Page 1 DRAFT: BROCADE CONFIDENTIAL 53-1001772-01 ® 30 March 2010 Web Tools Administrator’s Guide Supporting Fabric OS v6.4.0...
Page 2 DRAFT: BROCADE CONFIDENTIAL Copyright © 2006-2009 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Page 3: Document History
DRAFT: BROCADE CONFIDENTIAL Document History Document Title Publication Number Summary of Changes Publication Date Web Tools User’s Guide v2.0 53-0001536-01 September 1999 Web Tools User’s Guide v2.2 53-0001558-02 May 2000 Web Tools User’s Guide v2.3 53-0000067-02 December 2000 Web Tools User’s Guide v3.0 53-0000130-03 July 2001 Web Tools User’s Guide v2.6...
Page 4 DRAFT: BROCADE CONFIDENTIAL Document Title Publication Number Summary of Changes Publication Date Web Tools Administrator’s Guide 53-1000606-01 Updates to reflect updates to enhanced October 2007 Access Gateway support, changes to FCIP tunneling wizard, and other enhancements. Web Tools Administrator’s Guide 53-1000606-02 Updates for support for new switches, March 2008...
Page 5: Table Of Contents
Installing the Java plug-in on Windows..... 7 Java plug-in configuration........8 Configuring the Java plug-in for Windows.
Page 6 DRAFT: BROCADE CONFIDENTIAL Role-Based Access Control....... . . 14 Session management ........14 Ending a Web Tools session .
Page 7 DRAFT: BROCADE CONFIDENTIAL Switch configuration ........40 Enabling and disabling a switch .
Page 8 DRAFT: BROCADE CONFIDENTIAL Admin Domain configuration maintenance....64 Uploading and downloading from USB storage....65 Performing a firmware download .
Page 9 F_Port trunk groups ........101 Creating and maintaining F_Port trunk groups ... .101 Chapter 8 Monitoring Performance In this chapter .
Page 10 DRAFT: BROCADE CONFIDENTIAL Printing graphs .........116 Modifying graphs.
Page 11 DRAFT: BROCADE CONFIDENTIAL Chapter 10 Working with Diagnostic Features In this chapter ......... .139 Trace dumps .
Page 12 DRAFT: BROCADE CONFIDENTIAL Disabling Access Gateway mode ......163 Viewing the Access Gateway settings ..... . .163 Port configuration .
Page 13 DRAFT: BROCADE CONFIDENTIAL iSCSI service overview ........185 Supported platforms for iSCSI .
Page 14 DRAFT: BROCADE CONFIDENTIAL Configuring the link cost for a port ......204 Chapter 17 Configuring Standard Security Features In this chapter .
Page 15 DRAFT: BROCADE CONFIDENTIAL IPsec concepts .........228 Transport mode and tunnel mode .
Page 16 DRAFT: BROCADE CONFIDENTIAL Chapter 19 Configuring FCoE with Web Tools In this chapter ......... .255 Web Tools and FCoE overview .
Page 17 Switch Explorer ........... 19 Figure 8 Right-click for Copy, Export, and Search .
Page 18 DRAFT: BROCADE CONFIDENTIAL Figure 37 Zone Administration window........122 Figure 38 Sample zoning database.
Page 19 Switches that support WWN-based Persistent PID on Web Tools... . 43 Table 8 Event severity levels ..........54 Table 9 Ports enabled with POD licenses and DPOD feature .
Page 20 DRAFT: BROCADE CONFIDENTIAL Web Tools Administrator’s Guide 53-1001772-01...
Page 21: About This Document
Chapter 7, “Enabling ISL Trunking” provides information on managing the licensed ISL Trunking feature. • Chapter 8, “Monitoring Performance” provides information on how to use the Brocade Advanced Performance Monitoring feature to monitor your fabric performance. • Chapter 9, “Administering Zoning”...
Page 22: Supported Hardware And Software
DRAFT: BROCADE CONFIDENTIAL • Chapter 10, “Working with Diagnostic Features” provides information about trace dumps, viewing switch health, and interpreting the LEDs. • Chapter 11, “Using the FC-FC Routing Service” provides information on using the FC-FC Routing Service to share devices between fabrics without merging those fabrics. •...
Page 23: What's New In This Document
DRAFT: BROCADE CONFIDENTIAL • Brocade 7500 • Brocade 7500E • Brocade 7600 • Brocade 7800 Extension Switch • Brocade 8000 FCoE Switch • Brocade VA-40FC • Brocade Encryption Switch • Brocade DCX Backbone and Brocade DCX-4S Backbone FA4-18 Fibre Channel application blade FCOE10-24 DCX Blade FS8-18 Encryption Blade FC8-16 port blade...
Page 24: Document Conventions
DRAFT: BROCADE CONFIDENTIAL • Fabric Watch—Low Above alarms and System Monitor For further information, refer to the release notes. Document conventions This section describes text formatting conventions and important notice formats used in this document. TEXT FORMATTING The narrative-text formatting conventions that are used are: bold text Identifies command names Identifies the names of user-manipulated GUI elements...
Page 25: Key Terms
DRAFT: BROCADE CONFIDENTIAL CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data. DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you.
Page 26: Other Industry Resources
DRAFT: BROCADE CONFIDENTIAL White papers, online demonstrations, and data sheets are available through the Brocade website http://www.brocade.com/products-solutions/products/index.page For additional Brocade documentation, visit the Brocade website: http://www.brocade.com Release notes are available on the MyBrocade website and are also bundled with the Fabric OS firmware.
Page 27: Document Feedback
DRAFT: BROCADE CONFIDENTIAL • Brocade 300, 4100, 4900, 5100, 5300, 7500, 7800, 8000, VA-40FC, and Brocade Encryption Switch—On the switch ID pull-out tab located inside the chassis on the port side on the left • Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the switch •...
Page 28 DRAFT: BROCADE CONFIDENTIAL xxviii Web Tools Administrator’s Guide 53-1001772-01...
Page 29: In This Chapter
Java plug-in configuration ........
Page 30: Web Tools Features Enabled By The Egm License
DRAFT: BROCADE CONFIDENTIAL Web Tools, the EGM license, and DCFM Beginning with Fabric OS version 6.1.1, some Web Tools capabilities are moved from Web Tools to DCFM. Table 2 summarizes these changes. Web Tools features enabled by the EGM license Table 1 describes those Web Tools features that require the EGM license.
Page 31: Web Tools Functionality Moved To Dcfm
DRAFT: BROCADE CONFIDENTIAL Web Tools, the EGM license, and DCFM TABLE 1 Basic Web Tools features and EGM licensed features (Continued) Feature Basic Web Tools Web Tools with EGM License PDCM Matrix Performance Monitoring Dialog Port Administration Print zone database summary RBAC Routing and DLS Configuration Security Policies Tab (like ACL)
Page 32: System Requirements
DRAFT: BROCADE CONFIDENTIAL System requirements TABLE 2 Web Tools functionality moved to DCFM (Continued) Function Web Tools 6.1.0 DCFM Comments Device Zone Admin Configure > Zoning Accessibility the Compare dialog box provides the Matrix Storage-Host and Host-Storage view in a tree representation that is comparable to the Device Accessibility Matrix when all devices are selected.
Page 33: Setting Refresh Frequency For Internet Explorer
For Windows systems, a minimum of 256 MB of RAM for fabrics comprising up to 15 switches, 512 MB of RAM for fabrics comprising more than 15 switches, and a minimum of 8 MB of video RAM are recommended. Additionally, a DCX with a fully populated FC8-64 blade requires a minimum of 512 MB of RAM.
Page 34: Deleting Temporary Internet Files Used By Java Applications
DRAFT: BROCADE CONFIDENTIAL Java installation on the workstation 3. Choose Every visit to the page under “Check for newer versions of stored pages:” as shown in Figure 1 on page 6. FIGURE 1 Configuring Internet Explorer Deleting temporary internet files used by Java applications For Web Tools to operate correctly, you must delete the temporary internet files used by Java applications.
Page 35: Installing The Jre On Your Solaris Or Linux Client Workstation
DRAFT: BROCADE CONFIDENTIAL Java installation on the workstation If you attempt to open Web Tools with a later version of Java Plug-in installed: • Internet Explorer might prompt for an upgrade, depending on the existing Java Plug-in version. • Firefox uses the existing Java Plug-in. Installing the JRE on your Solaris or Linux client workstation Use the following procedure to do the JRE installation.
Page 36: Java Plug-In Configuration
DRAFT: BROCADE CONFIDENTIAL Java plug-in configuration • If no Java Plug-in is installed, point the browser to a switch running Fabric OS 5.2.0 or later to install JRE 1.6.0. For Fabric OS 6.3.0 install JRE 1.6.0 update 13. Web Tools guides you through the steps to download the proper Java Plug-in.
Page 37: Value Line Licenses
DRAFT: BROCADE CONFIDENTIAL Value line licenses 1. From the Start menu, select Settings > Control Panel. 2. Click the Advanced tab and expand the Default Java for browsers option, as shown in Figure 2 on page 9. FIGURE 2 Default Java for browsers option 3.
Page 38: Figure 3 Web Tools Interface
DRAFT: BROCADE CONFIDENTIAL Opening Web Tools Use the following procedure to open Web Tools. 1. Open the Web browser and enter the IP address of the device in the Address field: http://10.77.77.77 https://10.77.77.77 2. Press Enter. The Web Tools login dialog box displays. Refer to “Logging in”...
Page 39: Logging In
DRAFT: BROCADE CONFIDENTIAL Opening Web Tools Logging in When you use Web Tools, you must log in before you can view or modify any switch information. This section describes the login process. Prior to displaying the login window, Web Tools displays a security banner (if one is configured for your switch), that you must accept before logging in.
Page 40: Figure 4 Virtual Fabric Login Option
DRAFT: BROCADE CONFIDENTIAL Opening Web Tools 1. Select Options to display the Virtual Fabric options. You are given a choice between Home Logical Fabric and User Specified Virtual Fabric (Figure 4). Home Logical Fabric is the default. FIGURE 4 Virtual Fabric login option 2.
Page 41: Logging Out
DRAFT: BROCADE CONFIDENTIAL Opening Web Tools • To log in to the home domain, select Home Domain and click OK. • To log in to an Admin Domain other than the home domain, select User Specified Domain, enter the Admin Domain name or number, and click OK (Figure FIGURE 5 Login dialog box with Admin Domain options...
Page 42: Role-Based Access Control
DRAFT: BROCADE CONFIDENTIAL Role-Based Access Control • Your session times out. Role-Based Access Control Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the assigned role. For each role, there is a set of predefined permissions on the jobs and tasks that can be performed on a fabric and its associated fabric elements.
Page 43: Ending A Web Tools Session
DRAFT: BROCADE CONFIDENTIAL Web Tools system logs Web Tools does not display a warning when the session is about to time out. If your session ends due to inactivity, all Web Tools windows become invalid and you must restart Web Tools and log in again.
Page 44: Requirements For Ipv6 Support
DRAFT: BROCADE CONFIDENTIAL Requirements for IPv6 support The SwitchInfo.txt file contains the following basic switch information: • Switch Name • Fabric OS version • Switch Type • Ethernet Ipv4 • Ethernet IPv4 subnet mask • Ethernet IPv4 gateway The maximum size of the webtools.log file is 2MB. It is rolled into new file when the 5mb file size limit is exceeded.
Page 45: Using The Web Tools Interface
DRAFT: BROCADE CONFIDENTIAL Chapter Using the Web Tools Interface In this chapter • Viewing Switch Explorer ......... 17 •...
Page 46 Tools, it remembers the last window settings the next time you log in to the application. If you display the switch, the next time you log in to Web Tools, by default Switch View displays. The EGM license is required only for 8 Gbps platforms, such as the following: •...
Page 47: Figure 7 Switch Explorer
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer For non-8 Gbps platforms, all functionalities are available without EGM license. Tasks and Fabric Tree Menu bar Switch View buttons Changing the Virtual Fabric ID, or Changing the Admin Domain Switch Events and Switch Information...
Page 48: Changes For Consistency With Dcfm
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer Changes for consistency with DCFM Beginning with Fabric OS version 6.2.0, Web Tools icons are changed to be consistent with DCFM. Table 5 summarizes these changes. TABLE 5 Icon image changes Image name Old image New image Switch Director or DCX...
Page 49: Figure 8 Right-Click For Copy, Export, And Search
Prohibit The Search, Copy, and Export buttons are removed from the Web Tools tree and table headers, and are replaced by right-click operations, as shown in Figure FIGURE 8 Right-click for Copy, Export, and Search Web Tools Administrator’s Guide 53-1001772-01...
Page 50: Persisting Gui Preferences
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer Persisting GUI preferences Web Tools persists your GUI preferences across sessions for the Port Admin, Switch Admin, and Name Server dialog boxes on all web-browser platforms. Persistence is performed on a per host basis. The Port Admin GUI preferences that persist are: •...
Page 51: Fabric Tree
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer The Other section of the Tasks menu provides access to Telnet tools. NOTE There are certain Fabric OS features that are available only on particular switch types, and the system displays only the icons that are appropriate for the switch type. Fabric Tree Fabric Tree displays all switches in the fabric, even those that do not have a Web Tools license and that are not owned by your selected Admin Domain.
Page 52: Figure 10 Login Dialog Box With Admin Domain
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer Figure 10 displays the login dialog box. After you log in, all Admin Domains assigned to you are available in the drop-down menu (Figure 11). For most administrative tasks, you must be in either AD0 or the physical fabric.
Page 53: Switch View Buttons
You can click the small right arrow towards the left of the Switch Event tab to display the Switch View. The Switch View displays a graphical representation of the switch, including a real-time view of switch and port status. Refer to area 8 in Figure 7 on page 19.
Page 54: Figure 12 Usb Port Storage Management
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer The port LEDs in the Switch View match the LEDs on the physical switch. However, the blink rate of the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical switch.
Page 55: Switch Events And Switch Information
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer NOTE Click the USB port on the switch to launch the USB Storage Management window. Switch Events and Switch Information Switch Events and Switch Information display as tab forms under Switch View. The information in the Switch Information View is polled every 60 seconds.
Page 56: Free Professional Management Tool
DRAFT: BROCADE CONFIDENTIAL Displaying tool tips • RNID Type Type of the switch. Model Model of the switch. Tag of the switch. Sequence number Sequence number of the switch. Insistent Domain ID Current status of the Insistent Domain ID mode of the switch. Mode Manufacturer Manufacturer of the switch.
Page 57: Right-Click Options
DRAFT: BROCADE CONFIDENTIAL Right-click options Right-click options You can right-click a port to quickly perform some basic port administration tasks, as shown in Figure FIGURE 13 Right-click menu for ports (from Switch Explorer) The tasks are: • The Port Admin option displays the Port Administration window. •...
Page 58: Refresh Rates
DRAFT: BROCADE CONFIDENTIAL Refresh rates Refresh rates Different panels of Web Tools refresh at different rates. The refresh, or polling, rates listed in this section and throughout the book indicate the time between the end of one polling period and the start of the next, and not how often the screen is refreshed.
Page 59: Working With Web Tools: Recommendations
DRAFT: BROCADE CONFIDENTIAL Working with Web Tools: recommendations Use the following procedure to display switches in the fabric. 1. Open Web Tools as described in “Opening Web Tools” on page 9 and log in to the switch. Switch Explorer for your current switch. 2.
Page 60: Collecting Logs For Troubleshooting
Collect the logs shown on the Java console. 8. If you no longer want to see the Java console when you start Web Tools, go back to the Control Panel, repeat steps 1 and 2, and then deselect Show console.
Page 61: Managing Fabrics And Switches
DRAFT: BROCADE CONFIDENTIAL Chapter Managing Fabrics and Switches In this chapter • Fabric and switch management overview ......33 •...
Page 62: Figure 14 Switch Administration Window, Switch Tab
DRAFT: BROCADE CONFIDENTIAL Fabric and switch management overview If the switch is not a member of the selected Admin Domain, most tabs in the Switch Administration window display in read-only mode, regardless of your permission level. The User tab is editable because most of its information does not require switch membership in the current Admin Domain.
Page 63: Opening The Switch Administration Window
DRAFT: BROCADE CONFIDENTIAL Fabric and switch management overview Opening the Switch Administration window Most of the management procedures in this chapter are performed from the Switch Administration window. Web Tools Administrator’s Guide 53-1001772-01...
Page 64: Configuring Ip And Subnet Mask Information
DRAFT: BROCADE CONFIDENTIAL Configuring IP and subnet mask information To open the Switch Administration window, perform the following steps. 1. Select Tasks > Manage > Switch Admin. The Switch Administration dialog box displays in basic mode, as shown in Figure 14 page 34.
Page 65: Configuring A Syslog Ip Address
DRAFT: BROCADE CONFIDENTIAL Configuring a syslog IP address 3. Click Netstat Performance. 4. Select the Auto Refresh check box to automatically refresh the statistics details. Clear the check box to disable auto refresh. 5. When enabled, enter the interval time in seconds in the Auto-Refresh Interval field. The statistics details are automatically refreshed, based on the configured time interval.
Page 66: Configuring Ip Filtering
DRAFT: BROCADE CONFIDENTIAL Configuring IP Filtering Configuring IP Filtering Web Tools provides the ability to control what client IP addresses may connect to a switch or fabric. Use the following procedure to set up IP Filtering. 1. Open the Switch Administration window as described in “Opening the Switch Administration window”...
Page 67: Setting A Slot-Level Ip Address
DRAFT: BROCADE CONFIDENTIAL Blade management The Firmware Version columns display the firmware loaded onto each blade. A blade can have more than one firmware image loaded onto it. The Enable Blade column in the Blade tab pane indicates whether the blade is enabled. FIGURE 15 Blade tab 3.
Page 68: Viewing Ip Addresses
NOTE To remove a configuration, select a row in the table and click Delete. 8. Click Apply to save the values currently shown in the table or click Cancel to close the dialog box without saving any of your changes.
Page 69: Changing The Switch Name
DRAFT: BROCADE CONFIDENTIAL Switch configuration Changing the switch name Switches can be identified by IP address, domain ID, World Wide Name (WWN), or switch names. Names must begin with an alphabetic character, but otherwise can consist of alphanumeric, hyphen, and underscore characters. The maximum number of characters is 30, unless FICON mode is enabled.
Page 70: Switch Restart
DRAFT: BROCADE CONFIDENTIAL Switch restart 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 35. 2. Select the Switch tab. 3. Click View Report. 4. In the new window that displays the report, view or print the report using your browser. Switch restart When you restart the switch, the restart takes effect immediately.
Page 71: Wwn-Based Persistent Pid Assignment
Yes, if dynamic area addressing DCX/DCX-4S Enabled Can be set is enabled in the default switch. Not supported Brocade 5100 Enabled Default-8 bit Configurable dynamic Brocade 5300 Brocade 300 Disabled Default-8bit Configurable dynamic Brocade 5100 Brocade 5300 Configuring fabric settings Perform the following steps to configure the fabric settings.
Page 72: Enabling Insistent Domain Id Mode
DRAFT: BROCADE CONFIDENTIAL System configuration parameters 5. Click Apply. 6. Enable the switch as described in “Enabling and disabling a switch” on page 40. Fabric settings Configure the following fabric settings on the Fabric subtab of the Configure tab: BB Credit The buffer-to-buffer credit is the number of buffers available to attached devices for frame receipt.
Page 73: Configuring Virtual Channel Settings
DRAFT: BROCADE CONFIDENTIAL System configuration parameters Configuring virtual channel settings You can configure parameters for eight virtual channels (VC) to enable fine-tuning for a specific application. You cannot modify the first two virtual channels because these are reserved for switch internal functions.
Page 74: Configuring System Services
DRAFT: BROCADE CONFIDENTIAL System configuration parameters Arbitrated loop parameters Configure the following arbitrated loop parameters on the Arbitrated Loop subtab of the Configure tab: Send Fan Frames Select this check box to specify that fabric address notification (FAN) frames are sent to public loop devices to notify them of their node ID and address.
Page 75: Licensed Feature Management
DRAFT: BROCADE CONFIDENTIAL Licensed feature management 4. Select the Enable Signed Firmware Download check box. 5. Click Apply. Licensed feature management The licensed features currently installed on the switch are listed in the License tab of the Switch Administration window, as shown in Figure 16.
Page 76: Assigning Slots For A License Key
DRAFT: BROCADE CONFIDENTIAL Licensed feature management 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 35. 2. Select the License tab and click Add. The Add License dialog box displays. 3. Paste or enter a license key in the field. 4.
Page 77: Universal Time-Based Licensing
DRAFT: BROCADE CONFIDENTIAL High Availability overview Universal time-based licensing After v6.3.0, Web Tools supports universal time-based licensing. Each universal key is for a single feature, and can be used on any product that supports the feature, for a defined trial period. At the end of the trial period, the feature gets disabled.
Page 78 DRAFT: BROCADE CONFIDENTIAL High Availability overview 2. Click the HA button in the Switch View. Web Tools Administrator’s Guide 53-1001772-01...
Page 79: Figure 17 High Availability Window, Service Tab
DRAFT: BROCADE CONFIDENTIAL High Availability overview The High Availability dialog box displays. FIGURE 17 High Availability window, Service tab Web Tools Administrator’s Guide 53-1001772-01...
Page 80: Synchronizing Services On The Cp
DRAFT: BROCADE CONFIDENTIAL High Availability overview FIGURE 18 High Availability window, CP tab The High Availability window contains the following two tabs: • The Service tab displays information about the switch. When the hardware is configured as a dual switch, the Service tab displays information about both switches. •...
Page 81: Initiating A Cp Failover
DRAFT: BROCADE CONFIDENTIAL Event monitoring 1. Open the High Availability window as described in “Launching the High Availability window” page 49. 2. Verify that the HA Status field displays HA enabled, Heartbeat Up, HA State synchronized. If the HA Status field displays HA enabled, Heartbeat Up, HA State synchronized you are finished.
Page 82: Displaying Switch Events
• Detailed error message for root cause analysis There are four message severity levels: Critical, Error, Warning, and Info. Table 8 lists the event message severity levels displayed on the Switch Events tab and explains what qualifies event messages to be certain levels.
Page 83: Filtering Switch Events
DRAFT: BROCADE CONFIDENTIAL Event monitoring Filtering Switch Events You can filter the fabric and switch events by time, severity, message ID, and service. You can apply either one type of filter at a time or multiple types of filters at the same time. When a filter is applied, the filter information displays at the bottom of the filtered information and the Show All link is available to allow you to view the information unfiltered.
Page 84: Filtering Events By Service Component
DRAFT: BROCADE CONFIDENTIAL Displaying the Name Server entries NOTE You can enter multiple message IDs as long as you separate them by commas. You can enter either the full message ID (moduleID-messageType) or a partial ID (moduleID only). The message ID filtering is case-sensitive. 5.
Page 85: Printing The Name Server Entries
DRAFT: BROCADE CONFIDENTIAL Physically locating a switch using beaconing Printing the Name Server entries Use the following procedure to set up printing preferences. 1. Select Tasks > Monitor > Name Server. The Name Server window displays. 2. Click Print. 3. On the Page Setup dialog box, set up your printing preferences and click OK. The Print dialog box displays.
Page 86: Locating Logical Switches Using Chassis Beaconing
DRAFT: BROCADE CONFIDENTIAL Locating logical switches using chassis beaconing 1. Select a logical switch using the drop-down list under Fabric Tree section in the Switch Explorer window. The selected switch displays in the Switch View. 2. Select Beacon for a switch, or Chassis Beacon for a chassis-based switch. The LED lights on the actual switch light up on the physical switch in a pattern running back and forth across the switch itself.
Page 87: Viewing Logical Ports
DRAFT: BROCADE CONFIDENTIAL Virtual Fabrics overview Under the Switch Information tab, Base Switch, Default Switch, and Allow XISL Use are specific to VIrtual Fabrics. These options perform these functions: • Base Switch indicates whether or not the logical switch can act as a base switch. A base switch is a special logical switch that can be used for chassis interconnection.
Page 88 DRAFT: BROCADE CONFIDENTIAL Virtual Fabrics overview Web Tools Administrator’s Guide 53-1001772-01...
Page 89: Maintaining Configurations And Firmware
DRAFT: BROCADE CONFIDENTIAL Chapter Maintaining Configurations and Firmware In this chapter • Creating a configuration backup file ....... 61 •...
Page 90: Figure 21 Information Dialog Box
DRAFT: BROCADE CONFIDENTIAL Creating a configuration backup file An info link is enabled when USB is chosen as the source of the configuration file. If you click on info, the following information message displays (Figure 21). FIGURE 21 Information dialog box To create a configuration backup file, perform the following task.
Page 91: Restoring A Configuration
DRAFT: BROCADE CONFIDENTIAL Restoring a configuration Restoring a configuration Restoring a configuration involves overwriting the configuration on the switch by downloading a previously saved backup configuration file. Perform this procedure during a planned down time. Make sure that the configuration file you are downloading is compatible with your switch model. Configuration files from other model switches might cause your switch to fail.
Page 92: Admin Domain Configuration Maintenance
Enter the configuration file with a fully-qualified path, or select the configuration file in the Configuration File Name field. 8. Use the Fabric ID selector to select the fabric ID of the logical switch to which the configuration file is to downloaded.
Page 93: Uploading And Downloading From Usb Storage
Admin Domain context” on page 23 for complete instructions. The EGM license is required only for 8 Gbps platforms, such as the Brocade DCX and DCX-4S enterprise-class platforms, the Encryption Switch, the 300, 5300, and 5100 switches. For non-8 Gbps platforms, all functionalities are available without the EGM license.
Page 94 DRAFT: BROCADE CONFIDENTIAL Performing a firmware download When you request a firmware download, the system first checks the file size being downloaded. If the compact flash does not have enough space, Web Tools displays a message and the download does not occur. If this happens, contact your switch support supplier. NOTE You can perform a firmware download only when the current Admin Domain owns the switch.
Page 95: Sas And Sa Firmware Download
DRAFT: BROCADE CONFIDENTIAL Switch configurations for mixed fabrics Close all Web Tools windows and log in again. If the firmware download is in progress when you log in, you can continue to monitor its progress. SAS and SA firmware download If you are downloading SAS and DMM firmware directly to the blade, you have more options on the Firmware Download tab.
Page 96: Enabling Interoperability
DRAFT: BROCADE CONFIDENTIAL Switch configurations for mixed fabrics Enabling interoperability When you configure interoperability, Web Tools verifies that the domain ID of the switch falls within the range for the interoperability mode you select. The domain ranges are: • The normal domain ID range is 1 through 239. •...
Page 97: Managing Administrative Domains
DRAFT: BROCADE CONFIDENTIAL Chapter Managing Administrative Domains In this chapter • Administrative Domain overview ........69 •...
Page 98: User-Defined Admin Domains
DRAFT: BROCADE CONFIDENTIAL Administrative Domain overview User-defined Admin Domains AD1 through AD254 are user-defined Admin Domains. These user-defined Admin Domains can be created only by a physical fabric administrator in AD255. System-defined Admin Domains AD0 and AD255 are special Admin Domains and are present in every AD-capable fabric. AD0 is a system-defined Admin Domain that, in addition to containing members you explicitly added (similar to user-defined Admin Domains), it contains all online devices, switches, and switch ports that were not assigned to any user-defined Admin Domain.
Page 99: Admin Domain Membership
Manage Advanced Performance Monitoring (this can be managed in AD0 if no other Admin Domains are present, but only if you are using Web Tools with the EGM license). The EGM license is required only for 8 Gbps platforms, such as the following: •...
Page 100: Admin Domain Window
If you are not using Web Tools with the EGM licensed installed, managing Admin Domain operations is denied and an error message displays. The EGM license is required only for 8 Gbps platforms, such as the following: • Brocade DCX and DCX-4S enterprise-class platforms •...
Page 101: Figure 26 Admin Domain Window, Summary View
DRAFT: BROCADE CONFIDENTIAL Admin Domain window For non-8 Gbps platforms, all functionalities are available without EGM license. FIGURE 26 Admin Domain window, summary view The Admin Domain window displays information about the Admin Domains that are defined in the fabric. If you launch the Admin Domain window from AD255 (physical fabric), the window contains information about the current content of all Admin Domains.
Page 102: Figure 27 Admin Domain Window, Single Admin Domain Detail
DRAFT: BROCADE CONFIDENTIAL Admin Domain window When you launch the Admin Domain window and select the parent Admin Domains node in the tree on the left pane, the Admin Domain window displays summary information about all of the Admin Domains, as shown in Figure 26.
Page 103: Opening The Admin Domain Window
DRAFT: BROCADE CONFIDENTIAL Admin Domain window NOTE You must accept the Brocade Certificate at the beginning of the log in to Web Tools to enable the functionality of Export and Copy. • Click Export Row or Export Table to save the contents to a tab-delimited file. •...
Page 104: Refreshing Fabric Information
DRAFT: BROCADE CONFIDENTIAL Admin Domain window Refreshing fabric information When you refresh, the system updates the display of fabric elements only (switches, ports, and devices). It does not update Admin Domain changes in the Admin Domain window. This option allows you to refresh the fabric element information displayed at any time. To refresh the fabric information open the Admin Domain window and click Refresh.
Page 105: Closing The Admin Domain Window
DRAFT: BROCADE CONFIDENTIAL Creating and populating domains Closing the Admin Domain window It is important to remember that any changes you make in the Admin Domain window are not saved automatically. Use the following procedure to close the Admin Domain window. 1.
Page 106: Adding Ports Or Switches To The Fabric
Select a switch, slot, or port and click Add Devices to add all of the devices for the selected element. 8. Optional: Click Manual to add offline devices. NOTE To add ports or other switches in the fabric, launch the Add Member wizard by clicking the Manual button.
Page 107: Activating Or Deactivating An Admin Domain
6. Remove members from the Admin Domain by selecting them in the Selected Members section and clicking Remove. Alternatively, you can press the Delete key to remove selected items. Click Next. Use the summary to verify that the Admin Domain setup is correct. 8. Click Finish. Web Tools Administrator’s Guide 53-1001772-01...
Page 108: Renaming Admin Domains
DRAFT: BROCADE CONFIDENTIAL Modifying Admin Domain members 9. Select Actions > Save AD Configuration to save the new Admin Domain configuration to persistent storage. 10. Select Actions > Apply AD Configuration to enforce the new Admin Domain configuration as the effective configuration.
Page 109: Clearing The Admin Domain Configuration
DRAFT: BROCADE CONFIDENTIAL Modifying Admin Domain members Clearing the Admin Domain configuration When you clear the Admin Domain configuration, all user-defined Admin Domains are deleted and all fabric resources (switches, ports, and devices) are returned to AD0. You cannot clear the Admin Domain configuration if zone configurations exist in any of the user-defined Admin Domains.
Page 110 DRAFT: BROCADE CONFIDENTIAL Modifying Admin Domain members Web Tools Administrator’s Guide 53-1001772-01...
Page 111: Managing Ports
DRAFT: BROCADE CONFIDENTIAL Chapter Managing Ports In this chapter • Port management overview ........83 •...
Page 112: Port Administration Window Components
DRAFT: BROCADE CONFIDENTIAL Port management overview • Indirect members are: Non-owned ports on a member switch Non-owned ports to which member devices are attached • All active ports, as well as any inactive EX_Ports are shown. Port Administration window components The Port Administration window has the following two tabs in the top left corner: •...
Page 113 DRAFT: BROCADE CONFIDENTIAL Port management overview • The Ports Explorer tree on the left side. Items in the tree are displayed as follows: Switches—Switch ID, with switch name in parentheses; for example, 3(MapsSW_202) Blades—Slot number of the blade, with blade ID in parentheses; for example, Slot 7(24) Ports—Port number;...
Page 114: Controllable Ports
DRAFT: BROCADE CONFIDENTIAL Port management overview • When viewing detailed information about a port, the Advanced Mode provides these additional subtabs: General—All ports Enable/Disable Trunking  Enable/Disable NPIV  Port Swap  F_Port Trunking  Re-Authenticate  Bind/Un-Bind PID  F-Port BB Credit ...
Page 115: Configuring Fc Ports
You must use Web Tools with the EGM license enabled on the switch to configure long distance; otherwise, access to this feature is denied and an error message displays. The EGM license is required only for 8 Gbps platforms, such as the following: •...
Page 116: Allowed Port Types
DRAFT: BROCADE CONFIDENTIAL Configuring FC ports 1. Click a port in the Switch View to open the Port Administration window. 2. Click the FC Ports tab. 3. Select the port you want to configure from the tree on the left. 4.
Page 117: Long Distance Mode
Otherwise, access to this feature is denied and an error message displays. For information about long-distance mode settings, refer to Chapter 14, “Administering Extended Fabrics”. The EGM license is required only for 8 Gbps platforms, such as the following: • Brocade DCX and DCX-4S enterprise-class platforms •...
Page 118: Port Beaconing
DRAFT: BROCADE CONFIDENTIAL Port beaconing NOTE Although it is not required, it is recommended that port names be unique. Perform the following procedure to assign a name to a port. 1. Click a port in the Switch View to open the Port Administration window. 2.
Page 119: Considerations For Enabling Or Disabling A Port
DRAFT: BROCADE CONFIDENTIAL Persistent enabling and disabling ports 1. Click a port in the Switch View to open the Port Administration window. 2. Select the FC Ports or GigE Ports tab. 3. From the tree on the left, select the switch or slot that contains the port you want to enable or disable.
Page 120: Enabling And Disabling Npiv Ports
DRAFT: BROCADE CONFIDENTIAL Enabling and disabling NPIV ports NOTE Ports cannot be persistently enabled or disabled when FMS is enabled. 1. Select a port in the Switch View to open the Port Administration window. 2. Select the FC Ports or GigE Ports tab. 3.
Page 121: Port Activation
Brocade 4018 0-11 12-17 Any available ports Brocade 4016 0-7, 10-13 8, 9, 14, 15 Any available ports Brocade 300 8-15 16-23 When using the Brocade 4016, 4018, 4020, and 4024 switches, you can enable the Dynamic Ports on Demand (DPOD) feature, which allows you to select the ports to be enabled (instead of predefined sets of ports) after the POD license is installed.
Page 122: Enabling Ports On Demand
DRAFT: BROCADE CONFIDENTIAL Port activation In the Port Administration window, the Licensed attribute indicates whether a port is licensed (yes), whether it can be license (possible) because there are free licenses available (only applicable with the Dynamic POD feature), or whether it is not licensed and cannot be licensed because there is no available license.
Page 123: Disabling Dynamic Ports On Demand
DRAFT: BROCADE CONFIDENTIAL Port activation • Available Licenses indicate the number of free licenses. These can be allocated for any port. • Total Licenses indicate the total number of licenses. Disabling Dynamic Ports on Demand NOTE Disabling DPODs causes traffic disruption. Any prior port associations and assignments are lost the next time the switch is restarted.
Page 124: Port Swapping Index
If the port is on a blade, you must also provide the slot number. NOTE Port swap is not supported above the 16th port in a 48 port card in FMS mode. 8. Click Swap. Web Tools Administrator’s Guide 53-1001772-01...
Page 125: Determining If A Port Index Was Swapped With Another Switch Port
DRAFT: BROCADE CONFIDENTIAL Configuring BB credits on an F_Port Determining if a port index was swapped with another switch port Use the following procedure to determine whether a port was swapped. 1. Select a port in the Switch View to open the Port Administration window. 2.
Page 126: Figure 32 F-Port Bb Credit Button
4. Click F-Port BB Credit as shown in Figure 5. Enter the BB credit value in the Enter BB Credit field (the default value is 8). NOTE You cannot modify the default BB credit value for VE and ICL ports.
Page 127: Enabling Isl Trunking
You must use Web Tools with the EGM license to create ISL trunk groups and to manage F_Port trunks. The EGM license is required only for 8 Gbps platforms, such as the following: • Brocade DCX and DCX-4S enterprise-class platforms •...
Page 128: Admin Domain Considerations
DRAFT: BROCADE CONFIDENTIAL Viewing trunk group information 3. From the tree on the left, select the switch name or slot name. 4. From the table, select the port that you want to trunk. You can select multiple ports from the table. You cannot select multiple ports from the tree. 5.
Page 129: F_Port Trunk Groups
The FS8 -18 Encryption blade provides trunk groups with a maximum of eight ports per trunk group. The trunk groups are in the blade port ranges 0-7 and 8-15, which are applicable to front end ports. On the Brocade Encryption Switch, the trunk groups are in the port ranges 0-7, 8-15, 16-23, and 24-31, which are applicable on the front end ports.
Page 130 A trunk group is created, identified by the trunk index, and containing the port you selected. Select the trunk group you just created. Add Members becomes active. 8. Additional ports can be added by selecting a port from Ports for trunking table and then clicking Add Members. NOTE To remove a port from the trunk group, select the port from Trunk Groups table and then click Remove Members.
Page 131: Monitoring Performance
DRAFT: BROCADE CONFIDENTIAL Chapter Monitoring Performance In this chapter • Performance Monitor overview........103 •...
Page 132: Performance Graphs
DRAFT: BROCADE CONFIDENTIAL Performance Monitor overview The Advanced Monitoring option in the Performance Graphs window displays predefined reports and filter-based performance monitoring. You can use this feature to track the following: • The number of words received and transmitted in Fibre Channel frames with a defined SID/DID pair.
Page 133: Predefined Performance Graphs
DRAFT: BROCADE CONFIDENTIAL Performance Monitor overview Predefined performance graphs Web Tools predefines basic graph types to simplify performance monitoring. A wide range of end-to-end fabric, LUN, device, and port metrics graphs are included. Table 10 lists the basic monitoring graphs available. Table 11 lists the advanced monitoring graphs.
Page 134: Table 12 Supported Port Types For Brocade Switches
7600, the 7500, 7500E, and 7800 Extension switches, and the Brocade Encryption Switch, the X-axis scales up to 8.0 Gbps in increments of 0.8 Gbps. Port throughput utilization is represented by a horizontal bar for each selected port The horizontal bar gets longer or shorter depending on the percent utilization for that port at the last poll time.
Page 135: User-Defined Graphs
DRAFT: BROCADE CONFIDENTIAL Performance Monitor overview Figure 34 shows how to access the list of Advanced Performance Monitoring graphs using Web Tools with the EGM license. This example displays the graphs available in the Performance Monitoring window for a Brocade 48000 director with the Advanced Performance Monitoring license installed.
Page 136: Canvas Configurations
DRAFT: BROCADE CONFIDENTIAL Opening the Performance Monitoring window Canvas configurations A canvas is a saved configuration of graphs. The graphs can be either the Web Tools predefined graphs or user-defined graphs. Each canvas can hold up to eight graphs per window, with six shown Figure 35.
Page 137: Creating Basic Performance Monitor Graphs
DRAFT: BROCADE CONFIDENTIAL Creating basic performance monitor graphs Creating basic performance monitor graphs Use the following procedure to create the basic performance monitor graphs listed in Table 10 page 105. 1. Open the Performance Monitoring window. 2. Select Performance Graphs > Basic Monitoring > Graph Type. Depending on the type of graph you select, you might be prompted to select a slot or port for which to create a graph.
Page 138: Figure 36 Select Ports For Customizing The Switch Throughput Utilization Graph
DRAFT: BROCADE CONFIDENTIAL Customizing basic monitoring graphs The title of the dialog box varies, depending on the type of graph you are customizing, but the layout of the dialog box is the same. Figure 36 displays an example of the setup dialog box for the Edit Switch Throughput Utilization graph.
Page 139: Advanced Performance Monitoring Graphs
DRAFT: BROCADE CONFIDENTIAL Advanced performance monitoring graphs Click Apply. Only the selected ports are displayed in the graph. Advanced performance monitoring graphs This section describes how to create the advanced performance monitor graphs listed in Table 11 on page 105. Because the procedure for creating these graphs differs depending on the type of graph, each type is described separately in the sections that follow.
Page 140: Creating The Scsi Vs. Ip Traffic Graph
Click Yes to display the graphs. 8. When you close a graph, a dialog box asks if you want to save the monitor. If you click OK, the monitor is saved, and persists if the switch is restarted.
Page 141: Tunnel And Tcp Performance Monitoring Graphs
DRAFT: BROCADE CONFIDENTIAL Tunnel and TCP performance monitoring graphs 1. Open the Performance Monitoring window. 2. Select Performance Graphs > Advanced Monitoring > SCSI Commands > Graph Type. The applicable setup dialog box displays. 3. Navigate to a switch > slot > port in the Port Selection List. 4.
Page 142: Tunnel And Tcp Graph Chart Properties
DRAFT: BROCADE CONFIDENTIAL Saving graphs to a canvas The Tunnel and TCP Graph dialog box displays. 3. Select the tunnel from the Tunnels drop-down list for which you want to generate the graphs. For Brocade 7800 extension switch, you can have maximum four circuit connections in a tunnel and for FX8-24 DCX extension blade, you can have maximum 10 circuit connections in a tunnel.
Page 143 DRAFT: BROCADE CONFIDENTIAL Saving graphs to a canvas 1. Open the Performance Monitoring window. 2. Create basic or advanced Performance Monitor graphs, as described in “Creating basic performance monitor graphs” on page 109 and “Advanced performance monitoring graphs” on page 111. The graphs display in the Performance Monitor window.
Page 144: Adding Graphs To An Existing Canvas
DRAFT: BROCADE CONFIDENTIAL Adding graphs to an existing canvas 3. Select File > Save Current Canvas Configuration. The Save Canvas Configuration dialog box displays. 4. Enter a name and description for the configuration and click Save Canvas. A message displays, confirming that the configuration was successfully saved to the switch.
Page 145: Modifying Graphs
5. Make changes in the Edit dialog box, as necessary. 6. Click OK to close the Edit dialog box. Click Save to save the changes and close the Performance Monitor Canvas dialog box. 8. Click Close to close the Canvas Configuration List. Web Tools Administrator’s Guide 53-1001772-01...
Page 146 DRAFT: BROCADE CONFIDENTIAL Modifying graphs Web Tools Administrator’s Guide 53-1001772-01...
Page 147: Administering Zoning
DRAFT: BROCADE CONFIDENTIAL Chapter Administering Zoning In this chapter • Zoning overview ..........119 •...
Page 148: Traffic Isolation Zones
DRAFT: BROCADE CONFIDENTIAL Zoning overview Zones can be configured dynamically. They can vary in size, depending on the number of fabric-connected devices, and devices can belong to more than one zone. Because zone members can access only other members of the same zone, a device not included in a zone is not available to members of that zone.
Page 149: Zoning Configurations
DRAFT: BROCADE CONFIDENTIAL Zoning configurations Zoning configurations The Zone Administration window is where all of the zoning tasks are performed. When performing zoning tasks for switches in a mixed fabric—that is, a fabric containing two or more switches running different fabric operating systems—you should use the switch with the highest Fabric OS level.
Page 150: Figure 37 Zone Administration Window
DRAFT: BROCADE CONFIDENTIAL Zoning management If the FCS policy is activated in the fabric, zoning can be administered only from the primary FCS switch. If the selected switch has an Advanced Zoning license installed, but is not the primary FCS switch, the Zone Admin option is displayed, but not activated.
Page 151: Refreshing Fabric Information
DRAFT: BROCADE CONFIDENTIAL Zoning management Note the following: • “Saving” means updating the zoning database on the switch with the local changes from the Web Tools buffer. • “Refreshing” means copying the current state of the zoning database on the switch to the Web Tools buffer, overwriting its current contents.
Page 152: Refreshing Zone Administration Window Information
DRAFT: BROCADE CONFIDENTIAL Zoning management 1. Open the Zone Administration window. 2. Select View > Refresh From Live Fabric. This refreshes the status for the fabric, including switches, ports, and devices. NOTE Depending on the role associated with your user name or if the switch is owned by the current Admin Domain you are logged in to, you may not be able to modify zones or ports in other Admin Domains.
Page 153: Selecting A Zoning View
DRAFT: BROCADE CONFIDENTIAL Zoning management Saving the changes propagates any changes made in the Zone Administration window (buffered changes) to the zoning database on the switch. If another user has a zoning operation in progress at the time that you attempt to save changes, a warning displays that indicates that another zoning transaction is in progress on the fabric.
Page 154: Creating And Populating Zone Aliases
Selected members move to the Alias Members window. 8. Optional: Repeat steps 6 and 7 to add more elements to the alias. 9. Optional: Click Add Other to include a WWN or port that is not currently a part of the fabric.
Page 155: Renaming Zone Aliases
DRAFT: BROCADE CONFIDENTIAL Zoning management 5. Click Add Member to add the selected alias member, or click Remove Member to remove the selected alias member. The alias is modified in the Zone Admin buffer. 6. Select Zoning Actions > Save Config to save your configuration changes. Renaming zone aliases The new alias name cannot exceed 64 characters and can contain alphabetic, numeric, and underscore characters.
Page 156: Creating And Populating Zones
The selected member is moved to the Zone Members window. 9. Optional: Repeat steps 7 and 8 to add more elements to your zone. 10. Optional: Click Add Other to include a WWN or port that is not currently a part of the fabric. At this point, you can either save your changes or save and enable your changes.
Page 157: Renaming Zones
To perform clone operations for zoning, the EGM license must be installed on the switch; otherwise, access to this feature is denied and an error message displays. The EGM license is required only for 8 Gbps platforms, such as the following: •...
Page 158: Deleting Zones
DRAFT: BROCADE CONFIDENTIAL Zoning management Deleting zones For information on enabling the configuration, refer to “Enabling zone configurations” on page 134. Use the following procedure to delete a zone. 1. Open the Zone Administration window as described in “Opening the Zone Administration window”...
Page 159: Zone Configuration And Zoning Database Management
Zone configuration and zoning database management Optional: Repeat steps 5 and 6 to add more elements to your TI zone. 8. When you are finished, click OK. The Traffic Isolations Zones window displays. 9. Click Apply to save the TI zone configuration.
Page 160: Adding Or Removing Zone Configuration Members
Click Add Member to add configuration members. Selected members are moved to the Config Members window. 8. Repeat steps 6 and 7 to add more elements to your configuration. 9. Select Zoning Actions > Save Config to save the configuration changes.
Page 161: Renaming Zone Configurations
DRAFT: BROCADE CONFIDENTIAL Zone configuration and zoning database management Renaming zone configurations The new name cannot exceed 64 characters and can contain alphabetic, numeric, and underscore characters. Use the following procedure to change the name of a zone configuration. NOTE You cannot rename the currently enabled configuration.
Page 162: Enabling Zone Configurations
DRAFT: BROCADE CONFIDENTIAL Zone configuration and zoning database management 3. Select the configuration you want to delete from the Name list and click Delete. 4. On the confirmation dialog box, click Yes. The selected configuration is deleted from the configuration database. 5.
Page 163: Displaying Enabled Zone Configurations
DRAFT: BROCADE CONFIDENTIAL Zone configuration and zoning database management Displaying enabled zone configurations The enabled zone configuration screen displays the actual content of the single zone configuration that is currently enabled on the fabric, whether it matches the configuration that was enabled when the current Zone Administration session was launched or last refreshed.
Page 164: Adding A Wwn To Multiple Aliases And Zones
DRAFT: BROCADE CONFIDENTIAL Zone configuration and zoning database management NOTE If no zone is enabled, a message displays, indicating that there is no active zoning configuration on the switch. 3. Optional: Click Print located in the Print Effective Zone Configuration dialog box to print the enabled zone configuration details.
Page 165: Replacing A Wwn In Multiple Aliases And Zones
DRAFT: BROCADE CONFIDENTIAL Zone configuration and zoning database management Replacing a WWN in multiple aliases and zones This procedure enables you to replace a WWN throughout the Zone Admin buffer. This is helpful when exchanging devices in your fabric and helps you to maintain your current configuration. Use the following procedure to replace a WWN in multiple aliases and zones.
Page 166: Clearing The Zoning Database
DRAFT: BROCADE CONFIDENTIAL Best practices for zoning Clearing the zoning database Use the following procedure to disable the active zoning configuration, if one exists, and delete the entire zoning database. You must disable any active configuration before you can delete the zoning database.
Page 167: Chapter 10 Working With Diagnostic Features
DRAFT: BROCADE CONFIDENTIAL Chapter Working with Diagnostic Features In this chapter • Trace dumps ..........139 •...
Page 168: How A Trace Dump Is Used
DRAFT: BROCADE CONFIDENTIAL Trace dumps How a trace dump is used The generation of a trace dump causes a CRITICAL message to be logged to the system error log. When a trace dump is detected, issue the supportSave command on the affected switch. This command packages all error logs, the supportShow output, and trace dump, and moves these to your FTP server.
Page 169: Enabling Automatic Transfer Of Trace Dumps
DRAFT: BROCADE CONFIDENTIAL Displaying switch information Enabling automatic transfer of trace dumps The switch must belong to your current Admin Domain before you can perform this task. Use the following procedure to enable the automatic transfer of trace dumps. 1. Open the Switch Administration window. 2.
Page 170: Viewing Detailed Fan Hardware Status
DRAFT: BROCADE CONFIDENTIAL Displaying switch information Enter the text string in the box that displays on the table, as shown in Figure 39, and press Enter. This is an incremental search and allows 24 maximum characters including wildcards question mark (?) and asterisk (*). The first row containing the text string is highlighted. To find the next match, click the down arrow.
Page 171: Viewing The Temperature Status
DRAFT: BROCADE CONFIDENTIAL Displaying switch information Use the following steps to view the detailed fan status of a switch. 1. Select a logical switch using the drop-down list under Fabric Tree section in the Switch Explorer window. The selected switch displays in the Switch View. The icon on the Fan button indicates the overall status of the fan.
Page 172: Checking The Physical Health Of A Switch
DRAFT: BROCADE CONFIDENTIAL Displaying switch information Checking the physical health of a switch The Status button displays the operational state of the switch. The icon on the button displays the real-time status of the switch. If no data is available from a switch, the most recent background color remains displayed. Any error-based status messages that is based on a per time interval cause the status to show faulty until the entire sample interval has passed.
Page 173: Defining Switch Policy
DRAFT: BROCADE CONFIDENTIAL Defining Switch Policy NOTE The Port Detail Report and Switch Availability Monitor (SAM) reports display the details of only those ports which are members of the current Admin Domain context and the E_Ports of the switch. 4. Optional: Hold the cursor on the Action bar and click an action to perform one of the following options: •...
Page 174: Port Led Interpretation
DRAFT: BROCADE CONFIDENTIAL Port LED interpretation NOTE The options available in the dialog box may differ, depending on the options available on your switch, including CP, core blades, blades, and WWN. FIGURE 43 Switch Status Policy dialog box 3. Configure the numerical values to conform to your definition of a healthy switch. Numerical values that are above “Marginal”...
Page 175: Led Representations
DRAFT: BROCADE CONFIDENTIAL Port LED interpretation • Blue (buffer-limited) • Dimmed (unlicensed) LED representations The port icons are different for different switch models. Figure 44 displays E_Port port icons and associated LEDs from a Brocade 4100 switch. For the Brocade 4100, the top row of LEDs corresponds to the upper port, and the bottom row of LEDs corresponds to the lower port.
Page 176: Brocade 48000 Director Leds
DRAFT: BROCADE CONFIDENTIAL Port LED interpretation Brocade 48000 Director LEDs For the Brocade 48000 director, the representation of the port LEDs on the FC4-32 port blade is not the same as the LEDs on the physical blade. Figure 45 on page 148 compares the LEDs on the physical port card and the Web Tools display.
Page 177: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Using the FC-FC Routing Service In this chapter • Fibre Channel Routing overview ........149 •...
Page 178: Supported Switches For Fibre Channel Routing
DRAFT: BROCADE CONFIDENTIAL Supported switches for Fibre Channel Routing VEX_Port A virtual port that enables routing functionality through an FCIP tunnel. A VEX_Port is similar to an EX_Port. A device is shared between: • The backbone fabric and edge fabric 1 •...
Page 179: Opening The Fc Routing Module
DRAFT: BROCADE CONFIDENTIAL FC-FC routing management The FC Routing module provides a dynamic display. Any changes in the FCR configuration on the switch are automatically updated in the FC Routing module within 30 to 90 seconds, depending on the network traffic. The switch must be FC Router-capable, as described in “Fibre Channel Routing overview”...
Page 180: Viewing And Managing Lsan Fabrics
DRAFT: BROCADE CONFIDENTIAL FC-FC routing management The FC Routing module displays (as shown in Figure 46). If FC-FC Routing is disabled, a message to that effect displays on all the tabs in the module. FIGURE 46 FC Routing module in Disabled mode with General tab selected Viewing and managing LSAN fabrics The LSAN Fabric tab (Figure 47...
Page 181: Viewing Ex_Ports
DRAFT: BROCADE CONFIDENTIAL Viewing EX_Ports To manage an LSAN fabric, select the fabric to manage and click Manage LSAN Fabric in the task bar. A browser window is launched with the following URL: http://ip-address-of-lsan-fabric-switch For Brocade switches, this launches Web Tools. For non-Brocade fabrics, this launches the Element Manager for that switch.
Page 182: Figure 48 Fc Routing Module With Ex_Ports Tab Selected
DRAFT: BROCADE CONFIDENTIAL Viewing EX_Ports From the EX_Ports tab, you can perform the following port management tasks by selecting a port in the table, and then clicking a task in the task bar: • Configure EX_Ports • Edit an EX_Ports configuration •...
Page 183: Configuring An Ex_Port
Every link has a default cost. For an EX_Port 1 Gbps, 2 Gbps, 4 Gbps, and 8 Gbps links, the default cost is 1000. For a VEX_Port, the default cost is 10000. If the cost is set to 0, the default cost are be used for that link.
Page 184: Viewing Lsan Zones
DRAFT: BROCADE CONFIDENTIAL Viewing LSAN zones Use the following procedure to configure the FCR router port cost. 1. Open the Switch View window. 2. Click FCR in the Manage section of the Tasks menu. 3. Click the Ex_Ports tab. 4. Click the Router Port Cost button. Viewing LSAN zones The LSAN Zones tab displays all the LSAN zones, in both a tabular and tree form.
Page 185 The fabric ID is a number from 1 through 128. Web Tools warns you if you select a fabric ID that is already in use. 8. Click OK. 9. After Web Tools automatically re-enables the FC-FC Routing Service, select all the EX_Ports in the table, and click Enable..
Page 186 DRAFT: BROCADE CONFIDENTIAL Configuring the backbone fabric ID Web Tools Administrator’s Guide 53-1001772-01...
Page 187: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Using the Access Gateway In this chapter • Access Gateway overview ........159 •...
Page 188: Viewing Switch Explorer For Access Gateway Mode
DRAFT: BROCADE CONFIDENTIAL Viewing Switch Explorer for Access Gateway mode NOTE When Access Gateway mode is enabled on switches managed through Web Tools, only a limited subset of menus and options related to device management are available. A switch in Access Gateway mode is considered a device management tool and not a fabric switch, therefore fabric related options are disabled, fabric management menus are unavailable, and fabric-related service requests are forwarded to the fabric switches.
Page 189: Access Gateway Mode
DRAFT: BROCADE CONFIDENTIAL Access Gateway mode • Switch View Access Gateway mode The Access Gateway feature on the Brocade Encryption switch and the Brocade 8000 enables interoperability with the Cisco fabrics. The Access Gateway mode of the switch presents standard F_Ports to the hosts, but it connects to the Enterprise fabric as N_Port (rather than as E_Port in case of a regular switch).
Page 190: Enabling Access Gateway Mode
DRAFT: BROCADE CONFIDENTIAL Enabling Access Gateway mode • Configure N-Port Groups — You can only view the port group details from the Port Group Configuration window. The following options are disabled as shown in Figure Disable N-port Grouping Edit/View Delete FIGURE 51 Port Group Configuration—view only •...
Page 191: Disabling Access Gateway Mode
DRAFT: BROCADE CONFIDENTIAL Disabling Access Gateway mode Use the following procedure to enable Access Gateway mode. 1. Select a switch. 2. Click Switch Admin in the Manage section under Tasks. The Switch Administration dialog box displays. 3. Click Disable in the Switch Status section. You can enable Access Gateway mode only after the switch is disabled.
Page 192: Creating Port Groups
6. Enter the name for the new port group in the Port Group Name field. Select the Login Balancing check box to enable login balance for the port group. 8. Select the Fabric Name Monitoring check box to manually configure the managed fabric name monitoring.
Page 193: Deleting Port Groups
Click Yes to enable failover to all the ports in the port group or click No if you do not want to enable failover. 8. Click Failover Disable. A confirmation dialog box displays. Click Yes to disable failover to all the ports in the port group or click No if you do want to disable failover.
Page 194: Defining Custom F-N Port Mapping
The WWN fails over to the secondary mapping if the primary mapped port is offline. If a secondary port is not defined, the failover moves to any online ports. 8. Optional: To create a detached WWN-N port mapping, enter the WWN value into the WWN field and click Add.
Page 195: Access Gateway Policy Modification
DRAFT: BROCADE CONFIDENTIAL Access Gateway policy modification Access Gateway policy modification Although you can control a number of policies on switches in Access Gateway mode, Web Tools only provides the ability to enable and disable the policies. For more information on these policies please refer to Access Gateway Administrator’s Guide.
Page 196: Access Gateway Limitations On The Brocade 8000
DRAFT: BROCADE CONFIDENTIAL Access Gateway limitations on the Brocade 8000 4. In the Switch Explorer window, select Switch Admin. The Switch Administration window displays (Figure 52). FIGURE 52 Access Gateway Auto Rebalancing 5. Click Refresh. 6. Under the Access Gateway Mode section, do the following: •...
Page 197 DRAFT: BROCADE CONFIDENTIAL Access Gateway limitations on the Brocade 8000 • When the Brocade 8000 runs in Access Gateway mode, all the FCoE ports are F-Ports and all the FC port are N-Ports. • When Access Gateway is enabled, F Ports mapping to N Ports is allowed and all 4 FCOE ports in the trunk group are mapped to the same N Port.
Page 198 DRAFT: BROCADE CONFIDENTIAL Access Gateway limitations on the Brocade 8000 Web Tools Administrator’s Guide 53-1001772-01...
Page 199: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Administering Fabric Watch In this chapter • Fabric Watch overview......... . 171 •...
Page 200: Using Fabric Watch With Web Tools
DRAFT: BROCADE CONFIDENTIAL Using Fabric Watch with Web Tools Using Fabric Watch with Web Tools You do not need the EGM license to perform Fabric Watch operations using Web Tools. NOTE Unless the switch is a member of the current Admin Domain context, Fabric Watch is view-only. FIGURE 53 Fabric Watch window Fabric Watch Explorer, on the left side of the window, displays the available classes.
Page 201: Opening The Fabric Watch Window
DRAFT: BROCADE CONFIDENTIAL System Monitor Opening the Fabric Watch window Use the following procedure to open the Fabric Watch window. 1. Select a switch from the Fabric Tree and log in if necessary. 2. Select Tasks > Manage > Fabric Watch. The Fabric Watch window displays, as shown in Figure System Monitor...
Page 202: Configuring Threshold Traits
If necessary, select a time to record the event in the Time Base field. 8. Enter the lowest boundary of the normal zone in the Low Boundary field. 9. Enter the highest boundary of the normal zone in the High Boundary field.
Page 203 Select the check box for the type of notification method you want to use for each event type (Changed, Below, Above, Inbetween). The available alarm actions are: • ERROR_LOG • SNMP_TRAP • RAPI_TRAP • PORT_LOG_LOCK • EMAIL_ALERT 8. Click Apply. Web Tools Administrator’s Guide 53-1001772-01...
Page 204: Enabling Or Disabling Threshold Alarms
• To enable threshold alarms, click Enabled and continue with the next step. 8. Select a behavior type for the threshold alarms: • Click Triggered to receive threshold alarms only when they are triggered by events that you defined.
Page 205: Fabric Watch Alarm Information
Click Apply to apply the changes to the switch. A confirmation dialog box displays, asking if you want to apply the changes to the switch. 8. Click OK to save the changes to the switch. Fabric Watch alarm information From Fabric Watch, you can view two types of reports: •...
Page 206: E-Mail Notification
DRAFT: BROCADE CONFIDENTIAL E-mail notification NOTE Note that for the FRU class, only the Name, State, and Time columns are displayed. In addition, if the FRU area is Fan, the Name column refers to either a fan or a fan FRU, depending on the switch model.
Page 207: Configuring The E-Mail Alert
DRAFT: BROCADE CONFIDENTIAL E-mail notification 6. Click Apply. Configuring the e-mail alert You can set a different e-mail alert configuration for each class. For example, you can set one e-mail notification for SFPs and another for E_Ports. Before configuring e-mail alert recipients, you must set up the e-mail notification recipient’s DNS server and domain name.
Page 208 DRAFT: BROCADE CONFIDENTIAL E-mail notification Web Tools Administrator’s Guide 53-1001772-01...
Page 209: Chapter 14 Administering Extended Fabrics
• Port Speed—The port speed is displayed as follows: 1G—1 Gbps 2G—2 Gbps 4G—4 Gbps 8G—8 Gbps N1—Negotiated 1 Gbps N2—Negotiated 2 Gbps N4—Negotiated 4 Gbps Auto-Negotiation •...
Page 210: Figure 54 Extended Fabric Tab
DRAFT: BROCADE CONFIDENTIAL Extended link buffer allocation overview For an LD-mode link, the desired distance is used as the upper limit of the link distance to calculate buffer availability for other ports in the same port group. If the measured distance is more than the desired distance, the desired distance is used to allocate the buffers.
Page 211: Configuring A Port For Long Distance
Configuring a port for long distance The Brocade Encryption Switch and the FS8-18 Encryption blade support auto-negotiated link speeds of 1, 2, 4, and 8 Gbps. The GE ports are always locked at 1 Gbps. TABLE 16 Long-distance settings and license requirements...
Page 212 Enter a number in the field to indicate the distance in kilometers. The allowed values depend on the port capability: • If the port capability is 8 GB, type a number between 10 and 63 inclusive. • If the port capability is 4 GB, type a number between 10 and 125, inclusive.
Page 213: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Administering the iSCSI Target Gateway In this chapter • iSCSI service overview......... . 185 •...
Page 214: Supported Platforms For Iscsi
DRAFT: BROCADE CONFIDENTIAL iSCSI service overview Supported platforms for iSCSI The iSCSI target gateway service is supported on the Brocade 48000 director with CP blades running Fabric OS v5.2.0 and later releases, and configured with an FC4-16IP blade. Common iSCSI Target Gateway Admin functions You can right-click on the table content in the window to access Export, Copy, and Search options: NOTE You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the...
Page 215: Saving Changes
Gigabit Ethernet port. Uses a copper CAT-5e cable for an IP connection to an RJ-45 copper connector. FC4-16IP has 8 ports of this type that support 1 Gbps speed. Protocol Data Unit. A unit of data with a header and an optional data section.
Page 216: Setting Up Iscsi Target Gateway Services
DRAFT: BROCADE CONFIDENTIAL Setting up iSCSI Target Gateway services Setting up iSCSI Target Gateway services The following procedure provides an overview of the basic steps for setting up iSCSI target gateway services. The iSCSI Setup wizard guides you through the steps to set up iSCSI connectivity between IP networks and your Fibre Channel SAN.
Page 217: Launching The Iscsi Setup Wizard
DRAFT: BROCADE CONFIDENTIAL Setting up iSCSI Target Gateway services Launching the iSCSI setup wizard Use the following procedure to launch the iSCSI setup wizard. 1. Select a logical switch using the drop-down list under Fabric Tree section in the Switch Explorer window.
Page 218: Editing An Ip Address
6. Click OK when you receive the Warning dialog box. Enter the subnet mask. 8. Enter the MTU size or accept the default MTU size, and click OK. NOTE To change the IP address, delete the current IP address and recreate it. You are not allowed to create an additional IP address for this interface, because there can be only one IP address per interface.
Page 219: Configuring The Ip Route (Optional)
5. Click Edit. A warning dialog box displays. 6. Click OK. Enter a new value for the metric. 8. Click OK. NOTE If you want to change a value other than the metric, you must delete this route and create another in its place.
Page 220: Using Easy Create To Create Iscsi Virtual Targets
You must expand each unit until you get to the actual LUN. Click Add LUN(s). This adds the selected LUNs to your virtual target. 8. Click Next and click Finish. Using Easy Create to create iSCSI virtual targets Easy Create is an alternative method for creating iSCSI virtual targets.
Page 221: Searching For A Specific Fibre Channel Target
DRAFT: BROCADE CONFIDENTIAL Discovery Domain management Searching for a specific Fibre Channel target The creation wizard has a search function to find specific Fibre Channel targets. Use the following procedure to search for a specific FC target. 1. Click the Search link. 2.
Page 222: Creating A Discovery Domain
DRAFT: BROCADE CONFIDENTIAL Discovery Domain management Discovery domains can be created with virtual targets, iSCSI initiators, or both. In the wizard, you can do the following tasks: • You can configure the DD. You must specify the DD name, and then you can add or remove initiators and targets.
Page 223: Discovery Domain Sets
DRAFT: BROCADE CONFIDENTIAL Discovery domain sets Discovery domain sets The iSCSI Target Gateway Admin module provides the flexibility to create discovery domain sets (DDSet) that define the host target access. (This functionality is similar to Fibre Channel zoning.) Use the Discovery Domains tab to view and manage access from iSCSI initiators to iSCSI virtual targets.
Page 224: Creating A Chap User
DRAFT: BROCADE CONFIDENTIAL CHAP configuration The CHAP module pane lists CHAP secrets in a table with the user name and chap secret in encrypted format (*). You can add, delete, or modify CHAP entries. Each CHAP secret has: • User name maximum length of 64 characters •...
Page 225: Connection Redirection
DRAFT: BROCADE CONFIDENTIAL Connection redirection Connection redirection Connection redirection allows iSCSI sessions to be evenly distributed across ports on the same blade. Before the maximum number of connections is reached for any given port, logins are redirected to the next available port, resulting in an even distribution of sessions. This distribution occurs only during the first login phase.
Page 226: Creating An Iscsi Fibre Channel Zone With No Effective Zone Configuration
DRAFT: BROCADE CONFIDENTIAL iSCSI Fibre Channel zone configuration • If default zoning is set to All Access and there is no effective zone configuration, then you can create an iSCSI Fibre Channel zone and add it to a defined configuration, but you do not need to enable the defined configuration.
Page 227: Managing And Troubleshooting Accessibility
DRAFT: BROCADE CONFIDENTIAL Managing and troubleshooting accessibility ATTENTION Schedule your changes during a maintenance cycle if you decide to add the iSCSI Fibre Channel zoning members to an effective configuration. Re-enabling the effective configuration affects the entire fabric. 5. Click OK. The effective configuration is modified and re-enabled.
Page 228 DRAFT: BROCADE CONFIDENTIAL Managing and troubleshooting accessibility Web Tools Administrator’s Guide 53-1001772-01...
Page 229: Routing Traffic
DRAFT: BROCADE CONFIDENTIAL Chapter Routing Traffic In this chapter • Routing overview ..........201 •...
Page 230: Viewing Fabric Shortest Path First Routing
DRAFT: BROCADE CONFIDENTIAL Viewing fabric shortest path first routing Use the Routing tab of the Switch Administration window to view and modify routing information. Figure 55 on page 202 displays the Routing tab. FIGURE 55 Routing tab Viewing fabric shortest path first routing The Routing tab of the Switch Administration window displays information about routing paths.
Page 231: Configuring Dynamic Load Sharing
DRAFT: BROCADE CONFIDENTIAL Configuring dynamic load sharing Configuring dynamic load sharing The exchange-based routing policy depends on the Fabric OS dynamic load sharing feature (DLS) for dynamic routing path selection. When this policy is in force, DLS is always enabled and cannot be disabled.
Page 232: Specifying Frame Order Delivery
DRAFT: BROCADE CONFIDENTIAL Specifying frame order delivery 3. Select On in the Loss Less (DLS) area to enable the mode, or select Off to disable dynamic load sharing. When the exchange-based routing policy is in effect, the Loss Less DLS radio buttons display on the Routing tab 4.
Page 233 DRAFT: BROCADE CONFIDENTIAL Configuring the link cost for a port Use this procedure to set a non-default, “static” cost for any port. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 35. 2. Select the Routing tab. 3.
Page 234 DRAFT: BROCADE CONFIDENTIAL Configuring the link cost for a port Web Tools Administrator’s Guide 53-1001772-01...
Page 235: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Configuring Standard Security Features In this chapter • User-defined accounts ......... 207 •...
Page 236: Virtual Fabrics Considerations
DRAFT: BROCADE CONFIDENTIAL User-defined accounts Access rights for any user session are determined by the user’s role-based access rights. Refer to Chapter 1, “Introducing Web Tools” for additional information about Role-Based Access Control (RBAC). The User tab of the Switch Administration window (Figure 56 on page 209) displays account information.
Page 237: Viewing User Account Information
DRAFT: BROCADE CONFIDENTIAL User-defined accounts NOTE The User tab displays and changes information in the switch database. If you have RADIUS configured, note that this tab displays the logged-in RADIUS account information but does not allow the user to modify the RADIUS host server database. FIGURE 56 User tab Viewing user account information...
Page 238: Figure 57 Add User Account Dialog Box (Vf)
DRAFT: BROCADE CONFIDENTIAL User-defined accounts 3. Click Add. The Add User Account dialog box displays. For switches that support Virtual Fabrics, refer to Figure 57. For switches that support Administrative Domains (AD), refer to Figure FIGURE 57 Add User Account dialog box (VF) FIGURE 58 Add User Account dialog box (AD) Web Tools Administrator’s Guide...
Page 239 The password is not displayed when you enter it on the command line. Passwords can be from 8 through 40 characters long. They must begin with an alphabetic or numeric character. They can include alphanumeric characters, the dot (.), and the underscore (_).
Page 240: Deleting User-Defined Accounts
DRAFT: BROCADE CONFIDENTIAL User-defined accounts Deleting user-defined accounts Use the following procedure to delete user-defined accounts. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 35. 2. Select the User tab. 3. Select the account to remove and click Remove. 4.
Page 241: Maintaining Passwords
You do not need to provide the current password if you are changing the password of a lower-level user account. Passwords can be from 8 through 40 characters long. They must begin with an alphabetic or numeric character. They can include alphanumeric characters, the dot (.), and the underscore (_).
Page 242 Number of days (0–999) before a password expires • Number of password changes before you can reuse a password • Minimum password length (8–40 characters) • Minimum number of uppercase and lowercase characters required • Minimum number of digits and punctuation characters required •...
Page 243: Access Control List Policy Configuration
DRAFT: BROCADE CONFIDENTIAL Access control list policy configuration Setting a password as expired Use the following procedure to set a password as expired. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 35. 2.
Page 244: Virtual Fabrics Considerations
6. Select the policy type you want to edit. Click Next and click Create. 8. SCC Option: Add switches to an SCC policy by selecting one or more switches and clicking Add or Add All. 9. SCC Option: To add an offline switch, click Add other Switch and enter the WWN.
Page 245: Deleting All Scc, Dcc, Or Fcs Policies
6. Select the policy type you want to edit. Click Next and click Modify. 8. Select a switch or highlight multiple switches to add to the policy by clicking Add or Add All. 9. Select a switch or highlight multiple switches to remove a policy by clicking Remove.
Page 246: Distributing An Scc, Dcc, Or Fcs Policy
DRAFT: BROCADE CONFIDENTIAL Fabric-Wide Consistency Policy configuration Distributing an SCC, DCC, or FCS policy Perform this procedure to distribute an SCC, DCC, or FCS policy. NOTE SCC and DCC policy can be distributed only for a primary switch. Use the following procedure to distribute an SCC, DCC, or FCS policy. 1.
Page 247: Authentication Policy Configuration
If the switch is not a primary switch, an error message dialog box displays. Click No to discard the changes and click Refresh in the FWCP Configuration window to manually refresh the window. 8. Click Close. Authentication policy configuration You can configure an authentication protocol policy for E_Port and F_Port authentication, and then distribute the authentication policy to other switches in the fabric.
Page 248: Configuring Authentication Policies For F_Ports
DRAFT: BROCADE CONFIDENTIAL Authentication policy configuration Passive The switch does not initiate authentication but participates if the connecting switch initiates authentication. Hash A hash function (like SHA or MD5) is used for authentication. The switch does not support authentication. Any authentication negotiation is rejected.
Page 249: Re-Authenticating Policies
6. Enter the Switch WWN, name, or domain ID, or use the Browse button to select a switch. In the Peer Secret and Confirm Peer Secret fields, enter the peer secret value. 8. In the Local Secret and Confirm Local Secret fields, enter the local secret value. 9. Click Add.
Page 250: Setting The Switch Policy Authentication Mode
DRAFT: BROCADE CONFIDENTIAL SNMP configuration 6. Make the appropriate changes and click OK. Setting the Switch Policy Authentication mode This setting determines whether or not authentication is required when a switch logs in to a fabric. Use the following procedure to set the Switch Policy Authentication mode. 1.
Page 251: Setting Snmpv1 Configuration Parameters
Enabling SNMPv3 informs allows you to enter the Engine ID. The Engine ID is required to authenticate the inform request. If informs request is disabled, the SNMP manager does not send a response to the sender. 8. Click Apply. Web Tools Administrator’s Guide 53-1001772-01...
Page 252: Changing The Access Control Configuration
DRAFT: BROCADE CONFIDENTIAL RADIUS management Changing the access control configuration NOTE The port number is not included. Use the following procedure to change the access control configuration. 1. Open the Switch Administration window as described in “Opening the Switch Administration window”...
Page 253: Enabling And Disabling Radius
DRAFT: BROCADE CONFIDENTIAL RADIUS management If the switch database is selected as primary, there is no secondary option. The RADIUS server cannot be configured as a backup for the switch user login database. When the primary AAA service is RADIUS, you have three secondary service choices: •...
Page 254: Modifying The Radius Server
5. Enter the port number. 6. Enter the secret string. Enter the timeout time in minutes. 8. Select either CHAP or PAP as the authentication protocol. The default value is CHAP, and if you do not change it, CHAP becomes the authentication protocol.
Page 255: Removing A Radius Server
DRAFT: BROCADE CONFIDENTIAL Active Directory service management 4. Click the up and down arrows to rearrange the order of the RADIUS servers. 5. Click Apply. Removing a RADIUS server Use the following procedure to remove a RADIUS server. 1. Open the Switch Administration window as described in “Opening the Switch Administration window”...
Page 256: Modifying Active Directory Service
DRAFT: BROCADE CONFIDENTIAL IPsec concepts NOTE To disable Active Directory service, select Switch Database from the Primary AAA Service drop-down menu and select None from the Secondary AAA Service drop-down menu. 5. Click Apply. Modifying Active Directory service Use the following procedure to change the parameters of a Active Directory service that is already configured.
Page 257: Transport Mode And Tunnel Mode
DRAFT: BROCADE CONFIDENTIAL IPsec concepts From Web Tools, you can establish IPsec policies for FCIP implementations on 7800 extension switches with the upgrade license, the 7500 extension switches and FR4-18i blades, and you can establish IPsec policies for IP interfaces that provide management access to switches and control processors.
Page 258: Ipsec Header Options
DRAFT: BROCADE CONFIDENTIAL IPsec concepts Figure 60 provides a basic visual comparison of how transport mode and tunnel mode modify an IP datagram. FIGURE 60 Transport mode and tunnel mode comparison IPsec header options IPsec adds headers to an IP datagram to enable authentication and privacy. There are two options: •...
Page 259: Basic Ipsec Configurations
DRAFT: BROCADE CONFIDENTIAL IPsec concepts Encapsulating Security Payload ESP provides authentication, and also provides privacy by encrypting the IP datagram. The use of an ESP header is similar to the use of the AH header. A hash algorithm is used to calculate an authentication value, the authentication value is sent in an IP datagram, and the same hash algorithm is used by the receiver to verify the authentication value.
Page 260: Internet Key Exchange Concepts
DRAFT: BROCADE CONFIDENTIAL IPsec concepts Endpoint to Gateway In an endpoint to gateway configuration, a protected endpoint connects through an IPsec protected tunnel. This can be used as a virtual private network (VPN) for connecting a roaming computer, like a service laptop, to a protected network. Internet Key Exchange concepts Internet Key Exchange (IKE) is used to authenticate the end points of an IP connection, and to determine security policies for IP traffic over the connection.
Page 261: Table 21 Hash Algorithm Options
DRAFT: BROCADE CONFIDENTIAL IPsec concepts Hash algorithms Hash message authentication codes (HMAC) check data integrity through a mathematical calculation on a message using a hash algorithm combined with a shared, secret key. Table 21 lists the available encryption algorithms. The sending computer uses the hash function and shared key to compute a checksum or code for the message, and sends it to the receiving computer.
Page 262: Ipsec Over Fcip
DRAFT: BROCADE CONFIDENTIAL IPsec over FCIP DH group choices are 1(modp768), 2(modp1024), 14(modp2048), and 18(modp8192). Each group provides an incrementally more secure key exchange by providing more bits (768, 1024, 2048, 8192). Authentication methods The methods used to authenticate the IKE peer are preshared key (psk), DSS digital signature (dss), and RSA digital signature (rsasig): •...
Page 263: Establishing An Ike Policy For An Fcip Tunnel
Select a Diffie-Hellman Group association. The choices are 1 (modp768) and 14 (modp2048). 8. Set a Security Association Lifetime (in seconds). The Security Association Lifetime is a time value in seconds. When this timer expires, the security association (SA) is rekeyed. This limits the amount of time a given key is available to a potential attacker.
Page 264: Ipsec Over Management Ports
DRAFT: BROCADE CONFIDENTIAL IPsec over management ports 4. Assign a policy number. The Policy Number selector allows you to select a number between 1 and 32. 5. Select the Encryption Algorithm used in this policy. The choices are 3DES, AES-128, and AES_256. 6.
Page 265: Creating A Security Association
This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name. 6. Select the Encryption Algorithm option. Select the Hash Algorithm option. 8. Select the PRF Algorithm option. 9. Select the DH Group Number option. 10. Select the Authentication Method option.
Page 266: Creating An Sa Proposal
DRAFT: BROCADE CONFIDENTIAL IPsec over management ports 8. Optionally, enter a value in the SPI number field. A Security Parameter Index (SPI) number is automatically assigned, but may be manually overridden. 9. Click OK. Creating an SA proposal An SA proposal is sent from one endpoint to another to negotiate IKE and IPsec policies. An SA proposal contains one or more security associations (SA).
Page 267: Adding An Ipsec Selector
5. Enter the IP address of the sender in the Source IP Address field. 6. Enter the IP address of the receiver in the Peer IP Address field. Enter the Transform Name value. 8. The Protocol Name selector allows you to select a specific protocol. 9. Click OK. Web Tools Administrator’s Guide...
Page 268: Manually Creating An Sa
For the flow from peer to source, select in. For the flow from source to peer select out. 8. Select the IPsec Mode. The choices are Transport or Tunnel. Refer to “Transport mode and tunnel mode” on page 229 if you are unfamiliar with Transport and Tunnel modes.
Page 269: Editing An Ike Or Ipsec Policy
6. Select Edit. An Edit Policy dialog box displays. Edit the policy as needed. 8. Click OK. Deleting an IKE or IPsec policy You can delete one or more IKE or IPsec policies. Use the following procedure to delete an IKE or IPsec policy.
Page 270 Select Add. The Add Shared Secret Keys dialog box displays. 8. Browse to select the switch WWN or name and domain ID, or enter the switch WWN or name and domain ID in the Switch WWN: Name/Domain ID field. 9. Enter the shared secret key for the peer device (an HBA in this case) in the Peer Shared Secret and Confirm Peer Shared Secret fields.
Page 271: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Administering FICON CUP Fabrics In this chapter • FICON CUP fabrics overview ........243 •...
Page 272: Enabling Port-Based Routing
DRAFT: BROCADE CONFIDENTIAL Enabling port-based routing You do not need to install the FICON CUP license to perform FICON CUP management; you must install the FICON CUP license, however, if your switch is to enforce traffic between the FICON director and the host-based management program. Enabling port-based routing Port-based path selection is a routing policy in which paths are chosen based on ingress port and destination only.
Page 273: Fms Parameter Configuration
DRAFT: BROCADE CONFIDENTIAL FMS parameter configuration 5. Click Enable in the FICON Management Server Mode section to enable FMS mode or click Disable to disable FMS mode. 6. Click Apply to save your changes. FMS parameter configuration FMS parameters control the behavior of the switch with respect to CUP itself, as well as the behavior of other management interfaces (director console, Alternate Managers).
Page 274: Configuring Fms Mode Parameters
DRAFT: BROCADE CONFIDENTIAL Displaying code page information TABLE 22 FMS mode parameter descriptions (Continued) Parameter Description Director Clock Controls behavior for attempts to set the switch timestamp clock through the director console. Alert Mode When it is enabled, the director console (Web Tools, in this case) displays warning indications when the switch timestamp is changed by a user application.
Page 275: Viewing The Control Device State
DRAFT: BROCADE CONFIDENTIAL Viewing the control device state Viewing the control device state The control device is in either a neutral or a switched state. When it is neutral, the control device accepts commands from any channel that has established a logic path with it and accepts commands from alternate managers.
Page 276: Cup Port Connectivity Configuration
DRAFT: BROCADE CONFIDENTIAL CUP port connectivity configuration CUP port connectivity configuration In the Port Connectivity subpanel, you can manage the configuration files and active configuration. All CUP configuration files and the active configuration are listed in a table. The active configuration is listed as “Active Configuration*”...
Page 277: Modifying Cup Port Connectivity Configurations
DRAFT: BROCADE CONFIDENTIAL CUP port connectivity configuration Modifying CUP port connectivity configurations In the Edit Port CUP Connectivity Configuration dialog box, swapped ports are indicated with the “(Swapped)” label (Figure 63). FIGURE 63 Edit Port CUP Connectivity dialog box swapped label Use the following procedure to create a new CUP port connectivity configuration or to edit an existing configuration.
Page 278: Activating A Cup Port Connectivity Configuration
DRAFT: BROCADE CONFIDENTIAL CUP port connectivity configuration • Click Activate to save the changes and make the configuration active immediately, as described in “Activating a CUP port connectivity configuration” on page 250. • Click Save to save the changes but not make the configuration active. •...
Page 279: Copying A Cup Port Connectivity Configuration
DRAFT: BROCADE CONFIDENTIAL CUP logical path configuration 4. Optional: Click Active=Saved Mode to enable (selected) or disable (not selected) the Active=Saved FMS parameter after the configuration is activated. 5. Click Yes to activate the configuration or click No to cancel the activation. Copying a CUP port connectivity configuration Use the following procedure to copy a CUP port connectivity configuration to a new configuration.
Page 280: Configuring Cup Logical Paths
DRAFT: BROCADE CONFIDENTIAL Link Incident Registered Recipient configuration Configuring CUP logical paths Use the following procedure to configure a CUP logical path. 1. Select a FICON-enabled switch from the Fabric Tree. 2. Select Tasks > Manage > Switch Admin. 3. Click Show Advanced Mode to see all the available tabs and options. 4.
Page 281: Displaying Request Node Identification Data
6. Click Set LIRR Port. The Set LIRR Port dialog box displays. Enter a port number and click OK. 8. Click Close. Displaying Request Node Identification Data Web Tools displays Request Node Identification Data (RNID) information for the local switch, and for attached FICON devices and FICON channel paths.
Page 282 DRAFT: BROCADE CONFIDENTIAL Displaying Request Node Identification Data RNID information for attached FICON devices and channel paths displays on the Name Server view. To view this information, Click Name Server to display the Name Server view. Ports that completed an RNID exchange display FICON in the Capability column. For those ports, the following information specific to RNID displays in the following columns: •...
Page 283: In This Chapter
DRAFT: BROCADE CONFIDENTIAL Chapter Configuring FCoE with Web Tools In this chapter • Web Tools and FCoE overview ........256 •...
Page 284: Web Tools And Fcoe Overview
Enhanced Group Management (EGM) license. The EGM license is only for 8 Gbps platforms, such as the Brocade DCX and DCX-4S enterprise-class platforms, the Encryption Switch, and the 300, 5100, and 5300 switches. For non-8 Gbps platforms, all functionalities are available without the EGM license.
Page 285: Switch Administration And Fc0E
DRAFT: BROCADE CONFIDENTIAL Switch administration and FC0E • FCoE Priority Bits—Each bit represents a user priority that is associated with FCoE traffic. • Default CoS—The default Class of Service. Switch administration and FC0E The CEE tab on the Switch Administration panel is specific to DCE and CEE configuration and management.
Page 286: Quality Of Service Configuration
DRAFT: BROCADE CONFIDENTIAL Quality of Service configuration Quality of Service configuration As a general concept, Quality of Service (QoS) is a mechanism for classifying and scheduling data traffic based on priority settings. QoS can be used to control traffic congestion, allocate bandwidth, and carry data traffic with different characteristics over a common interface.
Page 287: Adding A Traffic Class Map
DRAFT: BROCADE CONFIDENTIAL LLDP-DCBX configuration 8. Edit the Bandwidth entry to indicate the desired percentage of total bandwidth. 9. Change the Priority Flow Control Status to Enabled to enable PFC for the entry. 10. Click OK. The new priority group displays in the Priority Group Map.
Page 288 For Mode, the choices are Tx (transmit), Rx, (receive) or Both. The default is Both. 8. In the Hello field, enter a time value in seconds. The Hello value sets the interval between hello bridge protocol data units sent by the root switch configuration messages.
Page 289: Adding An Lldp Profile
For Mode, the choices are Tx (transmit), Rx, (receive) or Both. The default is Both. 8. In the Hello field, enter a time value in seconds. The Hello value sets the interval between hello bridge protocol data units sent by the root switch configuration messages.
Page 290: Configuring Cee Interfaces
If you are using a CEE map or Traffic Class Map to apply QoS traffic priority, select the appropriate button, and enter the name of the map you want to use. 8. Enter the profile name in the LLDP-DCBX Profile field for using a specific profile for the interface.
Page 291: Configuring A Link Aggregation Group
Access mode allows only one VLAN association, and all frames are untagged. Trunk mode allows more than one VLAN association, and allows tagged frames. 8. Select the operational Status. The choices are Administratively Up and Administratively Down. 9. Click OK.
Page 292: Configuring Fcoe Login Groups
VLAN, and the Converged mode interface can be Native in one VLAN and it could be non-native type in more than one VLAN. 8. Click OK. 9. Repeat the procedure for additional VLANs. 10. To edit VLAN, select the detail from the table in the VLAN tab and click Edit.
Page 293: Displaying Fcoe Port Information
DRAFT: BROCADE CONFIDENTIAL Displaying FCoE port information • Self — WWN of your current switch • Other Switch WWN If you choose Other Switch WWN, you must enter the WWN of that switch in the provided field. 6. Under Login Member Configuration, select either Allow All Members or Allow Specific Member. •...
Page 294: Displaying Lag Information
DRAFT: BROCADE CONFIDENTIAL Displaying LAG information • Connected Peer Type displays the port type on the connected device. • Is Directly Connected indicates whether or not the device is directly connected to the trunk. • FCoE Port MAC displays the FCoE port MAC address. •...
Page 295: Displaying Lldp-Dcbx Information
DRAFT: BROCADE CONFIDENTIAL Displaying LLDP-DCBX information Displaying LLDP-DCBX information Use the following procedure to display LLDP-DCBX information. 1. Select the CEE tab on the Switch Administration panel. 2. Select the LLDP-DCBX tab. • To display global settings, select the Global tab. •...
Page 296: Enabling And Disabling A Lag
DRAFT: BROCADE CONFIDENTIAL Enabling and disabling a LAG 1. Select the CEE Interfaces tab on the Port Administration panel. 2. Under the CEE Interface Explorer, select the port you want to enable or disable. 3. Select the General tab. This tab is normally pre-selected. You can follow either of the following options to enable or disable the interface: •...
Page 297: Enabling And Disabling Fcoe Ports
DRAFT: BROCADE CONFIDENTIAL Enabling and disabling FCoE ports 3. Select the CEE Maps tab. 4. Under the Priority Group area, enable or disable Priority Flow Control Status option for each Priority Group ID. Enabling and disabling FCoE ports You can enable and disable FCoE Ports individually from the Port Administration panel. 1.
Page 298 DRAFT: BROCADE CONFIDENTIAL Enabling and disabling FCoE ports Web Tools Administrator’s Guide 53-1001772-01...
Page 299: Chapter 20 Limitations
DRAFT: BROCADE CONFIDENTIAL Chapter Limitations In this chapter • General Web Tools limitations ........271 General Web Tools limitations Table 23 lists general Web Tools limitations that apply to all browsers and switch platforms.
Page 300 DRAFT: BROCADE CONFIDENTIAL General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Firmware download There are multiple phases to firmware download and activation. When Web Tools reports that firmware download completed successfully, this indicates that a basic sanity check, package retrieval, package unloading, and verification was successful.
Page 301 To avoid this problem, increase the default heap size in the Java Control Panel. Refer to “Java plug-in configuration” on page 8 for instructions. Performance Monitor If the Web browser crashes or the Performance Monitor license is lost while the Performance Monitoring window is running, some of the Performance Monitor resources owned by Web Tools might not be cleaned up correctly.
Page 302 DRAFT: BROCADE CONFIDENTIAL General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Refresh option in Web Tools must be restarted when the Ethernet IP address is changed using the browsers NetworkConfig View command. Web Tools appears to hang if it is not restarted after this operation is executed.
Page 303 DRAFT: BROCADE CONFIDENTIAL Index Numerics aliases, zone. Refer to zone aliases all access zoning arbitrated loop parameters, configuring 2 domain/4 domain fabric licenses automatic trace dump transfers 7800 switch backbone fabric About Discovery Domains (DD) backbone fabric ID, configuring Access Control List. Refer to ACL backing up configuration file access control.
Page 304 DRAFT: BROCADE CONFIDENTIAL configuration configuration SCC/DCC policy Access Gateway mode SCSI command graphs upload SCSI vs. IP traffic graphs configuration file SID-DID performance graphs Admin Domain considerations virtual targets for iSCSI Target Gateway backing up zone aliases restoring zone configurations configuring zones arbitrated loop parameters...
Page 305 DRAFT: BROCADE CONFIDENTIAL Discovery Domains enabling iSCSI Target Gateway Access Gateway mode discovery domains (DD) automatic trace dump transfer displaying beaconing blades alarms, Fabric Watch Control Device state Fabric Watch threshold alarms CUP port connectivity configuration FICON Management Server mode enabled zone configuration insistent domain ID mode fan status...
Page 306 DRAFT: BROCADE CONFIDENTIAL FC-FC routing initiating CP failover about initiators for iSCSI Target Gateway setting up in-order delivery. Refer to IOD supported switches insistent domain ID mode FCR router cost about FCS policy enabling activate installing create Java Plug-in deactivate delete JRE patches on Solaris distribute...
Page 307 DRAFT: BROCADE CONFIDENTIAL zone configuration LSAN iSCSI initiator devices iSCSI initiators fabrics, managing iSCSI Port zones, managing iSCSI session iSCSI virtual target launching module LUN mapping managing/troubleshooting accessibility managing RADIUS server media type search for FC target GigE supported switches message severity levels VT LUN MetaSAN...
Page 308 DRAFT: BROCADE CONFIDENTIAL recommendations performance graphs configuration tasks for Web Tools adding to a canvas for zoning modifying refresh frequency, setting printing types of refresh rates Performance Monitoring window refreshing per-frame routing priority Admin Domain window persistently disable a port fabric information Zone Administration window platforms, supported...
Page 309 DRAFT: BROCADE CONFIDENTIAL severity levels SID-DID performance graph SNMP trap levels unlocking passwords Solaris patches, installing user accounts, managing SSLv3 starting Web Tools swapping port index IDs switch 7800 value line licenses changing the name of VC Priority enabling and disabling viewing mouse over information EX_Ports...
Page 310 DRAFT: BROCADE CONFIDENTIAL zone configurations creating deleting disabling enabling example modifying renaming zone member selection lists, searching zones about adding WWNs best practices creating deleting description LSAN modifying removing WWNs renaming replacing WWNs selecting a view zoning all access default zoning no access zoning database clearing...

This manual is also suitable for:

Poweredge m1000e Poweredge m600 Poweredge m605 Poweredge m610 Poweredge m610x Poweredge m710 ... Show all

Brocade Communications Systems 8 Administrator's Manual

Chapter 10 Working with Diagnostic Features

Quick Links

Troubleshooting

Related Manuals for Brocade Communications Systems 8

Summary of Contents for Brocade Communications Systems 8