Page 1 53-1001763-02 ® 13 September 2010 Fabric OS Administrator’s Guide Supporting Fabric OS v6.4.0...
Page 2 Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
Page 3 Fabric OS Administrator’s Guide 53-1001336-01 Fabric OS Administrator’s Guide 53-1001336-02 Fabric OS Administrator’s Guide 53-1001763-01 Fabric OS Administrator’s Guide 53-1001763-02 Fabric OS Administrator’s Guide 53-1001763-02 Summary of changes Date Removed SilkWorm 4016 and 4020 June 2006 from supported switches; FCIP chapter updates.
Page 4 Fabric OS Administrator’s Guide 53-1001763-02...
Page 5: Table Of Contents
Fabric OS Administrator’s Guide 53-1001763-02 In this chapter ......... xxxiii How this document is organized .
Page 6 Switch connection ........33 Fabric OS Administrator’s Guide 53-1001763-02...
Page 7 Chapter 3 Fabric OS Administrator’s Guide 53-1001763-02 Performing Advanced Configuration Tasks In this chapter ......... . . 35 PIDs and PID binding overview.
Page 8 Distributing the local user database ..... 90 Accepting distribution of user databases on the local switch . 90 Rejecting distributed user databases on the local switch ..90 Fabric OS Administrator’s Guide 53-1001763-02...
Page 9 Fabric OS Administrator’s Guide 53-1001763-02 Password policies ........91 Password strength policy.
Page 10 Aborting an IP Filter transaction ......157 IP Filter policy distribution ......158 Fabric OS Administrator’s Guide 53-1001763-02...
Page 11 Chapter 9 Fabric OS Administrator’s Guide 53-1001763-02 Policy database distribution .......158 Database distribution settings .
Page 12 Creating a logical switch or base switch .....225 Executing a command in a different logical fabric context ..227 Fabric OS Administrator’s Guide 53-1001763-02...
Page 13 Fabric OS Administrator’s Guide 53-1001763-02 Deleting a logical switch ........228 Adding and removing ports on a logical switch.
Page 14 Changing the state of a TI zone ......285 Fabric OS Administrator’s Guide 53-1001763-02...
Page 15 Fabric OS Administrator’s Guide 53-1001763-02 Deleting a TI zone ........286 Displaying TI zones .
Page 16 Admin Domains and switch WWN..... . .342 Admin Domain compatibility, availability, and merging ..344 Fabric OS Administrator’s Guide 53-1001763-02...
Page 17 Section II Chapter 16 Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators . .344 Setting the default zoning mode for Admin Domains ..344 Creating an Admin Domain ......345 User assignments to Admin Domains .
Page 18 Clearing end-to-end and ISL monitor counters ....398 Saving and restoring monitor configurations ....399 Fabric OS Administrator’s Guide 53-1001763-02...
Page 19 Chapter 19 Fabric OS Administrator’s Guide 53-1001763-02 Performance data collection ......399 Optimizing Fabric Behavior In this chapter .
Page 20 Integrated Routing........457 Fabric OS Administrator’s Guide 53-1001763-02...
Page 21 Appendix A Fabric OS Administrator’s Guide 53-1001763-02 Fibre Channel routing concepts ......457 Proxy devices ........461 Routing types .
Page 22 LDAP in FIPS mode ........524 LDAP certificates for FIPS mode ......526 Fabric OS Administrator’s Guide 53-1001763-02...
Page 23 Fabric OS Administrator’s Guide 53-1001763-02 Preparing the switch for FIPS ......527 Overview of steps .
Page 24 Fabric OS Administrator’s Guide 53-1001763-02...
Page 25 Dedicated path is the only shortest path ......271 Fabric OS Administrator’s Guide 53-1001763-02...
Page 26 Logical representation of EX_Ports in a base switch ..... 494 Figure 78 Backbone-to-edge routing across base switch using FC router in legacy mode 495 xxvi Fabric OS Administrator’s Guide 53-1001763-02...
Page 27 Management Station on a different subnet ......511 Fabric OS Administrator’s Guide 53-1001763-02 xxvii...
Page 28 Fabric OS Administrator’s Guide 53-1001763-02...
Page 29 Default IP policy rules..........156 Table 35 Interaction between fabric-wide consistency policy and distribution settings . 159 Fabric OS Administrator’s Guide 53-1001763-02 xxix...
Page 30 Ports and devices in CLI output ........357 Table 75 Admin Domain interaction with Fabric OS features ..... . 359 Fabric OS Administrator’s Guide 53-1001763-02...
Page 31 Decimal to hexadecimal conversion table ......532 Fabric OS Administrator’s Guide 53-1001763-02 xxxi...
Page 32 Fabric OS Administrator’s Guide 53-1001763-02...
Page 33: About This Document
• Chapter 10, “Managing Virtual Fabrics,” using Virtual Fabrics. Fabric OS Administrator’s Guide 53-1001763-02 provides information on the Fibre Channel gives a brief overview of Fabric OS, provides advanced connection and provides information and procedures for using switch routing...
Page 34: Supported Hardware And Software
Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for Fabric OS v6.4.0, documenting all possible configurations and scenarios is beyond the scope of this document. The following hardware platforms are supported by this release of Fabric OS: •...
Page 35: What's New In This Document
Administrator’s Guide. For further information about documentation updates for this release, refer to the release notes. Document conventions This section describes text formatting conventions and important notice formats used in this document. Fabric OS Administrator’s Guide 53-1001763-02 xxxv...
Page 36 < >. Repeat the previous element, for example “member[;member...]” Fixed values following arguments are printed in plain font. For example, show WWN Boolean. Elements are exclusive. Example: show mode egress | ingress Fabric OS Administrator’s Guide 53-1001763-02...
Page 37: Notice To The Reader
This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, go to ID and password. Fabric OS Administrator’s Guide 53-1001763-02 Referenced Trademarks and Products Windows, Windows NT, Internet Explorer Mozilla, Firefox Netscape Red Hat, Red Hat Network, Maximum RPM, Linux Undercover Sun, Solaris http://my.brocade.com...
Page 38: Getting Technical Help
2. Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number label, as illustrated below.: *FT00X0054E9* FT00X0054E9 The serial number label is located as follows: xxxviii Fabric OS Administrator’s Guide 53-1001763-02...
Page 39: Document Feedback
Forward your feedback to: documentation@brocade.com Provide the title and version number of the document and as much detail as possible about your comment, including the topic heading and page number and your suggestions for improvement. Fabric OS Administrator’s Guide 53-1001763-02 xxxix...
Page 40 Fabric OS Administrator’s Guide 53-1001763-02...
Page 41: Standard Features
Chapter 10, “Managing Virtual Fabrics” • Chapter 11, “Administering Advanced Zoning” • Chapter 12, “Traffic Isolation Zoning” • Chapter 13, “Administering NPIV” • Chapter 14, “Interoperability for Merged SANs” • Chapter 15, “Managing Administrative Domains” Fabric OS Administrator’s Guide 53-1001763-02 Section...
Page 42 Fabric OS Administrator’s Guide 53-1001763-02...
Page 43: Understanding Fibre Channel Services
Time Server — The Time Server sends to the member switches in the fabric the time on either the principal switch or the primary Fabric Configuration Server (FCS) switch. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 44: The Management Server
MS activation is persistent across power cycles and reboots. NOTE The commands msplMgmtActivate and msplMgmtDeactivate are allowed only in AD0 and AD255. Fabric OS Administrator’s Guide 53-1001763-02...
Page 45: Platform Services In A Virtual Fabric
If the list is empty (the default), the management server is accessible to all systems connected in-band to the fabric. For more access security, you can specify WWNs in the ACL so that access to the management server is restricted to only those WWNs listed. Fabric OS Administrator’s Guide 53-1001763-02 Management server database...
Page 46: Displaying The Management Server Acl
Display the access list Add member based on its Port/Node WWN Delete member based on its Port/Node WWN Done Display the access list Add member based on its Port/Node WWN Delete member based on its Port/Node WWN Fabric OS Administrator’s Guide 53-1001763-02...
Page 47: Deleting A Member From The Acl
8. Press Enter to update the nonvolatile memory and end the session. Example of deleting a member from the management server ACL switch:admin> msconfigure Fabric OS Administrator’s Guide 53-1001763-02 Done Display the access list Add member based on its Port/Node WWN...
Page 48: Viewing The Contents Of The Management Server Database
Display the access list Add member based on its Port/Node WWN Delete member based on its Port/Node WWN Done Display the access list Add member based on its Port/Node WWN Delete member based on its Port/Node WWN Fabric OS Administrator’s Guide 53-1001763-02...
Page 49: Topology Discovery
Disabling discovery of management server topology might erase all node ID entries. Example of disabling discovery switch:admin> mstddisable This may erase all NID entries. Are you sure? Request to disable MS Topology Discovery Service in progress... Fabric OS Administrator’s Guide 53-1001763-02 Topology discovery (yes, y, no, n): [no] y...
Page 50: Device Login
RA_TOV, and ED_TOV. This is not a negotiation. If one or the other port’s link (yes, y, no, n): [no] y Fabric OS Administrator’s Guide 53-1001763-02...
Page 51: Fabric Login
VEX_Port appears as a normal VE_Port. It follows the same Fibre Channel protocol as other VE_Ports. However, the router terminates VEX_Ports rather than allowing different fabrics to merge as would happen on a switch with regular VE_Ports. Fabric OS Administrator’s Guide 53-1001763-02 Device login...
Page 52: Rscn Causes
3. If the restart is successful, then another message is sent to RASlog and AUDIT, reporting the successful restart status. 4. If the restart fails, another message is sent to RASlog and no further attempts are made to restart the daemon. Fabric OS Administrator’s Guide 53-1001763-02...
Page 53: Table 1 Daemons That Are Automatically Restarted
Fabric OS Administrator’s Guide 53-1001763-02 Description Asynchronous Response Router, which is used to send management data to hosts when the switch is accessed through the APIs (FA API or SMI-S). Common Access Layer daemon, which is used by manageability applications.
Page 54 High availability of daemon processes Fabric OS Administrator’s Guide 53-1001763-02...
Page 55: Performing Basic Configuration Tasks
When procedures or parts of procedures apply to some models but not others, this guide identifies the specifics for each model. For example, a number of procedures that apply only to variable-port devices are found in Fabric OS Administrator’s Guide 53-1001763-02 “Performing Advanced Configuration Tasks” Chapter on page 35.
Page 56: Fabric Os Command Line Interface
Fabric OS command line interface Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc., documenting all possible configurations and scenarios is beyond the scope of this document. In some cases, earlier releases are highlighted to present considerations for interoperating with them.
Page 57: Telnet Or Ssh Sessions
IP over Fibre Channel. The embedded port must have an assigned IP address. 3. Log off the switch’s serial port. Fabric OS Administrator’s Guide 53-1001763-02 Fabric OS command line interface “Console sessions using the serial port” “Managing User Accounts”...
Page 58: Getting Help On A Command
“Default account passwords” Diagnostic help information FICON help information Fabric Watch help information iSCSI help information License help information Performance Monitoring help information Routing help information Track Changes help information Zoning help information on page 19. Fabric OS Administrator’s Guide 53-1001763-02...
Page 59: Default Account Passwords
Password saved to stable storage successfully. (output truncated) Fabric OS Administrator’s Guide 53-1001763-02 Table 2 to log in to the switch for the first time and to perform User-defined passwords can have 8 to 40 characters. They must begin with an Password modification “Default accounts”...
Page 60: The Ethernet Interface On Your Switch
For more information on how to set up these IPFC addresses to your Virtual Fabric, refer to 10, “Managing Virtual on page 22 on page 23 “Connecting to Fabric OS through the serial port” Fabrics”. on page 16 for Chapter Fabric OS Administrator’s Guide 53-1001763-02...
Page 61: Displaying The Network Interface Settings
You can use either IPv4 or IPv6 with a classless inter-domain routing (CIDR) block notation (also known as a network prefix length) to set up your IP addresses. Fabric OS Administrator’s Guide 53-1001763-02 The Ethernet interface on your switch on page 16. Otherwise, connect using SSH.
Page 62: Static Ethernet Addresses
5. Skip Fibre Channel prompts by pressing Enter. The Fibre Channel IP address is used for management. 6. Enter the Gateway Address at the prompt. Disable DHCP by entering off. Fabrics”. “DHCP activation” on page 23 Chapter 10, Fabric OS Administrator’s Guide 53-1001763-02...
Page 63: Dhcp Activation
Enter. 4. When you are prompted for DHCP[Off], enable it by entering on. Fabric OS Administrator’s Guide 53-1001763-02 The Ethernet interface on your switch on page 22 for instructions on setting the FC IP address.
Page 64: Ipv6 Autoconfiguration
IPv6 autoconfiguration, such as Fabric OS v6.2.0 or later, will cause IPv6 autoconfiguration to be enabled on the upgraded platform. In upgrades or downgrades between versions of Fabric OS that support autoconfiguration, the enabled state of IPv6 autoconfiguration will not be changed. Fabric OS Administrator’s Guide 53-1001763-02...
Page 65: Date And Time Settings
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the date command, using the following syntax: Fabric OS Administrator’s Guide 53-1001763-02 Date and time settings “Role-Based Access Control (RBAC)” on page 84.
Page 66: Time Zone Settings
Setting the time zone on a dual domain director has the following characteristics: • Updating the time zone on any switch updates the entire director. • The time zone of the entire director is the time zone of switch 0. 4 10:10:00 UTC 2008 Fabric OS Administrator’s Guide 53-1001763-02...
Page 67: Network Time Protocol
FCS switch are propagated to all switches in the fabric. Fabric OS Administrator’s Guide 53-1001763-02 interactive to list all of the time zones supported by the firmware. interactive command. Date and time settings...
Page 68: Domain Ids
Domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can change them manually so that you can control the ID number or resolve a domain ID conflict when you merge fabrics. Fabric OS Administrator’s Guide 53-1001763-02...
Page 69: Displaying The Domain Ids
The Fabric has 26 switches The fields in the fabricShow display are: Switch ID Worldwide Name Fabric OS Administrator’s Guide 53-1001763-02 Worldwide Name Enet IP Addr fec0:60:69bc:63:205:1eff:fe34:1bd fec0:60:69bc:63:219:1eff:fe34:1bd The switch’s domain_ID and embedded port D_ID. The numbers are broken down as...
Page 70: Setting The Domain Id
The switch’s Ethernet IP address for IPv4- and IPv6-configured switches. For IPv6 switches, only the static IP address displays. The switch’s Fibre Channel IP address. The switch’s symbolic or user-created name in quotes. An arrow (>) indicates the principal switch. Fabric OS Administrator’s Guide 53-1001763-02...
Page 71: Chassis Names
Warm reboot refers to shutting down the appliance per the instructions below, also known as a graceful shutdown. Cold boot refers to shutting down the appliance by suddenly shutting down power and then turning it back on, also known as a hard boot. Fabric OS Administrator’s Guide 53-1001763-02 Chassis names...
Page 72: Powering Off A Brocade Switch
Shutting down the blade... Stopping blade 12 Shutting down the blade... Broadcast message from root (pts/0) Fri Oct 10 08:36:48 2008... The system is going down for system halt NOW !! 4. Power off the switch. Fabric OS Administrator’s Guide 53-1001763-02...
Page 73: Basic Connections
• 1 km at 8 Gbps For more information on extended ISL modes, which enable long distance interswitch links, see Chapter 20, “Managing Long Distance Fabric OS Administrator’s Guide 53-1001763-02 Tasks”. on page 441. Fabrics”. Basic connections Chapter 3, “Performing Advanced “Routing Traffic”...
Page 74 Basic connections Fabric OS Administrator’s Guide 53-1001763-02...
Page 75: In This Chapter
Fortunately, very few device drivers still behave this way. Many current device drivers enable you to select static PID binding as well as WWN binding. You should only select static binding if there is a compelling reason, and only after you have evaluated the effect of doing so. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 76: Core Pid Addressing Mode
PID is dynamically allocated only when the port is first moved to a logical switch and thereafter it is persistently maintained. • Shared area limitations are removed on 48-port blades. Appendix E, “Hexadecimal”. auto command supports Fabric OS Administrator’s Guide 53-1001763-02...
Page 77: 256-Area Addressing Mode
When the number of entries in the WWN-based PID database reaches 4096 areas are used up, the oldest unused entry is purged from the database to free up the reserved area for the new FLOGI. Fabric OS Administrator’s Guide 53-1001763-02 PIDs and PID binding overview...
Page 78 2. Enter the wwnAddress -bind command to assign a 16-bit PID to a given WWN. . The total number of ports in the default switch must be 256 or less. FCOE10-24 FS8-18 Chapter 13, “Administering NPIV” Fabric OS Administrator’s Guide 53-1001763-02...
Page 79: Ports
The Brocade DCX has 12 slots that contain control processor, core, port, and AP blades: • Slot numbers 6 and 7 contain CPs. • Slot numbers 5 and 8 contain core blades. • Slot numbers 1 through 4 and 9 through 12 contain port and AP blades. Fabric OS Administrator’s Guide 53-1001763-02 Ports...
Page 80: Table 3 Port Numbering Schemes For The Brocade 48000, Brocade Dcx And Dcx-4S Enterprise-Class Platforms
GbE ports numbered ge4 and ge5 on the right side. In the third grouping, the GbE ports are numbered ge0 through ge3 on the left set of ports and ge6 through ge9 on the right set of ports. Table 3 lists the Fabric OS Administrator’s Guide 53-1001763-02...
Page 81: Setting Port Names
Port identification by index With the introduction of 48-port blades, indexing was introduced. Unique area IDs are possible for up to 255 areas, but beyond that there needed to be some way to ensure uniqueness. Fabric OS Administrator’s Guide 53-1001763-02 Ports...
Page 82: Swapping Port Area Ids
By default, all licensed ports are enabled. You can disable and re-enable them as necessary. Ports that you activate with the Ports on Demand license must be enabled explicitly, as described in “Ports on Demand” on page 377. Fabric OS Administrator’s Guide 53-1001763-02...
Page 83: Setting Port Speeds
The following example sets the speed for port 3 on slot 2 to 4 Gbps: ecp:admin> portcfgspeed 2/3 4 done. The following example sets the speed for port 3 on slot 2 to autonegotiate: ecp:admin> portcfgspeed 2/3 0 done. Fabric OS Administrator’s Guide 53-1001763-02 Ports...
Page 84: Setting The Same Speed For All Ports On The Switch
1, 2, and 4 Gbps port speeds. This port blade is compatible only with the Brocade 48000 CP blades. FC8-16 A 16-port Brocade platform port blade supporting 1, 2, 4, and 8 Gbps port speeds. Table 4 includes CP and Fabric OS Administrator’s Guide 53-1001763-02...
Page 85 Fibre Channel Application blade Brocade Encryption blade Converged Enhanced Ethernet blade DCX Extension blade Fabric OS Administrator’s Guide 53-1001763-02 Blade terminology and compatibility Abbreviation Blade ID Definition (slotshow) FC4-32 A 32-port Brocade platform port blade supporting 1, 2, and 4 Gbps port speeds. This port blade is compatible only with the Brocade 48000 CP blades.
Page 86: Cp Blades
FR4-18i Firmware”. Brocade 48000 (CP4) Brocade DCX and DCX-4S Supported Supported Supported Supported Supported Unsupported Supported Unsupported Supported Unsupported Supported Unsupported Supported Supported Supported Supported Supported Supported Unsupported Supported Unsupported Supported Supported Supported Chapter 9, Fabric OS Administrator’s Guide 53-1001763-02...
Page 87: Table 6 Blade Compatibility Within A Brocade Dcx And Dcx-4S Backbone
Not compatible with other application blades or with the FC8-64 in the same chassis. Refer to page 46 for more information. The hardware limit is enforced by software. Fabric OS Administrator’s Guide 53-1001763-02 Blade terminology and compatibility Brocade 48000 (CP4) Brocade DCX and DCX-4S...
Page 88: Fx8-24 Compatibility Notes
Slot 3 is being enabled GbE ports cannot be connected to either the FX8-24 or Brocade virtual device exported to an edge fabric, getting FA4-18 blade, and then going over an FS8-18 FCIP distance VE_Port. There FX8-24 Fabric OS Administrator’s Guide 53-1001763-02...
Page 89 FR4-18i blade, the current port configuration continues to be used, and all ports on the FR4-18i blade are persistently disabled. Fabric OS Administrator’s Guide 53-1001763-02 Enabling and disabling blades “Port activation and deactivation” on page 42.
Page 90: Disabling Blades
Blade swapping is not supported when swapping to a different model of blade or a different port count. For example, you cannot swap an FC8-32 blade with an FC8-48 port blade. NOTE This feature is not supported on the FX8-24 DCX Extension blade. Fabric OS Administrator’s Guide 53-1001763-02...
Page 91: Swapping Blades
Fabric OS Administrator’s Guide 53-1001763-02 Figure 2 shows the source and destination blades are identified to begin the Identifying the blades...
Page 92: Swapping Blades
Blade swap with Virtual Fabrics during the swap shows Virtual Fabrics, where the blades can be carved up into different logical Blade swap with Virtual Fabrics after the swap Fabric OS Administrator’s Guide 53-1001763-02...
Page 93: Power Management
1. Connect to the switch and log in as admin. 2. Enter the slotPowerOn command with the slot number of the port blade you want to power on. ecp:admin> slotpoweron 3 Powering on slot 3 Fabric OS Administrator’s Guide 53-1001763-02 Power management...
Page 94: Equipment Status
CORE BLADE CORE8 CP BLADE CP BLADE CORE BLADE CORE8 SW BLADE FC8-16 AP BLADE FS8-18 SW BLADE FC8-32 AP BLADE FR4-18i Status ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED Fabric OS Administrator’s Guide 53-1001763-02...
Page 95: Verifying Fabric Connectivity
2. Optional: Enter the switchShow command to verify devices, hosts, and storage are connected. 3. Optional: Enter the nsShow command to verify devices, hosts, and storage have successfully registered with the name server. Fabric OS Administrator’s Guide 53-1001763-02 Value Displays the physical slot number. Displays the blade type.
Page 96: Track And Control Switch Changes
3. View the log using the commands errDump |more to display a page at a time or errShow to view one line at a time. 2008/10/10-08:13:36, [TRCK-1001], 5, FID 128, INFO, ras007, Successful login by user admin. Fabric OS Administrator’s Guide 53-1001763-02...
Page 97: Displaying The Status Of The Track Changes Feature
FaultyPorts MissingSFPs Setting the switch status policy threshold values 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchStatusPolicySet command. Fabric OS Administrator’s Guide 53-1001763-02 Down Marginal Fans Blade CoreBlade...
Page 98 Down CoreBlade contributing to MARGINAL status: (0..2) [1] Out of range Flash contributing to DOWN status: (0..1) [0] Down Marginal Fans Blade CoreBlade Flash WWN contributing to DOWN status: (0..2) [0] WWN contributing to MARGINAL status: (0..2) [1] Fabric OS Administrator’s Guide 53-1001763-02...
Page 99: Audit Log Configuration
For High Availability, the audit event logs exist independently on both active and standby CPs. The configuration changes that occur on the active CP are propagated to the standby CP and take effect. • Audit log configuration is also updated through a configuration download. Fabric OS Administrator’s Guide 53-1001763-02 Audit log configuration...
Page 100: Auditable Event Classes
Configuration Audit configuration downloads of existing SNMP configuration parameters. Configuration uploads are not audited. Firmware Audit firmware download start, firmware complete, and any other errors encountered during a firmware download. Fabric Audit administrative domain-related changes. Fabric OS Administrator’s Guide 53-1001763-02...
Page 101: Configuring An Audit Log For Specific Event Classes
128, , Event: login, Status: failed, Info: Failed login attempt via REMOTE, IP Addr: 10.3.220.13. Fabric OS Administrator’s Guide 53-1001763-02 class command, which defines the specific event classes to be filtered. Table 7 enable command, which enables audit event logging based on the...
Page 102 Audit log configuration Fabric OS Administrator’s Guide 53-1001763-02...
Page 103: About This Chapter
FSPF. Its purpose is to ensure that a frame is not delivered to a destination after R_A_TOV has expired. Unicast, multicast, and broadcast traffic are supported. Both Unicast Class 2 and 3 traffic are supported. Broadcast and multicast are supported in Class 3 only. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 104: Path Versus Route Selection
Principal ISL. Only one ISL from each switch will be used as the Principal ISL. Figure 5 shows the thicker red lines as principal ISLs, and thinner green lines as regular ISLs. FIGURE 5 Principal ISLs ATTENTION FSPF only supports 16 ISLs in a zone, including Traffic Isolation Zones. Fabric OS Administrator’s Guide 53-1001763-02...
Page 105: Fibre Channel Nat
Fibre Channel network address translation (FC-NAT). Using FC-NAT, the proxy devices in a fabric can have PIDs that are different from the real devices they represent, allowing the proxy devices to have appropriate PIDs for the address space of their corresponding fabric. Fabric OS Administrator’s Guide 53-1001763-02 Routing overview...
Page 106: Inter-Switch Links
Data field size • Sequence level switching • Disable device probing • Suppress class F traffic • Per-frame route priority • BB credit • PID format Chapter 1, “Understanding Fibre Channel Figure 6 Fabric OS Administrator’s Guide Services”. shows a 53-1001763-02...
Page 107: Buffer Credits
F_RJT, and ACK traffic. P2 is the next highest which is used for data frames. The data virtual channels can be further prioritized to provide higher levels of Quality of Service. P3 is the lowest and is used for broadcast and multicast traffic. Fabric OS Administrator’s Guide 53-1001763-02 Fabrics”. Inter-switch links Chapter...
Page 108: Figure 7 Virtual Channels On A 1/2/4 Gbps Isl
The seven data VC channels, VC8-14, are used to multiplex data frames based upon QoS Zones when congestion occurs. For more information on QoS zones refer to Chapter 18, “Optimizing Fabric Behavior”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 109: Gateway Links
Except for link initialization, gateways are transparent to switches; the gateway simply provides E_Port connectivity from one switch to another. merged together using a gateway. Fabric OS Administrator’s Guide 53-1001763-02 Gateway links Figure 9 shows two separate SANs, A-1 and A-2,...
Page 110: Configuring A Link Through A Gateway
3. Repeat steps 1 through 2 for any additional ports that will be connected to the gateway. 4. Repeat this procedure on the switch at the other end of the gateway. on page 70. “Configuring a link Fabric OS Administrator’s Guide 53-1001763-02...
Page 111: Inter-Chassis Links
Brocade DCX-4S chassis. All the ICL connector ports must be connected to the same two Brocade DCX or DCX-4S chassis. Only cross ICL group connections are allowed: • ICL0 <--> ICL1 • ICL1 <--> ICL0 FIGURE 10 DCX-4S allowed ICL connections Fabric OS Administrator’s Guide 53-1001763-02 Inter-chassis links...
Page 112: Supported Topologies
ICL connection with peer blade is good. Black ICL is fully operational. Blinking Yellow One or more links in the ICL connection is NOT operational. Action Reconnect the ICL cables or replace the ICL cables. Fabric OS Administrator’s Guide 53-1001763-02...
Page 113: Routing Policies
Brocade DCX and DCX-4S enterprise-class platforms (all 4 Gbps ASICs and later) routing is handled by the FSPF protocol and either the port-based routing or exchange-based routing policies. Fabric OS Administrator’s Guide 53-1001763-02 ICL 3 ICL 1 ICL 2...
Page 114: Displaying The Current Routing Policy
The choice of routing path is based only on the incoming port and the destination domain. To optimize port-based routing, DLS can be enabled to balance the load across the available output ports within a domain. Fabric OS Administrator’s Guide 53-1001763-02...
Page 115: Ap Route Policy
CAUTION Setting the routing policy is disruptive to the fabric because it requires that you disable the switch where the routing policy is being changed. Fabric OS Administrator’s Guide 53-1001763-02 Routing policies...
Page 116: Route Selection
2. Enter the dlsShow command to view the current DLS setting. One of the following messages appears: • “DLS is set” indicates that dynamic load sharing is turned on. • “DLS is not set” indicates that dynamic load sharing is turned off. Fabric OS Administrator’s Guide 53-1001763-02...
Page 117: Static Route Assignment
1 2 5 done. Removing a static route 1. Connect to the switch and log in as admin. 2. Enter the uRouteRemove command. Fabric OS Administrator’s Guide 53-1001763-02 Route selection step 3, so you are “Traffic Isolation Zoning” on page 267...
Page 118: Frame Order Delivery
3. Confirm the in-order delivery has been set by entering the iodShow command. Restoring out-of-order frame delivery across topology changes 1. Connect to the switch and log in as admin. 2. Enter the iodReset command. Fabric OS Administrator’s Guide 53-1001763-02...
Page 119: Lossless Dynamic Load Sharing On Ports
Combinations of routing policy and IOD with Lossless DLS enabled Policy Port-based Port-based Fabric OS Administrator’s Guide 53-1001763-02 Lossless Dynamic Load Sharing on ports Rebalance result with Lossless DLS enabled Disabled No frame loss, but out of order frames may occur.
Page 120: Lossless Core
Lossless DLS to be enabled Rebalance result with Lossless DLS enabled Disabled No frame loss, but out of order frames may occur. Enabled No frame loss and no out of order frames. Topology restrictions apply. Intended for FICON environment. Fabric OS Administrator’s Guide 53-1001763-02...
Page 121: Frame Redirection
Frame Redirection. RD zones exist only in the defined configuration and cannot be added to the effective configuration. Frame Redirection uses a combination of special frame redirection zones and Name Server changes to spoof the mapping of real device WWNs to Virtual PIDs. Fabric OS Administrator’s Guide 53-1001763-02 Frame Redirection “Managing Virtual...
Page 122: Creating A Frame Redirect Zone
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the cfgShow command. rdcreate command. –- rdDelete command to remove the base RD zone, "red_______base". cfgSave command to save changes to the defined configuration. Fabric OS Administrator’s Guide 53-1001763-02...
Page 123: Managing User Accounts
You cannot have Admin Domain mode and Virtual Fabrics mode enabled at the same time. For more information about Admin Domains, refer to Domains”. For more information about Virtual Fabrics, refer to refer to Fabric OS Administrator’s Guide 53-1001763-02 Chapter 15, “Managing Administrative Chapter 10, “Managing Virtual Chapter Fabrics”.
Page 124: Role-Based Access Control (Rbac)
Local switch administration Most switch (local) commands, excludes security, user management, and zoning commands. Monitoring only Nonadministrative use, such as monitoring system activity. Zone administration Zone management commands only. 10, which outlines the Fabric OS Fabric OS Administrator’s Guide 53-1001763-02...
Page 125: Table 11 Permission Types
Configuration Management Data Migration Manager Debug Diagnostics Encryption Configuration Fabric OS Administrator’s Guide 53-1001763-02 Definition Description Observe The user can run commands using options that display information only, such as running userConfig --show -a to show all users on a switch.
Page 126: Table 12 Rbac Permissions Matrix
Management Access Configuration Management Server Name Server Nx_Port Management Physical Computer System Port Mirroring RADIUS Reboot Routing—Advanced Routing—Basic Security Session Management Role permission Admin Basic Fabric Operator Security Switch Admin Admin Admin Fabric OS Administrator’s Guide Switch User Zone Admin Admin 53-1001763-02...
Page 127: The Management Channel
Maximum number of simultaneous sessions Role name Admin BasicSwitchAdmin FabricAdmin Operator SecurityAdmin SwitchAdmin User ZoneAdmin Fabric OS Administrator’s Guide 53-1001763-02 Role permission Admin Basic Fabric Operator Switch Admin Admin Table 13 shows the number of simultaneous login sessions allowed for...
Page 128: Local Database User Accounts
-a adminDomain_ID to show all accounts permitted to select the showlf -l logicalFabric_ID for each LF in an LF_ID_list, displays a list of users add command. Description Most commands have observe-modify permission. Reserved. Reserved. Most commands have observe-only permission. Fabric OS Administrator’s Guide 53-1001763-02...
Page 129: Local Account Passwords
2. Enter the passwd command specifying the name of the account for which the password is being changed. 3. Enter the requested information at the prompts. Fabric OS Administrator’s Guide 53-1001763-02 Local database user accounts delete command. Chapter 15, “Managing Administrative change command.
Page 130: Local Account Database Distribution
2. Enter the fddCfg Rejecting distributed user databases on the local switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the fddCfg localaccept PWD command. localreject PWD command. Fabric OS Administrator’s Guide 53-1001763-02...
Page 131: Password Policies
All printable, non-alphanumeric punctuation characters except the colon ( : ) are allowed. The default value is zero. The maximum value must be less than or equal to the MinLength value. Fabric OS Administrator’s Guide 53-1001763-02 Password policies “Local account database distribution”...
Page 132: Password History Policy
The password history policy is not enforced when an administrator sets a password for another user; instead, the user’s password history is preserved and the password set by the administrator is recorded in the user’s password history. Fabric OS Administrator’s Guide 53-1001763-02...
Page 133: Password Expiration Policy
Admin role. Virtual Fabric considerations: The home logical fabric context is used to validate user enforcement for the account lockout policy. Fabric OS Administrator’s Guide 53-1001763-02 Password policies...
Page 134 However these privileged accounts may then become the target of password guessing attacks. Audit logs should be examined to monitor if such attacks are attempted. change account_name -u disableadminlockout enableadminlockout command. change account_name -u command specifying the name of the user Fabric OS Administrator’s Guide 53-1001763-02...
Page 135: The Boot Prom Password
Send the following string to Customer Support for password recovery: afHTpyLsDo1Pz0Pk5GzhIw== Enter the supplied recovery password. 5. Enter the recovery password (string). Fabric OS Administrator’s Guide 53-1001763-02 Description Continues the system boot process. Lets you set the recovery string and the boot PROM password. Provides access to boot parameters.
Page 136: Setting The Boot Prom Password For A Director With A Recovery String
6. Enter the recovery password (string). on page 16. Description Continues the system boot process. Lets you set the recovery string and the boot PROM password. Provides access to boot parameters. Recovery Password: “Connecting to Fabric OS Administrator’s Guide 53-1001763-02...
Page 137: Setting The Boot Prom Password For A Switch Without A Recovery
Option Start system. Recovery password. Enter command shell. 4. Enter 3. Fabric OS Administrator’s Guide 53-1001763-02 through step 7 for the new standby CP blade (each CP blade has a separate on page 16. Description Continues the system boot process.
Page 138: Setting The Boot Prom Password For A Director Without A Recovery
16. Press escape within 4 seconds... Description Continues the system boot process. Lets you set the recovery string and the boot PROM password. Provides access to boot parameters. “Connecting to Fabric OS Fabric OS Administrator’s Guide 53-1001763-02...
Page 139: The Authentication Model Using Radius And Ldap
RADIUS or LDAP server for each user. By default, the RADIUS and LDAP services are disabled, so AAA services default to the switch’s local database. Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP through step 10...
Page 140: Table 15 Authentication Configuration Options
Authenticates management connections against any RADIUS databases first. If RADIUS fails for any reason, authenticates against the local user database. Equivalent setting in Fabric OS v5.1.0 and earlier radius switchdb supported supported Fabric OS Administrator’s Guide 53-1001763-02...
Page 141: Setting The Switch Authentication Mode
Attribute (VSA). If the response does not have a VSA role assignment, the User role is assigned. If no Administrative Domain is assigned, then the user is assigned to the default Admin Domain AD0. Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP Description Authenticates management connections against any RADIUS databases.
Page 142: Fabric Os Users On The Radius Server
1 octet, calculated by server, including vendor-type and vendor-length ASCII string Multiple octet, maximum 253, indicating the name of the assigned role and other supported attribute values such as Admin Domain member list. “RADIUS on page 104. Fabric OS Administrator’s Guide 53-1001763-02...
Page 143: Figure 13 Windows 2000 Vsa Configuration
After you have completed the dictionary file, define the role for the user in a configuration file. For example, to grant the user jsmith the Admin role, you would add the following statement to the configuration file: swladmin Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP Value Brocade 1588...
Page 144 In the next example, on a Linux FreeRadius Server, the user takes the “operator” role, with ADList 1, 2, 4, 5, 6, 7, 8, 9, 12, 20 and HomeAD 2. user-opr Auth-Type := Local, User-Password == "password" Brocade-Auth-Role = "operator", Brocade-AVPairs1 = "ADList=1,2;HomeAD=2", Brocade-AVPairs2 = "ADList=-4-8,20;ADList=7,9,12" Fabric OS Administrator’s Guide 53-1001763-02...
Page 145: The Radius Server
• Enabling clients Adding the Brocade attribute to the server 1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information: # dictionary.brocade VENDOR # attributes Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP Brocade 1588...
Page 146 Auth-Type := System Brocade-Auth-Role = "admin", Brocade-AVPairs1 = "HomeLF=70", Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128", Brocade-AVPairs3 = "ChassisRole=switchadmin", Brocade-Passwd-ExpiryDate = "11/10/2008", Brocade-Passwd-WarnPeriod = "30" string Brocade string Brocade string Brocade string Brocade string Brocade string Brocade string Brocade Fabric OS Administrator’s Guide 53-1001763-02...
Page 147 If the password is not re-entered, then CHAP authentication will not work and the user will be unable to authenticate from the switch. 3. Configuring a user Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP = Secret = Testing Switch = other “Adding a RADIUS or LDAP server to the switch configuration”...
Page 148 RSA Authentication Manager, so the RSA RADIUS server is used in conjunction with the switch to facilitate communication. To learn more about how RSA SecurID works, visit www.rsa.com for more information. IAS uses the Windows Fabric OS Administrator’s Guide 53-1001763-02...
Page 149 Add Brocade-VSA macro and define the attributes as follows: • vid (Vendor-ID): 1588 • type1 (Vendor-Type): 1 • len1 (Vendor-Length): >=2 Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP on page 110 shows what the brocade.dct file should look like and Figure 15...
Page 150: Figure 14 Example Of A Brocade Dct File
When selecting items from the Add Return List Attribute, select Brocade-Auth-Role and type the string Admin. The string will equal the role on the switch. Brocade-Auth-Role Brocade-Passwd-ExpiryDate Brocade-Passwd-WarnPeriod Example of a Brocade DCT file Example of the dictiona.dcm file Brocade-VSA(1,string) r Brocade-VSA(6,string) r Brocade-VSA(7,integer) r Fabric OS Administrator’s Guide 53-1001763-02...
Page 151: Ldap Configuration And Microsoft Active Directory
For instructions on how to create a user, refer to www.microsoft.com or Microsoft documentation to create a user in your Active Directory. Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP maprole ldap_role name switch_role command to map an LDAP server role to one of on page 84.
Page 152 If you have a user-defined group, then use the ldapCfg -–maprole ldap_role_name switch_role command to map an LDAP server role to one of the default roles available on a switch. Fabric OS Administrator’s Guide 53-1001763-02...
Page 153 To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You will need to verify that the schema has the following attributes: • Add a new attribute brcdAdVfData as Unicode String. • Add brcdAdVfData to the person’s properties. Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP...
Page 154: Authentication Servers On The Switch
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the aaaConfig When the command succeeds, the event log indicates that the server is removed. add command. authspec command to enable RADIUS or LDAP using the local remove command. Fabric OS Administrator’s Guide 53-1001763-02...
Page 155: Configuring Local Authentication As Backup
(admin and user) or any user-defined account. You must know the passwords of these accounts. When the command succeeds, the event log indicates that local database authentication is disabled or enabled. Fabric OS Administrator’s Guide 53-1001763-02 The authentication model using RADIUS and LDAP change command. move command. show command.
Page 156 The authentication model using RADIUS and LDAP Fabric OS Administrator’s Guide 53-1001763-02...
Page 157: In This Chapter
Protocol HTTPS IPsec LDAPS SNMP Fabric OS Administrator’s Guide 53-1001763-02 Table Description HTTPS is a Uniform Resource Identifier scheme used to indicate a secure HTTP connection. Web Tools supports the use of hypertext transfer protocol over secure socket layer (HTTPS).
Page 158: Secure Copy
125. Nonsecure You must use SSH because Telnet is not allowed with some features. Switch side None Switch IP certificate for SSL None None Table “Installing a switch Fabric OS Administrator’s Guide 53-1001763-02...
Page 159: Setting Up Scp For Configuploads And Downloads
For more information, refer to SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett, Ph. D., Richard E. Silverman, and Robert G. Byrnes. Fabric OS Administrator’s Guide 53-1001763-02 Enforce secure config Upload/Download (yes, y, no, n): [no] y Enforce signature validation for firmware (yes, y, no, n): [no]...
Page 160: Ssh Public Key Authentication
SSH v2 is installed and working (refer to your host’s documentation as necessary) by typing the following command: ssh-keygen -t dsa If you need to generate a key pair for outgoing authentication, skip steps 4 and 5 and proceed to step 6. Fabric OS Administrator’s Guide 53-1001763-02...
Page 161 You may need to refer to the host’s documentation to locate where the authorized keys are stored. 9. Test the setup by using a command that uses SCP and authentication, such as firmwareDownload or configUpload. Fabric OS Administrator’s Guide 53-1001763-02 Secure Shell protocol...
Page 162: Secure Sockets Layer Protocol
Java console and look at the first line of the window. For more details on levels of browser and Java support, see the Web Tools Administrator’s Guide. Chapter 7, “Configuring Security Policies”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 163: Ssl Configuration Overview
1024-bit public/private key while some may accept a 2048-bit key. Consider your fabric configuration, check CA Web sites for requirements, and gather all the information that the CA requires. Fabric OS Administrator’s Guide 53-1001763-02 SSL certificate files Description The switch certificate.
Page 164 5. Enter the requested information. You can use either FTP or SCP. Example of exporting a CSR Select protocol [ftp or scp]: ftp Enter IP address: 192.1.2.3 Enter remote directory: path_to_remote_directory Enter Login Name: your account Enter Password: your password Success: exported CSR. Fabric OS Administrator’s Guide 53-1001763-02...
Page 165: The Browser
The root certificate may already be installed on your browser, if not, you must install it. To see whether it is already installed, check the certificate store on your browser. Fabric OS Administrator’s Guide 53-1001763-02 Secure Sockets Layer protocol “Generating and storing a CSR”...
Page 166: Root Certificates For The Java Plug-In
1. Copy the root certificate file from its location on the FTP server to the Java Plug-in bin. For example, the bin location may be: C: \program files\java\j2re1.6.0\bin 2. Open a Command Prompt window and change the directory to the Java Plug-in bin. “Browser and Java support” on page 122. Fabric OS Administrator’s Guide 53-1001763-02...
Page 167: Simple Network Management Protocol
• FibreAlliance MIB trap Associated with the FibreAlliance MIB (FA-MIB), this MIB manages SAN switches and devices from any company that complies with FibreAlliance specifications. Fabric OS Administrator’s Guide 53-1001763-02 Simple Network Management Protocol changeit MD5: 71:E9:27:44:01:30:48:CC:09:4D:11:80:9D:DE:A5:E3 SHA1: 06:46:C5:A5:C8:6C:93:9C:FE:6A:C0:EC:66:E9:51:C2:DB:E6:4F:A1...
Page 168: Snmp And Virtual Fabrics
SNMP to obtain the port information only from within the current Virtual Fabrics context. Switch and Chassis context enforcement All attributes are classified into one of two categories: • Chassis-level attributes • Switch-level attributes Fabric OS Administrator’s Guide 53-1001763-02...
Page 169: The Security Level
--addrule BlockTelnet -rule 1 -sip any -dp 23 -proto tcp -act deny Fabric OS Administrator’s Guide 53-1001763-02 set seclevel command to set the security level. For more information about set command to change either the SNMPv3 or SNMPv1 configuration. You “IP Filter policy”...
Page 170: Unblocking Telnet
157 for more information on save command. show command. activate command. Action deny permit permit permit permit permit permit permit permit permit permit permit permit Action permit permit permit permit permit permit permit permit permit permit permit permit Fabric OS Administrator’s Guide 53-1001763-02...
Page 171: Listener Applications
Table 23 lists the defaults for accessing hosts, devices, switches, and zones. TABLE 23 Access defaults Hosts Fabric OS Administrator’s Guide 53-1001763-02 Table 22 lists the listener applications that Brocade switches Brocade 48000 director and Brocade DCX enterprise-class platforms Disabled...
Page 172: Port Configuration
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. HTTPS Use the ipfilter command to block the port. exec login shell This port is used by the Platform API. Fabric OS Administrator’s Guide 53-1001763-02...
Page 173: In This Chapter
1Mb. The policies are grouped by state and type. A policy can be in either of the following states: • Active, which means the policy is being enforced by the switch. • Defined, which means the policy has been set up but is not enforced. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 174: Policy Members
SCC or DCC. See the database settings and fabric-wide consistency policy. Device port WWN Switch WWN File”. “Policy database distribution” Domain ID Switch name Chapter on page 158 for more information on Fabric OS Administrator’s Guide 53-1001763-02...
Page 175: Displaying Acl Policies
Example of deleting an ACL policy switch:admin> secpolicydelete "DCC_POLICY_010" About to delete policy Finance_Policy. Are you sure (yes, y, no, n):[no] y Finance_Policy has been deleted. Fabric OS Administrator’s Guide 53-1001763-02 ACTIVE POLICY SET DEFINED POLICY SET ACL policy management...
Page 176: Adding A Member To An Existing Acl Policy
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the secPolicyAbort command. Example of aborting unsaved changes switch:admin> secpolicyabort Unsaved data has been aborted. All changes since the last time the secPolicySave or secPolicyActivate commands were entered are aborted. Fabric OS Administrator’s Guide 53-1001763-02...
Page 177: Fcs Policies
Table 27 on page 138 shows the commands for switch operations for Primary FCS enforcement. Fabric OS Administrator’s Guide 53-1001763-02 Characteristics Any switch can perform fabric-wide configuration changes. A Primary FCS switch is designated (local switch), but there are no backup FCS switches.
Page 178: Ensuring Fabric Domains Share Policies
–- userconfig, Passwd, Passwdcfg (Fabric-wide distribution is not allowed from a backup or non-FCS switch.) secPolicyActivate secPolicySave secPolicyAbort SNMP commands configupload Any local-switch commands Any AD command that does not affect fabric-wide configuration Fabric OS Administrator’s Guide 53-1001763-02...
Page 179: Modifying The Order Of Fcs Switches
FCS policy, refer to Database distributions may be initiated from only the Primary FCS switch. FCS policy configuration and management is performed using the command line or a manageability interface. Fabric OS Administrator’s Guide 53-1001763-02 swName. switch5. switch60.
Page 180: Dcc Policies
141 shows the possible DCC policy states. on page 160. State Target switch accepts distribution and fabric state change occurs. Target switch explicitly rejects the distribution and the operation fails. The entire transaction is aborted and no fabric state change occurs. Fabric OS Administrator’s Guide 53-1001763-02...
Page 181: Dcc Policy Restrictions
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the secPolicyCreate “DCC_POLICY_nnn” command. Fabric OS Administrator’s Guide 53-1001763-02 Characteristics Any device can connect to any switch port in the fabric. Any device can connect to any switch port in the fabric. An empty policy is the same as no policy.
Page 182: Deleting A Dcc Policy
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the secPolicyDelete command. Example of deleting stale DCC policies switch:admin> secpolicydelete ALL_STALE_DCC_POLICY About to clear all STALE DCC policies ARE YOU SURE (yes, y, no, n): [no] y Fabric OS Administrator’s Guide 53-1001763-02...
Page 183: Scc Policies
"SCC_POLICY", "2;4" SCC_POLICY has been created switch:admin> secpolicysave Fabric OS Administrator’s Guide 53-1001763-02 Table SCC policy enforcement All switches can connect to the switch with the specified policy. All neighboring switches are segmented. The neighboring switches not specified in the SCC policy are segmented.
Page 184: Authentication Policy For Fabric Elements
Figure 16 illustrates how the secrets are configured. A secret “Setting a secret key pair” Key database on switch Local secret B Peer secret A Switch B Fabric OS Administrator’s Guide on page 149. 53-1001763-02...
Page 185: E_Port Authentication
The following example shows how to enable a Virtual Fabric and configure the E_Ports to perform authentication using the AUTH policies authUtil command. switch:admin> fosconfig -enable vf Fabric OS Administrator’s Guide 53-1001763-02 Authentication policy for fabric elements “Setting a secret key pair” on page 149.
Page 186 Example for all E_Ports on the switch switch:admin> authutil –-authinit Example for enterprise-class platforms using the slot/port format switch:admin> authutil –-authinit This is a disruptive operation that requires a reboot to take authinit command. –- 2,3,4 allE 1/1, 1/2 Fabric OS Administrator’s Guide 53-1001763-02...
Page 187: Device Authentication Policy
The following are not supported: • Public loop devices • Single private devices • Private loop devices • Mixed public and private devices in loop • NPIV devices Fabric OS Administrator’s Guide 53-1001763-02 Authentication policy for fabric elements...
Page 188: Authentication Protocols
Example of setting the DH-CHAP authentication protocol switch:admin> authutil --set -a dhchap Authentication is set to dhchap. show. HASH TYPE GROUP TYPE sha1,md5 0, 1, 2, 3, 4 set -a command specifying fcap, dhchap, or all. Fabric OS Administrator’s Guide 53-1001763-02...
Page 189: Secret Key Pairs For Dh-Chap
To exit the loop, press Enter for the switch name; then type y. Fabric OS Administrator’s Guide 53-1001763-02 Authentication policy for fabric elements show command. Name...
Page 190: Fcap Configuration Overview
1. Choose a certificate authority (CA). 2. Generate a public, private key, passphrase and a CSR on each switch. 3. Store the CSR from each switch on a file server. 4. Obtain the certificates from the CA. Fabric OS Administrator’s Guide 53-1001763-02...
Page 191: Table 31 Fcap Certificate Files
Enter IP address: 10.1.2.3 Enter remote directory: /myHome/jdoe/OPENSSL Enter Login Name: jdoe Fabric OS Administrator’s Guide 53-1001763-02 Authentication policy for fabric elements FCAP certificate files Description The CA certificate. It must be installed on the remote and local switch to verify the validity of the switch certificate or switch validation fails.
Page 192 2. Enter the authUtil --authinit command to start the authentication using the newly imported certificates. 3. Enter the authUtil --policy -sw command and select active or on, the default is passive. This makes the changes permanent and forces the switch to request authentication. suffix):CACert.pem Fabric OS Administrator’s Guide 53-1001763-02...
Page 193: Fabric-Wide Distribution Of The Auth Policy
IPv4 or IPv6 filter. There can be a maximum of six IP Filter policies created for both types. 1. Log in to the switch using an account assigned to the admin role. 2. Enter in the ipFilter Fabric OS Administrator’s Guide 53-1001763-02 “Distributing the local ACL policies” create command. IP Filter policy...
Page 194: Cloning An Ip Filter Policy
1. Log in to the switch using an account assigned to the admin role. 2. Enter the ipFilter clone command. show subcommand displays the content in show command. –- activate instead. save command. –- activate command. –- save Fabric OS Administrator’s Guide 53-1001763-02...
Page 195: Deleting An Ip Filter Policy
Supported services Service name http rpcd securerpcd Fabric OS Administrator’s Guide 53-1001763-02 delete command. -– The protocol type. Supported types are TCP or UDP. The filtering action taken by this rule, either Permit or Deny. Table 32 lists the supported service names and their corresponding port number.
Page 196: Table 33 Implicit Ip Filter Rules
Source address Destination port Protocol 600-1023 are always assumed to be appended Action Permit Permit Table 34 lists the rules of the default IP Action Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Fabric OS Administrator’s Guide 53-1001763-02...
Page 197: Ip Filter Policy Enforcement
1. Log in to the switch using an account assigned to the admin role. 2. Enter the ipFilter Fabric OS Administrator’s Guide 53-1001763-02 addrule command. delrule command: –-...
Page 198: Ip Filter Policy Distribution
“Database distribution settings” on page 160. “Fabric-wide enforcement” “Distributing the local ACL policies” localreject. See “Policy database on page 159. “ACL policy distribution to other on page 160. Fabric OS Administrator’s Guide 53-1001763-02...
Page 199: Database Distribution Settings
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the fddcfg Example shows the database distribution settings switch:admin> fddcfg --showall Local Switch Configuration for all Databases:- Fabric OS Administrator’s Guide 53-1001763-02 Fabric-wide consistency policy Absent (default) Tolerant Database is protected, it Invalid configuration.
Page 200: Acl Policy Distribution To Other Switches
ACL policy databases are automatically distributed to other switches in the fabric. Accept/Reject accept accept accept accept AUTH accept accept localreject command. localaccept command. on page 160). “Database distribution settings” “Fabric-wide Fabric OS Administrator’s Guide 53-1001763-02...
Page 201: Table 37 Fabric-Wide Consistency Policy Settings
2. Enter the fddCfg Example shows how to set a strict SCC and tolerant DCC fabric-wide consistency policy. switch:admin> fddcfg --fabwideset "SCC:S;DCC" Fabric OS Administrator’s Guide 53-1001763-02 Value When a policy is activated null Database is not automatically distributed to other switches in the fabric.
Page 202: Notes On Joining A Switch To The Fabric
The descriptions above also apply to joining two fabrics. In this context, the joining switch becomes a joining fabric. Accept/Reject accept accept accept accept AUTH accept accept fabwideset command on either this switch or the fabric to set a matching strict –- Fabric OS Administrator’s Guide 53-1001763-02...
Page 203: Table 38 Merging Fabrics With Matching Fabric-Wide Consistency Policies
Table 39 on page 164 shows merges that are not supported. Fabric OS Administrator’s Guide 53-1001763-02 Fabric A Fabric B ACL policies ACL policies...
Page 204: Management Interface Security
Expected behavior Ports connecting switches are disabled. Expected behavior Error message logged. Run fddCfg --fabwideset “<policy_ID>” from any switch with the desired configuration to fix the conflict. The secPolicyActivate command is blocked until conflict is resolved. Fabric OS Administrator’s Guide 53-1001763-02...
Page 205: Configuration Examples
QoS solutions, traffic shaping, and firewalling applications will be unable to determine what type of packet is being transmitted and will be unable to make the decisions that they are supposed to make. Fabric OS Administrator’s Guide 53-1001763-02 Tasks”. Management interface security Chapter 2, “Performing Basic...
Page 206: Ipsec Protocols
IPsec protocols IPsec uses two different protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP), to ensure the authentication, integrity and confidentiality of the communication. Fabric OS Administrator’s Guide 53-1001763-02...
Page 207: Security Associations
In AH and ESP, hmac_md5 and hmac_sha1 are used as authentication algorithms. Only in ESP, 3des_cbc, blowfish_cbc, aes256_cbc and null_enc are used as encryption algorithms. Use Table 41 on page 168 when configuring the authentication algorithm. Fabric OS Administrator’s Guide 53-1001763-02 Management interface security...
Page 208: Ipsec Policies
FIPS-approved for use by Federal agencies. 64-bit Blowfish is a 32-bit to 448-bit keyed, symmetric block cipher. 128-bit Advanced Encryption Standard is a 128- or 256-bit fixed block size cipher. 256-bit A form of plaintext encryption. Fabric OS Administrator’s Guide 53-1001763-02...
Page 209: Ike Policies
Use the secCertUtil import command to import public key, private key and peer-public key (in X.509 PEM format) into the switch database. For more information on this procedure, refer to “Configuring Protocols”. ATTENTION The CA certificate name must have the IPSECCA.pem name. Fabric OS Administrator’s Guide 53-1001763-02 Management interface security Protocols”. Chapter 6,...
Page 210: Creating The Tunnel
168 to determine which algorithm to use in conjunction with a enable command to enable IPsec on the switch. for information on how to set up pre-shared keys add command. add command. add command. Fabric OS Administrator’s Guide 53-1001763-02...
Page 211 • Use the ipSecConfig the created SAs in the kernel SADB. Fabric OS Administrator’s Guide 53-1001763-02 Management interface security show manual-sa –a command with the operands specified to -– show policy ips sa -a command with the specified operands to –-...
Page 212: Example Of An End-To-End Transport Tunnel Mode
--add policy ips selector \ -t SELECTOR-OUT -d out -l 10.33.74.13 -r 10.33.69.132 \ -transform TRANSFORM01 switch:admin> ipsecconfig --add policy ips selector \ enable command to enable IPsec on the switch. on page 125. “Installing a switch Fabric OS Administrator’s Guide 53-1001763-02...
Page 213 Use the ipSecConfig –-flush manual-sa command with the specified operands to flush the created SAs in the kernel SADB. CAUTION Flushing SAs requires IPsec to be disabled and re-enabled. This operation is disruptive to traffic on the tunnel. Fabric OS Administrator’s Guide 53-1001763-02 Management interface security...
Page 214 Management interface security Fabric OS Administrator’s Guide 53-1001763-02...
Page 215: Maintaining The Switch Configuration File
Issue the configUpload -all command to upload an ASCII text file from the switch or switch module. You can open the text file with a text file editor to view the configuration information of the switch. Fabric OS Administrator’s Guide 53-1001763-02 Chapter 15, “Managing Administrative Chapter...
Page 216: Configuration File Format
Virtual Fabric mode disabled. Uploads only the chassis section of the system configuration file. on page 184 to restore the logical switches. 2 21:28:52 2009 2 21:28:52 2009 “Configuration management Fabric OS Administrator’s Guide 53-1001763-02...
Page 217 SwitchName = switch_2 Fabric ID = 1 [Boot Parameters] [Configuration] [Bottleneck Configuration] [Zoning] [Defined Security policies] [Active Security policies] [iSCSI] [cryptoDev] [FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 1] Fabric OS Administrator’s Guide 53-1001763-02 2 21:28:52 2009 Configuration settings...
Page 218: Configuration File Backup
You should keep individual backup files for all switches in the fabric and avoid copying configurations from one switch to another. The configUpload command, by default, only uploads the switch context configuration for the logical switch context in which the command is executed. all command. The Fabric OS Administrator’s Guide 53-1001763-02...
Page 219: Uploading A Configuration File In Interactive Mode
Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [<home dir>/config.txt]: /pub/configurations/config.txt Password: <hidden> configUpload complete: Only zoning parameters are uploaded from ad5. Fabric OS Administrator’s Guide 53-1001763-02 Configuration file backup all command to include both the all command can be...
Page 220: Configuration File Restoration
The number of switches defined in the downloaded config file must match the number of switches currently defined on the switch. The FID must be defined in both the downloaded configuration file and the current system. the downloaded configuration file. Fabric OS Administrator’s Guide 53-1001763-02...
Page 221: Table 42 Cli Commands To Display Or Modify Switch Configuration Information
Fabric OS Administrator’s Guide 53-1001763-02 The number of switches or FIDs defined in the downloaded configuration file must match the number of switches or FIDs currently defined on the switch. The switches must be disabled, if necessary (refer to without disabling a switch”...
Page 222: Configuration Download Without Disabling A Switch
Before the reboot, this type of parameter is listed in the configuration file, but it is not effective until after the reboot. Fabric OS Administrator’s Guide 53-1001763-02...
Page 223 Only zoning parameters are downloaded to ad5. Example of a non-interactive download of all configurations (chassis + switches) configdownload -a -ftp 10.1.2.3,UserFoo,config.txt,password Fabric OS Administrator’s Guide 53-1001763-02 *** CAUTION *** If using a file settings will Downloading a configuration...
Page 224: Configurations Across A Fabric
The Virtual Fabric configuration on the switch defines all of the logical switches allowed and configured for a particular platform. on page 178 for more information. on page 180 for more information. Chapter 6, “Configuring “Configuration “Configuration file Protocols”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 225: Uploading A Configuration File From A Switch With Virtual Fabrics
Virtual Fabric configuration file is then propagated to the standby CP. CAUTION You must perform the configDownload command on the switch after restoring the Virtual Fabric configuration to fully restore your switch or chassis configuration. Fabric OS Administrator’s Guide 53-1001763-02 Configuration management for Virtual Fabrics...
Page 226: Restrictions
Fabrics feature is enabled or disabled, and the F_Port trunking ports, except the LISL ports. The LISL ports on the system are not affected by the Virtual Fabric configuration file download. *** CAUTION *** Afterwards, the switch will be automatically rebooted You will then need to Fabric OS Administrator’s Guide 53-1001763-02...
Page 227: Brocade Configuration Form
Total number of local devices (nsShow) Total number of devices in fabric (nsAllShow) Total number of switches in the fabric (fabricShow) Fabric OS Administrator’s Guide 53-1001763-02 Table 43 as a hard copy reference for your configuration information. Brocade configuration form...
Page 228 Brocade configuration form Fabric OS Administrator’s Guide 53-1001763-02...
Page 229: Installing And Maintaining Firmware
The difference in the download process is that directors have two CPs and nonchassis-based systems have one CP. Use the firmwareDownload command to download the firmware from either an FTP or SSH server by using either the FTP or SCP protocol to the switch. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 230: Upgrading And Downgrading Firmware
Upgrading and downgrading firmware Upgrading means installing a newer version of firmware. Downgrading means installing an older version of firmware. Fabric OS Administrator’s Guide 53-1001763-02...
Page 231: Considerations For Ficon Cup Environments
Active CP Fabric OS version v6.2.0 v6.2.x v6.3.0 v6.3.0 v6.3.0 v6.4.0 v6.4.0 Fabric OS Administrator’s Guide 53-1001763-02 Firmware download process overview for more information. “Test and restore firmware on enterprise-class Standby CP Fabric OS HA sync state version v6.2.0 inSync v6.3.0 inSync v6.2.x...
Page 232: Preparing For A Firmware Download
“Test and restore firmware on switches” on page 204. This procedure is not necessary “Configuration file backup” on page 178 for details. to view end-of-life policies for Brocade products. Navigate to the on page 203 and “Test Fabric OS Administrator’s Guide 53-1001763-02...
Page 233: Finding The Switch Firmware Version
7500E, 7600, 7800, 8000, and VA-40FC switches maintain primary and secondary partitions for firmware. The firmwareDownload command defaults to an autocommit option that automatically copies the firmware from one partition to the other. Fabric OS Administrator’s Guide 53-1001763-02 Firmware download on switches...
Page 234: Switch Firmware Download Process Overview
Do not disconnect the switch from power during the process because the switch could become inoperable when rebooted. “Test and restore firmware on switches” on page 204 for details about overriding the Fabric OS Administrator’s Guide “Test and 53-1001763-02...
Page 235 Trying address-->AF_INET IP: 10.1.2.3, flags : 2 System settings check passed. You can run firmwaredownloadstatus to get the status of this command. Fabric OS Administrator’s Guide 53-1001763-02 Firmware download on switches http://www.brocade.com on page 192 for details. and store the...
Page 236: Firmware Download On An Enterprise-Class Platform
4. The active CP blade forces a failover and reboots to become the standby CP blade. 5. The new active CP blade synchronizes its state with the new standby CP blade. “Test and restore firmware on switches” Fabric OS Administrator’s Guide 53-1001763-02...
Page 237 Enter the haShow command to confirm that the two CP blades are synchronized. In the following example, the active CP blade is CP0 and the standby CP blade is CP1: Fabric OS Administrator’s Guide 53-1001763-02 Firmware download on an enterprise-class platform http://www.brocade.com...
Page 238 This command will cause a warm/non-disruptive boot on the active CP, but will require that existing telnet, secure telnet or SSH sessions be restarted. Versions v6.4.0 v6.4.0 v6.4.0 v6.4.0 Traffic Disrupted GigE Virtualization None None Fabric OS Administrator’s Guide 53-1001763-02...
Page 239 11. Enter the firmwareShow command to display the new firmware versions. Following is an example of firmwareShow output on the Brocade 48000 director. switch:admin> firmwareshow Slot Name ----------------------------------------------------------- FA4-18 7 FA4-18 Local CP Fabric OS Administrator’s Guide 53-1001763-02 Firmware download on an enterprise-class platform Appl Primary/Secondary Versions v6.4.0 v6.4.0 v3.3.0 v3.3.0 v3.3.0 v3.3.0...
Page 240: Firmware Download From A Usb Device
2. Enter the firmwareDownload command with the -U operand. ecp:admin>firmwaredownload –U /usb/usbstorage/brocade/firmware/v6.4.0 (upper case) 381MB 2010 Mar 28 15:33 381MB 2010 Mar 28 10:39 2010 Mar 28 15:33 2010 Mar 28 15:33 2010 Mar 28 15:33 is specified, the Fabric OS Administrator’s Guide 53-1001763-02...
Page 241: Fips Support
The firmwareDownload Command As mentioned previously, the public key file will need to be packaged, installed, and run on your switch before downloading a signed firmware. Fabric OS Administrator’s Guide 53-1001763-02 Policies”. Chapter 7, “Configuring Security FIPS Support Chapter 7,...
Page 242: Power-On Firmware Checksum Test
Enforce secure config Upload/Download: Select yes Enforce signed firmware download: Select yes Default is no; press Enter to select default setting. Default is no; press Enter to select default setting. Chapter 7, “Configuring Security Policies”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 243: Test And Restore Firmware On Switches
Connect to the switch, log in as admin, and enter the firmwareShow command to confirm that the primary partition of the switch contains the new firmware. You are now ready to evaluate the new version of firmware. Fabric OS Administrator’s Guide 53-1001763-02 Test and restore firmware on switches http://www.brocade.com or switch...
Page 244: Test And Restore Firmware On Enterprise-Class Platforms
As a standard practice, you should not run mixed firmware levels on CPs. step 8 to commit the firmware on the switch, which completes the firmware step 8, then you have committed the firmware on the switch and step 9; otherwise, Fabric OS Administrator’s Guide 53-1001763-02...
Page 245 CP, and subsequent steps will ensure that the standby CP is updated to the same version as the active CP. Fabric OS Administrator’s Guide 53-1001763-02 Test and restore firmware on enterprise-class platforms “Enterprise-class platform firmware download process overview”...
Page 246 13. Perform haFailover on the active CP. step 10 to commit the firmware on both CPs, which completes the firmware step 11, then you have committed the firmware on both CPs and step 12; otherwise, Fabric OS Administrator’s Guide 53-1001763-02...
Page 247: Validating A Firmware Download
If there is a discrepancy, it is possible that a device or switch cannot connect to the fabric and further troubleshooting is necessary. firmwareShow Fabric OS Administrator’s Guide 53-1001763-02 Validating a firmware download on page 203. Note, however, that upgrading an Displays the current firmware level on the switch. For Brocade directors, this command displays the firmware loaded on both partitions (primary and secondary) for both CPs and AP blades.
Page 248 Displays all switches in a fabric. Make sure the number of switches in the fabric after the firmware download is exactly the same as the number of attached devices prior to the firmware download. Status ACTIVE * STANDBY Fabric OS Administrator’s Guide 53-1001763-02...
Page 249: In This Chapter
Virtual Fabrics is a suite of related features that can be customized based on your needs. The Virtual Fabrics suite consists of the following specific features: • Logical switch • Logical fabric • Device sharing Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 250: Logical Switch Overview
In this example, the switch has 10 ports, labeled P0 through P9. “FC-FC Routing and Virtual Fabrics” on page 220. on page 492. “Supported platforms for Figure 20 Fabric OS Administrator’s Guide 53-1001763-02...
Page 251: Figure 20 Switch Before And After Enabling Virtual Fabrics
Before logical switch creation Physical chassis Default logical switch FIGURE 21 Switch before and after creating logical switches Fabric OS Administrator’s Guide 53-1001763-02 Physical chassis Logical switch overview After enabling Virtual Fabrics Physical chassis Default logical switch After logical switch creation...
Page 252: Logical Switches And Fabric Ids
Physical chassis Logical switch 1 (Default logical switch) (FID = 128) Logical switch 2 (FID = 1) Logical switch 3 (FID = 15) Logical switch 4 (FID = 8) Logical switch 5 (FID = 20) Fabric OS Administrator’s Guide 53-1001763-02...
Page 253: Logical Switches And Connected Devices
D1. H1 and D1 cannot communicate with each other because they are in different fabrics, even though they are both connected to the same physical chassis. Fabric OS Administrator’s Guide 53-1001763-02 Figure on page 220 for detailed information about these ports.
Page 254: Logical Fabric Overview
492. Figure 25 are logical fabrics because they each have at least one logical switch. Figure 24, P6 is an E_Port that forms an Switch Figure 24. As Switch 4 Fabric 8 “FC-FC Figure Fabric OS Administrator’s Guide 53-1001763-02...
Page 255: Logical Fabric And Isls
In cannot communicate with each other because they have no ISLs between them and they cannot use the ISLs between the other logical switches. Fabric OS Administrator’s Guide 53-1001763-02 Fabric ID 128 Fabric ID 1 Logical switch 3...
Page 256: Logical Fabric And Isl Sharing
XISL Base switch Fabric ID 8 Physical chassis 2 Logical switch 5 (Default logical switch) Fabric ID 128 Logical switch 6 Fabric ID 1 Logical switch 7 Fabric ID 15 Base switch Fabric ID 8 Fabric OS Administrator’s Guide 53-1001763-02...
Page 257: Figure 29 Logical Isls Connecting Logical Switches
218. In this diagram, traffic between the logical switches in fabric 1 can travel over either the ISL or the XISL. Traffic between the other logical switches travels only over the XISL. Fabric OS Administrator’s Guide 53-1001763-02 Physical chassis 1 Logical switch 1...
Page 258: Figure 30 Logical Fabric Using Isls And Xisls
30, logical ISLs are formed to connect logical switches. A logical port represents Physical chassis 2 Logical switch 5 (Default logical switch) Fabric ID 128 Logical switch 6 Fabric ID 1 Logical switch 7 Fabric ID 15 Base switch Fabric ID 8 Fabric OS Administrator’s Guide 53-1001763-02...
Page 259: Management Model For Logical Switches
RBAC rules. If you have permission to execute chassis-level commands, you can do so, regardless of which logical switch context you are in. Fabric OS Administrator’s Guide 53-1001763-02 Management model for logical switches...
Page 260: Account Management And Virtual Fabrics
The default logical switch can use XISLs. • The default logical switch can also be a base logical switch. “Changing the context to a different logical fabric” on page 83 for information about creating user accounts and Fabric OS Administrator’s Guide 53-1001763-02...
Page 261: Virtual Fabrics Interaction With Other Fabric Os Features
Fabric OS features and considerations that apply when using Virtual Fabrics. Fabric OS Administrator’s Guide 53-1001763-02 Supported platforms for Virtual Fabrics on page 221 lists the blades and ports that are supported on each type of...
Page 262: Limitations And Restrictions Of Virtual Fabrics
Zones with Virtual Fabrics. Maximum number of logical switches on page 352 for Chapter 8, “Maintaining the Switch for more information about Virtual for more Chapter 18, “Optimizing Fabric for additional information about using TI Fabric OS Administrator’s Guide 53-1001763-02...
Page 263: Restrictions On Moving Ports
NOTE When you enable VF mode, the CPs are rebooted and all EX_Ports are disabled after the reboot. Fabric OS Administrator’s Guide 53-1001763-02 Enabling Virtual Fabrics mode Maximum number of logical switches on page 232. XISL use is not permitted in any of the...
Page 264: Disabling Virtual Fabrics Mode
Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform This is a disruptive operation that requires a reboot to take “Deleting a logical switch” Fabric OS Administrator’s Guide 53-1001763-02...
Page 265: Configuring Logical Switches To Use Basic Configuration Values
After creating the logical switch, you must disable the switch to configure it and set the domain ID. Then you assign ports to the logical switch. Fabric OS Administrator’s Guide 53-1001763-02 Configuring logical switches to use basic configuration values disabled...
Page 266 Use Control-C to exit or press 'Enter' key to proceed. Password was not changed. Will prompt again at next login until password is changed. switch_4:FID4:admin> switchdisable switch_4:FID4:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] y “Adding and removing ports on a logical Fabric OS Administrator’s Guide 53-1001763-02...
Page 267: Executing A Command In A Different Logical Fabric Context
Index Port Address Media Speed State ============================================== Example 2: Executing the fabricShow command on all logical switches sw0:FID128:admin> fosexec --fid all -c "fabricshow" Fabric OS Administrator’s Guide 53-1001763-02 Executing a command in a different logical fabric context switch_4 66.1 Online...
Page 268: Deleting A Logical Switch
Enet IP Addr Worldwide Name Enet IP Addr Worldwide Name Enet IP Addr FC IP Addr Name 0.0.0.0 >"sw0" FC IP Addr Name 0.0.0.0 >"switch_4" FC IP Addr Name 0.0.0.0 >"switch_5" “Adding and removing ports on a Fabric OS Administrator’s Guide 53-1001763-02...
Page 269: Adding And Removing Ports On A Logical Switch
Would you like to continue [y/n]?: y Making this configuration change. Configuration change successful. Please enable your ports/switch when you are ready to continue. Fabric OS Administrator’s Guide 53-1001763-02 Adding and removing ports on a logical switch “Supported platforms for Virtual Fabrics” Please wait...
Page 270: Displaying Logical Switch Configuration
5 | 128 | 4 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | Fabric OS Administrator’s Guide 53-1001763-02...
Page 271: Changing A Logical Switch To A Base Switch
FC Router: Allow XISL Use: ON LS Attributes: Index Port Address Media Speed State ============================================== Fabric OS Administrator’s Guide 53-1001763-02 Changing a logical switch to a base switch switch_25 66.1 Online Native Principal fffc1e 10:00:00:05:1e:82:3c:2c [FID: 7, Base Switch: No, Default Switch: No, Address Mode 0]...
Page 272: Setting Up Ip Addresses For A Virtual Fabric
When you create a logical switch, by default it is configured to use XISLs. Use the following procedure to allow or disallow the logical switch to use XISLs in the base fabric. 1e1300 No_Module 1e1400 No_Module Fabric OS Administrator’s Guide 53-1001763-02...
Page 273: Changing The Context To A Different Logical Fabric
ID of the logical switch you want to switch to and manage. Example In this example, notice that the prompt changes when you change to a different logical fabric. sw0:FID128:admin> setcontext 4 switch_4:FID4:admin> Fabric OS Administrator’s Guide 53-1001763-02 Changing the context to a different logical fabric...
Page 274: Creating A Logical Fabric Using Xisls
Logical switch 7 Fabric ID 15 Base switch Fabric ID 8 “Enabling Virtual Fabrics on page 225 for instructions on creating a “Adding and removing ports on a logical “Creating a logical switch or base switch” Fabric OS Administrator’s Guide 53-1001763-02...
Page 275 The switchShow command displays logical ports as E_Ports, with -1 for the slot and the user port number for the slot port. Fabric OS Administrator’s Guide 53-1001763-02 Figure 31, you would create a logical switch with FID 1 and a on page 229.
Page 276 Creating a logical fabric using XISLs Fabric OS Administrator’s Guide 53-1001763-02...
Page 277: Administering Advanced Zoning
See Redirection” • LSAN zones Provide device connectivity between fabrics without merging the fabrics. See configuration” Fabric OS Administrator’s Guide 53-1001763-02 on page 81 for more information. on page 477 for more information. Chapter “Broadcast zones” “Frame “LSAN zone...
Page 278: Zoning Overview
The Loop 2 JBODs are not assigned to a zone; no other zoned fabric device can access them. on page 403 for more information. Chapter 14, “Interoperability for Merged “QoS: “Traffic Isolation SANs”. Figure 32 Fabric OS Administrator’s Guide 53-1001763-02...
Page 279: Zone Types
Host-based Fabric-based Table 49 on page 240 lists the various approaches you can take when implementing zoning in a fabric. Fabric OS Administrator’s Guide 53-1001763-02 Loop 2 Server2 Fibre Channel Fabric Loop 1 Description Storage units typically implement LUN-based zoning, also called LUN masking. LUN-based zoning limits access to the LUNs on the storage port to the specific WWN of the server HBA.
Page 280: Zone Objects
Additionally, any device attached to the fabric, intentionally or maliciously, likewise has unrestricted access to the fabric. This form of zoning should be utilized only in a small and tightly controlled environment, such as when host-based zoning or LUN masking is deployed. Fabric OS Administrator’s Guide 53-1001763-02...
Page 281: Zone Aliases
If other configurations are used for specialized purposes, names such as “BACKUP_A,” “RECOVERY_2,” and “TEST_18jun02” can be used. Fabric OS Administrator’s Guide 53-1001763-02 Zoning overview...
Page 282: Zone Configurations
Frame-based hardware enforcement is in effect, on a per-zone basis, if all members of a zone are identified the same way, either using WWNs or domain,index notation, with no overlapping zones. “Default zoning mode” on page 252). This does Fabric OS Administrator’s Guide 53-1001763-02...
Page 283: Considerations For Zoning Architecture
For a large fabric, you should wait several minutes between commands. Fabric OS Administrator’s Guide 53-1001763-02 Description If security is a priority, frame-based hardware enforcement is recommended.
Page 284: Best Practices For Zoning
Broadcast packets are forwarded to all the ports that are part of the broadcast zone for any Admin Domain, have membership in that Admin Domain, and are zoned together (in a regular zone) with the sender of the broadcast frame. “Zone creation and maintenance” Fabric OS Administrator’s Guide on page 249. 53-1001763-02...
Page 285: Broadcast Zones And Fc-Fc Routing
IP device that exists in the edge or backbone fabric as well as the proxy device in the remote fabric. See for information about proxy devices and the FC router. Fabric OS Administrator’s Guide 53-1001763-02 "1,1" "2,1" "1,1"...
Page 286: High Availability Considerations With Broadcast Zones
1. Connect to the switch and log in as admin. 2. Enter the aliCreate command, using the following syntax: alicreate "aliasname", "member[; member...]" on page 252 for additional information about default zoning. “New switch or fabric additions” on page 261. Fabric OS Administrator’s Guide 53-1001763-02...
Page 287: Adding Members To An Alias
If a transaction is open on a different switch in the fabric when this command is run, the transaction on the other switch is automatically aborted. A message displays on the other switches to indicate that the transaction was aborted. Fabric OS Administrator’s Guide 53-1001763-02 Zone aliases...
Page 288: Deleting An Alias
If no parameters are specified, the entire zone database (both the defined and effective configuration) is displayed. Example The following example shows all zone aliases beginning with “arr”. switch:admin> alishow "arr*" alias: array1 alias: array2 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:66:23 Fabric OS Administrator’s Guide 53-1001763-02...
Page 289: Zone Creation And Maintenance
"greenzone", "1,2" switch:admin> zoneadd "bluezone", "21:00:00:20:37:0c:72:51" switch:admin> zoneadd "broadcast", "1,3" switch:admin> cfgsave You are about to save the Defined zoning configuration. This Fabric OS Administrator’s Guide 53-1001763-02 Zone creation and maintenance “Broadcast zones” on page 244 for additional information about this...
Page 290: Removing Devices (Members) From A Zone
Defined configuration. Any changes made on the Effective configuration will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Fabric OS Administrator’s Guide 53-1001763-02...
Page 291: Viewing A Zone In The Defined Configuration
------------------------------------ ~ - Invalid configuration * - Member does not exist Fabric OS Administrator’s Guide 53-1001763-02 validate command to list all zone members that are not part of the current cfg1 zone1 cfg2 zone1; zone2 zone1 1,1;...
Page 292: Default Zoning Mode
2. Enter the cfgActvShow command to view the current zone configuration. 3. Enter the defZone command with one of the following options: defzone --noaccess defzone --allaccess This command initiates a transaction (if one is not already in progress). Fabric OS Administrator’s Guide 53-1001763-02...
Page 293: Viewing The Current Default Zone Access Mode
Number of bytes for each item name. The number of bytes required for an item name depends on the specifics of the fabric, but cannot exceed 64 bytes for each item. Fabric OS Administrator’s Guide 53-1001763-02 show command. Zoning database size...
Page 294: Creating A Zoning Configuration
1. Connect to the switch and log in as admin. 2. Enter the cfgAdd command, using the following syntax: cfgadd "cfgname", "member[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration. “Zoning database size” on page 253. Fabric OS Administrator’s Guide 53-1001763-02...
Page 295: Removing Zones (Members) From A Zone Configuration
3. Enter y at the prompt. Example switch:admin> cfgenable "USA_cfg" You are about to enable a new zoning configuration. This action will replace the old zoning configuration with the current configuration selected. If the update includes changes Fabric OS Administrator’s Guide 53-1001763-02 Zoning configurations...
Page 296: Disabling A Zone Configuration
You are about to save the Defined zoning configuration. This action will only save the changes on the Defined configuration. (yes, y, no, n): [no] y “Default zoning mode” on page 252 for Fabric OS Administrator’s Guide 53-1001763-02...
Page 297: Clearing Changes To A Configuration
Effective configuration: cfg: zone: 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 21:00:00:20:37:0c:76:22 21:00:00:20:37:0c:76:28 zone: 21:00:00:20:37:0c:76:85 21:00:00:20:37:0c:71:df Fabric OS Administrator’s Guide 53-1001763-02 USA1 Blue_zone USA_cfg Purple_zone; Blue_zone Blue_zone Purple_zone 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df USA_cfg Blue_zone Purple_zone Zoning configurations...
Page 298: Viewing Selected Zone Configuration Information
If no effective zoning configuration exists, enter the cfgSave command. • If an effective zoning configuration exists, enter the cfgDisable command to disable and clear the zone configuration in nonvolatile memory for all switches in the fabric. NEW_cfg Blue_zone Purple_zone Fabric OS Administrator’s Guide 53-1001763-02...
Page 299: Zone Object Maintenance
USA_cfg Purple_zone; White_zone; Blue_zone zone: Blue_zone 1,1; array1; 1,2; array2 zone: Purple_zone 1,0; loop1 zone: White_zone 1,3; 1,4 Fabric OS Administrator’s Guide 53-1001763-02 copy command, specifying the zone objects you want to copy, along with the US_Test1 Blue_zone Zone object maintenance...
Page 300: Renaming A Zone Object
3. Enter the zoneObjectRename command to rename zone configuration objects. Note that zone configuration names are case-sensitive; blank spaces are ignored and it works in any Admin Domain other than AD255. switch:admin> zoneObjectRename "White_zone", "Purple_zone" expunge command to delete the zone object. Zone configuration names are Fabric OS Administrator’s Guide 53-1001763-02...
Page 301: Zoning Configuration Management
The fabric is checked for segmentation during power-up or when a switch is disabled or enabled, or when a new switch is added. Fabric OS Administrator’s Guide 53-1001763-02 Zoning configuration management “Configuration file backup” on page 180, or the configUpload and configDownload commands “Viewing the configuration in the effective zone database”...
Page 302 Fabric OS Command Reference for detailed information about these commands. If the fabrics have different zone configuration data, the system attempts to merge the two sets of zone configuration data. If the zones cannot merge, the ISL will be segmented. Fabric OS Administrator’s Guide 53-1001763-02...
Page 303: Fabric Segmentation And Zoning
Telnet or Advanced Web Tools. You can alter a zoning database, provided you are connected to the primary FCS switch. Fabric OS Administrator’s Guide 53-1001763-02 is different from cfg1 = z1; z2 cfg1 = z2; z1...
Page 304: Zone Merging Scenarios
Clean merge, with cfg1 as the effective configuration. Clean merge. The new configuration will be a composite of the two. defined: cfg1 zone1: ali1; ali2 cfg2: zone2: ali3; ali4 effective: none Fabric OS Administrator’s Guide 53-1001763-02...
Page 305 Switch B is running Fabric OS v6.4.0 or later. Switch A has Enhanced TI zones. Switch B is running a Fabric OS version earlier than v6.4.0. Fabric OS Administrator’s Guide 53-1001763-02 Switch A Switch B defined: cfg2 defined: cfg1 zone2: ali3; ali4 zone1: ali1;...
Page 306: Table 51 Zone Merging Scenarios
Clean merge — effective zone configuration from Switch B propagates to fabric. Fabric segments because Switch A has a hidden zone configuration (no access) activated and Switch B has an explicit zone configuration activated. Fabric OS Administrator’s Guide 53-1001763-02...
Page 307: Traffic Isolation Zoning
E_Ports that have been included in the zone. The fabric also attempts to exclude traffic not in the TI zone from using E_Ports within that TI zone. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 308: Ti Zone Failover
“1,7”, “1,8”, “4,5”, and “4,6” “1,1”, “3,9”, “3,12”, and “4,7” Domain 1 = Dedicated Path = Ports in the TI zone “Additional considerations when disabling failover” Domain 3 Domain 4 on page 269 for additional Fabric OS Administrator’s Guide 53-1001763-02...
Page 309: Table 52 Comparison Of Traffic Behavior When Failover Is Enabled Or Disabled In Ti Zones
• It is recommended that TI zone definitions and regular zone definitions match. Fabric OS Administrator’s Guide 53-1001763-02 Figure 34 on page 268, if the dedicated ISL between Domain 1 and Domain 3 goes on page 268.
Page 310: Fspf Routing Rules And Traffic Isolation
Domain 2 Figure 35, if failover is disabled, Domain 2 cannot send domain controller Figure 35, the initiator and target on Domain 1 are not in the same TI zone. If Domain 3 Domain 4 Fabric OS Administrator’s Guide 53-1001763-02...
Page 311: Figure 36 Dedicated Path Is The Only Shortest Path
For information about setting or displaying the FSPF cost of a path, see the linkCost and topologyShow commands in the Fabric OS Command Reference. Fabric OS Administrator’s Guide 53-1001763-02 Figure 36, there is a dedicated path between Domain 1 and Domain 3, and...
Page 312: Enhanced Ti Zones
(3,6) and (3,7), so one port will be chosen. If (3,7) is chosen, frames destined for (1,1) will be dropped at Domain 1. Domain 1 Domain 3 Domain 2 Target = ETIZ 1 = ETIZ 2 Fabric OS Administrator’s Guide 53-1001763-02...
Page 313: Traffic Isolation Zoning Over Fc Routers
TI zones form a dedicated path between devices in different edge fabrics. The backbone fabric can contain one or more FC routers. Fabric OS Administrator’s Guide 53-1001763-02 Traffic Isolation Zoning over FC routers Domain 1 Domain 3...
Page 314: Ti Within An Edge Fabric
Domain 1 E_Ports EX_Ports = Dedicated Path = Ports in the TI zone Edge fabric 2 41, you can set up a TI zone to ensure that Front Domain 3 Proxy Target Xlate Domain 4 Fabric OS Administrator’s Guide 53-1001763-02...
Page 315: Ti Within A Backbone Fabric
WWNs should be used only in TI zones within a backbone fabric and should not be used in other TI zones. Fabric OS Administrator’s Guide 53-1001763-02 Traffic Isolation Zoning over FC routers Figure 41 (E_Port for the front phantom domain)
Page 316: Limitations Of Ti Zones Over Fc Routers
(EX_Port for FC router 1) (VE_Port for FC router 1) (VE_Port for FC router 2) (EX_Port for FC router 2) (Port WWN for the host) (Port WWN for target 1) (Port WWN for target 2) Figure 42 are: Fabric OS Administrator’s Guide 53-1001763-02...
Page 317: Supported Configurations For Traffic Isolation Zoning
Fabric OS v6.0.0. However, the existence of a TI zone in such a fabric is backward-compatible and does not disrupt fabric operation in switches running earlier firmware versions. Fabric OS Administrator’s Guide 53-1001763-02 Supported configurations for Traffic Isolation Zoning Figure 43, the TI zone was configured incorrectly and E_Port “3,9”...
Page 318: Additional Configuration Rules For Enhanced Ti Zones
TI zones in a backbone fabric. • To include a trunk group in a TI zone, you must include all ports of the trunk in the TI zone. “Traffic Isolation Zoning over FC routers” Fabric OS Administrator’s Guide 53-1001763-02...
Page 319: Admin Domain Considerations For Traffic Isolation Zoning
XISL. dedicated path, you must create a TI zone in the logical fabric (FID 1) and one in the base fabric. Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain considerations for Traffic Isolation Zoning (Figure 44 shows only physical ISLs, not logical ISLs.) To create the TI zones for this...
Page 320: Figure 44 Dedicated Path With Virtual Fabrics
= Ports in the TI zones Domain 9 LS1, FID1 Domain 5 LS2, FID3 Domain 6 Base switch Domain 2 Figure 44. To create the dedicated path, you Figure Domain 5 Domain 9 Domain 2 Fabric OS Administrator’s Guide 53-1001763-02 Target Chassis 2 Target...
Page 321: Traffic Isolation Zoning Over Fc Routers With Virtual Fabrics
“Traffic Isolation Zoning over FC routers” Fabric OS Administrator’s Guide 53-1001763-02 Traffic Isolation Zoning over FC routers with Virtual Fabrics LS3, FID1 Domain 3 Base switch Domain 1...
Page 322: Creating A Ti Zone
“Creating a TI zone in a base fabric” on page 268 for information about disabling failover mode. “Creating a TI zone in a base fabric” create command: Edge fabric Fabric 3 on page 284. “Modifying TI on page 284. Fabric OS Administrator’s Guide 53-1001763-02...
Page 323 Do you want to enable 'USA_cfg' configuration (yes, y, no, n): [no] y zone config "USA_cfg" is in effect Updating flash ... Fabric OS Administrator’s Guide 53-1001763-02 on page 268 for information about disabling failover mode. Creating a TI zone “TI zone...
Page 324: Creating A Ti Zone In A Base Fabric
TI zones. If you remove the add command to add ports or change the failover option for an existing remove command to remove ports from an existing TI zone. Figure 46 on page 280: “TI zone failover” on page 268 Fabric OS Administrator’s Guide 53-1001763-02...
Page 325: Changing The State Of A Ti Zone
To change the state of the existing TI zone greenzone to deactivated, type: switch:admin> zone --deactivate greenzone Remember that your changes are not enforced until you enter the cfgEnable command. Fabric OS Administrator’s Guide 53-1001763-02 Changing the state of a TI zone “TI zone failover” activate command.
Page 326: Deleting A Ti Zone
TI zone from the defined configuration. This command “Modifying TI zones” delete command. show command to display information about TI zones. This command displays the show command. redzone: 1,2; 1,3; 3,3; 4,5 on page 284. Fabric OS Administrator’s Guide remove 53-1001763-02...
Page 327: Setting Up Ti Over Fcr (Sample Procedure)
Target 2 has port WWN 10:00:00:00:00:03:00:00 Host 1 Edge fabric 1 Domain ID = 4 FIGURE 49 TI over FCR example Fabric OS Administrator’s Guide 53-1001763-02 Setting up TI over FCR (sample procedure) bluezone: 8,3; 8,5; 9,2; 9,3; greenzone: 2,2; 3,3; 4,11; 5,3; purplezone: 1,2;...
Page 328 TI_Zone1 4,8; 4,5; 1,-1; 6,-1 Failover: Enabled cfg_TI lsan_t_i_TI_Zone1 10:00:00:00:00:00:02:00:00 10:00:00:00:00:00:03:00:00 10:00:00:00:00:00:08:00:00 Chapter 21, “Using the FC-FC Routing Service,” FC IP Addr Name 0.0.0.0 "fcr_fd_1" 0.0.0.0 >"E1switch" 0.0.0.0 "fcr_xd_6_9" (yes, y, no, n): [no] y Fabric OS Administrator’s Guide 53-1001763-02...
Page 329 10:00:00:00:00:08:00:00; 10:00:00:00:00:02:00:00; 10:00:00:00:00:03:00:00" BB_DCX_1:admin> zone --show Defined TI zone configuration: TI Zone Name: Port List: 10:00:00:00:00:02:00:00; 10:00:00:00:00:03:00:00 Status: Activated Fabric OS Administrator’s Guide 53-1001763-02 Setting up TI over FCR (sample procedure) Worldwide Name Enet IP Addr 0.0.0.0 0.0.0.0 10.32.72.9 TI_Zone1 9,2;...
Page 330 Do you want to enable 'cfg_TI' configuration zone config "cfg_TI" is in effect Updating flash ... cfg_TI lsan_t_i_TI_Zone1 10:00:00:00:00:00:02:00:00 10:00:00:00:00:00:03:00:00 10:00:00:00:00:00:08:00:00 (yes, y, no, n): [no] y Fabric OS Administrator’s Guide 53-1001763-02...
Page 331: Administering Npiv
010000 shows only 1 NPIV device and index 010300 shows 222 NPIV devices. Example of NPIV devices switch:admin> switchshow switchName: switchType: switchState: switchMode: switchWwn: switchBeacon: Index Port Address Media Speed State Fabric OS Administrator’s Guide 53-1001763-02 5100 71.2 Online Access Gateway Mode 10:00:00:05:1e:41:49:3d Proto Chapter...
Page 332: Upgrade Considerations
1 N Port + 63 NPIV public NPIV support Yes, 127 virtual device limit. Yes, 63 virtual device limit. 2, 3 Yes, 255 virtual device limit. Yes, 255 virtual device limit. Yes, 255 virtual device limit. Fabric OS Administrator’s Guide 53-1001763-02...
Page 333: Configuring Npiv
NPIV Limit Set to 176 for Port 1 switch:admin> portcfgshow 1 Area Number: Speed Level: Fill Word: AL_PA Offset 13: Trunk Port Long Distance Fabric OS Administrator’s Guide 53-1001763-02 Virtual Fabric Logical switch type NPIV support Enabled Logical switch Yes, 255 virtual device limit. Enabled Base switch...
Page 334: Enabling And Disabling Npiv
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portCfgShow command to view the switch ports information. The following example shows whether a port is configured for NPIV: switch:admin> portcfgshow disable and fcoe enable commands. disable option. Fabric OS Administrator’s Guide 53-1001763-02...
Page 335 None portCFlags: 0x1 portFlags: 0x24b03 PRESENT ACTIVE F_PORT G_PORT NOELP LED ACCEPT portType: Fabric OS Administrator’s Guide 53-1001763-02 Viewing NPIV port configuration information AN AN AN AN AN AN AN AN ON ON ON ON ON ON ON ON ..
Page 336: Viewing Virtual Pid Login Information
Protocol_err: 0 Invalid_word: 0 Invalid_crc: Delim_err: Address_err: Lr_in: Lr_out: Ols_in: Ols_out: World Wide Name credit df_sz cos c0:50:76:ff:fb:00:16:fc c0:50:76:ff:fb:00:16:f8 c0:50:76:ff:fb:00:17:ec c0:50:76:ff:fb:00:17:70 c0:50:76:ff:fb:00:16:80 Frjt: Fbsy: 1458 2048 scr=3 2048 scr=3 2048 scr=3 2048 d_id=FFFFFC 2048 d_id=FFFFFC Fabric OS Administrator’s Guide 53-1001763-02...
Page 337: In This Chapter
Interoperability supports enabling the switch with the following modes: • InteropMode 0 for Brocade Native mode, which supports all stand-alone Brocade fabrics, but provides no interoperability support. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 338: Connectivity Solutions
Mi10K, M6140, M6064, and the DCX Backbone platform. This connectivity is established using direct E_Port connections using ISLs. “Supported hardware in an interoperable environment” Service”. on page 329. Fabric OS Administrator’s Guide 53-1001763-02...
Page 339: Domain Id Offset Modes
The offset is used to define the minimum and maximum of the domain ID range. Refer to Table 54 IM2 and IM3 respectively. Fabric OS Administrator’s Guide 53-1001763-02 enable -mcdata/openmcdata command, configured domain ID offset Table 55 on page 300 for the internal representation of domain ID offset values in...
Page 340: Table 54 Internal Representations Of Id Domain Offsets In Im2
A1XXYY 0xC1 C1XXYY Internal representations of ID domain offsets in IM3. Domain ID PID Area affected 0x01 01XXYY 0x21 21XXYY 0x41 41XXYY 0x61 61XXYY 0x81 81XXYY 0xA1 A1XXYY 0xC1 C1XXYY 0x01 01XXYY Appendix E, “Hexadecimal”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 341: Configuring The Domain_Id Offset
ID to the incoming switch, it will segment from the fabric. • The DCC policy or port based security is not supported in McDATA Fabric mode. Fabric OS Administrator’s Guide 53-1001763-02 McDATA Fabric mode configuration restrictions enable command for your interop mode. Tasks”. Chapter 2, “Performing...
Page 342: Mcdata Open Fabric Mode Configuration Restrictions
McDATA Open Fabric mode, and Brocade Native mode are supported in the same chassis. Although there is always at least one logical switch instance per chassis, multiple logical switch instances can exist in a chassis. Appendix E, “Hexadecimal” Fabric OS Administrator’s Guide 53-1001763-02...
Page 343: Switch Configurations For Interoperability
When configuring multiple switches, you should wait for a fabric reconfiguration after adding or removing each switch. Every switch in the fabric must have a unique domain ID. Fabric OS Administrator’s Guide 53-1001763-02 Switch configurations for interoperability “Managing Virtual Fabrics”...
Page 344: Enabling Mcdata Fabric Mode
B5000_205:admin> interopmode 2 “McDATA Open Fabric mode configuration restrictions” Tasks”.) through step 5 on each Fabric OS switch in the fabric. “McDATA Fabric mode configuration restrictions” Chapter 2, “Performing Basic Configuration Chapter 2, Tasks”.) Fabric OS Administrator’s Guide 53-1001763-02...
Page 345: Enabling Brocade Native Mode
Do you want to continue? (yes, y, no, n): [no] y 4. After removing each switch, wait for a fabric reconfiguration. 5. Repeat this procedure on all Fabric OS switches in the fabric. Fabric OS Administrator’s Guide 53-1001763-02 Switch configurations for interoperability through step 5...
Page 346: Zone Management In Interoperable Fabrics
Fabric OS switch. • Defining zones in the effective configuration or the Defined Database is allowed in IM2 only. • Legacy McDATA switches do not support the Defined Database or merge propagation. Fabric OS Administrator’s Guide 53-1001763-02...
Page 347: Zone Name Restrictions
Responding “yes” puts the system in McDATA Open Fabric mode with default zoning and safe zoning turned off. This mode is not supported in interopmode 3. For details, see “Activating Default Zones” in 11, “Administering Advanced Fabric OS Administrator’s Guide 53-1001763-02 Zone management in interoperable fabrics Zoning”. Chapter...
Page 348: Setting The Safe Zone Mode On A Stand-Alone Switch
Disabling safe zone mode 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the cfgMcdtMode command. switch:admin> cfgmcdtmode --disable safezoning safezoning McDATA mode has been disabled ... Fabric OS Administrator’s Guide 53-1001763-02...
Page 349: Effective Zone Configuration
Attempting to save new config to the defined config... 2sw0 Updating flash ... [output truncated] Attempting to save config to the defined config... 2sw0 Updating flash ... Updating flash ... Fabric OS Administrator’s Guide 53-1001763-02 Zone management in interoperable fabrics (yes, y, no, n): [no] yes...
Page 350: Frame Redirection In Interoperable Fabrics
Use the Prohibit Dynamic Connectivity Mask (PDCM) method for specific forced network control. You must perform this configuration at the director or backbone platform level. For detailed information on creating TI zones, see Chapter 4, “Routing Traffic”. Chapter 18, “Optimizing Fabric Behavior”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 351: Brocade Santegrity Implementation In Mixed Fabric Sans
For information on setting the license keys, see Switch secrets must be set correctly; otherwise, authentication will fail. Fabric OS Administrator’s Guide 53-1001763-02 Brocade SANtegrity implementation in mixed fabric SANS for more information on setting the Chapter 16, “Administering...
Page 352: Table 56 Fabric Os Switch Authentication Types
M-EOS switch. M-EOS support M-EOS switch explanation M-EOS selects DH Null option (only supports 0). 0 (DH Null option) supported. Not supported by M-EOS. Not supported by M-EOS. Not supported by M-EOS. Not supported by M-EOS. Fabric OS Administrator’s Guide 53-1001763-02...
Page 353: Switch Authentication Policy
Authentication (Fabric builds normally). Connected without any authentication (Fabric builds normally). Fabric OS Administrator’s Guide 53-1001763-02 E_Port authentication between Fabric OS and M-EOS switches M-EOS support Active Yes! Yes! Connected with two-way Connected with authentication; both two-way sides of the connection authentication;...
Page 354: Table 61 Switch Authentication Policy - Fabric Os Switch With Incorrect Peer Secret For M-Eos
(Fabric Rejected). When the builds normally). Fabric OS switch generates the reject, it will disable the Fabric OS port. When the M-EOS switch generates the reject, it will go to an invalid attachment state. Fabric OS Administrator’s Guide 53-1001763-02...
Page 355: Dumb Switch Authentication
Table 63 on page 316 shows how authentication is affected when a Fabric OS switch is connected to a dumb M-EOS switch. Fabric OS Administrator’s Guide 53-1001763-02 E_Port authentication between Fabric OS and M-EOS switches Passive Active E_Port does not...
Page 356: Table 63 Switch Authentication Policy When Connected To An M-Eos Dumb Switch
(Fabric builds disables the Fabric OS port. normally). When the M-EOS switch generates the reject, it goes to an invalid attachment state. on page 312 for the Fabric OS mode on page 311. Fabric OS Administrator’s Guide 53-1001763-02...
Page 357: Authentication Of Ve_Port-To-Ve_Port Connections
TABLE 64 VE_Port-to-VE_Port authentication policy with correct switch secret Fabric OS switch VE_ to VE_Port Passive Active Fabric OS Administrator’s Guide 53-1001763-02 E_Port authentication between Fabric OS and M-EOS switches Passive Active Yes! Connected without any Connected with authentication (Fabric two-way builds normally).
Page 358 (Fabric (Authentication builds normally). Rejected). When the Fabric OS switch generates the reject, it disables the Fabric OS port. When the M-EOS switch generates the reject, it goes to an invalid attachment state. Fabric OS Administrator’s Guide 53-1001763-02...
Page 359: Table 65 Ve_Port-To-Ve_Port Authentication Policy With Unknown Switch Secret
TABLE 65 VE_Port-to-VE_Port authentication policy with unknown switch secret Fabric OS switch VE_ to VE_Port Passive Active Fabric OS Administrator’s Guide 53-1001763-02 E_Port authentication between Fabric OS and M-EOS switches Passive Active Connected without E_Port does not any authentication connect...
Page 360: Authentication Of Vex_Port-To-Ve_Port Connections
(Fabric (Authentication builds normally). Rejected). When the Fabric OS switch generates the reject, it disables the Fabric OS port. When the M-EOS switch generates the reject, it goes to an invalid attachment state. Fabric OS Administrator’s Guide 53-1001763-02...
Page 361: Authentication Of Vex_Port-To-Vex_Port Connections
M-EOS port and then re-enable it before the link can come up again. Enabling just the EX_Port does not always allow the link to come up again. Fabric OS Administrator’s Guide 53-1001763-02 Passive Active...
Page 362: Fabric Binding Behavior In A Mixed Fabric
In McDATA Open Fabric mode, it is possible to configure a preferred domain ID outside of the range allowed for an M-EOS switch. The preferred domain ID must be configured in the range of 97-127 in Open Fabric mode or Fabric Binding fails to activate. Fabric OS Administrator’s Guide 53-1001763-02...
Page 363: Ficon Implementation In A Mixed Fabric
• Upgrading to Fabric OS v6.4.0 does not automatically synchronize the Defined Database with other switches in the fabric. You must select one switch and run the cfgSave command. Fabric OS Administrator’s Guide 53-1001763-02 FICON implementation in a mixed fabric...
Page 364: Coordinated Hot Code Load
The normal firmwaredownload messages are displayed along with the following message: You have elected to bypass the checking of Coordinated HCL. This may cause traffic disruption for some switches in the fabric. Do you want to proceed? Fabric OS Administrator’s Guide 53-1001763-02...
Page 365: Coordinated Hcl On Switches Firmware Downloads
Fabric FCR E_Port SANtegrity FCR Fabric OS Level 2 (Layer 2 SANtegrity) Fabric OS Administrator’s Guide 53-1001763-02 McDATA-aware features Behavior The header of FC frames uses the SID and DID according to the domain offset setting. Allows configuring stand-alone and fabric-wide tasks such as basic switch and port operations.
Page 366: Mcdata-Unaware Features
Manager (DFCM) management tool. Support Not supported. Supported. Not supported. Not supported. Support Notes • ACL in strict mode: No Works with SANtegrity. • ACL in tolerant mode: Yes • ACL in absent mode: Yes Fabric OS Administrator’s Guide 53-1001763-02...
Page 367: Table 70 Complete Feature Compatibility Matrix
Network Time Protocol (NTP) Open E_Port Port mirroring SNMP Fabric OS Administrator’s Guide 53-1001763-02 Support Notes McDATA Fabric mode and McDATA Open Fabric mode are not supported on the Brocade 8000. Supported on the Brocade 4900, 5000, 5100, 5300, and the VA-40FC switches, and the Brocade 48000 and the Brocade DCX Backbone.
Page 368: M-Eos Feature Limitations In Mixed Fabrics
McDATA Fabric mode and McDATA Open Fabric mode. No zoning management in Fabric OS switch except cfgClear and cfgDisable after a switch is disabled. Regular zones cannot be configured on Fabric OS switches. Fabric OS Administrator’s Guide 53-1001763-02...
Page 369: Supported Hardware In An Interoperable Environment
The following matrix identifies the Fabric OS hardware platforms that are interoperable with M-EOS hardware platforms. McDATA Fabric mode and McDATA Open Fabric mode are not supported on the Brocade 8000. Fabric OS Administrator’s Guide 53-1001763-02 Supported hardware in an interoperable environment Appendix E,...
Page 370: Table 71 Fabric Os Interoperability With M-Eos
Fabric OS v6.2.0 Fabric OS v6.3.0 McDATA Open Fabric and McDATA Open Fabric and Fabric mode Fabric mode Not blocked by software. Not blocked by software. Fabric OS v6.4.0 McDATA Open Fabric and Fabric mode Fabric OS Administrator’s Guide 53-1001763-02...
Page 371: Supported Features In An Interoperable Environment
Supported features in an interoperable environment Table 72 shows the interoperability features supported in Fabric OS v6.2.0, v6.3.0, and v6.4.0. Fabric OS Administrator’s Guide 53-1001763-02 Supported features in an interoperable environment Fabric OS v6.2.0 Fabric OS v6.3.0 McDATA Open Fabric and...
Page 372: Table 72 Supported Fabric Os Features
OpenTrunking. balancing using OpenTrunking. Not on FCR Only supported Only supported locally within the locally within the Fabric OS switch. Fabric OS switch. Only allowed Only allowed between Fabric between Fabric OS-based switches. OS-based switches. Fabric OS Administrator’s Guide 53-1001763-02...
Page 373 SCC policies Traffic Isolation zones VE-to-VEX Port Virtual Channels (VC RDY) Zone Activation support Fabric OS Administrator’s Guide 53-1001763-02 Supported features in an interoperable environment Fabric OS v6.2.0 Interop mode 2 Interop mode 3 Only supported in conjunction with In Virtual Fabrics,...
Page 374: Unsupported Features In An Interoperable Environment
Administrative Domains • Quickloop and QuickLoop Zoning • Timer Server function • Open E_Port • Broadcast Zoning • Management Server service and FDMI • Alias Server • Platform services • Top Talkers • Advanced Performance Monitoring Fabric OS Administrator’s Guide 53-1001763-02...
Page 375: Managing Administrative Domains
The Admin Domain number identifies the Admin Domain and has a range of 0–255. The domain ID identifies a switch in the fabric and has a range of 1–239. Figure 51 on page 336 shows a fabric with two Admin Domains: AD1 and AD2. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 376: Figure 51 Fabric With Two Admin Domains
Admin Domain; however, the switch ports and end devices are filtered based on Admin Domain membership. FIGURE 52 Filtered fabric views when using Admin Domains Figure 52, users can see all switches and E_Ports in the fabric, regardless Fabric OS Administrator’s Guide 53-1001763-02...
Page 377: Admin Domain Features
The LSAN zone names must not be longer than 57 characters. Chapter 21, “Using the FC-FC Routing Service,” Service and LSAN zones. Fabric OS Administrator’s Guide 53-1001763-02 Administrative Domains overview Figure 51 on page 360 for more information. on page 224 for instructions).
Page 378: Admin Domain Access Levels
If their role permits, can create user accounts and assign them to Admin Domains in their list. Cannot view other Admin Domain definitions. They can view only members of their own Admin Domains. “Admin Domain access levels” on page 338 for Fabric OS Administrator’s Guide 53-1001763-02...
Page 379 AD255 shown. AD0 contains the two devices that are not in any of the user-defined Admin Domains (AD1 and AD2). AD255 encompasses the entire physical fabric. Fabric OS Administrator’s Guide 53-1001763-02 Administrative Domains overview Figure 51 on page 336, but with AD0 and...
Page 380: Admin Domains And Login
The following are example prompts for when you are in the AD0, AD1, and AD255 contexts, respectively: switch:admin> switch:AD1:admin> switch:AD255:admin> “Switching to a different Admin Domain context” on page 358 for instructions). Fabric OS Administrator’s Guide 53-1001763-02...
Page 381: Admin Domain Member Types
If the switch domain ID changes, the domain,index members are invalid (they are not automatically changed). You must then reconfigure the Admin Domain with the current domain,index members. Fabric OS Administrator’s Guide 53-1001763-02 . The index range arguments are expanded and stored in the Admin <D,[0-15]>...
Page 382: Admin Domains And Switch Wwn
Figure 54 shows an unfiltered view of a fabric with two switches, three devices, and two Admin Domains. The devices are labeled with device WWNs and the switches are labeled with domain ID and switch WWNs. Fabric OS Administrator’s Guide 53-1001763-02...
Page 383: Figure 54 Fabric Showing Switch And Device Wwns
Domain ID = 1 WWN = 50:00:51:f0:52:36:f9:04 FIGURE 55 Filtered fabric views showing converted switch WWNs Fabric OS Administrator’s Guide 53-1001763-02 Fabric Visible to AD3 User Fabric Visible to AD4 User Administrative Domains overview WWN = 10:00:00:00:c2:37:2b:a3 Domain ID = 2...
Page 384: Admin Domain Compatibility, Availability, And Merging
Saves the changes to the defined configuration in persistent storage and enforces the defined configuration on all switches in the fabric, replacing the effective configuration. defined configurations remain unchanged. transshow command at any time to display the ID of the current Admin Fabric OS Administrator’s Guide 53-1001763-02...
Page 385: Creating An Admin Domain
4. Switch to the AD255 context, if you are not already in that context: ad --select 255 Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators on page 341. on page 360 for additional information about how zones “Disabling Virtual Fabrics mode”...
Page 386: User Assignments To Admin Domains
Users can log in to their Admin Domains and create their own Admin Domain-specific zones and zone configurations. create command using the -d option to specify device and switch port members for instructions. save. Chapter 11, “Administering Advanced Fabric OS Administrator’s Guide 53-1001763-02...
Page 387 --add pfa_admin1 -r admin -h 255 -a "0-255" Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators add command using the -r option to set the role, the -a option to...
Page 388: Removing An Admin Domain From A User Account
You are about to activate a new admin domain. Do you want to activate ’AD_B5’ admin domain (yes, y, no, n): [no]: y switch:AD255:admin> deletead command: activate option. The activate option prompts for confirmation. save. Fabric OS Administrator’s Guide 53-1001763-02...
Page 389: Deactivating An Admin Domain
Admin Domain name or number, dev_list is a list of device WWNs or domain,index members, and switch_list is a list of switch WWNs or domain IDs. Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators deactivate command.
Page 390: Removing Members From An Admin Domain
1. Connect to the switch and log in as admin. 2. Switch to the AD255 context, if you are not already in that context. ad --select 255 remove command using the -d option to specify device and switch port save. save. Fabric OS Administrator’s Guide 53-1001763-02...
Page 391: Deleting An Admin Domain
This operation will fail if zone configuration exists in the AD Do you want to delete ’AD_B3’ admin domain (yes, y, no, n): [no] y switch:AD255:admin> Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators rename command with the present name and the new name. delete command.
Page 392: Deleting All User-Defined Admin Domains
Admin Domain definition and directly apply the copy command to copy the zones from all user-defined Admin Domains to “Deleting all user-defined Admin on page 258 for instructions. Fabric OS Administrator’s Guide 53-1001763-02...
Page 393 At the conclusion of the procedure, all devices and zones are moved to AD0, and the user-defined Admin Domains are deleted, as shown in Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators Name of the user-defined AD from which you are copying the zone.
Page 394: Figure 56 Ad0 And Two User-Defined Admin Domains, Ad1 And Ad2
Zone CFG Info for AD_ID: 1 Defined configuration: cfg: zone: (AD Name: AD0, State: Active) : AD0_cfg AD0_RedZone AD0_RedZone 10:00:00:00:01:00:00:00; 10:00:00:00:02:00:00:00 AD0_cfg AD0_RedZone 10:00:00:00:01:00:00:00 10:00:00:00:02:00:00:00 (AD Name: AD1, State: Active) : AD1_cfg AD1_BlueZone AD1_BlueZone 10:00:00:00:02:00:00:00; 10:00:00:00:03:00:00:00 Fabric OS Administrator’s Guide 53-1001763-02...
Page 395 You are about to enforce the saved AD configuration. This action will trigger AD apply to all switches in the fabric Do you want to apply all admin domains Fabric OS Administrator’s Guide 53-1001763-02 Admin Domain management for physical fabric administrators AD1_cfg AD1_BlueZone...
Page 396: Validating An Admin Domain Member List
State: Active Switch port members: on page 344. Figure 52 on page 336). Any devices and switch ports that are not defined as part of 1,1; 1,3; 2,5+; 3,6; “Admin Domain management for Figure 51 Fabric OS Administrator’s Guide 53-1001763-02...
Page 397: Cli Commands In An Ad Context
--exec ad_id "command" Example The following example executes the switchShow command in the AD7 context. switch:AD255:admin> ad --exec 7 "switchshow" Fabric OS Administrator’s Guide 53-1001763-02 SAN management with Admin Domains Table 74 is met. Condition • The port is specified in the domain,index member list of the Admin Domain.
Page 398: Displaying An Admin Domain Configuration
You can switch between different Admin Domain contexts. This option creates a new shell with a new Admin Domain context. If the corresponding Admin Domain is not activated, the operation fails. show command. AD Name: TheSwitches TheSwitches Switch WWN members: State: Active 50:06:06:99:00:2a:e9:01; 50:00:51:e0:23:36:f9:01; 50:06:06:98:05:be:99:01; Fabric OS Administrator’s Guide 53-1001763-02...
Page 399: Admin Domain Interactions With Other Fabric Os Features
Advanced Performance Monitoring (APM) Fabric Watch Fabric OS Administrator’s Guide 53-1001763-02 SAN management with Admin Domains select command and the Admin Domain you want to switch to. Admin Domain interaction If no user-defined Admin Domains exist, you can run ACL configuration commands in only AD0 and AD255.
Page 400: Admin Domains, Zones, And Zone Databases
Virtual Fabrics, you must first delete all Admin Domains. If you connect a switch with Admin Domains to a Virtual Fabric-enabled switch, the link is segmented with the reason “VF AD conflict.” Chapter 3, “Performing Fabric OS Administrator’s Guide 53-1001763-02...
Page 401 AD1 results in an update request only for the AD1 zone database. Fabric OS Administrator’s Guide 53-1001763-02 SAN management with Admin Domains validate command, you can see all zone members that are not part of the current on page 251 for instructions on using the zone “Default zoning mode”...
Page 402: Admin Domains And Lsan Zones
Admin Domain. Chapter 21, “Using the FC-FC Routing Service,” Chapter 8, “Maintaining the Switch Configuration File,” Configuration file sections iSCSI Without switch membership for information about LSAN zones. Zone AD headers Switch configuration and other parameters Fabric OS Administrator’s Guide 53-1001763-02...
Page 403: Licensed Features
Chapter 16, “Administering Licensing” • Chapter 17, “Monitoring Fabric Performance” • Chapter 18, “Optimizing Fabric Behavior” • Chapter 19, “Managing Trunking Connections” • Chapter 20, “Managing Long Distance Fabrics” • Chapter 21, “Using the FC-FC Routing Service” Fabric OS Administrator’s Guide 53-1001763-02 Sectiona...
Page 404 Fabric OS Administrator’s Guide 53-1001763-02...
Page 405: In This Chapter
Fabric OS includes basic switch and fabric support software, and support for optionally licensed software that is enabled using license keys. currently available: Fabric OS Administrator’s Guide 53-1001763-02 Table 77 lists the optionally licensed features that are Chapter...
Page 406: Table 77 Available Brocade Licenses
Enables performance monitoring of networked storage resources. This license includes the Top Talkers feature. Provides greater than 10km of switched fabric connectivity at full bandwidth over long distances (depending on the platform this can be up to 3000km). Fabric OS Administrator’s Guide 53-1001763-02...
Page 407 High Performance Extension over FCIP/FC (formerly known as “FC-IP Services”) ICL 16-link License, or Inter Chassis Links ICL 8-Link License Fabric OS Administrator’s Guide 53-1001763-02 Licensing overview Description Monitors mission-critical switch operations. Fabric Watch includes Port Fencing capabilities. Provides the ability to aggregate multiple physical links into one logical link for enhanced network performance and fault tolerance.
Page 408 Local switch and attached switches. For more information on this products licensing, refer to the Fabric Watch Administrator’s Guide. Local and attached switches. Local and attached switches. License is needed on both sides of tunnel. Local and attached switches. Fabric OS Administrator’s Guide 53-1001763-02...
Page 409 Logical fabric Logical switch Long distance NPIV OpenSSH public key Performance monitoring Port fencing Fabric OS Administrator’s Guide 53-1001763-02 License No license required. FICON Management Server FICON Tape High-Performance Extension over FCIP/FC license or Advanced FICON Acceleration on Brocade 7800...
Page 410: Table 78 License Requirements
Local switch and attached switches. Local switch Local switch Local switch and attached switches. Local and attached switches. Local switch. May be required on attached switches. Local and any switch you want to manage using Web Tools. Fabric OS Administrator’s Guide 53-1001763-02...
Page 411: The Brocade 7800 Upgrade License
This license is also useful for environments with ICL connections between a Brocade DCX and a DCX-4S, the latter of which cannot support more than eight links on an ICL port. Available on the Brocade DCX-4S and DCX platforms only. Fabric OS Administrator’s Guide 53-1001763-02 The Brocade 7800 Upgrade license Base model Upgrade License...
Page 412: 8G Licensing
3. You must configure the application that uses the licensed feature on the blade in the slot. That operation verifies that the previous two steps have been successfully completed. Once these steps are complete, the feature will work on the blade. Fabric OS Administrator’s Guide 53-1001763-02...
Page 413: Upgrade/Downgrade Considerations
NTP, then it is not blocked. If you are using NTP to synchronize the time between your network devices, including switches or enterprise-class platforms, then do not attempt to change system date and time when a time-based license is installed. Fabric OS Administrator’s Guide 53-1001763-02 Time-based licenses...
Page 414: Configupload And Download Considerations
The expiration date is based on the system time at the installation of the license plus the number of days that the Universal Time-based license is valid for. Universal Time-based licenses cannot be removed and reinstallation of the same Universal Time-based license on the same switch is not permitted. Fabric OS Administrator’s Guide 53-1001763-02...
Page 415: Extending A License
A verification screen appears. 4. Verify the information appears correctly. Click Submit if the information displayed is correct. If the information is incorrect, click Previous, correct the information, and click Submit. Fabric OS Administrator’s Guide 53-1001763-02 Viewing installed licenses “Adding a licensed feature”.
Page 416: Adding A Licensed Feature
Integrated Routing license Storage Application Services license FICON Tape license FICON XRC license Adaptive Networking license Inter Chassis Link license Enhanced Group Management license 8 Gig FC license DataFort Compatibility license Server Application Optimization license Fabric OS Administrator’s Guide 53-1001763-02...
Page 417: Removing A Licensed Feature
Brocade 8000—Must have license installed to enable the 8 FC ports. A maximum of 8 ports are allowed. Brocade VA-40FC—Can be purchased with 24, 32, or 40 licensed ports. A maximum of 40 ports is allowed. Fabric OS Administrator’s Guide 53-1001763-02 Removing a licensed feature...
Page 418: Table 80 List Of Available Ports When Implementing Pods
POD1: 9-12 and 21-22 POD2: 0, 13-16, and 23 24 Gbe 24 Gbe and 8 FC 0-23 0-31 Both POD license present 0-23 0-31 0-63 0-31 0-39 0-79 0-11 0-23 0-23 24 Gbe and 8 FC 0-39 Fabric OS Administrator’s Guide 53-1001763-02...
Page 419: Activating Ports On Demand
24 port assignments are provisioned for use in this switch: 24 ports are assigned to installed licenses: Fabric OS Administrator’s Guide 53-1001763-02 show command. 12 port assignments are provisioned by the base switch license 12 port assignments are provisioned by a full POD license...
Page 420: Enabling Dynamic Ports On Demand
12 port assignments are provisioned by the base switch license 12 port assignments are provisioned by a full POD license 8 ports are assigned to the base switch license 0 ports are assigned to the full POD license Fabric OS Administrator’s Guide 53-1001763-02...
Page 421: Reserving A Port License
0, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 Fabric OS Administrator’s Guide 53-1001763-02 method command with the static option to change the license assignment show command to verify the switch started the Static POD feature.
Page 422: Releasing A Port From A Pod Set
POD license. show command to verify the port is no longer assigned to a POD set. reserve command to reserve to release a port from its POD Fabric OS Administrator’s Guide 53-1001763-02...
Page 423: In This Chapter
Advanced Performance Monitoring provides the following monitors: • End-to-End monitors measure the traffic between a host/target pair. • Frame monitors measure the traffic transmitted through a port with specific values in the first 64 bytes of the frame. Fabric OS Administrator’s Guide 53-1001763-02 Chapter...
Page 424: Virtual Fabrics Considerations For Advanced Performance Monitoring
Maximum number of logical switches supported Table Monitors: Frame ISL Top Talker Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Maximum number of logical switches on which monitors are supported Table Fabric OS Administrator’s Guide 53-1001763-02...
Page 425: End-To-End Performance Monitoring
Identical end-to-end monitors cannot be added to the same port. Two end-to-end monitors are considered identical if they have the same SID and DID values after applying the end-to-end mask. Fabric OS Administrator’s Guide 53-1001763-02 End-to-end performance monitoring on page 397. You can clear end-to-end counters...
Page 426: Adding End-To-End Monitors
DID, as shown in the following example. switch:admin> perfaddeemonitor 2/14, "0x111eef" "0x051200" End-to-End monitor number 1 added. Switch X Switch Y 0x111eef ..Monitor 1 domain 0x11, switch area ID 0x1e AL_PA 0xef Fabric OS Administrator’s Guide 53-1001763-02...
Page 427: Setting A Mask For An End-To-End Monitor
The perfSetPortEEMask command sets a mask for the Domain ID, Area ID, and AL_PA of the SIDs and DIDs for frames transmitted from and received by the port. Fabric OS Administrator’s Guide 53-1001763-02 End-to-end performance monitoring Add monitors here . . .
Page 428: Deleting End-To-End Monitors
Transmitted from port SID mask DID mask AL_PA mask Area ID mask Domain ID mask TX_COUNT RX_COUNT 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 Received by port SID mask DID mask OWNER_IP_ADDR 10.106.7.179 10.106.7.179 10.106.7.179 10.106.7.179 Fabric OS Administrator’s Guide 53-1001763-02...
Page 429: Frame Monitoring
• perfAddIPMonitor • perfAddRWMonitor • perfAddReadMonitor • perfAddSCSIMonitor • perfAddUserMonitor • perfAddWriteMonitor • perfDelFilterMonitor Fabric OS Administrator’s Guide 53-1001763-02 Frame monitoring Max number of frame monitors per port Max number of offsets per port Table 83...
Page 430: Creating Frame Types To Be Monitored
Example of creating a user-defined frame type and applying frame monitors to ports 3, 4, and 5 switch:admin> fmconfig --create MyFrameMonitor -pat "17,0xFF,0x007;7,0x4F,0x01;" -port 3-5 Starting port :3 End port :5 Create Success :0 Value SOFi2 SOFn2 SOFi3 SOFn3 create command to create a user-defined frame. Table Fabric OS Administrator’s Guide 53-1001763-02...
Page 431: Deleting Frame Types
If you assign or remove frame monitors on ports, the list of ports to be monitored is automatically saved persistently, unless you specify the Fabric OS Administrator’s Guide 53-1001763-02 delete command to delete a specific frame type. addmonitor command to add a frame monitor to one or more ports.
Page 432: Displaying Frame Monitors
4,0xFF,0x81;40,0xFF,0x81;12,0xFF,0x0;17,0xFF,0x0; baacc 4,0xff,0x84;12,0xff,0x00;17,0xff,00; |0x0000000000000123|1000 |0x0000000000000125|1000 |0x0000000000000143|1000 clear command to clear the counters on the ports on which the specified |HIGH Thres|Actions |TIMEBASE |Email |None |Email |None |Email |None |None |None Fabric OS Administrator’s Guide |CFG |saved |saved |saved |saved 53-1001763-02...
Page 433: Isl Performance Monitoring
Quality of Service (QoS) attributes so they get proper priority. See Chapter 18, “Optimizing Fabric Behavior,” Fabric OS Administrator’s Guide 53-1001763-02 ISL performance monitoring for information about monitor features and implementation.) counters.” You can clear ISL counters using the “Clearing end-to-end and ISL monitor counters”...
Page 434: Adding A Top Talker Monitor On An F_Port
Adding Top Talker monitors on all switches in the fabric (fabric mode) When fabric mode is enabled, you can no longer install Top Talker monitors on an F_Port unless you delete fabric mode. add command. Fabric OS Administrator’s Guide 53-1001763-02...
Page 435: Displaying The Top N Bandwidth-Using Flows On An F_Port
To display the top flows on slot 2, port 4 on the Brocade 48000, Brocade DCX, or DCX-4S in PID format: perfttmon --show 2/4 pid switch:admin> perfttmon --show 2/4 pid ======================================== Src_PID ======================================== 0xa90800 0xa90800 Fabric OS Administrator’s Guide 53-1001763-02 add fabricmode command. bandwidth-using flows on an F_Port show command. Dst_PID MB/sec 0xa05200 6.926 0xa908ef 6.872 Top Talker monitors “Deleting end-to-end monitors”...
Page 436: Displaying Top Talking Flows For A Given Domain Id (Fabric Mode)396
1. Connect to the switch and log in as admin. 2. Enter the perfTTmon perfttmon --delete fabricmode All Top Talker monitors are deleted. show dom command. Dst_PID MB/sec 0x011300 121.748 0x011300 121.748 delete command. delete fabricmode command. Potential E-Ports 2/0,2/2,2/3 3/14,3/15 Fabric OS Administrator’s Guide 53-1001763-02...
Page 437: Limitations Of Top Talker Monitors
Example of displaying an end-to-end monitor on a port at 10-second intervals switch:admin> perfMonitorShow --class EE 4/5 10 Showing EE monitors 4/5 10: Tx/Rx are # of bytes --------- ========= Fabric OS Administrator’s Guide 53-1001763-02 --------- --------- --------- ========= =========...
Page 438: Clearing End-To-End And Isl Monitor Counters
5.0m 5.0m 4.5m 4.5m RX_COUNT 0x0000000000000000 0x0000000000000000 0x00000004d0ba9915 0x0000000067229e65 0x00000004d0baa754 0x0000000067229e65 0x00000004d0bab3a5 0x0000000067229e87 0x00000004d0bac1e4 0x0000000067229e87 0x00000004d0bad086 0x0000000067229e87 0x00000004d0bade54 0x0000000067229e87 192.168.169.40 0x00000004d0baed41 0x0000000067229e98 192.168.169.40 110379 1337982 4.9m 4.4m 4.8m 4.6m 5.0m 4.5m OWNER_IP_ADDR Domain 98: Fabric OS Administrator’s Guide 13965 53-1001763-02...
Page 439: Saving And Restoring Monitor Configurations
Using the Data Center Fabric Manager (DCFM) Enterprise Edition, you can store performance data persistently. For details on this feature, see the DCFM User’s Manual (Enterprise Edition). Fabric OS Administrator’s Guide 53-1001763-02 Saving and restoring monitor configurations Do you want to continue? (yes, y, no, n): [no] y...
Page 440 Performance data collection Fabric OS Administrator’s Guide 53-1001763-02...
Page 441: In This Chapter
The Top Talkers feature provides real-time information about the top “n” bandwidth-consuming flows passing through a specific port in the network. Top Talkers requires an Advanced Performance Monitoring license. See about this feature. Fabric OS Administrator’s Guide 53-1001763-02 “Bottleneck detection” “Top Talker monitors” on page 393 for more information Chapter...
Page 442: Ingress Rate Limiting
Note the following considerations about ingress rate limiting: • Ingress rate limiting is applicable only to F_Ports and FL_Ports. “Traffic Isolation Zoning” on page 267 for “Ingress Rate Limiting” on page 403 for more information about this feature. Fabric OS Administrator’s Guide 53-1001763-02...
Page 443: Limiting Traffic From A Particular Device
The virtual channels are allocated as shown in TABLE 85 Virtual channels assigned to QoS priority Priority High priority Medium priority Low priority Fabric OS Administrator’s Guide 53-1001763-02 QoS: SID/DID traffic prioritization setratelimit command. resetratelimit command. Table Number of VCs VCs assigned 10, 11, 12, 13, 14...
Page 444: License Requirements For Traffic Prioritization
QoS is disabled by default on 4 Gbps ports and long-distance 8 Gbps ports. The following procedure does not apply to these ports. 1. Connect to the switch and log in as admin. 2. Display the ISL information using the following command: islshow Fabric OS Administrator’s Guide 53-1001763-02...
Page 445 Locked E_Port ISL R_RDY Mode Fabric OS Administrator’s Guide 53-1001763-02 " if QoS is disabled. QoS is enabled on this ISL, so you should not disable QoS on port 2. QoS is disabled on this ISL; however, this is a 4 Gbps port, so you do not need to disable QoS on port 8.
Page 446: Qos Zones
126 126 126 126 126 126 126 126 QOSHid_xxxxx QOSLid_xxxxx on page 408 for additional considerations when using QoS to prioritize 126 126 126 126 on page 413 for some considerations you Fabric OS Administrator’s Guide 53-1001763-02...
Page 447: Qos On E_Ports
By default, QoS is enabled on 8 Gbps ports, except for long-distance 8 Gbps ports. QoS is disabled by default on all 4 Gbps ports and long-distance 8 Gbps ports. Fabric OS Administrator’s Guide 53-1001763-02 Figure 61 shows a fabric with two hosts (H1, H2) and three targets (S1, S2, S3). The...
Page 448: Qos Over Fc Routers
2 or interopmode 3. Domain 1 = Low priority = Medium priority = High priority = E_Ports with QoS enabled Domain 2 for information about FC routers, phantom Domain 3 Domain 4 on page 415 for detailed instructions. Fabric OS Administrator’s Guide 53-1001763-02...
Page 449: Virtual Fabric Considerations For Traffic Prioritization
(ports 10, 11, 12, 13, 14, 15, 16, and 17). Chassis 1 FIGURE 63 Traffic prioritization in a logical fabric Fabric OS Administrator’s Guide 53-1001763-02 Figure 63 shows a logical fabric that includes H1 and S1. To set the traffic between Domain 1 LS3, FID1...
Page 450: High Availability Considerations For Traffic Prioritization
QoS is enabled by default on 8 Gbps ports. QoS is disabled by default on all 4 Gbps ports and long-distance 8 Gbps ports. Upgrade considerations for traffic prioritization This section applies only to 4 Gbps ports and long-distance 8 Gbps ports. Fabric OS Administrator’s Guide 53-1001763-02...
Page 451 If the port is an 8 Gbps port, you do not need to enable QoS unless the port is also a long-distance port (in the portcfgshow output, Long Distance is ON). This is a non-disruptive operation. Fabric OS Administrator’s Guide 53-1001763-02 QoS zones step 3 using the following command:...
Page 452 4.000G bw: 32.000G TRUNK QOS 30 B5300 4.000G bw: 16.000G TRUNK QOS 50 B300 8.000G bw: 64.000G TRUNK QOS 30 B5300 4.000G bw: 16.000G TRUNK 126 126 126 126 126 126 126 126 126 126 126 126 Fabric OS Administrator’s Guide 53-1001763-02...
Page 453: Limitations And Restrictions For Traffic Prioritization
QoS zones using D,I notation are not supported for QoS over FCR. • QoS zones using D,I notation should not be used for loop or NPIV ports. Fabric OS Administrator’s Guide 53-1001763-02 126 126 126 126 126 126 126 126 QoS zones...
Page 454: Setting Traffic Prioritization
If you later use the portCfgQos command to enable QoS on the port again, the port is not toggled because the configuration did not change. Chapter 20, “Managing Long Distance Fabrics,” for information about buffer credit Fabric OS Administrator’s Guide 53-1001763-02...
Page 455: Setting Traffic Prioritization Over Fc Routers
6. Connect to the FC router in the backbone fabric and log in as admin. Enter the portCfgQos command to enable QoS on the EX_Ports (or VEX_Ports). Fabric OS Administrator’s Guide 53-1001763-02 Setting traffic prioritization over FC routers cfg1 zone1; QOSH1_zone; QOSL2_zone QOSH1_zone 10:00:00:00:10:00:00:00;...
Page 456: Disabling Qos
In Fabric OS 6.3.x, bottleneck detection was configured on a per-port basis. Starting in Fabric OS 6.4.0, you configure bottleneck detection on a per-switch basis, with per-port exclusions. Fabric OS Administrator’s Guide 53-1001763-02...
Page 457: Supported Configurations For Bottleneck Detection
High availability considerations for bottleneck detection The bottleneck detection configuration is maintained across a failover or reboot; however, bottleneck statistics collected are lost. Fabric OS Administrator’s Guide 53-1001763-02 Bottleneck detection on page 418 for additional information on using “Virtual Fabrics...
Page 458: Trunking Considerations For Bottleneck Detection
Gateway, you do not get information about which device is causing a bottleneck, because devices are not directly connected to this port. To detect bottlenecks on an Access Gateway, enable bottleneck detection on the Access Gateway to which the devices are actually connected. Fabric OS Administrator’s Guide 53-1001763-02...
Page 459: Enabling Bottleneck Detection On A Switch
The exclusion takes effect only if the port becomes a trunk master or leaves the trunk. Fabric OS Administrator’s Guide 53-1001763-02 Enabling bottleneck detection on a switch enable command to enable bottleneck detection on all eligible...
Page 460: Displaying Bottleneck Detection Configuration Details
- Yes - 0.100 - 300 seconds - 300 seconds Fabric OS Administrator’s Guide 53-1001763-02...
Page 461 5000 switch:admin> bottleneckmon --status Bottleneck detection - Enabled ============================== Fabric OS Administrator’s Guide 53-1001763-02 Changing bottleneck alert parameters config command to set the alert option and specify new threshold configclear command to remove any port-specific alert parameters - Yes - 0.100...
Page 462: Displaying Bottleneck Statistics
Wed Jan 13 18:54:35 UTC 2010 Jan 13 18:54:10 Jan 13 18:54:15 Jan 13 18:54:20 Time(s) QTime(s) 4000 4000 Number of bottlenecked ports Fabric OS Administrator’s Guide 53-1001763-02...
Page 463: Disabling Bottleneck Detection On A Switch
1. Connect to the switch and log in as admin. 2. Enter the bottleneckmon switch:admin> bottleneckmon --disable Fabric OS Administrator’s Guide 53-1001763-02 Disabling bottleneck detection on a switch Jan 13 18:54:25 Jan 13 18:54:30 Jan 13 18:54:35...
Page 464 Disabling bottleneck detection on a switch Fabric OS Administrator’s Guide 53-1001763-02...
Page 465: In This Chapter
QoS disabled, they form two different trunks, one with QoS enabled and the other with QoS disabled. For more information on QoS, refer to Fabric OS Administrator’s Guide 53-1001763-02 Licensing”. on page 474 for additional information about EX_Port “QoS zones”...
Page 466: Criteria For Managing Trunking Connections
“Trunking over long distance fabrics” “EX_Port frame trunking configuration” on page 297 for information and procedures related to interoperability. on page 430. “Interoperability Fabric OS Administrator’s Guide 53-1001763-02...
Page 467: Supported Hardware
ASIC failure. • To provide the highest level of reliability, deploy trunking groups in redundant fabrics to further ensure that ISL failures do not disrupt business operations. Fabric OS Administrator’s Guide 53-1001763-02 Supported hardware...
Page 468: Basic Trunk Group Configuration
Mode 1 enables and mode 0 disables ISL Trunking for all ports on the switch. switch:admin> switchcfgtrunk 1 Committing configuration...done. is required after you install the ISL Trunking license. You must is useful to view the following information: “Monitoring Fabric Performance” on page 383. step Fabric OS Administrator’s Guide 53-1001763-02...
Page 469: Displaying Trunking Information
11-> 11 10:00:00:05:1e:81:56:8b Tx: Bandwidth 4.00Gbps, Throughput 1.66Gbps (48.45%) Rx: Bandwidth 4.00Gbps, Throughput 1.67Gbps (48.48%) Tx+Rx: Bandwidth 8.00Gbps, Throughput 3.33Gbps (48.46%) Fabric OS Administrator’s Guide 53-1001763-02 4 10:00:00:60:69:51:43:04 99 deskew 15 MASTER 99 deskew 16 MASTER 12-> 12 10:00:00:60:69:51:43:04 14-> 14 10:00:00:60:69:51:43:04 13->...
Page 470: Trunking Over Long Distance Fabrics
10 km 32 (four 8-port trunks) 200 km 3 (one 3-port trunk) 250 km 3 (one 3-port trunk) 500 km on page 426, “Configuring an extended ISL” Number of 4 Gbps ports 32 (four 8-port trunks) Fabric OS Administrator’s Guide 53-1001763-02...
Page 471: F_Port Trunking
The ports have Trunking enabled by displaying the port configuration using the portCfgShow command. • The ports are set to the same speed within the trunk. Fabric OS Administrator’s Guide 53-1001763-02 Distance Number of 2 Gbps ports 10 km 48 (six 8-port trunks)
Page 472: Enabling F_Port Trunking
448-1023 are reserved for the 10-bit address space. Addresses 0–447 are reserved for assigning to NPIV/Loop ports to support 112 [448/4] NPIV/Loop ports in a logical switch with 256 devices each. enable command to create the trunk area. disable command to remove ports from the trunk area. Fabric OS Administrator’s Guide 53-1001763-02...
Page 473: F_Port Trunking Considerations For Virtual Fabrics
Access Gateway mode. With F_Port trunking, any link within a trunk can go offline or become disabled, but the trunk remains fully functional and there are no reconfiguration requirements. The following table describes the PWWN format for F_Port and N_Port trunk ports. Fabric OS Administrator’s Guide 53-1001763-02 F_Port masterless trunking...
Page 474: Figure 66 Switch In Access Gateway Mode Without F_Port Trunking
The valid range of xx is [0 - FF], for maximum of 256. The valid range of xx is [0 - FF], for maximum of 256. Figure 66 shows a switch in shows a switch in AG mode with F_Port Fabric OS Administrator’s Guide 53-1001763-02...
Page 475: F_Port Masterless Trunking Considerations
Area assignment Authentication configdownload Fabric OS Administrator’s Guide 53-1001763-02 F_Port masterless trunking Description Does not support F_Port trunking. It only supports N_Port trunking in AG mode. You cannot create a Trunk Area on ports with different Admin Domains. You cannot create a Trunk Area in AD255.
Page 476 Long distance is not allowed on F_Port trunks, which means a Trunk Area is not allowed on long-distance ports; you cannot enable long distance on ports that have a Trunk Area assigned to them. Fabric OS Administrator’s Guide 53-1001763-02...
Page 477: Assigning A Trunk Area
Fabric OS Administrator’s Guide 53-1001763-02 F_Port masterless trunking Description Registered Node ID (RNID), Link Incident Record Registration (LIRR), and Query Security Attribute (QSA) ELSs are not supported on F_Port trunks.
Page 478: Table 90 Address Identifier
Tx: Bandwidth 16.00Gbps, Throughput 1.63Gbps (11.84%) 16 15 14 Area_ID State Master F-port Master F-port Slave F-port Slave F-port Slave 39->0 8.000G bw: 16.000G deskew 15 MASTER Table 90 10 9 7 6 5 Port ID Fabric OS Administrator’s Guide shows an 53-1001763-02...
Page 479: Enabling The Dcc Policy On A Trunk Area
DCC security policy violation. You can configure authentication on all three Brocade trunking configurations. For more information on authentication, see Fabric OS Administrator’s Guide 53-1001763-02 F_Port masterless trunking 38->1 8.000G bw: 8.000G deskew 15...
Page 480 F_Port masterless trunking Fabric OS Administrator’s Guide 53-1001763-02...
Page 481: Managing Long Distance Fabrics
ISLs (E_Ports) are configured with a large pool of buffer credits. The enhanced switch buffers help ensure that data transfer can occur at near-full bandwidth to efficiently utilize the connection over the extended links. This ensures the highest possible performance on ISLs. Fabric OS Administrator’s Guide 53-1001763-02 Chapter Chapter 16, “Administering...
Page 482: Extended Fabrics Device Limitations
10 km. Up to a total of 1452 full-size frame buffers are reserved for data traffic, depending on the specified desired_distance value. NOTE Long distance modes L0.5, L1, and L2 are not supported on Fabric OS v6.x. Fabric OS Administrator’s Guide 53-1001763-02...
Page 483: Configuring An Extended Isl
1/2 LS 1 100 Reserved Buffers = Warning: port may be reserving more credits depending on port speed. switch:admin> portshow 1/2 portName: portHealth: OFFLINE Fabric OS Administrator’s Guide 53-1001763-02 Chapter 19, “Managing Trunking Type Default Number Number 1000...
Page 484: Enabling Long Distance When Connecting To Tdm Devices
4. Configure the port to support long-distance links. switch:admin> portcfglongdistance [slot/]port,LS,0,100 PRESENT U_PORT 17.0 Offline No_Module 010200 4312003b 20:02:00:05:1e:94:0f:00 static (desired = 100 Km) Link_failure: 0 Loss_of_sync: 0 Loss_of_sig: Protocol_err: 0 Invalid_word: 0 Invalid_crc: Delim_err: Address_err: Lr_in: Lr_out: Ols_in: Ols_out: Frjt: Fbsy: Fabric OS Administrator’s Guide 53-1001763-02...
Page 485: Buffer Credit Management
Buffer-to-Buffer flow control provides consistent and reliable frame delivery of information from sender to receiver. Fabric OS Administrator’s Guide 53-1001763-02 Buffer credit management...
Page 486: Optimal Buffer Credit Allocation
~500 km at 1 Gbps: 4100, 4900, 5000, 7500, 7600 FA4-18, FC4-16IP, FR4-18i FC4-16, FC4-32, FC4-48 NOTE The following switches and blades do not have this limitation: 300, 5100, 5300, 5410, 5424, 5450, 5480, VA-40FC, FC8-16, FC8-32, FC8-48. Fabric OS Administrator’s Guide 53-1001763-02...
Page 487: Fibre Channel Gigabit Values Reference Definition
2,112 bytes is not realistic in practice. To gain the proper number of BB credits using the LS mode, there must be enough BB credits available in the pool because Fabric OS will check before accepting a value. Fabric OS Administrator’s Guide 53-1001763-02 Buffer credit management on page 449 Field size...
Page 488 The maximum remaining number of buffer credits for the port group, after each port reserves its eight buffer credits, is: 676 – (24 * 8) = 484 unreserved buffer credits Where: Table 92 on page 451 and Table 93 on page 452 to get the total ports in a Fabric OS Administrator’s Guide 53-1001763-02...
Page 489: Allocating Buffer Credits Based On Average-Size Frames
BB credits = roundup [(207 * 8.5) / 2.125] = 828 Fabric OS Administrator’s Guide 53-1001763-02 to get an approximation of the calculated number on page 447 to determine the data_rate value. Buffer credit management Table 92 on page 451.
Page 490: Allocating Buffer Credits For F_Ports
1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portBufferShow command. switch:admin> portbuffershow 17 User Port Port Type ---- ---- Max/Resv Buffer Needed Mode Buffers Usage Buffers ---- ------- ------ ------- ---------- --------- Link Remaining Distance Buffers 50km Fabric OS Administrator’s Guide 53-1001763-02...
Page 491: Buffer Credits For Each Switch Model
Implementing extended fabrics between Brocade 2xxx switches and switches running any Fabric OS v6.x is not supported. Fabric OS Administrator’s Guide 53-1001763-02 Total FC ports (per switch/blade) User port group size Unreserved buffers (per port group) Buffer credit management...
Page 492: Maximum Configurable Distances For Extended Fabrics
615 / 787 See the Note at the end of this table for information about this blade. 3208 1604 2125 1062 8 Gbps 145.5 121.5 117.5 121.5 323 / 347 323 /409 307 / 393 Fabric OS Administrator’s Guide 53-1001763-02...
Page 493: Buffer Credit Recovery
An FC_Port that supports BB_Credit recovery maintains the following BB_Credit recovery values: • BB_SC_N is the log2 of BB_Credit recovery modules. • BB_RDY_N counts the number of R_RDY primitives received modulo 2BB_SC_N. • BB_FRM_N counts the number of frames received modulo 2BB_SC_N. Fabric OS Administrator’s Guide 53-1001763-02 Buffer credit recovery...
Page 494 Buffer credit recovery Fabric OS Administrator’s Guide 53-1001763-02...
Page 495: In This Chapter
403 for information about QoS and instructions for setting traffic prioritization over an FC router. FCR supports interoperability with some versions of M-EOS. For more information about M-EOS interoperability support, see Fabric OS Administrator’s Guide 53-1001763-02 “QoS: SID/DID traffic prioritization” Appendix A, “M-EOS Migration Path to Fabric Chapter OS”.
Page 496: Supported Platforms For Fibre Channel Routing
McDATA Enterprise OS switches cannot exist in the backbone fabric. on page 457 for additional information about the Integrated “Use of Admin Domains with LSAN zones and FCR” Chapter 14, “Interoperability for Merged on page 477. SANs”. Fabric OS Administrator’s Guide 53-1001763-02...
Page 497: Integrated Routing
See the Fibre Channel over IP Administrator’s Guide for details about VE_Ports. Fabric OS Administrator’s Guide 53-1001763-02 Integrated Routing “Supported platforms for Fibre Channel...
Page 498: Figure 68 A Metasan With Inter-Fabric Links
459 shows a metaSAN with a backbone consisting of one FC router Figure 70 on page 460). Target Target Target Edge Edge fabric 3 fabric 3 E_Port E_Port Long distance IFL Channel Long distance IFL switch Fabric OS Administrator’s Guide Fibre Fibre Channel switch 53-1001763-02...
Page 499: Figure 69 A Metasan With Edge-To-Edge And Backbone Fabrics And Lsan Zones
IDs must be different, but the edge fabric IDs must be the same. If you configure the same fabric ID for two backbone fabrics that are connected to the same edge fabric, a RASLog message displays a warning about fabric ID overlap. Fabric OS Administrator’s Guide 53-1001763-02 Edge fabric 2 VEX_Port FC router...
Page 500: Figure 70 Edge Sans Connected Through A Backbone Fabric
Edge SAN 1 connected to storage in Edge FC router EX_Port Backbone fabric E_Port Edge SAN 1 = LSAN Edge SANs connected through a backbone fabric FC router EX_Port E_Port Edge SAN 2 “Phantom domains” Fabric OS Administrator’s Guide 53-1001763-02...
Page 501: Proxy Devices
For the edge fabric and backbone fabric devices to communicate, the shared devices must be presented to each other's native fabric. Fabric OS Administrator’s Guide 53-1001763-02 Figure 71 illustrates this concept.
Page 502: Phantom Domains
Figure 72 on page 463 shows a sample physical topology. This figure shows four FC routers in a backbone fabric and four edge fabrics connected to the FC routers. on page 477 for more information. Fabric OS Administrator’s Guide 53-1001763-02...
Page 503: Figure 73 Ex_Port Phantom Switch Topology
Front domain 1 (FC router 1) Xlate domain 1 (Fabric 2) Target 1' FIGURE 73 EX_Port phantom switch topology Fabric OS Administrator’s Guide 53-1001763-02 Target 1 Target 2 Fabric 1 Fabric 2 FC router 2 Host 1 Fabric 1 Front domain 2...
Page 504: Setting Up The Fc-Fc Routing Service
FC router. “Backbone fabric IDs” on page 466.) on page 467.) on page 471.) on page 474.) on page 477.) for more details about configuration “Verifying the setup for FC-FC “Inter-fabric link configuration” “FC Router “EX_Port Fabric OS Administrator’s Guide 53-1001763-02...
Page 505 “Administering 4. Enter the interopMode command and verify that Fabric OS switch interoperability with switches from other manufacturers is disabled. switch:admin> interopmode Fabric OS Administrator’s Guide 53-1001763-02 2.6.14.2 v6.4.0 Fri Jan 22 01:15:34 2010 Mon Jan 25 20:53:48 2010 1.0.9...
Page 506: Backbone Fabric Ids
In a multi-switch backbone fabric, modification of FID within the backbone fabric will cause disruption to local traffic. Valid McDataDefaultZone: 0 (disabled), 1 (enabled) Valid McDataSafeZone: 0 (disabled), 1 (enabled) Chapter 7, “Configuring Security Policies” “Enabling Brocade Native Fabric OS Administrator’s Guide 53-1001763-02...
Page 507: Assigning Backbone Fabric Ids
This section is applicable only to Fabric OS fabrics and does not apply to M-EOS fabrics. See the Fibre Channel over IP Administrator’s Guide for instructions on how to configure FCIP tunnels. Fabric OS Administrator’s Guide 53-1001763-02 disable fcr command to disable the FC-FC Routing Service. enable fcr command. FCIP tunnel configuration...
Page 508: Inter-Fabric Link Configuration
E_D_TOV: Authentication Type: None DH Group: N/A Hash Algorithm: N/A Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A info enabled NOT OK Not Applicable Brocade Native 50:06:06:9e:20:38:6e:1e Auto Negotiate Not Applicable Not Applicable Fabric OS Administrator’s Guide 53-1001763-02...
Page 509 Long Distance VC Link Init Locked L_Port Locked G_Port Disabled E_Port ISL R_RDY Mode RSCN Suppressed Persistent Disable NPIV capability Fabric OS Administrator’s Guide 53-1001763-02 Inter-fabric link configuration “FC Router port cost configuration” on page 476. AUTO AUTO “Configuring step...
Page 510 Brocade Native 50:06:06:9e:20:38:6e:1e Auto Negotiate Not Applicable Not Applicable Enabled state = Not OK Pref Dom ID: 160 R_A_TOV: 0 E_D_TOV: 0 PRESENT U_PORT EX_PORT 10.0 Offline No_Module 014a00 4372080f 20:4a:00:60:69:e2:03:86 normal PID fmt: auto Fabric OS Administrator’s Guide 53-1001763-02...
Page 511: Fc Router Port Cost Configuration
The router port cost is set automatically. This section provides information about the router port cost and describes how you can modify the cost for a port if you want to change the default value. Fabric OS Administrator’s Guide 53-1001763-02 FC Router port cost configuration Link_failure: 0...
Page 512: Port Cost Considerations
FC router, or they can be on multiple routers. Multiple EX_Ports create multiple paths for frame routing. Multiple paths can be used in two different, but compatible, ways: • Failing over from one path to another. • Using multiple paths in parallel to increase effective data transmission rates. Fabric OS Administrator’s Guide 53-1001763-02...
Page 513: Setting Router Port Cost For An Ex_Port
To set the cost of the EX_Port back to the default, enter a cost value of 0: switch:admin> fcrrouterportcost 7/10 0 6. Enter the portEnable command to enable the ports that you disabled in switch:admin> portenable 7/10 Fabric OS Administrator’s Guide 53-1001763-02 FC Router port cost configuration Cost 1000 1000...
Page 514: Ex_Port Frame Trunking Configuration
If there are no other links to the edge fabric from the backbone, the master port going offline may cause a traffic disruption in the backbone. in this guide. Chapter 19, “Managing Fabric OS Administrator’s Guide 53-1001763-02...
Page 515: Supported Configurations And Platforms
QoS disabled, then two trunk groups will form: one with QoS enabled and one with QoS disabled. Fabric OS Administrator’s Guide 53-1001763-02 EX_Port frame trunking configuration Masterless EX_Port trunking supported? VF mode required for masterless EX_Port trunking...
Page 516: Configuring Ex_Port Frame Trunking
10:00:00:05:1e:35:bb:32 "MtOlympus_82" No_Light Online EX_Port (Trunk port, master is Slot Online EX_Port (Trunk port, master is Slot Online EX_Port (Trunk port, master is Slot Online EX_Port 10:00:00:60:69:80:1d:bc "MtOlympus_72" 2 Port 2 Port 2 Port 2 Port Fabric OS Administrator’s Guide 53-1001763-02...
Page 517: Lsan Zone Configuration
LSAN zone, and the devices that they have in common will be able to communicate with each other across fabric boundaries. Fabric OS Administrator’s Guide 53-1001763-02 Chapter 15, “Managing Administrative Figure 70 on page 460, when the zones for Edge SAN 1 are defined, you do “QoS zones”...
Page 518: Lsan Zones And Fabric-To-Fabric Communications
"zone_cfg", "lsan_zone_fabric75" switch:admin> cfgenable "zone_cfg" You are about to enable a new zoning configuration. This action will replace the old zoning configuration with the current configuration selected. PortName 2,3; 10:00:00:00:c9:2b:c9:0c; DV5-5.20A6 " NodeName 20:00:00:00:c9:2b:c9:0c; na Fabric OS Administrator’s Guide 53-1001763-02...
Page 519 12. Enter the following commands to display information about the LSANs. • lsanZoneShow -s shows the LSAN. switch:admin> lsanzoneshow -s Fabric ID: 2 Zone Name: lsan_zone_fabric2 Fabric ID: 75 Zone Name: lsan_zone_fabric75 Fabric OS Administrator’s Guide 53-1001763-02 PortName 50:05:07:61:00:5b:62:ed; DNEF-309170 50:05:07:61:00:49:20:b4; DNEF-309170 lsan_zone_fabric2 10:00:00:00:c9:2b:c9:0c;...
Page 520: Setting The Maximum Lsan Count
For information on how to display the maximum allowed and currently used LSAN zones and devices, see “Resource monitoring” Device Exists 75 10:00:00:00:c9:2b:c9:0c c70000 50:05:07:61:00:5b:62:ed 0100ef 50:05:07:61:00:5b:62:ed 0100e8 Proxy 50:05:07:61:00:5b:62:ed 01f001 10:00:00:00:c9:2b:c9:0c 02f000 on page 491. Physical Device Physical State Exists in Fabric 0100e8 Imported c70000 Imported Fabric OS Administrator’s Guide 53-1001763-02...
Page 521: Configuring Backbone Fabrics For Interconnectivity
Without the Enforce tag, all FC routers import all LSAN zones, even those that are not needed. Fabric OS Administrator’s Guide 53-1001763-02 “Setting up LSAN zone binding” on page 488. However, instead of configuring...
Page 522 The target proxies D1 and D2 are always present in the host fabric (edge fabric 2), even if the host is brought down. A target proxy is removed from the host fabric when the target device is offline. Figure 74 on page 483 assume that the host, H1, needs fast access to target Fabric OS Administrator’s Guide 53-1001763-02...
Page 523: Figure 74 Example Of Setting Up Speed Lsan Tag
3. Enter the following command to create an Enforce LSAN tag: fcrlsan --add -enforce tagname where tagname is the name of the LSAN tag you want to create. Fabric OS Administrator’s Guide 53-1001763-02 Edge fabric 2 FC router 1 FC router 2...
Page 524 --remove -speed fasttag2 LSAN tag removed successfully Displaying the LSAN tag configuration 1. Log in to the FC router as admin. 2. Enter the fcrlsan remove command to remove an existing LSAN tag. show command. Fabric OS Administrator’s Guide 53-1001763-02...
Page 525: Lsan Zone Binding
486 shows a sample metaSAN with four FC routers in the backbone fabric. Without LSAN zone binding, each FC router in the backbone fabric would store information about LSAN zones 1, 2, 3, and 4. Fabric OS Administrator’s Guide 53-1001763-02 : fasttag2 LSAN zone configuration...
Page 526: Figure 75 Lsan Zone Binding
Fabric 9 Fabric 6 LSAN zone 4 With LSAN zone binding FC router 1 FC router 2 FC router 3 LSAN 1 LSAN 2 LSAN 3 LSAN 2 LSAN 4 Fabric OS Administrator’s Guide FC router 4 LSAN 4 53-1001763-02...
Page 527 Now edge fabrics 1, 2, 3, 7, and 8 can access each other, and edge fabrics 4, 5, 6, and 9 can access each other; however, edge fabrics in one group cannot access edge fabrics in the other group. Fabric OS Administrator’s Guide 53-1001763-02 “LSAN zone policies using LSAN tagging” Figure LSAN zone configuration...
Page 528 FCR:Admin> fcrlsanmatrix --add -lsan 10 19 FCR:Admin> fcrlsanmatrix --apply -all Figure 75 as an example, the following edge fabrics can access each other: add -lsan 0 0 will erase the entire LSAN fabric matrix settings in the Fabric OS Administrator’s Guide 53-1001763-02...
Page 529: Proxy Pid Configuration
Use the fcrXlateConfig command to display or assign a preferred domain ID to a translate domain. Fabric parameter considerations By default, EX_Ports and VEX_Ports detect, autonegotiate, and configure the fabric parameters without user intervention. You can optionally configure these parameters manually. Fabric OS Administrator’s Guide 53-1001763-02 10:00:00:60:69:c3:12:b3 (unknown) Fabric ID Proxy PID configuration...
Page 530: Inter-Fabric Broadcast Frames
This command displays only the FIDs that have the broadcast frame option enabled. The FIDs that are not listed have the broadcast frame option disabled. on page 244 for information about setting up broadcast zones.) Fabric OS Administrator’s Guide 53-1001763-02...
Page 531: Enabling Broadcast Frame Forwarding
The following example shows the use of the fcrResourceShow command to display physical port (EX_Port) resources. switch:admin> fcrresourceshow Daemon Limits: LSAN Zones: Fabric OS Administrator’s Guide 53-1001763-02 “Setting the maximum LSAN count” Max Allowed Currently Used ------------------------------- 3000 Resource monitoring...
Page 532: Fc-Fc Routing And Virtual Fabrics
If you want to change an EX_ or VEX_Port on the logical switch to be a non-EX or VEX_Port, you must use the portCfgDefault command. You cannot use the portCfgExPort command because that command is allowed only on the base switch. 10000 10000 WWN Pool Size --------------------------------- 8192 32768 2000 1000 Allocated 5413 16121 Fabric OS Administrator’s Guide 53-1001763-02...
Page 533: Logical Switch Configuration For Fc Routing
EX_Port to these logical switches, so the device in Fabric 1 cannot communicate with the other two devices. Fabric OS Administrator’s Guide 53-1001763-02 on page 232 for instructions on disallowing XISL use. on page 494 for information about how to configure FC routers to allow Figure 76 shows two chassis partitioned into logical switches.
Page 534: Backbone-To-Edge Routing With Virtual Fabrics
Fabric ID 128 Logical switch 6 Fabric ID 1 Allows XISL use Logical switch 7 Fabric ID 15 Logical switch 8 (Base switch) Fabric ID 8 Figure 76. As Edge fabric Fabric 15 Fabric 1 Fabric OS Administrator’s Guide 53-1001763-02...
Page 535: Upgrade And Downgrade Considerations For Fc-Fc Routing
FC ports on the FX8-24 blade). For all other ports on the blade, the EX_Port configuration is cleared. No ports are persistently disabled. Fabric OS Administrator’s Guide 53-1001763-02 Upgrade and downgrade considerations for FC-FC routing Figure 78 shows an FC router in legacy mode connected to a base switch.
Page 536: Displaying The Range Of Output Ports Connected To Xlate Domains
2, cost = 10000, costCnt = 0, type = 1 3, cost = 10000, costCnt = 0, type = 1 2, cost = 10000, costCnt = 0, type = 1 2, cost = 10000, costCnt = 0, type = 1 Fabric OS Administrator’s Guide 53-1001763-02...
Page 537: M-Eos Migration Path To Fabric Os
Fabric OS and M-EOSc interoperability compatibility matrix Fabric OS v5.1.0 v5.2.0 v5.3.0 v6.0.0 v6.1.0 v6.1.1 v6.1.1_enc v6.2.0 Fabric OS Administrator’s Guide 53-1001763-02 for more information. Versions of M-EOSc v6.2.0 v7.1.3x v8.0 v9.2.0 Chapter 14, Table 96 outlines which releases of v9.6.2 v9.7...
Page 538: Table 96 Fabric Os And M-Eosc Interoperability Compatibility Matrix
LSAN zone database binding—Increases FCR scalability to support more FC routers in the backbone and support more devices in the metaSAN. Versions of M-EOSc v6.2.0 v7.1.3x v8.0 v9.2.0 Versions of M-EOSn (i10k) v9.2.0 v9.6.2 (Continued) v9.6.2 v9.7 v9.8 v9.9 v9.8.0 v9.9.0 Fabric OS Administrator’s Guide 53-1001763-02...
Page 539: Mcdata Mi10K Interoperability
Trunking is not supported on EX_Ports connected to the M-EOS fabric. Connectivity modes You can connect to M-EOS fabrics in both McDATA Open mode or McDATA Fabric mode. If the mode is not configured correctly, the port is disabled because of incompatibility. Fabric OS Administrator’s Guide 53-1001763-02 McDATA Mi10K interoperability...
Page 540: Configuring The Fc Router
When the neighboring M-EOS switch is running in open mode. When the neighboring M-EOS switch is running in native mode. Not currently used. on page 468 for details about the portCfgExPort command, Primary/Secondary Versions v6.4.0 v6.4.0 Chapter 21, “Using the FC-FC Routing Fabric OS Administrator’s Guide 53-1001763-02...
Page 541 When you have configured the FC router to connect to a fabric, you must create LSAN zones for the SAN. After you set up LSAN zoning, issue the cfgShow command to verify that the zoning is correct. Fabric OS Administrator’s Guide 53-1001763-02 Fabric configurations for interconnectivity Connections”. For information on EX_Port Frame trunking “Configuring EX_Port frame trunking”...
Page 542: Configuring Lsan Zones In The M-Eos Fabric
---------------------------------------------------------------------------- “LSAN zone configuration” Proxy 20:00:00:01:73:00:59:dd 05f001 21:00:00:e0:8b:04:80:76 02f002 50:06:01:68:40:04:d3:95 02f001 10:00:00:00:c9:2d:3d:5c 020001 on page 477. web site under the Data Device Physical State Exists in Fabric 610902 Imported 340713 Imported 660713 Imported 011500 Imported Fabric OS Administrator’s Guide 53-1001763-02...
Page 543: Completing The Configuration
6. Log in to the Fabric OS edge fabric switch and enter the nsAllShow or the nsCamShow command. edgeswitch:admin> nsallshow 010e00 020000 03f001 04f002 4 Nx_Ports in the Fabric } edgeswitch:admin> nscamshow nscam show for remote switches: Switch entry for 1 Fabric OS Administrator’s Guide 53-1001763-02 Fabric configurations for interconnectivity...
Page 544 Device Shared in Other AD: No owner v410 0xfffc02 PortName 04f002; 3;10:00:00:00:00:03:00:00;10:00:00:00:00:00:03:00; Fabric Port Name: 50:06:06:91:23:45:6a:13 Permanent Port Name: 10:00:00:00:00:03:00:00 Port Index: na Share Area: No Device Shared in Other AD: No NodeName NodeName DV5-5.10A10 " NodeName Fabric OS Administrator’s Guide 53-1001763-02...
Page 545: Inband Management
If it returns with a valid gateway, the packet will be forwarded to that gateway address. NOTE Only IPv4 forwarding is supported. Fabric OS Administrator’s Guide 53-1001763-02 Appendix...
Page 546: Internal Ethernet Devices
CP and the GE port processor routing tables. IP addresses must be configured for both devices prior to configuring any routes. When configuring the routes for the CP, the GE port processor inband device address for that GE port is used instead of the Fabric OS Administrator’s Guide 53-1001763-02...
Page 547: Setting The Ip Address For The 7500S
1. Connect to the switch and log in as admin. 2. Enter the portCfg inbandmgmt command to add a route to the Management Station. switch:admin> portcfg inbandmgmt ge0 routeadd 192.168.3.0 255.255.255.0 Fabric OS Administrator’s Guide 53-1001763-02 IP address and routing management...
Page 548: Deleting An Inband Management Route
192.168.255.0/24 with a gateway 192.168.255.2 and an “Interface Management” route on the Mask Gateway 255.255.255.0 192.168.112.61 255.255.255.0 192.168.255.2 255.255.255.255 192.168.255.1 255.255.255.0 192.168.112.1 255.255.255.0 192.168.112.1 255.255.255.0 192.168.255.1 255.255.255.255 192.168.255.2 Gateway Metric Interface Interface Management Management Interface Management Management Metric Fabric OS Administrator’s Guide 53-1001763-02...
Page 549: Fips
1. Configure the IP address for each of the 7500s (L1 and R1): a. On the 7500 L1, create an IP address on the GE interface: switch:admin> portcfg ipif ge0 create 192.168.3.10 255.255.255.0 1500 Fabric OS Administrator’s Guide 53-1001763-02 Examples of supported configurations Figure 80, the...
Page 550: Configuring A Management Station On Different Subnets
When adding routes to the management station, a host-specific route can be used, but is not necessary. Figure 81 on page 511. To minimize the effect on IP traffic and limit the Fabric OS Administrator’s Guide 53-1001763-02...
Page 551 Configure the internal addresses for the inbd devices for CP and GE port (GE port 0 for this example). switch:admin> portcfg inbandmgmt ge0 ipaddrset cp 192.168.255.1 255.255.255.0 switch:admin> portcfg inbandmgmt ge0 ipaddrset ge 192.168.255.2 255.255.255.0 b. Add the route on the switch going to the Management Station. Fabric OS Administrator’s Guide 53-1001763-02 Examples of supported configurations...
Page 552 Configure the route going to the 7500 L1 management address. linux> route add -host 10.1.1.10 gw 192.168.3.250 b. Configure the route going to the 7500 R1 management address. linux> route add -host 10.1.2.20 gw 192.168.3.250 Fabric OS Administrator’s Guide 53-1001763-02...
Page 553: Port Indexing
264/128 280/144 263/143 279/159 262/142 278/158 261/141 277/157 260/140 276/156 259/139 275/155 258/138 274/154 257/137 273/153 Fabric OS Administrator’s Guide 53-1001763-02 Slot 3 Slot 4 Slot 7 Idx/area Idx/area Idx/area 303/167 319/183 335/199 302/166 318/182 334/198 301/165 317/181 333/197 300/164...
Page 554: Table 99 Default Index/Area_Id Core Pid Assignment With No Port Swap For The Brocade 48000
107/107 123/123 90/90 106/106 122/122 89/89 105/105 121/121 88/88 104/104 120/120 87/87 103/103 119/119 86/86 102/102 118/118 85/85 101/101 117/117 84/84 100/100 116/116 83/83 99/99 115/115 82/82 98/98 114/114 81/81 97/97 113/113 80/80 96/96 112/112 Fabric OS Administrator’s Guide 53-1001763-02...
Page 555: Port Indexing On The Brocade Dcx Backbone
774/0x06c0 790/0x16c0 773/0x05c0 789/0x15c0 772/0x04c0 788/0x14c0 771/0x03c0 787/0x13c0 770/0x02c0 786/0x12c0 769/0x01c0 785/0x11c0 768/0x00c0 784/0x10c0 Fabric OS Administrator’s Guide 53-1001763-02 Port indexing on the Brocade DCX backbone 0a0040 No_Module 0a0140 No_Module 0a0240 No_Module 0a00c0 No_Module 0a01c0 No_Module 0a02c0 No_Module 0a0dc0 No_Module...
Page 556 232/0xe840 248/0xf840 215/0xd740 231/0xe740 247/0xf740 214/0xd640 230/0xe640 246/0xf640 213/0xd540 229/0xe540 245/0xf540 212/0xd440 228/0xe440 244/0xf440 211/0xd340 227/0xe340 243/0xf340 210/0xd240 226/0xe240 242/0xf240 209/0xd140 225/0xe140 241/0xf140 208/0xd040 224/0xe040 240/0xf040 95/0x5f40 111/0x6f40 127/0x7f40 94/0x5e40 110/0x6e40 126/0x7e40 93/0x5d40 109/0x6d40 125/0x7d40 Fabric OS Administrator’s Guide 53-1001763-02...
Page 557: Port Indexing On The Brocade Dcx-4S Backbone
The output has been truncated. DCX-4S:admin> switchshow Index Slot Port Address Media Speed State ========================================= (output truncated) (output truncated) (output truncated) Fabric OS Administrator’s Guide 53-1001763-02 Port indexing on the Brocade DCX-4S backbone Slot 3 Slot 4 Slot 9 Index/PID Index/PID Index/PID...
Page 558 255/0xff00 254/0xfe00 253/0xfd00 252/0xfc00 251/0xfb00 250/0xfa00 249/0xf900 248/0xf800 247/0xf700 246/0xf600 245/0xf500 244/0xf400 243/0xf300 242/0xf200 241/0xf100 240/0xf000 239/0xef00 238/0xee00 237/0xed00 236/0xec00 235/0xeb00 234/0xea00 233/0xe900 232/0xe800 231/0xe700 230/0xe600 229/0xe500 228/0xe400 227/0xe300 226/0xe200 225/0xe100 224/0xe000 223/0xdf00 222/0xde00 221/0xdd00 Fabric OS Administrator’s Guide 53-1001763-02...
Page 559: Table 101 Default Index/16-Bit Pid Assignment With No Port Swap For The Brocade Dcx-4S
Default index/16-bit PID assignment with no port swap for the Brocade DCX-4S (Continued) Port on blade Fabric OS Administrator’s Guide 53-1001763-02 Port indexing on the Brocade DCX-4S backbone Slot 1 Index/PID Slot 2 Index/PID Slot 7 Index/PID Slot 8 Index/PID...
Page 560 Port indexing on the Brocade DCX-4S backbone Fabric OS Administrator’s Guide 53-1001763-02...
Page 561: Fips Support
TABLE 102 Zeroization behavior Keys DH private keys FCAP private key Fabric OS Administrator’s Guide 53-1001763-02 Table 102 lists the various keys used in the system Zeroization CLI Description No CLI required Keys will be zeroized within code before they are released from memory.
Page 562: Power-Up Self Tests
The command secCertUtil delkey -allis used to zeroize these keys. No CLI required Automatically zeroized on session termination. remove value is used to remove zeroize, which in addition to –- remove zeroizes the secret and Fabric OS Administrator’s Guide 53-1001763-02...
Page 563: Fips Mode Configuration
Root account RPC/secure RPC access Secure RPC protocols Signed firmware SNMP SSH algorithms Telnet/SSH access Fabric OS Administrator’s Guide 53-1001763-02 FIPS mode configuration Table 103 lists the Fabric OS feature and their FIPS mode SCP only SHA-1 HTTPS only TLS/AES128 cipher suite For FCIP IPSec the DH group 1 is FIPS-compliant and is not blocked.
Page 564: Ldap In Fips Mode
CA certificate is found on the switch • If Microsoft Active Directory server is configured for FIPS ciphers and the switch is in non-FIPS mode then user authentication will succeed. : GEOFF5.ADLDAP.LOCAL : 389 : adldap.local adldap.local Fabric OS Administrator’s Guide 53-1001763-02...
Page 565: Table 105 Active Directory Keys To Modify
Key exchange algorithm Protocols b. Enable FIPS algorithm policy on the Microsoft Active Directory. Refer to www.microsoft.com for instructions. Fabric OS Administrator’s Guide 53-1001763-02 “LDAP configuration and Microsoft Active on page 111 in Chapter 5, “Managing User Table 105. Refer to www.microsoft.com for instructions on...
Page 566: Ldap Certificates For Fips Mode
-ldapcacert Select protocol [ftp or scp]: scp Enter IP address: 192.168.38.206 Enter remote directory: /users/aUser/certs Enter Login Name: aUser Enter LDAP certificate name (must have ".pem" \ suffix):LDAPTestCa.cer Password: <hidden> Success: exported LDAP certificate 192.168.38.206 Fabric OS Administrator’s Guide 53-1001763-02...
Page 567: Preparing The Switch For Fips
5. Disable BootProm access. 6. Configure the switch for signed firmware. Disable root access. 8. Enable FIPS. Fabric OS Administrator’s Guide 53-1001763-02 on page 523 for a complete list of restrictions between FIPS and non-FIPS modes. Preparing the switch for FIPS...
Page 568: Enabling Fips Mode
“Activating an IP Filter policy” “Saving an IP Filter policy” change or aaaConfig remove command. “Setting up LDAP for FIPS mode” “Creating an IP Filter policy” on page 153. on page 157. You on page 154. on page 154. Fabric OS Administrator’s Guide 53-1001763-02...
Page 569: Disabling Fips Mode
8. Disable IPFilter policies that were created to enable FIPS. 9. Optional: Configure RADIUS server authentication protocol. 10. Reboot the switch. Fabric OS Administrator’s Guide 53-1001763-02 Preparing the switch for FIPS Press enter to accept default. enable fips. disable fips.
Page 570: Zeroizing For Fips
1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg 3. Reboot the switch. Displaying FIPS configuration 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg zeroize. showall. Fabric OS Administrator’s Guide 53-1001763-02...
Page 571: Hexadecimal
00 = Port (ALPA) = 0 (not used in this instance, but is used in loop, shared areas in PID assignments on blades, NPIV, and Access Gateway devices) Result: hexadecimal triplet 610600 = decimal triplet 97,06,00 Fabric OS Administrator’s Guide 53-1001763-02 PortName 2,3;10:00:00:00:c9:29:b3:84;20:00:00:00:c9:29:b3:84; na NodeName TTL(sec) DV5-5.10A10 "...
Page 572: Table 106 Decimal To Hexadecimal Conversion Table
Hexadecimal overview TABLE 106 Decimal to hexadecimal conversion table Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Fabric OS Administrator’s Guide 53-1001763-02...
Page 573 TABLE 106 Decimal to hexadecimal conversion table (Continued) Decimal Decimal Decimal Decimal Decimal Decimal Decimal Decimal Fabric OS Administrator’s Guide 53-1001763-02 Hexadecimal overview...
Page 574 Hexadecimal overview Fabric OS Administrator’s Guide 53-1001763-02...
Page 575 Admin Domains ports on demand TI zones AD255 Adaptive Networking Fabric OS Administrator’s Guide 53-1001763-02 adding a new switch or fabric to a zone Admin Domain members alias members end-to-end monitors members to a zone configuration ports to logical switches...
Page 576 PROM password bottleneck detection Broadcast server broadcast zones Brocade Vendor-Specific Attribute browser and Java support browser, configuration for certificates buffer credit management buffer credit recovery buffer-to-buffer credits certificate authorities (CA) Fabric OS Administrator’s Guide 53-1001763-02...
Page 577 Fabric OS Administrator’s Guide 53-1001763-02 configuring access methods, Web Tools authentication browser certificates certificates changing RADIUS servers date and time Enforce LSAN tag...
Page 578 ISL trunking encryption using SSL end-to-end monitors adding deleting restoring configuration saving configuration setting a mask end-to-end performance monitoring enforce LSAN tag equipment status events date and time EX_Port EX_Ports Fabric OS Administrator’s Guide 53-1001763-02...
Page 579 ID traffic isolation zones zone name restrictions zones, activating on stand-alone switch zoning restrictions Fabric Login Fabric Login server Fabric OS Administrator’s Guide 53-1001763-02 Fabric OS supported protocols Fabric Wide Consistency Policy FC router FC routing concepts supported platforms...
Page 580 Java support, SSL Java version license ID licensed features licenses Extended Fabrics license ID overview purchasing keys remove feature limiting traffic from a device Linux, configuring RADIUS on LISL Fabric OS Administrator’s Guide 53-1001763-02...
Page 581 McDATA members policy M-EOS SANs, connecting with Fabric OS SANs merging zones Fabric OS Administrator’s Guide 53-1001763-02 modifying TI zones zoning configurations modifying the FCS policy monitoring end-to-end performance ISL performance trunks...
Page 582 Admin Domains restoring monitor configuration Role-Based Action Control. See RBAC. routing dynamic load sharing exchange-based frame order delivery frame redirection lossless dynamic load sharing out-of-order exchanges port-based static routes Virtual Fabrics routing policies RSCN Fabric OS Administrator’s Guide 53-1001763-02...
Page 583 IP address time zone time zones traffic prioritization traffic prioritization over FC routers setting chassis configurations SID/DID traffic prioritization Fabric OS Administrator’s Guide 53-1001763-02 SNMP agent attributes configuration changes configuring password change polling traps specifying frame order delivery...
Page 584 FCR XISL, allowing on logical switches Web Tools access methods, configuration well-known addresses Windows RADIUS, configuring working with domain IDs format for logical ports Fabric OS Administrator’s Guide 53-1001763-02...
Page 585 WWN-based PID assignment WWNs switch WWNs in Admin Domains XISL, about xlate domains Fabric OS Administrator’s Guide 53-1001763-02 zone adding a new switch or fabric adding members administering security alias, adding members alias, deleting alias, removing members alias, viewing aliases...
Page 586 Admin Domains zone, broadcast zones QoS zones TI zones Fabric OS Administrator’s Guide 53-1001763-02...

This manual is also suitable for:

8 Poweredge m1000e Poweredge m600 Poweredge m605 Poweredge m610 Poweredge m710hd ... Show all

Brocade Communications Systems 53-1001763-02 Administrator's Manual

Standard Features

Chapter 1 Understanding Fibre Channel Services

Chapter 2 Performing Basic Configuration Tasks

Chapter 3 Performing Advanced Configuration Tasks

Chapter 4 Routing Traffic

Chapter 5 Managing User Accounts

Chapter 6 Configuring Protocols

Chapter 7 Configuring Security Policies

Quick Links

Related Manuals for Brocade Communications Systems 53-1001763-02

Summary of Contents for Brocade Communications Systems 53-1001763-02