Document History The following table lists all versions of the Access Gateway Administrator’s Guide. Document Title Publication Number Summary of Changes Publication Date Access Gateway Administrator’s Guide 53-1000430-01 First version January 2007 Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E June 2007 Access Gateway Administrator’s Guide 53-1000605-01...
Page 8
Fabric and Edge switch configuration ......65 Verifying the switch mode ......65 Enabling NPIV on M-EOS switches .
Page 9
Example of adding an external F_Port (F9) on an embedded switch ..24 Figure 8 Port grouping behavior ..........34 Figure 9 Port group 1 (pg1) setup .
All Fabric OS switches must be running v6.1.0 or later; all M-EOS switches must be running M-EOSc 9.1 or later, M-EOSn must be running 9.6.2 or later, and Cisco switches with SAN OS must be running 3.0 (1) and 3.1 (1) or later. Fabric OS v6.4.0 supports the following Brocade hardware platforms for Access Gateway: •...
Document conventions This section describes text formatting conventions and important notices formats. Text formatting The narrative-text formatting conventions that are used in this document are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text Provides emphasis...
ATTENTION An Attention statement indicates potential damage to hardware or data. CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data. DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you.
E_Port An ISL (Interswitch link) port. A switch port that connects switches together to form a fabric. Edge switch A fabric switch that connects host, storage, or other devices, such as Brocade Access Gateway, to the fabric. F_Port A fabric port. A switch port that connects a host, HBA (host bus adaptor), or storage device to the SAN.
For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.org Optional Brocade features For a list of optional Brocade features and descriptions, see the Fabric OS Administrator’s Guide. Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering.
3. World Wide Name (WWN) Use the licenseIdShow command to display the WWN of the chassis. If you cannot use the licenseIdShow command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX. For the Brocade DCX, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis.
Fabric OS features in Access Gateway mode Fabric OS features in Access Gateway mode Table 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. “No” indicates that the feature is not provided in AG mode. “NA” indicates this feature is not applicable in Access Gateway mode of operation.
Access Gateway port types TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Speed Negotiation Syslog Daemon Trunking Yes** ValueLineOptions (Static POD, DPOD) Web Tools Zoning When a switch is behaving as an AG, RBAC features in Fabric OS are available, but there are some limitations.
Chapter Configuring Ports in Access Gateway mode In this chapter • Enabling and disabling Access Gateway mode ......7 •...
Page 28
SecondFabric 12;13 12;13 ----------------------------------------------------------------------------- 8. Enter the switchShow command to display the status of all ports. Note that the following output is an example only and may not exactly reflect output from the current Fabric OS. switch:admin> switchshow switchName: switch switchType: 43.2...
Enabling and disabling Access Gateway mode When you disable AG mode, The switch automatically reboots and comes back online using the fabric switch configuration; the AG parameters, such as port mapping, and Failover and Failback are automatically removed. When the switch reboots, it starts in Fabric OS Native mode.
Access Gateway mapping Access Gateway mapping When operating in AG mode you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports.
0, 1 mapped to 16 2, 3 mapped to 17 4, 5 mapped to 18 6, 7 mapped to 19 8, 9 mapped to 20 10, 11 mapped to 21 12, 13 mapped to 22 14, 15mapped to 23 Access Gateway Administrator’s Guide...
Page 33
6-25 6 and 16 mapped to 0 7 and 17 mapped to 1 8, 12, 18, and 22 mapped to 2 9, 13, 19, and 23 mapped to 3 10, 14, 20, and 24 mapped to 4 11, 15, 21, and 25 mapped to 5...
Page 34
3, 4 mapped to 19 11, 12 mapped to 20 15, 16 mapped to 0 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23 8000 8-31 8-11 mapped to 0 FCoE ports 12-15 mapped to 1...
Access Gateway mapping Removing F_Ports from N_Ports 1. Connect to the switch and log in using an account assigned to the admin role. 2. Remove any preferred secondary N_Port settings for the F_Port. Refer to “Deleting F_Ports from a preferred secondary N_Port” on page 46 for instructions.
Page 36
Access Gateway mapping NOTE Port Grouping Policy is not supported when both Automatic Login Balancing and Device Load Balancing are enabled. Device-based mapping does not affect or replace the traditional port mapping. Device mapping is an optional mapping that will exist on top of existing port mapping. In general mapping devices to N_Port groups is recommended over mapping devices to individual N_Ports within a port group.
Access Gateway mapping Hosts/Targets Access Gateway WWN1 WWN2 WWN3 WWN4 WWN5 FIGURE 5 Example of device mapping to N_Port groups Figure 6 shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port. Access Gateway Administrator’s Guide 53-1001760-01...
Access Gateway mapping Hosts/Targets Access Gateway WWN1 WWN2 WWN3 WWN4 WWN5 WWN6 WWN7 WWN8 FIGURE 6 Example device mapping to an N_Port Static versus dynamic mapping Device mapping can be classified as either “static” or “dynamic” as follows: • Device mapping to an N_Port and to an N_Port Group are considered static. Static mappings persist across reboots and can be saved and restored with Fabric OS configUpload and configDownload commands.
Page 39
Access Gateway mapping Use the following steps to map one or more devices to an N_Port group or remove device mapping from an N_Port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Page 40
Access Gateway mapping Device mapping to N_Ports Use the following steps to add one or more devices to an N_Port to route all device traffic to and from the device through the specified N_Port. Also use these steps to remove device mapping to an N_Port.
Page 41
Access Gateway mapping The following example disables device mapping for two WWNs. switch:admin> ag --wwnmappingdisable “10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e:2c:11” Enter the ag command with the ag wwnmappingdisable with the --all option to disable mapping for all available WWNs. The -all option will not affect mappings made in the future, Disabled mappings can be modified without automatically enabling them.
Access Gateway mapping Pre-provisioning You can use Fabric OS commands, Web Tools, and Fabric Manager to map devices that do not yet exist. This allows applicable management programs to push configuration changes with out worrying about the order in which they are received. For example, if system administrators need to push a set of port group changes and a set of device mapping changes, they could push them in either order with out error.
Page 43
Access Gateway mapping 1. Static device mapping to N_Port (if defined) 2. Device mapping to N_Port group (if defined) For more information, refer to “Port Grouping policy” on page 33. 3. Automatic WWN load balancing within a port group (if enabled) For more information, refer to “Port Grouping policy”...
N_Port configurations N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports and the rest of the ports operate as standard F_Ports.
N_Port configurations Displaying N_Port configurations 1. Connect to the switch and log in using an account assigned to the admin role. Enter the portcfgnport command. switch:admin> portcfgnport Ports 9 10 11 12 13 14 15 --------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- Locked N_Port ....ON ON ON ON ON ON Unlocking N_Ports By default, on embedded switches all external ports are configured in N_Port lock mode when you enable Access Gateway.
Advanced Device Security policy Access Gateway policy enforcement matrix The following table shows which combinations of policies can co-exist with each other. TABLE 6 Policy enforcement matrix Policies Auto Port Configuration Port Grouping N_Port Trunking ADS Policy Auto Port Configuration Cannot co-exist Can co-exist Can co-exist...
Advanced Device Security policy Enabling and disabling the Advanced Device Security policy By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configupload command in case you need this configuration again.
Advanced Device Security policy Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate operands to set the list of devices not allowed to log into specific ports.
Automatic Port Configuration policy Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command. switch:admin> ag --adsshow F_Port WWNs Allowed -------------------------------------------------------------------------- ALL ACCESS 20:03:08:00:88:35:a0:12...
Automatic Port Configuration policy Enabling and disabling the APC policy Use the following steps to enable and disable Automatic Port Configuration policy. This policy is disabled by default in Access Gateway. Enabling APC policy 1. Connect to the switch and log in using an account assigned to the admin role. 2.
F_Ports being routed through that port will fail over to any of the N_Ports that are part of that port group and are currently online. For example, if N_Port 4 goes offline then F_Ports 7 and 8 are routed through to N_Port 3 as long as N_Port3 is online because both N_Ports 3 and 4 belong to the same port group, PG2.
F_Port7 N_Port4 F_Port8 FIGURE 8 Port grouping behavior When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can access the same target devices from both of the fabrics. In this case, you must group the N_Ports connected to the redundant fabric into a single port group.
Port Grouping policy Deleting an N_Port from a port group Before deleting an N_Port, all F_Ports mapped to that N_Port should be remapped before that N_Port is deleted from a port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Port Grouping policy Port Grouping policy modes You can enable and disable the following Port Grouping policy modes when you create port groups using the pgcreate command. Alternately, you can enable these policies using the ag--pgsetmodes command. Automatic Login Balancing If Automatic Login Balancing mode is enabled for a port group and an F_Port goes offline, logins in the port group are redistributed among the remaining F_Ports.
Port Grouping policy Port Group 3 created successfully 3. Enter the ag --pgshow command to verify the port group was created. switch:admin> ag --pgshow PG_ID PG_Name PG_Mode N_Ports F_Ports ----------------------------------------------- lb,mfnm none none SecondFabric 4;5;6 FirstFabric 10;11 Rebalancing F_Ports To minimize disruption that could occur once F_Ports go offline or when additional N_Ports are brought online you can modify the default behavior of the automatic login balancing feature by disabling or enabling rebalancing of F_Ports when F_Port offline or N_Port online events occur.
Port Grouping policy ------------------------------------------------- automapbalance on N_Port Online Event: Disabled automapbalance on F_Port Offline Event: Enabled ------------------------------------------------- Considerations when modifying automatic login balancing Consider the following when disabling automatic login balancing: • Be aware that modifying the APC policy default setting using the agautomapbalance command may yield to uneven distribution of F_Ports to N_Ports.
Port Grouping policy Setting the current fabric name monitoring timeout value 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgfnmtov command, followed by a value. switch:admin> ag --pgfnmtov 100 This sets the timeout value to 100 seconds.
Device Load Balancing Policy Upgrade and downgrade considerations for the Port Grouping policy Downgrading to Fabric OS v6.3.0 or earlier is supported. Note the following considerations when upgrading and downgrading from Fabric OS v6.4.0 to Fabric OS v6.3.0 and earlier: •...
Persistent ALPA Policy 2. Enter the ag policydisable wwnloadbalance command to enable the Device Load Balancing policy. switch:admin> ag --policydisable wwnloadbalance The policy WWN load balancing is disabled NOTE Use the ag --policyshow command to determine the current status of the WWN Load Balancing policy.
Persistent ALPA Policy Enabling Persistent ALPA By default, Persistent ALPA is disabled. You can enable Persistent ALPA using the persistentalpaenable command with the following syntax and with one of the following value types: ag -persistentalpaenable 1/0[On/Off] -s/-f[Stringent/Flexible] • Flexible ALPA assigns an unassigned ALPA value when the ALPA assigned to the device is taken by another host.
Persistent ALPA Policy Displaying device data You can view the ALPA of the host related to any ports you delete from the database. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag printalpamap command with the appropriate operand to display a database entry for a specific F_Port.
Failover Failover Access Gateway Failover ensures maximum uptime for the servers. When a port is configured as an N_Port, failover is enabled by default and is enforced during power-up. Failover allows hosts and targets to automatically remap to another online N_Port if the primary N-Port goes offline. NOTE For port-based mapping, the Failover policy must be enabled on an N_Port for failover to occur.
Failover Deleting F_Ports from a preferred secondary N_Port 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --prefdel command with the "F_Port1;F_Port2;..." N_Port operands to delete F_Ports from an N_Port. The list of F_Ports must be enclosed in quotation marks.
Failover Deleting a preferred secondary N-Port for device mapping (optional) Use the following steps to remove a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Failback 3. Enter the ag failoverdisable -pg pgid command to disable failover. switch:admin> ag --failoverdisable -pg 3 Failover policy is disabled for port group 3 Upgrade and downgrade considerations for Failover Consider the following when upgrading or downgrading Fabric OS versions. •...
Trunking in Access Gateway mode Enabling and disabling Failback for a port group Use the following steps to enable or disable Failback policy on all the N_Ports belonging to the same port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
0-3 in the figure shown below. For example, the Brocade 300 platform supports a trunk group with up to eight ports. The trunking groups are based on the user port number, with contiguous eight ports as one group, such as 0-7, 8-15, 16-23 and up to the number of ports on the switch.
A port within a TA can be removed, but this adds the Index back to the switch. For example, the same AD1 and AD2 with TA 8 holds true. If you remove port 7 from the TA, it adds Index 7 back to the switch.
Trunking in Access Gateway mode Slot Port Type State Master ------------------------------------------- 125 125 125 126 ------------------------------------------- 5. Enable ports specified in step 3. Continuing with the example shown in step 3, this would mean enabling ports 13 and 14. switch:admin> portenable 10/13 switch:admin>...
If you attempt to add a monitor to a slave port, it is automatically added to the master port. Trunking considerations for the Edge switch Table 8 describes the Access Gateway trunking considerations for the Edge switch. TABLE 8...
Page 75
Trunking in Access Gateway mode TABLE 8 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Trunk area The port must be disabled before assigning a Trunk Area on the Edge switch to the port or removing a Trunk Area from a trunk group.
Trunking in Access Gateway mode TABLE 8 Access Gateway trunking considerations for the Edge switch (Continued) Category Description FC4-32 blade If an FC4-32 blade has the Trunk Area enabled on ports 16 - 31 and the blade is swapped with a FC8-48 blade, the Trunk Area ports will be persistently disabled.
Trunking in Access Gateway mode TABLE 8 Access Gateway trunking considerations for the Edge switch (Continued) Category Description D.I. Zoning Creating a Trunk Area may remove the Index (“I”) from the switch (D,I) AD to be grouped to the Trunk Area. All ports in a Trunk Area share the same “I”.
Adaptive Networking on Access Gateway Adaptive Networking on Access Gateway Adaptive Networking (AN) ensures bandwidth for critical servers, virtual servers, or applications in addition to reducing latency and minimizing congestion. Adaptive Networking in Access Gateway works in conjunction with the Quality of Service (QoS) feature on Brocade fabrics. Fabric OS provides a mechanism to assign traffic priority, (high, medium, or low) for a given source and destination traffic flow.
Adaptive Networking on Access Gateway FIGURE 12 Starting point for QoS Upgrade and downgrade considerations with Adaptive Networking in AG mode enabled Downgrading to Fabric OS v6.3.0 is supported. Note the following considerations when upgrading and downgrading from Fabric OS v6.4.0 to Fabric OS v6.2.X and earlier: •...
Per Port NPIV login limit Per Port NPIV login limit This feature allows you to set a specific maximum NPIV login limit on individual ports. This feature works in both Native Fabric Switch and Access Gateway mode. Using this feature, you can use additional tools to design and implement a virtual infrastructure.
Page 81
Considerations for the Brocade 8000 Policy and feature support The following AG policies and features are not supported on the Brocade 8000. • Access Gateway Cascading NOTE This is not supported on the Brocade 8000 Core AG (the Brocade 8000 is only supported on an Edge AG).
Page 82
Considerations for the Brocade 8000 • The following commands have restricted usage, mostly because the Brocade 8000 contains only eight Fibre Channel ports and does not support the Automatic Port Configuration policy: ag --pgcreate ag --policyenable ag --policydisable ag --portcfgdefault •...
Target aggregation • Redundant configurations should be maintained so that when hosts and targets fail over or fail back, they should not get mapped to a single N_Port. • Hosts and targets should be in separate port groups. • Configuration is not enforced. Target aggregation Access Gateway mode is normally used as host aggregation.
Fabric and Edge switch configuration • AG trunking between the Edge and Core AG switches is not supported. Trunking between the Core AG switch and the fabric is supported. • It is recommended that you enable Advanced Security Policy (ADS) on all AG F_Ports that are directly connected to devices.
Fabric and Edge switch configuration switchType: 76.6 switchState: Online switchMode: Native switchRole: Subordinate switchDomain: switchId: fffc01 switchWwn: 10:00:00:05:1e:03:4b:e7 zoning: switchBeacon: ----------------------------------------= Table 3 on page 9 for a description of the port state. If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch.
Connectivity to Cisco Fabrics Connectivity to Cisco Fabrics When connecting a switch in Access Gateway mode to a Cisco fabric Fabrics you only need to make sure NPIV is enabled on the connecting switch and that Fabric OS version 3.1 or higher is used. Enabling NPIV on a Cisco switch 1.
Page 88
Rejoining Fabric OS switches to a fabric The switch automatically joins the fabric. Access Gateway Administrator’s Guide 53-1001760-01...
Appendix Troubleshooting This appendix provides troubleshooting instructions. TABLE 10 Troubleshooting Problem Cause Solution Switch is not in Access Switch is in Native switch mode Disable switch using the switchDisable command. Gateway mode Enable Access Gateway mode using the ag modeenable command. Answer yes when prompted;...
Page 90
Troubleshooting TABLE 10 Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that the failover and failback policies are enabled, as follows: Enter the ag failoverShow command with the port_number operand. Enter the ag failbackShow command with the port_number operand.
Page 91
Index Brocade 8000 AG considerations default mapping Access Gateway mapping differences cascading comparison to standard switches compatible fabrics connecting devices connecting two AGs description Cisco fabric displaying information connectivity features enabling NPIV on Cisco switch limitations code mapping description port types Access Gateway mode comparison disabling...
Page 92
commands device load balancing ag --addwwnfailovermapping device load balancing policy ag --addwwnpgmapping APC policy ag --delwwnfailovermapping Brocade 8000 ag --delwwnpgmapping considerations ag --failbackEnable disabling ag --failbackShow enabling ag --failoverDisable trunking ag --failoverEnable device mapping ag --failoverShow adding a secondary N_Port ag --mapAdd adding devices to N_Ports ag --mapDel...
Page 93
F_Port limitations adding external port on embedded switch device load balancing description direct connections to target devices mapping, example loop devices not supported maximum number mapped to N_Port login balancing considerations settings, Edge switch long distance mode, Edge switch shared area ports trunking setup fabric compatibility...
Page 94
N_Ports port group unlocking add N_Port native switchMode create delete N_Port non disruptive disabling NPIV enabling loging balancing mode Edge switch login balancing mode enabling on Cisco switch managed fabric name monitoring mode enabling on M-EOS switch remove port group login limit rename support...
Page 95
settings zoning ACL policies schemes FLOGI setting inband queries management server platform zone, no access static vs. dynamic mapping supported hardware and software xiii switch mode, verify terms trunk area assign configuration management disabling remove ports standby CP using the porttrunkarea command trunk groups, create trunk master, limitation trunking...