Page 1: Web Tools
53-1001194-01 November 24, 2008 Web Tools Administrator’s Guide Supporting Fabric OS v6.2.0...
Page 2 Copyright © 2006-2008 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol, DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
Page 3 Document History The following table lists all versions of the Web Tools Administrator’s Guide. Document Title Publication Summary of Changes Publication Number Date Web Tools User’s Guide v2.0 53-0001536-01 September 1999 Web Tools User’s Guide v2.2 53-0001558-02 May 2000 Web Tools User’s Guide v2.3 53-0000067-02 N/A December 2000 Web Tools User’s Guide v3.0 53-0000130-03 July 2001...
Page 4 Document Title Publication Summary of Changes Publication Number Date Web Tools Administrator’s 53-1000049-01 Updates to support new switch January 2006 Guide types (4900, 7500) and Fabric OS v5.1.0, including FCR, FCIP, and the FR4-18i port blade. Web Tools EZ information is moved to a separate book.
Page 5 Web Tools Administrator’s Guidev 53-1001194-01...
Page 6 viWeb Tools Administrator’s Guide 53-1001194-01...
Page 7: Table Of Contents
Contents About This Document In this chapter ......... . xxiii How this document is organized .
Page 8 Opening Web Tools ........11 Logging in .
Page 9 Switch configuration ........46 Enabling and disabling a switch .
Page 10 Performing a firmware download ......73 Encryption firmware download ......75 SAS and SA firmware download .
Page 11 Creating and populating domains ......103 Creating an Admin Domain ......103 Adding ports or switches to the fabric .
Page 12 Chapter 9 Administering Zoning In this chapter ......... .131 Zoning overview.
Page 13 Chapter 10 Working With Diagnostic Features In this chapter ......... .151 Trace dumps .
Page 14 Access Gateway policy modification ......175 Path Failover and Failback policies ..... 176 Modifying Path Failover and Failback policies .
Page 15 Setting up iSCSI Target Gateway Services....194 Launching the iSCSI Target Gateway Admin Module..194 Launching the iSCSI Setup wizard ..... .196 Activating the iSCSI feature.
Page 16 User-defined accounts ........215 Virtual Fabrics considerations......216 Admin Domain considerations .
Page 17 IPSec over FCIP .........246 Accessing the IPSec Policies dialog box .
Page 18 Web Tools Administrator’s Guide 53-1001194-01...
Page 19 Figures Figure 1 Configuring Internet Explorer ......... . 6 Figure 2 Temporary Internet Settings dialog box .
Page 20 Figure 36 USB configuration download......... 70 Figure 37 USB Port Management wizard .
Page 21 Figure 78 Port LEDs for the FC4-32 port blade in the Brocade 48000....160 Figure 79 FC Routing module in Disabled mode with General tab selected ..164 Figure 80 FC Routing module with LSAN Fabrics tab selected .
Page 22 Figure 120 IKE Policies (FCIP)..........246 Figure 121 Add Policy (IKE for FCIP) .
Page 23 Tables Table 1 Basic Web Tools features and EGM licensed features ..... 2 Table 2 Web Tools functionality moved to DCFM ....... . 4 Table 3 Certified and tested platforms.
Page 24 xxii Web Tools Administrator’s Guide 53-1001194-01...
Page 25: About This Document
About This Document In this chapter • Supported hardware and software....... . xxiv •...
Page 26: Supported Hardware And Software
• Chapter 13, “Administering Fabric Watch,” provides information on how to use the Fabric Watch feature to monitor the performance and status of switches and alert you when problems arise. • Chapter 14, “Administering Extended Fabrics,” provides information on how to configure a port for long distance.
Page 27: What's New In This Document
• Brocade 48000 director • Brocade DCX Enterprise-class platform • Brocade Encryption Switch • Brocade DCX-4S Enterprise-class platform What’s new in this document The following changes have been made since this document was last released: • Changes to GUI icon images and operator components to be consistent with DCFM. •...
Page 28: Notes, Cautions, And Warnings
Notes, cautions, and warnings The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential hazards. NOTE A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information.
Page 29: Additional Information
Additional information This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com and click Brocade Connect to register at no cost for a user ID and password.
Page 30: Document Feedback
• supportSave command output • Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps already performed and the results • Serial console and Telnet session logs •...
Page 31: Introducing Web Tools
Chapter Introducing Web Tools In this chapter • Web Tools overview ..........1 •...
Page 32: Web Tools, The Egm License, And Dcfm
Web Tools, the EGM license, and DCFM Web Tools, the EGM license, and DCFM Beginning with Fabric OS version 6.1.1, Web Tools functionality is tiered and integrated with DCFM. If you are migrating from a Web Tools release prior to Fabric OS version 6.1.1, this may impact how you use Web Tools.
Page 33 Web Tools, the EGM license, and DCFM TABLE 1 Basic Web Tools features and EGM licensed features Feature Basic Web Tools Web Tools with EGM License Fabric Events Fabric Summary Fabric Tree FCIP Tunnel configuration FCIP Tunnel Display FCR Management FCR Port Config FICON CUP Tab FRU Monitoring...
Page 34: Web Tools Functionality Moved To Dcfm
Web Tools, the EGM license, and DCFM Web Tools functionality moved to DCFM The functionality that was moved from Web Tools into DCFM is applicable to both DCFM Professional and DCFM Enterprise. The following table details these changes. TABLE 2 Web Tools functionality moved to DCFM Function Web Tools 6.1.0...
Page 35: System Requirements
System requirements TABLE 2 Web Tools functionality moved to DCFM Function Web Tools 6.1.0 DCFM Comments Non-local switch Zone Admin Configure > Zoning In Web Tools, non-local ports display in Admin Domain switch port id/WWN can zoning tree Switch Admin > DCC be added using text box.
Page 36: Setting Refresh Frequency For Internet Explorer
System requirements Setting Refresh Frequency for Internet Explorer Correct operation of Web Tools with Internet Explorer requires specifying the appropriate settings for browser refresh frequency and process model. Browser pages should be refreshed frequently to ensure the correct operation of Web Tools. 1.
Page 37: Java Installation On The Workstation
Java installation on the workstation FIGURE 2 Temporary Internet Settings dialog box 3. Click Delete Files to remove the temporary files used by Java applications. 4. Click OK on the confirmation dialog box. You can clear the Trace and Log files check box if you want to keep those files. 5.
Page 38: Installing Patches On Solaris
Java plug-in configuration 4. Create a symbolic link from this location: $FIREFOX/plugins/libjavaplugin_oji.so To this location: $JRE/plugin/$ARCH/ns600/libjavaplugin_oji.so Installing patches on Solaris 1. Search for any required patches for your current version of the JRE at the following Web site: http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage NOTE This URL points to a non-Brocade Web site and is subject to change without notice.
Page 39: Configuring The Java Plug-In For Mozilla Family Browsers
Java plug-in configuration FIGURE 3 Java Control Panel 3. In the section Java Applet Runtime Settings, click View. The Java Applet Runtime Settings dialog box appears. FIGURE 4 Java Runtime Settings 4. Double-click in the Java Runtime Parameters field and type the following information to set the minimum and maximum heap size: -Xms256m -Xmx256m In this example, the minimum and maximum sizes are both 256 MB.
Page 40: Value Line Licenses
Value line licenses FIGURE 5 Default Java for browsers option 3. Select Mozilla family and click OK. 4. Click Apply to apply your settings and close the Java Control Panel. Value line licenses If your fabric includes a switch with a limited switch license and you are opening Web Tools using that switch, if the fabric exceeds the switch limit indicated in the license, Web Tools allows a 30- day “grace period”...
Page 41: Opening Web Tools
Opening Web Tools Opening Web Tools You can open Web Tools on any workstation with a compatible Web browser installed. For a list of Web browsers compatible with Fabric OS 6.2.0, see Table 3. Web Tools supports both HTTP and HTTPS protocol.
Page 42: Logging In
Opening Web Tools FIGURE 6 Web Tools interface Logging in When you use Web Tools, you must log in before you can view or modify any switch information. This section describes the login process. Prior to displaying the login window, Web Tools displays a security banner (if one is configured for your switch), which you must accept before logging in.
Page 43: Figure 7 Signed Applet Certificate
Opening Web Tools FIGURE 7 Signed applet certificate 2. Click OK in the security banner window, if one appears. FIGURE 8 Login dialog box 3. On the login dialog box, type your user name. 4. Type the password. If your current password has expired, you must also provide a new password and confirm the new password.
Page 44: Figure 9 Virtual Fabric Login Option
Opening Web Tools FIGURE 9 Virtual Fabric login option 2. Log in to a logical fabric. To log in to the home logical fabric, select Home Logical Fabric and click OK. To log in to a logical fabric other than the home logical fabric, select User Specified Logical Fabric, type in the fabric ID number, and click OK.
Page 45: Figure 10 Login Dialog Box With Admin Domain Options
Opening Web Tools FIGURE 10 Login dialog box with Admin Domain options If the user name or password is incorrect, a dialog box displays indicating an authentication failure. If you entered valid credentials, but specified an invalid Admin Domain, a dialog box displays from which you can choose a valid Admin Domain or click Cancel to log in to your home domain.
Page 46: Logging Out
Role-Based Access Control Logging out You can end a Web Tools session either by logging out or by closing Switch Explorer window. You might be logged out of a session involuntarily, without explicitly clicking the Logout button, under the following conditions: •...
Page 47: Session Management
Session management Session management A Web Tools session is the connection between the Web Tools client and its managed switch. A session is established when you log in to a switch through Web Tools. When you close Switch Explorer, Web Tools ends the session. A session remains in effect until one of the following happens: •...
Page 48: Requirements For Ipv6 Support
Requirements for IPv6 support Requirements for IPv6 support The following list provides requirements for Web Tools IPv6 support: • In a pure IPv6 environment, you must configure DNS maps to the IPv6 address of the switch. • The switch name is required to match the DNS name that is mapped to the IPv6 address. •...
Page 49: Using The Web Tools Interface
Chapter Using the Web Tools Interface In this chapter • Viewing Switch Explorer ......... 19 •...
Page 50: Viewing Switch Explorer
Viewing Switch Explorer • Reporting tasks, such as viewing the status of a switch. • Monitoring tasks, such as performance monitoring, and viewing the temperature or power status. NOTE To perform monitoring tasks such as performance monitoring the EGM license must be installed on the switch;...
Page 51: Figure 12 Switch Explorer
Viewing Switch Explorer FIGURE 12 Switch Explorer Use the following table with Figure 12 to identify the areas of Switch Explorer. Tasks Fabric Tree Menu bar Switch View buttons Changing the Virtual Fabric ID, or Changing the Admin Domain Switch Events and Switch Information Indicator bar Professional Management Tool offering...
Page 52: Changes For Consistency With Dcfm
Viewing Switch Explorer Changes for consistency with DCFM Beginning with Fabric OS version 6.2.0, Web Tools icons are changed to be consistent with DCFM. Table 5 summarizes these changes. TABLE 5 Icon image changes Image Name Old Image New Image Switch Director or DCX Fabric...
Page 53 Viewing Switch Explorer TABLE 5 Icon image changes (Continued) Image Name Old Image New Image Switch event - Fatal Switch event - Informational Switch event - Warning Refresh Enable Disable Prohibit Web Tools Administrator’s Guide 53-1001194-01...
Page 54: Tasks
Viewing Switch Explorer The Search, Copy, and Export buttons are removed from the Web Tools tree and table headers, and are replaced by right-click operations, as shown in Figure FIGURE 13 Right-click for Copy, Export, and Search Tasks The Tasks menu lets you manage, monitor, and perform other tasks. The Management section provides access to: •...
Page 55: Fabric Tree
Viewing Switch Explorer • iSCSI administration • Fabric Watch NOTE Some of these functions require a license key to activate them. The Monitor section provides access to: • Performance monitoring You must use Web Tools with the EGM license to perform performance monitoring operations; otherwise, access to this feature is denied and an error message displays.
Page 56: Figure 14 Missing Egm License
Viewing Switch Explorer FIGURE 14 Missing EGM license If you are logged into Web Tools without the EGM license, you must log in again using a specific AD. The following figure shows the login wizard. After you log in, All the Admin Domains assigned to you are available in the drop-down menu, see Figure 16.
Page 57: Figure 16 Changing The Admin Domain Context
Viewing Switch Explorer Figure 16 shows the Admin Domain context drop-down menu highlighted for changing the Admin Domain context. FIGURE 16 Changing the Admin Domain context The following procedure describes how to change the Admin Domain context. When changing the Admin Domain context, the option for selecting AD from the drop-down is not available if the EGM license is not present.
Page 58: Switch View Buttons
Viewing Switch Explorer Switch View buttons The Switch View buttons let you access the following switch information: • Status - click the button to view the status of the switch. • Temperature - click the button to view temperature monitors. •...
Page 59 Viewing Switch Explorer Blade representations Blades are graphically represented as shown in table. They are vertical in the DCX, and horizontal in the DCX-4s. TABLE 6 Blade Graphic CR4s-8 FC8-48 FC8-32 FC8-16 FS8-18 FR4-81i FA4-18 FC10-6 Port representations The ports in the Switch View show the port type. Borders around the accessible ports indicate that SFP modules are present.
Page 60 Viewing Switch Explorer The port LEDs in the Switch View match the LEDs on the physical switch; however, the blink rate of the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical switch.
Page 61: Switch Events And Switch Information
Viewing Switch Explorer NOTE Left-click the USB port on the switch to launch the USB Storage Management window. Switch View refresh rates The Switch View display is refreshed at 15 second intervals. However, the initial display of Switch Explorer might take from 30 to 60 seconds after the switch is booted. Refresh rates are fabric-size dependent.
Page 62: Displaying Tool Tips
Displaying tool tips Displaying tool tips When you hover over the Web Tools buttons, the system displays a brief description of the button. If you hover the cursor over most components, the system displays tool tip information about the component. In Fabric Tree you can hover over a switch to view its type, Ethernet IP, Fibre Channel IP, and status of the switch.
Page 63: Refresh Rates
Refresh rates Refresh rates Different panels of Web Tools refresh at different rates. The refresh, or polling, rates listed in this section and throughout the book indicate the time between the end of one polling and the start of the next, and not how often the screen is refreshed. A refresh rate of 15 seconds does not ensure that a refresh occurs every 15 seconds.
Page 64: Working With Web Tools: Recommendations
Working with Web Tools: recommendations 1. Open Web Tools as described in “Opening Web Tools” on page 11 and log in to the switch. Switch Explorer is displayed for the switch you logged in to. 2. If the Fabric Tree is not expanded, click the plus sign (+) in the Fabric Tree to view all the switches in the fabric.
Page 65: Opening A Telnet Or Ssh Client Window
Opening a Telnet or SSH client window Opening a Telnet or SSH client window When you open a Telnet or SSH client window, the connection is to the IP interface of the switch. You cannot connect to a CP blade on a director switch through a Telnet or SSH client window opened from Web Tools, even when the blade has an IP address and supports Telnet sessions.
Page 66 Collecting logs for troubleshooting Web Tools Administrator’s Guide 53-1001194-01...
Page 67: Managing Fabrics And Switches
Chapter Managing Fabrics and Switches In this chapter • Fabric and switch management overview ......39 •...
Page 68: Figure 20 Switch Administration Window, Switch Tab
Fabric and switch management overview FIGURE 20 Switch Administration window, Switch tab With the exception of switch time, information displayed in the Switch Administration window is not updated automatically by Web Tools. To update the information displayed in the Switch Administration window, see “Refreshing the Switch Administration window”...
Page 69: Opening The Switch Administration Window
Fabric and switch management overview Opening the Switch Administration window Most of the management procedures in this chapter are performed from the Switch Administration window. 1. Select a switch in Fabric Tree. The switch displays in Switch View. 2. Click Switch Admin in the Manage section of the Tasks menu. The Switch Administration window opens in basic mode, as shown in Figure 20 on page 40.
Page 70: Configuring Ip And Netmask Information
Configuring IP and netmask information Configuring IP and netmask information Before proceeding, collect all the information you need to configure the Ethernet IP interface. This includes the subnet mask, gateway IP address, or Fibre Channel IP interface, and subnet mask for your system.
Page 71: Configuring A Syslog Ip Address
Configuring a syslog IP address Configuring a syslog IP address The syslog IP represents the IP address of the server that is running the syslog process. The syslog daemon reads and forwards system messages to the appropriate log files or users, depending on the system configuration.
Page 72: Blade Management
Blade management • The Clone Policy button lets you copy a policy. Use this feature when you want to create similar policies. After you create a clone, you can edit the policy to make the appropriate changes. • The Activate Policy button lets you make an existing policy active. •...
Page 73: Setting A Slot-Level Ip Address
Blade management 3. Select the Enable Blade check box for each blade you want to enable. Clear the check box to disable the blade. You cannot enable or disable the CP blades. 4. Click Apply. Setting a slot-level IP address 1.
Page 74: Switch Configuration
Switch configuration Switch configuration Use the Switch tab of the Switch Administration window to perform basic switch configuration. Figure 20 on page 40 shows an example of the Switch tab. Enabling and disabling a switch You can identify if a switch is enabled or disabled in the Switch Administration window by looking at the lower-right corner.
Page 75: Viewing And Printing A Switch Report
Switch rebooting Viewing and printing a switch report The switch report includes the following information: • A list of switches in the fabric • Switch configuration parameters • A list of ISLs and ports • Name Server information • Zoning information •...
Page 76: System Configuration Parameters
System configuration parameters System configuration parameters You must disable the switch before you can configure fabric parameters. You can change the following system configuration parameters: • Switch fabric settings • Virtual channel settings • Arbitrated loop parameters • System services •...
Page 77: Enabling Insistent Domain Id Mode
System configuration parameters Fabric settings Configure the following fabric settings on the Fabric subtab of the Configure tab: BB Credit The buffer-to-buffer credit is the number of buffers available to attached devices for frame receipt. The default BB Credit is 16. The range is 1–27. R_A_TOV Resource allocation timeout value (in milliseconds).
Page 78: Configuring Arbitrated Loop Parameters
System configuration parameters ATTENTION The default virtual channel settings are already optimized for switch performance. Changing the default values can improve switch performance, but can also degrade performance. Do not change these settings without fully understanding the effects of the changes. VC Priority specifies the class of frame traffic given priority for a virtual channel.
Page 79: Configuring System Services
Licensed feature management Configuring system services You can enable or disable FCP read link status (RLS) probing for F_Ports and FL_Ports. It is disabled by default. 1. Open the Switch Administration window as described on page 2. Disable the switch as described in “Enabling and disabling a switch”...
Page 80: Activating A License On A Switch
Licensed feature management FIGURE 24 License tab Use the links above the table to export data, copy data, or search the table. Activating a license on a switch Before you can unlock a licensed feature, you must obtain a license key. You can either use the license key provided in the paperpack document supplied with switch software or see the Fabric OS Administrator’s Guide for instructions on how to obtain a license key at the Brocade Web site (www.brocade.com).
Page 81: Removing A License From A Switch
High Availability overview Removing a license from a switch You can remove a license from a switch in the Switch Administration window. ATTENTION Use care when removing licenses. If you remove a license for a feature, that feature will no longer work.
Page 82: Figure 25 High Availability Window, Cp Tab
High Availability overview FIGURE 25 High Availability window, CP tab Note that the highlight color of the HA Status at the top of the module is the same as the background color of the HA button. The High Availability window contains two tabs: •...
Page 83: Synchronizing Services On The Cp
High Availability overview Synchronizing Services on the CP A nondisruptive CP failover is only possible when all the services are synchronized between both CPs. 1. Open the High Availability window as described in “Launching the High Availability Window” page 53. 2.
Page 84: Event Monitoring
Event monitoring Event monitoring Web Tools displays fabric-wide and switch-wide events. Event information includes sortable fields for the following: • Switch name • Message number • Time stamp • Indication of whether the event is from a logical switch or a chassis •...
Page 85: Filtering Switch Events
Event monitoring 1. Click the switch from the Fabric Tree. Switch View appears. 2. Click the Switch Events tab, if necessary. FIGURE 26 Switch Events tab You can click the column head to sort the events by a particular column, and drag the column divider to resize a column.
Page 86: Filtering Events By Event Severity Levels
Event monitoring FIGURE 27 Event Filter dialog box 3. To filter events within a certain time period: a. Select the From check box and enter the start time and date in the fields. b. Select the To check box and enter the finish time and date in the fields. 4.
Page 87: Filtering Events By Message Id
Displaying the Name Server entries Filtering events by message ID 1. Open the Switch Events tab as described in “Displaying Switch Events” on page 56. 2. Click Filter. The Event Filter dialog box appears. 3. Select Message ID. 4. Type the message IDs in the associated field. You can enter multiple message IDs as long as you separate them by commas.
Page 88: Printing The Name Server Entries
Displaying the Name Server entries 1. Click Name Server in the Monitor section of the Tasks menu. The Name Server window appears. FIGURE 28 Name Server window 2. To set an autorefresh rate for the The Name Server entries, select the Auto Refresh check box in the Name Server window, and type an auto-refresh interval (in seconds).
Page 89: Displaying Zone Members For A Particular Device
Physically locating a switch using beaconing Displaying zone members for a particular device 1. Click Name Server in the Monitor section of the Tasks menu. The Name Server window appears. 2. Click a device from the Domain column. 3. Click Accessible Devices. The Zone Accessible Devices window displays accessible zone member information specific to that device.
Page 90: Virtual Fabrics Overview
Virtual Fabrics overview Virtual Fabrics overview Virtual Fabrics is an architecture to virtualize hardware boundaries. Traditionally, SAN design and management is done at the granularity of a physical switch. Each switch and all the ports in the switch act as a single fabric element that participates in a single fabric. The Virtual Fabrics feature allows SAN design and management to be done at the granularity of a port.
Page 91: Selecting A Logical Switch From The Switch View
Virtual Fabrics overview Selecting a logical switch from the Switch View You can log in to a specific logical switch, as described in Chapter 1, or you can select a logical switch from the Switch View. If you do not log in to a specific logical switch, you are presented with the default logical switch.
Page 92 Virtual Fabrics overview FIGURE 31 Logical switch, fabric ID 2. Under System Information, Base Switch, Default Switch, and Allow XISL Use are specific to VIrtual Fabrics: • Base Switch indicates whether or not the logical switch can act as a base switch. A base switch is a special logical switch that can be used for chassis interconnection.
Page 93: Viewing Logical Ports
Virtual Fabrics overview Viewing Logical ports When base switches are connected through XISLs, a base fabric is formed that includes logical switches in different chassis. A logical link is established in the base fabric to carry frames between the logical switches. Logical ports are created in the respective switches to support the logical link. Logical ports are software constructs, and have no corresponding hardware to represent them on the Switch View.
Page 94 Virtual Fabrics overview Web Tools Administrator’s Guide 53-1001194-01...
Page 95: Maintaining Configurations And Firmware
Chapter Maintaining Configurations and Firmware In this chapter • Creating a configuration backup file ....... 67 •...
Page 96: Figure 33 Upload/Download Tab
Creating a configuration backup file FIGURE 33 Upload/Download tab 5. If you upload from a network, type the host name or IP address in the Host Name or IP field, the user ID and password required for access to the host in the User Name and Password fields, and choose the Protocol Type used for the upload.
Page 97: Restoring A Configuration
Restoring a configuration An info link is enabled when USB is chosen as the source of the configuration file. If you click on info, the following information message is displayed. 6. Type the configuration file with a fully-qualified path, or select the configuration file name in the Configuration File Name field.
Page 98: Figure 35 Upload/Download Tab
Restoring a configuration FIGURE 35 Upload/Download tab 5. Under Function, select Config Download to Switch. 6. If you download from a network, type the host name or IP address in the Host Name or IP field, the user ID and password required for access to the host in the User Name and Password fields, and choose the Protocol Type used for the upload.
Page 99: Admin Domain Configuration Maintenance
Admin Domain configuration maintenance An info link is enabled when USB is chosen as the source of the configuration file. If you click info, the following information message is displayed. 8. Type the configuration file with a fully-qualified path, or select the configuration file in the Configuration File Name field.
Page 100: Uploading And Downloading From Usb Storage
Uploading and downloading from USB storage • Local zone configuration • iSCSI config (if any) • All other config information except Admin Domain configuration information • If you invoke it from AD255 and you are logged in with any role that allows config upload/ download), the following will be saved in the configuration file: •...
Page 101: Performing A Firmware Download
Performing a firmware download FIGURE 37 USB Port Management wizard Performing a firmware download During a firmware download, the switch reboots and the browser temporarily loses connection with the switch. When the connection is restored, the version of the software running in the browser is different from the new software version that was installed and activated on the switch.
Page 102: Figure 38 Firmware Download Tab
Performing a firmware download FIGURE 38 Firmware Download tab 3. Choose whether you are downloading the firmware or the firmware key. 4. Choose whether the download source is located on the network or a USB device. When you select the USB button, you can specify only a firmware path or directory name. No other fields on the tab are available.
Page 103: Encryption Firmware Download
Performing a firmware download About halfway through the download process, after the firmware key is downloaded to the switch, connection to the switch is lost and Web Tools invalidates the current session. (Web Tools invalidates all windows because upfront login is always enabled and cannot be disabled. 8.
Page 104: Switch Configurations For Mixed Fabrics
Switch configurations for mixed fabrics FIGURE 39 Firmware Download tab for bladed switches Switch configurations for mixed fabrics You can use Web Tools to configure switches in a mixed fabric. You do this by setting the switch to interoperability mode, which is McDATA Open Fabric mode or McDATA Fabric mode. When you turn on interoperability mode, the Zone DB is cleared.
Page 105: Enabling Interoperability
Switch configurations for mixed fabrics Enabling interoperability When you configure interoperability, Web Tools verifies that the domain ID of the switch falls within the range for the interoperability mode you choose. The domain ranges are: • The normal domain ID range is 1-239. •...
Page 106 Switch configurations for mixed fabrics Web Tools Administrator’s Guide 53-1001194-01...
Page 107: Managing Your Ports
Chapter Managing Your Ports In this chapter • Port management overview ........79 •...
Page 108: Figure 41 Port Administration Window, Fc Ports, Basic Mode
Port management overview Click here to display FC Ports FIGURE 41 Port Administration window, FC Ports, Basic Mode The Port Administration window displays information about the ports on the switch. Click the Show Advanced Mode button in the upper-right corner of the window to see more port management options (see Figure 42).
Page 109: Port Administration Window Components
Port management overview FIGURE 42 Port Administration window, FC Ports, Advanced Mode Admin Domain considerations In fabrics with user-defined Admin Domains, the Port Administration window is filtered to show only ports that are direct or indirect members of the currently selected Admin Domain. •...
Page 110 Port management overview The GigEPorts tab has the following three subtabs: Interfaces - lets you view interfaces Routes - lets you view routes FCIP tunnel - lets you view tunnels; this tab has two buttons: Go to FCIP port and Show Security Policies •...
Page 111: Controllable Ports
Port management overview • When viewing detailed information about a port, the Advanced Mode provides these additional subtabs: General—All ports • Enable/Disable Trunking • Enable/Disable NPIV • Port Swap • F_Port Trunking • Re-Authenticate SFP—Physical ports only (FC and GbE) •...
Page 112: Configuring Fc Ports
Configuring FC ports FIGURE 43 Port Administration window, Table view Configuring FC ports With the FC Port Configuration wizard, you can configure allowed port types, port speed, and long distance mode for physical ports. You must use Web Tools with the EGM license enabled on the switch to configure long distance; otherwise, access to this feature is denied and the following error message displays.
Page 113: Figure 45 Fc Port Configuration Wizard, Fc Ports
Configuring FC ports The following procedure describes how to open the FC Port Configuration wizard. The wizard is self- explanatory, so the explicit steps are not documented here. 1. Click a port in the Switch View to open the Port Administration window (see Figure 41 page 80).
Page 114: Allowed Port Types
Configuring FC ports Allowed Port Types For FC ports, the Port Administration window displays the following values relating to port type: Port Type This is the actual or current port type. If the port is offline, this value is the allowed types (or U_Port, if no type constraint is specified).
Page 115: Fc Fastwrite
Assigning a name to a port The EGM license is required only for 8 Gbps platforms, such as the Brocade DCX and DCX-4S enterprise-class platforms, the Encryption Switch, the 300, 5300, and 5100 switches. For non-8 Gbps platforms, all functionalities are available without EGM license. FC Fastwrite FC Fastwrite reduces the number of round-trip times required to write data.
Page 116: Considerations For Port Enable And Disable
Persistent enabling and disabling ports 5. Click Enable or Disable. If the button is gray (unavailable), the port is already in the enabled or disabled state. For example, if the Enable button is unavailable, the port is already enabled. If you select multiple ports in both enabled and disabled states, both buttons are active. When you click either button, the action is applied to all selected ports.
Page 117: Enabling And Disabling Npiv Ports
Enabling and disabling NPIV ports 6. Click Yes in the confirmation window. Enabling and disabling NPIV ports The NPIV license must be installed on a switch before NPIV functionality can be enabled on any port. NOTE NPIV enable/disable is not supported on EX_Ports. NPIV is supported on all ports on the Brocade FS-8-18 Encryption blade and Encryption Switch with a maximum of 255 virtual devices per port for Fabric OS v5.1.0 and higher.
Page 118: Enabling Ports On Demand
Port activation TABLE 9 Ports Enabled with POD Licenses and DPOD Feature (Continued) Switch Name Enabled by Enabled with Ports on Demand Enabled with the Dynamic Ports on Default License(s) Demand Feature Brocade 4018 2-11 12-17 Any available ports Brocade 4020 0-7, 15, 16 8, 9, 17-19 Any available ports...
Page 119: Disabling Dynamic Ports On Demand
Port activation 3. From the tree on the left, click the switch or the slot that contains the port. 4. Click the Enable DPOD button to enable the licensing mechanism to be dynamic. If the button says Disable DPOD, the licensing mechanism is already set to dynamic. The existing POD associations and assignments are set as the initial Dynamic POD associations.
Page 120: Port Swapping Index
Port swapping index You can reserve or release a license on any port with a a license allocated. To reserve a license, click Reserve License in the Port Administration window. To release a license, click Release License in the Port Administration window. Port swapping index If a port malfunctions, or if you want to connect to different devices without having to re-wire your infrastructure, you can move traffic from one port to another (swap ports) without changing the I/O...
Page 121: Figure 47 Port Swapping Index
Port swapping index FIGURE 47 Port Swapping Index Web Tools Administrator’s Guide 53-1001194-01...
Page 122 Port swapping index Web Tools Administrator’s Guide 53-1001194-01...
Page 123: Managing Administrative Domains
Chapter Managing Administrative Domains In this chapter • Administrative domain overview........95 •...
Page 124: User-Defined Admin Domains
Administrative domain overview User-defined Admin Domains AD1 through AD254 are user-defined Admin Domains. These user-defined Admin Domains can be created only by a physical fabric administrator in AD255. System-defined Admin Domains AD0 and AD255 are special Admin Domains and are present in every AD-capable fabric. AD0 is a system-defined Admin Domain that, in addition to containing members you explicitly added (similar to user-defined Admin Domains), it contains all online devices, switches, and switch ports that were not assigned to any user-defined Admin Domain.
Page 125: Admin Domain Membership
Enabling administrative domains You can use AD255 to: • Manage other Admin Domains. • Get an unfiltered view of the fabric. • Manage ACL and distribution (can be managed in AD0 if no other Admin Domains are present). • Manage Advanced Performance Monitoring (can be managed in AD0 if no other Admin Domains are present and only if you are using Web Tools with the EGM license).
Page 126: Admin Domain Window
Admin Domain window 1. Change the Admin Domain context to AD0. See “Changing the Admin Domain context” page 26. NOTE Changing the Admin Domain context requires using Web Tools with the EGM license; otherwise, access to this feature is denied and an error message displays. Change the Default Zone mode to No Access.
Page 127 Admin Domain window FIGURE 49 Admin Domain window, summary view The Admin Domain window displays information about the Admin Domains defined in the fabric. If you launch the Admin Domain window from AD255 (physical fabric), the window contains information about the current content of all Admin Domains. If you launch the Admin Domain window from any other Admin Domain, the window displays the current Admin Domain only.
Page 128: Figure 50 Admin Domain Window, Single Admin Domain Detail
Admin Domain window FIGURE 50 Admin Domain window, single Admin Domain detail NOTE The tree only displays launched switches and their ports. It also displays all the devices in the fabric. Slot and port information of other switches are not displayed in the tree. The Admin Domain window has buttons in a task bar at the top of the window: •...
Page 129: Opening The Admin Domain Window
Admin Domain window • Click Copy to copy the contents of the table in tab-delimited text format to a file. • Click Search to search for a specific text string in the table. The Switch Members box appears, as shown in Figure In the Switch Members box, type the text string and press Enter.
Page 130: Refreshing Admin Domain Information
Admin Domain window Refreshing Admin Domain information Any changes you make in the Admin Domain window are saved to a local buffer; they are not applied to persistent storage until you invoke one of the transactional operations listed in the Actions menu.
Page 131: Creating And Populating Domains
Creating and populating domains Creating and populating domains Setting up an Admin Domain involves the following steps: 1. Creating an Admin Domain. 2. Assigning one or more administrators to the Admin Domain. The Admin account always has access to administer the Admin Domains, even if no other users are assigned (see “Changing user account parameters”...
Page 132: Figure 53 Adding Members To An Admin Domain
Creating and populating domains 5. In the State area. select the Active check box to activate the Admin Domain when you finish creating it. This is the default setting. Clear the Active check box if you want the Admin Domain deactivated when you finish creating 6.
Page 133: Adding Ports Or Switches To The Fabric
Creating and populating domains The wizard displays a summary of the Admin Domain. Read the summary to verify that the Admin Domain setup is correctly. FIGURE 54 Summary view 9. Click Finish to close the wizard. 10. Click Save to save the new Admin Domain configuration to persistent storage. 11.
Page 134: Activating Or Deactivating An Admin Domain
Modifying Admin Domain members Activating or deactivating an Admin Domain 1. Open the Admin Domain window. 2. From the tree on the left, select the Admin Domain you want to activate or deactivate. 3. Click Activate to activate the Admin Domain. Click Deactivate to deactivate the Admin Domain.
Page 135: Figure 56 Modify Admin Domain Wizard
Modifying Admin Domain members FIGURE 56 Modify Admin Domain wizard 4. Assign members to the Admin Domain by selecting them in the Available Members section and clicking Add, Add Ports, or Add Devices. • Select a switch, port, or device in the Available Members tree and click Add to add the selected element.
Page 136: Renaming Admin Domains
Modifying Admin Domain members Renaming Admin Domains You can change the name of an Admin Domain, including an auto-assigned ID name. The Admin Domain name cannot exceed 63 chars and can contain alphabetic and numeric characters. The only special character allowed is an underscore ( _ ). NOTE You cannot rename AD0 or AD255.
Page 137: Enabling Isl Trunking
Chapter Enabling ISL Trunking In this chapter • ISL trunking overview ......... . 111 •...
Page 138: Disabling Or Enabling Isl Trunking
Disabling or enabling ISL trunking Disabling or enabling ISL trunking The trunking feature requires using Web Tools with the EGM license. If you attempt to use this feature without the EGM license, the following error message displays. FIGURE 57 Missing EGM license When the trunking license is activated, trunks are automatically established on eligible ISLs and trunking capability is enabled by default on all ports.
Page 139: Viewing Trunk Group Information
Viewing trunk group information Viewing trunk group information Use the Trunking tab of the Switch Admin window to view trunk group information (see Figure 58). FIGURE 58 Trunking tab The following trunking attributes can be displayed from the Port Admin view by selecting Show Advanced Mode.
Page 140: F_Port Trunk Groups
F_Port trunk groups F_Port trunk groups F_Port trunking provides extra bandwidth and robust connectivity for hosts and targets connected by switches in Access Gateway mode. There are five general criteria for establishing F_Port trunking: • The F_Port trunking feature requires installing the EGM license; otherwise if you attempt to use this feature in Web Tools without the license, the following error message displays.
Page 141: Figure 60 F_Port Trunking Dialog Box
F_Port trunk groups 3. Select any port from the port group in which you want to create the trunk group. 4. Select F_Port Trunking. The F_Port Trunking dialog box displays (see Figure FIGURE 60 F_Port trunking dialog box 5. Select one or more ports in the Ports for trunking pane. A dialog box displays, asking you to select a trunk index.
Page 142 F_Port trunk groups Web Tools Administrator’s Guide 53-1001194-01...
Page 143: Monitoring Performance
Chapter Monitoring Performance In this chapter • Performance Monitor overview........117 •...
Page 144: Admin Domain Considerations
Performance Monitor overview The Advanced Monitoring option in the Performance Graphs window displays pre-defined reports and filter-based performance monitoring. You can use this feature to track the following: • The number of words received and transmitted in Fibre Channel frames with a defined SID/ DID pair.
Page 145 Performance Monitor overview TABLE 10 Basic performance graphs Graph Type Displays Port Throughput The performance of a port, in bytes per second, for frames received and transmitted. Switch Aggregate Throughput The aggregate performance of all ports on a switch. Blade Aggregate Throughput The aggregate performance of all ports on a port card.
Page 146: Table 12 Supported Port Types For Brocade Switches
Performance Monitor overview Table 12 lists each graph and indicates the supported port types for each. The port selection lists for each graph display the supported ports for that graph. TABLE 12 Supported port types for Brocade switches Graph Type Physical FC_Ports Logical FC_Ports GbE Ports...
Page 147: User-Defined Graphs
Performance Monitor overview Figure 61 shows how to access the list of Advanced Performance Monitoring graphs using Web Tools with the EGM license. This example displays the graphs available in the Performance Monitoring window for a Brocade 48000 director with the Advanced Performance Monitoring license installed.
Page 148: Opening The Performance Monitoring Window
Opening the Performance Monitoring window FIGURE 62 Canvas of six performance monitoring graphs Opening the Performance Monitoring window To perform performance monitoring, you must use Web Tools with the EGM license; otherwise, when you click on the Performance Monitor tab, access to this feature is denied and an error messages displays.
Page 149: Customizing Basic Monitoring Graphs
Customizing basic monitoring graphs Depending on the type of graph you select, you might be prompted to select a slot or port for which to create a graph (see Figure 64). FIGURE 63 Creating a basic performance monitor graph 3. If prompted, drag the port into the Enter/drag slot,port field, or manually type the slot and port information in the field, in the format slot,port.
Page 150: Figure 64 Select Ports For Customizing The Switch Throughput Utilization Graph
Customizing basic monitoring graphs The following procedure assumes that you already created one of these customizable graphs. 1. Create or access the graph you want to customize. See “Creating basic performance monitor graphs” on page 123 for instructions on creating a graph. 2.
Page 151: Advanced Performance Monitoring Graphs
Advanced performance monitoring graphs Click Add to move the selected ports to the Selected Ports list. d. Optional: Click ADD ALL Ports to add all of the ports in the Port Selection List to the Selected Ports list. e. Optional: Click Search to open the Search Port Selection List dialog box, from which you can search for all E_Ports, all F_Ports, or all port names with a defined string.
Page 152: Figure 65 Creating An Sid/Did Performance Graph
Advanced performance monitoring graphs FIGURE 65 Creating an SID/DID performance graph NOTE Only the FC ports of the launched switch display in the tree. The All Devices tab lists all the devices in the fabric and lets you select the source and destination. Slot and port information of other switches is not displayed in the tree.
Page 153: Creating A Scsi Vs. Ip Traffic Graph
Advanced performance monitoring graphs Creating a SCSI vs. IP Traffic Graph The SCSI vs. IP Traffic graph displays the SCSI versus IP traffic for selected ports. For Brocade 48000 and Brocade DCX and DCX-4S enterprise-class platforms, the slot and port name are identified in the graph.
Page 154: Saving Graphs To A Canvas
Saving graphs to a canvas FIGURE 66 Creating a SCSI command graph 3. Navigate to a switch > slot > port in the Slot/Port Selection List. 4. Click the port from the Slot/Port Selection List and drag it into the Enter/drag slot,port field. 5.
Page 155: Adding Graphs To An Existing Canvas
Adding graphs to an existing canvas Adding graphs to an existing canvas The following procedure assumes that a canvas is already created. To create a new canvas, you must first create graphs, as described in “Creating basic performance monitor graphs” on page 123 and “Advanced performance monitoring graphs”...
Page 156 Modifying graphs NOTE The Edit button is enabled only for the graphs that are configurable or editable. 5. Make changes in the Edit dialog box, as necessary. 6. Click OK to close the Edit dialog box. Click Save to save the changes and close the Performance Monitor Canvas dialog box. 8.
Page 157: Administering Zoning
Chapter Administering Zoning In this chapter • Zoning overview ..........131 •...
Page 158: Basic Zones
Zoning overview TABLE 13 Zoning features supported in DCFM Professional and Enterprise Edition Description DCFM Professional Edition DCFM Enterprise Edition LSAN zoning Rolling back an already activated zone Importing/Exporting of a zone DB to/ from file system in XML format Basic Zones Basic zoning enables you to partition a storage area network (SAN) into logical groups of devices that can access each other.
Page 159: Qos Zone Requirements
Zoning configurations QoS zone requirements A QoS zone is a special zone that assigns a Quality of Service (QoS) level for traffic flow between a given host/target pair. The members of a QoS zone are WWNs of the host/target pairs. QoS zones can contain only WWN members.
Page 160: Figure 67 Zone Administration Window
Zoning management 1. Open the Zone Administration window (see “Opening the Zone Administration window” page 133). 2. Click Zoning Actions > Set Default Mode, and then select the access mode. Zoning management You can monitor and manage basic and traffic isolation zoning through the Web Tools Zone Administration.
Page 161: Zoning Management
Zoning management ATTENTION Any changes you make in the Zone Administration window are held in a buffered environment and are not updated in the zoning database until you save the changes. If you close the Zone Administration window without saving your changes, your changes are lost. To save the buffered changes you make in the Zone Administration window to the zoning database on the switch, see “Saving local zoning changes”...
Page 162: Refreshing Fabric Information
Zoning management Refreshing fabric information This function refreshes the display of fabric elements only (switches, ports, and devices). It does not affect any zoning element changes or update zone information in the Zone Administration window. You can refresh the fabric element information displayed at any time. 1.
Page 163: Saving Local Zoning Changes
Zoning management Saving local zoning changes All information displayed and all changes made in the Zone Administration window are buffered until you save the changes. That means that any other user looking at the zone information for the switch will not see the changes you have made until you save them. Saving the changes propagates any changes made in the Zone Administration window (buffered changes) to the zoning database on the switch.
Page 164: Creating And Populating Zone Aliases
Zoning management Creating and populating zone aliases An alias is a logical group of port index numbers and WWNs. Specifying groups of ports or devices as an alias makes zone configuration easier, by enabling you to configure zones using an alias rather than inputting a long string of individual members.
Page 165: Renaming Zone Aliases
Zoning management 6. Click Zoning Actions > Save Config to save the configuration changes. To enable the configuration, see “Enabling zone configurations” on page 145. Renaming zone aliases The new alias name cannot exceed 64 characters and can contain alphabetic, numeric, and underscore characters.
Page 166: Creating And Populating Zones
Zoning management Creating and populating zones A zone is a region within the fabric where specified switches and devices can communicate. A device can communicate only with other devices connected to the fabric within its specified zone. Use the following procedure to create a zone. 1.
Page 167: Renaming Zones
Zoning management 5. Click Add Member to add a zone member, or click Remove Member to remove a zone member. The zone is modified in the Zone Admin buffer. At this point you can either save your changes or save and enable your changes. 6.
Page 168: Deleting Zones
Zoning management Deleting zones Use the following procedure to delete a zone. 1. Open the Zone Administration window as described on page 133. 2. Click the Zone tab. 3. Select the zone you want to delete from the Name menu and click Delete. 4.
Page 169: Zone Configuration And Zoning Database Management
Zone configuration and zoning database management Zone configuration and zoning database management A zone configuration is a group of zones; zoning is enabled on a fabric by enabling a specific configuration. You can specify members of a configuration using zone names. Figure 68 shows a sample zoning database and the relationship between the zone aliases, zones, and zoning configuration.
Page 170: Adding Or Removing Zone Configuration Members
Zone configuration and zoning database management 3. Click the Zone Config tab and click New Zone Config. 4. On Create New Config, type a name for the new configuration and click OK. The new configuration appears in the Name list. 5.
Page 171: Cloning Zone Configurations
Zone configuration and zoning database management 4. On Rename a Config, type a new configuration name and click OK. The configuration is renamed in the configuration database. 5. Click Zoning Actions > Save Config to save the configuration changes. Cloning zone configurations You must use Web Tools with the EGM license to perform cloning operations for zone configurations;...
Page 172: Disabling Zone Configurations
Zone configuration and zoning database management 1. Open the Zone Administration window as described on page 133. 2. Click Zoning Actions > Enable Config. 3. On Enable Config, select the configuration to be enabled from the menu. 4. Click OK to save and enable the selected configuration. Disabling zone configurations When you disable the active configuration, the Advanced Zoning feature is disabled on the fabric, and all devices within the fabric can communicate with all other devices.
Page 173: Viewing The Enabled Zone Configuration Name Without Opening The Zone Administration Window
Zone configuration and zoning database management FIGURE 69 Effective Configuration window Viewing the enabled zone configuration name without opening the Zone Administration window • Select a switch from the Fabric Tree. The selected switch appears in the Switch View. The current zone configuration name (if one is enabled) is displayed in the lower portion of the Switch Events and Switch Information.
Page 174: Adding A Wwn To Multiple Aliases And Zones
Zone configuration and zoning database management 3. Optional: Click Print located in the Print Effective Zone Configuration dialog box to print the enabled zone configuration details. This launches the print dialog box. NOTE You must use DCFM Professional or Enterprise Edition to print the zone database summary configurations, display zone configuration summaries and create configuration analysis reports.
Page 175: Searching For Zone Members
Zone configuration and zoning database management 3. Type the WWN to be replaced in the Replace field. 4. Type the new WWN in the By field and click OK. The Replace WWN dialog box is displayed. It lists all the zoning elements that include the WWN.
Page 176: Zone Configuration Analysis
Best practices for zoning • Clear the entire contents of the current Web Tools Zone Admin buffer. • Delete the entire persistent contents of the fabric zoning database. The wizard allows you to define one and only one name for each device port (WWN). Devices with one or more aliases are considered already named and are not displayed.
Page 177: Working With Diagnostic Features
Chapter Working With Diagnostic Features In this chapter • Trace dumps ..........151 •...
Page 178: How A Trace Dump Is Used
Trace dumps Using the Trace tab of the Switch Administration window, you can view and configure the trace FTP host target and enable or disable automatic trace uploads. FIGURE 70 Trace tab How a trace dump is used The generation of a trace dump causes a CRITICAL message to be logged to the system error log. When a trace dump is detected, issue the supportSave command on the affected switch.
Page 179: Specifying A Remote Server
Trace dumps Setting up for automatic transfer of diagnostic files involves the following tasks: • Specifying a remote server to store the files. • Enabling the automatic transfer of trace dumps to the server. (Trace dumps overwrite each other by default; sending them to a server preserves information that would otherwise be lost.) Specifying a remote server You can perform this task only if the switch belongs to the Admin Domain you are logged into.
Page 180: Displaying Switch Information
Displaying switch information Displaying switch information The Fan, Temperature, and Power Status windows have Export, Copy, and Search options at the top of the tables. These options are not available if the table does not have any content. You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the functionality of Export and Copy.
Page 181: Viewing The Temperature Status
Displaying switch information The Fan No. column indicates either the fan number or the fan FRU number, depending on the switch model. A fan FRU can contain one or more fans. • For Brocade 4100, 4900, 5000, 5100, 5300, 7600, the 7500 and 7500E Extension switches, and the Brocade Encryption Switch, the Fan No.
Page 182: Checking The Physical Health Of A Switch
Displaying switch information 1. Select a switch from the Fabric Tree. The selected switch appears in the Switch View. The icon on the Power button indicates the overall status of the power supply. 2. Click Power on the Switch View. The detailed power supply states are displayed.
Page 183 Displaying switch information Click the Status button to display a detailed, customizable switch status report, shown in Figure 75. Note that this is a static report and not a dynamic view of the switch. FIGURE 75 Switch Report window 1. Select a switch from the Fabric Tree.
Page 184: Port Led Interpretation
Port LED interpretation • View the style sheet for the report • View the XML schema for the report FIGURE 76 Switch Report Action menu Port LED interpretation Switch View displays port graphics with blinking LEDs, simulating the physical appearance of the ports.
Page 185: Port Icon Colors
Port LED interpretation Port icon colors The background color of the port icon indicates the port status, as follows: • Green (healthy) • Yellow (marginal) • Red (critical) • Gray (unmonitored) • If the entire port icon is blue, the port is buffer-limited. •...
Page 186: Figure 78 Port Leds For The Fc4-32 Port Blade In The Brocade 48000
Port LED interpretation Web Tools Representation Physical Port Card F C 4 1. Port Speed LED for the right port 2. Port Status LED for the right port 3. Port Speed LED for the left port 4. Port Status LED for the left port FIGURE 78 Port LEDs for the FC4-32 port blade in the Brocade 48000 Web Tools Administrator’s Guide...
Page 187: Using The Fc-Fc Routing Service
Chapter Using the FC-FC Routing Service In this chapter • Fibre Channel routing overview ........161 •...
Page 188: Supported Switches For Fibre Channel Routing
Supported switches for Fibre Channel routing Note the following terminology for Fibre Channel routing: backbone fabric An FC Router can connect two edge fabrics; a backbone fabric connects FC Routers. The backbone fabric is the fabric to which the FC Router switch belongs.
Page 189: Fc-Fc Routing Management
FC-FC routing management 3. Configure EX_Ports by clicking the EX Ports tab and then clicking New. Follow the instructions in the wizard. See “Viewing EX_Ports” on page 165. 4. Connect the cables from the EX_Ports on the FC Router to the edge fabrics, if they were not connected before.
Page 190: Viewing And Managing Lsan Fabrics
FC-FC routing management 1. Select a switch from the Fabric Tree. The selected switch appears in the Switch View. 2. Click FCR in the Manage section of the Tasks menu. The FC Routing module displays (as shown in Figure 79). If FC-FC Routing is disabled, a message to that effect displays on all the tabs in the module.
Page 191: Viewing Ex_Ports
Viewing EX_Ports For Brocade switches, this launches Web Tools. For non-Brocade fabrics, this launches the element manager for that switch. FIGURE 80 FC Routing module with LSAN Fabrics tab selected Viewing EX_Ports The EX_Ports tab (see Figure 81 on page 166) displays all of the EX_Ports on the switch, including configuration and status information.
Page 192: Figure 81 Fc Routing Module With Ex_Ports Tab Selected
Configuring an EX_Port • Enable or disable an EX_Port • Persistently enable or disable an EX_Port • Enable or disable trunking • Configure router port cost ATTENTION During EX_Port configuration, the port is automatically disabled, and then reenabled when the changes are applied.
Page 193: Editing The Configuration Of An Ex_Port
Configuring FCR router port cost 4. Follow the instructions in the wizard to configure the EX_Port. You must specify the Fabric ID and, if configuring an FC port, the speed and long distance mode. You can choose any unique fabric ID as long as it is consistent for all EX_Ports that connect to the same edge fabric.
Page 194: Viewing Lsan Devices
Viewing LSAN zones The LSAN matrix is mapping of LSAN Zones with the edge fabric they are going to communicate with. When an LSAN matrix is created in the backbone fabric, only the LSAN zones mapped in the edge fabrics are displayed in the LSAN Zones tab. Follow the procedure described in “Creating and populating zones”...
Page 195: Configuring The Backbone Fabric Id
Configuring the backbone fabric ID Configuring the backbone fabric ID The FC-FC Routing Service must be disabled when configuring the backbone fabric ID. Web Tools automatically disables FC-FC Routing before setting the fabric ID, and then reenables it afterwards; however, you must first disable all of the EX_Ports before you invoke this operation. After the fabric ID is changed, you can enable these ports again manually.
Page 196 Configuring the backbone fabric ID Web Tools Administrator’s Guide 53-1001194-01...
Page 197: Using The Access Gateway
Chapter Using the Access Gateway In this chapter • Access Gateway overview ........171 •...
Page 198: Disabling Access Gateway Mode
Disabling Access Gateway mode NOTE You cannot enable Access Gateway mode if Management Server is enabled. To disable Management Server, enter the MsplmgmtDeactivate command. 1. Select a switch. 2. Click Switch Admin in the Manage section under Tasks. The Switch Administration window opens. 3.
Page 199: Port Configuration
Port configuration FIGURE 83 Access Gateway Device display Port configuration You can configure the port types (N_Port, F_Port) on each individual port on an Access Gateway enabled switch. When you configure ports, you can specify a global configuration policy using the Port Configuration Policy button.
Page 200: Defining Custom Primary And Secondary Mapping
Port configuration NOTE If you want to distribute F_Ports among groups, you can leave all ports in the default port group 0, or you can disable N_Port grouping. 1. Click a port in the Switch View to open the Port Administration window. 2.
Page 201: Access Gateway Policy Modification
Access Gateway policy modification FIGURE 85 F-N Port Mapping Configuration dialog box 4. In the Primary Mappings area, select ports and use the Add button to map F_Ports or U_Ports to N_Ports. Use the Remove button to delete an F_Port mapping from an N_Port. 5.
Page 202: Path Failover And Failback Policies
Access Gateway policy modification Path Failover and Failback policies The Path Failover and Failback policies determine the behavior of the F_Port if the primary mapped N_Port they are mapped to goes offline or is disabled. The Path Failover and failback policies are attributes of the N_Port.
Page 203 Access Gateway policy modification 3. Click Yes in the confirmation window. Web Tools Administrator’s Guide 53-1001194-01...
Page 204 Access Gateway policy modification Web Tools Administrator’s Guide 53-1001194-01...
Page 205: Administering Fabric Watch
Chapter Administering Fabric Watch In this chapter • Fabric Watch overview......... . 177 •...
Page 206: Using Fabric Watch With Web Tools
Using Fabric Watch with Web Tools Using Fabric Watch with Web Tools You can perform Fabric Watch operations using Web Tools and Web Tools with the EGM license. NOTE Unless the switch is a member of the current Admin Domain context, Fabric Watch is view-only. FIGURE 88 The Fabric Watch window Fabric Watch Explorer, on the left side of the window, displays the available classes.
Page 207: Opening The Fabric Watch Window
Fabric Watch threshold configuration Opening the Fabric Watch window 1. Select a switch from the Fabric Tree and log in if necessary. 2. Select Tasks > Manage > Fabric Watch. The Fabric Watch window opens, as shown in Figure Fabric Watch threshold configuration The Threshold Configuration tab enables you to configure event conditions.
Page 208: Figure 89 Threshold Configuration In Fabric Watch
Fabric Watch threshold configuration FIGURE 89 Threshold configuration in Fabric Watch 3. Click the Trait Configuration subtab. 4. In Fabric Watch Explorer, click a class. 5. Under Area Selection, choose an area from the list. This sets the units in the Units field. The module displays two columns of trait information, labeled System Default and Custom Defined.
Page 209: Configuring Threshold Alarms
Fabric Watch threshold configuration Configuring threshold alarms After you update the threshold information, use the Alarm Configuration subtab to customize the notification settings for each event setting. 1. Open the Fabric Watch window. 2. Click the Threshold Configuration tab. 3. Click the Alarm Configuration subtab. 4.
Page 210: Configuring Alarms For Frus
Configuring alarms for FRUs • Click Triggered to receive threshold alarms only when they are triggered by events that you defined. • Click Continuous to receive threshold alarms at a continuous interval. Select a time interval in which to receive the threshold alarms from the Time Interval menu. 9.
Page 211: Fabric Watch Alarm Information
Fabric Watch alarm information Fabric Watch alarm information From Fabric Watch, you can view two types of reports: • Alarm notifications—Displays the alarms that occurred for a selected class/area • Alarm configuration—Displays threshold and alarm configurations for a selected class/area Viewing an alarm configuration report Use the Threshold Configuration tab, Configuration Report subtab to display a report of the configuration for a selected class/area with the following information:...
Page 212: E-Mail Notification
E-mail notification 1. Open the Fabric Watch window. 2. In Fabric Watch Explorer, select the class that you want to check for alarms. 3. Click the Alarm Notification tab. 4. In Area Selection, select the area that you want to check for alarms from the list. All alarms for that area display.
Page 213: Figure 90 Fabric Watch Email Configuration Tab
E-mail notification NOTE E-mail addresses must not exceed 128 characters. 5. Click Apply. 6. Optional: Click Send Test Email to receive a test e-mail so you can verify the e-mail notification is working correctly. You can send a test e-mail only after you have applied your settings. FIGURE 90 Fabric Watch Email Configuration tab Web Tools Administrator’s Guide...
Page 214 E-mail notification Web Tools Administrator’s Guide 53-1001194-01...
Page 215: Administering Extended Fabrics
Chapter Administering Extended Fabrics In this chapter • Extended link buffer allocation overview ......187 •...
Page 216: Figure 91 Extended Fabric Tab
Extended link buffer allocation overview • Actual Distance (km)—The actual distance for the link in kilometers. • Desired Distance (km)—Required for a port configured in LD or LS mode (see Table 16 page 189), the desired distance, in kilometers, for the link. For an LD-mode link, the desired distance is used as the upper limit of the link distance to calculate buffer availability for other ports in the same port group.
Page 217: Configuring A Port For Long Distance
Configuring a port for long distance TABLE 16 Long-distance settings and license requirements Value Description Extended Fabrics License Required? No long-distance setting is enabled. The maximum supported link distance is 10 km, 5 km, or 2.5 km for ports at speeds of 1 Gbps, 2 Gbps, and 4 Gbps, respectively.
Page 218 Configuring a port for long distance • If the port capability is 2 GB, type a number between 10 and 250, inclusive. • If the port capability is 1 GB, type a number between 10 and 500, inclusive. This value is the upper limit for calculating buffer availability for other ports in the same port group.
Page 219: Administering The Iscsi Target Gateway
Chapter Administering the iSCSI Target Gateway In this chapter • iSCSI service overview......... . 191 •...
Page 220: Supported Platforms For Iscsi
iSCSI service overview Supported platforms for iSCSI The iSCSI target gateway service is supported on the Brocade 48000 director with CP blades running Fabric OS v5.2.0 and later releases, and configured with an FC4-16IP blade. Common iSCSI Target Gateway Admin functions Export, Copy, and Search links are displayed at the top of each tab.
Page 221: Terminology
iSCSI service overview Terminology iSCSI target gateway services require you to understand some additional terminology. Following are terms that are used in this document to explain how the iSCSI target gateway is implemented. TABLE 17 iSCSI gateway services terminology Term Definition iSCSI Internet-SCSI.
Page 222: Saving Changes
Setting up iSCSI Target Gateway Services Saving Changes There are several ways to save changes on the switch and apply them to the fabric (applies to the iSCSI Target Gateway Admin module only): • Apply—Click Apply and your changes will be transfered from the Web Tools database to the switches database and distributed throughout the fabric.
Page 223: Figure 93 Iscsi Target Gateway Admin With The Targets Tab Selected
Setting up iSCSI Target Gateway Services FIGURE 93 iSCSI Target Gateway Admin with the Targets tab selected 1. Select a switch from the Fabric Tree and log in, if necessary. The selected switch appears in Switch View. Make sure that your Admin Domain Context is either AD0 or AD255. Generally, the default user Admin Domain is AD0.
Page 224: Launching The Iscsi Setup Wizard
Setting up iSCSI Target Gateway Services Launching the iSCSI Setup wizard 1. Select a switch from the Fabric Tree and log in, if necessary. The selected switch appears in Switch View. Make sure that your Admin Domain Context is either AD0 or AD255. Generally, the default user Admin Domain is AD0.
Page 225: Configuring The Ip Interface
Setting up iSCSI Target Gateway Services Configuring the IP interface This step configures iSCSI ports (GbE Ports) found on the FC4-16IP. You must have at least one iSCSI port configured to log into the iSCSI target. There are two steps in this process: •...
Page 226: Editing An Ip Address
Setting up iSCSI Target Gateway Services 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Select the iSCSI Port tab. 3. In the left pane, select the GbE port to use. 4. Select the IP Interface subtab and click Add. 5.
Page 227: Configuring The Ip Route (Optional)
Setting up iSCSI Target Gateway Services Configuring the IP route (optional) 1. Launch the iSCSI Target Gateway Admin module as described on page 194. 2. Select the iSCSI Port tab. 3. From the left pane, select the GbE port that to use. 4.
Page 228: Creating Iscsi Virtual Targets
Setting up iSCSI Target Gateway Services Creating iSCSI virtual targets SCSI virtual target creation is done from the first pane in the iSCSI Target Gateway Admin module. The iSCSI Virtual Target wizard provides two ways to create iSCSI targets: Create and Easy Create. Create allows you to double check your work several times before committing the changes.
Page 229: Using Easy Create To Create Iscsi Virtual Targets
Setting up iSCSI Target Gateway Services Using Easy Create to create iSCSI virtual targets Easy Create is an alternative method for creating iSCSI virtual targets. 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Select the Targets tab. 3.
Page 230: Searching For A Specific Fibre Channel Target
Setting up iSCSI Target Gateway Services 5. Follow the instructions in the wizard to edit an iSCSI virtual target. The wizard is self-explanatory, so the individual steps are not described in this document. NOTE The Remove LUN(s) button is available only for virtual targets that are fully initialized as a target.
Page 231: Discovery Domain Management
Discovery Domain management Discovery Domain management You configure discovery domains and discovery domain sets for managing iSCSI device access control. The Discovery Domains pane displays all discovery domains and discovery domain sets and allows you to manage them. When you select DDInfo from the tree in the left pane, you can create a discovery domain. If you select an object in the discovery domain set listed you can view, create, edit, delete, enable, or disable any of the discovery domain information contained in each object.
Page 232: Creating A Discovery Domain
Discovery Domain management In the wizard: • You can configure the DD. You specify the DD name, and then you can add or remove initiators and targets. You can also add any offline device(s) by entering the IQN name in the IQN name field and clicking Add Offline Devices under the list on the right.
Page 233: Editing A Discovery Domain
Discovery domain sets (DDSet) Editing a discovery domain 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Select the Discovery Domains tab. 3. Select a DD in the left pane and click Edit. 4. Select virtual targets and use the buttons to add or remove them from the DD. 5.
Page 234: Editing A Discovery Domain Set
CHAP Configuration FIGURE 102 Create DDSet wizard 4. Follow the instructions in the wizard to create an iSCSI discovery domain set. The wizard is self-explanatory, so the individual steps are not described in this document. Editing a Discovery Domain Set 1.
Page 235: Creating A Chap User
CHAP Configuration FIGURE 103 CHAP tab Creating a CHAP user 1. Launch the iSCSI Target Gateway Admin module as described on page 194. 2. Select the CHAP tab. 3. Click Create. 4. Enter the CHAP user name. Optional: To add more than one user at a time, click Add. 5.
Page 236: Binding Or Removing Chap Users
iSCSI Fibre Channel Zone configuration Binding or Removing CHAP users 1. Launch the iSCSI Target Gateway Admin module as described on page 194. 2. Select the CHAP tab. 3. Click Bind/Remove Chap(s). 4. Select a virtual target. 5. Enter a new CHAP user, if necessary. 6.
Page 237: Creating An Iscsi Fibre Channel Zone With No Effective Zone Configuration
iSCSI Fibre Channel Zone configuration Creating an iSCSI Fibre Channel zone with no effective zone configuration 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Click Create iSCSI Zone. The following dialog box is displayed. FIGURE 104 Create an iSCSI FC zone dialog box 3.
Page 238: Managing And Troubleshooting Accessibility
Managing and Troubleshooting Accessibility 5. Click OK. The effective configuration is modified and re-enabled. Managing and Troubleshooting Accessibility The Web Tools iSCSI accessibility feature helps you do the following: • Verify that both host and target are online. • Verify that the effective discovery domain set has both host and target. •...
Page 239: Routing Traffic
Chapter Routing Traffic In this chapter • Routing overview ..........211 •...
Page 240: Viewing Fabric Shortest Path First Routing
Viewing Fabric Shortest Path First routing FIGURE 105 Routing tab Viewing Fabric Shortest Path First routing The Routing tab of the Switch Administration window displays information about routing paths. 1. Open the Switch Administration window as described on page 2. Click the Routing tab. 3.
Page 241: Specifying Frame Order Delivery
Specifying frame order delivery When the port-based policy is in force, you can enable DLS to optimize routing. When DLS is enabled, it shares traffic among multiple equivalent paths between switches. DLS recomputes load sharing either when a switch boots up or each time an E_Port or FX_Port goes online or offline. Enabling this feature allows a path to be discovered automatically by the FSPF path-selection protocol.
Page 242: Configuring The Link Cost For A Port
Configuring the link cost for a port Configuring the link cost for a port This section describes how to set the cost of an interswitch link (ISL). The cost of a link is a dimensionless positive number. The fabric shortest path first (FSPF) protocol compares the cost of various paths between a source switch and a destination switch by adding the costs of all the ISLs along each path.
Page 243: In This Chapter
Chapter Configuring Standard Security Features In this chapter • User-defined accounts ......... 215 •...
Page 244: Virtual Fabrics Considerations
User-defined accounts The User tab of the Switch Administration window (see Figure 106 on page 217) displays account information. You can create and manage accounts depending on your role: TABLE 18 User role and permissions Role Permissions admin Create and manage all predefined and user-defined accounts operator Change your own password and cannot create, modify, or view predefined or user- defined accounts...
Page 245: Viewing User Account Information
User-defined accounts FIGURE 106 User tab Viewing user account information 1. Open the Switch Administration window as described on page 2. Click the User tab. A list of the default and user-defined accounts appears. If you are logged in using the switchadmin role, only your account information is displayed.
Page 246: Figure 107 Add User Account Dialog Box (Vf)
User-defined accounts FIGURE 107 Add User Account dialog box (VF) FIGURE 108 Add User Account dialog box (AD) Web Tools Administrator’s Guide 53-1001194-01...
Page 247: Deleting User-Defined Accounts
User-defined accounts 4. Type the user name, which must begin with an alphabetic character. The name can be up to 40 characters long. It is case-sensitive and can contain alphabetic and numeric characters, the dot (.) and the underscore (_). It must be different from all other account names on the logical switch.
Page 248: Changing User Account Parameters
User-defined accounts 3. Select the account to remove and click Remove. 4. Click Apply to save your changes. You cannot delete the default accounts. An account cannot delete itself. All active command line interface (CLI) sessions for the deleted account are logged out. Changing user account parameters Use the following procedure to change the role, add or change the description, and enable or disable accounts.
Page 249: Maintaining Passwords
User-defined accounts If AD0 is deselected in the user’s Admin Domain list and no other Admin Domains are selected, the next available Admin Domain becomes the user’s default home Admin Domain. 10. Click OK and click Apply to apply your changes. Maintaining passwords When you expire a password, the next time that user logs in, Web Tools requires the user to provide a new password.
Page 250: Figure 109 Configure Password Rules Dialog Box
User-defined accounts Setting the rules for passwords 1. Open the Switch Administration window as described on page 2. Click the User tab. 3. Click Set Password Rule. The Configure Password Rule dialog box displays, as shown in Figure 109 on page 222. 4.
Page 251 User-defined accounts Setting a password as expired 1. Open the Switch Administration window as described on page 2. Click the User tab. 3. Select the account. 4. Click Expire Password. If the button is unavailable, this means the password is already expired. 5.
Page 252: Figure 110 Role Mapping (Virtual Fabrics)
User-defined accounts The Role Mapping for that user is displayed (Figure 110). FIGURE 110 Role Mapping (Virtual Fabrics) Web Tools Administrator’s Guide 53-1001194-01...
Page 253: Access Control List Policy Configuration
Access control list policy configuration Access control list policy configuration Support for the Access Control List (ACL) policies is currently defined in the Switch Connection Control (SCC) and Device Connection Control (DCC) policies. SCC and DCC policy configuration in base Fabric OS is performed on a switch-local basis. Fabric Configuration Server (FCS) Policy can be created only once.
Page 254: Creating An Scc, Dcc, Or Fcs Policy
Access control list policy configuration Creating an SCC, DCC, or FCS policy You can create the FCS policy only once. 1. Open the Switch Administration window as described on page 2. Click the Security Policies tab. 3. Select a policy by clicking on the appropriate tab (SCC, DCC, or FCS). 4.
Page 255: Editing An Scc, Dcc, Or Fcs Policy
Access control list policy configuration Editing an SCC, DCC, or FCS policy 1. Open the Switch Administration window as described on page 2. Make sure the Show Advanced Mode is selected. 3. Click the Security Policies tab. 4. Select a policy by clicking on the appropriate tab. 5.
Page 256: Distributing An Fcs Policy
Access control list policy configuration Distributing an FCS policy You must perform this procedure to distribute an FCS policy. 1. Open the Switch Administration window as described on page 2. Click the Security Policies tab. 3. Select the FCS tab. 4.
Page 257: Authentication Policy Configuration
Authentication policy configuration Authentication policy configuration You can configure an authentication protocol policy for E_Port and F_Port authentication, and then distribute the authentication policy to other switches in the fabric. You can also set shared secret keys. Configuring authentication policies for E_Ports 1.
Page 258: Distributing Authentication Policies
Authentication policy configuration Distributing authentication policies NOTE You cannot distribute authentication policies in AD0 unless it is the only Admin Domain. 1. Open the Switch Administration window as described on page 2. Click the Security Policies tab. 3. Click Authentication on the Security Policies menu. 4.
Page 259: Modifying A Shared Secret Key Pair
Authentication policy configuration FIGURE 113 Add Shared Secret Keys window 6. Enter the Switch WWN, name, or domain ID, or use the Browse button to select a switch. In the Peer Secret and Confirm Peer Secret fields, enter the peer secret value. 8.
Page 260: Snmp Configuration
SNMP configuration SNMP configuration This section describes how to manage the configuration of the SNMP agent in the switch. The configuration includes SNMPv1 and SNMPv3 configuration, accessControl, and systemGroup configuration parameters. Access is read-only if you do not have admin or security admin authority. For more information, see the snmpConfig command in the Fabric OS Command Reference.
Page 261: Changing The Systemgroup Configuration Parameters
SNMP configuration Changing the systemGroup configuration parameters 1. Open the Switch Administration window as described on page 2. Click the SNMP tab (see Figure 114). 3. Type a contact name, description, and location in the SNMP Information section. 4. Optional: Select the Enable Authentication Trap check box to allow authentication traps to be sent to the reception IP address.
Page 262: Radius Service Management
RADIUS service management 4. Select a permission for the host from the Access Control List menu. Options are Read Only and Read Write. 5. Click Apply. NOTE The port number is not included. RADIUS service management Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS client.
Page 263: Enabling And Disabling Radius Service
RADIUS service management FIGURE 116 AAA Service tab Enabling and Disabling RADIUS Service At least one RADIUS server must be configured before you can enable RADIUS service. 1. Open the Switch Administration window as described on page 2. Click the AAA Service tab. 3.
Page 264: Configuring The Radius Service
RADIUS service management Configuring the RADIUS Service The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and it is replicated on a standby CP, if one is present. It is saved in a configuration upload, and can be applied to other switches in a configuration download.
Page 265: Modifying The Radius Server Order
Active Directory service management Modifying the RADIUS Server Order The RADIUS servers are contacted in the order they are listed, starting from the top of the list and moving to the bottom. 1. Open the Switch Administration window as described on page 2.
Page 266: Modifying Active Directory Service
Active Directory service management 4. Select None, Switch Database when Active Directory authentication failed, or Switch Database when Active Directory timeout from the Secondary AAA Service menu. To disable Active Directory service, select Switch Database from the Primary AAA Service drop- down menu and select None from the Secondary AAA Service drop-down menu.
Page 267: Ipsec Concepts
IPSec Concepts IPSec Concepts Internet Security Protocol (IPSec) is a set of open standards that provide cryptographic security services for IP networks. Several protocols are available for providing authentication and secure transmission of data. From Web Tools, you can establish IPSec policies for FCIP implementations on7500 extension switches and FR4-18i blades, and you can establish IPSec policies for IP interfaces that provide management access to switches and control processors.
Page 268: Transport Mode And Tunnel Mode
IPSec Concepts Transport mode and tunnel mode Transport mode adds an authentication header (AH) before the IP header. Only a single pair of addresses is used (those in the IP header). When transport mode is used, both endpoints implement IPSec. Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the addresses of the tunnel end points.
Page 269: Ipsec Header Options
IPSec Concepts IPSec header options IPSec adds headers to an IP datagram to enable authentication and privacy. There are two options: • Authentication Header (AH) • Encapsulating Security Payload (ESP) Authentication Header AH can be used to authenticate a data stream, but does not provide encryption needed for privacy. The AH contains a message authentication code (MAC).
Page 270: Basic Ipsec Configurations
IPSec Concepts Basic IPSec configurations There are three basic configurations for IPSec use: • Endpoint to Endpoint. • Gateway to Gateway. • Endpoint to Gateway. Endpoint to Endpoint In an endpoint to endpoint configuration, both endpoints implement IPSec. Transport mode is commonly used in endpoint to endpoint configurations, and only a single pair of addresses is used.
Page 271: Internet Key Exchange (Ike) Concepts
IPSec Concepts Internet Key Exchange (IKE) Concepts Key exchange is used to authenticate the end points of an IP connection, and to determine security policies for IP traffic over the connection. The initiating node proposes a policy based on the following: •...
Page 272 IPSec Concepts PRF (Pseudo-Random Function) Algorithm The PRF algorithm generates output that appears to be random data, using the HMAC chosen as the hash algorithm as the seed value. PRF is used to strengthen security. Public key certificate-based authentication Industry standard X.500 database servers are available as certificate authority servers to enable certificate-based authentication of computers.
Page 273: Authentication Methods
IPSec Concepts Authentication methods The methods used to authenticate the IKE peer are preshared key (psk), DSS digital signature (dss), and RSA digital signature (rsasig). • A Preshared key (PSK) is a shared secret that is shared between two parties over a secure channel before it is used.
Page 274: Ipsec Over Fcip
IPSec over FCIP IPSec over FCIP 7500 extension switches and FR4-81i blades use FCIP protocol to IP to carry Fibre Channel traffic over IP networks. IPSec can be used to secure the IP flows over an FCIP tunnel. At a high level, the steps to take are as follows: •...
Page 275: Establishing An Ike Policy For An Fcip Tunnel
IPSec over FCIP Establishing an IKE policy for an FCIP tunnel 1. From the IKE tab of the IPSec Policies screen, select Create. An Add Policy dialog box is displayed (Figure 121). FIGURE 121 Add Policy (IKE for FCIP) 2. Policy Type provides a way to toggle between IKE and IPSec Add Policy dialog boxes. Make sure the Policy Type is set to IKE.
Page 276: Establishing An Ipsec Policy For An Fcip Tunnel
IPSec over FCIP Establishing an IPSec policy for an FCIP tunnel 1. Select the IPSec tab The IPSec Policies window is displayed. 2. Select Create. An Add Policy dialog box is displayed (Figure 122). FIGURE 122 Add Policy (IPSec over FCIP) 3.
Page 277: Ipsec Over Management Ports
IPSec over management ports IPSec over management ports IPSec can be applied to the management port on a switch or a CP blade to establish a secure connection between a PC or workstation and Web Tools. The connection can be used as a virtual private network (VPN) interface to Web Tools.
Page 278: Enabling Ipsec
IPSec over management ports Enabling IPSec Ethernet IPSec policies can be configured only after enabling IPSec by clicking the Enable button below the Ethernet IPSec policies table (refer to Figure 123). Establishing an IKE policy When you establish an IKE policy, you identify a set of algorithms and authentication rules and parameters to use in a key exchange.
Page 279: Creating A Security Association (Sa)
IPSec over management ports 5. Type the identifier of the remote peer switch in Peer Identifier. This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name. 6. Choose the Encryption Algorithm. the choices are 3des_cbc, null_enc, aes128_cbc, and aes256_cbc.
Page 280: Creating An Sa Proposal
IPSec over management ports 4. Type a name for the SA in the SA Name field. 5. Choose the IPSec Protocol. The choices are ah (for authentication header) and esp (for encapsulated security protocol). 6. Choose the Authentication Algorithm. The choices are hmac_md5, hmac_sha1, and AES_xcbc. Choose the Encryption Algorithm.
Page 281: Adding An Ipsec Transform Policy
IPSec over management ports 3. Type a name in the SA Proposal Name field. 4. Type the SAs in the SA(s) to use field. 5. Optionally, define SA lifetime parameters. The SA lifetime may be defined as a time value in seconds (LifeTime in seconds), as the number of bytes transmitted before the SA is rekeyed (LifeTime in bytes), or both.
Page 282: Figure 128 Add Transform Dialog Box
IPSec over management ports The Add Transform dialog box is displayed (Figure 128). FIGURE 128 Add Transform dialog box 3. Type a name in the Transform Name field. 4. Choose the IPSec Mode. The choices are Transport or Tunnel. 5. Select the SA Proposal name. 6.
Page 283: Adding An Ipsec Selector
IPSec over management ports Adding an IPSec selector Selectors are used to apply transform policies to an IP flow. Flows are uni-directional. Selectors are associated with a specific source IP address, a specific peer IP address, and a specific transform. 1.
Page 284: Figure 130 Add Selector Dialog Box
IPSec over management ports The Add Selector dialog box is displayed. FIGURE 130 Add Selector dialog box 3. Type a name in the Selector Name field. 4. Select the Traffic Flow Direction (in or out). IPSec policies are unidirectional, and must be applied separately to inbound and outbound flows.
Page 285: Manually Creating An Sa
IPSec over management ports Manually creating an SA You can manually create a security association (SA). 1. Select the SA(Manual) tab. 2. Select Add. The Add Manual-SA dialog box is displayed (Figure 131) FIGURE 131 Add Manual-SA dialog box 3. Type a security parameter index number in the SPI (Hexadecimal) field. The SPI must be manually applied when manually adding an SA.
Page 286: Editing An Ike Or Ipsec Policy
IPSec over management ports 8. Choose the IPSec Mode. The choices are Transport or Tunnel. Refer to“Transport mode and tunnel mode” if you are unfamiliar with Transport and Tunnel modes. 9. Choose the IPSec Protocol. The choices are ah (for authentication header) and esp (for encapsulated security protocol).
Page 287: Establishing Authentication Policies For Hbas
Establishing authentication policies for HBAs 5. Select the policy or policies you want to delete. 6. Select Delete. The policy is deleted from the SA database (SADB), and is removed from the list. Establishing authentication policies for HBAs To establish and enable authentication policies for HBAs as the log in to a fabric, do the following. 1.
Page 288: Figure 133 Device Authentication Shared Secret Keys Tab
Establishing authentication policies for HBAs 10. Click Apply. 11. If your authentication method uses a shared secret, select the Shared Secret Keys tab. The Shared Secret Keys screen is displayed (Figure 133). FIGURE 133 Device authentication Shared Secret Keys tab 12.
Page 289 Establishing authentication policies for HBAs 15. Enter the shared secret for the peer device (an HBA in this case) in the Peer Shared Secret and Confirm Peer Shared Secret fields. 16. Enter the shared secret for switch in the Local Shared Secret and Confirm Local Shared Secret fields.
Page 290 Establishing authentication policies for HBAs Web Tools Administrator’s Guide 53-1001194-01...
Page 291: In This Chapter
Chapter Administering FICON CUP Fabrics In this chapter • FICON CUP fabrics overview ........263 •...
Page 292: Enabling Port-Based Routing
Enabling port-based routing • Manage port connectivity configuration You do not need to install the FICON CUP license to perform FICON CUP management; you must install the FICON CUP license, however, if your switch is to enforce traffic between the FICON director and the host-based management program.
Page 293: Enabling Or Disabling Ficon Management Server Mode
Enabling or disabling FICON Management Server mode FIGURE 134 FICON CUP management Enabling or disabling FICON Management Server mode FICON Management Server (FMS) is used to support switch management using CUP. To be able to use the CUP functionality, all switches in the fabric must have FICON Management Server mode (FMS mode) enabled.
Page 294: Fms Parameter Configuration
FMS parameter configuration The FICON CUP tabbed page displays the FICON Management Server page, as shown in Figure 134. All attributes on this tab are disabled until FMS mode is enabled. 5. Click Enable in the FICON Management Server Mode section to enable FMS mode or click Disable to disable FMS mode.
Page 295: Configuring Fms Mode Parameters
Displaying code page information TABLE 22 FMS mode parameter descriptions (Continued) Parameter Description Director Clock Controls behavior for attempts to set the switch timestamp clock through the director console. Alert Mode When it is enabled, the director console (Web Tools, in this case) displays warning indications when the switch timestamp is changed by a user application.
Page 296: Viewing The Control Device State
Viewing the control device state Viewing the control device state The control device is in either a neutral or a switched state. When it is neutral, the control device accepts commands from any channel that has established a logic path with it and accepts commands from alternate managers.
Page 297: Cup Port Connectivity Configuration
CUP port connectivity configuration CUP port connectivity configuration In the Port Connectivity subpanel, you can manage the configuration files and active configuration. All CUP configuration files and the active configuration are listed in a table. The active configuration is listed as “Active Configuration*” and the description in the table is “Current active configuration on switch.”...
Page 298 CUP port connectivity configuration • To create a new configuration, click New. The Create Port CUP Connectivity Configuration dialog box displays all ports and port names on the selected switch (similar to the dialog box shown in Figure 136). The Block column, Prohibit column, and prohibited ports matrix are displayed as empty, for you to configure.
Page 299: Activating A Cup Port Connectivity Configuration
CUP port connectivity configuration FIGURE 136 Port CUP Connectivity Configuration dialog box Activating a CUP Port Connectivity Configuration When you activate a saved CUP port connectivity configuration on the switch, the preceding configuration (currently activated) is overwritten. 1. Open the CUP port connectivity configuration list. 2.
Page 300: Deleting A Cup Port Connectivity Configuration
Displaying Request Node Identification Data (RNID) 3. Click Copy. The Copy CUP Port Connectivity Configuration dialog box displays. 4. In the dialog box, type a name and description for the new configuration and click OK to save the configuration to the target file; click Cancel to cancel copying the configuration. The file name must be in alphanumeric characters and can contain only dashes or underscores as special characters.
Page 301 Displaying Request Node Identification Data (RNID) RNID information for attached FICON devices and channel paths displays on the Name Server view. To view this information, Click Name Server to display the Name Server view. Ports that completed an RNID exchange display FICON in the Capability column. For those ports, the following information specific to RNID displays in the following columns: •...
Page 302 Displaying Request Node Identification Data (RNID) Web Tools Administrator’s Guide 53-1001194-01...
Page 303: Limitations
Chapter Limitations In this chapter • General Web Tools limitations ........275 General Web Tools limitations Table 23 lists general Web Tools limitations that apply to all browsers and switch platforms.
Page 304 General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Firmware download There are multiple phases to firmware download and activation. When Web Tools reports that firmware download completed successfully, this indicates that a basic sanity check, package retrieval, package unloading, and verification was successful. Web Tools forces a full package install.
Page 305 General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Loss of Connection Occasionally, you might see the following message when you try to retrieve data from the switch or send a request to the switch: Switch Status Checking The switch is not currently accessible.
Page 306 General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Refresh option in Web Tools must be restarted when the Ethernet IP address is changed using the browsers NetworkConfig View command. Web Tools appears to hang if it is not restarted after this operation is executed.
Page 307: Clearing The Zoning Database
Index Numerics all access zoning arbitrated loop parameters, configuring automatic trace dump transfers 2 domain/4 domain fabric licenses backbone fabric About Discovery Domains (DD) backbone fabric ID, configuring Access Control List. See ACL backing up configuration file access control. See RBAC. basic performance monitoring graphs Access Gateway mode BB credit...
Page 308 configuration zone configuration iSCSI fibre channel zones with no effective Access Gateway mode zone configuration upload SCC/DCC policy configuration file SCSI command graphs Admin Domain considerations SCSI vs. IP traffic graphs backing up SID-DID performance graphs restoring virtual targets for iSCSI Target Gateway configuring arbitrated loop parameters zone aliases...
Page 309 disabling enabled zone configuration, displaying automatic trace uploads enabling blades automatic trace dump transfer dynamic load sharing beaconing Fabric Watch threshold alarms blades FICON Management Server mode ports Fabric Watch threshold alarms RADIUS service FICON Management Server mode RLS probing insistent domain ID mode switch iSCSI Target Gateway service...
Page 310 FC-FC routing initiators for iSCSI Target Gateway about in-order delivery. See IOD setting up insistent domain ID mode supported switches about FCR router cost enabling FCS policy installing activate Java Plug-in create deactivate JRE patches on Solaris delete Solaris patches distribute moving switch position frame delivery...
Page 311 effective zone configuration LSAN iSCSI initiator devices iSCSI initiators fabrics, managing iSCSI Port zones, managing iSCSI session iSCSI virtual target launching module LUN mapping managing/troubleshooting accessibility managing RADIUS server message severity levels MetaSAN search for FC target modifying supported switches performance graphs VT LUN RADIUS server...
Page 312 performance graphs refresh frequency, setting adding to a canvas refresh rates modifying refreshing printing Admin Domain window types of fabric information Performance Monitoring window Switch Administration window per-frame routing priority Zone Administration window persistently disable a port removing platforms, supported licenses RADIUS server polling rates...
Page 313 SID-DID performance graph SNMP trap levels Solaris patches, installing value line licenses starting Web Tools VC Priority swapping port index IDs viewing switch EX_Ports changing the name of LSAN devices enabling and disabling LSAN fabrics mouse over information LSAN zones rebooting swapped ports Switch Administration window...
Page 314 zone configurations creating deleting disabling enabling example modifying renaming zone member selection lists, searching zones about adding WWNs best practices creating deleting description LSAN modifying removing WWNs renaming replacing WWNs selecting a view zoning all access default zoning no access zoning database clearing maximum size...

This manual is also suitable for:

Ae370a - brocade 4gb san switch 4/12 Am866a - storageworks 8/8 base san switch 8/24 8/40 8/8 8/80 ... Show all

Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Chapter 1 Introducing Web Tools

Chapter 2 Using the Web Tools Interface

Chapter 3 Managing Fabrics and Switches

Chapter 4 Maintaining Configurations and Firmware

Chapter 5 Managing Your Ports

Chapter 6 Managing Administrative Domains

Chapter 7 Enabling ISL Trunking

Chapter 8 Monitoring Performance

Chapter 9 Administering Zoning

Quick Links

Web Tools

Troubleshooting

Related Manuals for Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base

Summary of Contents for Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base