Configuring Fcip Tunnels (Optional); Configuring Fc-Fc Routing To Work With Secure Fabric Os (Optional); Configuring Secure Fabric Os Dh-Chap Secret - HP AE370A - Brocade 4Gb SAN Switch 4/12 Administrator's Manual

5. Then enter the fosConfig --enable fcr command.
switch:admin_06> fosconfig --disable fcr
FC Router service is disabled
switch:admin_06> fcrconfigure
FC Router parameter set. <cr> to skip a parameter
Backbone fabric ID: (1-128)[1]
switch:admin_06> fosconfig --enable fcr
FC Router service is enabled

Configuring FCIP tunnels (optional)

The optional Fibre Channel over IP (FCIP) Tunneling Service enables you to use "tunnels" to connect
instances of Fibre Channel SANs over IP-based networks to transport all Fibre Channel ISL and IFL traffic.
FCIP is a prerequisite for configuring VEX_Ports; if you are only using FC_Ports, then there is no need to
perform this step.
NOTE: If using FCIP in your FC-FC Routing configuration, you must first configure FCIP tunnels. Once a
tunnel is created, it defaults to a disabled state. Then configure the VE_Port or VEX_Port. After the
appropriate ports are configured, enable the tunnel.
See "Configuring and monitoring FCIP
tunnels.

Configuring FC-FC routing to work with Secure Fabric OS (optional)

If you do not have Secure Fabric OS enabled in the edge fabric, then you are not required to complete the
tasks in this section.
NOTE: Secure Fabric OS is not supported in backbone fabrics.
The 400 MP Router and 4/256 SAN Director with a B-Series MP Router blade support Fibre Channel
routing between secure fabric employing Secure Fabric OS via DH-CHAP (Diffie-Hellman with
Challenge-Handshake Authentication Protocol) authentication. It also supports secure fabric to nonsecure
fabrics. Secure Fabric OS is an optionally licensed product that provides customizable security restrictions
through local and remote management channels on an HP fabric.
The FC-FC Routing Service uses only the DH-CHAP shared secrets to provide switch-to-switch authentication
when connecting to a Secure Fabric OS fabric.
To determine whether or not an EX_Port or VEX_Port is connected to a Secure Fabric OS fabric, enter the
portShow, portCfgEXPort, or portCfgVEXPort command, as described in the Fabric OS
Command Reference Manual. Note that you should issue these commands only after the IFLs have been
configured and for VEX ports, the FCIP tunnel(s) are up and running. For more details, see
interfabric link" on page -21 1

Configuring Secure Fabric OS DH-CHAP secret

While Secure Fabric OS supports the SLAP, FCAP and DH-CHAP authentication protocols to communicate
with each switch, Fabric OS v5.2.x (and Fabric OS v5.1.0) supports only DH-CHAP.
The 400 MP Router and 4/256 SAN Director with a B-Series MP Router blade do not initiate DH-CHAP
authentication requests; rather, they respond to DH-CHAP requests only from the edge switch to which they
are connected—in this case, the Secure Fabric OS switch.
As soon as you connect the 400 MP Router or 4/256 SAN Director with a B-Series MP Router blade to a
Secure Fabric OS switch, DH-CHAP authentication is initiated.
The DH-CHAP secrets are configured both on the Secure Fabric OS switch and the 400 MP Router or
4/256 SAN Director with a B-Series MP Router blade. Each entry specifies the WWN of the peer to which
tunneling" on page 367 for instructions on how to configure FCIP
and "Configuring FCIP tunnels (optional)" on page
"Configuring an
-209.
Fabric OS 5.2.x administrator guide 209