Brocade Communications Systems 53-1002745-02 manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 666 pages
- 9.14 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Switch
Brocade Communications Systems 3200
4 pages 0.14 mb -
Switch
Brocade Communications Systems 6720
12 pages 0.37 mb -
Server
Brocade Communications Systems 4424
48 pages 2.31 mb -
Marine Radio
Brocade Communications Systems 53-1002745-02
666 pages 9.14 mb -
Switch
Brocade Communications Systems 3800
4 pages 0.29 mb -
Switch
Brocade Communications Systems 6510
64 pages 1.75 mb -
Home Theater Server
Brocade Communications Systems 12.4.00
267 pages 2.33 mb -
Switch
Brocade Communications Systems IPMC5000PEF
230 pages 1.71 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Brocade Communications Systems 53-1002745-02. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Brocade Communications Systems 53-1002745-02 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Brocade Communications Systems 53-1002745-02 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation Brocade Communications Systems 53-1002745-02 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Brocade Communications Systems 53-1002745-02
- nom du fabricant et année de fabrication Brocade Communications Systems 53-1002745-02
- instructions d'utilisation, de réglage et d’entretien de l'équipement Brocade Communications Systems 53-1002745-02
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Brocade Communications Systems 53-1002745-02 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Brocade Communications Systems 53-1002745-02 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Brocade Communications Systems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Brocade Communications Systems 53-1002745-02, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Brocade Communications Systems 53-1002745-02, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Brocade Communications Systems 53-1002745-02. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
53-1002 7 45-02 25 March 20 13 ® Fa b r i c O S Administrat or’s Guide Suppor ting F abric OS 7 .1.0[...]
-
Page 2
Copyright © 20 13 Brocade Communications Sys tems, Inc. All Rights Reser ved. ADX, An yIO, Brocade, Brocad e Assurance, t he B-wing symb ol, DCX, F abri c OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are regist ered trademarks, and HyperEdge, The Ef fortless Network, and The On-Demand Data Center are trademarks of Brocade Communicatio[...]
-
Page 3
Fabric OS Administrator ’s Guide 3 53-1002745-02 Contents (High Level) Section I Standard Features Chapter 1 Understanding Fibre Channel Services . . . . . . . . . . . . . . . . . . . . . . . . . 43 Chapter 2 Performing Basic Configuration Ta sks . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Chapter 3 Performing Advanced Configuration Ta[...]
-
Page 4
4 Fabric OS A dministr ator’s Guide 53-1002745-02 Appendix A Port Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 11 Appendix B FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5 Appendix C Hex adecimal Conv ersion . . . . . . . . . . . . . .[...]
-
Page 5
Fabric OS Administrator ’s Guide 5 53-1002745-02 Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Suppor ted har dware and sof tware . . . . . . . . . . . . . . . . . . . . . . . . . . 34 What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 6
6 Fabric OS A dministr ator’s Guide 53-1002745-02 Chapter 2 Performing Basic Configuration Ta sks Fabric OS ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Fabric OS command line int er face. . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6 Console sessions using the serial por t . . . . . . . . [...]
-
Page 7
Fabric OS Administrator ’s Guide 7 53-1002745-02 Chapter 3 Performing Advanced Configuration Tasks Port Identifiers (PIDs) and PID binding ov er view . . . . . . . . . . . . . . . 79 Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Fixed add ressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 8
8 Fabric OS A dministr ator’s Guide 53-1002745-02 Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0 7 V e rifying host syslog prior to configuring the audit log . . . . . . 1 08 Configuring an a udit log for specific event classes . . . . . . . . . 108 Duplicate PWWN handling during de vice login . [...]
-
Page 9
Fabric OS Administrator ’s Guide 9 53-1002745-02 Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 7 Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Local account passwor ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Local user account database d[...]
-
Page 10
10 Fabric OS A dministr ator’s Guide 53-1002745-02 T elnet pr otocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Blocking T elnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Unblocking T elne t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1[...]
-
Page 11
Fabric OS Administrator ’s Guide 11 53-1002745-02 IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1 7 Creating an IP Filt er policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 18 Cloning an IP Filt er policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 18 Displa[...]
-
Page 12
12 Fabric OS A dministr ator’s Guide 53-1002745-02 Chapter 9 Installing and Maintaining Firmware Firmw are download pr ocess overview . . . . . . . . . . . . . . . . . . . . . . .255 Upgrading and downg rading firmw are . . . . . . . . . . . . . . . . . . . 25 7 Considerations f or FICON CUP en vironments . . . . . . . . . . . . . 257 HA sync sta[...]
-
Page 13
Fabric OS Administrator ’s Guide 13 53-1002745-02 Limitations and restrictions of Vir tual F abrics . . . . . . . . . . . . . . . .288 Restrictions on XI SLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289 Restrictions on mo ving por ts . . . . . . . . . . . . . . . . . . . . . . . . . .289 Enabling Virt ual F abrics mode . .[...]
-
Page 14
14 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maint enance . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 6 Displaying e xisting zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6 Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 6 Adding de vices (mem[...]
-
Page 15
Fabric OS Administrator ’s Guide 15 53-1002745-02 General rules f or TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356 T raffic Isolation Zone violation ha ndling f o r trunk ports . . . . . 35 7 Suppor ted configurations f or T raf fic Isolation Zoning . . . . . . . . . .358 Additional configuration rules f or enhance[...]
-
Page 16
16 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing bottleneck de tection paramet ers . . . . . . . . . . . . . . . . . .384 Examples of applying and ch anging bottleneck dete ction paramet ers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Advance d bottleneck det ection settings . . . . . . . . . . [...]
-
Page 17
Fabric OS Administrator ’s Guide 17 53-1002745-02 Chapter 16 Dynamic Fabric Prov isioning: Fabric-Assigned PWWN Introducti on to Dynam ic Fabric Pr o visioning using F A-PWWN . . . .425 User- and auto-assigned F A-PWW N behavior . . . . . . . . . . . . . . . . . 42 6 Checking f or duplicat e F A -PWWNs . . . . . . . . . . . . . . . . . . . . . .4[...]
-
Page 18
18 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .454 CLI commands in an AD conte xt . . . . . . . . . . . . . . . . . . . . . . . .455 Executing a command in a differe nt AD conte x t . . . . . . . . . . .455 Displaying an Ad min Domain configur ation . . . . . . . . . .[...]
-
Page 19
Fabric OS Administrator ’s Guide 19 53-1002745-02 Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483 Displaying installed licenses . . . . . . . . . . . . . . . . . . . . . . . . . . .484 Activ ating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .485 Dynamic Ports on Demand . . .[...]
-
Page 20
20 Fabric OS A dministr ator’s Guide 53-1002745-02 T op T alker monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1 0 T op T alk er monitors and FC-FC routing . . . . . . . . . . . . . . . . . . . 5 11 Limitations of T op T alker monito rs . . . . . . . . . . . . . . . . . . . . . . 5 12 Adding a T op T alker [...]
-
Page 21
Fabric OS Administrator ’s Guide 21 53-1002745-02 Chapter 22 Managing Trunking Connections T runking o verview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533 T ypes of trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534 Masterless trunking . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 22
22 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555 Buffer -to-buff er flow contr ol . . . . . . . . . . . . . . . . . . . . . . . . . . .555 Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .556 Fibre Channel gigabit values re[...]
-
Page 23
Fabric OS Administrator ’s Guide 23 53-1002745-02 LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .590 Use of Admin Domains with LSAN zones and FC-FC r outing .590 Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .590 LSAN zones and fabric-t o-fabric communications . . . . . . [...]
-
Page 24
24 Fabric OS A dministr ator’s Guide 53-1002745-02[...]
-
Page 25
Fabric OS Administrator ’s Guide 25 53-1002745-02 Figures Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Figure 3 Blade swap with Virtual Fab[...]
-
Page 26
26 Fabric OS A dministr ator’s Guide 53-1002745-02 Figure 36 Illegal ETIZ configuration: two paths from on e port to two devices on the same remote domain 351 Figure 3 7 Illegal ETIZ configuration: two paths from one port . . . . . . . . . . . . . . . . . . . . . . 352 Figure 38 Traffic Isolation Zoning over FCR . . . . . . . . . . . . . . . . . [...]
-
Page 27
Fabric OS Administrator ’s Guide 27 53-1002745-02 Figure 7 7 MetaSAN with imported devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 Figure 78 Sample topology (physical topology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 Figure 79 EX_Port phantom switch topology . . . . . . . . . .[...]
-
Page 28
28 Fabric OS A dministr ator’s Guide 53-1002745-02[...]
-
Page 29
Fabric OS Administrator ’s Guide 29 53-1002745-02 Tables Ta b l e 1 Daemons that are automatically restarted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Ta b l e 2 Terminal port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Ta b l e 3 Help topic contents . . . . . . . . . . [...]
-
Page 30
30 Fabric OS A dministr ator’s Guide 53-1002745-02 Ta b l e 37 Supported services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Ta b l e 3 8 Implicit IP Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Ta b l e 3 9 Default IP policy r[...]
-
Page 31
Fabric OS Administrator ’s Guide 31 53-1002745-02 Ta b l e 7 8 VCs assigned to QoS priority for frame prio ritization in CS_CTL auto mode . . 521 Ta b l e 7 9 Trunking over long-distance for the Backbones and blade s . . . . . . . . . . . . . . . 541 Ta b l e 8 0 F_Port masterless trunking consider ations . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 32
32 Fabric OS A dministr ator’s Guide 53-1002745-02[...]
-
Page 33
Fabric OS Administrator ’s Guide 33 53-1002745-02 About This Document In this chapter • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 • Suppor ted har dware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 • What’s new in this document . . . . . . . . [...]
-
Page 34
34 Fabric OS A dministr ator’s Guide 53-1002745-02 • Chapter 11 , “ Administering Advanced Zoning,” pro vides proc edures for use of the Br ocade Advanced Zoning f eature. • Chapter 12, “T raf fic Isolation Zoning,” provides concepts and procedures for use of T raf fic Isolation Zones within a fabric. • Chapter 1 3, “Bottleneck De[...]
-
Page 35
Fabric OS Administrator ’s Guide 35 53-1002745-02 The follo wing hardw are platf orms are suppor ted b y this release of Fabric OS: • Fixed-po r t switches: - Brocade 300 switch - Brocade 5 1 00 switch - Brocade 5300 switch - Brocade 54 1 0 embedded switch - Brocade 542 4 embedded switch - Brocade 5430 embedded switch - Brocade 5450 embedded sw[...]
-
Page 36
36 Fabric OS A dministr ator’s Guide 53-1002745-02 • Updat ed the Not e in “In-flight en cr yption and compression overview” on page 393. • In “Encr yption and compression restrictions” on page 394, clarified the restrictio n about the number of ports suppor ted. • Corrected the “Example of enabling encr yption and compression on [...]
-
Page 37
Fabric OS Administrator ’s Guide 37 53-1002745-02 Notes, cautions, and warnings The f ollowing notices and stat ements are used in this manual. They are list ed below in or der of increasing sev erity of pot ential hazards. NOTE A not e pro vides a tip, guidance or advice, emphasizes im por tant info rmation, or pr ov ides a ref erence to re la t[...]
-
Page 38
38 Fabric OS A dministr ator’s Guide 53-1002745-02 Additional information This section lists additional Br ocade and industr y-specific docu mentation that you might find helpful. Brocade resources T o get up-to-the-minute inf ormation, go to http://my .brocade.com and regist er at no cost fo r a user ID and passwor d. For practical discussions a[...]
-
Page 39
Fabric OS Administrator ’s Guide 39 53-1002745-02 1. Gen eral Informa tion • Switch model • Switch operating system version • Error numbers and messages received • suppor tSav e co mmand output • Detailed description of the pr oblem, including the switch o r fabric beha vior immediat ely follo wing the pr oblem, and specific qu estions [...]
-
Page 40
40 Fabric OS A dministr ator’s Guide 53-1002745-02 Document feedback Quality is our first concern at Brocade and we ha ve made ev er y ef fort to ensure the accuracy and complet eness of this document. Ho we ver , if y ou find an error or an omission, or y ou think that a topic need s fur ther de velopment, w e want to hear from y ou. Forward y o[...]
-
Page 41
Fabric OS Administrator ’s Guide 41 53-1002745-02 Section I Standard Features This section describes standard F abric OS f e atures, and includes th e follo wing chapters: • Chapter 1, “Understanding Fibre Channel Services” • Chapter 2, “P er forming Basic Configuration T asks” • Chapter 3, “P er forming Advanced Configuration T a[...]
-
Page 42
42 Fabric OS A dministr ator’s Guide 53-1002745-02[...]
-
Page 43
Fabric OS Administrator ’s Guide 43 53-1002745-02 Chapter 1 Understanding Fibre Channel Services In this chapter • Fibre Channel services ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 • Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 • Platf orm[...]
-
Page 44
44 Fabric OS A dministr ator’s Guide 53-1002745-02 Management server 1 Management server — The management server pro v ides a single point for managing the fabric. This is the only service that users can configure. See “Management ser ver” belo w for more details Alias ser ver — The alias server keeps a gr oup of no des registered as one [...]
-
Page 45
Fabric OS Administrator ’s Guide 45 53-1002745-02 Management server database 1 Platform services and Virtual Fabrics Each logical switch has a sep arate platf orm databa se. All platform registrations done t o a logical switch are valid only in that par t icular logical switch’s Vir tual Fabric. Activating the platform services on a switch acti[...]
-
Page 46
46 Fabric OS A dministr ator’s Guide 53-1002745-02 Management server database 1 If the list is empty ( the default), the manageme nt ser ver is accessible t o all systems connect ed in-band to the fabric. For more access security , you can specify WWNs in the ACL so that access to the management server is restricted to only those WWNs list ed. NO[...]
-
Page 47
Fabric OS Administrator ’s Guide 47 53-1002745-02 Management server database 1 Example of adding a member to the mana gement ser ver ACL switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 2 Port/Node WWN (in hex): [ 00:00:00:00:00:00:[...]
-
Page 48
48 Fabric OS A dministr ator’s Guide 53-1002745-02 Management server database 1 5. At the “select” pr ompt, ent er 1 t o display the access list so y ou can verify that the WWN y ou entered w as delete d from the A CL. 6. Af ter verifying that the WWN was delet ed correctly , enter 0 at the “select” pr ompt to end the session. 7 . At the [...]
-
Page 49
Fabric OS Administrator ’s Guide 49 53-1002745-02 Topology discovery 1 Number of Associated Node Names: 1 Associated Node Names: 10:00:00:60:69:20:15:75 Clearing the management server database Use the f ollowing pr ocedure to clea r the management server database: NOTE The command msPlClearDB is allo wed only in AD0 and AD255. 1. Connect to the s[...]
-
Page 50
50 Fabric OS A dministr ator’s Guide 53-1002745-02 Topology discovery 1 *MS Topology Discovery enabled locally. *MS Topology Discovery Enable Operation Complete!! Disabling topology discovery Use the f ollowing pr ocedure to disable t opology discov er y: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the a[...]
-
Page 51
Fabric OS Administrator ’s Guide 51 53-1002745-02 Device login 1 Device login A device can be storage, a host, or a switch. When new devices are introduced into the fabric, t hey must be powered on and, if a host or storage de vice, connected t o a switch. Switch-t o-switch logins (using the E_Port) are handled dif ferently than st orage and host[...]
-
Page 52
52 Fabric OS A dministr ator’s Guide 53-1002745-02 Device login 1 Fabric login process A device p er forms a f abric login (FL OGI) to determine if a fabric is present. If a fabric is det ected then it ex changes ser vice parameters with the fabr ic controller . A successful FL OGI sends back the 2 4-bit address for the de vice in the fabric. Th [...]
-
Page 53
Fabric OS Administrator ’s Guide 53 53-1002745-02 High availability of daemon proce sses 1 Duplicate Port World Wide Name Accor ding to Fibre Channel standards, the P o r t W orld Wide Name (PWWN) of a de vice cannot ov erlap with that of another device, thus ha ving duplicate PWWNs within the same fabric is an illegal configuratio n. If a PWWN c[...]
-
Page 54
54 Fabric OS A dministr ator’s Guide 53-1002745-02 High availability of daemon proce sses 1 webd Webserver daemon used for W ebT ools (includes httpd as well). weblinkerd Weblinker daemon provides an HTTP i nter face to manageab ility applic ations for switch manageme nt and fabric di scovery . TA B L E 1 Daemons that are automa tically rest ar t[...]
-
Page 55
Fabric OS Administrator ’s Guide 55 53-1002745-02 Chapter 2 Performing Basic Configuration Tasks In this chapter • Fabric OS o verview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 • Fabric OS command line int er face . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 • Passw [...]
-
Page 56
56 Fabric OS A dministr ator’s Guide 53-1002745-02 Fabric OS c ommand line i nterface 2 Although many diffe rent sof tware and har dware configurations are test ed and suppor ted by Brocade Communications Systems, Inc., docu menting all possib le configurations a nd scenarios is bey ond the scope of this document. In some cases, earlier releases [...]
-
Page 57
Fabric OS Administrator ’s Guide 57 53-1002745-02 Fabric OS command line interface 2 • In a Windows envir onment enter the following parameters: • In a UNIX envir onment, enter the following string at the prom pt: tip /dev/ttyb -9600 If ttyb is already in use, use tt ya instead and enter the f ollowing string at the prom pt: tip /dev/ttya -96[...]
-
Page 58
58 Fabric OS A dministr ator’s Guide 53-1002745-02 Fabric OS c ommand line i nterface 2 Connecting to Fabr ic OS using Telnet Use the f ollowing pr ocedure to connect t o the Fabric OS using T elnet: 1. Connect through a serial por t to the swit ch that is appropriate f o r your fabric: • If Virt ual Fabrics is enabled, log in using an admin ac[...]
-
Page 59
Fabric OS Administrator ’s Guide 59 53-1002745-02 Fabric OS command line interface 2 The commands in the f ollowing table pro vides help files f or the indicated specific t opics. Viewing a history of command line entries The CLI command histor y log file sa ves the last 5 1 2 commands from all users on a FIFO basis, and this log is persistent ac[...]
-
Page 60
60 Fabric OS A dministr ator’s Guide 53-1002745-02 Fabric OS c ommand line i nterface 2 Example cliHistor y command output from admin login switch:admin> clihistory CLI history Date & Time Message Thu Sep 27 10:14:41 2012 admin, 10.70.12.101, clihistory Thu Sep 27 10:14:48 2012 admin, 10.70.12.101, clihistory --show switch:admin> cliHis[...]
-
Page 61
Fabric OS Administrator ’s Guide 61 53-1002745-02 Password modification 2 Notes: • SSH login CLI logs are not recor ded in the command line history . • The CLI command log will be c ollected as part of any “suppor tsav e” operation. The command long recor d of such an oper ation will be th e equivale nt of running “cliHistory -- showal [...]
-
Page 62
62 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 Changing the default acco unt passwords at login Use the f ollowing pr ocedure to chan ge the def ault account passwords: 1. Connect to the switch and log in usin g the defaul t administ rative ac count. 2. At each of the “Enter ne w password” pr ompts, either [...]
-
Page 63
Fabric OS Administrator ’s Guide 63 53-1002745-02 The switch Ethernet interface 2 NOTE When you change the Etherne t interface settings, open connections su ch as SSH or T elnet may be dropped. Reconnect using the ne w Ethernet IP addr ess information or change the Ethernet setti ngs using a console sess ion throu gh the serial port to maintain y[...]
-
Page 64
64 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 Host Name: ecp1 Gateway IP Address: 10.1.2.3 IPFC address for virtual fabric ID 123: 11.1.2.3/24 IPFC address for virtual fabric ID 45: 13.1.2.4/20 Slot 7 eth0: 11.1.2.4/24 Gateway: 11.1.2.1 Backplane IP address of CP0 : 10.0.0.5 Backplane IP address of CP1 : 10.0.[...]
-
Page 65
Fabric OS Administrator ’s Guide 65 53-1002745-02 The switch Ethernet interface 2 Setting the static addresses for the Etherne t ne twork interface Use the f ollowing pr ocedure to set the Ethernet netw ork int e r face static addresses: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Per form the appr opriate[...]
-
Page 66
66 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 DHCP activation Some Br ocade switches ha ve DHCP enabled by defau lt. Fabric OS suppor t f or DHCP functionality is only pro vided for Br ocade fixed- por t switches. These are list ed in the Pref ace . NOTE The Bro cade DCX and Broc ade DCX-4S Backbones do not su[...]
-
Page 67
Fabric OS Administrator ’s Guide 67 53-1002745-02 The switch Ethernet interface 2 5. Y ou can confirm that the change has been made using the ipAddrShow command. Example of enabling DHCP for IPv4 in tera ctivel y: switch:admin> ipaddrset Ethernet IP Address [10.1.2.3]: Ethernet Subnetmask [255.255.255.0]: Fibre Channel IP Address [220.220.220.[...]
-
Page 68
68 Fabric OS A dministr ator’s Guide 53-1002745-02 The switch Ethernet interface 2 DHCP [On]: off switch:admin> Example of disa bling DHCP for IPv4 usi ng a single comman d: switch:admin> ipaddrset –ipv4 -add -dhcp OFF switch:admin> ipaddrshow SWITCH Ethernet IP Address: 10.20.134.219 Ethernet Subnetmask: 255.255.240.0 Gateway IP Addre[...]
-
Page 69
Fabric OS Administrator ’s Guide 69 53-1002745-02 Date and time settings 2 Date and time settings Switches maintain the current dat e and time inside a battery -backed real-time clock (RT C) circuit that receives the dat e and time from the f abric ’s principal switch. Dat e and time are used for logging ev ents. Switch operation does not depen[...]
-
Page 70
70 Fabric OS A dministr ator’s Guide 53-1002745-02 Date and time settings 2 When you set the time zone f or a switch, you can perform the f ollowing tasks: • Display all of the time zones supported in the firmw are. • Set the time zone based on a country and city combination or based on a time zone ID, such as PST . The time zone setting has [...]
-
Page 71
Fabric OS Administrator ’s Guide 71 53-1002745-02 Date and time settings 2 Setting the time zone interactive ly Use the f ollowing pr ocedure to set the current time zone to PST using interactiv e mode: 1. Connect to the switch and log in using an account assigned to the admin role and with the chassis- rol e permissio n. 2. Enter the tsTimeZone [...]
-
Page 72
72 Fabric OS A dministr ator’s Guide 53-1002745-02 Domain IDs 2 Use the f ollowing pr ocedure to synchr onize the local time with an e xternal sour ce: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the tsClockSer ver command. switch:admin> tsclockser ver " ntp1 ; ntp2 " In this syntax, ntp[...]
-
Page 73
Fabric OS Administrator ’s Guide 73 53-1002745-02 Domain IDs 2 Displaying the domain IDs Use the f ollowing pr ocedure to displa y device d omain IDs: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the fabric Show command. Example output of fabric information, including the domain ID (D_I D) The princip[...]
-
Page 74
74 Fabric OS A dministr ator’s Guide 53-1002745-02 Switch names 2 Setting the domain ID Use the f ollowing pr ocedure to set the domain ID: 1. Connect to the switch and log in on an account assigned to the admin r ole. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the Fab ri c P ar a m [...]
-
Page 75
Fabric OS Administrator ’s Guide 75 53-1002745-02 Chassis names 2 Chassis names Brocade recommends that you cust omize the chassi s n am e fo r e a c h pl a t fo r m . So m e s y s te m l og s i d e n t if y d evi c e s by p l a t fo rm n a m e s ; i f y o u a s s i g n meaningful platform names, logs are more useful. All chassis names suppor ted[...]
-
Page 76
76 Fabric OS A dministr ator’s Guide 53-1002745-02 Switch activation and deactivation 2 High availability considerations for fabric names Fabric names locally configured or obtained from a remote switch are sa ved in the configuration database, and then synchr onized to th e standby CP on dual-CP-based syst ems. Upgrade and downgrade consid erati[...]
-
Page 77
Fabric OS Administrator ’s Guide 77 53-1002745-02 Switch and Backbone shutdown 2 Powering off a Brocade switch Use the f ollowing pr ocedure to gracefully shut do wn a Bro cade switch. 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the sysShutdown command. 3. Enter y at the prompt. switch:admin> syss[...]
-
Page 78
78 Fabric OS A dministr ator’s Guide 53-1002745-02 Basic connections 2 Basic connections Bef ore connecting a switch to a fa bric that contains switches running dif ferent firmw are versions, you must first set the same por t identifica tion (PID) f o rmat on all switches. The presence of different PID f ormats in a fabric causes f abric segmenta[...]
-
Page 79
Fabric OS Administrator ’s Guide 79 53-1002745-02 Chapter 3 Performing Advanced Configuration Tasks In this chapter • Port Identifiers (PIDs) and PID binding o ver view . . . . . . . . . . . . . . . . . . . . . . 79 • Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 •[...]
-
Page 80
80 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 Core PID addressing mode Core PID is the default PID format fo r Brocade platfo rms. It uses the entire 2 4-bit address space of the domain, area ID, and AL_P A to determine an o bject’s address within the fabric. The Core PID is a 2 4-bit addr[...]
-
Page 81
Fabric OS Administrator ’s Guide 81 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 • Shared area limitations are remov e d on 48-port and 64-p ort blad es. • Any port on a 48-por t or 64-por t blade can suppor t up to 256 NPIV devic es (in fixed addressing mode, only 128 NPIV de vices are suppor ted in non-VF mode and 64 NPI[...]
-
Page 82
82 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 WWN-based PID assignment WWN-based PID assignment is disa bled by def ault. When the f e ature is enabled, bindings are created dynamically; as new devices log in, they automatic ally enter the WWN-based PID database. The bindings exist until you[...]
-
Page 83
Fabric OS Administrator ’s Guide 83 53-1002745-02 Port Identifiers (PIDs) and PID binding overview 3 Use the f ollowing pr ocedure to en able automatic PID assignment: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the configure command. 3. At the Fa br i c P ar a m ete r s prompt, type y . 4. At the WWN Ba[...]
-
Page 84
84 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Ports Ports provide either a ph ysical or vir tual networ k connection point for a device. Br ocade devices suppor t a wide variety of ports. Port Types The following is a list of po r t types that may be par t of a Brocade de vice: • D_Port — A diagnos tic por t lets an administrator[...]
-
Page 85
Fabric OS Administrator ’s Guide 85 53-1002745-02 Ports 3 The different blades that can be inser ted into a chassis are described as f ollows: • Control pr ocessor blades (CPs) contain communicati on por ts for system management, and are used fo r low-level, platf orm-wide tasks. • Core blades are used for intra-chassis switchin g as well as [...]
-
Page 86
86 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Upgrade and Downgrade considerations For an upgrade, unless bo th CP8 ext e rnal Ethe rnet ports are upgraded and rebooted, the bonding fe ature will not be enabled. On a do wngrade, th e first ph ysical por t named eth0 has t o be connected f or the device t o initialize correctly ; the [...]
-
Page 87
Fabric OS Administrator ’s Guide 87 53-1002745-02 Ports 3 Port identification by slot and port number The por t nu mber is a num ber assigned to an external por t to give it a unique ident ifier in a switch. T o select a specific por t in the Backbones, you must identify both the sl ot number and the por t number using the format slot number/port[...]
-
Page 88
88 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Configuring a device-switch connection T o configu re an 8G (and 8G only) conn ecti on betw een a device and a switch, use the por tCfgFillWor d command. This command provides the follo wing configuration optio ns: • Mode Link Init/Fill W ord • Mode 0 IDLE/IDLE • Mode 1 ARBF/ARB F ?[...]
-
Page 89
Fabric OS Administrator ’s Guide 89 53-1002745-02 Ports 3 1. Connect to the switch and log in us ing an account with admin permissions. 2. Ena ble the por tSwapE nable command t o enable the f eature. 3. Enter the portDisable command on each of th e sourc e and destination por ts to be swapped. switch:admin> portdisable 1 ecp:admin> portdis[...]
-
Page 90
90 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Disabling a port Use the f ollowing pr ocedure to disable a port: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the appropriat e command based on the curre nt stat e of the port and on whether it is necessar y to specify a slot number: • T o disa[...]
-
Page 91
Fabric OS Administrator ’s Guide 91 53-1002745-02 Ports 3 • When selecting autonegotiation, y ou can choose the specific link operating modes that are advertised to the link par tner . At least one mode mu st be adver tise d in commo n by both sides of the link. • When fo rcing th e link operating mode, bo th sides of the link must be for ced[...]
-
Page 92
92 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports 3 Example of setting the por t mode to 1 0 Mbps half-dupl ex operation T o f o rce the link f or the eth0 interface fr om au tonego tiation to 1 0 Mbps half-duplex operation, when entering this command thr ough the serial console por t: switch:admin> ifmodeset eth0 Auto-negotiate (yes, y[...]
-
Page 93
Fabric OS Administrator ’s Guide 93 53-1002745-02 Blade terminology and compatibility 3 Setting port speed for a port octet Y ou can use the portCfgOctetSpeedCombo command t o configure the speed f or a por t octet. Be aw are that in a Vir tual Fabrics envir onment, th is comm and applies chassis-wide and not just to the logical switch. Use the f[...]
-
Page 94
94 Fabric OS A dministr ator’s Guide 53-1002745-02 Blade terminology and compatibility 3 TA B L E 6 Por t blade terminology , numbering, and platform support Supported on: Blade Blade ID (slotshow) DCX family DCX 8510 family Ports D efinit ion FC8-1 6 1 2 1 Y es No 16 8- Gbps port blade suppor ting 1, 2, 4, and 8 Gbps port speeds. Ports are numbe[...]
-
Page 95
Fabric OS Administrator ’s Guide 95 53-1002745-02 Blade terminology and compatibility 3 CP blades The control processor (CP) blade provides r edundancy and acts as the main contr oller on the Brocade Backbone. The Brocade DCX and DCX 85 10 Backbone families suppor t the CP8 blades . The CP blades in the Br ocade DCX and DCX 85 1 0 Backbone famili[...]
-
Page 96
96 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling and di sabling blades 3 Port and application blade compatibility Ta b l e 6 on page 94 identifies which port and applic ation blades are supported f or each Brocade Backbone . NOTE During pow er up of a Brocade DCX or DCX- 4S Backbo ne, if an FCOE1 0-2 4 is detect ed first bef ore any ot[...]
-
Page 97
Fabric OS Administrator ’s Guide 97 53-1002745-02 Blade swapping 3 Enabling blades Use the f ollowing pr ocedure to enable a blade: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the bladeEnable command with the slo t number of the port blade you want to enable. ecp:admin> bladeenable 3 Slot 3 is being e[...]
-
Page 98
98 Fabric OS A dministr ator’s Guide 53-1002745-02 Blade swapping 3 • Blade swapping is not supported when swapping to a different model o f blade or a different por t count. For e xample, you canno t swap an FC8-32 blade with an FC8-48 port blade. How blades are swapped The bladeSwap command performs the f ollowing op erations: 1. Blade select[...]
-
Page 99
Fabric OS Administrator ’s Guide 99 53-1002745-02 Blade swapping 3 The preparation process al so includes any special handling of por ts associated with logical switches. For e xample Figure 3 shows the source blade has ports in a logical switch or logical fabric, then the corresponding destination por t s must be included in the associat ed logi[...]
-
Page 100
100 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling and disabling switches 3 FIGURE 4 Blade swap with V ir tual Fabrics af ter the swap Swapping blade s Use the f ollowing pr ocedure to swap blades: 1. Connect to the Backbone and log in us ing an account with admin permissions. 2. Enter the bladeSwap command. If no errors are encount ere[...]
-
Page 101
Fabric OS Administrator ’s Guide 101 53-1002745-02 Power management 3 Using switchCfgPersistentDisable Entering switchCfgPersistentDisable with no arguments disables the switch immediat ely. Example of using switchCfgP ersistentDis able command output without arguments switch:admin> switchCfgPersistentDisable Switch's persistent state set[...]
-
Page 102
102 Fabric OS A dministr ator’s Guide 53-1002745-02 Equipmen t status 3 The power monit or compares the available po wer with the power req u ired to det ermine if there will be enough pow er to operat e. If it is predicted t o be less power a vailable than required, the pow er-off list is pr ocessed until there is enough pow er f or operation. B[...]
-
Page 103
Fabric OS Administrator ’s Guide 103 53-1002745-02 Equipment status 3 4. Use the switchStatusShow command to further check the status of the switch. Verifying High Availability features (Backbones only) High Av ailability (HA) features provide maximum reliability and nondis ruptive management of key hardware and software modules. Use the f ollowi[...]
-
Page 104
104 Fabric OS A dministr ator’s Guide 53-1002745-02 Track and control switch changes 3 Verifying device connectivity Use the f ollowing pr ocedure to verify device co nnectivity: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Optional : Ent er the switchShow command to v erify devices, hosts, and st orage are con[...]
-
Page 105
Fabric OS Administrator ’s Guide 105 53-1002745-02 Track and control switch changes 3 switch:admin> trackchangesset 1 Committing configuration...done. 3. View the log using the co mmands errDump |more to displa y a page at a time or errShow to view one line at a time. 2008/10/10-08:13:36, [TRCK-1001], 5, FID 128, INFO, ras007, Successful login[...]
-
Page 106
106 Fabric OS A dministr ator’s Guide 53-1002745-02 Track and control switch changes 3 Flash 0 0 MarginalPorts 0.00%[0] 0.00%[0] FaultyPorts 0.00%[0] 0.00%[0] MissingSFPs 0.00%[0] 0.00%[0] ErrorPorts 0.00%[0] 0.00%[0] Number of ports: 4 Setting the switch status policy threshold values Use the f ollowing pr ocedure to set the sw itch status polic[...]
-
Page 107
Fabric OS Administrator ’s Guide 107 53-1002745-02 Audit log configuration 3 Bad Fans contributing to DOWN status: (0..2) [2] Bad Fans contributing to MARGINAL status: (0..2) [1] (output truncated) NOTE On the Broc ade Backbones, the co mmand output includes parameters relat ed to CP blades. Audit log configuration When managing SANs y ou may w a[...]
-
Page 108
108 Fabric OS A dministr ator’s Guide 53-1002745-02 Audit log configuratio n 3 NOTE Only the active CP can generate audit messages because eve nt classes being audited occur only on the active CP . Audit messages cannot origin ate fr om other blades in a Backbone. Switch names are lo gged for switch components and Backbone names for Backbone comp[...]
-
Page 109
Fabric OS Administrator ’s Guide 109 53-1002745-02 Duplicate PWWN handling during device login 3 4. Enter the auditCfg -- show command to vie w the filter co nfiguration and confirm that the correct ev ent classes are being audited, and the co rrect filter stat e appears (enabled or disabled). switch:admin> auditcfg --show Audit filter is enab[...]
-
Page 110
110 Fabric OS A dministr ator’s Guide 53-1002745-02 Duplicate PWWN handling during device login 3 Setting 2, Mixed precedence When setting 2 is select ed, the precedence d e pends on the port type of the first login. • If the previo us por t is an F_Port, the first login takes precedence. • If the previous por t is an NPIV por t, the second l[...]
-
Page 111
Fabric OS Administrator ’s Guide 111 53-1002745-02 Chapter 4 Routing Traffic In this chapter • Routing o ver view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1 • Inter -switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 4 • Gate way [...]
-
Page 112
112 Fabric OS A dministr ator’s Guide 53-1002745-02 Routing overview 4 Paths and route selection Paths are possible ways to get fr om one switch to another . Each inter -switch lin k (ISL) has a metric cost based on bandwidth. The cumu lativ e cost is based on the sum of all costs of all tra versed ISLs. Rout e selection is the path that is chose[...]
-
Page 113
Fabric OS Administrator ’s Guide 113 53-1002745-02 Routing overview 4 FSPF makes minimal use of the ISL bandwidth, leaving vir tually all of it available f or traf f ic. In a stable fabric, a switch transmits 64 bytes e very 20 seconds in each direction. FSPF frames hav e the highest priority in the fabric. This guarant ees that a contro l frame [...]
-
Page 114
114 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-swi tch links 4 Inter-switch links An inter -switch link (ISL) is a link between tw o switch es, E_Port-to-E_Po r t. The por ts of the two switches automatically come o nline as E_Por ts on ce the login pr ocess finishes successfully. F or more inf ormation on the login pr ocess, ref er to[...]
-
Page 115
Fabric OS Administrator ’s Guide 115 53-1002745-02 Inter-switch links 4 Buffer credits In or der to pre vent the dro pping of frames in the fabric, a device can ne ver send frames without the receiving device being able to receive them, so an end-to-end flow contr o l is used on the switch. Flow control in Fibre Channel uses buf fer -to-buf f er [...]
-
Page 116
116 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-swi tch links 4 FIGURE 7 Vir tual channels on a Qo S-enabled ISL[...]
-
Page 117
Fabric OS Administrator ’s Guide 117 53-1002745-02 Gateway links 4 Gateway links A gate way merges SANs int o a single fabric by establishing point-to-point E_P or t connectivity between tw o Fibre Channel switches that are separat ed by a ne twork wi th a prot ocol such as IP or SONET . Except f or link init ialization, gate wa ys are transparen[...]
-
Page 118
118 Fabric OS A dministr ator’s Guide 53-1002745-02 Routing policies 4 Configuring a link through a gateway 1. Connect to the switch at one end of the gat ewa y and log in using an account assig ned to the admin role. 2. Enter the por tCfgIISLMode command. 3. Repeat steps 1 and 2 for an y additional por ts that are connected to the gat ewa y . 4.[...]
-
Page 119
Fabric OS Administrator ’s Guide 119 53-1002745-02 Routing policies 4 Displaying the current routing policy 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aptPolicy command wi th no paramet e rs. The current policy is displa yed, follo wed b y the suppor t ed policies for th e switch. Example of the out[...]
-
Page 120
120 Fabric OS A dministr ator’s Guide 53-1002745-02 Routing policies 4 Device-based routing Devic e-based routing optimizes r outing path select ion and utilization based on the Source ID (SID) and Destination ID (DID) of the path source and destina tion ports. As a result, ev er y distinct flow in the fabric can tak e a different path through th[...]
-
Page 121
Fabric OS Administrator ’s Guide 121 53-1002745-02 Routing policies 4 CAUTION Setting the r outing policy is disruptive t o the fabr ic because it requires that y ou disable the switch where the routing policy is being c hanged. Setting the routing policy Use the f ollowing pr ocedure to set the r outing policy: 1. Connect to the VF swit ch and l[...]
-
Page 122
122 Fabric OS A dministr ator’s Guide 53-1002745-02 Route selection 4 Route selection Selection of s pecific routes can be dynamic, so that the router can constantly adjust to changing network conditions; or it may be static, so that data pack ets alwa ys follo w a predetermined path. Dynamic Load Sharing The ex change-based routing polic y depen[...]
-
Page 123
Fabric OS Administrator ’s Guide 123 53-1002745-02 Frame order delivery 4 Frame order delivery The order in which frames are deliv ered is main tained within a switch and determined b y the routing policy in effect. Th e frame delivery behaviors f or each routing policy are: • Port-based routing All frames received on an incom ing por t dest in[...]
-
Page 124
124 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame order delivery 4 Using Frame Viewer to understand why frames are dropped When a frame is unable t o reach its destination due t o timeout, it is discar ded. Y ou can use F rame View er to find out which flo ws contained th e dropped frames, which in turn can help you determine which applic[...]
-
Page 125
Fabric OS Administrator ’s Guide 125 53-1002745-02 Lossless Dynamic Load Sharing on ports 4 The -txpor t and -r xpor t options accept the arguments “-1” (f or fixed-port switches) or “-1/-1” (f or modular switches). These stand for “ any back -e nd port.”. Usin g this notation you can select specifically those discar ded frames that h[...]
-
Page 126
126 Fabric OS A dministr ator’s Guide 53-1002745-02 Lossless Dynamic Load Sharing on ports 4 Y ou can disable or enable IOD when Lossless DL S is enabled. Y ou can also choose betwee n ex change- or port-based policies with Lossless DLS. Events that cause a rebalance include the following: • Adding an E_P or t • Adding a sla ve E_Port • Rem[...]
-
Page 127
Fabric OS Administrator ’s Guide 127 53-1002745-02 Lossless Dynamic Load Sharing on ports 4 ICL limitations If ICL ports are connected during a c ore blade remov a l, it is equi valent to remo ving external E_Ports which may c ause I/O disruption on th e ICL ports that have been removed. If ICL ports are connected during a core blade insertio n, [...]
-
Page 128
128 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling forward e rror correction (FEC) 4 T o av o id this behavior , it is recommended to define your logical switches as follows: • Define logical switches that req uir e Lossless DLS at the blade bounda r y . • Define logical switches that req uire Lossless DLS only using suppor ted blad[...]
-
Page 129
Fabric OS Administrator ’s Guide 129 53-1002745-02 Enabling forward e rror correction (FEC) 4 Use the f ollowing pr ocedure to enable and disable FEC: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the por tCfgFec c ommand, specifying the port or range of por ts on which FEC is to be enabled. portcfgfec --e[...]
-
Page 130
130 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame Redirection 4 Frame Redirection F rame Redirection pr ovides a means to redirect tr affic flow betw een a host and a target that use vir tualization an d encr yption applications, such as the Broc ade SAS blade and Brocade Data Migration Manager (DMM), so that those applicatio ns can perfo[...]
-
Page 131
Fabric OS Administrator ’s Guide 131 53-1002745-02 Frame Redirection 4 Example of creating a frame redirect zone T h e f o l l o w i ng e x a m p le cr e at e s a r e di re ct zo n e , g i v e n a h os t ( 10 :10 :10 :10 :10 :10 :10 :10 ), ta rg e t (20:20:20:20: 20:20:20:20), virtual initiator ( 30:30:30:30:30:3 0:30:30), and virtual target (40:[...]
-
Page 132
132 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame Redirection 4[...]
-
Page 133
Fabric OS Administrator ’s Guide 133 53-1002745-02 Chapter 5 Managing User Accounts In this chapter • User accounts ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 • Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 7 • Local user account data[...]
-
Page 134
134 Fabric OS A dministr ator’s Guide 53-1002745-02 User accounts overview 5 Fabric OS pr ovides f our opt ions for authenticating users: remote RADIUS service, remote LD AP service, remote T A CA CS+ service, and the local-swit ch user database. All options allo w users to be managed centrall y by means of the following methods: • Rem ote RA D[...]
-
Page 135
Fabric OS Administrator ’s Guide 135 53-1002745-02 User accounts overview 5 Admin Domain considerations Legacy users with no Admin Domain specified and whose current r ole is admin will hav e access to AD0 through AD2 55 (physical f abric admin); otherwise, they will ha ve access to AD0 only . If some Ad min Domains ha ve been defined for the us [...]
-
Page 136
136 Fabric OS A dministr ator’s Guide 53-1002745-02 User accounts overview 5 The management channel The management channel is the com municati on established between the manageme nt workstation and the switch. Ta b l e 1 4 shows the number of simu ltaneous login ses sions allowed f or each role when authenticat ed locally . The roles are displa y[...]
-
Page 137
Fabric OS Administrator ’s Guide 137 53-1002745-02 Local database us er accounts 5 The assigned permissions can be no higher than th e admin role permission assigned t o the class. The admin role permission f or the Security class is Observe/ Modify . Theref ore, the Obser ve permission is valid. The ro le C on f i g -- show command is a vailable[...]
-
Page 138
138 Fabric OS A dministr ator’s Guide 53-1002745-02 Local database user accounts 5 Default accounts Ta b l e 1 5 lists the predefined accounts offered by Fabr ic OS that are a vailable in the local-switch user database. The passwo rd f or all default ac counts should be changed during the initial installation and configurat ion of each switch. Ad[...]
-
Page 139
Fabric OS Administrator ’s Guide 139 53-1002745-02 Local database us er accounts 5 3. In response to the pr ompt, ent er a passwor d f or the account. The passwor d is not displa yed when you ent er it on the command line. Deleting an account This proced ure can be per for med on local user accounts. 1. Connect to the switch and log in using an a[...]
-
Page 140
140 Fabric OS A dministr ator’s Guide 53-1002745-02 Local user account database distribution 5 Changing the password fo r a different account 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the passwd command specifying the name of the account for which the passwor d is being changed. 3. Enter the requested [...]
-
Page 141
Fabric OS Administrator ’s Guide 141 53-1002745-02 Password policies 5 Rejecting distributed user databases on the local switch 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the fddCfg -- localreject PWD command. Password policies The passwor d policies described in this section apply t o the local-switch [...]
-
Page 142
142 Fabric OS A dministr ator’s Guide 53-1002745-02 Password policies 5 • Punctuation Specifies the minimum numb er of punctuation ch aracters that must appear in the passwor d. All printable, non-alphanumeric punctuation char acters ex cept the colon ( : ) are allowed. The default v alue is zero. The maximum value must be less than or equal to[...]
-
Page 143
Fabric OS Administrator ’s Guide 143 53-1002745-02 Password policies 5 Password expiration policy The passwor d expiration policy f orces the e xpirati on of a passwor d after a configurable peri od of time. The e xpiration policy can be enf orced acr oss all user accounts or on specified users only . A w arning that passwor d expiration is appr [...]
-
Page 144
144 Fabric OS A dministr ator’s Guide 53-1002745-02 Password policies 5 A failed login att empt counter is maintained f or ea ch user on e ach switch instance. The counters for all user accounts are reset to zero when the account lock out policy is enabled. The count er for an individual account is reset to zero when the ac count is unlocked afte[...]
-
Page 145
Fabric OS Administrator ’s Guide 145 53-1002745-02 The boot PROM password 5 Denial of service implications The account lock out mechanism ma y be used to crea te a denial of ser vice condition when a user repeatedly att empts t o log in to an account by using an incorrect passwor d. Selected privileged accounts are ex empted fr om the account loc[...]
-
Page 146
146 Fabric OS A dministr ator’s Guide 53-1002745-02 The boot PROM password 5 4. Enter 2. • If no password was pre viously set, the following message is display ed: Recovery password is NOT set. Please set it now. • If a password w as previously set, the f ollowing messages is displayed: Send the following string to Customer Support for passwo[...]
-
Page 147
Fabric OS Administrator ’s Guide 147 53-1002745-02 The boot PROM password 5 • If a password w as previously set, the f ollowing messages are displayed: Send the following string to Customer Support for password recovery: afHTpyLsDo1Pz0Pk5GzhIw== Enter the supplied recovery password. Recovery Password: 6. Enter the recovery passwor d (string). T[...]
-
Page 148
148 Fabric OS A dministr ator’s Guide 53-1002745-02 The boot PROM password 5 The f ollowing options are a vailable: 4. Enter 3. 5. At the shell pr ompt, ent er the passwd command. The passwd command o nly applies to the boot PROM passwor d when it is entered fr om the boot inter face. 6. Enter the boot PROM passw ord at the pr om pt, and then ree[...]
-
Page 149
Fabric OS Administrator ’s Guide 149 53-1002745-02 Remote authentication 5 The passwd command applies only to the boot PROM password when it is entered from the boot interface. 8. Enter the boot PR OM password at the pr ompt, and then re-enter it when pr ompted. The passwor d mu st be eight alphanumeric char act ers (any additional characters are[...]
-
Page 150
150 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 The suppor ted management access channels that integrat e with RADIUS, LD AP , and T A CA CS+ include serial por t, T elnet, SSH, Web T ools, and API. All these access channels require the switch I P address or name to connect. RADIUS, LDAP , and T ACA CS+ ser vers accept[...]
-
Page 151
Fabric OS Administrator ’s Guide 151 53-1002745-02 Remote authentication 5 Supported LDAP options Ta b l e 16 su mmarizes the variou s LDAP options and Brocade suppor t for each. Command options Ta b l e 17 outlines the aaaConfig command options used to set the authentication mode. TA B L E 16 LDAP options Protocol Description Channel type Defaul[...]
-
Page 152
152 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Setting the switch authentication mode 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aaaConfig -- authspec comman d. Fabric OS user accounts RADIUS, LD AP , and T A CA CS+ ser vers allo w you t o set up user accounts by their t[...]
-
Page 153
Fabric OS Administrator ’s Guide 153 53-1002745-02 Remote authentication 5 RADIUS, LD AP , and T A CA CS+ suppor t all the defined RBA C roles described in Ta b l e 1 2 on page 134. Users must enter their assigned RADIUS , LDAP , or T A CA CS+ account name and passw ord when logging in to a switch that has been configured with remote authenticati[...]
-
Page 154
154 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Fabric OS users on the RADIUS server All existing Fabric OS mechanisms for managing lo cal-switch user acco unts and passwor ds remain functional when the switch is configured to use RAD IUS. Changes made t o the local switch database do not pr opagate to the RADIUS serve[...]
-
Page 155
Fabric OS Administrator ’s Guide 155 53-1002745-02 Remote authentication 5 Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128;ChassisRole=admin", Brocade-Passwd-ExpiryDate = "11/10/2011", Brocade-Passwd-WarnPeriod = "30" RADIUS configuration with Admi n Domains or Virtual Fabrics When configuring us ers with Admi n[...]
-
Page 156
156 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 For e xample, on a Linux F reeRADIUS Server , the user (user-za) with the f ollowing settings takes the “zoneAdmin ” permissions, with AD m ember list: 1, 2 , 4, 5, 6, 7, 8, 9, 12 ; the Home Admin Do main will be 1. user-za Auth-Type := Local, User-Password == "p[...]
-
Page 157
Fabric OS Administrator ’s Guide 157 53-1002745-02 Remote authentication 5 Configuring RADIUS ser vice on Linux consist s of the f ollowing tasks: • Adding the Br ocade attributes to the ser ver • Creating the user • Enabling clients Adding the Brocade attributes to the server 1. Create and sav e the file $PREFIX/etc/raddb /dictionar y .bro[...]
-
Page 158
158 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 When y ou use netw ork informati on service (NIS) for authen tication, the only wa y to enable authentication with the pass wor d file is t o for ce the Brocade sw itch to authenticat e using password authentication pro tocol (P AP); this requ ires the -a pap option with [...]
-
Page 159
Fabric OS Administrator ’s Guide 159 53-1002745-02 Remote authentication 5 If CHAP authentication is require d, then Wind o ws must be configured to store passwor ds wi th rev ersible encr yption. Reverse password encr yption is not the default behavior; it must be enabled. NOTE If a user is configured prior to enabling rev e rse password encrypt[...]
-
Page 160
160 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 e. Af ter returning to the Int ernet Authentication Service window , add additional policies for all Brocade login types for which you want t o use the RADIUS ser ver . After this is done, yo u can configure the switch. NOTE Windows 2008 RADIUS (NPS) support is also av ai[...]
-
Page 161
Fabric OS Administrator ’s Guide 161 53-1002745-02 Remote authentication 5 c. Add Brocade-VSA macro and define the attributes as f o llows: • vid (V endor-ID): 1588 • type1 (V endor- T ype): 1 • len1 (V endor-Length): >=2 FIGURE 1 1 Example of a Br ocade DCT file ####################################################################### # b[...]
-
Page 162
162 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 FIGURE 12 Example of the dictiona.dcm f ile d. When selecting it ems from the Add R eturn List A ttribute , select Brocade-Auth-R ole and type the string Admi n . The string will equal the r ole on the switch. e. Add the Br ocade pr ofile. f. In RSA A uthentication Mana g[...]
-
Page 163
Fabric OS Administrator ’s Guide 163 53-1002745-02 Remote authentication 5 • LDAP authentication is used on the loca l switch only and not f or the entire fabric. • Y ou can use the User- Principal-Name and not th e Common-Name f or AD LDAP authentication. T o pro vide backward compatibility , authenti cation based on the Common Name is still[...]
-
Page 164
164 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 4. Associate the user t o the group b y adding the user to the g roup. For instructions on ho w to creat e a user ref er to www .micr osoft .com or Micr osoft documentation t o create a user in y our Active Direct or y . 5. Add the user’s Administrative Domains or Vir t[...]
-
Page 165
Fabric OS Administrator ’s Guide 165 53-1002745-02 Remote authentication 5 3. Right click on select Properties . Click the Attribute Edit or tab. 4. Double-click the adminDescription attribute. The String Attribut e Editor dialog box opens. 5. Per fo rm the appropri ate action ba sed on whether y ou are using Admi nistrative D omains or Vir tual [...]
-
Page 166
166 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 T w o operational modes exist in LD AP authenticati on: FIPS mo de and non-FIPS mode. This section discusse s LDAP au thentica tion in non- FIPS mode. F or information on LD AP in FIPS mode, refer t o Chapter 7, “Configuring Security Policies” . The f ollowing restric[...]
-
Page 167
Fabric OS Administrator ’s Guide 167 53-1002745-02 Remote authentication 5 include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/local.schema ############################################### TLSCACertificateFile /root/sachin/ldapcert/cacert.pem TLSCertificateFile /root/sachin/ldapcert/serverCert.pem TLSCertifi[...]
-
Page 168
168 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Assigning a user to a group Bef ore you can assign a user t o a group, the memberOf o verlay must be adde d to the slapd.conf file. R ef er t o “Enabling group membership” on page 166 f or details. T o creat e a group and assign a member: 1. In a .ldif file, create a [...]
-
Page 169
Fabric OS Administrator ’s Guide 169 53-1002745-02 Remote authentication 5 Example to add a gr oup member 1. Create or edit a .ldif file with an entry similar to the f ollowing. ##########Adding an attr value dn: cn=admin,ou=groups,dc=mybrocade,dc=com changetype: modify add: member member: cn=test1,cn=Users,dc=mybrocade,dc=com 2. Enter the follow[...]
-
Page 170
170 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 DESC 'Brocade specific data for LDAP authentication' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) objectclass ( 1.3.6.1.4.1.8412.110 NAME 'user' DESC 'Brocade switch specific person&ap[...]
-
Page 171
Fabric OS Administrator ’s Guide 171 53-1002745-02 Remote authentication 5 objectClass: uidObject cn: Sachin sn: Mishra description: First user brcdAdVfData: HomeLF=30;LFRoleList=admin:1-128;ChassisRole=admin userPassword: pass uid: mishras@mybrocade.com The following command adds the user to the LDAP director y . > ldapadd -D cn=Sachin,dc=myb[...]
-
Page 172
172 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Configuring the TACACS+ server on LINUX FabricOS software suppor ts T ACA CS+ authentication on a LINUX ser ver running the Open Source T ACA CS + LINUX package v4.0.4 from Cisco. T o install and config ure this sof tware, pe r form the following st eps. 1. D ownload the [...]
-
Page 173
Fabric OS Administrator ’s Guide 173 53-1002745-02 Remote authentication 5 Configuring A dmin Domain lis ts If your netw ork uses Admin Domains, y o u should create A dmin Domain lists f or each user to identify the Admin Domains t o which the user has acc ess. Assign the follo wing k ey-value pairs to the brcd-A V--Pair1 and, optionally, br cd- [...]
-
Page 174
174 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Configuring the pass word expiration date FabricOS lets you configure a passwor d expiration dat e for each user account and to configure a warning period f or notifying the user that the ac co unt password is about to e xpire. T o configure these values, set the f ollowi[...]
-
Page 175
Fabric OS Administrator ’s Guide 175 53-1002745-02 Remote authentication 5 Adding an authentication server to the switch configuration 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aaaConfig -- add command. At least one authentication ser ver must be conf igured before y ou can enable the RADIUS, LD AP[...]
-
Page 176
176 Fabric OS A dministr ator’s Guide 53-1002745-02 Remote authentication 5 Displaying the current au thentication configuration 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aaaConfig -- show command. If a configuration exists, its paramet ers are display ed. If the RADIUS, LDAP , or T ACA CS+ service[...]
-
Page 177
Fabric OS Administrator ’s Guide 177 53-1002745-02 Chapter 6 Configuring Protocols In this chapter • Security pr otocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 7 7 • Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 78 • Secu[...]
-
Page 178
178 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Copy 6 Ta b l e 2 2 des cribes additional sof tware or cer tificates that you must obtain to deplo y secure pro tocols. The security pro tocols ar e designed with the f our main use cases described in Ta b l e 2 3 . Secure Copy The Secure Copy protocol (SCP) runs on port 22. It encr ypts [...]
-
Page 179
Fabric OS Administrator ’s Guide 179 53-1002745-02 Secure Shell protocol 6 Setting up SCP for configur ation uploads and downloads Use the f ollowing pr ocedure to configure SC P for configuration uploads a nd downloads. 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the configure command. 3. Enter y or ye [...]
-
Page 180
180 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Shell pr otocol 6 SSH public key authentication OpenSSH public ke y authentication pro vides passw or d-less logins, known as SSH authentication, that uses public and private k ey pairs for incoming and outgoing authentication. This f ea ture allows only one allowed-user to be configured [...]
-
Page 181
Fabric OS Administrator ’s Guide 181 53-1002745-02 Secure Shell protocol 6 Enter login name: auser Password: Public key is imported successfully. 4. T est the setup by logging in to the switch from a remote de vice, or by running a command remotely using SSH. Configuring outgoing SSH authentication Af ter the allow ed-user is configured, the rema[...]
-
Page 182
182 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Sockets Layer p rotocol 6 Deleting public keys on the switch Use the f ollowing pr ocedure to delet e public k eys fr om the switch. 1. Connect to the switch and log in us ing an account with admin permissions. 2. Use the sshUtil delpubke y s command t o delet e public k eys. Y ou will be[...]
-
Page 183
Fabric OS Administrator ’s Guide 183 53-1002745-02 Secure Sockets Layer protocol 6 Y ou should upgrade t o the Ja va 1.6.0 plug-in on your management w orkstation. T o find the Jav a version that is currently running, open t he Jav a consol e and look at the fir st line of the window. For more details on lev els of bro w ser and Ja va support , r[...]
-
Page 184
184 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Sockets Layer p rotocol 6 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the secCer tUtil genkey com ma nd to g en er ate a p ub li c/p r iva te key p ai r . The syst em repor ts that this pr ocess will d isable secure pr otocols , delet e any exis [...]
-
Page 185
Fabric OS Administrator ’s Guide 185 53-1002745-02 Secure Sockets Layer protocol 6 Obtaining certificates Once you ha ve generated a CSR, y ou will need t o follow the instructions on the websit e of the cer tificate issuing authority that you want to use; and then obtain the certif icate. Fabric OS and HTTPS suppor t the following type s of file[...]
-
Page 186
186 Fabric OS A dministr ator’s Guide 53-1002745-02 Secure Sockets Layer p rotocol 6 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the secCer tUtil impor t co mmand. 3. Select a prot ocol, enter the IP address of the host on which the switch ce r tificate is sa ved, and enter y our login name and password [...]
-
Page 187
Fabric OS Administrator ’s Guide 187 53-1002745-02 Secure Sockets Layer protocol 6 4. Cl ick the Intermediate or T rust ed Root tab and scroll the list to see if the r oot cer tificate is listed. T ak e the appropriat e follo wing action based on whe ther you find the certificate: • If the cer tificate is listed, you do not need to install it. [...]
-
Page 188
188 Fabric OS A dministr ator’s Guide 53-1002745-02 Simple Network Management Prot ocol 6 Issuer: CN=Brocade, OU=Software, O=Brocade Communications, L=San Jose, ST=California, C=US Serial number: 0 Valid from: Thu Jan 15 16:27:03 PST 2007 until: Sat Feb 14 16:27:03 PST 2007 Certificate fingerprints: MD5: 71:E9:27:44:01:30:48:CC:09:4D:11:80:9D:DE:[...]
-
Page 189
Fabric OS Administrator ’s Guide 189 53-1002745-02 Simple Network Management Protocol 6 • SW-EXTTRAP Includes the swSsn (Sof tware Serial Nu mber) as a part of Brocade SW traps. For inf ormation on Brocade MIBs, ref er to the Fab r ic O S M IB R ef er e n c e . SNMP and Virtual Fabrics When an SNMPv3 request arriv es with a part icular user nam[...]
-
Page 190
190 Fabric OS A dministr ator’s Guide 53-1002745-02 Telnet protocol 6 SNMP security levels Use the snm pConfig -- set seclev el command to set the security le vel. For more inf orma tion about using the Br ocade SNMP agent, ref er to the Fab ri c O S M I B Ref e re n c e . SNMP configuration Use the snm pConfig -- set command to change either the[...]
-
Page 191
Fabric OS Administrator ’s Guide 191 53-1002745-02 Telnet protocol 6 ATT ENTI ON The rule number assigned must precede the def a ult rule number f or this protocol. F or exam ple, in the defined policy , the T elnet rule number is 2. Theref ore, to ef f ectively bloc k T elnet, the rule number to assign m ust be 1. If you choose not to use 1 , yo[...]
-
Page 192
192 Fabric OS A dministr ator’s Guide 53-1002745-02 Listener applications 6 Refe r to “Deleting a rule from an IP Filt er policy” on page 223 for more inf ormation on deleting IP filter rules. 3. T o permanently delete the policy , type the ipfilt er -- sa ve command. ATT ENTI ON If you dele ted the rule t o permit T elnet, you must add a rul[...]
-
Page 193
Fabric OS Administrator ’s Guide 193 53-1002745-02 Ports and applications used by switches 6 Port configuration Ta b l e 27 pro vides information on por ts that the switch uses. When conf iguring the switch for various policies, tak e into consid eration firew alls and other de vice s that may sit between switches in the fabric and y our netw ork[...]
-
Page 194
194 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports and applications used by switches 6[...]
-
Page 195
Fabric OS Administrator ’s Guide 195 53-1002745-02 Chapter 7 Configuring Security Policies In this chapter • A CL policies ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 • A CL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 • FCS polic[...]
-
Page 196
196 Fabric OS A dministr ator’s Guide 53-1002745-02 ACL policy management 7 Policies with the same stat e are grouped toge ther in a Policy Set . Each switch has the following two sets: • Active policy set, which contains A CL policies be ing enfor ced by the switc h. • Defined policy set, which contains a copy of all A CL policies on the swi[...]
-
Page 197
Fabric OS Administrator ’s Guide 197 53-1002745-02 ACL policy manag ement 7 Displaying ACL policies Y ou can view the active and defined policy sets at an y time. Additionally , in a defined policy set, policies created in the same login session also appear but these policies are automatically delet ed if the you log out without sa vi ng them. 1.[...]
-
Page 198
198 Fabric OS A dministr ator’s Guide 53-1002745-02 ACL policy management 7 Example of deleting an A CL policy switch:admin> secpolicydelete "DCC_POLICY_010" About to delete policy Finance_Policy. Are you sure (yes, y, no, n):[no] y Finance_Policy has been deleted. Adding a member to an existing ACL policy As soon as a policy has bee[...]
-
Page 199
Fabric OS Administrator ’s Guide 199 53-1002745-02 FCS policies 7 Example of abor ting unsaved changes switch:admin> secpolicyabort Unsaved data has been aborted. All changes since the last time the secPolicySav e or secPolicyA ctivate commands w e re entered are abor ted. FCS policies Fabric configuration ser ver (FCS) policy in base F abric [...]
-
Page 200
200 Fabric OS A dministr ator’s Guide 53-1002745-02 FCS policies 7 Ta b l e 3 0 shows the commands fo r switch operations f or Primar y FCS enforcement. In Fabric OS v7 . 1.0 an d later , to a void segmentat ion of por ts due to a member-list order mismatch, security policy members are sor ted based on WWN . By default, D CC and SCC policy member[...]
-
Page 201
Fabric OS Administrator ’s Guide 201 53-1002745-02 FCS policies 7 Creating an FCS policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the Securi ty RBA C class of commands. 2. Enter the secPolicyCreate “FCS_POLICY” command. Example of creating an FCS policy T h e fo l l[...]
-
Page 202
202 Fabric OS A dministr ator’s Guide 53-1002745-02 FCS policies 7 FCS policy distribution The FCS policy can be auto ma tically distribute d using the fddCfg -- fab wideset command or it can be manually distributed t o the switches using the distribut e -p command. Each swit ch that receives the FCS policy must be c onfigured to receiv e the pol[...]
-
Page 203
Fabric OS Administrator ’s Guide 203 53-1002745-02 Device Connection Control policies 7 Device Connection Control policies Multiple Device Connection Control (DCC) policies can be used to restrict which device por ts can connect to which switch por ts. The devices can be initiators, targets, o r intermediat e devices such as SCSI rout ers and loo[...]
-
Page 204
204 Fabric OS A dministr ator’s Guide 53-1002745-02 Device Connection Control policies 7 Creating a DCC policy DCC policies must f ollow the naming con vention “DCC_POLICY_ nnn , ” where nnn represents a unique string. The maximum length is 30 ch aracters, including the prefix DCC_POLICY_. Device ports must be specif ied by port WWN. Switch p[...]
-
Page 205
Fabric OS Administrator ’s Guide 205 53-1002745-02 Device Connection Control policies 7 Deleting a DCC policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the Securi ty RBA C class of commands. 2. Enter the secPolicyDelet e command. Example of deleting stale DCC policies sw[...]
-
Page 206
206 Fabric OS A dministr ator’s Guide 53-1002745-02 SCC Policies 7 Ta b l e 3 4 shows the behavior of a DCC policy creat ed ma nually with the ph ysical PWWN of a devi ce. The configurations shown in this table are the recommended configu rations when an F A-PWW N is logged into the switch. SCC Policies The switch connection control (SCC) policy [...]
-
Page 207
Fabric OS Administrator ’s Guide 207 53-1002745-02 Authentication policy for fabric elements 7 Creating an SCC policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the Securi ty RBA C class of commands. 2. Enter the secPolicyCreate “SCC_POLICY” command. 3. Sav e or activ[...]
-
Page 208
208 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 FIGURE 13 DH-CHA P authentication If you use DH-CHAP authen tication, then a secret k ey pair must be installed only in connect ed fabric elements. Ho wever , as co nnections are changed, ne w secre t key pairs must be installed between ne wly connec[...]
-
Page 209
Fabric OS Administrator ’s Guide 209 53-1002745-02 Authentication policy for fabric elements 7 Virt ual F abrics consideration s The switch authentication policy appli es to all E_P or ts in a logical switch. This includes ISLs and ext ended ISLs. Authentication of e xtended ISL s between two base switches is considered peer-chassis authenticatio[...]
-
Page 210
210 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Re-authenticating E_Ports Use the authUtil -- authinit command to re-initiat e the authentica tion on selected ports. It pro vides flexibility to initiat e authentication for specified E_Ports, a set of E_Por ts, or all E_Por ts on the switch. This c[...]
-
Page 211
Fabric OS Administrator ’s Guide 211 53-1002745-02 Authentication policy for fabric elements 7 and CT frames, ex cept the A UTH_NEGO TIA TE ELS fr ame, are blocked b y the switch. During this time, the Fibre Channel driv er rejects all other ELS frames. The F_P or t does not f orm until the AUTH_ NE GOTIA T E i s co mpl eted. It is t he HBA &apos[...]
-
Page 212
212 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Authentication protocols Use the authUti l command to per form the f ollowing tasks: • Display the current authentication parameters. • Select the authentication pr o tocol used be tween switches. • Select the DH (Diffie-He llman) group f or a [...]
-
Page 213
Fabric OS Administrator ’s Guide 213 53-1002745-02 Authentication policy for fabric elements 7 Secret key pairs for DH-CHAP When you configure the switches at both ends of a link to use DH-CHAP f or authentication, you must also define a secret ke y pair —one for each end of the link. Use the secA uthSecret command to perform the f ollowing tas[...]
-
Page 214
214 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Setting a secret key pair 1. Log in to the switch using an account with admin permissions, or an account with OM permissions for the A uthentication RBAC class of commands. 2. Enter the secAuthSecret -- se t command. The command enters int eractive m[...]
-
Page 215
Fabric OS Administrator ’s Guide 215 53-1002745-02 Authentication policy for fabric elements 7 FCAP configuration overview Beginning with Fabric OS re lease 7 .0.0, you must configure the switch t o use third-party cer t ificates for authentication with the peer switch. T o perform authentication with FCAP pr otocol with cer tificates issued fr o[...]
-
Page 216
216 Fabric OS A dministr ator’s Guide 53-1002745-02 Authenticatio n policy for fabric eleme nts 7 Exporting the CSR for FCAP Y ou will need to e xpor t the CSR file creat ed in “Generating the ke y and CSR for FCAP” section and send to a Certif icate A uthority (CA). The CA will in turn pro vide two files as outlined in “FCAP configuration [...]
-
Page 217
Fabric OS Administrator ’s Guide 217 53-1002745-02 IP Filter policy 7 Starting FCAP authentic ation 1. Log in to the switch using an account with admin permissions, or an account with OM permissions for the A uthentication RBAC class of commands. 2. Enter the authUtil -- auth init command to star t the authentication using the newly imported cer [...]
-
Page 218
218 Fabric OS A dministr ator’s Guide 53-1002745-02 IP Filter po licy 7 Vir tual Fabrics con siderations: Each logical switch cannot have its o wn different IP Filt er policies. IP Filter polic ies are treated as a chassis-wide configuration and are common f o r all the logical switches in the chassis. Creating an IP Filter policy Y ou can create[...]
-
Page 219
Fabric OS Administrator ’s Guide 219 53-1002745-02 IP Filter policy 7 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and ha ving the OM permission s for the IPfilt er RBAC class of commands. 2. Enter the ipFilter –- sa ve command. Activating an IP Filter policy IP Filter policies [...]
-
Page 220
220 Fabric OS A dministr ator’s Guide 53-1002745-02 IP Filter po licy 7 Source address For an IPv4 filt er policy , the source address has to be a 32-bit IPv4 address in dot decimal no tation. The gro up prefix has t o be a CIDR block prefix representatio n. For e xample, 208. 130.32.0/2 4 represents a 2 4-bit IPv4 prefix star ti ng from the most[...]
-
Page 221
Fabric OS Administrator ’s Guide 221 53-1002745-02 IP Filter policy 7 Protocol T CP and UDP protocols are valid prot ocol selecti ons. Fabric OS v6.2.0 and later do not suppor t configuration to filter other pro tocols. Implicitly , ICMP type 0 and type 8 packets are alwa ys allowed to sup por t ICMP echo request and reply on commands lik e ping [...]
-
Page 222
222 Fabric OS A dministr ator’s Guide 53-1002745-02 IP Filter po licy 7 Traffic type and destination IP The traf fic type and destina tion IP elements allow an IP policy rule to sp ecify filter enf orcement fo r IP f orwarding. The INPUT traffic type is the defa ult and restricts rules to manage traf fic on IP management inter faces, The FORW ARD[...]
-
Page 223
Fabric OS Administrator ’s Guide 223 53-1002745-02 IP Filter policy 7 IP Filter policy enforcement A n a c t i ve I P F i l te r p o l i c y i s a f i l t e r a p p l i e d to the I P packets thr ough the manage ment inter face. IPv4 management traf fic passes through the active IP v4 filter policy , and IPv6 management traffic passes thr ough th[...]
-
Page 224
224 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and ha ving the OM permission s for the IPfilt er RBAC class of commands. 2. Enter the ipFilter –- transabor t comman d. IP Filter policy distribution [...]
-
Page 225
Fabric OS Administrator ’s Guide 225 53-1002745-02 Policy database distribu tion 7 • Manually distribute an A C L policy database — Ru n the distribut e command to push the local database of the specified policy type t o target switches. “ ACL policy distribution t o other switches” on page 22 7. • Fabric-wide consist ency policy — Us[...]
-
Page 226
226 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 Use the chassisDistribute command to distribute IP fil ter po licies. T o distribute other security policies, us e the distribute command. Displaying the database distribution settings 1. Co nnect to the switch and log in using an acc o unt with admin permissions, [...]
-
Page 227
Fabric OS Administrator ’s Guide 227 53-1002745-02 Policy database distribu tion 7 ACL policy distribution to other switches This section explains how to manually di stribute local ACL policy databases. The distribute command has the f ollowing dependencies: • All target switches must be running Fabric OS v6.2.0 or later . • All target switch[...]
-
Page 228
228 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 Displaying the fabric-wide consistency policy 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with O permission fo r the FabricDistri b ution RBA C class of commands. 2. Enter the fddCfg -- showall command. Example show[...]
-
Page 229
Fabric OS Administrator ’s Guide 229 53-1002745-02 Policy database distribu tion 7 Notes on joining a switch to the fabric When a switch is joined to a fabric with a t olerant SCC, DCC, or FCS f abric -wide consistency policy , the joining switch must hav e a m atching tolerant SC C, DCC, or FCS fabric-wide consistency policy . If the tolerant SC[...]
-
Page 230
230 Fabric OS A dministr ator’s Guide 53-1002745-02 Policy database distribution 7 Non-matching fabric-wid e consistency policies Y ou may encount er one of the follo wing two scenarios described in Ta b l e 4 4 and Ta b l e 4 5 where you are merging a f abric with a strict policy to a f abric with an absent, to lerant, or non-matching strict pol[...]
-
Page 231
Fabric OS Administrator ’s Guide 231 53-1002745-02 Management interface security 7 Management interface security Y ou can secure an Ethernet management int er f ace betw een two Brocade switc hes or Backbones by implementing I P sec and IKE policies t o creat e a tunnel that pr ot ects traf fic flows. While the tunnel must hav e a Brocade switch [...]
-
Page 232
232 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 FIGURE 1 4 Protected endpoints conf iguration A possible dra wback of end-t o-end security is that various applications that req uire the ability t o inspect or modify a transient packet will fail wh en end-t o-end confidential ity is employ ed. Various Qo S s o l[...]
-
Page 233
Fabric OS Administrator ’s Guide 233 53-1002745-02 Management interface security 7 FIGURE 1 6 Endpoint-to-gateway tu nnel configuration RoadWarrior configuration In endpoint-to-endpoint sec urity , pack ets are encr ypted and decrypted by the host which pr oduces or consumes the traffic. In the gate wa y-to-gate way examp le, a rout er on the net[...]
-
Page 234
234 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 these values in negotiations t o create IP sec SAs. Y ou must creat e an SA prior to creating an SA-proposal. Y ou canno t modify an SA once it is created. Use the IP secConfig -- flush manual-sa command to remov e all SA entries fr om the k ernel SADB and re-crea[...]
-
Page 235
Fabric OS Administrator ’s Guide 235 53-1002745-02 Management interface security 7 IP sec traffic selector The traf fic selector is a traffic filter that define s and identifies the traf fi c flow betw een two systems that hav e IP sec prot ection. IP addresses, the dire ction of traf fic flow (i nbound, outbound) and the upper la yer pr otocol a[...]
-
Page 236
236 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 The IP secConfig command does not suppor t manipulating pre-shared ke ys corresponding to the identity of the IKE peer or gr oup of peers. Use the secCertUtil command to impor t, delete, o r display the pre-shared ke ys in the local switch database. F o r more inf[...]
-
Page 237
Fabric OS Administrator ’s Guide 237 53-1002745-02 Management interface security 7 Example of creating an IP sec SA policy This examp le creates an IP sec SA policy named AH0 1 , which uses AH pr otection with MD5. Y ou would run this command on each switch; on each side of the tunnel so that both si des hav e the same IP sec SA policy. switch:ad[...]
-
Page 238
238 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 1 0. V erify traf fic is prot ected. a. Initiate a telnet , SSH, or ping session from the tw o switches. b. V erify that IP traf fic is encapsulated. c. Monitor IP sec S As created using IKE fo r above traffic flow • Use the IP secConfig -– sho w manual-sa –[...]
-
Page 239
Fabric OS Administrator ’s Guide 239 53-1002745-02 Management interface security 7 6. Impor t the pre-shared k ey file using the secCer tUtil command. The fil e name should ha ve a .psk ext ension. For more inf ormation on impor ting the pre-shared ke y file, ref er to “Installing a switch cer tificate” on page 185. 7 . Configure an IKE polic[...]
-
Page 240
240 Fabric OS A dministr ator’s Guide 53-1002745-02 Management interface security 7 • Use the IP secConfig –-sho w policy ik e –a command with the specified operands to display IKE policies. • Use the IP secConfig –-flush manual-sa command with the specified op erands to flush the created SAs in the k ernel SADB. CAUTION Flushing SAs re[...]
-
Page 241
Fabric OS Administrator ’s Guide 241 53-1002745-02 Chapter 8 Maintaining the Switch Configuration File In this chapter • Configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4 1 • Configuration file back up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4[...]
-
Page 242
242 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration settin gs 8 If your user account has chassis account permissions, you can use an y of the follo wing options when uploading or downloading a configuration file: Configuration file format The configuration file is divided int o three areas: the header , the chassis section, and one [...]
-
Page 243
Fabric OS Administrator ’s Guide 243 53-1002745-02 Configuration sett ings 8 [Active Security policies] [cryptoDev] [FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 0] date = Tue Mar 1 21:28:52 2011 [Switch Configuration Begin : 1] SwitchName = switch_2 Fabric ID = 1 [Boot Parameters] [Configuration] [Bottleneck Configuration] [Zonin[...]
-
Page 244
244 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration file backup 8 • Licenses Lser vc – Sentinel License configuration • GE blade mode – GigE Mode configuration • FWD CHASSIS CFG – Fabric W atch configuration • FRAME LOG – F rame log configuration (enable/disable) • DMM_TB – Data migration manager configuratio n ?[...]
-
Page 245
Fabric OS Administrator ’s Guide 245 53-1002745-02 Configuration file b ackup 8 Before you upload a configuration file, verify that y ou can reach the FTP ser ver fr om the switch. Using a T elnet connection, sa ve a back up copy of the configuration file from a logical switch to a host computer . Secure File T ransf er Prot ocol (SFTP) is now an[...]
-
Page 246
246 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration file restorat ion 8 Configuration file restoration When you rest ore a configuratio n file, you o verwrite the existing configuration with a previously sav ed backup configuration file. CAUTION Mak e sure that t he configuration fil e you are do wnloading is compatib le with your s[...]
-
Page 247
Fabric OS Administrator ’s Guide 247 53-1002745-02 Configuration file restoration 8 If you must set up your switch again, run the commands listed in Ta b l e 47 and s av e t he output i n a file fo rmat. Store the files in a saf e place f or emergency reference. -all The number of switches or FIDs defined in the downloaded configuration file must[...]
-
Page 248
248 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration file restorat ion 8 CAUTION Though the switch itself has advanced error checking, the configdownload feature within Fabric OS was not designed f or users to edit, and is limited in its ability. Edit ed f iles can become corrupted and this corruption can lead to switch f a ilures. C[...]
-
Page 249
Fabric OS Administrator ’s Guide 249 53-1002745-02 Configuration file restoration 8 Example of confi gDownload without Admin Doma ins switch:admin> configdownload Protocol (scp, ftp, local) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [<home dir>/config.txt]: Section (all|chassis|FID# [all]): [...]
-
Page 250
250 Fabric OS A dministr ator’s Guide 53-1002745-02 Configurations across a fabric 8 Activating configDownload: Switch is disabled configDownload complete: Only zoning parameters are downloaded to ad5. Example of a non-int eractive download of all confi gurations (chassis and switches) configdownload -a -ftp 10.1.2.3,UserFoo,/pub/configurations/c[...]
-
Page 251
Fabric OS Administrator ’s Guide 251 53-1002745-02 Configuration management for Virtual Fabrics 8 Uploading a configuration file from a switch with Virtual Fabrics enabled The configUpload command with the -vf option specif ies that co nfiguration uplo ad will upload the Vir tual Fabrics configuration instead of the non-Vir tual Fabrics configura[...]
-
Page 252
252 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration management for Virtual Fabrics 8 Wait f or the configuration f ile to do wnload on to th e s wi tc h. Y o u m ay ne ed to r ec on ne c t to t he switch. 4. Enter the configDownload command. 5. Respond t o the prom pts. Wait f or the configur ation file to download t o the switch. 6[...]
-
Page 253
Fabric OS Administrator ’s Guide 253 53-1002745-02 Brocade configuration form 8 Brocade configuration form Use the form in Ta b l e 4 8 as a hard cop y ref erence f or your configuration information. In the har dware ref erence manuals for the Br ocade DCX and DCX-4S Backbones, the re is a guide for FC port-setting. TA B L E 4 8 Brocade configur [...]
-
Page 254
254 Fabric OS A dministr ator’s Guide 53-1002745-02 Brocade configuration form 8[...]
-
Page 255
Fabric OS Administrator ’s Guide 255 53-1002745-02 Chapter 9 Installing and Maintaining Firmware In this chapter • Firmw are download pr ocess overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 • Preparing f or a firmw are download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 • Firmw are download on [...]
-
Page 256
256 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware download process overview 9 Y ou can download Fabric OS to a Backbone, whic h is a chassis; and to a nonchassis-based system, also ref erred to as a fixed- por t switch. The dif f er ence in the download process is that Back bones hav e two CPs and fixed-port switches hav e one CP . Use[...]
-
Page 257
Fabric OS Administrator ’s Guide 257 53-1002745-02 Firmware download process overvi ew 9 Upgrading and downgrading firmware Upgr adin g means installing a new er version of firmw a re. Downgrading means installing an older version of firm ware. In most c ases, you will be upgrading firm ware; that is, installing a new er firmware v ersion than th[...]
-
Page 258
258 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing for a firmware download 9 Preparing for a firmware download Before ex ecuting a firmware do wnlo ad, it is recommen ded that you per form the tasks listed in this section. In the unlikely e vent of a failure or time out, these preparat or y tasks enable y o u to pr ovide your switch su[...]
-
Page 259
Fabric OS Administrator ’s Guide 259 53-1002745-02 Preparing for a firmware download 9 5. Conn ect to the switch and log in using an account with admin pe rmissions. Enter the suppor tSav e command to retrieve all cu rrent core files prior to e xecuting the firmw are download. This inf ormation helps to troubleshoot the firm ware do wnload proces[...]
-
Page 260
260 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware downlo ad on switches 9 Firmware download on switches Brocade fixed-port switches maintain primar y and secondar y par titions for firmw are. The firm wareDo wnload command defaults to an aut o commit option that automatically copies the firmw are from one partition to the other . NOTE [...]
-
Page 261
Fabric OS Administrator ’s Guide 261 53-1002745-02 Firmware download on switches 9 Upgrading firmware for Br ocade fixed-port switches 1. T ake the f ollowing appropriat e action based on what ser vice you are using: • If you are using FTP , SFTP , or SCP , verify that the FTP or SSH se r ver is running on the host server and that you ha ve a v[...]
-
Page 262
262 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware download on a Backbone 9 Firmware download on a Backbone ATTENTION T o successfully download firm ware, y ou must ha ve an active Ethernet co nnection o n each CP . Y ou can download firmw are to a Ba ckbone without disrupting the ov erall fabric if the two CP blades are installed and f[...]
-
Page 263
Fabric OS Administrator ’s Guide 263 53-1002745-02 Firmware download on a Backbone 9 Upgrading firmware on Back bones (including blades) There is only one chassis management IP address f or the Brocade Backbones. NOTE By default, the firmw areDownload command automatically upgrades both the activ e and the standby CPs and all co-CPs on the CP bla[...]
-
Page 264
264 Fabric OS A dministr ator’s Guide 53-1002745-02 Firmware download on a Backbone 9 If an AP blade is present : A t the point of the failo ver , an aut o lev eling process is activ ated. Aut ole veling is triggered when the activ e CP dete cts a blade that contains a different v ersion of the firmw are, regardless of which version is olde r . A[...]
-
Page 265
Fabric OS Administrator ’s Guide 265 53-1002745-02 Firmware download from a USB device 9 Slot 7 (CP1, active): Firmware has been downloaded to the secondary partition of the switch. [5]: Mon Mar 22 04:37:24 2010 Slot 7 (CP1, standby): The firmware commit operation has started. This may take up to 10 minutes. [6]: Mon Mar 22 04:41:59 2010 Slot 7 ([...]
-
Page 266
266 Fabric OS A dministr ator’s Guide 53-1002745-02 FIPS support 9 Downloading from the USB device using the relative path 1. Log in to the switch using an account assigned to the admin role. 2. Enter the firmw areDownload -U command. ecp:admin> firmwaredownload –U v7.1.0 Downloading from the USB devi ce using the absolute path 1. Log in to [...]
-
Page 267
Fabric OS Administrator ’s Guide 267 53-1002745-02 FIPS support 9 NOTE If FIPS mode is enabled, all logins should be ha ndle d through SSH o r direct serial method, and the transf er pro tocol shoul d be SCP . Updating the firmware key 1. Log in to the switch as admin. 2. Enter the firm ware K eyU pdat e command and respond to the pr ompts. The f[...]
-
Page 268
268 Fabric OS A dministr ator’s Guide 53-1002745-02 Testing and re storing firmware on switches 9 Power-on firmware checksum test FIPS requires the ch ecksums of the e xecutables an d libraries on the filesystem to be v alidated before F a bric OS modules a re launched. This is to make sure t hese f iles hav e not been changed af ter the y are in[...]
-
Page 269
Fabric OS Administrator ’s Guide 269 53-1002745-02 Testing and restoring firmware on switches 9 User Name: userfoo File Name: /home/userfoo/v7.0.0 Password: <hidden> Do Auto-Commit after Reboot [Y]: n Reboot system after download [N]: y Firmware is being downloaded to the switch. This step may take up to 30 minutes. Checking system settings[...]
-
Page 270
270 Fabric OS A dministr ator’s Guide 53-1002745-02 Testing and rest oring fi rmware on Backbones 9 Testing and restoring firmware on Backbones This procedure enables you to perform a firm ware download on each CP and v erify that the procedure w as successful before committing to the ne w f irmw are . The old firmware is sa ved in the secondar y[...]
-
Page 271
Fabric OS Administrator ’s Guide 271 53-1002745-02 Testing and rest oring fi rmware on Backbones 9 8. Verify the f ailo ver . a. Connect to the Ba ckbone on the active CP , which is the f o rmer standby CP . b. Enter the haShow command to v erify that the HA sync hronization is complete. It takes a minute or tw o f or the standby CP , which is th[...]
-
Page 272
272 Fabric OS A dministr ator’s Guide 53-1002745-02 Testing and rest oring fi rmware on Backbones 9 ATT ENTI ON Stop! If yo u hav e completed st ep 11 , then y ou hav e committ ed the firmw are on both CPs and you ha ve complete d the firmw are download pr ocedure. 12. Restore the firm ware on the standb y CP . In the current Backbone session f o[...]
-
Page 273
Fabric OS Administrator ’s Guide 273 53-1002745-02 Validating a firmware download 9 Validating a firmware download V alidate the firm ware download b y running the f ollowing commands: firmwareSho w , firm wareDo wnloadStatus , nsSho w , nsAllShow , and fabricSh ow . All of the connected servers, st orage devices, and switches should be present i[...]
-
Page 274
274 Fabric OS A dministr ator’s Guide 53-1002745-02 Validating a firmware download 9[...]
-
Page 275
Fabric OS Administrator ’s Guide 275 53-1002745-02 Chapter 10 Managing Virtual Fabrics In this chapter • Vir tual Fabrics ov erview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 75 • Logical switch ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 7 6 • Logical[...]
-
Page 276
276 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical switch overview 10 This chapter describes the log ical switch and logi cal fabric features. F or information about device sharing with Vir tual Fabrics, ref er to “FC-FC r outing and Vir tual Fabrics” on p age 606. For inf ormat ion about suppor ted swit ches and por t types, ref e r[...]
-
Page 277
Fabric OS Administrator ’s Guide 277 53-1002745-02 Logical switch overview 10 Af ter y ou enable Vir tual Fabrics, y ou can create up t o sev en additional logical switches, depending on the switch mo del. Figure 18 shows a Vir tual Fabrics-enabled switch before and af ter it is divided into logical switches. Bef ore you create logical switches, [...]
-
Page 278
278 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical switch overview 10 FIGURE 19 Fabric IDs assigned to logical switc hes Port assignment in logical switches Initially , all por ts belong to the default logical sw itch. When you creat e additional logical switches, they are em pty and y ou must assign por ts to those logical switches. As [...]
-
Page 279
Fabric OS Administrator ’s Guide 279 53-1002745-02 Logical switch overview 10 A given port is always in one (and only one) lo gical switch. The following scenarios ref er to the chassis af ter port assignment in Figure 20 : • If you assign P2 to logical switch 2 , you ca nnot assign P2 to an y other logical switch. • If you w ant to remo ve a[...]
-
Page 280
280 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical switch overview 10 FIGURE 2 1 Logical switches connected to devices and non-Virtual Fabrics switch Figure 22 shows a logical representation of the physical chassis and devices in Figure 2 1 . As shown in Figure 22 , the de vices are isolat ed into separat e fabrics. FIGURE 22 Logical swi[...]
-
Page 281
Fabric OS Administrator ’s Guide 281 53-1002745-02 Management model for logical switches 10 Management model for logical switches Y ou can use one common I P address for the hardw are that is shared b y all of the logical switches in the chassis and you can set up individual IP v4 addresses f or each Vir tual F abric. For a management host to man[...]
-
Page 282
282 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical fabric overview 10 Logical fabric and ISLs Figure 23 shows two physical chassis divi de d into logical switches. In Figure 23 , ISLs are used to connect the logical switches with F ID 1 and the lo gical switches with FID 1 5. The logical switches with FID 8 are each connected to a non-Vi[...]
-
Page 283
Fabric OS Administrator ’s Guide 283 53-1002745-02 Logical fabric overview 10 Base switch and extended ISLs Another wa y to connect logical switches is t o use ext ended ISLs and base switc hes. When you divide a chassis into logical switches, y o u can designate one of the switches to be a base switch. A base switch is a special logical switch t[...]
-
Page 284
284 Fabric OS A dministr ator’s Guide 53-1002745-02 Logical fabric overview 10 Think of the logical switches as be ing connected with logical ISLs, as sho wn in Figure 26 . In this diagram, the logical ISLs are not connect ed to por t s because they are not ph ysical cables. They are a logical representation of the switch co nnections that are al[...]
-
Page 285
Fabric OS Administrator ’s Guide 285 53-1002745-02 Logical fabric overview 10 By default, the physical ISL path is fa vored o ver the logical path (o ver the XISL) because the physical path has a lo wer cost. This beha vior can be changed by configuring the cost of the dedicated ph ysical ISL to match the cost of the logic al ISL. ATTENTION If yo[...]
-
Page 286
286 Fabric OS A dministr ator’s Guide 53-1002745-02 Account management and Virtual Fabrics 10 Account management and Virtual Fabrics When user accounts are created, th ey are assigned a list of logical fa brics t o which they can log in and a home logical fabric (home FID). When you connect to a ph ysical chassis, the home FID defines the logical[...]
-
Page 287
Fabric OS Administrator ’s Guide 287 53-1002745-02 Supported platforms for Virtual Fabrics 10 Supported port configuratio ns in Brocade Backbones Some of the ports in the Brocade DCX and DCX 85 1 0 Backb one families are not suppor ted on all types of logical switches. Ta b l e 5 0 lists the blades and ports that are supported on each type of log[...]
-
Page 288
288 Fabric OS A dministr ator’s Guide 53-1002745-02 Limitations and restrict ions of Virtual Fabrics 10 Virtual Fabrics interaction with other Fabric OS features Ta b l e 51 lists some F a bric OS features and considerat ions that apply when using V ir tual F abrics. Limitations and restrictions of Virtual Fabrics The maximum numb er of logical s[...]
-
Page 289
Fabric OS Administrator ’s Guide 289 53-1002745-02 Limitations and restrictions of Virtual Fabrics 10 Refe r to “Supported por t configurat ions in Brocade Backbones” on page 287 f or restrictions on the default logical switch. Restrictions on XISLs The Allo w XISL Use option under the configure command, allows a logical switch t o use XISLs [...]
-
Page 290
290 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling Virtual Fabrics mode 10 Enabling Virtual Fabrics mode A fabric is said to be in Vir tual Fabrics mode (VF mode) when the Vir tual F abrics f eature is enabled. Before you can use the Virtual Fabrics f eatures, such as logical switch and logical fabric, you must enable VF mode. VF mode i[...]
-
Page 291
Fabric OS Administrator ’s Guide 291 53-1002745-02 Configuring logical switches to use basic configuration values 10 Use the f ollowing pr ocedure to disable Virtual Fabrics mode: 1. Connect to the physical chassi s and log in using an account wi th the chassis-role permission. 2. Use the fos C o nf i g command to check whethe r VF mode is disabl[...]
-
Page 292
292 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a logical switch or base switch 10 3. Enter n at the prompts to configure syst em and cfgload attribut es. Enter y at the pr ompt t o configure custom attributes. System (yes, y, no, n): [no] n cfgload attributes (yes, y, no, n): [no] n Custom attributes (yes, y, no, n): [no] y 4. Enter[...]
-
Page 293
Fabric OS Administrator ’s Guide 293 53-1002745-02 Executing a command in a diffe rent logical switch c ontext 10 Example The f ollowing e xample creates a logical switch w ith FID 4 , and then assigns domain ID 1 4 to it. sw0:FID128:admin> lscfg --create 4 About to create switch with fid=4. Please wait... Logical Switch with FID (4) has been [...]
-
Page 294
294 Fabric OS A dministr ator’s Guide 53-1002745-02 Deleting a lo gical switch 10 switchMode: Native switchRole: Principal switchDomain: 14 switchId: fffc0e switchWwn: 10:00:00:05:1e:82:3c:2b zoning: OFF switchBeacon: OFF FC Router: OFF Fabric Name: Fab4 Allow XISL Use: ON LS Attributes: [FID: 4, Base Switch: No, Default Switch: No, Address Mode [...]
-
Page 295
Fabric OS Administrator ’s Guide 295 53-1002745-02 Adding and moving ports on a logical switch 10 Example of deleting the logical switch with FID 7 switch_4:FID4:admin> lscfg --delete 7 All active login sessions for FID 7 have been terminated. Switch successfully deleted. Adding and moving ports on a logical switch This procedure e x plains ho[...]
-
Page 296
296 Fabric OS A dministr ator’s Guide 53-1002745-02 Displaying logical switch configuration 10 Displaying logical switch configuration Use the f ollowing pr ocedure to displa y the configuration f or a logical switch: 1. Connect to the physical chassi s and log in using an account wi th the chassis-role permission. 2. Enter the lsCf g command to [...]
-
Page 297
Fabric OS Administrator ’s Guide 297 53-1002745-02 Changing a logical switch to a base switch 10 Checking and logging message: fid = 5. Please enable your switch. sw0:FID128:admin> fosexec --fid 7 -cmd "switchenable" --------------------------------------------------- "switchenable" on FID 7: Changing a logical switch to a [...]
-
Page 298
298 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up IP addresses for a Virtual Fabric 10 Configure... Fabric parameters (yes, y, no, n): [no] y WWN Based persistent PID (yes, y, no, n): [no] Allow XISL Use (yes, y, no, n): [yes] n WARNING!! Disabling this parameter will cause removal of LISLs to other logical switches. Do you want to c[...]
-
Page 299
Fabric OS Administrator ’s Guide 299 53-1002745-02 Configuring a logical switch to use XISLs 10 Configuring a logical switch to use XISLs When you creat e a logical switch, it is config ured t o use XISLs b y default. Use the follo w ing procedure to allow o r disallow the logical switch t o use XISLs in the base fabric. XISL use is not suppor te[...]
-
Page 300
300 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a logical fabric using XISLs 10 Creating a logical fabric using XISLs This procedure describes ho w to creat e a logical fa bric using multiple chassis and XISLs and refers to the configuration shown in Figure 28 as an exam ple. FIGURE 28 Example of logical fabrics in multiple c hassis [...]
-
Page 301
Fabric OS Administrator ’s Guide 301 53-1002745-02 Creating a logical fabric using XISLs 10 4. Configure the logical switches in each chassis: a. Connect to the ph ysical ch assis and log in using an ac count with the chassis-role permission. b. Create a logical switch and assign it a fabric ID f o r the logical fabric. This FID m ust be differen[...]
-
Page 302
302 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a logical fabric using XISLs 10[...]
-
Page 303
Fabric OS Administrator ’s Guide 303 53-1002745-02 Chapter 11 Administering Advanced Zoning In this chapter • Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 • Zoning ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304[...]
-
Page 304
304 Fabric OS A dministr ator’s Guide 53-1002745-02 Zoning overview 11 • QoS zones Assign high or low priority t o designated tr aff ic flows. QoS zones are regular zones with additional QoS attributes specified b y a dding a QOS prefix t o the zone name. See “QoS: SID/DID traffic prioritization” on page 5 19 f or more inf ormation. • T r[...]
-
Page 305
Fabric OS Administrator ’s Guide 305 53-1002745-02 Zoning overview 11 FIGURE 29 Zoning example Approaches to zoning Ta b l e 5 3 lis ts the various appr oaches you can tak e when implementing zo ning in a fabric. TA B L E 5 3 Approaches to fabric-based zoning Zoning approach D escription Recommended approach Single HBA Zoning by s ingle HBA most [...]
-
Page 306
306 Fabric OS A dministr ator’s Guide 53-1002745-02 Zoning overview 11 Zone objects A zone object is any de vice in a zone, such as: • Physical port numb er or por t index on the switch • Node World Wide Name (N-WWN) • Port World Wide Name (P-WWN) Zone objects identified b y por t number or index number are specified as a pair of decimal nu[...]
-
Page 307
Fabric OS Administrator ’s Guide 307 53-1002745-02 Zoning overview 11 The types of zone objects u sed to define a zone ca n be mixed. F or exam ple, a zone defined with the zone objects 2, 12; 2, 14; 1 0:00:00:80:33 :3f:aa:11 c ontains the de vices connect ed to domain 2, por ts 12 and 1 4, and a device with the WWN 1 0:00:00:80:33:3f:aa:1 1 (eit[...]
-
Page 308
308 Fabric OS A dministr ator’s Guide 53-1002745-02 Zoning overview 11 The different types of zone co nfigurations are: • Defined Configur ation The complet e set of all zone objects defined in the fabric. • Ef fectiv e Configuratio n A single zone configuration that is currentl y in ef f ect. The ef fe ctive configuration is built when you e[...]
-
Page 309
Fabric OS Administrator ’s Guide 309 53-1002745-02 Zoning overview 11 Identifying the enforced zone type Use the f ollowing pr ocedure to i dentify zone s and zone types: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the por tZoneShow command, using the follo wing syntax: portzoneshow Considerations for zo[...]
-
Page 310
310 Fabric OS A dministr ator’s Guide 53-1002745-02 Broadcast zones 11 Best practices for zoning The f ollowing are recommendations for using zo ning: • Alwa ys zone using the highest Fabric OS-lev el switch. Switches with ea rlier Fabric OS versions do not hav e the capability to view all the functional ity that a newe r Fabric OS pr ovides, a[...]
-
Page 311
Fabric OS Administrator ’s Guide 311 53-1002745-02 Broadcast zones 11 Figure 30 illu strates how br oadcast zones work with Admin Domains. Figure 30 shows a fabric wi th five de vices and two Admin Domains, AD1 and AD 2. Each Ad min Domain has two de vices and a broadcast zone. FIGURE 30 Broadcas t zones and Admin Domains The dott ed box represen[...]
-
Page 312
312 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone aliases 11 High availability considerat ions with broadcast zones If a switch has broadcast zone-cap able firmw are on the active CP (Fabric OS v5.3.x or lat er) and broadcast zone-incapable firm ware on the standb y CP (Fabric OS v ersion earlier than v5.3.0), then you cannot creat e a bro[...]
-
Page 313
Fabric OS Administrator ’s Guide 313 53-1002745-02 Zone aliases 11 Creating an alias Use the f ollowing pr ocedure to creat e an alias: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the aliCreate command, using the f ollowing syntax: alicreate " aliasname ", " member [; member...]" 3. E[...]
-
Page 314
314 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone aliases 11 inconsistent. The inconsistency will result in different Effective Zoning configurations for switches in the fabric if a zone merge or HA failover happens. To avoid inconsistency it is recommended to commit the configurations using the 'cfgenable' command. Do you still [...]
-
Page 315
Fabric OS Administrator ’s Guide 315 53-1002745-02 Zone aliases 11 The cfgSav e command ends and commits the current zo nin g transaction buf fer to non volatile memor y . If a transaction is open on a dif ferent switch in the fabric when this command is run, the transaction on the other switch is automati cally aborted. A message displays on the[...]
-
Page 316
316 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 Zone creation and maintenance Fabric OS allo ws you t o create zones to bett er manage de vices. Notes • Broadcast Zone : T o create a br oadcast zone, use the reser ved name “br oadcast”. Do not giv e a regular zone the name of “broadcast”. See “Broa[...]
-
Page 317
Fabric OS Administrator ’s Guide 317 53-1002745-02 Zone creation and maintenance 11 T o creat e a br oadcast zone, use the rese r ved name “br oadcast”. 3. Enter the cfgSav e command to sav e the change to the defined configuratio n. The cfgSav e command ends and commits the current zo nin g transaction buf fer to non volatile memor y . If a [...]
-
Page 318
318 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 Example Adding members to a zone switch:admin> zoneadd matt, "ze*; bond*; j*" switch:admin> cfgsave switch:admin> cfgshow Defined configuration: zone: matt 30:06:00:07:1e:a2:10:20; 3,2; zeus ; bond ; jake ; jeff ; jones zone: sloth bawn; bolt; [...]
-
Page 319
Fabric OS Administrator ’s Guide 319 53-1002745-02 Zone creation and maintenance 11 alias: jeff 30:00:00:05:1e:a1:cd:02; 40:00:00:05:1e:a1:cd:04 alias: jones 7,3; 4,5 alias: zeus 4,7; 6,8; 9,2 Effective configuration: No Effective configuration: (No Access) switch:admin> switch:admin> zoneremove matt,"30:06:00:07:1e:a2:10:20; ja*; 3,2&[...]
-
Page 320
320 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 alias: jake 4,7; 8,9; 14,11 alias: jeff 30:00:00:05:1e:a1:cd:02; 40:00:00:05:1e:a1:cd:04 alias: jones 7,3; 4,5 alias: zeus 4,7; 6,8; 9,2 Effective configuration: No Effective configuration: (No Access) switch:admin> switch:admin> zoneobjectreplace 11,2 4,8 [...]
-
Page 321
Fabric OS Administrator ’s Guide 321 53-1002745-02 Zone creation and maintenance 11 The cfgSav e command ends and commits the current zo nin g transaction buf fer to non volatile memor y . If a transaction is open on a dif ferent switch in the fabric when this command is run, the transaction on the other switch is automati cally aborted. A messag[...]
-
Page 322
322 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 Viewing a zone in the defined configuration Use the f ollowing pr ocedure to vie w a zone in the configuration: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the zoneShow command, using the f ollowing syntax: zoneshow[--so[...]
-
Page 323
Fabric OS Administrator ’s Guide 323 53-1002745-02 Zone creation and maintenance 11 1,1; 1,2 alias: array1 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 alias: array2 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 Effective configuration: cfg: fabric_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 1,2 Example Addin g [...]
-
Page 324
324 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone creation and maintenance 11 alias: loop1 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df 3. Enter the zone -- val ida te command to li st all zone members that are not part of the current zone enfo rcement table. No te that zone config uration names are case-sensitive; blank spaces are ign[...]
-
Page 325
Fabric OS Administrator ’s Guide 325 53-1002745-02 Zone creation and maintenance 11 If you ent er yes, and the cfgSav e operation complet es successfully then the fo llowing RASlog message [ZONE-1 062 ] will be posted. [ZONE-1062], 620/181, FID 128, WARNING, sw0, Defined and Effective zone configurations are inconsistent, ltime:2012/09/03-23:18:3[...]
-
Page 326
326 Fabric OS A dministr ator’s Guide 53-1002745-02 Default zoning mode 11 Default zoning mode The default zoning mode controls de vice access if zoning is not implement ed or if there is no effectiv e zone configuration. The default z oning mode has tw o options: • All Access — All devices within th e fabric can communicate with all o ther d[...]
-
Page 327
Fabric OS Administrator ’s Guide 327 53-1002745-02 Zone database size 11 switch:admin> cfgsave WARNING!!! The changes you are attempting to save will render the Effective configuration and the Defined configuration inconsistent. The inconsistency will result in different Effective Zoning configurations for switches in the fabric if a zone merg[...]
-
Page 328
328 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configurations 11 Zone configurations Y ou can store a number of zones in a zone conf iguration database. The maximum number of items that can be stored in the zone configuration database depends on the f ollowing criteria: • Number of switches in the f abric. • Number of b ytes f or ea[...]
-
Page 329
Fabric OS Administrator ’s Guide 329 53-1002745-02 Zone configurations 11 Adding zones (members) to a zone configuration Use the f ollowing pr ocedure to add members t o a zone configuration: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the cfgAdd command, using the following syntax: cfgadd " cfgname[...]
-
Page 330
330 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configurations 11 Enabling a zone configuration The f ollowing pr ocedure ends and commits the curre nt zoning transaction buf fer t o nonv olat ile memor y . If a transaction is open on a dif ferent swit ch in the fabric when this procedure is run, the transaction on the other switch is au[...]
-
Page 331
Fabric OS Administrator ’s Guide 331 53-1002745-02 Zone configurations 11 Deleting a zone configuration Use the f ollowing pr ocedure to delet e a zone configuration: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the cfgDelete c ommand, using the f ollow ing syntax: cfgdelete " cfgname " 3. Enter[...]
-
Page 332
332 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configurations 11 alias: array1 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 alias: array2 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 alias: loop1 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df Effective configuration: cfg: USA_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:[...]
-
Page 333
Fabric OS Administrator ’s Guide 333 53-1002745-02 Zone object maintena nce 11 Clearing all zone configurations Use the f ollowing pr ocedure to clear all zone configurations: 1. Connect to the switch and log in usin g an account with admin permissions. 2. Use cfgClear to clear all zone information in the transaction buffer . ATT ENTI ON Be caref[...]
-
Page 334
334 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone object maintenance 11 4. Enter the cfgShow command t o verify the new zone object is present. switch:admin> cfgshow "Test*" cfg: Test1 Blue_zone cfg: Test_cfg Purple_zone; Blue_zone switch:admin> cfgShow "US_Test1" cfg: US_Test1 Blue_zone 5. If you want the change [...]
-
Page 335
Fabric OS Administrator ’s Guide 335 53-1002745-02 Zone object maintena nce 11 You are about to expunge one configuration or member. This action could result in removing many zoning configurations recursively. [Removing the last member of a configuration removes the configuration.] Do you want to expunge the member? (yes, y, no, n): [no] yes 4. E[...]
-
Page 336
336 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone configuration management 11 Zone configuration management Y ou can add, delet e, or remove individual elements in an existing zone configurat ion to create an appropriat e configuration for your SAN en vironment. Af ter the changes ha ve been made, sav e the configuration to ensure the conf[...]
-
Page 337
Fabric OS Administrator ’s Guide 337 53-1002745-02 Zone merging 11 Adding a ne w fabric that has no zone configuration inf ormation to an existing fabric is v er y similar to adding a new switch. All switch es in the ne w fa bric inherit the zone configuration data. If the ex isting f abric has an effectiv e zone configur ation, then the same con[...]
-
Page 338
338 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone merging 11 • Merging two fabrics Both fabrics hav e iden tical zones and configurations enabl ed, including the default zone mode. The two fabrics will join to mak e one larger fabric with the same zone config uration across the newly created fabric. If the two f abrics hav e dif ferent z[...]
-
Page 339
Fabric OS Administrator ’s Guide 339 53-1002745-02 Zone merging 11 Zone merging scenarios The following tables pro vide information on merging zones and the expect ed results. • Ta b l e 5 5 on page 339: Defined and effectiv e configurations • Ta b l e 5 6 on page 340: Different cont ent • Ta b l e 57 on page 340: Different names • Ta b l[...]
-
Page 340
340 Fabric OS A dministr ator’s Guide 53-1002745-02 Zone merging 11 Switch A and Switch B ha ve different define d configur ations. Switch B has an ef fective configuration. defined: cfg2 zone2: ali3; ali4 effectiv e: none defined: cf g1 zone1: ali1; ali2 effective: cf g1 Clean merge. The ne w configuration will be a composit e of the two, with c[...]
-
Page 341
Fabric OS Administrator ’s Guide 341 53-1002745-02 Zone merging 11 TA B L E 5 8 Zone merging scenarios: TI zones Description Switch A Swi tch B Expected results Switch A does not h av e T raffic Isolation (TI) zones . Switch B has TI zones. defined: cfg1 effectiv e: cfg1 defined: cf g1 TI_zone 1 effective: cfg1 Clean merge. TI zones are not aut o[...]
-
Page 342
342 Fabric OS A dministr ator’s Guide 53-1002745-02 Concurrent zone transactions 11 NOTE When merging mixed v e rsions of F abric OS where bo th side s hav e default zone mode No A ccess set , the merge results vary depending on which switch initiates the merge. Concurrent zone transactions While working on zo ne sets, a special wor k space is pr[...]
-
Page 343
Fabric OS Administrator ’s Guide 343 53-1002745-02 Concurrent zone transactions 11 u30:FID128:admin> cfgsave You are about to save the Defined zoning configuration. This action will only save the changes on Defined configuration. Multiple open transactions are pending in this fabric. Only one transaction can be saved. Please abort all unwanted[...]
-
Page 344
344 Fabric OS A dministr ator’s Guide 53-1002745-02 Concurrent zone transactions 11[...]
-
Page 345
Fabric OS Administrator ’s Guide 345 53-1002745-02 Chapter 12 Traffic Isolation Zoning In this chapter • T raffic Isolation Zoning ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 • Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 • T raffic Isolati[...]
-
Page 346
346 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning overview 12 Figure 3 1 shows a fabric with a TI zone consisting of the follo wing: • N_Ports: “1,7”, “1,8”, “4,5”, and “4,6” • E_Ports: “1, 1”, “3,9”, “3, 12”, and “4,7” The dotted line indicates the dedicat ed path between the initiat[...]
-
Page 347
Fabric OS Administrator ’s Guide 347 53-1002745-02 Traffic Isolation Zoning overview 12 For ex a mp l e , in Figure 3 1 on page 346, if the dedicated ISL be tween Domain 1 and Domain 3 goes of fline, then the f ollowing occurs, depending on the failov er option: • If failo ver is disabled f or the TI zone, the TI zone traf fic is halted until t[...]
-
Page 348
348 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning overview 12 • Ensure that there are multiple paths be tween switches. Disabling failo ver locks the specified r oute so that only TI zone traffic can use it. Non-TI zone traf fic is excluded fr om using the dedicated path. • Y ou should enable failov er -enabled TI z[...]
-
Page 349
Fabric OS Administrator ’s Guide 349 53-1002745-02 Traffic Isolation Zoning overview 12 FSPF routing rules and traffic isolation All traffic must use the lowest cost path. FSPF r out ing rules take pr ecedence o ver the TI zones, as described in th e follo wing situations. If the dedicate d ISL is not the lo west cost path ISL, then the fo llowin[...]
-
Page 350
350 Fabric OS A dministr ator’s Guide 53-1002745-02 Enhanced TI zones 12 FIGURE 34 Dedicated path is not the sh or test path NOTE For inf ormat ion about setting or displaying the FSPF cost of a path, see the linkCost and top olo gy Sh ow commands in the F abric OS Command Reference . Enhanced TI zones In F abric OS v6.4.0 and later , por ts can [...]
-
Page 351
Fabric OS Administrator ’s Guide 351 53-1002745-02 Enhanced TI zones 12 Illegal configurations with enhanced TI zones When you creat e TI zones, ensure that all traffi c fr om a port to all destinations on a remote domain ha ve the same path. Do no t create separate paths from a local por t to tw o or more ports on the same remot e domain. If the[...]
-
Page 352
352 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning over FC routers 12 In this example traffic from the T arget to Domain 2 is routed c orrectly . Only one TI zone describes a path to Domain 2. Howe ver , bo th TI zones describe differ ent, valid paths fr om the T arget to Domain 1. Only one path will be able t o get t o [...]
-
Page 353
Fabric OS Administrator ’s Guide 353 53-1002745-02 Traffic Isolation Zoning over FC routers 12 FIGURE 38 Traff ic Isolation Zoning over FCR In addition to setting up TI zones , you must also ensure that the devices are in an LSAN zone so that they can communicat e with each other . If failo ver is enabled and the TI path is not a vailabl e, an al[...]
-
Page 354
354 Fabric OS A dministr ator’s Guide 53-1002745-02 Traffic Isolation Zoning over FC routers 12 TI zones within an edge fabric A TI zone within an edge fabric is used to r out e traffic between a real de vice and a proxy device through a par ticular EX_Port. For e x ample, in Figure 39 , you can set up a TI zone t o ensure that traf fic between H[...]
-
Page 355
Fabric OS Administrator ’s Guide 355 53-1002745-02 Traffic Isolation Zoning over FC routers 12 TI zones within a backbone fabric A TI zone within a backbone fabric is used to r oute traffic within the b ackbone fabric through a par ticular ISL. For e xample, in Figure 40 , a TI zone is set up in the backbone fabric t o ensure that traf fic betwee[...]
-
Page 356
356 Fabric OS A dministr ator’s Guide 53-1002745-02 General rules for TI zones 12 Limitations of TI zones over FC routers Be aw are of the f ollowing when configuring TI zones o ver FC r outers: • A TI zone defined within the backbone fabric do es not guarant ee that edge fabric traffic will arrive at a particu lar EX_Port. Y ou must set up a T[...]
-
Page 357
Fabric OS Administrator ’s Guide 357 53-1002745-02 General rules for TI zones 12 For ex a mp l e , in Figure 4 1 , th e TI zone was confi gured incorrectly and E_Por t “3,9” was errone ously omitted fr om the zone. The domain 3 switch assumes that traf fic coming from E_Port 9 is not par t of the TI zone and so that traf fic is r outed t o E_[...]
-
Page 358
358 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported configurations for Traffic Isolation Zoning 12 E-Port Trunks Trunk members in TI zone: 8 Trunk members not in TI zone: 9 10 E-Port Trunks Trunk members in TI zone: 16 Trunk members not in TI zone: 17 18 Supported configurations for Traffic Isolation Zoning The follo wing configuration [...]
-
Page 359
Fabric OS Administrator ’s Guide 359 53-1002745-02 Limitations and restrict ions of Traffic Isolation Zoning 12 Trunking with TI zones If you implement trunking and TI z ones, you should k eep the following points in mind: • T o include a trunk group in a TI zone, you must include all por ts of the trunk in the TI zone. • T runk ed ISL por ts[...]
-
Page 360
360 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain considerations for Traffic Isolation Zoning 12 • T o include a trunk group in a TI zone, you must include all por ts of the trunk in the TI zone. • If two N_P or ts are o nline and hav e the same sh ared area, and one of th em is configured in a TI zone, then they both must be c[...]
-
Page 361
Fabric OS Administrator ’s Guide 361 53-1002745-02 Virtual Fabrics considerat ions for Traffic Isolation Zoning 12 Virtual Fabrics considerations for Traffic Isolation Zoning This section describes how TI zones work with Vir tual Fabrics. See Chapt e r 1 0, “Ma naging Vir tual Fabrics,” for info rmation about the Vir tual Fabrics feature, inc[...]
-
Page 362
362 Fabric OS A dministr ator’s Guide 53-1002745-02 Virtual Fabrics considerations for Traffic Is olation Zoning 12 FIGURE 43 Creating a TI zone in a logical fabric Y ou must also create and ac tivat e a TI zone in the base fabric to reserve the XISLs f or the dedicated path. In Figure 44 , the XISLs highlight ed (by a do tted line) in the base f[...]
-
Page 363
Fabric OS Administrator ’s Guide 363 53-1002745-02 Traffic Isolation Zoning over FC routers with Virtual Fabrics 12 Traffic Isolation Zoning over FC routers with Virtual Fabrics This section describes how you can set u p TI zones over FC rout er s in logical fab rics. Figure 45 shows two ph ysi cal chassis configured into logical switches. The in[...]
-
Page 364
364 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a TI zone 12 Creating a TI zone Y ou create and modify T I zones using the zone command. Other zoning commands, such as zoneCrea te , aliCreat e , and cfgCreate , cannot be used to manag e TI zones. When you creat e a TI zone, you can set the state of the zone to activated or deactivat [...]
-
Page 365
Fabric OS Administrator ’s Guide 365 53-1002745-02 Creating a TI zone 12 Example TI zone creation The follo wing examples creat e a TI zone named “bluezone”, which contains E_Ports 1, 1 and 2,4 and N_Port s 1,8 and 2,6. T o creat e a TI zone with f ailov er enabled and in the activ ated stat e (default settings): switch:admin> zone --creat[...]
-
Page 366
366 Fabric OS A dministr ator’s Guide 53-1002745-02 Creating a TI zone 12 Creating a TI zone in a base fabric 1. Connect to the switch and log in us ing an account with admin permissions. 2. Create a “dummy” zone configuration in the base fabric. For e xample: zone --create "z1", "1,1" cfgcreate "base_config", z1[...]
-
Page 367
Fabric OS Administrator ’s Guide 367 53-1002745-02 Modifying TI zones 12 Modifying TI zones Using the zone -- add command, y ou can add ports to an e xisting TI zone, change the failo ver option, or bo th.Y ou can also activ ate o r deactivat e the TI zone. Using the zone -- remove c o m m a n d , y o u c a n r e m o ve p o r t s f r o m ex i s t[...]
-
Page 368
368 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing the state of a TI zone 12 Example of modifying a TI zone T o add port members to the existing TI zone bluezone: switch:admin> zone --add bluezone -p "3,4; 3,6" T o add port members to the existing TI zone in a backbone fabric: switch:admin> zone --add backbonezone -p &qu[...]
-
Page 369
Fabric OS Administrator ’s Guide 369 53-1002745-02 Deleting a TI zone 12 Deleting a TI zone Use the zone -- delet e command t o delet e a TI zone fr om the defined configuration. This command delet es the entire zone; to only remove por t members fr om a TI zone, use the zone -- remove command, as described in “Modifying TI zones” on page 367[...]
-
Page 370
370 Fabric OS A dministr ator’s Guide 53-1002745-02 Troubleshooting TI zone routing problems 12 Example displaying information about all TI zones in the defined conf iguration in ascendi ng order switch:admin> zone --show -ascending Defined TI zone configuration: TI Zone Name: bluezone: Port List: 8,3; 8,5; 9,2; 9,3; Configured Status: Deactiv[...]
-
Page 371
Fabric OS Administrator ’s Guide 371 53-1002745-02 Setting up TI over FCR (sample proce dure) 12 Setting up TI over FCR (sample procedure) The f ollowing e xample shows how to se t up TI zones ov er FCR to pr ovide a dedicat ed path shown in Figure 4 7 . In this example, three TI zones are creat ed: one in each of the edge fabrics and one in the [...]
-
Page 372
372 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up TI over FCR (sample procedure) 12 The Fabric has 3 switches b. Enter the follo wing commands to create and displa y a TI zone: E1switch:admin> zone --create -t ti TI_Zone1 -p "4,8; 4,5, 1,-1; 6,-1" E1switch:admin> zone --show Defined TI zone configuration: TI Zone Name[...]
-
Page 373
Fabric OS Administrator ’s Guide 373 53-1002745-02 Setting up TI over FCR (sample proce dure) 12 c. E nte r t he fo llo wi ng co mm and s to re ac ti vate your current ef fective configuration and enfor ce the TI zones. E2switch:admin> cfgactvshow Effective configuration: cfg: cfg_TI zone: lsan_t_i_TI_Zone1 10:00:00:00:00:00:02:00:00 10:00:00:[...]
-
Page 374
374 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up TI over FCR (sample procedure) 12[...]
-
Page 375
Fabric OS Administrator ’s Guide 375 53-1002745-02 Chapter 13 Bottleneck Detection In this chapter • Bottleneck det ection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 75 • Suppor ted configurations f or bottleneck dete ct ion . . . . . . . . . . . . . . . . . . 3 77 • Credit Loss . . . . . . . . . . . . [...]
-
Page 376
376 Fabric OS A dministr ator’s Guide 53-1002745-02 Bottleneck detection overview 13 • If the bottleneck det ection feature det ects ISL co ngestion, you can use ingress rat e limiti ng to slow down lo w priority application traf fic, if it is contribu ting to the congestion. Notes • Bottleneck detection is configured on a per-swit ch basis, [...]
-
Page 377
Fabric OS Administrator ’s Guide 377 53-1002745-02 Supported configurations for bottleneck detection 13 Y ou can use the bot tleneckMon command to speci fy aler ting paramet ers for the fol lowing: • Whether aler ts are to be sent when a bo ttleneck condition is detect ed • The size of the time window t o look at when dete rmining whether t o[...]
-
Page 378
378 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported configurations for bottleneck detection 13 High availability consideratio ns for bottleneck detection The bottleneck detection configuration is ma intained across a failo ver or reboot; how ev er , bottleneck statis tics collected are lost . Upgrade and downgrade considerat ions for bo[...]
-
Page 379
Fabric OS Administrator ’s Guide 379 53-1002745-02 Credit Loss 13 Credit Loss Fabric OS v7 . 1 and later support s back-end credit lo ss det ection back-end por ts and core blades as well as on the Br ocade 5300 and 6520 switches, alth ough the support is slightly dif ferent on each devic e. See belo w f or details on these switches, and the Fabr[...]
-
Page 380
380 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling bottleneck detecti on on a switch 13 The f ollowing credit loss reco ver y methods are supported for Brocade 6 520 back-end por ts: • For all the credit loss me thods described abo ve, a link reset will automatically be per formed, assuming that this option was enabled. See “Enablin[...]
-
Page 381
Fabric OS Administrator ’s Guide 381 53-1002745-02 Displaying bottleneck detec tion configuration details 13 3. Repeat step 1 and step 2 on every sw itch in the fabric. NOTE Best practice is t o use the default v alues f o r the aler ting and sub-seco nd latency criterion parameters. Example of enabling bo ttleneck detection ( Recommended use cas[...]
-
Page 382
382 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting bottleneck detection alerts 13 Switch-wide sub-second latency bottleneck criterion: ==================================================== Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: ============================ Alerts - Yes Latency threshold for ale[...]
-
Page 383
Fabric OS Administrator ’s Guide 383 53-1002745-02 Setting bottleneck detection alerts 13 FIGURE 48 Af fe cted seconds for bottleneck d etection The -time parameter specifies the time window. F or this example, -time equals 12 seconds. The -cthresh and -lthresh paramet ers specify the thresholds on number of affect ed seconds that trigger aler ts[...]
-
Page 384
384 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing bottleneck dete ction parameters 13 Setting a congestion alert only This exam ple enables a congesti on aler t and shows its values. Example of setting an aler t for congestion switch:admin> bottleneckmon --enable -alert=congestion switch:admin> bottleneckmon --status Bottleneck d[...]
-
Page 385
Fabric OS Administrator ’s Guide 385 53-1002745-02 Changing bottleneck dete ction parameters 13 NOTE Entering a -- c o n f i g command changes only those settings spec if ied in the com mand; all others are lef t alone. The only e xceptions are for the -aler t (restores aler ts using recorded v alues) or -noaler t (disables all aler ts) switches.[...]
-
Page 386
386 Fabric OS A dministr ator’s Guide 53-1002745-02 Changing bottleneck dete ction parameters 13 Switch-wide sub-second latency bottleneck criterion: ==================================================== Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: ================================ Alerts - Yes Latency thresho[...]
-
Page 387
Fabric OS Administrator ’s Guide 387 53-1002745-02 Changing bottleneck dete ction parameters 13 Congestion threshold for alert - 0.700 Averaging time for alert - 200 seconds Quiet time for alert - 150 seconds Per-port overrides for alert parameters: ======================================== Port Alerts? LatencyThresh CongestionThresh Time (s) QTim[...]
-
Page 388
388 Fabric OS A dministr ator’s Guide 53-1002745-02 Advanced bottleneck detection settings 13 Switch-wide alerting parameters: ================================ Alerts - Yes Latency threshold for alert - 0.200 Congestion threshold for alert - 0.700 Averaging time for alert - 200 seconds Quiet time for alert - 150 seconds Adjusting the frequency of[...]
-
Page 389
Fabric OS Administrator ’s Guide 389 53-1002745-02 Excluding a port from bottleneck detection 13 • Y ou want great er-than-default (sub-second) latency sensitivity on your fabric, so you set sub-second latency crit erion parameters at the time y ou enable bottleneck det ection. • Y ou want to reduce the number of aler ts you are receiving abo[...]
-
Page 390
390 Fabric OS A dministr ator’s Guide 53-1002745-02 Excluding a port from bottleneck detection 13 For trunking, if you e xclude a sla ve por t from bo tt leneck det ect ion, the ex clusion has no effect as long as the por t is a trunk slav e. The exclusion ta kes effect only if the port becomes a trunk m aster or lea ves the trunk. Use the f ollo[...]
-
Page 391
Fabric OS Administrator ’s Guide 391 53-1002745-02 Displaying bottleneck statistics 13 Switch-wide sub-second latency bottleneck criterion: ==================================================== Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: ================================ Alerts - Yes Latency threshold for ale[...]
-
Page 392
392 Fabric OS A dministr ator’s Guide 53-1002745-02 Disabling bottleneck detection on a switch 13 Disabling bottleneck detection on a switch When you disable bo ttleneck detection on a sw itch, all bottleneck co nfiguration details are discarded, including the list of ex cluded por ts and non-def ault values of alerting parameters. Use the f ollo[...]
-
Page 393
Fabric OS Administrator ’s Guide 393 53-1002745-02 Chapter 14 In-flight Encryption and Compression In this chapter • In-flight encryption and compression ov erview . . . . . . . . . . . . . . . . . . . . . . 393 • Configuring encryption and compression . . . . . . . . . . . . . . . . . . . . . . . . . . 399 • Encr yption and compression e x[...]
-
Page 394
394 Fabric OS A dministr ator’s Guide 53-1002745-02 In-flight en cryption and compre ssion overview 14 FIGURE 49 Encr yption and compressio n on 1 6 Gbps ISLs The encr yption and compression feat ures are designed t o work only with E_P or ts, EX_Por ts, and XISL por ts (in VF mode). Encr yption an d compression are also compatible with the f oll[...]
-
Page 395
Fabric OS Administrator ’s Guide 395 53-1002745-02 In-flight encryption and compression overview 14 Bandwidth limits Fabric OS support s up to 32 Gbps of data en cr yption and 32 Gbps of data compression per 1 6G-capable FC platf orm. This limi ts the numbe r of por ts that can hav e these f eatures enabled at any one time. Ta b l e 6 2 shows som[...]
-
Page 396
396 Fabric OS A dministr ator’s Guide 53-1002745-02 In-flight en cryption and compre ssion overview 14 The por t level authentication security feature must be enabled before encr yption configuration can be enabled. Pre-shared secret ke ys should be co nfig ured on both ends of the ISL t o per for m authentication. Once the link has been authenti[...]
-
Page 397
Fabric OS Administrator ’s Guide 397 53-1002745-02 In-flight encryption and compression overview 14 1 N oN oN o N o 2 N oN oN o N o 3 N oN oN o N o 4 N oN oN o N o 5 N oN oN o N o 6 N oN oN o N o 7 N oN oN o N o 8 N oN oN o N o 9 N oN oN o N o 10 No No No No 11 No No No No 12 No No No No 13 No No No No 14 No No No No 15 No No No No 16 No No Yes Y[...]
-
Page 398
398 Fabric OS A dministr ator’s Guide 53-1002745-02 In-flight en cryption and compre ssion overview 14 portHealth: No Fabric Watch License Authentication: None portDisableReason: None portCFlags: 0x1 portFlags: 0x10000103 PRESENT ACTIVE E_PORT T_PORT T_MASTER G_PORT U_PORT ENCRYPT LOGIN LocalSwcFlags: 0x0 portType: 24.0 portState: 1 Online Protoc[...]
-
Page 399
Fabric OS Administrator ’s Guide 399 53-1002745-02 Configuring encryption and compression 14 Virtual Fabrics considerations The E_Ports and EX_Por ts in the user-c reated logi cal switch, base switch, or default switch; and EX_Ports on base switches can suppor t encr ypti on a nd compression. Y ou ca n configure enc r yption o n X I SL p o r t s [...]
-
Page 400
400 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring encryption and compression 14 Notes • If you ne ed to disable authentication on a por t that has encryption or compression c onfigured, you must first disable encr yption or compression on the port, and then disable authentication. • If you w ant to enable authentication acr o ss[...]
-
Page 401
Fabric OS Administrator ’s Guide 401 53-1002745-02 Configuring encryption and compression 14 Viewing the encryption and compression configuration T o det ermine which por ts are av ailable for encrypti on or compression on each ASIC on the switch, follo w these steps: 1. Connect to the switch and log in us ing an account with admin permissions. 2[...]
-
Page 402
402 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring encryption and compression 14 Changing port speed on encrypti on/compression enabled ports The por t speed values can be displa y ed through sev eral commands, including portStatsShow , por tEncCompShow , and por tCfgSpeed . Howe ver , the por t speed can only be changed using the po[...]
-
Page 403
Fabric OS Administrator ’s Guide 403 53-1002745-02 Configuring encryption and compression 14 • Because enc r yption adds mo re payload to th e port in addition to compressio n, the compression ratio calculation is significantly af fected on ports con figured for both encryption and compression. This is bec ause the compressed length then also i[...]
-
Page 404
404 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring encryption and compression 14 For additional inf ormation abou t configuring DH-C HAP authentication for E_Po r ts and EX_Por ts, see “ Authentication policy for fabric elements” on page 20 7. Configuring encryption NOTE Before performing this pr ocedure, you must authenticat e t[...]
-
Page 405
Fabric OS Administrator ’s Guide 405 53-1002745-02 Configuring encryption and compression 14 4. Ena ble the por t with the por tEnable command. Af ter enabling the port, the new configu ration becomes active. Disabling encryption T o disable encryption on a por t, follo w these st eps: 1. Connect to the switch and log in using an account with sec[...]
-
Page 406
406 Fabric OS A dministr ator’s Guide 53-1002745-02 Encryption and compression examples 14 Encryption and compression examples The follo wing exam ples show configuring and enabli ng encryption and compression. In this case, encr yption and compression are bein g applied t o the E_P or ts at either end of an ISL connecting a por t on a blade in a[...]
-
Page 407
Fabric OS Administrator ’s Guide 407 53-1002745-02 Encryption and compression examples 14 Example of enabling encryption and compression on an E_Port This exam ple configures and enables encryption and compression on a giv en por t. The commands in this exam ple are shown e ntered on the Br ocade 65 10 name d ‘myswitch’. The same commands mus[...]
-
Page 408
408 Fabric OS A dministr ator’s Guide 53-1002745-02 Encryption and compression examples 14 Are you done? (yes, y, no, n): [no] y Saving data to key store... Done. myswitch:admin> secauthsecret --show WWN DId Name ----------------------------------------------- 10:00:00:05:1e:e5:cb:00 150 dcx_150 myswitch:admin> Activate authentication Af te[...]
-
Page 409
Fabric OS Administrator ’s Guide 409 53-1002745-02 Encryption and compression examples 14 Rate Limit OFF EX Port OFF Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay: 0(R_A_TOV) NPIV PP Limit: 126 CSCTL mode: OFF Frame Shooter Port OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: OFF myswitch:admin> Enabling compressi[...]
-
Page 410
410 Fabric OS A dministr ator’s Guide 53-1002745-02 Encryption and compression examples 14 Examples of disabling encryption and compression This example disables the encryp tion and compression that were enabled in the previous e xample. Example Disabling encrypt ion on por t 0 myswitch:admin> portdisable 0 myswitch:admin> portcfgencrypt --[...]
-
Page 411
Fabric OS Administrator ’s Guide 411 53-1002745-02 Working with EX_Por ts 14 Working with EX_Ports An EX_Port is a type of E_Por t (expansion por t ) that connects a Fibre Channel r outer t o an edge fabric. F rom the point of view of a switch in an edge fabric, an EX_Port appears as a normal E_Por t; It follo w s applicable Fibre Channel standar[...]
-
Page 412
412 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 NOTE If trunking is enabled, be aw are that the por t s creating th e bandwidth limitation will f orm a trunk group, while the rest of the ports will be segmented. Example of enabling encryption and compression on an EX_Port This example co nfigures and enables encr ypti[...]
-
Page 413
Fabric OS Administrator ’s Guide 413 53-1002745-02 Working with EX_Por ts 14 This command is used to set up secret keys for the DH-CHAP authentication. The minimum length of a secret key is 8 characters and maximum 40 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performe[...]
-
Page 414
414 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 QOS Port AE Port Auto Disable: OFF Rate Limit OFF EX Port ON Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay: 0(R_A_TOV) NPIV PP Limit: 255 CSCTL mode: OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: ON myswitch:admin> Example Enabling comp[...]
-
Page 415
Fabric OS Administrator ’s Guide 415 53-1002745-02 Working with EX_Por ts 14 FCR:admin> portcfgexport 1 Port 1 info Admin: enabled State: OK Pid format: core(N) Operate mode: Brocade Native Edge Fabric ID: 20 Front Domain ID: 160 Front WWN: 50:00:53:31:37:43:ee:14 Principal Switch: 8 Principal WWN: 10:00:00:05:33:13:70:3e Fabric Parameters: Au[...]
-
Page 416
416 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed whenever a port or a switch is enabled. Warning: Please use a secure channel for setting secrets. Using an insecure channel is not safe and[...]
-
Page 417
Fabric OS Administrator ’s Guide 417 53-1002745-02 Working with EX_Por ts 14 NPIV PP Limit: 126 CSCTL mode: OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: ON Example Enabli ng compression on the same port. The por tCfgShow command shows that both e ncr yption and compression are now enabled on this por t. edge:admin> portdisable 1 e[...]
-
Page 418
418 Fabric OS A dministr ator’s Guide 53-1002745-02 Working with EX_Ports 14 EX_Port commands See the F abric OS Command Refe rence f or more details on these EX_Po r t -valid commands. portCfgExPort The por tCfgExPort command sets a por t to be an EX_Por t, and also sets and displays EX_Port configuration parameters (including those for encrypti[...]
-
Page 419
Fabric OS Administrator ’s Guide 419 53-1002745-02 Chapter 15 NPIV In this chapter • NPIV ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1 9 • Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 • Enabling and disabling[...]
-
Page 420
420 Fabric OS A dministr ator’s Guide 53-1002745-02 NPIV overview 15 Index Port Address Media Speed State Proto ============================================== 0 0 010000 id N4 Online FC F-Port 20:0c:00:05:1e:05:de:e4 0xa06601 1 1 010100 id N4 Online FC F-Port 1 N Port + 4 NPIV public 2 2 010200 id N4 Online FC F-Port 1 N Port + 119 NPIV public 3 [...]
-
Page 421
Fabric OS Administrator ’s Guide 421 53-1002745-02 Configuring NPIV 15 Configuring NPIV The NPIV f eature is enabled by default. Y ou can set the number of virtual N_Por t_IDs per por t to a value fr om 1 throug h 255 per por t. The default setting is 126. The por tCfgNpivPort command is used t o specify the max imum numb er of virt ual N_port_ID[...]
-
Page 422
422 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling and disab ling NPIV 15 VC Link Init OFF Locked L_Port OFF Locked G_Port OFF Disabled E_Port OFF Locked E_Port OFF ISL R_RDY Mode OFF RSCN Suppressed OFF Persistent Disable OFF LOS TOV enable OFF NPIV capability ON QOS E_Port AE Port Auto Disable: OFF Rate Limit OFF EX Port OFF Mirror Po[...]
-
Page 423
Fabric OS Administrator ’s Guide 423 53-1002745-02 Viewing NPIV port con figuration information 15 Viewing NPIV port configuration information 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the por tCfgShow command to vie w the switch por ts information. The follo wing exam ple shows whether a port is c[...]
-
Page 424
424 Fabric OS A dministr ator’s Guide 53-1002745-02 Viewing NPIV port configuration information 15 switch:admin> portshow 2 portName: 02 portHealth: HEALTHY Authentication: None portDisableReason: None portCFlags: 0x1 portFlags: 0x24b03 PRESENT ACTIVE F_PORT G_PORT NPIV LOGICAL_ONLINE LOGIN NOELP LED ACCEPT portType: 10.0 portState: 1Online po[...]
-
Page 425
Fabric OS Administrator ’s Guide 425 53-1002745-02 Chapter 16 Dynamic Fabric Provisioning: Fabric-Assigned PWWN In this chapter • Introduction to Dynamic F abric Pro visioni ng using F A -P WWN . . . . . . . . . . 425 • User- and auto-assigned F A -PWWN behavior . . . . . . . . . . . . . . . . . . . . . . . 426 • Configuring F A-PWWNs . . .[...]
-
Page 426
426 Fabric OS A dministr ator’s Guide 53-1002745-02 User- and auto-assigned FA-PWWN behavior 16 NOTE For the server to use the F A -PWWN feature , it must be using a Broc ade HBA or adapter . R efe r to the release note s f or the HBA or adapter v ersions that suppor t this feature. Some configuration of the HBA must be per formed t o use the F A[...]
-
Page 427
Fabric OS Administrator ’s Guide 427 53-1002745-02 Configuring FA-PWWNs 16 This section includes an F A-PWWN configuration pr ocedure for each of the f ollowing two topologies: • An F A -PWWN f or an HBA de vice that is connect ed to an Acce ss Gate way switch. • An F A -PWWN f or an HBA de vice that is connect ed directly to an edge switch. [...]
-
Page 428
428 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring FA-PWWNs 16 3. Enter the fapwwn -- show -ag all command: Y ou should see ou tput similar to the following sample. (In this example, long lines of output are shown split acr oss two lines, f or bet ter readability .) ----------------------------------------------------------- AG Port [...]
-
Page 429
Fabric OS Administrator ’s Guide 429 53-1002745-02 Supported switches and configurations for FA-PW WN 16 3. Enter the fapwwn -- show -por t all command: Y ou should see output simi lar to the f ollowing sample. ----------------------------------------------------------------------- Port PPWWN VPWWN PID Enable MapType -----------------------------[...]
-
Page 430
430 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuration uplo ad and download considerations for FA-PWWN 16 • Access Gat ewa y platforms running F abric OS v7 .0.0 or later: - Brocade 300 - Brocade 5 1 00 - Br ocade 6505 - Brocade 65 10 • Brocade HBAs with driver version 3.0.0. 0: - Brocade 4 15 - Brocade 425 - Brocade 8 15 - Brocade[...]
-
Page 431
Fabric OS Administrator ’s Guide 431 53-1002745-02 Restrictions of FA-PWWN 16 NOTE When creating the DCC policy , use the ph ysical de vice WWN and not the F A-PWWN. If you use DCC, a policy check is do ne on the physic al PWWN on the ser vers. In the case of an HBA, the F A -PWWN is assigned to the HBA only af ter the DCC check is successful. Re[...]
-
Page 432
432 Fabric OS A dministr ator’s Guide 53-1002745-02 Access Gateway N_Port failover with FA-PWWN 16[...]
-
Page 433
Fabric OS Administrator ’s Guide 433 53-1002745-02 Chapter 17 Managing Administrative Domains In this chapter • Administrativ e Domains ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 • Admin Domai n management f or physical f a bric administrators . . . . . . . . 442 • SAN management with Admin Domains . . . [...]
-
Page 434
434 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 NOTE Do not confuse an Admin Domain number with the domain ID of a switch. T hey are two different identifiers. The Admin Domain number identifies the Admin Domain and has a range from 0 through 255. The domain ID identifies a switch in the fabric an d ha s a [...]
-
Page 435
Fabric OS Administrator ’s Guide 435 53-1002745-02 Administrative Domai ns overview 17 Admin Domain features Admin Domains allow y ou to do the f ollowing: • Define the scope of an Admin Domain t o enco mpass ports and devices within a switch or a fab ric . • Share resources acr oss multiple Admin Domains. For e xample, you can share arra y p[...]
-
Page 436
436 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 Ta b l e 6 5 lists each Admin Domain user type and describes its administ rative access and capabilities. User-defined Admin Domains AD1 through AD2 54 are user -defined Admin Do ma ins. These user -defined Admin Domains can be created only b y a physical fabr[...]
-
Page 437
Fabric OS Administrator ’s Guide 437 53-1002745-02 Administrative Domai ns overview 17 For e xample, if De viceA is not a member of an y user -defined Admin Domain, then it is an implicit member of AD0. If you e xplicitly add Devic eA to AD0, then De viceA is both an implicit and an explicit member of AD0. AD0 implicit members AD0 explicit member[...]
-
Page 438
438 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 FIGURE 54 Fabric with AD0 and AD255 Home Admin Domains and login Y ou are alwa ys logged in to an Admin Domain, and yo u can vie w and modify only the de vices in that Admin Do main. If you ha ve access to more than one Admin Domain, one of them is designated [...]
-
Page 439
Fabric OS Administrator ’s Guide 439 53-1002745-02 Administrative Domai ns overview 17 • For user -defined accounts, the ho me Admin Domain defaults to AD0 but an administrator can set the home Admin Domain to an y Admin Domain to which the account is giv en access. • If you are in an y Admin Domain context o ther th an AD0, the A dmin Domain[...]
-
Page 440
440 Fabric OS A dministr ator’s Guide 53-1002745-02 Administrative Dom ains overview 17 If a de vice is a member of an Admin D omain, th e switch port to which the de vice is connected becomes an indi rect member of that A dmin Domain and the domain,index is removed fr om the AD0 implicit membership list. NOTE If the switch domain ID changes, the[...]
-
Page 441
Fabric OS Administrator ’s Guide 441 53-1002745-02 Administrative Domai ns overview 17 Figure 55 on page 44 1 shows an unfilt ered view of a fa bric with tw o switches, three de vices, and two Admin Domains. The de vices are labeled with device WWNs and the switches are labeled with domain IDs and sw itch WWNs. FIGURE 55 Fabric showing switch and[...]
-
Page 442
442 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 Admin Domain compatibility, availability, and merging Admin Domains maintain continuity of ser vice for F abric OS features and operat e in mixed-re lease Fabric OS en vironments. High availability is suppor ted with some backward c[...]
-
Page 443
Fabric OS Administrator ’s Guide 443 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 Setting the default zoning mode for Admin Domains T o begin implementing an Admin Domain structure within your SAN, y ou must first set the default zoning mode t o No Access. Y ou must be in AD0 to change the def ault zoning mode. 1.[...]
-
Page 444
444 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 ad --select 255 5. Enter the ad -- create command using the -d optio n to specify de vice and switch por t members and the -s option to specify switch members: ad --create ad_id -d " dev_list " -s " switch_list "[...]
-
Page 445
Fabric OS Administrator ’s Guide 445 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 Creating a new user account for managing Admin Domains 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the userConf ig -- add command using the -r option to set the role, the -a option to pro vi[...]
-
Page 446
446 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 Removing an Admin Domain from a user account When you remo ve an Admin Domain fr om an account, all of the currently active sessions for that account are logged out. 1. Connect to the switch and log in us ing an account with admin p[...]
-
Page 447
Fabric OS Administrator ’s Guide 447 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 Deactivating an Admin Domain If you d eactivat e an Admin Domain, the members assigned t o the Admin Domain c an no longer access their hosts or s torage unless those members are par t of another A dmin Domain. Y ou cannot log in t o[...]
-
Page 448
448 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 • T o sa ve the Admin Domain definition, ent er ad -- sav e . • T o sav e the Admin Domain definit ion and directly apply the definit ion to the fabric, enter ad -- apply . Example of adding two switch port s, designated by doma[...]
-
Page 449
Fabric OS Administrator ’s Guide 449 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 4. Enter the appropriate command based o n whether you want to sa ve or activat e the Admin Domain definition: • T o sa ve the Admin Domain definition, ent er ad -- sav e . • T o sav e the Admin Domain definit ion and directly ap[...]
-
Page 450
450 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 Deleting all user-defined Admin Domains When you clear the A dmin Domain configuration, all user- defined Admin Domains are dele ted, the explicit membership list of AD0 is cleared, and a ll fabric resou rces (swi tches, ports, and [...]
-
Page 451
Fabric OS Administrator ’s Guide 451 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 3. Enter the zone -- copy command to cop y the zones from all user -defined Admin Domains to AD0. zone --copy source_AD . source_name dest_name In this syntax, source_AD is the name of the user -defined AD fr om which y ou are copy i[...]
-
Page 452
452 Fabric OS A dministr ator’s Guide 53-1002745-02 Admin Domain managem ent for physical fabric admini strators 17 FIGURE 5 7 AD0 and tw o user-def ined Admin Doma ins, AD1 and A D2 At the conc lusion of the pr ocedure, all de vices and zones are mov e d to AD0, and the user -defined Admin Domains are delet ed, as shown in Figure 58 . FIGURE 58 [...]
-
Page 453
Fabric OS Administrator ’s Guide 453 53-1002745-02 Admin Domain m anagement for physical fabric administrato rs 17 10:00:00:00:02:00:00:00; 10:00:00:00:03:00:00:00 Effective configuration: cfg: AD1_cfg zone: AD1_BlueZone 10:00:00:00:02:00:00:00 10:00:00:00:03:00:00:00 Zone CFG Info for AD_ID: 2 (AD Name: AD2, State: Active) : Defined configuratio[...]
-
Page 454
454 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 Validating an Admin Domain member list Y ou can validat e the device and switch member li st. Y ou can list non-existing or offline Admin Domain memb ers. Y ou can also identify mis configurations of t he Admin Domain. The Admin Domain validation pr ocess is [...]
-
Page 455
Fabric OS Administrator ’s Guide 455 53-1002745-02 SAN management with Adm in Domains 17 CLI commands in an AD context The CLI command input arguments are validat ed agains t the AD member list; they do not w ork with input argument s that specif y resour ces that are no t members of the current Admin Domain. All commands present filtered output,[...]
-
Page 456
456 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 Displaying an Admin Domain configuration Y ou can displa y the membership information and zo ne database info rmation of a specified Admin Domain. Notice the f ollowing differences in the inf ormation display ed based on the Admin Domain: • AD255: If y ou d[...]
-
Page 457
Fabric OS Administrator ’s Guide 457 53-1002745-02 SAN management with Adm in Domains 17 Y ou can not sw itc h to an othe r Admi n Do mai n conte x t from within the shell creat ed by ad -- select . Y ou must first exit the shell, and then issue the ad -- select command again. Example of sw itching to a different Admin Domain conte xt The f ollow[...]
-
Page 458
458 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 Admin Domains, zones, and zone databases Admin Domains introduce two types of zone database nomenclature and behavior: • Roo t z o n e d a ta b as e If you do no t use Admin Domains, there is only one zone database. This legacy zone database is known as the[...]
-
Page 459
Fabric OS Administrator ’s Guide 459 53-1002745-02 SAN management with Adm in Domains 17 The AD zone databas e also ha s the follo wing characteristics: - Each zone database has its own name spa ce. F or example, y ou can define a zone name of test_z1 in more than one Admin Domain. - There is no zone database link ed to the ph ys ical fabric (AD2[...]
-
Page 460
460 Fabric OS A dministr ator’s Guide 53-1002745-02 SAN management with Admin Domains 17 LSAN zone names in AD0 are ne ver con ver ted f or backward-compatibility reasons. The auto-con verted LSAN zone name s might collide with LSAN zone names in AD0 (in the exam ple, if AD0 contains lsan_for_linux_farm_AD005, this causes a name collision). Fabri[...]
-
Page 461
Fabric OS Administrator ’s Guide 461 53-1002745-02 Section II Licensed Features This section describes optionally licensed Broca de Fabric OS features and in cludes t he following chapters: • Chapter 18, “ Administ ering Licensing” • Chapter 19, “Int er -chassis Links” • Chapter 20, “Monit oring F abric P er forma nce” • Chapt[...]
-
Page 462
462 Fabric OS A dministr ator’s Guide 53-1002745-02[...]
-
Page 463
Fabric OS Administrator ’s Guide 463 53-1002745-02 Chapter 18 Administering Licensing In this chapter • Licensing ov er view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 • Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 • ICL licensing . . [...]
-
Page 464
464 Fabric OS A dministr ator’s Guide 53-1002745-02 Licensing overview 18 Ta b l e 6 9 lis ts the optionally licensed features that are a vailable in Fabric OS 7 . 1. TA B L E 6 9 Available Brocade licenses License Description 1 0 Gigabit FCIP/Fibre Channel (10G license) • Allows 1 0 Gbps operation of FC ports on the Brocade 65 10o r 6520 switc[...]
-
Page 465
Fabric OS Administrator ’s Guide 465 53-1002745-02 Licensing overview 18 Advanced FICON Acceleration • Allows use of specializ ed data management t echniques and au tom a ted i nte ll ig e nc e to a cc e le ra te FI C ON ta p e r e ad an d wr ite and IBM Global Mirror dat a replication operations o ver dist ance, while main taining the integrit[...]
-
Page 466
466 Fabric OS A dministr ator’s Guide 53-1002745-02 Licensing overview 18 Enterprise ICL Allows you to connect more than four chassis in a fabric using ICLs. Y ou can connect up to f our Brocade DCX 85 10 Backbones via ICLs without this license . If the number of int erconnect ed chassis using ICLs e xceeds f our , then all of the chassi s using [...]
-
Page 467
Fabric OS Administrator ’s Guide 467 53-1002745-02 Licensing overview 18 Ta b l e 7 0 lists licensed features, each f eature’s associ ated license name, and, if applicable, the location on the lo cal or any connecting swit ch on which the license must be installed. Integrated R outing • Allows an y por ts in Brocade 5 100, 5300, 65 10, 6520, [...]
-
Page 468
468 Fabric OS A dministr ator’s Guide 53-1002745-02 Licensing overview 18 FCIP High Performance Extensio n ov er FCIP/FC NOTE: Local an d attached switches. License is needed on both s ides of tunnel. FCIP T runking Adv anced Extension Local and attached switches. Fibre Channel Routin g/EX_Ports Integrat ed Routing Local switch. FICON No license [...]
-
Page 469
Fabric OS Administrator ’s Guide 469 53-1002745-02 Licensing overview 18 Logical switch No license required. N/A Long distance Extended Fabrics Local and attached switches. NO TE: License is needed on both sides of connection. NPIV No license require d. N/A OpenSSH public k ey No license requ ired. N/A Performan ce monitoring Advanced P er f orma[...]
-
Page 470
470 Fabric OS A dministr ator’s Guide 53-1002745-02 Brocade 7800 Upgrade license 18 Brocade 7800 Upgrade license The Bro cade 7800 has f our Fibre Channel (FC) por ts and two GbE ports active by default. The number of physical por ts active on the Br ocade 7800 is fix ed. There is one upgrade license to activate the rest of the FC and GbE por ts [...]
-
Page 471
Fabric OS Administrator ’s Guide 471 53-1002745-02 ICL licensing 18 ICL licensing Brocade ICL links operat e between the core blades of the DCX 85 10 Backbone f amily , or between th e c o r e b l a d e s o f t h e DC X a n d DC X - 4 S B a c k b on e s . T y p i c al l y, i f bo t h c or e b l a d es a r e in s t a l le d , t h en they are activ[...]
-
Page 472
472 Fabric OS A dministr ator’s Guide 53-1002745-02 ICL licens ing 18 ICL 8-link license The ICL 8-link license activates half of the ICL bandwidth f or ea ch ICL port on the Brocade DCX platform b y enabling only half of the ICL links available. This allows y ou to purchase half the bandwidth of th e Br ocade DCX ICL ports initially an d upgrade[...]
-
Page 473
Fabric OS Administrator ’s Guide 473 53-1002745-02 8G licensing 18 Example switchShow output if no En terprise ICL license is installed A message such as the following is displa yed if a required EICL license is not installed: 440 8 24 ------ id 16G Online FC E-Port segmented,10:00:00:05:33:0d:52:00 (No EICL License)(Trunk master) 441 8 25 ------[...]
-
Page 474
474 Fabric OS A dministr ator’s Guide 53-1002745-02 Slot-based licensing 18 Slot-based licensing Slot-based licensing is used on th e Brocade DCX and DCX 85 10 Backbone fa milies to support the FX8-2 4 blade, and on the Brocade DCX 85 1 0 Back bone family t o suppor t the 1 6 Gbps FC port blades (FC1 6-2 4 and FC1 6-48). License capacity is equal[...]
-
Page 475
Fabric OS Administrator ’s Guide 475 53-1002745-02 10G licen sing 18 Assigning a license to a slot Use the f ollowing pr ocedure to assign a licence t o a slot: 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions in the licens e class of RBA C commands. 2. Enter the licenseSlotCfg -add[...]
-
Page 476
476 Fabric OS A dministr ator’s Guide 53-1002745-02 10G licen sing 18 Af ter applying a 1 0 G license to the Brocade 65 10or 6520 chassis or t o a 16 Gbps FC blade, you must also configur e the por t octet ( por tCfgOctetSpeedCo mbo command) with the correct por t octet speed gro up and configure each port to operat e at 1 0 Gbps ( por tCfgSpeed [...]
-
Page 477
Fabric OS Administrator ’s Guide 477 53-1002745-02 10G licen sing 18 aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 10 Gigabit FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 Configured Blade Slots 1 8510-8switch:admin> licenseslotcfg -remove FTR_10G 1 8510-8switch:admin> licenseslotcfg -add FTR_10G 4 8510-8switch:admin> license[...]
-
Page 478
478 Fabric OS A dministr ator’s Guide 53-1002745-02 Temporary licenses 18 aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 10 Gigabit FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 Configured Blade Slots 1 8510-4switch:admin> licenseslotcfg -remove FTR_10G 1 8510-4switch:admin> licenseslotcfg -add FTR_10G 7 8510-4switch:admin> li[...]
-
Page 479
Fabric OS Administrator ’s Guide 479 53-1002745-02 Temporary licenses 18 • FICON Management Ser ver (CUP) license • Extended F abrics license • High Performance Extension ov er FCIP/FC licen se • Integrat ed Routing license • Ser ver Application Optimization license • ISL T runking license Restrictions on upgrading temporary slot-base[...]
-
Page 480
480 Fabric OS A dministr ator’s Guide 53-1002745-02 Temporary licenses 18 Expired licenses Once a temporary license has expired, you can view it through the li censeShow command. Ex pired licenses ha ve an output string of “License ha s e x pired”. RASlog warning messages are generated ev er y hour f or licenses present in the database whic h[...]
-
Page 481
Fabric OS Administrator ’s Guide 481 53-1002745-02 Viewing installed licenses 18 Viewing installed licenses Use the f ollowing pr ocedure to vie w all installed licenses: 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the licenseShow command. Activating a license The transaction k ey is case-sensitiv e ; it[...]
-
Page 482
482 Fabric OS A dministr ator’s Guide 53-1002745-02 Removing a licensed feature 18 Use the f ollowing pr ocedure to add a lic ensed f eature: 1. Connect to the switch and log in usin g an account with admin permissions. 2. Activate the license using the licenseA dd command. 3. Verify the lice nse was added by ent ering the licenseShow command. Th[...]
-
Page 483
Fabric OS Administrator ’s Guide 483 53-1002745-02 Ports on Demand 18 4. Enter the licenseShow command to v erify the license is disabled. switch:admin> licenseshow bQebzbRdScRfc0iK: Entry Fabric license Fabric Watch license SybbzQQ9edTzcc0X: Fabric license switch:admin> licenseremove "bQebzbRdScRfc0iK" removing license key "[...]
-
Page 484
484 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18 Ports on Demand is ready to be unlock ed in the swit ch firmware. Its licen se key ma y be par t of the licensed paperpack supplied with sw itch software, or y ou can purchase the license k ey separat ely from y our switch v endor . Y ou may need to gener a te a license k ey f[...]
-
Page 485
Fabric OS Administrator ’s Guide 485 53-1002745-02 Ports on Demand 18 First Ports on Demand license - additional 16 port upgrade license SdSSc9SyRSTeXTdn: Second Ports on Demand license - additional 16 port upgrade license SdSSc9SyRSTuXTd3: Full Ports on Demand license - additional 32 port upgrade license ATTENTION If you enable or disable an act[...]
-
Page 486
486 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18 For the embedded switch modules, the Dynamic PO D f eature detects and assigns ports to a POD license only if the ser ver blade is installed with an HBA present. A server blade that does not ha ve a functioning HBA is treated as an inactive link during initial POD por t assign[...]
-
Page 487
Fabric OS Administrator ’s Guide 487 53-1002745-02 Ports on Demand 18 switch:admin> licenseport --method dynamic The POD method has been changed to dynamic. Please reboot the switch now for this change to take effect. 3. Enter the reboot command t o restar t the switch. switch:admin> reboot 4. Enter the licensePor t -- show command to verif[...]
-
Page 488
488 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18 Ports assigned to the full POD license: 0, 9, 10, 11, 12, 13, 14, 15, 16, 21, 22, 23 Reserving a port license Y ou can allo cate licenses by reser ving an d releas ing POD assignments to specific ports. Disabled por ts are not candidates for aut omatic licens e assignment b y [...]
-
Page 489
Fabric OS Administrator ’s Guide 489 53-1002745-02 Ports on Demand 18 Af ter a port is assigned to the POD set, the por t is li censed until it is ma nually remov ed from the POD por t set. When a port is released from its POD port set (Base, Single, or Double), it creat es a vacancy in that port set. Use the f ollowing pr ocedure to release a po[...]
-
Page 490
490 Fabric OS A dministr ator’s Guide 53-1002745-02 Ports on Demand 18[...]
-
Page 491
Fabric OS Administrator ’s Guide 491 53-1002745-02 Chapter 19 Inter-chassis Links In this chapter • Inter -chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 1 • ICLs f or the Broc ade DCX 85 1 0 Backbone family . . . . . . . . . . . . . . . . . . . . 492 • ICLs f or the Brocad e DCX B[...]
-
Page 492
492 Fabric OS A dministr ator’s Guide 53-1002745-02 ICLs for the Brocade DCX 8510 Backbone family 19 NOTE Y ou cannot inter connect a Brocade DCX Backbone f amily chassis to a Br ocade DCX 85 10 Backbone fam il y ch as si s. Ref er to the specific hardw are reference manual s for a d d i t io n a l i n fo r m ation about LED status meanings and I[...]
-
Page 493
Fabric OS Administrator ’s Guide 493 53-1002745-02 ICLs for the Brocade DCX Backbone family 19 NOTE Brocade recommends that y o u ha ve a maximu m of eight ICLs connect ed to the same neighboring domain, with a maximum of four ICLs fr om each core blade. • The ICLs can connect t o either core blade in the neighboring chassis. Unlik e the copper[...]
-
Page 494
494 Fabric OS A dministr ator’s Guide 53-1002745-02 Virtual Fabrics considerations for ICLs 19 FIGURE 60 DCX-4S allowed ICL connections The follo wing ICL connections are not allow ed: • ICL0 por ts to ICL0 ports • ICL1 por ts to ICL1 ports ICL trunking on the Brocade DCX and DCX-4S ICL trunk s form automatically but add itional licen s es ma[...]
-
Page 495
Fabric OS Administrator ’s Guide 495 53-1002745-02 Supported topologies for ICL connections 19 Supported topologies for ICL connections Y ou can connect the Br ocade Backbones in a mesh topology and a core-edge t opology . A brief description of ea ch follows. (Y ou can also con nect two DCX 85 10s point-to-point.) The illustrations in this secti[...]
-
Page 496
496 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported topologies for ICL connections 19 FIGURE 62 Full nine-mesh topology During an ICL break in the triangular t opology , the chassis that has the connections of the other two is the main chassis. Any err or messages rela ting to a break in the t opology appear in the RASlog of the main ch[...]
-
Page 497
Fabric OS Administrator ’s Guide 497 53-1002745-02 Supported topologies for ICL connections 19 FIGURE 63 64 Gbps ICL core-edge topology[...]
-
Page 498
498 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported topologies for ICL connections 19[...]
-
Page 499
Fabric OS Administrator ’s Guide 499 53-1002745-02 Chapter 20 Monitoring Fabric Performance In this chapter • Advanced P er f ormance Monitoring ov erview . . . . . . . . . . . . . . . . . . . . . . . 499 • End-to-end per formance monit oring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 1 • F rame monitoring . . . . . . . [...]
-
Page 500
500 Fabric OS A dministr ator’s Guide 53-1002745-02 Advanced Performance Monitoring overview 20 Restrictions for installing monitors • Advanced P er formance Monitoring is no t suppor ted on VE_Ports and EX_Por ts. If you issue commands f or any A dvanced P er f ormance Monit oring on VE_Ports or EX_Por ts, you will rece ive error messages. •[...]
-
Page 501
Fabric OS Administrator ’s Guide 501 53-1002745-02 End-to-end performance monitoring 20 Access Gateway considerations for Advanced Performance Monitoring EE monitors and frame monit ors are suppor ted on switches in A ccess Gate way mode. T op T alker monitors are no t suppor t ed on these switches. EE monitors must be installed on F_Por ts. F ra[...]
-
Page 502
502 Fabric OS A dministr ator’s Guide 53-1002745-02 End-to-end performance monitoring 20 Virt ual F abrics consideration s: If Vir tual Fabrics is enabled, the Br ocade DCX, DCX-4 S, DCX 85 1 0 and 5300 models allo w up to 256 end-to- end moni tors on one logical switch. The Br ocade 5 100, 65 10, 6520, and V A-40 FC allow up to 34 1 en d-t o-end[...]
-
Page 503
Fabric OS Administrator ’s Guide 503 53-1002745-02 End-to-end performance monitoring 20 This monitor (Monitor 1) counts the frames that ha ve an SID of 0x0 11200 and a DID of 0x02 1e00. For Monit or 1, RX_COUNT is the number of wor ds from Host A to De v B, and TX_COUNT is the number of wo rds fr om Dev B t o Host A. Example of monit oring the tr[...]
-
Page 504
504 Fabric OS A dministr ator’s Guide 53-1002745-02 End-to-end performance monitoring 20 The per fSetPor tEEMask command sets a mask f or the domain ID, area ID, and AL_P A of the SIDs and DIDs f or frames transmitted from and received b y the por t. Figure 65 shows the mask positions in the command. A ma sk (“ff”) is set on slot 1, port 2 to[...]
-
Page 505
Fabric OS Administrator ’s Guide 505 53-1002745-02 Frame monitoring 20 perfmonitorshow --class monitor_class [ slotnumber /] portnumber [ interval ] Example of displaying an end-to-end monitor on a por t at 10-second intervals switch:admin> perfMonitorShow --class EE 4/5 10 Showing EE monitors 4/5 10: Tx/Rx are # of bytes 01234 --------- -----[...]
-
Page 506
506 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame monitorin g 20 NOTE The Advanced Pe r formance Monitoring license is req uired to use the fmM onitor command. The monitoring functionality also requires the F abric Watch license. When y ou configure actions and aler ts through the fmMonit or command, F abric Watch uses thes e v alues and [...]
-
Page 507
Fabric OS Administrator ’s Guide 507 53-1002745-02 Frame monitoring 20 The value of the o f fset must be bet ween 0 and 63, in decimal format. Byte 0 indicates the fi rst byte of the Star t of F rame (SOF), byt e 4 is the first byte of the frame header , and byt e 28 is the first byte of the pa yload. Thus, only the SOF , frame header , and first[...]
-
Page 508
508 Fabric OS A dministr ator’s Guide 53-1002745-02 Frame monitorin g 20 Adding frame monitors to a port If the switch does not ha ve enough resour ces to ad d a frame monitor t o a port, then other frame monitors on that port may ha ve to be delet ed to free resour ces. 1. Connect to the switch and log in us ing an account with admin permissions[...]
-
Page 509
Fabric OS Administrator ’s Guide 509 53-1002745-02 Frame monitoring 20 Example The f ollowing e xample displays the e xisting frame types and associated bit patt erns on the switch. switch:admin> fmmonitor --show FRAME_TYPE BIT PATTERN ---------------------------------------- scsi 12,0xFF,0x08; scsiread 12,0xFF,0x08;4,0xFF,0x06;40,0xFF,0x08,0x[...]
-
Page 510
510 Fabric OS A dministr ator’s Guide 53-1002745-02 Top Talker monitors 20 Top Talker monitors T op T alk er monitors det ermine the flows (SID and DID pairs) th at are the major users of bandwidth (after initial stabilization). T op T alker monito rs measure bandwidth usage data in rea l time and relative t o the por t on which the monitor is in[...]
-
Page 511
Fabric OS Administrator ’s Guide 511 53-1002745-02 Top Talker monitors 20 How do T op T alker monit ors dif fer fr om EE monitors? EE monitors pro vide counter statistics f or traf fic flowing be tween a giv e n SID and DID pair . T o p T alker monit ors identify all possible SID and DID flow combinations that are possible on a giv en por t and p[...]
-
Page 512
512 Fabric OS A dministr ator’s Guide 53-1002745-02 Top Talker monitors 20 FIGURE 66 Fabric mode Top T alker monit or s on FC r outer do not monitor any f low s FIGURE 67 Fabric mode Top T alker monito rs on FC ro uter monitor flow s over the E_Por t Limitations of Top Talker monitors Be aw are of the follo wing when using T o p T alk er monitors[...]
-
Page 513
Fabric OS Administrator ’s Guide 513 53-1002745-02 Top Talker monitors 20 Adding a Top Talker monito r to a port (port mode) 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the per fTTmon -- add command. perfttmon --add [egress | ingress] [ slotnumber /] port The follo wing example monit ors the incoming tra[...]
-
Page 514
514 Fabric OS A dministr ator’s Guide 53-1002745-02 Top Talker monitors 20 The output is sorted based on the data rate of each flo w . If you do not specify the number of flows t o display , then the command displa ys the top 8 flows or the total number of flo ws, whichev er is less. The f ollowing exam ple displays the t op 5 fl ows on por t 7 i[...]
-
Page 515
Fabric OS Administrator ’s Guide 515 53-1002745-02 Trunk monitoring 20 Deleting all fabric mode Top Talker monitors 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter the per fTTmon -- delete f abricmode command. perfttmon --delete fabricmode All T op T alk er monito rs are deleted. Trunk monitoring T o monitor[...]
-
Page 516
516 Fabric OS A dministr ator’s Guide 53-1002745-02 Performance data collection 20 1. Connect to the switch and log in us ing an account with admin permissions. 2. Enter one of the f ollowing commands, depen ding on the action you w ant to perform: • T o sa ve the current EE monit or and frame monitor configuration settings into nonv ola tile m[...]
-
Page 517
Fabric OS Administrator ’s Guide 517 53-1002745-02 Chapter 21 Optimizing Fabric Behavior In this chapter • Adaptiv e Networking ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1 7 • Ingress Rate Limiting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 18 • QoS: SID/DI[...]
-
Page 518
518 Fabric OS A dministr ator’s Guide 53-1002745-02 Ingress Rate Limiting 21 • Ingress Rate Limiting Ingress Rate Limiting restricts the speed of traf fi c from a particular device to the switch por t. Ingress Rate Limiting req uires an Adap tiv e Netw orking license. Se e “Ingress Rate Limiting” on page 5 18 f or more inf ormation about th[...]
-
Page 519
Fabric OS Administrator ’s Guide 519 53-1002745-02 QoS: SID/DID traffic prioritization 21 Virtual Fabrics considerations If Vir tual Fabrics is enabled, the rate limit configuration o n a por t is on a per -logical switc h basis. That is, if a por t is configured to ha ve a cer tain rate limit value, and the por t is then mov ed to a different lo[...]
-
Page 520
520 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS: SID/DID traffic prioritization 21 Ta b l e 76 sho ws a basic comparison between CS-CTL -based and QoS zone- based prioritization. See “CS_CTL -based frame prioritizati on” on page 52 1 and “QoS zone-based traf fic prioritization” on page 523 f or detailed information about each type[...]
-
Page 521
Fabric OS Administrator ’s Guide 521 53-1002745-02 CS_CTL-based frame prioritization 21 CS_CTL-based frame prioritization CS_CTL -based frame prioritization al lows you t o prioritize the frames betw een a host and target as having high, medium, or low priority , depending on the v alue of the CS_CTL field in the FC frame header . The CS_CTL fiel[...]
-
Page 522
522 Fabric OS A dministr ator’s Guide 53-1002745-02 CS_CTL-based frame prioritization 21 NOTE If a switch is running a firm ware version earl ier than Fabric OS v6.0.0, the outgoing frames from that switch lose their priority . High-availability considerations for CS_CTL-based frame prioritization If the standby CP is running a Fabric OS v er sio[...]
-
Page 523
Fabric OS Administrator ’s Guide 523 53-1002745-02 QoS zone-based traffic prioritization 21 Set CSCTL QoS Mode to 1 to enable aut o mode, establ ishing the set tings sho wn in Ta b l e 7 8 on page 52 1. Set CSCTL QoS Mode to 0 to disable aut o mode and rev er t t o default settings, sho wn in Ta b l e 7 7 on page 52 1. NOTE As noted pre viously ,[...]
-
Page 524
524 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zone-based traffic prioritization 21 T o preserve existing trunk groups, bef ore you in stall the Adaptive Networking license, manually disable QoS on these po r ts, as described in “Manually disabling QoS on trunk ed por ts” on page 52 4. Manually disabling QoS on trunked ports NOTE QoS[...]
-
Page 525
Fabric OS Administrator ’s Guide 525 53-1002745-02 QoS zones 21 switch:admin> portcfgshow (output truncated) Ports of Slot 0 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 -----------------+---+---+---+---+-----+---+---+---+-----+---+---+---+-----+---+---+--- Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN Fill Word 0000 0000 0000 0000 [...]
-
Page 526
526 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zones 21 The switch automatically sets the priority for the “host,target” pairs specified in the zones according to the priority lev el (H or L) in the zone name. The flow id allows y ou to hav e contro l ov er the V C as signm ent and contr ol ov er balancing the flows throughout the fa[...]
-
Page 527
Fabric OS Administrator ’s Guide 527 53-1002745-02 QoS zones 21 NOTE By default, QoS is enabled on 8-Gbps ports, except for long-distance 8-Gbps ports. QoS is disabled by default on all 4-Gbps por ts and long-dis tance 8-Gbps por ts. FIGURE 69 QoS with E_Por ts enabled Y ou need to enable QoS on the E_Ports on both ISLs betw een domain 3 and doma[...]
-
Page 528
528 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zones 21 The following are requirements fo r establishing QoS o ver FCRs: • QoS ov er FC routers is supported in Br ocad e nativ e mode only . It is not supported in inter opmode 2 or int eropmode 3. • QoS ov er FC routers is suppor ted for t h e fo l lo w i ng c o n f i g u r a ti o n s[...]
-
Page 529
Fabric OS Administrator ’s Guide 529 53-1002745-02 QoS zones 21 FIGURE 70 Traff ic prioritization in a logical fabric Supported configurations for QoS zone-based traffic prioritization The follo wing configuration rules apply to QoS zone-based traffic prioritization: • All switches in the fabric must be running Fabric OS v6.0.0 or later . ATT E[...]
-
Page 530
530 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting QoS zone-based traffic prioritization 21 • T raffic prioritization is enfor ced on the eg ress ports only, not on the ingress ports. • T raff ic prioritization is not suppor t ed on 10-Gbps ISLs. • T raff ic prioritization is n ot suppor ted on mirrored ports. • T raff ic priorit[...]
-
Page 531
Fabric OS Administrator ’s Guide 531 53-1002745-02 Setting QoS zone-based traffic prioritization 21 The por tCfgQos command does not affect QoS prioritization . I t only enables or disables the link to pass QoS priority traffic. NOTE QoS is enabled b y default on all ports (e x cept long-distance po r ts). If yo u use the por tCfgQos command to e[...]
-
Page 532
532 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting QoS zone-based traffic pr ioritization over FC routers 21 Setting QoS zone-based traffic prioritization over FC routers 1. Connect to the switch in the edg e fabric and log in using an account with admin permissions. 2. Create QoS zones in the edge f abric. The QoS zones must hav e WWN m[...]
-
Page 533
Fabric OS Administrator ’s Guide 533 53-1002745-02 Chapter 22 Managing Trunking Connections In this chapter • T runking o ver view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 • Suppor ted configurations f or trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535 • Suppor ted [...]
-
Page 534
534 Fabric OS A dministr ator’s Guide 53-1002745-02 Trunking overview 22 Types of trunking T runking can be betw een two switches, between a switch and an Access Gat ew ay module, or between a switch and a Brocade adapt er . The types of trunking are as fo llows: • ISL trunking , or E_Port trunking, is configured on an int e r -switch link (ISL[...]
-
Page 535
Fabric OS Administrator ’s Guide 535 53-1002745-02 Supported configurations for trunking 22 License requirements for trunking A l l t y p e s o f t r u n k i n g r e q u i r e t h e Tru n k i n g l i c e n s e . T h i s l i c e ns e m u s t b e i n s ta l l e d o n e a c h s w it c h t h a t par ticipates in trunking. ATTENTION Af ter yo u add th[...]
-
Page 536
536 Fabric OS A dministr ator’s Guide 53-1002745-02 Supported platforms for trunking 22 T runks operat e best when the cable length of each trunk ed link is r oughly equal t o the length of the others in the trunk. For optimal performance, no more than 30 meters dif ference is rec ommended. T runks are compatible with both shor t-wav elength (SWL[...]
-
Page 537
Fabric OS Administrator ’s Guide 537 53-1002745-02 Recommendations for trunk groups 22 Recommendations for trunk groups T o identify the most useful tr unk gr oups, consider the f ollowin g recommendations along with the standard guidelines f or SAN design: • Evaluate the traffic patterns within the fabric. • Place trunking-capable switch es [...]
-
Page 538
538 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring trunk groups 22 Configuring trunk groups Af ter y ou install the T runking license, you must re -initialize the por ts that are to be used in trunk groups so that the y recognize that trunking is en abled. This pr ocedure needs to be performed only once, and is required f or all type[...]
-
Page 539
Fabric OS Administrator ’s Guide 539 53-1002745-02 Displaying trunking information 22 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the p ort Cf g T r un k P ort command to disable trunking on a por t. Enter the switchCfgT runk command t o disable trunking on all por ts on the switch. Mode 1 enables an[...]
-
Page 540
540 Fabric OS A dministr ator’s Guide 53-1002745-02 Trunk Area and Admin Dom ains 22 Rx: Bandwidth 16.00Gbps, Throughput 1.67Gbps (12.12%) Tx+Rx: Bandwidth 32.00Gbps, Throughput 3.33Gbps (12.12%) 3: 10-> 10 10:00:00:05:1e:81:56:8b 1 deskew 15 MASTER 11-> 11 10:00:00:05:1e:81:56:8b 1 deskew 15 Tx: Bandwidth 4.00Gbps, Throughput 1.66Gbps (48.[...]
-
Page 541
Fabric OS Administrator ’s Guide 541 53-1002745-02 EX_Port trunking 22 For additional inf ormation on configuring long dis tance, see “Configuring an e xtended ISL ” on page 553. Ta b l e 7 9 sum marizes suppor t for T runking o ver long -distance f or the Backbones and suppor ted blades. NOTE The L0 mode supports up to 5 km at 2 Gbps, up to [...]
-
Page 542
542 Fabric OS A dministr ator’s Guide 53-1002745-02 EX_Port trunking 22 Masterless EX_Port trunking EX_Por t trunking is masterless ex cept for EX_Ports on Backbones . For the Backbones, Vir tual Fabrics must be enabled f or masterless EX_Port trunkin g to tak e ef fect. For the fix ed-port switches, Vir tual Fabrics can be e nabled or disabled. [...]
-
Page 543
Fabric OS Administrator ’s Guide 543 53-1002745-02 F_Port trunking 22 The following is an e xample of a master EX_Port and a slave EX _Port display ed in swi tchShow . switch:admin> switchshow Index Slot Port Address Media Speed State ============================================== 16 2 0 ee1000 id N4 No_Light 17 2 1 ee1100 id N4 Online EX_Port[...]
-
Page 544
544 Fabric OS A dministr ator’s Guide 53-1002745-02 F_Port trunking 22 FIGURE 72 Switc h in Access Gateway mode wi thout F_Por t mas terless trunking FIGURE 73 Switc h in Access Gateway mode with F_Port masterless trunking NOTE Y ou do not need t o map the host t o the maste r por t manually , because the Access Gat eway will per form a cold fail[...]
-
Page 545
Fabric OS Administrator ’s Guide 545 53-1002745-02 F_Port trunking 22 Use the f ollowing pr ocedure on the edge switch connected t o the Access Gate wa y module to configure F_Por t trunking. 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the por tCfgShow com m an d to e ns u re t ha t th e po r ts h av[...]
-
Page 546
546 Fabric OS A dministr ator’s Guide 53-1002745-02 F_Port trunking 22 c. Ena ble the trunk on the por ts by using the por tT runkArea command. switch:admin> porttrunkarea --enable 3/40-41 -index 296 Trunk index 296 enabled for ports 3/40 and 3/41. 2. On the host side, enable trunking as described in the Brocade Adapte rs Administrat or’s Gu[...]
-
Page 547
Fabric OS Administrator ’s Guide 547 53-1002745-02 F_Port trunking 22 DCC Policy DCC policy enfor cement fo r the F_Port trunk is based on the T runk Area; the FDISC re quests to a t r u n k p o r t a r e a c c e p t e d o n l y i f th e W W N o f t h e a t t a c h e d d ev i c e i s p a r t o f th e DC C p o l i c y against the T A. The PWWN of [...]
-
Page 548
548 Fabric OS A dministr ator’s Guide 53-1002745-02 F_Port trunking 22 Ta b l e 81 describes the PWWN f ormat for F_P or t and N_P or t trunk ports. F_Port trunking in Virtual Fabrics F_Por t trunking functionality per forms the same in Vir tual Fabrics as it does in non-Vir tual Fabric platf orms ex cept for the Broc ade DCX and DCX 85 1 0 -8. F[...]
-
Page 549
Fabric OS Administrator ’s Guide 549 53-1002745-02 Displaying F_Port tr unking informatio n 22 • If F_Port trunking is enabled on some por ts in the de fault switch, and y ou disable Vir tual Fabrics, all of the F_Por t trunki ng information is lost. • All of the ports in an F_Por t trunk must belong t o a single trunk gr oup of por ts on the[...]
-
Page 550
550 Fabric OS A dministr ator’s Guide 53-1002745-02 Enabling the DCC policy on a trunk area 22 switch:admin> portdisable 0-2 switch:admin> porttrunkarea --disable 0-2 Trunk index 2 disabled for ports 0, 1, and 2. Enabling the DCC policy on a trunk area Af ter y ou assign a trunk area, the portT runkA rea command checks whether there are an [...]
-
Page 551
Fabric OS Administrator ’s Guide 551 53-1002745-02 Chapter 23 Managing Long-Distance Fabrics In this chapter • Long-distance fabrics o ver view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 1 • Extended Fabrics de vice limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552 • Long -distance lin[...]
-
Page 552
552 Fabric OS A dministr ator’s Guide 53-1002745-02 Extended Fabrics device limitations 23 • Optimized switch buf fering When Extended F abrics is installed on gatew ay switches (with E_Port connectivity from one switch to ano ther), the ISLs (E_Ports) are config ured with a large pool of buffer c redits. The enhanced switch buffers help ensure[...]
-
Page 553
Fabric OS Administrator ’s Guide 553 53-1002745-02 Configuring an extended ISL 23 • Dynamic Mode ( LD ) — LD calculat es buf fer credits bas ed on the distance measured during por t initialization. Brocade switch es use a pr oprietary algorithm to estimat e distance across an ISL. The estimat ed distance is used to det ermine the buf f er cre[...]
-
Page 554
554 Fabric OS A dministr ator’s Guide 53-1002745-02 Configuring an extended ISL 23 portcfglongdistance [ slot /] port [ distance_level ] [ vc_translation_link_init ] [ -distance desired_distance ] 6. Repeat step 4 and step 5 for the r emote ext ended ISL por t. Both the local and remo te ext ended ISL por ts must be configured to the same distanc[...]
-
Page 555
Fabric OS Administrator ’s Guide 555 53-1002745-02 Buffer credit management 23 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Disable QoS. switch:admin> portcfgqos --disable [slot/]port If you do no t disable QoS, after the second or third Link Reset (LR), ARB fill wor d s display . 3. Disable buf fer cr e[...]
-
Page 556
556 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 B uff e r -t o- bu ff er f lo w co nt r ol i s fl ow co ntr o l be tw een adjacent por ts in the I/O path, fo r example, transmission control ov er individua l network links. A separat e, independent pool of credits is used to manage buffer -to-buf fer flo w control.[...]
-
Page 557
Fabric OS Administrator ’s Guide 557 53-1002745-02 Buffer credit management 23 Smaller frame sizes need more buf f er credits. T w o commands are a vailable t o help you det ermine whether you need to allocate more buf fer credits to handle the av erage frame size . The por tBuf ferSho w command calculates the av erage frames size. The portBuf fe[...]
-
Page 558
558 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 Allocating buffer credit s based on full-sized frames Y ou can allo cate buffer credits based on distance using the portCfgLongDistance command. The long-distance link modes allow yo u t o select the dynamic mode (LD) or the static mode (LS) t o calculate the buffer [...]
-
Page 559
Fabric OS Administrator ’s Guide 559 53-1002745-02 Buffer credit management 23 • If QoS is not enabled: (Reserved Buffer for Dis tance Y) = (X * LinkSpeed / 2 ) + 6 where X = the distance det ermined in step 1 (in km). LinkSpeed = the speed of the link determined in st ep 2. 6 = the number of buffer credits reserved f o r fabric ser vices, mult[...]
-
Page 560
560 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 • 8 — the number of reserved buf f er credits already allocat ed to that por t. The floor of the resul ting number is ta k en because frac tions of a por t are not allowed. If you ha ve a distance of 50 km at 1 Gbps, then 484 / ( 3 1 – 8) = 2 1 por ts Allocatin[...]
-
Page 561
Fabric OS Administrator ’s Guide 561 53-1002745-02 Buffer credit management 23 Configuring buffers for a single port directly T o configure the number of buffers directly , use the -buff ers option of the port CfgLongDistance command. Fabric OS uses this value to calculat e the to tal number of buffers accor ding to the fo ll o wi n g fo r m u l [...]
-
Page 562
562 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 T o det ermine the number of buf fers req uired, per f orm the fo llowing st eps: 1. Connect to the switch and log in using an account assigned to the admin r ole. 2. Enter the por tBufferCalc command and pr o vide values f or the distance, por t speed, and frame siz[...]
-
Page 563
Fabric OS Administrator ’s Guide 563 53-1002745-02 Buffer credit management 23 switch:admin> por tbuffershow 1 7 User Port Lx Max/Resv Avg Buffer Usage & FrameSize Buffer Needed Link Remaining Port Type Mode Buffers Tx Rx Usage Buffers Distance Buffers ---- ---- ---- ------- ---------------------------- ------ ------- --------- ---------- [...]
-
Page 564
564 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit mana gement 23 For the FC8- x por t blades, the fi rst number in the Unreserved buffer credits c olumn designates the number of unreserved buffers per port group with out buffer o ptimized mode; the second number designate s the unreserved buffers with buffer optimized mode enabled[...]
-
Page 565
Fabric OS Administrator ’s Guide 565 53-1002745-02 Buffer credit management 23 NOTE The distances in this table assume that QoS is enabl ed. If QoS is di sabled the ma ximum suppor t ed distances are higher , because QoS req uires an a dditional 20 buffer credits per activ e por t. T o get an es timated maximum eq ually distribut ed distance for [...]
-
Page 566
566 Fabric OS A dministr ator’s Guide 53-1002745-02 Buffer credit recovery 23 Buffer credit recovery Buffer credit recov er y (CR) allows links t o recover after buf fe r credits are lost when the buffer credit recov er y logic is enabled. The buffer credit reco ve r y feature also maintains performance. If a credit is lost, a recov er attempt is[...]
-
Page 567
Fabric OS Administrator ’s Guide 567 53-1002745-02 Buffer credit recovery 23 For an F_P or t on a Br ocade switch or Access Ga t ewa y connected t o an adapte r , the follo wing conditions must be met : • The Bro cade switch or Access Gat ewa y must run F abric OS v7 .1 or later . • Fabric OS must suppor t buf fer credit reco ver y at both en[...]
-
Page 568
568 Fabric OS A dministr ator’s Guide 53-1002745-02 Forward error correction on long-dis tance links 23 The f ollowing e xample enables buf f er credit reco very on por t 1/20. switch:admin> portcfgcreditrecovery 1/20 -enable Forward error correction on long-distance links Forward err or correction (FEC) on user por ts is suppor ted f or LD an[...]
-
Page 569
Fabric OS Administrator ’s Guide 569 53-1002745-02 Chapter 24 Using FC-FC Routing to Connect Fabrics In this chapter • FC-FC routing ov erview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569 • Fibre Channel r outing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 • Sett[...]
-
Page 570
570 Fabric OS A dministr ator’s Guide 53-1002745-02 FC-FC routing overview 24 A Fibre Channel router (FC r outer) is a switch running the FC-FC r outing ser vice. The FC-FC routing service can be simultaneously used as an FC rout er and as a SAN ext ension ov er wide area networks (WANs) using FCIP . Y ou can set up QoS traffic prioritization ov [...]
-
Page 571
Fabric OS Administrator ’s Guide 571 53-1002745-02 FC-FC routi ng overview 24 • The Backbones hav e a limit of 128 EX_Por ts for each chassis. Refe r to th e Network OS A dministrat o r’s Guide f or suppor ted Network OS platfo rms. Supported configurations for FC-FC routing FC-FC r outing supports the foll owing co nfigurations: • FC rout [...]
-
Page 572
572 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 Fibre Channel routing concepts Fibre Channel routing intr oduces the following concepts: • Fi br e C ha n ne l rou te r (F C rou te r) A switch running the FC-FC routing ser vice. Refer t o “Suppor ted platf orms fo r F C - F C ro u t i ng ” on page 5 70 [...]
-
Page 573
Fabric OS Administrator ’s Guide 573 53-1002745-02 Fibre Channel routing concepts 24 • Logical SANs (LSANs) An LSAN is defined b y zones in two or more edg e or backbone fabrics that contain the same devic es. Y ou can creat e LSANs that span fabric s. These LSANs enable Fibre Channel zones t o cross ph ysical SAN boundaries without merging the[...]
-
Page 574
574 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 • Fabric ID (FID) Every EX_Port and VEX_Por t uses the fabric ID (FI D) to identify the f abric at the opposite end o f the inter -fabric link. The FID f or ev er y edge fabric must be unique fr om the perspective of eac h backbone fabric. - If multiple EX_P [...]
-
Page 575
Fabric OS Administrator ’s Guide 575 53-1002745-02 Fibre Channel routing concepts 24 FIGURE 7 6 Edge SANs connected thr ough a backbone fabric • Phantom domains A phantom domain is a domain emulated by the Fibre Channel rout er . The FC r outer can emulate tw o types of phantom domains: front phant om domains and translate phant o m domains. Fo[...]
-
Page 576
576 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 FIGURE 77 Met aSAN with impor ted devices FC-FC routing topologies The FC-FC routing service provides two types of r outing: • Edge-to- edge Occurs when de vices in one edge fabric comm unic ate with de vices in another edge fabric th ro ug h on e o r mo r e [...]
-
Page 577
Fabric OS Administrator ’s Guide 577 53-1002745-02 Fibre Channel routing concepts 24 Phantom domains A phantom domain is a domain creat ed by the Fibre Channel r outer . The FC rout er creates two types of phantom domains: fr ont phantom domains and translat e phantom domains. A front phant om domain , or front domain , is a domain that is pr oje[...]
-
Page 578
578 Fabric OS A dministr ator’s Guide 53-1002745-02 Fibre Channel ro uting concepts 24 FIGURE 79 EX_Por t phantom switch topology All EX_P or ts or VEX_Ports connected t o an edge f abric use the same xlat e domain ID f or an impor ted edge f abric; this value persists acro ss switch reboots and fabric reconfigurations. If you lose connectivity t[...]
-
Page 579
Fabric OS Administrator ’s Guide 579 53-1002745-02 Setting up FC-FC routing 24 Identifying and deleting stale xlate domains If a remot e edge fabric goes unreachable, the xlat e domains created in other edge fabrics f or this remote edge f abric are retained and not remov ed unle ss th ere is any disruption in the local edg e fab ric . Y ou can u[...]
-
Page 580
580 Fabric OS A dministr ator’s Guide 53-1002745-02 Setting up FC-FC routing 24 4. Configure IFLs for edge and backbo ne fabric connection. (R ef er to “Inter-fabric link configuration” on page 583.) 5. Modify por t cost for EX_P or ts, if you want t o change fr om the def ault settings. (Re fer t o “FC rout er por t cost configuration” o[...]
-
Page 581
Fabric OS Administrator ’s Guide 581 53-1002745-02 Backbone fabric IDs 24 RyeSzRScycazfT0G: Integrated Routing license If you are connecting t o a Fabric OS or M-EOS fa bric and the Int egrated R outing license is not installed, you must inst all it, as described in Chapter 18, “ Administering Licensing” . The Integrat ed Routing license is n[...]
-
Page 582
582 Fabric OS A dministr ator’s Guide 53-1002745-02 FCIP tunnel configuration 24 ATTENTION In a mult i-switch b ackbone fabric , modification of the FID within the backbone f abric will cause disruption to local traffic. Assigning backbone fabric IDs 1. Log in to the switch or Backbone. 2. Enter the switchDisable command if EX_Por ts are online. [...]
-
Page 583
Fabric OS Administrator ’s Guide 583 53-1002745-02 Inter-fabric link configuration 24 Refe r to th e Fibre Cha nnel over IP A dministrator’s Guide f or ins tructions on how to configure FCIP tunnels. Inter-fabric link configuration Before configuring an inter -fabric link (IFL), b e aw a re that you cannot conf igure both IFLs (EX_Por ts, VEX_P[...]
-
Page 584
584 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-fabric l ink configuration 24 Hash Algorithm: N/A Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A This por t can no w connect to ano ther switch. The following e x ample configures an E X_Port fo r connecting to a Brocade Network OS fabric. The -m 5 option indicat[...]
-
Page 585
Fabric OS Administrator ’s Guide 585 53-1002745-02 Inter-fabric link configuration 24 8. Af t e r identifying such por ts, ent er the por tCfgPersistentEnable command t o enable the port, and then the portCfgSho w command t o verify the port is enabled. switch:admin> portcfgpersistentenable 7/10 switch:admin> portcfgshow 7/10 Area Number: 7[...]
-
Page 586
586 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-fabric l ink configuration 24 Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A portDisableReason: None portCFlags: 0x1 portFlags: 0x1 PRESENT U_PORT EX_PORT portType: 10.0 portState: 2 Offline portPhys: 2 No_Module portScn: 0 port generation number: 0 portId: 014a0[...]
-
Page 587
Fabric OS Administrator ’s Guide 587 53-1002745-02 FC router port cost configuration 24 ------------------------------------------------------------------------ 4 95 10:00:00:05:1e:37:00:45 10.32.156.31 "5300" FCR WWN: 10:00:00:05:1e:12:e0:00, Dom ID: 100, Info: 10.32.156.50, "fcr_Brocade 5300" EX_Port FID Neighbor Switch Info[...]
-
Page 588
588 Fabric OS A dministr ator’s Guide 53-1002745-02 FC router port cost configuration 24 Port cost considerations The rout er por t cost has the following considerations: • Rout er port sets are defined as follo ws: - 0–7 and FCIP T unnel 1 6–23 - 8–15 and FCIP T unnel 2 4–3 1 • The rout er por t cost does not help distinguish one IFL[...]
-
Page 589
Fabric OS Administrator ’s Guide 589 53-1002745-02 EX_Port frame trunking configuration 24 ------------------------ 7/3 1000 7/4 1000 7/9 1000 7/10 1000 7/13 1000 10/0 1000 Yo u c a n a l s o u s e t h e fcrRouteShow command t o display the rout er port cost. To display the router port cost for a single EX_Port, enter the fcrRout erPor tCost comm[...]
-
Page 590
590 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 For inf orm ation about setting up E_Por t trun king on an edge fabric, refer t o Chapt er 22, “Managing Tr u n k i n g C o n n e c t i o n s ” . LSAN zone configuration An LS A N c o ns is t s o f z o ne s i n t wo or m or e ed ge o r backbone fabrics that contain[...]
-
Page 591
Fabric OS Administrator ’s Guide 591 53-1002745-02 LSAN zone configuration 24 NOTE The "LSAN_" prefix must appear at the beginn ing of the zone name. LSAN zo nes ma y not be combined with QoS zones. R ef er to “QoS zones” on page 525 for more inf ormation about the naming conv ention for QoS zones. T o enable device sharing across m[...]
-
Page 592
592 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 3. Enter the zoneCreat e command t o create the L SAN lsan_zone _fabric75 , which includes the host. switch:admin> zonecreate "lsan_zone_fabric75", "10:00:00:00:c9:2b:c9:0c" 4. Enter the zoneAdd com ma nd to add T arg et A to t he LS AN . FID75Do[...]
-
Page 593
Fabric OS Administrator ’s Guide 593 53-1002745-02 LSAN zone configuration 24 This action will replace the old zoning configuration with the current configuration selected. Do you want to enable 'zone_cfg' configuration (yes, y, no, n): [no] y zone config "zone_cfg" is in effect Updating flash ... 11 . Log in as an admin and c[...]
-
Page 594
594 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 Setting the maximum LSAN count Y ou can se t the maximu m number of LS AN zones, or LSAN count, that can be configure d on the edge fabrics. By default, the maximum LSAN coun t is set t o 3000. Y ou can inc rease the maximum LSAN count t o 5000 without disabli ng the s[...]
-
Page 595
Fabric OS Administrator ’s Guide 595 53-1002745-02 LSAN zone configuration 24 Y ou can specify two types of tags: • Enfor ce tag – Specifies which LSANs are to be enf orced in an FC rout er . • Speed tag – Specifies whic h LSANs are to be imported or exported f aster than o ther LSANs. The LSAN tags are persist ently saved and suppor t co[...]
-
Page 596
596 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 lsan_f2_f1 (H1, D1) lsan_f2_f3 (H1, D2) The LSAN in the host f abric does not need the tag. 3. In Edge fabric 1, configure the following LSAN: lsan_super_f1_ f2 (H1, D1) 4. In Edge fabric 3, configure the follo wing LSAN: lsan_super_f3_ f2 (H1, D2) 5. T oggle either th[...]
-
Page 597
Fabric OS Administrator ’s Guide 597 53-1002745-02 LSAN zone configuration 24 • The tag is from 1 thr o ugh 8 alphanumeric characters. • Y ou can configure only one Speed ta g on an FC rout er , and up to eight Enf orce tags on an FC rout er . The maximum number of tags (Enf orce and Speed) on an FC r outer is eight. • Up t o 500 Speed LSAN[...]
-
Page 598
598 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 1. Log in to the FC r outer as admin. 2. Enter the fcrlsan -- remov e command to remo ve an e xisting LSAN tag . If you remo ve an Enfor ce LSAN tag, y ou must disable the switch first. Example of removing an Enf orce LSAN tag sw0:admin> switchdisable sw0:admin> [...]
-
Page 599
Fabric OS Administrator ’s Guide 599 53-1002745-02 LSAN zone configuration 24 W i t h LS AN zo n e b i n d i n g , ea ch F C ro u te r i n t h e ba c k b o n e fa b r i c s to r e s o n l y t h e L SA N z o n e en t r i e s of the remot e edge fabrics that can access its local edge fabrics. The LSAN zone limit suppor ted in the backbone fabric is[...]
-
Page 600
600 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 LSAN zone binding considerations • Without LSAN zone binding, the maximu m number of LSAN devi ces is 1 0,000. • With LSAN zone binding, the metaSAN can impor t more than 1 0,000 devices and the backbone fabric can suppor t more FC r outers. • With LSAN zone bind[...]
-
Page 601
Fabric OS Administrator ’s Guide 601 53-1002745-02 LSAN zone configuration 24 FC router matrix definition Depending on the structure of the backbone fabric , y ou can specify pairs of FC routers that can access each other . F or the metaSAN shown in Figure 8 1 , the follo wing FC r outers can access each othe r: • FC rout er 1 and FC rout er 2 [...]
-
Page 602
602 Fabric OS A dministr ator’s Guide 53-1002745-02 LSAN zone configuration 24 Setting up LSAN zone binding 1. Log in to the FC r outer as admin. 2. Enter the following command to add a pair of FC r outers that can access each other: FCR:Admin> fcrlsanmatrix --add -fcr wwn1 wwn2 The variables wwn 1 and wwn2 are the WWNs of the FC r outers. 3. [...]
-
Page 603
Fabric OS Administrator ’s Guide 603 53-1002745-02 Proxy PID configuration 24 Proxy PID configuration When an FC router is first configured, the PIDs f or the proxy de vices are automatically assigned. Pro xy PIDs (as well as phantom domain IDs) persist acr oss reboots. The most comm on situatio n in which y ou would set a pr oxy PID is when y o [...]
-
Page 604
604 Fabric OS A dministr ator’s Guide 53-1002745-02 Inter-fabric broadcast frames 24 Inter-fabric broadcast frames The FC rout er can receive and f o rward br oadcas t frames between edge fabrics and betw een the b a c k b o n e f a b r i c a n d e d g e f a b r i c s . M any t a r g et d ev ic e s a n d H B As c a n n o t h a n d l e b roa dc a [...]
-
Page 605
Fabric OS Administrator ’s Guide 605 53-1002745-02 Resource monitoring 24 Y ou can monitor FC r outer resour ces using the fcrR esourceSho w command. The fcrR esourceShow command shows FCR resource limits and usage and includes the f ollowing: • LSAN zones and LSAN devices — The inf ormat ion shows the maximum versus the currently used zones [...]
-
Page 606
606 Fabric OS A dministr ator’s Guide 53-1002745-02 FC-FC routing and Virtual Fabrics 24 20 | 8 34 21 | 8 34 22 | 8 34 23 | 8 34 FC-FC routing and Virtual Fabrics If Virtual Fabrics is not enabled, FC-FC r outing beha vior is unchanged. I f Vir tual Fabrics is enabled, then in the FC-FC routing conte xt, a ba se switch is like a backbone switch a[...]
-
Page 607
Fabric OS Administrator ’s Guide 607 53-1002745-02 FC-FC routing and Virtual Fabrics 24 • Although the Br ocade 65 1 0 and 6520 suppor ts up to f our logical switches, if you are using FC-FC r outing, they can ha ve a maximum of three logical switches. Logical switch configur ation for FC routing Figure 82 shows an example of two chassis partit[...]
-
Page 608
608 Fabric OS A dministr ator’s Guide 53-1002745-02 FC-FC routing and Virtual Fabrics 24 FIGURE 83 Logical representation of EX_Por ts in a base switch Backbone-to-edge routing with Virtual Fabrics Backbone-to-ed ge routing is n ot suppor ted in th e ba se switch, unless you use a legacy FC rout er . A legacy FC router is an FC r outer configured[...]
-
Page 609
Fabric OS Administrator ’s Guide 609 53-1002745-02 Upgrade and downgrade co nsi derations for FC-FC routing 24 FIGURE 84 Backbone-to-edge r outing across base sw itc h using FC rout er in legacy mode Upgrade and downgrade considerations for FC-FC routing Wh e n yo u u pg r a d e t o Fa b r i c O S v 7 .0 .0 o r la te r, E X_ P or t s re m a in f [...]
-
Page 610
610 Fabric OS A dministr ator’s Guide 53-1002745-02 Displaying the range of output ports connected to xlate domains 24 1. Log in to a switch in the edge fabric. 2. Enter the lsDbShow command on the edge fabric. In the lsDbShow output, por ts in the range from 129 thr ough 255 are the output por ts on the front domain. The f ollowing e xample show[...]
-
Page 611
Fabric OS Administrator ’s Guide 611 53-1002745-02 Appendix A Port Indexing This appendix shows how t o us e the switchShow command t o det ermine the mapping among the por t index, slo t/por t numbers, and the 2 4-bit po r t ID (PID) on any Br oc ade Backbone. Ent er the switchShow command without paramet ers to show the po r t inde x mapping f [...]
-
Page 612
612 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Indexing A 740 3 20 5 ------ -- 16G No_Module FC 741 3 21 5 ------ -- 16G No_Module FC 742 3 22 5 ------ -- 16G No_Module FC 743 3 23 5 ------ -- 16G No_Module FC 744 3 24 6 ------ -- 16G No_Module FC 745 3 25 6 ------ -- 16G No_Module FC 746 3 26 6 ------ -- 16G No_Module FC 747 3 27 6 ---[...]
-
Page 613
Fabric OS Administrator ’s Guide 613 53-1002745-02 Port Indexing A Example of port in dexing on an FC8-64 blade on a Br ocade DCX-4S Backbone. The Bro cade DCX-4S does no t need a mapping of port s on port blades becaus e it is a one-to-one mapping. The or der is sequential st arting at slot 1 por t 0 all the wa y through slot 8 port 255 f or the[...]
-
Page 614
614 Fabric OS A dministr ator’s Guide 53-1002745-02 Port Indexing A Example of por t indexing on an FS8-18 blade on a DCX 85 10-8 Backbone This example sho ws the truncated swi tchShow output f or an FS8-18 encryption blade on the Brocade DCX 85 10-8 Backbone. The assignment of por t index numbers t o PIDs will var y depending on blade type, plat[...]
-
Page 615
Fabric OS Administrator ’s Guide 615 53-1002745-02 Appendix B FIPS Support In this appendix • FIPS ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 15 • Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 15 • FIPS mode co[...]
-
Page 616
616 Fabric OS A dministr ator’s Guide 53-1002745-02 Zeroization functions B FCSP Cha llenge Handshake Authentication Protocol (CHAP) Se cret secAuthSe cret –- remo ve The secAuthsecret -–create command is used to input the keys, and the secAuthsecret -–remo ve command is used to remo ve and zero ize the ke ys. All the DHCHAP/FCAP authentica[...]
-
Page 617
Fabric OS Administrator ’s Guide 617 53-1002745-02 FIPS mode confi guration B Power-on self tests A pow er-on self-t est (POST) is in vok ed by po wering on the switch in FIPS mode and does not require any operat or intervention. If any KA T s fail, the switch goes into a FIPS Error state, which reboo ts the syst em to star t the t est again. If [...]
-
Page 618
618 Fabric OS A dministr ator’s Guide 53-1002745-02 FIPS mode configuration B LDAP in FIPS mode Y ou can configure your Microsoft Active Direct or y server t o use the Lightweight Direct or y Access Pro tocol (LDAP) while in FIPS mode. There is no option pro vided on the switch t o configure TLS ciphers f or LDAP in FIPS mode. Ho we ver , the LD [...]
-
Page 619
Fabric OS Administrator ’s Guide 619 53-1002745-02 FIPS mode confi guration B Setting up LDAP for FIPS mode 1. Log in to the switch using an account with ad min or securityadmin perm issions, or an account with OM permissions for the RADIUS and swit ch configuration RBAC classes of commands. 2. Enter the dnsConfig command to configure the DNS on [...]
-
Page 620
620 Fabric OS A dministr ator’s Guide 53-1002745-02 FIPS mode configuration B 4. Set up LDAP according t o the instructions in “LDAP configuration and Microsof t Act ive Directory” on page 162, and the n per form the f ollowing additional Micr osof t Active Directory settings a. T o support FIPS-compliant TLS cipher suit es on the Microsoft A[...]
-
Page 621
Fabric OS Administrator ’s Guide 621 53-1002745-02 Preparing a switch for FIPS B Exporting an LDAP switch certificate This proced ure exports the LDAP CA certificate fr om the switch t o the remot e host. 1. Co nnect to the switch and log in using an acc o unt with admin permissions, or an account with OM permissions fo r the PKI RBAC class of co[...]
-
Page 622
622 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing a switch for FIPS B Overview of steps 1. Remo ve legacy OpenSS H DSA ke ys. 2. Optional: Configure the RADIUS server or the LD AP ser ver . 3. Optional : Configure any authentication pr otocols. 4. For LDA P on ly : Install an SSL cer tificate on the Micr o sof t Activ e Directory serv[...]
-
Page 623
Fabric OS Administrator ’s Guide 623 53-1002745-02 Preparing a switch for FIPS B 4. Optional: Set the authentication prot ocols. a. Enter the authUtil -- set -h sh a1 command to se t the hash type f or MD5, which is used in the DH-CHAP and FCAP authentication pro tocols. b. Enter the authUtil -- set -g n command (where n represents the DH gr oup)[...]
-
Page 624
624 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing a switch for FIPS B • System services: No • cfgload attributes: Y es • Enfor ce secure config Upload/Download: Press En ter to accept the default. • Enfor ce firmware signature validatio n: Y es Example switch:admin> configure Not all options will be available on an enabled [...]
-
Page 625
Fabric OS Administrator ’s Guide 625 53-1002745-02 Preparing a switch for FIPS B NOTE Passwor ds of the default accounts (admin and user) should be changed af ter e very zeroization operation to maintain FIPS 140-2 compliance. 3. Power -cycle the switc h. Displaying FIPS configuration 1. Log in to the switch using an account with admin or secu ri[...]
-
Page 626
626 Fabric OS A dministr ator’s Guide 53-1002745-02 Preparing a switch for FIPS B[...]
-
Page 627
Fabric OS Administrator ’s Guide 627 53-1002745-02 Appendix C Hexadecimal Conversion Hexadecimal overview Hexadecimal, also known as he x, is a numeral syst em with a base of 1 6, usually written b y means of symbols 0–9 and A–F (or a–f). Its primar y pu rpose is to represent the binary code that computers int erpret in a f ormat easier for[...]
-
Page 628
628 Fabric OS A dministr ator’s Guide 53-1002745-02 Hexadecimal Conversion C Decimal-to-hexadecimal conversion table TA B L E 9 0 Decimal-to-hexadecimal conver sion t able Decimal 01 02 03 04 05 06 07 08 09 10 Hex 01 02 03 04 05 06 07 08 09 0a D e c i m a l 1 11 21 3 1 41 51 61 7 1 81 92 0 H e x 0 b0 c 0 d 0 e 0 f 1 0 1 11 21 31 4 Decimal 21 22 2[...]
-
Page 629
Fabric OS Administrator ’s Guide 629 53-1002745-02 Hexadecimal Conversion C H e x a b a c a d a e a f b 0b 1b 2b 3b 4 Decimal 181 18 2 183 184 185 18 6 18 7 18 8 189 19 0 Hex b5 b6 b7 b8 b9 ba bb bc bd be Decimal 19 1 192 193 194 195 1 96 19 7 198 199 200 H e x b f c 0c 1c 2c 3c 4c 5c 6c 7c 8 Decimal 201 202 203 204 205 206 20 7 208 209 210 Hex c[...]
-
Page 630
630 Fabric OS A dministr ator’s Guide 53-1002745-02 Hexadecimal Conversion C[...]
-
Page 631
Fabric OS Administrator ’s Guide 631 53-1002745-02 Index Numerics 10 Gbps operation on an FC port, enabling , 476 10-bit addressing mode , 80 10G lic ense , 475 – 478 128-bit encryption, in browser , 18 2 16-link ICL lic ense , 472 1st POD ICL license , 471 256-area addressing mode , 81 2nd POD ICL lice nse , 471 8G license , 47 3 8-link ICL li[...]
-
Page 632
632 Fabric OS A dministr ator’s Guide 53-1002745-02 policy distribution to other switches , 227 policy manageme nt , 196 – 199 policy members , 196 removing polic y member , 198 resolving conflict ing ACL policies , 229 activating ACL policy changes , 197 Admin Domains , 446 IP Filter po licy , 219 licenses , 481 ports on demand , 483 TI zones [...]
-
Page 633
Fabric OS Administrator ’s Guide 633 53-1002745-02 switch members , 440 switch port members , 439 switch WWN , 440 switching context , 456 system-defined , 436 TACACS+ service , 173 TI zone considerations , 360 transaction model , 442 trunk area , 540 user-defined , 436 using , 454 validating members , 454 VF mode and , 290 Virtual Fabrics permis[...]
-
Page 634
634 Fabric OS A dministr ator’s Guide 53-1002745-02 auto-assigned FA-PWWN behavior , 426 auto-leveling, FR4-18i blade , 264 , 270 automatic PID assignment, enabling , 82 B Backbone assigning fabric IDs , 582 blade compatibility , 96 fabric ID , 581 – 582 fabric, described , 572 port blades, described , 84 port configurations supported , 287 por[...]
-
Page 635
Fabric OS Administrator ’s Guide 635 53-1002745-02 bottleneckMon command , 376 , 380 , 381 , 382 , 385 , 390 , 391 , 392 Broadcast server, described , 44 broadcast zones , 303 , 310 name restriction , 316 Brocade 6520 , 464 , 467 Brocade 7800, upgrade license , 464 , 470 Brocade 7800, XISL restriction , 286 Brocade adapters, configur ing F_Port t[...]
-
Page 636
636 Fabric OS A dministr ator’s Guide 53-1002745-02 chassis names , 75 chassis, changing name of , 75 chassisDistribute comm and , 224 , 226 chassisName command , 75 ChassisRole Microsoft Active Directory , 165 OpenLDAP , 170 RADIUS , 155 TACACS+ , 170 chassisShow command , 103 CIDR block notation , 64 class 2 and 3 traffic support , 111 classCon[...]
-
Page 637
Fabric OS Administrator ’s Guide 637 53-1002745-02 frameLog , 124 haDisable , 146 haFailover , 147 , 272 haShow , 103 , 262 , 263 , 271 haSyncStart , 263 help , 58 ifModeSet , 91 iodReset , 123 iodSet , 123 iodShow , 123 IP secCo nfig , 231 , 236 , 238 , 239 ipAddrSet , 65 , 66 , 67 , 223 , 298 ipAddrShow , 63 , 67 ipFilter , 190 , 191 , 218 , 21[...]
-
Page 638
638 Fabric OS A dministr ator’s Guide 53-1002745-02 ssh-keygen , 180 sshUtil , 180 , 182 , 622 sshutil , 257 supportSave , 39 switchCfgPersistentDisable , 100 switchCfgSpeed , 92 switchCfgTrunk , 538 , 539 switchDisable , 76 , 110 , 121 , 489 switchEnable , 76 , 110 , 301 switchName , 74 switchShow , 87 , 102 , 104 , 299 , 301 , 400 , 419 , 423 ,[...]
-
Page 639
Fabric OS Administrator ’s Guide 639 53-1002745-02 access methods, Web Tools , 55 audit log , 107 authentication , 403 authentication policy , 207 – 217 browser security certificates , 186 compressio n , 404 date and time , 69 device authentication , 211 device-switch connectio n , 88 DHCP , 66 encryption , 399 – 405 Enforce LSAN tag , 597 ex[...]
-
Page 640
640 Fabric OS A dministr ator’s Guide 53-1002745-02 D D_Port, described , 84 daemon processes and High Availability , 53 daemon, tac_plus , 172 daemons automatically restarted , 53 date and time , 69 date change license restriction , 479 date command , 69 date settings , 69 daytime listener application , 192 DCC creating policy , 20 4 deleting po[...]
-
Page 641
Fabric OS Administrator ’s Guide 641 53-1002745-02 compressio n , 405 CS_CTL-based frame prioritization , 522 DHCP , 67 F_Port trunking , 549 failover in TI zones, consideratio ns , 347 in-flight encryption , 405 ingress rate limiting , 519 ISL trunking , 538 local switch protection , 226 NPIV , 422 port , 90 QoS manually on trunked ports , 524 Q[...]
-
Page 642
642 Fabric OS A dministr ator’s Guide 53-1002745-02 edge-to-edge routing , 581 EE monitors about , 501 adding , 502 clearing statistic counters , 505 defined , 499 deleting , 504 displaying counters , 504 maximum number , 501 setting a mask for , 503 supported port configurations for , 502 effective AD configuration , 442 effective zone configura[...]
-
Page 643
Fabric OS Administrator ’s Guide 643 53-1002745-02 displayin g information , 542 masterless , 542 supported configurations and platforms , 542 Exchange Link Parameters mode. See: ELP mode. exchange-based routing , 118 , 119 , 123 expired licenses , 480 removing , 480 expiry keys , 396 exporting CSR for FCAP , 216 LDAP certificates , 621 public ke[...]
-
Page 644
644 Fabric OS A dministr ator’s Guide 53-1002745-02 command line interface , 56 , 56 – 59 default roles , 134 feature interaction with Virtual Fabrics , 288 interaction with Virtual Fabrics , 288 policies , 196 protocols supported , 178 security protocols supported , 177 user accounts , 152 – 153 on RADIUS servers , 154 – 162 user accounts [...]
-
Page 645
Fabric OS Administrator ’s Guide 645 53-1002745-02 See also: FC. Fibre Channel Authentication Protoco l. See: FCAP. Fibre Channel Common Transport (FC-CT) protoc ol service, described , 44 Fibre Channel fabrics, and port ID , 113 Fibre Channel Over IP service. See: FCIP. Fibre Channel port , 84 Fibre Channel port, enabling 10 Gbps operation , 476[...]
-
Page 646
646 Fabric OS A dministr ator’s Guide 53-1002745-02 port configurations supported , 286 port restrictions , 286 FL_Port, described , 84 FLOGI , 52 defined , 51 FC-SP bit setting , 210 process , 52 rejected , 210 request frame header value , 52 fmMonitor command , 224 , 505 , 507 , 508 , 509 Advanced Performance Monitoring license , 506 fmsmode, a[...]
-
Page 647
Fabric OS Administrator ’s Guide 647 53-1002745-02 TACACS+ , 173 home LF Microsoft Active Directory , 165 OpenLDAP , 170 RADIUS , 155 TACACS+ , 173 host syslog, verifying , 108 hosts, accessing , 192 HTTPS protocol , 182 described , 17 7 secure protocol , 178 I IAS configuring , 159 remote access policies , 159 ICL 16-link licen se , 472 1st POD [...]
-
Page 648
648 Fabric OS A dministr ator’s Guide 53-1002745-02 policy rules , 219 policy rules using service names , 220 saving policy , 218 supported actions , 221 supported protocols , 221 supported services and port numbers , 220 IP interface for chassis manageme nt , 65 IP sec algorithms , 234 Authentication Header protocol , 233 configuration on the ma[...]
-
Page 649
Fabric OS Administrator ’s Guide 649 53-1002745-02 in FIPS mode , 618 installing certificates , 620 IPv4 and IPv6 support , 162 non-FIPS mode restrictions , 162 role mapping and OpenLDAP , 168 role mapping, and Microsoft Acti ve Directory , 163 secure service , 150 LDAP server adding , 175 deleting , 175 reordering , 175 LDAP service configuratio[...]
-
Page 650
650 Fabric OS A dministr ator’s Guide 53-1002745-02 blocked chargen , 192 daytime , 192 discard , 192 echo , 192 ftp , 192 rexec , 192 rlogin , 192 rsh , 192 rstats , 192 rusers , 192 time , 192 blocked list , 192 chargen , 192 daytime , 192 discard , 192 echo , 192 ftp , 192 rexec , 192 rlogin , 192 rsh , 192 rstats , 192 rusers , 192 time , 192[...]
-
Page 651
Fabric OS Administrator ’s Guide 651 53-1002745-02 management server displaying ACL , 46 viewing database , 48 management server database , 45 – 49 Management server, described , 44 managing Admin Domains , 433 – 460 IP Filter thresho lds , 224 trunking connectio ns , 533 – 550 user accounts , 133 – 176 user-defined roles , 136 – 137 zo[...]
-
Page 652
652 Fabric OS A dministr ator’s Guide 53-1002745-02 null encryption suppo rt for IKE policies , 240 O on-demand ports , 483 – 489 activating , 485 available ports , 484 disabling dynamic , 487 displaying installed licenses , 484 dynamic , 485 enabling dynamic , 486 supported devices , 483 Open LDAP See also: LDAP. OpenLDAP configuring , 165 –[...]
-
Page 653
Fabric OS Administrator ’s Guide 653 53-1002745-02 disabling , 45 enabling , 45 Virtual Fabrics , 45 platforms, FC-FC routing supported , 570 PLOGI , 52 defined , 51 POD enabling ports , 89 releasing a port from a set , 488 reserving a port license , 488 See also: ports on demand. policies account lockout , 143 account lockout duratio n , 144 acc[...]
-
Page 654
654 Fabric OS A dministr ator’s Guide 53-1002745-02 deactivation , 89 decommissioning , 90 deleting To p Talker mo nitor on , 514 disabling , 90 disabling dynamic POD , 487 disabling on blades , 96 displaying license assignments , 486 displaying the top n bandwidth-using flows , 513 dynamic POD , 485 E_Port compression/encryption example , 407 en[...]
-
Page 655
Fabric OS Administrator ’s Guide 655 53-1002745-02 portDecom comm and , 90 portDisable comman d , 90 , 538 portEnable command , 89 , 485 portEncCompShow command , 396 , 399 , 401 , 402 , 404 PortFecCap , 128 portLoginShow command , 424 portName command , 86 ports on demand , 483 – 489 activating , 485 available ports , 484 disabling dynamic , 4[...]
-
Page 656
656 Fabric OS A dministr ator’s Guide 53-1002745-02 QoS zone-based traffic prioritization , 523 disabling , 532 High Availability co nsiderations , 528 limitations and restrictions , 529 setting , 530 ssetting over FC routers , 532 supported configurations , 529 trunking co nsiderations , 530 Virtual Fabrics considerations , 528 QoS zones , 115 ,[...]
-
Page 657
Fabric OS Administrator ’s Guide 657 53-1002745-02 upgrading temporary slot-based licenses , 479 Virtual Fabrics , 288 XISLs , 289 rexec listener application , 192 rlogin listener applicat ion , 192 Role-Based Access Control. See: RBAC. roleConfig command , 136 roles Admin Domain cons iderations , 135 assigning user-defined , 137 creating user-de[...]
-
Page 658
658 Fabric OS A dministr ator’s Guide 53-1002745-02 length , 213 setting , 214 viewing list of , 213 secure copy protocol. See: SCP. Secure Fabric OS policies , 196 secure LDAP , 150 secure protocol HTTPS , 178 items needed to deploy , 178 SCP , 178 SNMPv1 , 178 SNMPv2 , 178 SNMPv3 , 178 SSHv2 , 178 Secure Shell protoco l. See: SSH. Secure Socket[...]
-
Page 659
Fabric OS Administrator ’s Guide 659 53-1002745-02 security levels , 190 SNMPv1 secure protocol , 178 SNMPv2 secure protocol , 178 SNMPv3 secure protocol , 178 switch and chassis context enforcement , 189 v1 support , 188 v3 support , 188 Virtual Fabrics and , 189 snmpConfig c ommand , 188 , 190 , 623 snmpWalk command , 189 special zones , 303 sp[...]
-
Page 660
660 Fabric OS A dministr ator’s Guide 53-1002745-02 switch database distribution setting , 224 unique names for logical , 74 user-defined accounts , 137 viewing status policy threshold values , 105 switch authentication m ode, setting , 152 switch authentication policy , 20 8 See also: AUTH. Switch Connection Control. See: SCC. switch firmware , [...]
-
Page 661
Fabric OS Administrator ’s Guide 661 53-1002745-02 setting interactively , 71 time zone settings , 69 – 71 time, synchronizing local and ext ernal , 71 time-based licenses , 478 – 480 Top Talker monitors adding on all switches in fabric , 513 adding to aport (port mode) , 513 and FC-FC routing , 511 defined , 499 deleting all in fabric , 515 [...]
-
Page 662
662 Fabric OS A dministr ator’s Guide 53-1002745-02 U U_Port, described , 84 unblocking telnet acce ss , 191 universal temporary license defined , 478 described , 48 0 extending , 480 shelf life , 480 unlocking an account , 144 unordered frame delivery, restoring , 123 upgrading firmware , 257 upgrading temporary slot-b ased licenses, restriction[...]
-
Page 663
Fabric OS Administrator ’s Guide 663 53-1002745-02 configDownload restrictions , 252 configUpload restrictions , 252 configuration management , 250 configuring SNMP for , 189 – 190 considerations for Adv. Perf. Monitoring , 500 for WWN-based PID assignment , 82 considerations for ICLs , 494 ContextRoleList , 155 , 173 date settings , 69 DCC pol[...]
-
Page 664
664 Fabric OS A dministr ator’s Guide 53-1002745-02 Z zeroization functions for FIPS , 615 zeroizing for FIPS , 624 zone access mode, viewing current , 327 accessing , 192 adding a new switch or fabric , 336 adding members , 317 administering security , 336 alias adding members , 313 deleting , 314 removing members , 314 viewing , 315 Virtual Fab[...]
-
Page 665
Fabric OS Administrator ’s Guide 665 53-1002745-02 zoneRemove command , 31 8 zoneShow command , 322 zoning advanced , 303 – 342 advanced commands , 304 defined , 304 enforcement , 308 on logical ports , 316 overview , 304[...]
-
Page 666
666 Fabric OS A dministr ator’s Guide 53-1002745-02[...]