Page 3
Document History The following table lists all versions of the Web Tools Administrator’s Guide. Document Title Publication Summary of Changes Publication Number Date Web Tools User’s Guide v2.0 53-0001536-01 September 1999 Web Tools User’s Guide v2.2 53-0001558-02 May 2000 Web Tools User’s Guide v2.3 53-0000067-02 N/A December 2000 Web Tools User’s Guide v3.0 53-0000130-03 July 2001...
Page 4
Document Title Publication Summary of Changes Publication Number Date Web Tools Administrator’s 53-1000049-01 Updates to support new switch January 2006 Guide types (4900, 7500) and Fabric OS v5.1.0, including FCR, FCIP, and the FR4-18i port blade. Web Tools EZ information is moved to a separate book.
Page 5
Web Tools Administrator’s Guidev 53-1001194-01...
Page 17
IPSec over FCIP .........246 Accessing the IPSec Policies dialog box .
Page 18
Web Tools Administrator’s Guide 53-1001194-01...
Page 19
Figures Figure 1 Configuring Internet Explorer ......... . 6 Figure 2 Temporary Internet Settings dialog box .
Page 20
Figure 36 USB configuration download......... 70 Figure 37 USB Port Management wizard .
Page 21
Figure 78 Port LEDs for the FC4-32 port blade in the Brocade 48000....160 Figure 79 FC Routing module in Disabled mode with General tab selected ..164 Figure 80 FC Routing module with LSAN Fabrics tab selected .
Page 22
Figure 120 IKE Policies (FCIP)..........246 Figure 121 Add Policy (IKE for FCIP) .
Page 23
Tables Table 1 Basic Web Tools features and EGM licensed features ..... 2 Table 2 Web Tools functionality moved to DCFM ....... . 4 Table 3 Certified and tested platforms.
Page 24
xxii Web Tools Administrator’s Guide 53-1001194-01...
• Chapter 13, “Administering Fabric Watch,” provides information on how to use the Fabric Watch feature to monitor the performance and status of switches and alert you when problems arise. • Chapter 14, “Administering Extended Fabrics,” provides information on how to configure a port for long distance.
• Brocade 48000 director • Brocade DCX Enterprise-class platform • Brocade Encryption Switch • Brocade DCX-4S Enterprise-class platform What’s new in this document The following changes have been made since this document was last released: • Changes to GUI icon images and operator components to be consistent with DCFM. •...
Notes, cautions, and warnings The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential hazards. NOTE A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information.
Additional information This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com and click Brocade Connect to register at no cost for a user ID and password.
• supportSave command output • Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps already performed and the results • Serial console and Telnet session logs •...
Web Tools, the EGM license, and DCFM Web Tools, the EGM license, and DCFM Beginning with Fabric OS version 6.1.1, Web Tools functionality is tiered and integrated with DCFM. If you are migrating from a Web Tools release prior to Fabric OS version 6.1.1, this may impact how you use Web Tools.
Page 33
Web Tools, the EGM license, and DCFM TABLE 1 Basic Web Tools features and EGM licensed features Feature Basic Web Tools Web Tools with EGM License Fabric Events Fabric Summary Fabric Tree FCIP Tunnel configuration FCIP Tunnel Display FCR Management FCR Port Config FICON CUP Tab FRU Monitoring...
Web Tools, the EGM license, and DCFM Web Tools functionality moved to DCFM The functionality that was moved from Web Tools into DCFM is applicable to both DCFM Professional and DCFM Enterprise. The following table details these changes. TABLE 2 Web Tools functionality moved to DCFM Function Web Tools 6.1.0...
System requirements TABLE 2 Web Tools functionality moved to DCFM Function Web Tools 6.1.0 DCFM Comments Non-local switch Zone Admin Configure > Zoning In Web Tools, non-local ports display in Admin Domain switch port id/WWN can zoning tree Switch Admin > DCC be added using text box.
System requirements Setting Refresh Frequency for Internet Explorer Correct operation of Web Tools with Internet Explorer requires specifying the appropriate settings for browser refresh frequency and process model. Browser pages should be refreshed frequently to ensure the correct operation of Web Tools. 1.
Java installation on the workstation FIGURE 2 Temporary Internet Settings dialog box 3. Click Delete Files to remove the temporary files used by Java applications. 4. Click OK on the confirmation dialog box. You can clear the Trace and Log files check box if you want to keep those files. 5.
Java plug-in configuration 4. Create a symbolic link from this location: $FIREFOX/plugins/libjavaplugin_oji.so To this location: $JRE/plugin/$ARCH/ns600/libjavaplugin_oji.so Installing patches on Solaris 1. Search for any required patches for your current version of the JRE at the following Web site: http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage NOTE This URL points to a non-Brocade Web site and is subject to change without notice.
Java plug-in configuration FIGURE 3 Java Control Panel 3. In the section Java Applet Runtime Settings, click View. The Java Applet Runtime Settings dialog box appears. FIGURE 4 Java Runtime Settings 4. Double-click in the Java Runtime Parameters field and type the following information to set the minimum and maximum heap size: -Xms256m -Xmx256m In this example, the minimum and maximum sizes are both 256 MB.
Value line licenses FIGURE 5 Default Java for browsers option 3. Select Mozilla family and click OK. 4. Click Apply to apply your settings and close the Java Control Panel. Value line licenses If your fabric includes a switch with a limited switch license and you are opening Web Tools using that switch, if the fabric exceeds the switch limit indicated in the license, Web Tools allows a 30- day “grace period”...
Opening Web Tools Opening Web Tools You can open Web Tools on any workstation with a compatible Web browser installed. For a list of Web browsers compatible with Fabric OS 6.2.0, see Table 3. Web Tools supports both HTTP and HTTPS protocol.
Opening Web Tools FIGURE 6 Web Tools interface Logging in When you use Web Tools, you must log in before you can view or modify any switch information. This section describes the login process. Prior to displaying the login window, Web Tools displays a security banner (if one is configured for your switch), which you must accept before logging in.
Opening Web Tools FIGURE 7 Signed applet certificate 2. Click OK in the security banner window, if one appears. FIGURE 8 Login dialog box 3. On the login dialog box, type your user name. 4. Type the password. If your current password has expired, you must also provide a new password and confirm the new password.
Opening Web Tools FIGURE 9 Virtual Fabric login option 2. Log in to a logical fabric. To log in to the home logical fabric, select Home Logical Fabric and click OK. To log in to a logical fabric other than the home logical fabric, select User Specified Logical Fabric, type in the fabric ID number, and click OK.
Opening Web Tools FIGURE 10 Login dialog box with Admin Domain options If the user name or password is incorrect, a dialog box displays indicating an authentication failure. If you entered valid credentials, but specified an invalid Admin Domain, a dialog box displays from which you can choose a valid Admin Domain or click Cancel to log in to your home domain.
Role-Based Access Control Logging out You can end a Web Tools session either by logging out or by closing Switch Explorer window. You might be logged out of a session involuntarily, without explicitly clicking the Logout button, under the following conditions: •...
Session management Session management A Web Tools session is the connection between the Web Tools client and its managed switch. A session is established when you log in to a switch through Web Tools. When you close Switch Explorer, Web Tools ends the session. A session remains in effect until one of the following happens: •...
Requirements for IPv6 support Requirements for IPv6 support The following list provides requirements for Web Tools IPv6 support: • In a pure IPv6 environment, you must configure DNS maps to the IPv6 address of the switch. • The switch name is required to match the DNS name that is mapped to the IPv6 address. •...
Viewing Switch Explorer • Reporting tasks, such as viewing the status of a switch. • Monitoring tasks, such as performance monitoring, and viewing the temperature or power status. NOTE To perform monitoring tasks such as performance monitoring the EGM license must be installed on the switch;...
Viewing Switch Explorer FIGURE 12 Switch Explorer Use the following table with Figure 12 to identify the areas of Switch Explorer. Tasks Fabric Tree Menu bar Switch View buttons Changing the Virtual Fabric ID, or Changing the Admin Domain Switch Events and Switch Information Indicator bar Professional Management Tool offering...
Viewing Switch Explorer Changes for consistency with DCFM Beginning with Fabric OS version 6.2.0, Web Tools icons are changed to be consistent with DCFM. Table 5 summarizes these changes. TABLE 5 Icon image changes Image Name Old Image New Image Switch Director or DCX Fabric...
Page 53
Viewing Switch Explorer TABLE 5 Icon image changes (Continued) Image Name Old Image New Image Switch event - Fatal Switch event - Informational Switch event - Warning Refresh Enable Disable Prohibit Web Tools Administrator’s Guide 53-1001194-01...
Viewing Switch Explorer The Search, Copy, and Export buttons are removed from the Web Tools tree and table headers, and are replaced by right-click operations, as shown in Figure FIGURE 13 Right-click for Copy, Export, and Search Tasks The Tasks menu lets you manage, monitor, and perform other tasks. The Management section provides access to: •...
Viewing Switch Explorer • iSCSI administration • Fabric Watch NOTE Some of these functions require a license key to activate them. The Monitor section provides access to: • Performance monitoring You must use Web Tools with the EGM license to perform performance monitoring operations; otherwise, access to this feature is denied and an error message displays.
Viewing Switch Explorer FIGURE 14 Missing EGM license If you are logged into Web Tools without the EGM license, you must log in again using a specific AD. The following figure shows the login wizard. After you log in, All the Admin Domains assigned to you are available in the drop-down menu, see Figure 16.
Viewing Switch Explorer Figure 16 shows the Admin Domain context drop-down menu highlighted for changing the Admin Domain context. FIGURE 16 Changing the Admin Domain context The following procedure describes how to change the Admin Domain context. When changing the Admin Domain context, the option for selecting AD from the drop-down is not available if the EGM license is not present.
Viewing Switch Explorer Switch View buttons The Switch View buttons let you access the following switch information: • Status - click the button to view the status of the switch. • Temperature - click the button to view temperature monitors. •...
Page 59
Viewing Switch Explorer Blade representations Blades are graphically represented as shown in table. They are vertical in the DCX, and horizontal in the DCX-4s. TABLE 6 Blade Graphic CR4s-8 FC8-48 FC8-32 FC8-16 FS8-18 FR4-81i FA4-18 FC10-6 Port representations The ports in the Switch View show the port type. Borders around the accessible ports indicate that SFP modules are present.
Page 60
Viewing Switch Explorer The port LEDs in the Switch View match the LEDs on the physical switch; however, the blink rate of the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical switch.
Viewing Switch Explorer NOTE Left-click the USB port on the switch to launch the USB Storage Management window. Switch View refresh rates The Switch View display is refreshed at 15 second intervals. However, the initial display of Switch Explorer might take from 30 to 60 seconds after the switch is booted. Refresh rates are fabric-size dependent.
Displaying tool tips Displaying tool tips When you hover over the Web Tools buttons, the system displays a brief description of the button. If you hover the cursor over most components, the system displays tool tip information about the component. In Fabric Tree you can hover over a switch to view its type, Ethernet IP, Fibre Channel IP, and status of the switch.
Refresh rates Refresh rates Different panels of Web Tools refresh at different rates. The refresh, or polling, rates listed in this section and throughout the book indicate the time between the end of one polling and the start of the next, and not how often the screen is refreshed. A refresh rate of 15 seconds does not ensure that a refresh occurs every 15 seconds.
Working with Web Tools: recommendations 1. Open Web Tools as described in “Opening Web Tools” on page 11 and log in to the switch. Switch Explorer is displayed for the switch you logged in to. 2. If the Fabric Tree is not expanded, click the plus sign (+) in the Fabric Tree to view all the switches in the fabric.
Opening a Telnet or SSH client window Opening a Telnet or SSH client window When you open a Telnet or SSH client window, the connection is to the IP interface of the switch. You cannot connect to a CP blade on a director switch through a Telnet or SSH client window opened from Web Tools, even when the blade has an IP address and supports Telnet sessions.
Page 66
Collecting logs for troubleshooting Web Tools Administrator’s Guide 53-1001194-01...
Fabric and switch management overview FIGURE 20 Switch Administration window, Switch tab With the exception of switch time, information displayed in the Switch Administration window is not updated automatically by Web Tools. To update the information displayed in the Switch Administration window, see “Refreshing the Switch Administration window”...
Fabric and switch management overview Opening the Switch Administration window Most of the management procedures in this chapter are performed from the Switch Administration window. 1. Select a switch in Fabric Tree. The switch displays in Switch View. 2. Click Switch Admin in the Manage section of the Tasks menu. The Switch Administration window opens in basic mode, as shown in Figure 20 on page 40.
Configuring IP and netmask information Configuring IP and netmask information Before proceeding, collect all the information you need to configure the Ethernet IP interface. This includes the subnet mask, gateway IP address, or Fibre Channel IP interface, and subnet mask for your system.
Configuring a syslog IP address Configuring a syslog IP address The syslog IP represents the IP address of the server that is running the syslog process. The syslog daemon reads and forwards system messages to the appropriate log files or users, depending on the system configuration.
Blade management • The Clone Policy button lets you copy a policy. Use this feature when you want to create similar policies. After you create a clone, you can edit the policy to make the appropriate changes. • The Activate Policy button lets you make an existing policy active. •...
Blade management 3. Select the Enable Blade check box for each blade you want to enable. Clear the check box to disable the blade. You cannot enable or disable the CP blades. 4. Click Apply. Setting a slot-level IP address 1.
Switch configuration Switch configuration Use the Switch tab of the Switch Administration window to perform basic switch configuration. Figure 20 on page 40 shows an example of the Switch tab. Enabling and disabling a switch You can identify if a switch is enabled or disabled in the Switch Administration window by looking at the lower-right corner.
Switch rebooting Viewing and printing a switch report The switch report includes the following information: • A list of switches in the fabric • Switch configuration parameters • A list of ISLs and ports • Name Server information • Zoning information •...
System configuration parameters System configuration parameters You must disable the switch before you can configure fabric parameters. You can change the following system configuration parameters: • Switch fabric settings • Virtual channel settings • Arbitrated loop parameters • System services •...
System configuration parameters Fabric settings Configure the following fabric settings on the Fabric subtab of the Configure tab: BB Credit The buffer-to-buffer credit is the number of buffers available to attached devices for frame receipt. The default BB Credit is 16. The range is 1–27. R_A_TOV Resource allocation timeout value (in milliseconds).
System configuration parameters ATTENTION The default virtual channel settings are already optimized for switch performance. Changing the default values can improve switch performance, but can also degrade performance. Do not change these settings without fully understanding the effects of the changes. VC Priority specifies the class of frame traffic given priority for a virtual channel.
Licensed feature management Configuring system services You can enable or disable FCP read link status (RLS) probing for F_Ports and FL_Ports. It is disabled by default. 1. Open the Switch Administration window as described on page 2. Disable the switch as described in “Enabling and disabling a switch”...
Licensed feature management FIGURE 24 License tab Use the links above the table to export data, copy data, or search the table. Activating a license on a switch Before you can unlock a licensed feature, you must obtain a license key. You can either use the license key provided in the paperpack document supplied with switch software or see the Fabric OS Administrator’s Guide for instructions on how to obtain a license key at the Brocade Web site (www.brocade.com).
High Availability overview Removing a license from a switch You can remove a license from a switch in the Switch Administration window. ATTENTION Use care when removing licenses. If you remove a license for a feature, that feature will no longer work.
High Availability overview FIGURE 25 High Availability window, CP tab Note that the highlight color of the HA Status at the top of the module is the same as the background color of the HA button. The High Availability window contains two tabs: •...
High Availability overview Synchronizing Services on the CP A nondisruptive CP failover is only possible when all the services are synchronized between both CPs. 1. Open the High Availability window as described in “Launching the High Availability Window” page 53. 2.
Event monitoring Event monitoring Web Tools displays fabric-wide and switch-wide events. Event information includes sortable fields for the following: • Switch name • Message number • Time stamp • Indication of whether the event is from a logical switch or a chassis •...
Event monitoring 1. Click the switch from the Fabric Tree. Switch View appears. 2. Click the Switch Events tab, if necessary. FIGURE 26 Switch Events tab You can click the column head to sort the events by a particular column, and drag the column divider to resize a column.
Event monitoring FIGURE 27 Event Filter dialog box 3. To filter events within a certain time period: a. Select the From check box and enter the start time and date in the fields. b. Select the To check box and enter the finish time and date in the fields. 4.
Displaying the Name Server entries Filtering events by message ID 1. Open the Switch Events tab as described in “Displaying Switch Events” on page 56. 2. Click Filter. The Event Filter dialog box appears. 3. Select Message ID. 4. Type the message IDs in the associated field. You can enter multiple message IDs as long as you separate them by commas.
Displaying the Name Server entries 1. Click Name Server in the Monitor section of the Tasks menu. The Name Server window appears. FIGURE 28 Name Server window 2. To set an autorefresh rate for the The Name Server entries, select the Auto Refresh check box in the Name Server window, and type an auto-refresh interval (in seconds).
Physically locating a switch using beaconing Displaying zone members for a particular device 1. Click Name Server in the Monitor section of the Tasks menu. The Name Server window appears. 2. Click a device from the Domain column. 3. Click Accessible Devices. The Zone Accessible Devices window displays accessible zone member information specific to that device.
Virtual Fabrics overview Virtual Fabrics overview Virtual Fabrics is an architecture to virtualize hardware boundaries. Traditionally, SAN design and management is done at the granularity of a physical switch. Each switch and all the ports in the switch act as a single fabric element that participates in a single fabric. The Virtual Fabrics feature allows SAN design and management to be done at the granularity of a port.
Virtual Fabrics overview Selecting a logical switch from the Switch View You can log in to a specific logical switch, as described in Chapter 1, or you can select a logical switch from the Switch View. If you do not log in to a specific logical switch, you are presented with the default logical switch.
Page 92
Virtual Fabrics overview FIGURE 31 Logical switch, fabric ID 2. Under System Information, Base Switch, Default Switch, and Allow XISL Use are specific to VIrtual Fabrics: • Base Switch indicates whether or not the logical switch can act as a base switch. A base switch is a special logical switch that can be used for chassis interconnection.
Virtual Fabrics overview Viewing Logical ports When base switches are connected through XISLs, a base fabric is formed that includes logical switches in different chassis. A logical link is established in the base fabric to carry frames between the logical switches. Logical ports are created in the respective switches to support the logical link. Logical ports are software constructs, and have no corresponding hardware to represent them on the Switch View.
Page 94
Virtual Fabrics overview Web Tools Administrator’s Guide 53-1001194-01...
Creating a configuration backup file FIGURE 33 Upload/Download tab 5. If you upload from a network, type the host name or IP address in the Host Name or IP field, the user ID and password required for access to the host in the User Name and Password fields, and choose the Protocol Type used for the upload.
Restoring a configuration An info link is enabled when USB is chosen as the source of the configuration file. If you click on info, the following information message is displayed. 6. Type the configuration file with a fully-qualified path, or select the configuration file name in the Configuration File Name field.
Restoring a configuration FIGURE 35 Upload/Download tab 5. Under Function, select Config Download to Switch. 6. If you download from a network, type the host name or IP address in the Host Name or IP field, the user ID and password required for access to the host in the User Name and Password fields, and choose the Protocol Type used for the upload.
Admin Domain configuration maintenance An info link is enabled when USB is chosen as the source of the configuration file. If you click info, the following information message is displayed. 8. Type the configuration file with a fully-qualified path, or select the configuration file in the Configuration File Name field.
Uploading and downloading from USB storage • Local zone configuration • iSCSI config (if any) • All other config information except Admin Domain configuration information • If you invoke it from AD255 and you are logged in with any role that allows config upload/ download), the following will be saved in the configuration file: •...
Performing a firmware download FIGURE 37 USB Port Management wizard Performing a firmware download During a firmware download, the switch reboots and the browser temporarily loses connection with the switch. When the connection is restored, the version of the software running in the browser is different from the new software version that was installed and activated on the switch.
Performing a firmware download FIGURE 38 Firmware Download tab 3. Choose whether you are downloading the firmware or the firmware key. 4. Choose whether the download source is located on the network or a USB device. When you select the USB button, you can specify only a firmware path or directory name. No other fields on the tab are available.
Performing a firmware download About halfway through the download process, after the firmware key is downloaded to the switch, connection to the switch is lost and Web Tools invalidates the current session. (Web Tools invalidates all windows because upfront login is always enabled and cannot be disabled. 8.
Switch configurations for mixed fabrics FIGURE 39 Firmware Download tab for bladed switches Switch configurations for mixed fabrics You can use Web Tools to configure switches in a mixed fabric. You do this by setting the switch to interoperability mode, which is McDATA Open Fabric mode or McDATA Fabric mode. When you turn on interoperability mode, the Zone DB is cleared.
Switch configurations for mixed fabrics Enabling interoperability When you configure interoperability, Web Tools verifies that the domain ID of the switch falls within the range for the interoperability mode you choose. The domain ranges are: • The normal domain ID range is 1-239. •...
Page 106
Switch configurations for mixed fabrics Web Tools Administrator’s Guide 53-1001194-01...
Port management overview Click here to display FC Ports FIGURE 41 Port Administration window, FC Ports, Basic Mode The Port Administration window displays information about the ports on the switch. Click the Show Advanced Mode button in the upper-right corner of the window to see more port management options (see Figure 42).
Port management overview FIGURE 42 Port Administration window, FC Ports, Advanced Mode Admin Domain considerations In fabrics with user-defined Admin Domains, the Port Administration window is filtered to show only ports that are direct or indirect members of the currently selected Admin Domain. •...
Page 110
Port management overview The GigEPorts tab has the following three subtabs: Interfaces - lets you view interfaces Routes - lets you view routes FCIP tunnel - lets you view tunnels; this tab has two buttons: Go to FCIP port and Show Security Policies •...
Port management overview • When viewing detailed information about a port, the Advanced Mode provides these additional subtabs: General—All ports • Enable/Disable Trunking • Enable/Disable NPIV • Port Swap • F_Port Trunking • Re-Authenticate SFP—Physical ports only (FC and GbE) •...
Configuring FC ports FIGURE 43 Port Administration window, Table view Configuring FC ports With the FC Port Configuration wizard, you can configure allowed port types, port speed, and long distance mode for physical ports. You must use Web Tools with the EGM license enabled on the switch to configure long distance; otherwise, access to this feature is denied and the following error message displays.
Configuring FC ports The following procedure describes how to open the FC Port Configuration wizard. The wizard is self- explanatory, so the explicit steps are not documented here. 1. Click a port in the Switch View to open the Port Administration window (see Figure 41 page 80).
Configuring FC ports Allowed Port Types For FC ports, the Port Administration window displays the following values relating to port type: Port Type This is the actual or current port type. If the port is offline, this value is the allowed types (or U_Port, if no type constraint is specified).
Assigning a name to a port The EGM license is required only for 8 Gbps platforms, such as the Brocade DCX and DCX-4S enterprise-class platforms, the Encryption Switch, the 300, 5300, and 5100 switches. For non-8 Gbps platforms, all functionalities are available without EGM license. FC Fastwrite FC Fastwrite reduces the number of round-trip times required to write data.
Persistent enabling and disabling ports 5. Click Enable or Disable. If the button is gray (unavailable), the port is already in the enabled or disabled state. For example, if the Enable button is unavailable, the port is already enabled. If you select multiple ports in both enabled and disabled states, both buttons are active. When you click either button, the action is applied to all selected ports.
Enabling and disabling NPIV ports 6. Click Yes in the confirmation window. Enabling and disabling NPIV ports The NPIV license must be installed on a switch before NPIV functionality can be enabled on any port. NOTE NPIV enable/disable is not supported on EX_Ports. NPIV is supported on all ports on the Brocade FS-8-18 Encryption blade and Encryption Switch with a maximum of 255 virtual devices per port for Fabric OS v5.1.0 and higher.
Port activation TABLE 9 Ports Enabled with POD Licenses and DPOD Feature (Continued) Switch Name Enabled by Enabled with Ports on Demand Enabled with the Dynamic Ports on Default License(s) Demand Feature Brocade 4018 2-11 12-17 Any available ports Brocade 4020 0-7, 15, 16 8, 9, 17-19 Any available ports...
Port activation 3. From the tree on the left, click the switch or the slot that contains the port. 4. Click the Enable DPOD button to enable the licensing mechanism to be dynamic. If the button says Disable DPOD, the licensing mechanism is already set to dynamic. The existing POD associations and assignments are set as the initial Dynamic POD associations.
Port swapping index You can reserve or release a license on any port with a a license allocated. To reserve a license, click Reserve License in the Port Administration window. To release a license, click Release License in the Port Administration window. Port swapping index If a port malfunctions, or if you want to connect to different devices without having to re-wire your infrastructure, you can move traffic from one port to another (swap ports) without changing the I/O...
Administrative domain overview User-defined Admin Domains AD1 through AD254 are user-defined Admin Domains. These user-defined Admin Domains can be created only by a physical fabric administrator in AD255. System-defined Admin Domains AD0 and AD255 are special Admin Domains and are present in every AD-capable fabric. AD0 is a system-defined Admin Domain that, in addition to containing members you explicitly added (similar to user-defined Admin Domains), it contains all online devices, switches, and switch ports that were not assigned to any user-defined Admin Domain.
Enabling administrative domains You can use AD255 to: • Manage other Admin Domains. • Get an unfiltered view of the fabric. • Manage ACL and distribution (can be managed in AD0 if no other Admin Domains are present). • Manage Advanced Performance Monitoring (can be managed in AD0 if no other Admin Domains are present and only if you are using Web Tools with the EGM license).
Admin Domain window 1. Change the Admin Domain context to AD0. See “Changing the Admin Domain context” page 26. NOTE Changing the Admin Domain context requires using Web Tools with the EGM license; otherwise, access to this feature is denied and an error message displays. Change the Default Zone mode to No Access.
Page 127
Admin Domain window FIGURE 49 Admin Domain window, summary view The Admin Domain window displays information about the Admin Domains defined in the fabric. If you launch the Admin Domain window from AD255 (physical fabric), the window contains information about the current content of all Admin Domains. If you launch the Admin Domain window from any other Admin Domain, the window displays the current Admin Domain only.
Admin Domain window FIGURE 50 Admin Domain window, single Admin Domain detail NOTE The tree only displays launched switches and their ports. It also displays all the devices in the fabric. Slot and port information of other switches are not displayed in the tree. The Admin Domain window has buttons in a task bar at the top of the window: •...
Admin Domain window • Click Copy to copy the contents of the table in tab-delimited text format to a file. • Click Search to search for a specific text string in the table. The Switch Members box appears, as shown in Figure In the Switch Members box, type the text string and press Enter.
Admin Domain window Refreshing Admin Domain information Any changes you make in the Admin Domain window are saved to a local buffer; they are not applied to persistent storage until you invoke one of the transactional operations listed in the Actions menu.
Creating and populating domains Creating and populating domains Setting up an Admin Domain involves the following steps: 1. Creating an Admin Domain. 2. Assigning one or more administrators to the Admin Domain. The Admin account always has access to administer the Admin Domains, even if no other users are assigned (see “Changing user account parameters”...
Creating and populating domains 5. In the State area. select the Active check box to activate the Admin Domain when you finish creating it. This is the default setting. Clear the Active check box if you want the Admin Domain deactivated when you finish creating 6.
Creating and populating domains The wizard displays a summary of the Admin Domain. Read the summary to verify that the Admin Domain setup is correctly. FIGURE 54 Summary view 9. Click Finish to close the wizard. 10. Click Save to save the new Admin Domain configuration to persistent storage. 11.
Modifying Admin Domain members Activating or deactivating an Admin Domain 1. Open the Admin Domain window. 2. From the tree on the left, select the Admin Domain you want to activate or deactivate. 3. Click Activate to activate the Admin Domain. Click Deactivate to deactivate the Admin Domain.
Modifying Admin Domain members FIGURE 56 Modify Admin Domain wizard 4. Assign members to the Admin Domain by selecting them in the Available Members section and clicking Add, Add Ports, or Add Devices. • Select a switch, port, or device in the Available Members tree and click Add to add the selected element.
Modifying Admin Domain members Renaming Admin Domains You can change the name of an Admin Domain, including an auto-assigned ID name. The Admin Domain name cannot exceed 63 chars and can contain alphabetic and numeric characters. The only special character allowed is an underscore ( _ ). NOTE You cannot rename AD0 or AD255.
Disabling or enabling ISL trunking Disabling or enabling ISL trunking The trunking feature requires using Web Tools with the EGM license. If you attempt to use this feature without the EGM license, the following error message displays. FIGURE 57 Missing EGM license When the trunking license is activated, trunks are automatically established on eligible ISLs and trunking capability is enabled by default on all ports.
Viewing trunk group information Viewing trunk group information Use the Trunking tab of the Switch Admin window to view trunk group information (see Figure 58). FIGURE 58 Trunking tab The following trunking attributes can be displayed from the Port Admin view by selecting Show Advanced Mode.
F_Port trunk groups F_Port trunk groups F_Port trunking provides extra bandwidth and robust connectivity for hosts and targets connected by switches in Access Gateway mode. There are five general criteria for establishing F_Port trunking: • The F_Port trunking feature requires installing the EGM license; otherwise if you attempt to use this feature in Web Tools without the license, the following error message displays.
F_Port trunk groups 3. Select any port from the port group in which you want to create the trunk group. 4. Select F_Port Trunking. The F_Port Trunking dialog box displays (see Figure FIGURE 60 F_Port trunking dialog box 5. Select one or more ports in the Ports for trunking pane. A dialog box displays, asking you to select a trunk index.
Page 142
F_Port trunk groups Web Tools Administrator’s Guide 53-1001194-01...
Performance Monitor overview The Advanced Monitoring option in the Performance Graphs window displays pre-defined reports and filter-based performance monitoring. You can use this feature to track the following: • The number of words received and transmitted in Fibre Channel frames with a defined SID/ DID pair.
Page 145
Performance Monitor overview TABLE 10 Basic performance graphs Graph Type Displays Port Throughput The performance of a port, in bytes per second, for frames received and transmitted. Switch Aggregate Throughput The aggregate performance of all ports on a switch. Blade Aggregate Throughput The aggregate performance of all ports on a port card.
Performance Monitor overview Table 12 lists each graph and indicates the supported port types for each. The port selection lists for each graph display the supported ports for that graph. TABLE 12 Supported port types for Brocade switches Graph Type Physical FC_Ports Logical FC_Ports GbE Ports...
Performance Monitor overview Figure 61 shows how to access the list of Advanced Performance Monitoring graphs using Web Tools with the EGM license. This example displays the graphs available in the Performance Monitoring window for a Brocade 48000 director with the Advanced Performance Monitoring license installed.
Opening the Performance Monitoring window FIGURE 62 Canvas of six performance monitoring graphs Opening the Performance Monitoring window To perform performance monitoring, you must use Web Tools with the EGM license; otherwise, when you click on the Performance Monitor tab, access to this feature is denied and an error messages displays.
Customizing basic monitoring graphs Depending on the type of graph you select, you might be prompted to select a slot or port for which to create a graph (see Figure 64). FIGURE 63 Creating a basic performance monitor graph 3. If prompted, drag the port into the Enter/drag slot,port field, or manually type the slot and port information in the field, in the format slot,port.
Customizing basic monitoring graphs The following procedure assumes that you already created one of these customizable graphs. 1. Create or access the graph you want to customize. See “Creating basic performance monitor graphs” on page 123 for instructions on creating a graph. 2.
Advanced performance monitoring graphs Click Add to move the selected ports to the Selected Ports list. d. Optional: Click ADD ALL Ports to add all of the ports in the Port Selection List to the Selected Ports list. e. Optional: Click Search to open the Search Port Selection List dialog box, from which you can search for all E_Ports, all F_Ports, or all port names with a defined string.
Advanced performance monitoring graphs FIGURE 65 Creating an SID/DID performance graph NOTE Only the FC ports of the launched switch display in the tree. The All Devices tab lists all the devices in the fabric and lets you select the source and destination. Slot and port information of other switches is not displayed in the tree.
Advanced performance monitoring graphs Creating a SCSI vs. IP Traffic Graph The SCSI vs. IP Traffic graph displays the SCSI versus IP traffic for selected ports. For Brocade 48000 and Brocade DCX and DCX-4S enterprise-class platforms, the slot and port name are identified in the graph.
Saving graphs to a canvas FIGURE 66 Creating a SCSI command graph 3. Navigate to a switch > slot > port in the Slot/Port Selection List. 4. Click the port from the Slot/Port Selection List and drag it into the Enter/drag slot,port field. 5.
Adding graphs to an existing canvas Adding graphs to an existing canvas The following procedure assumes that a canvas is already created. To create a new canvas, you must first create graphs, as described in “Creating basic performance monitor graphs” on page 123 and “Advanced performance monitoring graphs”...
Page 156
Modifying graphs NOTE The Edit button is enabled only for the graphs that are configurable or editable. 5. Make changes in the Edit dialog box, as necessary. 6. Click OK to close the Edit dialog box. Click Save to save the changes and close the Performance Monitor Canvas dialog box. 8.
Zoning overview TABLE 13 Zoning features supported in DCFM Professional and Enterprise Edition Description DCFM Professional Edition DCFM Enterprise Edition LSAN zoning Rolling back an already activated zone Importing/Exporting of a zone DB to/ from file system in XML format Basic Zones Basic zoning enables you to partition a storage area network (SAN) into logical groups of devices that can access each other.
Zoning configurations QoS zone requirements A QoS zone is a special zone that assigns a Quality of Service (QoS) level for traffic flow between a given host/target pair. The members of a QoS zone are WWNs of the host/target pairs. QoS zones can contain only WWN members.
Zoning management 1. Open the Zone Administration window (see “Opening the Zone Administration window” page 133). 2. Click Zoning Actions > Set Default Mode, and then select the access mode. Zoning management You can monitor and manage basic and traffic isolation zoning through the Web Tools Zone Administration.
Zoning management ATTENTION Any changes you make in the Zone Administration window are held in a buffered environment and are not updated in the zoning database until you save the changes. If you close the Zone Administration window without saving your changes, your changes are lost. To save the buffered changes you make in the Zone Administration window to the zoning database on the switch, see “Saving local zoning changes”...
Zoning management Refreshing fabric information This function refreshes the display of fabric elements only (switches, ports, and devices). It does not affect any zoning element changes or update zone information in the Zone Administration window. You can refresh the fabric element information displayed at any time. 1.
Zoning management Saving local zoning changes All information displayed and all changes made in the Zone Administration window are buffered until you save the changes. That means that any other user looking at the zone information for the switch will not see the changes you have made until you save them. Saving the changes propagates any changes made in the Zone Administration window (buffered changes) to the zoning database on the switch.
Zoning management Creating and populating zone aliases An alias is a logical group of port index numbers and WWNs. Specifying groups of ports or devices as an alias makes zone configuration easier, by enabling you to configure zones using an alias rather than inputting a long string of individual members.
Zoning management 6. Click Zoning Actions > Save Config to save the configuration changes. To enable the configuration, see “Enabling zone configurations” on page 145. Renaming zone aliases The new alias name cannot exceed 64 characters and can contain alphabetic, numeric, and underscore characters.
Zoning management Creating and populating zones A zone is a region within the fabric where specified switches and devices can communicate. A device can communicate only with other devices connected to the fabric within its specified zone. Use the following procedure to create a zone. 1.
Zoning management 5. Click Add Member to add a zone member, or click Remove Member to remove a zone member. The zone is modified in the Zone Admin buffer. At this point you can either save your changes or save and enable your changes. 6.
Zoning management Deleting zones Use the following procedure to delete a zone. 1. Open the Zone Administration window as described on page 133. 2. Click the Zone tab. 3. Select the zone you want to delete from the Name menu and click Delete. 4.
Zone configuration and zoning database management Zone configuration and zoning database management A zone configuration is a group of zones; zoning is enabled on a fabric by enabling a specific configuration. You can specify members of a configuration using zone names. Figure 68 shows a sample zoning database and the relationship between the zone aliases, zones, and zoning configuration.
Zone configuration and zoning database management 3. Click the Zone Config tab and click New Zone Config. 4. On Create New Config, type a name for the new configuration and click OK. The new configuration appears in the Name list. 5.
Zone configuration and zoning database management 4. On Rename a Config, type a new configuration name and click OK. The configuration is renamed in the configuration database. 5. Click Zoning Actions > Save Config to save the configuration changes. Cloning zone configurations You must use Web Tools with the EGM license to perform cloning operations for zone configurations;...
Zone configuration and zoning database management 1. Open the Zone Administration window as described on page 133. 2. Click Zoning Actions > Enable Config. 3. On Enable Config, select the configuration to be enabled from the menu. 4. Click OK to save and enable the selected configuration. Disabling zone configurations When you disable the active configuration, the Advanced Zoning feature is disabled on the fabric, and all devices within the fabric can communicate with all other devices.
Zone configuration and zoning database management FIGURE 69 Effective Configuration window Viewing the enabled zone configuration name without opening the Zone Administration window • Select a switch from the Fabric Tree. The selected switch appears in the Switch View. The current zone configuration name (if one is enabled) is displayed in the lower portion of the Switch Events and Switch Information.
Zone configuration and zoning database management 3. Optional: Click Print located in the Print Effective Zone Configuration dialog box to print the enabled zone configuration details. This launches the print dialog box. NOTE You must use DCFM Professional or Enterprise Edition to print the zone database summary configurations, display zone configuration summaries and create configuration analysis reports.
Zone configuration and zoning database management 3. Type the WWN to be replaced in the Replace field. 4. Type the new WWN in the By field and click OK. The Replace WWN dialog box is displayed. It lists all the zoning elements that include the WWN.
Best practices for zoning • Clear the entire contents of the current Web Tools Zone Admin buffer. • Delete the entire persistent contents of the fabric zoning database. The wizard allows you to define one and only one name for each device port (WWN). Devices with one or more aliases are considered already named and are not displayed.
Trace dumps Using the Trace tab of the Switch Administration window, you can view and configure the trace FTP host target and enable or disable automatic trace uploads. FIGURE 70 Trace tab How a trace dump is used The generation of a trace dump causes a CRITICAL message to be logged to the system error log. When a trace dump is detected, issue the supportSave command on the affected switch.
Trace dumps Setting up for automatic transfer of diagnostic files involves the following tasks: • Specifying a remote server to store the files. • Enabling the automatic transfer of trace dumps to the server. (Trace dumps overwrite each other by default; sending them to a server preserves information that would otherwise be lost.) Specifying a remote server You can perform this task only if the switch belongs to the Admin Domain you are logged into.
Displaying switch information Displaying switch information The Fan, Temperature, and Power Status windows have Export, Copy, and Search options at the top of the tables. These options are not available if the table does not have any content. You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the functionality of Export and Copy.
Displaying switch information The Fan No. column indicates either the fan number or the fan FRU number, depending on the switch model. A fan FRU can contain one or more fans. • For Brocade 4100, 4900, 5000, 5100, 5300, 7600, the 7500 and 7500E Extension switches, and the Brocade Encryption Switch, the Fan No.
Displaying switch information 1. Select a switch from the Fabric Tree. The selected switch appears in the Switch View. The icon on the Power button indicates the overall status of the power supply. 2. Click Power on the Switch View. The detailed power supply states are displayed.
Page 183
Displaying switch information Click the Status button to display a detailed, customizable switch status report, shown in Figure 75. Note that this is a static report and not a dynamic view of the switch. FIGURE 75 Switch Report window 1. Select a switch from the Fabric Tree.
Port LED interpretation • View the style sheet for the report • View the XML schema for the report FIGURE 76 Switch Report Action menu Port LED interpretation Switch View displays port graphics with blinking LEDs, simulating the physical appearance of the ports.
Port LED interpretation Port icon colors The background color of the port icon indicates the port status, as follows: • Green (healthy) • Yellow (marginal) • Red (critical) • Gray (unmonitored) • If the entire port icon is blue, the port is buffer-limited. •...
Port LED interpretation Web Tools Representation Physical Port Card F C 4 1. Port Speed LED for the right port 2. Port Status LED for the right port 3. Port Speed LED for the left port 4. Port Status LED for the left port FIGURE 78 Port LEDs for the FC4-32 port blade in the Brocade 48000 Web Tools Administrator’s Guide...
Supported switches for Fibre Channel routing Note the following terminology for Fibre Channel routing: backbone fabric An FC Router can connect two edge fabrics; a backbone fabric connects FC Routers. The backbone fabric is the fabric to which the FC Router switch belongs.
FC-FC routing management 3. Configure EX_Ports by clicking the EX Ports tab and then clicking New. Follow the instructions in the wizard. See “Viewing EX_Ports” on page 165. 4. Connect the cables from the EX_Ports on the FC Router to the edge fabrics, if they were not connected before.
FC-FC routing management 1. Select a switch from the Fabric Tree. The selected switch appears in the Switch View. 2. Click FCR in the Manage section of the Tasks menu. The FC Routing module displays (as shown in Figure 79). If FC-FC Routing is disabled, a message to that effect displays on all the tabs in the module.
Viewing EX_Ports For Brocade switches, this launches Web Tools. For non-Brocade fabrics, this launches the element manager for that switch. FIGURE 80 FC Routing module with LSAN Fabrics tab selected Viewing EX_Ports The EX_Ports tab (see Figure 81 on page 166) displays all of the EX_Ports on the switch, including configuration and status information.
Configuring an EX_Port • Enable or disable an EX_Port • Persistently enable or disable an EX_Port • Enable or disable trunking • Configure router port cost ATTENTION During EX_Port configuration, the port is automatically disabled, and then reenabled when the changes are applied.
Configuring FCR router port cost 4. Follow the instructions in the wizard to configure the EX_Port. You must specify the Fabric ID and, if configuring an FC port, the speed and long distance mode. You can choose any unique fabric ID as long as it is consistent for all EX_Ports that connect to the same edge fabric.
Viewing LSAN zones The LSAN matrix is mapping of LSAN Zones with the edge fabric they are going to communicate with. When an LSAN matrix is created in the backbone fabric, only the LSAN zones mapped in the edge fabrics are displayed in the LSAN Zones tab. Follow the procedure described in “Creating and populating zones”...
Configuring the backbone fabric ID Configuring the backbone fabric ID The FC-FC Routing Service must be disabled when configuring the backbone fabric ID. Web Tools automatically disables FC-FC Routing before setting the fabric ID, and then reenables it afterwards; however, you must first disable all of the EX_Ports before you invoke this operation. After the fabric ID is changed, you can enable these ports again manually.
Page 196
Configuring the backbone fabric ID Web Tools Administrator’s Guide 53-1001194-01...
Disabling Access Gateway mode NOTE You cannot enable Access Gateway mode if Management Server is enabled. To disable Management Server, enter the MsplmgmtDeactivate command. 1. Select a switch. 2. Click Switch Admin in the Manage section under Tasks. The Switch Administration window opens. 3.
Port configuration FIGURE 83 Access Gateway Device display Port configuration You can configure the port types (N_Port, F_Port) on each individual port on an Access Gateway enabled switch. When you configure ports, you can specify a global configuration policy using the Port Configuration Policy button.
Port configuration NOTE If you want to distribute F_Ports among groups, you can leave all ports in the default port group 0, or you can disable N_Port grouping. 1. Click a port in the Switch View to open the Port Administration window. 2.
Access Gateway policy modification FIGURE 85 F-N Port Mapping Configuration dialog box 4. In the Primary Mappings area, select ports and use the Add button to map F_Ports or U_Ports to N_Ports. Use the Remove button to delete an F_Port mapping from an N_Port. 5.
Access Gateway policy modification Path Failover and Failback policies The Path Failover and Failback policies determine the behavior of the F_Port if the primary mapped N_Port they are mapped to goes offline or is disabled. The Path Failover and failback policies are attributes of the N_Port.
Page 203
Access Gateway policy modification 3. Click Yes in the confirmation window. Web Tools Administrator’s Guide 53-1001194-01...
Using Fabric Watch with Web Tools Using Fabric Watch with Web Tools You can perform Fabric Watch operations using Web Tools and Web Tools with the EGM license. NOTE Unless the switch is a member of the current Admin Domain context, Fabric Watch is view-only. FIGURE 88 The Fabric Watch window Fabric Watch Explorer, on the left side of the window, displays the available classes.
Fabric Watch threshold configuration Opening the Fabric Watch window 1. Select a switch from the Fabric Tree and log in if necessary. 2. Select Tasks > Manage > Fabric Watch. The Fabric Watch window opens, as shown in Figure Fabric Watch threshold configuration The Threshold Configuration tab enables you to configure event conditions.
Fabric Watch threshold configuration FIGURE 89 Threshold configuration in Fabric Watch 3. Click the Trait Configuration subtab. 4. In Fabric Watch Explorer, click a class. 5. Under Area Selection, choose an area from the list. This sets the units in the Units field. The module displays two columns of trait information, labeled System Default and Custom Defined.
Fabric Watch threshold configuration Configuring threshold alarms After you update the threshold information, use the Alarm Configuration subtab to customize the notification settings for each event setting. 1. Open the Fabric Watch window. 2. Click the Threshold Configuration tab. 3. Click the Alarm Configuration subtab. 4.
Configuring alarms for FRUs • Click Triggered to receive threshold alarms only when they are triggered by events that you defined. • Click Continuous to receive threshold alarms at a continuous interval. Select a time interval in which to receive the threshold alarms from the Time Interval menu. 9.
Fabric Watch alarm information Fabric Watch alarm information From Fabric Watch, you can view two types of reports: • Alarm notifications—Displays the alarms that occurred for a selected class/area • Alarm configuration—Displays threshold and alarm configurations for a selected class/area Viewing an alarm configuration report Use the Threshold Configuration tab, Configuration Report subtab to display a report of the configuration for a selected class/area with the following information:...
E-mail notification 1. Open the Fabric Watch window. 2. In Fabric Watch Explorer, select the class that you want to check for alarms. 3. Click the Alarm Notification tab. 4. In Area Selection, select the area that you want to check for alarms from the list. All alarms for that area display.
E-mail notification NOTE E-mail addresses must not exceed 128 characters. 5. Click Apply. 6. Optional: Click Send Test Email to receive a test e-mail so you can verify the e-mail notification is working correctly. You can send a test e-mail only after you have applied your settings. FIGURE 90 Fabric Watch Email Configuration tab Web Tools Administrator’s Guide...
Page 214
E-mail notification Web Tools Administrator’s Guide 53-1001194-01...
Extended link buffer allocation overview • Actual Distance (km)—The actual distance for the link in kilometers. • Desired Distance (km)—Required for a port configured in LD or LS mode (see Table 16 page 189), the desired distance, in kilometers, for the link. For an LD-mode link, the desired distance is used as the upper limit of the link distance to calculate buffer availability for other ports in the same port group.
Configuring a port for long distance TABLE 16 Long-distance settings and license requirements Value Description Extended Fabrics License Required? No long-distance setting is enabled. The maximum supported link distance is 10 km, 5 km, or 2.5 km for ports at speeds of 1 Gbps, 2 Gbps, and 4 Gbps, respectively.
Page 218
Configuring a port for long distance • If the port capability is 2 GB, type a number between 10 and 250, inclusive. • If the port capability is 1 GB, type a number between 10 and 500, inclusive. This value is the upper limit for calculating buffer availability for other ports in the same port group.
iSCSI service overview Supported platforms for iSCSI The iSCSI target gateway service is supported on the Brocade 48000 director with CP blades running Fabric OS v5.2.0 and later releases, and configured with an FC4-16IP blade. Common iSCSI Target Gateway Admin functions Export, Copy, and Search links are displayed at the top of each tab.
iSCSI service overview Terminology iSCSI target gateway services require you to understand some additional terminology. Following are terms that are used in this document to explain how the iSCSI target gateway is implemented. TABLE 17 iSCSI gateway services terminology Term Definition iSCSI Internet-SCSI.
Setting up iSCSI Target Gateway Services Saving Changes There are several ways to save changes on the switch and apply them to the fabric (applies to the iSCSI Target Gateway Admin module only): • Apply—Click Apply and your changes will be transfered from the Web Tools database to the switches database and distributed throughout the fabric.
Setting up iSCSI Target Gateway Services FIGURE 93 iSCSI Target Gateway Admin with the Targets tab selected 1. Select a switch from the Fabric Tree and log in, if necessary. The selected switch appears in Switch View. Make sure that your Admin Domain Context is either AD0 or AD255. Generally, the default user Admin Domain is AD0.
Setting up iSCSI Target Gateway Services Launching the iSCSI Setup wizard 1. Select a switch from the Fabric Tree and log in, if necessary. The selected switch appears in Switch View. Make sure that your Admin Domain Context is either AD0 or AD255. Generally, the default user Admin Domain is AD0.
Setting up iSCSI Target Gateway Services Configuring the IP interface This step configures iSCSI ports (GbE Ports) found on the FC4-16IP. You must have at least one iSCSI port configured to log into the iSCSI target. There are two steps in this process: •...
Setting up iSCSI Target Gateway Services 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Select the iSCSI Port tab. 3. In the left pane, select the GbE port to use. 4. Select the IP Interface subtab and click Add. 5.
Setting up iSCSI Target Gateway Services Configuring the IP route (optional) 1. Launch the iSCSI Target Gateway Admin module as described on page 194. 2. Select the iSCSI Port tab. 3. From the left pane, select the GbE port that to use. 4.
Setting up iSCSI Target Gateway Services Creating iSCSI virtual targets SCSI virtual target creation is done from the first pane in the iSCSI Target Gateway Admin module. The iSCSI Virtual Target wizard provides two ways to create iSCSI targets: Create and Easy Create. Create allows you to double check your work several times before committing the changes.
Setting up iSCSI Target Gateway Services Using Easy Create to create iSCSI virtual targets Easy Create is an alternative method for creating iSCSI virtual targets. 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Select the Targets tab. 3.
Setting up iSCSI Target Gateway Services 5. Follow the instructions in the wizard to edit an iSCSI virtual target. The wizard is self-explanatory, so the individual steps are not described in this document. NOTE The Remove LUN(s) button is available only for virtual targets that are fully initialized as a target.
Discovery Domain management Discovery Domain management You configure discovery domains and discovery domain sets for managing iSCSI device access control. The Discovery Domains pane displays all discovery domains and discovery domain sets and allows you to manage them. When you select DDInfo from the tree in the left pane, you can create a discovery domain. If you select an object in the discovery domain set listed you can view, create, edit, delete, enable, or disable any of the discovery domain information contained in each object.
Discovery Domain management In the wizard: • You can configure the DD. You specify the DD name, and then you can add or remove initiators and targets. You can also add any offline device(s) by entering the IQN name in the IQN name field and clicking Add Offline Devices under the list on the right.
Discovery domain sets (DDSet) Editing a discovery domain 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Select the Discovery Domains tab. 3. Select a DD in the left pane and click Edit. 4. Select virtual targets and use the buttons to add or remove them from the DD. 5.
CHAP Configuration FIGURE 102 Create DDSet wizard 4. Follow the instructions in the wizard to create an iSCSI discovery domain set. The wizard is self-explanatory, so the individual steps are not described in this document. Editing a Discovery Domain Set 1.
CHAP Configuration FIGURE 103 CHAP tab Creating a CHAP user 1. Launch the iSCSI Target Gateway Admin module as described on page 194. 2. Select the CHAP tab. 3. Click Create. 4. Enter the CHAP user name. Optional: To add more than one user at a time, click Add. 5.
iSCSI Fibre Channel Zone configuration Binding or Removing CHAP users 1. Launch the iSCSI Target Gateway Admin module as described on page 194. 2. Select the CHAP tab. 3. Click Bind/Remove Chap(s). 4. Select a virtual target. 5. Enter a new CHAP user, if necessary. 6.
iSCSI Fibre Channel Zone configuration Creating an iSCSI Fibre Channel zone with no effective zone configuration 1. Open iSCSI Target Gateway Admin as described on page 194. 2. Click Create iSCSI Zone. The following dialog box is displayed. FIGURE 104 Create an iSCSI FC zone dialog box 3.
Managing and Troubleshooting Accessibility 5. Click OK. The effective configuration is modified and re-enabled. Managing and Troubleshooting Accessibility The Web Tools iSCSI accessibility feature helps you do the following: • Verify that both host and target are online. • Verify that the effective discovery domain set has both host and target. •...
Viewing Fabric Shortest Path First routing FIGURE 105 Routing tab Viewing Fabric Shortest Path First routing The Routing tab of the Switch Administration window displays information about routing paths. 1. Open the Switch Administration window as described on page 2. Click the Routing tab. 3.
Specifying frame order delivery When the port-based policy is in force, you can enable DLS to optimize routing. When DLS is enabled, it shares traffic among multiple equivalent paths between switches. DLS recomputes load sharing either when a switch boots up or each time an E_Port or FX_Port goes online or offline. Enabling this feature allows a path to be discovered automatically by the FSPF path-selection protocol.
Configuring the link cost for a port Configuring the link cost for a port This section describes how to set the cost of an interswitch link (ISL). The cost of a link is a dimensionless positive number. The fabric shortest path first (FSPF) protocol compares the cost of various paths between a source switch and a destination switch by adding the costs of all the ISLs along each path.
User-defined accounts The User tab of the Switch Administration window (see Figure 106 on page 217) displays account information. You can create and manage accounts depending on your role: TABLE 18 User role and permissions Role Permissions admin Create and manage all predefined and user-defined accounts operator Change your own password and cannot create, modify, or view predefined or user- defined accounts...
User-defined accounts FIGURE 106 User tab Viewing user account information 1. Open the Switch Administration window as described on page 2. Click the User tab. A list of the default and user-defined accounts appears. If you are logged in using the switchadmin role, only your account information is displayed.
User-defined accounts 4. Type the user name, which must begin with an alphabetic character. The name can be up to 40 characters long. It is case-sensitive and can contain alphabetic and numeric characters, the dot (.) and the underscore (_). It must be different from all other account names on the logical switch.
User-defined accounts 3. Select the account to remove and click Remove. 4. Click Apply to save your changes. You cannot delete the default accounts. An account cannot delete itself. All active command line interface (CLI) sessions for the deleted account are logged out. Changing user account parameters Use the following procedure to change the role, add or change the description, and enable or disable accounts.
User-defined accounts If AD0 is deselected in the user’s Admin Domain list and no other Admin Domains are selected, the next available Admin Domain becomes the user’s default home Admin Domain. 10. Click OK and click Apply to apply your changes. Maintaining passwords When you expire a password, the next time that user logs in, Web Tools requires the user to provide a new password.
User-defined accounts Setting the rules for passwords 1. Open the Switch Administration window as described on page 2. Click the User tab. 3. Click Set Password Rule. The Configure Password Rule dialog box displays, as shown in Figure 109 on page 222. 4.
Page 251
User-defined accounts Setting a password as expired 1. Open the Switch Administration window as described on page 2. Click the User tab. 3. Select the account. 4. Click Expire Password. If the button is unavailable, this means the password is already expired. 5.
User-defined accounts The Role Mapping for that user is displayed (Figure 110). FIGURE 110 Role Mapping (Virtual Fabrics) Web Tools Administrator’s Guide 53-1001194-01...
Access control list policy configuration Access control list policy configuration Support for the Access Control List (ACL) policies is currently defined in the Switch Connection Control (SCC) and Device Connection Control (DCC) policies. SCC and DCC policy configuration in base Fabric OS is performed on a switch-local basis. Fabric Configuration Server (FCS) Policy can be created only once.
Access control list policy configuration Creating an SCC, DCC, or FCS policy You can create the FCS policy only once. 1. Open the Switch Administration window as described on page 2. Click the Security Policies tab. 3. Select a policy by clicking on the appropriate tab (SCC, DCC, or FCS). 4.
Access control list policy configuration Editing an SCC, DCC, or FCS policy 1. Open the Switch Administration window as described on page 2. Make sure the Show Advanced Mode is selected. 3. Click the Security Policies tab. 4. Select a policy by clicking on the appropriate tab. 5.
Access control list policy configuration Distributing an FCS policy You must perform this procedure to distribute an FCS policy. 1. Open the Switch Administration window as described on page 2. Click the Security Policies tab. 3. Select the FCS tab. 4.
Authentication policy configuration Authentication policy configuration You can configure an authentication protocol policy for E_Port and F_Port authentication, and then distribute the authentication policy to other switches in the fabric. You can also set shared secret keys. Configuring authentication policies for E_Ports 1.
Authentication policy configuration Distributing authentication policies NOTE You cannot distribute authentication policies in AD0 unless it is the only Admin Domain. 1. Open the Switch Administration window as described on page 2. Click the Security Policies tab. 3. Click Authentication on the Security Policies menu. 4.
Authentication policy configuration FIGURE 113 Add Shared Secret Keys window 6. Enter the Switch WWN, name, or domain ID, or use the Browse button to select a switch. In the Peer Secret and Confirm Peer Secret fields, enter the peer secret value. 8.
SNMP configuration SNMP configuration This section describes how to manage the configuration of the SNMP agent in the switch. The configuration includes SNMPv1 and SNMPv3 configuration, accessControl, and systemGroup configuration parameters. Access is read-only if you do not have admin or security admin authority. For more information, see the snmpConfig command in the Fabric OS Command Reference.
SNMP configuration Changing the systemGroup configuration parameters 1. Open the Switch Administration window as described on page 2. Click the SNMP tab (see Figure 114). 3. Type a contact name, description, and location in the SNMP Information section. 4. Optional: Select the Enable Authentication Trap check box to allow authentication traps to be sent to the reception IP address.
RADIUS service management 4. Select a permission for the host from the Access Control List menu. Options are Read Only and Read Write. 5. Click Apply. NOTE The port number is not included. RADIUS service management Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS client.
RADIUS service management FIGURE 116 AAA Service tab Enabling and Disabling RADIUS Service At least one RADIUS server must be configured before you can enable RADIUS service. 1. Open the Switch Administration window as described on page 2. Click the AAA Service tab. 3.
RADIUS service management Configuring the RADIUS Service The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and it is replicated on a standby CP, if one is present. It is saved in a configuration upload, and can be applied to other switches in a configuration download.
Active Directory service management Modifying the RADIUS Server Order The RADIUS servers are contacted in the order they are listed, starting from the top of the list and moving to the bottom. 1. Open the Switch Administration window as described on page 2.
Active Directory service management 4. Select None, Switch Database when Active Directory authentication failed, or Switch Database when Active Directory timeout from the Secondary AAA Service menu. To disable Active Directory service, select Switch Database from the Primary AAA Service drop- down menu and select None from the Secondary AAA Service drop-down menu.
IPSec Concepts IPSec Concepts Internet Security Protocol (IPSec) is a set of open standards that provide cryptographic security services for IP networks. Several protocols are available for providing authentication and secure transmission of data. From Web Tools, you can establish IPSec policies for FCIP implementations on7500 extension switches and FR4-18i blades, and you can establish IPSec policies for IP interfaces that provide management access to switches and control processors.
IPSec Concepts Transport mode and tunnel mode Transport mode adds an authentication header (AH) before the IP header. Only a single pair of addresses is used (those in the IP header). When transport mode is used, both endpoints implement IPSec. Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the addresses of the tunnel end points.
IPSec Concepts IPSec header options IPSec adds headers to an IP datagram to enable authentication and privacy. There are two options: • Authentication Header (AH) • Encapsulating Security Payload (ESP) Authentication Header AH can be used to authenticate a data stream, but does not provide encryption needed for privacy. The AH contains a message authentication code (MAC).
IPSec Concepts Basic IPSec configurations There are three basic configurations for IPSec use: • Endpoint to Endpoint. • Gateway to Gateway. • Endpoint to Gateway. Endpoint to Endpoint In an endpoint to endpoint configuration, both endpoints implement IPSec. Transport mode is commonly used in endpoint to endpoint configurations, and only a single pair of addresses is used.
IPSec Concepts Internet Key Exchange (IKE) Concepts Key exchange is used to authenticate the end points of an IP connection, and to determine security policies for IP traffic over the connection. The initiating node proposes a policy based on the following: •...
Page 272
IPSec Concepts PRF (Pseudo-Random Function) Algorithm The PRF algorithm generates output that appears to be random data, using the HMAC chosen as the hash algorithm as the seed value. PRF is used to strengthen security. Public key certificate-based authentication Industry standard X.500 database servers are available as certificate authority servers to enable certificate-based authentication of computers.
IPSec Concepts Authentication methods The methods used to authenticate the IKE peer are preshared key (psk), DSS digital signature (dss), and RSA digital signature (rsasig). • A Preshared key (PSK) is a shared secret that is shared between two parties over a secure channel before it is used.
IPSec over FCIP IPSec over FCIP 7500 extension switches and FR4-81i blades use FCIP protocol to IP to carry Fibre Channel traffic over IP networks. IPSec can be used to secure the IP flows over an FCIP tunnel. At a high level, the steps to take are as follows: •...
IPSec over FCIP Establishing an IKE policy for an FCIP tunnel 1. From the IKE tab of the IPSec Policies screen, select Create. An Add Policy dialog box is displayed (Figure 121). FIGURE 121 Add Policy (IKE for FCIP) 2. Policy Type provides a way to toggle between IKE and IPSec Add Policy dialog boxes. Make sure the Policy Type is set to IKE.
IPSec over FCIP Establishing an IPSec policy for an FCIP tunnel 1. Select the IPSec tab The IPSec Policies window is displayed. 2. Select Create. An Add Policy dialog box is displayed (Figure 122). FIGURE 122 Add Policy (IPSec over FCIP) 3.
IPSec over management ports IPSec over management ports IPSec can be applied to the management port on a switch or a CP blade to establish a secure connection between a PC or workstation and Web Tools. The connection can be used as a virtual private network (VPN) interface to Web Tools.
IPSec over management ports Enabling IPSec Ethernet IPSec policies can be configured only after enabling IPSec by clicking the Enable button below the Ethernet IPSec policies table (refer to Figure 123). Establishing an IKE policy When you establish an IKE policy, you identify a set of algorithms and authentication rules and parameters to use in a key exchange.
IPSec over management ports 5. Type the identifier of the remote peer switch in Peer Identifier. This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name. 6. Choose the Encryption Algorithm. the choices are 3des_cbc, null_enc, aes128_cbc, and aes256_cbc.
IPSec over management ports 4. Type a name for the SA in the SA Name field. 5. Choose the IPSec Protocol. The choices are ah (for authentication header) and esp (for encapsulated security protocol). 6. Choose the Authentication Algorithm. The choices are hmac_md5, hmac_sha1, and AES_xcbc. Choose the Encryption Algorithm.
IPSec over management ports 3. Type a name in the SA Proposal Name field. 4. Type the SAs in the SA(s) to use field. 5. Optionally, define SA lifetime parameters. The SA lifetime may be defined as a time value in seconds (LifeTime in seconds), as the number of bytes transmitted before the SA is rekeyed (LifeTime in bytes), or both.
IPSec over management ports The Add Transform dialog box is displayed (Figure 128). FIGURE 128 Add Transform dialog box 3. Type a name in the Transform Name field. 4. Choose the IPSec Mode. The choices are Transport or Tunnel. 5. Select the SA Proposal name. 6.
IPSec over management ports Adding an IPSec selector Selectors are used to apply transform policies to an IP flow. Flows are uni-directional. Selectors are associated with a specific source IP address, a specific peer IP address, and a specific transform. 1.
IPSec over management ports The Add Selector dialog box is displayed. FIGURE 130 Add Selector dialog box 3. Type a name in the Selector Name field. 4. Select the Traffic Flow Direction (in or out). IPSec policies are unidirectional, and must be applied separately to inbound and outbound flows.
IPSec over management ports Manually creating an SA You can manually create a security association (SA). 1. Select the SA(Manual) tab. 2. Select Add. The Add Manual-SA dialog box is displayed (Figure 131) FIGURE 131 Add Manual-SA dialog box 3. Type a security parameter index number in the SPI (Hexadecimal) field. The SPI must be manually applied when manually adding an SA.
IPSec over management ports 8. Choose the IPSec Mode. The choices are Transport or Tunnel. Refer to“Transport mode and tunnel mode” if you are unfamiliar with Transport and Tunnel modes. 9. Choose the IPSec Protocol. The choices are ah (for authentication header) and esp (for encapsulated security protocol).
Establishing authentication policies for HBAs 5. Select the policy or policies you want to delete. 6. Select Delete. The policy is deleted from the SA database (SADB), and is removed from the list. Establishing authentication policies for HBAs To establish and enable authentication policies for HBAs as the log in to a fabric, do the following. 1.
Establishing authentication policies for HBAs 10. Click Apply. 11. If your authentication method uses a shared secret, select the Shared Secret Keys tab. The Shared Secret Keys screen is displayed (Figure 133). FIGURE 133 Device authentication Shared Secret Keys tab 12.
Page 289
Establishing authentication policies for HBAs 15. Enter the shared secret for the peer device (an HBA in this case) in the Peer Shared Secret and Confirm Peer Shared Secret fields. 16. Enter the shared secret for switch in the Local Shared Secret and Confirm Local Shared Secret fields.
Page 290
Establishing authentication policies for HBAs Web Tools Administrator’s Guide 53-1001194-01...
Enabling port-based routing • Manage port connectivity configuration You do not need to install the FICON CUP license to perform FICON CUP management; you must install the FICON CUP license, however, if your switch is to enforce traffic between the FICON director and the host-based management program.
Enabling or disabling FICON Management Server mode FIGURE 134 FICON CUP management Enabling or disabling FICON Management Server mode FICON Management Server (FMS) is used to support switch management using CUP. To be able to use the CUP functionality, all switches in the fabric must have FICON Management Server mode (FMS mode) enabled.
FMS parameter configuration The FICON CUP tabbed page displays the FICON Management Server page, as shown in Figure 134. All attributes on this tab are disabled until FMS mode is enabled. 5. Click Enable in the FICON Management Server Mode section to enable FMS mode or click Disable to disable FMS mode.
Displaying code page information TABLE 22 FMS mode parameter descriptions (Continued) Parameter Description Director Clock Controls behavior for attempts to set the switch timestamp clock through the director console. Alert Mode When it is enabled, the director console (Web Tools, in this case) displays warning indications when the switch timestamp is changed by a user application.
Viewing the control device state Viewing the control device state The control device is in either a neutral or a switched state. When it is neutral, the control device accepts commands from any channel that has established a logic path with it and accepts commands from alternate managers.
CUP port connectivity configuration CUP port connectivity configuration In the Port Connectivity subpanel, you can manage the configuration files and active configuration. All CUP configuration files and the active configuration are listed in a table. The active configuration is listed as “Active Configuration*” and the description in the table is “Current active configuration on switch.”...
Page 298
CUP port connectivity configuration • To create a new configuration, click New. The Create Port CUP Connectivity Configuration dialog box displays all ports and port names on the selected switch (similar to the dialog box shown in Figure 136). The Block column, Prohibit column, and prohibited ports matrix are displayed as empty, for you to configure.
CUP port connectivity configuration FIGURE 136 Port CUP Connectivity Configuration dialog box Activating a CUP Port Connectivity Configuration When you activate a saved CUP port connectivity configuration on the switch, the preceding configuration (currently activated) is overwritten. 1. Open the CUP port connectivity configuration list. 2.
Displaying Request Node Identification Data (RNID) 3. Click Copy. The Copy CUP Port Connectivity Configuration dialog box displays. 4. In the dialog box, type a name and description for the new configuration and click OK to save the configuration to the target file; click Cancel to cancel copying the configuration. The file name must be in alphanumeric characters and can contain only dashes or underscores as special characters.
Page 301
Displaying Request Node Identification Data (RNID) RNID information for attached FICON devices and channel paths displays on the Name Server view. To view this information, Click Name Server to display the Name Server view. Ports that completed an RNID exchange display FICON in the Capability column. For those ports, the following information specific to RNID displays in the following columns: •...
Page 302
Displaying Request Node Identification Data (RNID) Web Tools Administrator’s Guide 53-1001194-01...
Chapter Limitations In this chapter • General Web Tools limitations ........275 General Web Tools limitations Table 23 lists general Web Tools limitations that apply to all browsers and switch platforms.
Page 304
General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Firmware download There are multiple phases to firmware download and activation. When Web Tools reports that firmware download completed successfully, this indicates that a basic sanity check, package retrieval, package unloading, and verification was successful. Web Tools forces a full package install.
Page 305
General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Loss of Connection Occasionally, you might see the following message when you try to retrieve data from the switch or send a request to the switch: Switch Status Checking The switch is not currently accessible.
Page 306
General Web Tools limitations TABLE 23 Web Tools limitations (Continued) Area Details Refresh option in Web Tools must be restarted when the Ethernet IP address is changed using the browsers NetworkConfig View command. Web Tools appears to hang if it is not restarted after this operation is executed.
Index Numerics all access zoning arbitrated loop parameters, configuring automatic trace dump transfers 2 domain/4 domain fabric licenses backbone fabric About Discovery Domains (DD) backbone fabric ID, configuring Access Control List. See ACL backing up configuration file access control. See RBAC. basic performance monitoring graphs Access Gateway mode BB credit...
Page 308
configuration zone configuration iSCSI fibre channel zones with no effective Access Gateway mode zone configuration upload SCC/DCC policy configuration file SCSI command graphs Admin Domain considerations SCSI vs. IP traffic graphs backing up SID-DID performance graphs restoring virtual targets for iSCSI Target Gateway configuring arbitrated loop parameters zone aliases...
Page 309
disabling enabled zone configuration, displaying automatic trace uploads enabling blades automatic trace dump transfer dynamic load sharing beaconing Fabric Watch threshold alarms blades FICON Management Server mode ports Fabric Watch threshold alarms RADIUS service FICON Management Server mode RLS probing insistent domain ID mode switch iSCSI Target Gateway service...
Page 310
FC-FC routing initiators for iSCSI Target Gateway about in-order delivery. See IOD setting up insistent domain ID mode supported switches about FCR router cost enabling FCS policy installing activate Java Plug-in create deactivate JRE patches on Solaris delete Solaris patches distribute moving switch position frame delivery...
Page 311
effective zone configuration LSAN iSCSI initiator devices iSCSI initiators fabrics, managing iSCSI Port zones, managing iSCSI session iSCSI virtual target launching module LUN mapping managing/troubleshooting accessibility managing RADIUS server message severity levels MetaSAN search for FC target modifying supported switches performance graphs VT LUN RADIUS server...
Page 312
performance graphs refresh frequency, setting adding to a canvas refresh rates modifying refreshing printing Admin Domain window types of fabric information Performance Monitoring window Switch Administration window per-frame routing priority Zone Administration window persistently disable a port removing platforms, supported licenses RADIUS server polling rates...
Page 313
SID-DID performance graph SNMP trap levels Solaris patches, installing value line licenses starting Web Tools VC Priority swapping port index IDs viewing switch EX_Ports changing the name of LSAN devices enabling and disabling LSAN fabrics mouse over information LSAN zones rebooting swapped ports Switch Administration window...
Page 314
zone configurations creating deleting disabling enabling example modifying renaming zone member selection lists, searching zones about adding WWNs best practices creating deleting description LSAN modifying removing WWNs renaming replacing WWNs selecting a view zoning all access default zoning no access zoning database clearing maximum size...