom ains 22 Rx: Bandwidth 16.00Gbps, Throughput 1.67Gbps (12.12%) Tx+Rx: Bandwidth 32.00Gbps, Throughput 3.33Gbps (12.12%) 3: 10-> 10 10:00:00:05:1e:81:56:8b 1 deskew 15 MASTER 11-> 11 10:00:00:05:1e:81:56:8b 1 deskew 15 Tx: Bandwidth 4.00Gbps, Throughput 1.66Gbps (48.[...]

  • Página 541

    Fabric OS Administrator ’s Guide 541 53-1002745-02 EX_Port trunking 22 For additional inf ormation on configuring long dis tance, see “Configuring an e xtended ISL ” on page 553. Ta b l e 7 9 sum marizes suppor t for T runking o ver long -distance f or the Backbones and suppor ted blades. NOTE The L0 mode supports up to 5 km at 2 Gbps, up to [...]

  • Página 542

    542 Fabric OS A dministr ator’s Guide 53-1002745-02 EX_Port trunking 22 Masterless EX_Port trunking EX_Por t trunking is masterless ex cept for EX_Ports on Backbones . For the Backbones, Vir tual Fabrics must be enabled f or masterless EX_Port trunkin g to tak e ef fect. For the fix ed-port switches, Vir tual Fabrics can be e nabled or disabled. [...]

  • Página 543

    Fabric OS Administrator ’s Guide 543 53-1002745-02 F_Port trunking 22 The following is an e xample of a master EX_Port and a slave EX _Port display ed in swi tchShow . switch:admin> switchshow Index Slot Port Address Media Speed State ============================================== 16 2 0 ee1000 id N4 No_Light 17 2 1 ee1100 id N4 Online EX_Port[...]

  • Página 544

    544 Fabric OS A dministr ator’s Guide 53-1002745-02 F_Port trunking 22 FIGURE 72 Switc h in Access Gateway mode wi thout F_Por t mas terless trunking FIGURE 73 Switc h in Access Gateway mode with F_Port masterless trunking NOTE Y ou do not need t o map the host t o the maste r por t manually , because the Access Gat eway will per form a cold fail[...]

  • Página 545

    Fabric OS Administrator ’s Guide 545 53-1002745-02 F_Port trunking 22 Use the f ollowing pr ocedure on the edge switch connected t o the Access Gate wa y module to configure F_Por t trunking. 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the por tCfgShow com m an d to e ns u re t ha t th e po r ts h av[...]

  • Página 546

    546 Fabric OS A dministr ator’s Guide 53-1002745-02 F_Port trunking 22 c. Ena ble the trunk on the por ts by using the por tT runkArea command. switch:admin> porttrunkarea --enable 3/40-41 -index 296 Trunk index 296 enabled for ports 3/40 and 3/41. 2. On the host side, enable trunking as described in the Brocade Adapte rs Administrat or’s Gu[...]

  • Página 547

    Fabric OS Administrator ’s Guide 547 53-1002745-02 F_Port trunking 22 DCC Policy DCC policy enfor cement fo r the F_Port trunk is based on the T runk Area; the FDISC re quests to a t r u n k p o r t a r e a c c e p t e d o n l y i f th e W W N o f t h e a t t a c h e d d ev i c e i s p a r t o f th e DC C p o l i c y against the T A. The PWWN of [...]

  • Página 548

    548 Fabric OS A dministr ator’s Guide 53-1002745-02 F_Port trunking 22 Ta b l e 81 describes the PWWN f ormat for F_P or t and N_P or t trunk ports. F_Port trunking in Virtual Fabrics F_Por t trunking functionality per forms the same in Vir tual Fabrics as it does in non-Vir tual Fabric platf orms ex cept for the Broc ade DCX and DCX 85 1 0 -8. F[...]

  • Página 549

    Fabric OS Administrator ’s Guide 549 53-1002745-02 Displaying F_Port tr unking informatio n 22 • If F_Port trunking is enabled on some por ts in the de fault switch, and y ou disable Vir tual Fabrics, all of the F_Por t trunki ng information is lost. • All of the ports in an F_Por t trunk must belong t o a single trunk gr oup of por ts on the[...]

  • Página 550

    550 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling the DCC policy on a trunk area 22 switch:admin> portdisable 0-2 switch:admin> porttrunkarea --disable 0-2 Trunk index 2 disabled for ports 0, 1, and 2. Enabling the DCC policy on a trunk area Af ter y ou assign a trunk area, the portT runkA rea command checks whether there are an [...]

  • Página 551

    Fabric OS Administrator ’s Guide 551 53-1002745-02 Chapter 23 Managing Long-Distance Fabrics In this chapter • Long-distance fabrics o ver view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 1 • Extended Fabrics de vice limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552 • Long -distance lin[...]

  • Página 552

    552 Fabric OS A dministr ator’s Guide 53-1002745-02 Extended Fabrics device limitations 23 • Optimized switch buf fering When Extended F abrics is installed on gatew ay switches (with E_Port connectivity from one switch to ano ther), the ISLs (E_Ports) are config ured with a large pool of buffer c redits. The enhanced switch buffers help ensure[...]

  • Página 553

    Fabric OS Administrator ’s Guide 553 53-1002745-02 Configuring an extended ISL 23 • Dynamic Mode ( LD ) — LD calculat es buf fer credits bas ed on the distance measured during por t initialization. Brocade switch es use a pr oprietary algorithm to estimat e distance across an ISL. The estimat ed distance is used to det ermine the buf f er cre[...]

  • Página 554

    554 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring an extended ISL 23 portcfglongdistance [ slot /] port [ distance_level ] [ vc_translation_link_init ] [ -distance desired_distance ] 6. Repeat step 4 and step 5 for the r emote ext ended ISL por t. Both the local and remo te ext ended ISL por ts must be configured to the same distanc[...]

  • Página 555

    Fabric OS Administrator ’s Guide 555 53-1002745-02 Buffer credit management 23 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Disable QoS. switch:admin> portcfgqos --disable [slot/]port If you do no t disable QoS, after the second or third Link Reset (LR), ARB fill wor d s display . 3. Disable buf fer cr e[...]

  • Página 556

    556 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 B uff e r -t o- bu ff er f lo w co nt r ol i s fl ow co ntr o l be tw een adjacent por ts in the I/O path, fo r example, transmission control ov er individua l network links. A separat e, independent pool of credits is used to manage buffer -to-buf fer flo w control.[...]

  • Página 557

    Fabric OS Administrator ’s Guide 557 53-1002745-02 Buffer credit management 23 Smaller frame sizes need more buf f er credits. T w o commands are a vailable t o help you det ermine whether you need to allocate more buf fer credits to handle the av erage frame size . The por tBuf ferSho w command calculates the av erage frames size. The portBuf fe[...]

  • Página 558

    558 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 Allocating buffer credit s based on full-sized frames Y ou can allo cate buffer credits based on distance using the portCfgLongDistance command. The long-distance link modes allow yo u t o select the dynamic mode (LD) or the static mode (LS) t o calculate the buffer [...]

  • Página 559

    Fabric OS Administrator ’s Guide 559 53-1002745-02 Buffer credit management 23 • If QoS is not enabled: (Reserved Buffer for Dis tance Y) = (X * LinkSpeed / 2 ) + 6 where X = the distance det ermined in step 1 (in km). LinkSpeed = the speed of the link determined in st ep 2. 6 = the number of buffer credits reserved f o r fabric ser vices, mult[...]

  • Página 560

    560 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 • 8 — the number of reserved buf f er credits already allocat ed to that por t. The floor of the resul ting number is ta k en because frac tions of a por t are not allowed. If you ha ve a distance of 50 km at 1 Gbps, then 484 / ( 3 1 – 8) = 2 1 por ts Allocatin[...]

  • Página 561

    Fabric OS Administrator ’s Guide 561 53-1002745-02 Buffer credit management 23 Configuring buffers for a single port directly T o configure the number of buffers directly , use the -buff ers option of the port CfgLongDistance command. Fabric OS uses this value to calculat e the to tal number of buffers accor ding to the fo ll o wi n g fo r m u l [...]

  • Página 562

    562 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 T o det ermine the number of buf fers req uired, per f orm the fo llowing st eps: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the por tBufferCalc command and pr o vide values f or the distance, por t speed, and frame siz[...]

  • Página 563

    Fabric OS Administrator ’s Guide 563 53-1002745-02 Buffer credit management 23 switch:admin> por tbuffershow 1 7 User Port Lx Max/Resv Avg Buffer Usage & FrameSize Buffer Needed Link Remaining Port Type Mode Buffers Tx Rx Usage Buffers Distance Buffers ---- ---- ---- ------- ---------------------------- ------ ------- --------- ---------- [...]

  • Página 564

    564 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 For the FC8- x por t blades, the fi rst number in the Unreserved buffer credits c olumn designates the number of unreserved buffers per port group with out buffer o ptimized mode; the second number designate s the unreserved buffers with buffer optimized mode enabled[...]

  • Página 565

    Fabric OS Administrator ’s Guide 565 53-1002745-02 Buffer credit management 23 NOTE The distances in this table assume that QoS is enabl ed. If QoS is di sabled the ma ximum suppor t ed distances are higher , because QoS req uires an a dditional 20 buffer credits per activ e por t. T o get an es timated maximum eq ually distribut ed distance for [...]

  • Página 566

    566 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit recovery 23 Buffer credit recovery Buffer credit recov er y (CR) allows links t o recover after buf fe r credits are lost when the buffer credit recov er y logic is enabled. The buffer credit reco ve r y feature also maintains performance. If a credit is lost, a recov er attempt is[...]

  • Página 567

    Fabric OS Administrator ’s Guide 567 53-1002745-02 Buffer credit recovery 23 For an F_P or t on a Br ocade switch or Access Ga t ewa y connected t o an adapte r , the follo wing conditions must be met : • The Bro cade switch or Access Gat ewa y must run F abric OS v7 .1 or later . • Fabric OS must suppor t buf fer credit reco ver y at both en[...]

  • Página 568

    568 Fabric OS A dministr ator’s Guide 53-1002745-02 Forward error correction on long-dis tance links 23 The f ollowing e xample enables buf f er credit reco very on por t 1/20. switch:admin> portcfgcreditrecovery 1/20 -enable Forward error correction on long-distance links Forward err or correction (FEC) on user por ts is suppor ted f or LD an[...]

  • Página 569

    Fabric OS Administrator ’s Guide 569 53-1002745-02 Chapter 24 Using FC-FC Routing to Connect Fabrics In this chapter • FC-FC routing ov erview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569 • Fibre Channel r outing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 • Sett[...]

  • Página 570

    570 Fabric OS A dministr ator’s Guide 53-1002745-02 FC-FC routing overview 24 A Fibre Channel router (FC r outer) is a switch running the FC-FC r outing ser vice. The FC-FC routing service can be simultaneously used as an FC rout er and as a SAN ext ension ov er wide area networks (WANs) using FCIP . Y ou can set up QoS traffic prioritization ov [...]

  • Página 571

    Fabric OS Administrator ’s Guide 571 53-1002745-02 FC-FC routi ng overview 24 • The Backbones hav e a limit of 128 EX_Por ts for each chassis. Refe r to th e Network OS A dministrat o r’s Guide f or suppor ted Network OS platfo rms. Supported configurations for FC-FC routing FC-FC r outing supports the foll owing co nfigurations: • FC rout [...]

  • Página 572

    572 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 Fibre Channel routing concepts Fibre Channel routing intr oduces the following concepts: • Fi br e C ha n ne l rou te r (F C rou te r) A switch running the FC-FC routing ser vice. Refer t o “Suppor ted platf orms fo r F C - F C ro u t i ng ” on page 5 70 [...]

  • Página 573

    Fabric OS Administrator ’s Guide 573 53-1002745-02 Fibre Channel routing concepts 24 • Logical SANs (LSANs) An LSAN is defined b y zones in two or more edg e or backbone fabrics that contain the same devic es. Y ou can creat e LSANs that span fabric s. These LSANs enable Fibre Channel zones t o cross ph ysical SAN boundaries without merging the[...]

  • Página 574

    574 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 • Fabric ID (FID) Every EX_Port and VEX_Por t uses the fabric ID (FI D) to identify the f abric at the opposite end o f the inter -fabric link. The FID f or ev er y edge fabric must be unique fr om the perspective of eac h backbone fabric. - If multiple EX_P [...]

  • Página 575

    Fabric OS Administrator ’s Guide 575 53-1002745-02 Fibre Channel routing concepts 24 FIGURE 7 6 Edge SANs connected thr ough a backbone fabric • Phantom domains A phantom domain is a domain emulated by the Fibre Channel rout er . The FC r outer can emulate tw o types of phantom domains: front phant om domains and translate phant o m domains. Fo[...]

  • Página 576

    576 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 FIGURE 77 Met aSAN with impor ted devices FC-FC routing topologies The FC-FC routing service provides two types of r outing: • Edge-to- edge Occurs when de vices in one edge fabric comm unic ate with de vices in another edge fabric th ro ug h on e o r mo r e [...]

  • Página 577

    Fabric OS Administrator ’s Guide 577 53-1002745-02 Fibre Channel routing concepts 24 Phantom domains A phantom domain is a domain creat ed by the Fibre Channel r outer . The FC rout er creates two types of phantom domains: fr ont phantom domains and translat e phantom domains. A front phant om domain , or front domain , is a domain that is pr oje[...]

  • Página 578

    578 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 FIGURE 79 EX_Por t phantom switch topology All EX_P or ts or VEX_Ports connected t o an edge f abric use the same xlat e domain ID f or an impor ted edge f abric; this value persists acro ss switch reboots and fabric reconfigurations. If you lose connectivity t[...]

  • Página 579

    Fabric OS Administrator ’s Guide 579 53-1002745-02 Setting up FC-FC routing 24 Identifying and deleting stale xlate domains If a remot e edge fabric goes unreachable, the xlat e domains created in other edge fabrics f or this remote edge f abric are retained and not remov ed unle ss th ere is any disruption in the local edg e fab ric . Y ou can u[...]

  • Página 580

    580 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up FC-FC routing 24 4. Configure IFLs for edge and backbo ne fabric connection. (R ef er to “Inter-fabric link configuration” on page 583.) 5. Modify por t cost for EX_P or ts, if you want t o change fr om the def ault settings. (Re fer t o “FC rout er por t cost configuration” o[...]

  • Página 581

    Fabric OS Administrator ’s Guide 581 53-1002745-02 Backbone fabric IDs 24 RyeSzRScycazfT0G: Integrated Routing license If you are connecting t o a Fabric OS or M-EOS fa bric and the Int egrated R outing license is not installed, you must inst all it, as described in Chapter 18, “ Administering Licensing” . The Integrat ed Routing license is n[...]

  • Página 582

    582 Fabric OS A dministr ator’s Guide 53-1002745-02 FCIP tunnel configuration 24 ATTENTION In a mult i-switch b ackbone fabric , modification of the FID within the backbone f abric will cause disruption to local traffic. Assigning backbone fabric IDs 1. Log in to the switch or Backbone. 2. Enter the switchDisable command if EX_Por ts are online. [...]

  • Página 583

    Fabric OS Administrator ’s Guide 583 53-1002745-02 Inter-fabric link configuration 24 Refe r to th e Fibre Cha nnel over IP A dministrator’s Guide f or ins tructions on how to configure FCIP tunnels. Inter-fabric link configuration Before configuring an inter -fabric link (IFL), b e aw a re that you cannot conf igure both IFLs (EX_Por ts, VEX_P[...]

  • Página 584

    584 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-fabric l ink configuration 24 Hash Algorithm: N/A Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A This por t can no w connect to ano ther switch. The following e x ample configures an E X_Port fo r connecting to a Brocade Network OS fabric. The -m 5 option indicat[...]

  • Página 585

    Fabric OS Administrator ’s Guide 585 53-1002745-02 Inter-fabric link configuration 24 8. Af t e r identifying such por ts, ent er the por tCfgPersistentEnable command t o enable the port, and then the portCfgSho w command t o verify the port is enabled. switch:admin> portcfgpersistentenable 7/10 switch:admin> portcfgshow 7/10 Area Number: 7[...]

  • Página 586

    586 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-fabric l ink configuration 24 Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A portDisableReason: None portCFlags: 0x1 portFlags: 0x1 PRESENT U_PORT EX_PORT portType: 10.0 portState: 2 Offline portPhys: 2 No_Module portScn: 0 port generation number: 0 portId: 014a0[...]

  • Página 587

    Fabric OS Administrator ’s Guide 587 53-1002745-02 FC router port cost configuration 24 ------------------------------------------------------------------------ 4 95 10:00:00:05:1e:37:00:45 10.32.156.31 "5300" FCR WWN: 10:00:00:05:1e:12:e0:00, Dom ID: 100, Info: 10.32.156.50, "fcr_Brocade 5300" EX_Port FID Neighbor Switch Info[...]

  • Página 588

    588 Fabric OS A dministr ator’s Guide 53-1002745-02 FC router port cost configuration 24 Port cost considerations The rout er por t cost has the following considerations: • Rout er port sets are defined as follo ws: - 0–7 and FCIP T unnel 1 6–23 - 8–15 and FCIP T unnel 2 4–3 1 • The rout er por t cost does not help distinguish one IFL[...]

  • Página 589

    Fabric OS Administrator ’s Guide 589 53-1002745-02 EX_Port frame trunking configuration 24 ------------------------ 7/3 1000 7/4 1000 7/9 1000 7/10 1000 7/13 1000 10/0 1000 Yo u c a n a l s o u s e t h e fcrRouteShow command t o display the rout er port cost. To display the router port cost for a single EX_Port, enter the fcrRout erPor tCost comm[...]

  • Página 590

    590 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 For inf orm ation about setting up E_Por t trun king on an edge fabric, refer t o Chapt er 22, “Managing Tr u n k i n g C o n n e c t i o n s ” . LSAN zone configuration An LS A N c o ns is t s o f z o ne s i n t wo or m or e ed ge o r backbone fabrics that contain[...]

  • Página 591

    Fabric OS Administrator ’s Guide 591 53-1002745-02 LSAN zone configuration 24 NOTE The "LSAN_" prefix must appear at the beginn ing of the zone name. LSAN zo nes ma y not be combined with QoS zones. R ef er to “QoS zones” on page 525 for more inf ormation about the naming conv ention for QoS zones. T o enable device sharing across m[...]

  • Página 592

    592 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 3. Enter the zoneCreat e command t o create the L SAN lsan_zone _fabric75 , which includes the host. switch:admin> zonecreate "lsan_zone_fabric75", "10:00:00:00:c9:2b:c9:0c" 4. Enter the zoneAdd com ma nd to add T arg et A to t he LS AN . FID75Do[...]

  • Página 593

    Fabric OS Administrator ’s Guide 593 53-1002745-02 LSAN zone configuration 24 This action will replace the old zoning configuration with the current configuration selected. Do you want to enable 'zone_cfg' configuration (yes, y, no, n): [no] y zone config "zone_cfg" is in effect Updating flash ... 11 . Log in as an admin and c[...]

  • Página 594

    594 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 Setting the maximum LSAN count Y ou can se t the maximu m number of LS AN zones, or LSAN count, that can be configure d on the edge fabrics. By default, the maximum LSAN coun t is set t o 3000. Y ou can inc rease the maximum LSAN count t o 5000 without disabli ng the s[...]

  • Página 595

    Fabric OS Administrator ’s Guide 595 53-1002745-02 LSAN zone configuration 24 Y ou can specify two types of tags: • Enfor ce tag – Specifies which LSANs are to be enf orced in an FC rout er . • Speed tag – Specifies whic h LSANs are to be imported or exported f aster than o ther LSANs. The LSAN tags are persist ently saved and suppor t co[...]

  • Página 596

    596 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 lsan_f2_f1 (H1, D1) lsan_f2_f3 (H1, D2) The LSAN in the host f abric does not need the tag. 3. In Edge fabric 1, configure the following LSAN: lsan_super_f1_ f2 (H1, D1) 4. In Edge fabric 3, configure the follo wing LSAN: lsan_super_f3_ f2 (H1, D2) 5. T oggle either th[...]

  • Página 597

    Fabric OS Administrator ’s Guide 597 53-1002745-02 LSAN zone configuration 24 • The tag is from 1 thr o ugh 8 alphanumeric characters. • Y ou can configure only one Speed ta g on an FC rout er , and up to eight Enf orce tags on an FC rout er . The maximum number of tags (Enf orce and Speed) on an FC r outer is eight. • Up t o 500 Speed LSAN[...]

  • Página 598

    598 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 1. Log in to the FC r outer as admin. 2. Enter the fcrlsan -- remov e command to remo ve an e xisting LSAN tag . If you remo ve an Enfor ce LSAN tag, y ou must disable the switch first. Example of removing an Enf orce LSAN tag sw0:admin> switchdisable sw0:admin> [...]

  • Página 599

    Fabric OS Administrator ’s Guide 599 53-1002745-02 LSAN zone configuration 24 W i t h LS AN zo n e b i n d i n g , ea ch F C ro u te r i n t h e ba c k b o n e fa b r i c s to r e s o n l y t h e L SA N z o n e en t r i e s of the remot e edge fabrics that can access its local edge fabrics. The LSAN zone limit suppor ted in the backbone fabric is[...]

  • Página 600

    600 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 LSAN zone binding considerations • Without LSAN zone binding, the maximu m number of LSAN devi ces is 1 0,000. • With LSAN zone binding, the metaSAN can impor t more than 1 0,000 devices and the backbone fabric can suppor t more FC r outers. • With LSAN zone bind[...]

  • Página 601

    Fabric OS Administrator ’s Guide 601 53-1002745-02 LSAN zone configuration 24 FC router matrix definition Depending on the structure of the backbone fabric , y ou can specify pairs of FC routers that can access each other . F or the metaSAN shown in Figure 8 1 , the follo wing FC r outers can access each othe r: • FC rout er 1 and FC rout er 2 [...]

  • Página 602

    602 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 Setting up LSAN zone binding 1. Log in to the FC r outer as admin. 2. Enter the following command to add a pair of FC r outers that can access each other: FCR:Admin> fcrlsanmatrix --add -fcr wwn1 wwn2 The variables wwn 1 and wwn2 are the WWNs of the FC r outers. 3. [...]

  • Página 603

    Fabric OS Administrator ’s Guide 603 53-1002745-02 Proxy PID configuration 24 Proxy PID configuration When an FC router is first configured, the PIDs f or the proxy de vices are automatically assigned. Pro xy PIDs (as well as phantom domain IDs) persist acr oss reboots. The most comm on situatio n in which y ou would set a pr oxy PID is when y o [...]

  • Página 604

    604 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-fabric broadcast frames 24 Inter-fabric broadcast frames The FC rout er can receive and f o rward br oadcas t frames between edge fabrics and betw een the b a c k b o n e f a b r i c a n d e d g e f a b r i c s . M any t a r g et d ev ic e s a n d H B As c a n n o t h a n d l e b roa dc a [...]

  • Página 605

    Fabric OS Administrator ’s Guide 605 53-1002745-02 Resource monitoring 24 Y ou can monitor FC r outer resour ces using the fcrR esourceSho w command. The fcrR esourceShow command shows FCR resource limits and usage and includes the f ollowing: • LSAN zones and LSAN devices — The inf ormat ion shows the maximum versus the currently used zones [...]

  • Página 606

    606 Fabric OS A dministr ator’s Guide 53-1002745-02 FC-FC routing and Virtual Fabrics 24 20 | 8 34 21 | 8 34 22 | 8 34 23 | 8 34 FC-FC routing and Virtual Fabrics If Virtual Fabrics is not enabled, FC-FC r outing beha vior is unchanged. I f Vir tual Fabrics is enabled, then in the FC-FC routing conte xt, a ba se switch is like a backbone switch a[...]

  • Página 607

    Fabric OS Administrator ’s Guide 607 53-1002745-02 FC-FC routing and Virtual Fabrics 24 • Although the Br ocade 65 1 0 and 6520 suppor ts up to f our logical switches, if you are using FC-FC r outing, they can ha ve a maximum of three logical switches. Logical switch configur ation for FC routing Figure 82 shows an example of two chassis partit[...]

  • Página 608

    608 Fabric OS A dministr ator’s Guide 53-1002745-02 FC-FC routing and Virtual Fabrics 24 FIGURE 83 Logical representation of EX_Por ts in a base switch Backbone-to-edge routing with Virtual Fabrics Backbone-to-ed ge routing is n ot suppor ted in th e ba se switch, unless you use a legacy FC rout er . A legacy FC router is an FC r outer configured[...]

  • Página 609

    Fabric OS Administrator ’s Guide 609 53-1002745-02 Upgrade and downgrade co nsi derations for FC-FC routing 24 FIGURE 84 Backbone-to-edge r outing across base sw itc h using FC rout er in legacy mode Upgrade and downgrade considerations for FC-FC routing Wh e n yo u u pg r a d e t o Fa b r i c O S v 7 .0 .0 o r la te r, E X_ P or t s re m a in f [...]

  • Página 610

    610 Fabric OS A dministr ator’s Guide 53-1002745-02 Displaying the range of output ports connected to xlate domains 24 1. Log in to a switch in the edge fabric. 2. Enter the lsDbShow command on the edge fabric. In the lsDbShow output, por ts in the range from 129 thr ough 255 are the output por ts on the front domain. The f ollowing e xample show[...]

  • Página 611

    Fabric OS Administrator ’s Guide 611 53-1002745-02 Appendix A Port Indexing This appendix shows how t o us e the switchShow command t o det ermine the mapping among the por t index, slo t/por t numbers, and the 2 4-bit po r t ID (PID) on any Br oc ade Backbone. Ent er the switchShow command without paramet ers to show the po r t inde x mapping f [...]

  • Página 612

    612 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Indexing A 740 3 20 5 ------ -- 16G No_Module FC 741 3 21 5 ------ -- 16G No_Module FC 742 3 22 5 ------ -- 16G No_Module FC 743 3 23 5 ------ -- 16G No_Module FC 744 3 24 6 ------ -- 16G No_Module FC 745 3 25 6 ------ -- 16G No_Module FC 746 3 26 6 ------ -- 16G No_Module FC 747 3 27 6 ---[...]

  • Página 613

    Fabric OS Administrator ’s Guide 613 53-1002745-02 Port Indexing A Example of port in dexing on an FC8-64 blade on a Br ocade DCX-4S Backbone. The Bro cade DCX-4S does no t need a mapping of port s on port blades becaus e it is a one-to-one mapping. The or der is sequential st arting at slot 1 por t 0 all the wa y through slot 8 port 255 f or the[...]

  • Página 614

    614 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Indexing A Example of por t indexing on an FS8-18 blade on a DCX 85 10-8 Backbone This example sho ws the truncated swi tchShow output f or an FS8-18 encryption blade on the Brocade DCX 85 10-8 Backbone. The assignment of por t index numbers t o PIDs will var y depending on blade type, plat[...]

  • Página 615

    Fabric OS Administrator ’s Guide 615 53-1002745-02 Appendix B FIPS Support In this appendix • FIPS ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 15 • Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 15 • FIPS mode co[...]

  • Página 616

    616 Fabric OS A dministr ator’s Guide 53-1002745-02 Zeroization functions B FCSP Cha llenge Handshake Authentication Protocol (CHAP) Se cret secAuthSe cret –- remo ve The secAuthsecret -–create command is used to input the keys, and the secAuthsecret -–remo ve command is used to remo ve and zero ize the ke ys. All the DHCHAP/FCAP authentica[...]

  • Página 617

    Fabric OS Administrator ’s Guide 617 53-1002745-02 FIPS mode confi guration B Power-on self tests A pow er-on self-t est (POST) is in vok ed by po wering on the switch in FIPS mode and does not require any operat or intervention. If any KA T s fail, the switch goes into a FIPS Error state, which reboo ts the syst em to star t the t est again. If [...]

  • Página 618

    618 Fabric OS A dministr ator’s Guide 53-1002745-02 FIPS mode configuration B LDAP in FIPS mode Y ou can configure your Microsoft Active Direct or y server t o use the Lightweight Direct or y Access Pro tocol (LDAP) while in FIPS mode. There is no option pro vided on the switch t o configure TLS ciphers f or LDAP in FIPS mode. Ho we ver , the LD [...]

  • Página 619

    Fabric OS Administrator ’s Guide 619 53-1002745-02 FIPS mode confi guration B Setting up LDAP for FIPS mode 1. Log in to the switch using an account with ad min or securityadmin perm issions, or an account with OM permissions for the RADIUS and swit ch configuration RBAC classes of commands. 2. Enter the dnsConfig command to configure the DNS on [...]

  • Página 620

    620 Fabric OS A dministr ator’s Guide 53-1002745-02 FIPS mode configuration B 4. Set up LDAP according t o the instructions in “LDAP configuration and Microsof t Act ive Directory” on page 162, and the n per form the f ollowing additional Micr osof t Active Directory settings a. T o support FIPS-compliant TLS cipher suit es on the Microsoft A[...]

  • Página 621

    Fabric OS Administrator ’s Guide 621 53-1002745-02 Preparing a switch for FIPS B Exporting an LDAP switch certificate This proced ure exports the LDAP CA certificate fr om the switch t o the remot e host. 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the PKI RBAC class of co[...]

  • Página 622

    622 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing a switch for FIPS B Overview of steps 1. Remo ve legacy OpenSS H DSA ke ys. 2. Optional: Configure the RADIUS server or the LD AP ser ver . 3. Optional : Configure any authentication pr otocols. 4. For LDA P on ly : Install an SSL cer tificate on the Micr o sof t Activ e Directory serv[...]

  • Página 623

    Fabric OS Administrator ’s Guide 623 53-1002745-02 Preparing a switch for FIPS B 4. Optional: Set the authentication prot ocols. a. Enter the authUtil -- set -h sh a1 command to se t the hash type f or MD5, which is used in the DH-CHAP and FCAP authentication pro tocols. b. Enter the authUtil -- set -g n command (where n represents the DH gr oup)[...]

  • Página 624

    624 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing a switch for FIPS B • System services: No • cfgload attributes: Y es • Enfor ce secure config Upload/Download: Press En ter to accept the default. • Enfor ce firmware signature validatio n: Y es Example switch:admin> configure Not all options will be available on an enabled [...]

  • Página 625

    Fabric OS Administrator ’s Guide 625 53-1002745-02 Preparing a switch for FIPS B NOTE Passwor ds of the default accounts (admin and user) should be changed af ter e very zeroization operation to maintain FIPS 140-2 compliance. 3. Power -cycle the switc h. Displaying FIPS configuration 1. Log in to the switch using an account with admin or secu ri[...]

  • Página 626

    626 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing a switch for FIPS B[...]

  • Página 627

    Fabric OS Administrator ’s Guide 627 53-1002745-02 Appendix C Hexadecimal Conversion Hexadecimal overview Hexadecimal, also known as he x, is a numeral syst em with a base of 1 6, usually written b y means of symbols 0–9 and A–F (or a–f). Its primar y pu rpose is to represent the binary code that computers int erpret in a f ormat easier for[...]

  • Página 628

    628 Fabric OS A dministr ator’s Guide 53-1002745-02 Hexadecimal Conversion C Decimal-to-hexadecimal conversion table TA B L E 9 0 Decimal-to-hexadecimal conver sion t able Decimal 01 02 03 04 05 06 07 08 09 10 Hex 01 02 03 04 05 06 07 08 09 0a D e c i m a l 1 11 21 3 1 41 51 61 7 1 81 92 0 H e x 0 b0 c 0 d 0 e 0 f 1 0 1 11 21 31 4 Decimal 21 22 2[...]

  • Página 629

    Fabric OS Administrator ’s Guide 629 53-1002745-02 Hexadecimal Conversion C H e x a b a c a d a e a f b 0b 1b 2b 3b 4 Decimal 181 18 2 183 184 185 18 6 18 7 18 8 189 19 0 Hex b5 b6 b7 b8 b9 ba bb bc bd be Decimal 19 1 192 193 194 195 1 96 19 7 198 199 200 H e x b f c 0c 1c 2c 3c 4c 5c 6c 7c 8 Decimal 201 202 203 204 205 206 20 7 208 209 210 Hex c[...]

  • Página 630

    630 Fabric OS A dministr ator’s Guide 53-1002745-02 Hexadecimal Conversion C[...]

  • Página 631

    Fabric OS Administrator ’s Guide 631 53-1002745-02 Index Numerics 10 Gbps operation on an FC port, enabling , 476 10-bit addressing mode , 80 10G lic ense , 475 – 478 128-bit encryption, in browser , 18 2 16-link ICL lic ense , 472 1st POD ICL license , 471 256-area addressing mode , 81 2nd POD ICL lice nse , 471 8G license , 47 3 8-link ICL li[...]

  • Página 632

    632 Fabric OS A dministr ator’s Guide 53-1002745-02 policy distribution to other switches , 227 policy manageme nt , 196 – 199 policy members , 196 removing polic y member , 198 resolving conflict ing ACL policies , 229 activating ACL policy changes , 197 Admin Domains , 446 IP Filter po licy , 219 licenses , 481 ports on demand , 483 TI zones [...]

  • Página 633

    Fabric OS Administrator ’s Guide 633 53-1002745-02 switch members , 440 switch port members , 439 switch WWN , 440 switching context , 456 system-defined , 436 TACACS+ service , 173 TI zone considerations , 360 transaction model , 442 trunk area , 540 user-defined , 436 using , 454 validating members , 454 VF mode and , 290 Virtual Fabrics permis[...]

  • Página 634

    634 Fabric OS A dministr ator’s Guide 53-1002745-02 auto-assigned FA-PWWN behavior , 426 auto-leveling, FR4-18i blade , 264 , 270 automatic PID assignment, enabling , 82 B Backbone assigning fabric IDs , 582 blade compatibility , 96 fabric ID , 581 – 582 fabric, described , 572 port blades, described , 84 port configurations supported , 287 por[...]

  • Página 635

    Fabric OS Administrator ’s Guide 635 53-1002745-02 bottleneckMon command , 376 , 380 , 381 , 382 , 385 , 390 , 391 , 392 Broadcast server, described , 44 broadcast zones , 303 , 310 name restriction , 316 Brocade 6520 , 464 , 467 Brocade 7800, upgrade license , 464 , 470 Brocade 7800, XISL restriction , 286 Brocade adapters, configur ing F_Port t[...]

  • Página 636

    636 Fabric OS A dministr ator’s Guide 53-1002745-02 chassis names , 75 chassis, changing name of , 75 chassisDistribute comm and , 224 , 226 chassisName command , 75 ChassisRole Microsoft Active Directory , 165 OpenLDAP , 170 RADIUS , 155 TACACS+ , 170 chassisShow command , 103 CIDR block notation , 64 class 2 and 3 traffic support , 111 classCon[...]

  • Página 637

    Fabric OS Administrator ’s Guide 637 53-1002745-02 frameLog , 124 haDisable , 146 haFailover , 147 , 272 haShow , 103 , 262 , 263 , 271 haSyncStart , 263 help , 58 ifModeSet , 91 iodReset , 123 iodSet , 123 iodShow , 123 IP secCo nfig , 231 , 236 , 238 , 239 ipAddrSet , 65 , 66 , 67 , 223 , 298 ipAddrShow , 63 , 67 ipFilter , 190 , 191 , 218 , 21[...]

  • Página 638

    638 Fabric OS A dministr ator’s Guide 53-1002745-02 ssh-keygen , 180 sshUtil , 180 , 182 , 622 sshutil , 257 supportSave , 39 switchCfgPersistentDisable , 100 switchCfgSpeed , 92 switchCfgTrunk , 538 , 539 switchDisable , 76 , 110 , 121 , 489 switchEnable , 76 , 110 , 301 switchName , 74 switchShow , 87 , 102 , 104 , 299 , 301 , 400 , 419 , 423 ,[...]

  • Página 639

    Fabric OS Administrator ’s Guide 639 53-1002745-02 access methods, Web Tools , 55 audit log , 107 authentication , 403 authentication policy , 207 – 217 browser security certificates , 186 compressio n , 404 date and time , 69 device authentication , 211 device-switch connectio n , 88 DHCP , 66 encryption , 399 – 405 Enforce LSAN tag , 597 ex[...]

  • Página 640

    640 Fabric OS A dministr ator’s Guide 53-1002745-02 D D_Port, described , 84 daemon processes and High Availability , 53 daemon, tac_plus , 172 daemons automatically restarted , 53 date and time , 69 date change license restriction , 479 date command , 69 date settings , 69 daytime listener application , 192 DCC creating policy , 20 4 deleting po[...]

  • Página 641

    Fabric OS Administrator ’s Guide 641 53-1002745-02 compressio n , 405 CS_CTL-based frame prioritization , 522 DHCP , 67 F_Port trunking , 549 failover in TI zones, consideratio ns , 347 in-flight encryption , 405 ingress rate limiting , 519 ISL trunking , 538 local switch protection , 226 NPIV , 422 port , 90 QoS manually on trunked ports , 524 Q[...]

  • Página 642

    642 Fabric OS A dministr ator’s Guide 53-1002745-02 edge-to-edge routing , 581 EE monitors about , 501 adding , 502 clearing statistic counters , 505 defined , 499 deleting , 504 displaying counters , 504 maximum number , 501 setting a mask for , 503 supported port configurations for , 502 effective AD configuration , 442 effective zone configura[...]

  • Página 643

    Fabric OS Administrator ’s Guide 643 53-1002745-02 displayin g information , 542 masterless , 542 supported configurations and platforms , 542 Exchange Link Parameters mode. See: ELP mode. exchange-based routing , 118 , 119 , 123 expired licenses , 480 removing , 480 expiry keys , 396 exporting CSR for FCAP , 216 LDAP certificates , 621 public ke[...]

  • Página 644

    644 Fabric OS A dministr ator’s Guide 53-1002745-02 command line interface , 56 , 56 – 59 default roles , 134 feature interaction with Virtual Fabrics , 288 interaction with Virtual Fabrics , 288 policies , 196 protocols supported , 178 security protocols supported , 177 user accounts , 152 – 153 on RADIUS servers , 154 – 162 user accounts [...]

  • Página 645

    Fabric OS Administrator ’s Guide 645 53-1002745-02 See also: FC. Fibre Channel Authentication Protoco l. See: FCAP. Fibre Channel Common Transport (FC-CT) protoc ol service, described , 44 Fibre Channel fabrics, and port ID , 113 Fibre Channel Over IP service. See: FCIP. Fibre Channel port , 84 Fibre Channel port, enabling 10 Gbps operation , 476[...]

  • Página 646

    646 Fabric OS A dministr ator’s Guide 53-1002745-02 port configurations supported , 286 port restrictions , 286 FL_Port, described , 84 FLOGI , 52 defined , 51 FC-SP bit setting , 210 process , 52 rejected , 210 request frame header value , 52 fmMonitor command , 224 , 505 , 507 , 508 , 509 Advanced Performance Monitoring license , 506 fmsmode, a[...]

  • Página 647

    Fabric OS Administrator ’s Guide 647 53-1002745-02 TACACS+ , 173 home LF Microsoft Active Directory , 165 OpenLDAP , 170 RADIUS , 155 TACACS+ , 173 host syslog, verifying , 108 hosts, accessing , 192 HTTPS protocol , 182 described , 17 7 secure protocol , 178 I IAS configuring , 159 remote access policies , 159 ICL 16-link licen se , 472 1st POD [...]

  • Página 648

    648 Fabric OS A dministr ator’s Guide 53-1002745-02 policy rules , 219 policy rules using service names , 220 saving policy , 218 supported actions , 221 supported protocols , 221 supported services and port numbers , 220 IP interface for chassis manageme nt , 65 IP sec algorithms , 234 Authentication Header protocol , 233 configuration on the ma[...]

  • Página 649

    Fabric OS Administrator ’s Guide 649 53-1002745-02 in FIPS mode , 618 installing certificates , 620 IPv4 and IPv6 support , 162 non-FIPS mode restrictions , 162 role mapping and OpenLDAP , 168 role mapping, and Microsoft Acti ve Directory , 163 secure service , 150 LDAP server adding , 175 deleting , 175 reordering , 175 LDAP service configuratio[...]

  • Página 650

    650 Fabric OS A dministr ator’s Guide 53-1002745-02 blocked chargen , 192 daytime , 192 discard , 192 echo , 192 ftp , 192 rexec , 192 rlogin , 192 rsh , 192 rstats , 192 rusers , 192 time , 192 blocked list , 192 chargen , 192 daytime , 192 discard , 192 echo , 192 ftp , 192 rexec , 192 rlogin , 192 rsh , 192 rstats , 192 rusers , 192 time , 192[...]

  • Página 651

    Fabric OS Administrator ’s Guide 651 53-1002745-02 management server displaying ACL , 46 viewing database , 48 management server database , 45 – 49 Management server, described , 44 managing Admin Domains , 433 – 460 IP Filter thresho lds , 224 trunking connectio ns , 533 – 550 user accounts , 133 – 176 user-defined roles , 136 – 137 zo[...]

  • Página 652

    652 Fabric OS A dministr ator’s Guide 53-1002745-02 null encryption suppo rt for IKE policies , 240 O on-demand ports , 483 – 489 activating , 485 available ports , 484 disabling dynamic , 487 displaying installed licenses , 484 dynamic , 485 enabling dynamic , 486 supported devices , 483 Open LDAP See also: LDAP. OpenLDAP configuring , 165 –[...]

  • Página 653

    Fabric OS Administrator ’s Guide 653 53-1002745-02 disabling , 45 enabling , 45 Virtual Fabrics , 45 platforms, FC-FC routing supported , 570 PLOGI , 52 defined , 51 POD enabling ports , 89 releasing a port from a set , 488 reserving a port license , 488 See also: ports on demand. policies account lockout , 143 account lockout duratio n , 144 acc[...]

  • Página 654

    654 Fabric OS A dministr ator’s Guide 53-1002745-02 deactivation , 89 decommissioning , 90 deleting To p Talker mo nitor on , 514 disabling , 90 disabling dynamic POD , 487 disabling on blades , 96 displaying license assignments , 486 displaying the top n bandwidth-using flows , 513 dynamic POD , 485 E_Port compression/encryption example , 407 en[...]

  • Página 655

    Fabric OS Administrator ’s Guide 655 53-1002745-02 portDecom comm and , 90 portDisable comman d , 90 , 538 portEnable command , 89 , 485 portEncCompShow command , 396 , 399 , 401 , 402 , 404 PortFecCap , 128 portLoginShow command , 424 portName command , 86 ports on demand , 483 – 489 activating , 485 available ports , 484 disabling dynamic , 4[...]

  • Página 656

    656 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zone-based traffic prioritization , 523 disabling , 532 High Availability co nsiderations , 528 limitations and restrictions , 529 setting , 530 ssetting over FC routers , 532 supported configurations , 529 trunking co nsiderations , 530 Virtual Fabrics considerations , 528 QoS zones , 115 ,[...]

  • Página 657

    Fabric OS Administrator ’s Guide 657 53-1002745-02 upgrading temporary slot-based licenses , 479 Virtual Fabrics , 288 XISLs , 289 rexec listener application , 192 rlogin listener applicat ion , 192 Role-Based Access Control. See: RBAC. roleConfig command , 136 roles Admin Domain cons iderations , 135 assigning user-defined , 137 creating user-de[...]

  • Página 658

    658 Fabric OS A dministr ator’s Guide 53-1002745-02 length , 213 setting , 214 viewing list of , 213 secure copy protocol. See: SCP. Secure Fabric OS policies , 196 secure LDAP , 150 secure protocol HTTPS , 178 items needed to deploy , 178 SCP , 178 SNMPv1 , 178 SNMPv2 , 178 SNMPv3 , 178 SSHv2 , 178 Secure Shell protoco l. See: SSH. Secure Socket[...]

  • Página 659

    Fabric OS Administrator ’s Guide 659 53-1002745-02 security levels , 190 SNMPv1 secure protocol , 178 SNMPv2 secure protocol , 178 SNMPv3 secure protocol , 178 switch and chassis context enforcement , 189 v1 support , 188 v3 support , 188 Virtual Fabrics and , 189 snmpConfig c ommand , 188 , 190 , 623 snmpWalk command , 189 special zones , 303 sp[...]

  • Página 660

    660 Fabric OS A dministr ator’s Guide 53-1002745-02 switch database distribution setting , 224 unique names for logical , 74 user-defined accounts , 137 viewing status policy threshold values , 105 switch authentication m ode, setting , 152 switch authentication policy , 20 8 See also: AUTH. Switch Connection Control. See: SCC. switch firmware , [...]

  • Página 661

    Fabric OS Administrator ’s Guide 661 53-1002745-02 setting interactively , 71 time zone settings , 69 – 71 time, synchronizing local and ext ernal , 71 time-based licenses , 478 – 480 Top Talker monitors adding on all switches in fabric , 513 adding to aport (port mode) , 513 and FC-FC routing , 511 defined , 499 deleting all in fabric , 515 [...]

  • Página 662

    662 Fabric OS A dministr ator’s Guide 53-1002745-02 U U_Port, described , 84 unblocking telnet acce ss , 191 universal temporary license defined , 478 described , 48 0 extending , 480 shelf life , 480 unlocking an account , 144 unordered frame delivery, restoring , 123 upgrading firmware , 257 upgrading temporary slot-b ased licenses, restriction[...]

  • Página 663

    Fabric OS Administrator ’s Guide 663 53-1002745-02 configDownload restrictions , 252 configUpload restrictions , 252 configuration management , 250 configuring SNMP for , 189 – 190 considerations for Adv. Perf. Monitoring , 500 for WWN-based PID assignment , 82 considerations for ICLs , 494 ContextRoleList , 155 , 173 date settings , 69 DCC pol[...]

  • Página 664

    664 Fabric OS A dministr ator’s Guide 53-1002745-02 Z zeroization functions for FIPS , 615 zeroizing for FIPS , 624 zone access mode, viewing current , 327 accessing , 192 adding a new switch or fabric , 336 adding members , 317 administering security , 336 alias adding members , 313 deleting , 314 removing members , 314 viewing , 315 Virtual Fab[...]

  • Página 665

    Fabric OS Administrator ’s Guide 665 53-1002745-02 zoneRemove command , 31 8 zoneShow command , 322 zoning advanced , 303 – 342 advanced commands , 304 defined , 304 enforcement , 308 on logical ports , 316 overview , 304[...]

  • Página 666

    666 Fabric OS A dministr ator’s Guide 53-1002745-02[...]