About this guide This guide provides information about: • Fabric OS procedures • Basic configuration tasks • Security features • Diagnostics • Extended fabrics • ISL trunking • Zoning • Performance monitoring NOTE: FICON is not supported on HP B-Series Fibre Channel switches. The FICON information in this document is included for reference only.
Document conventions and symbols Table 1 Document conventions Convention Element Medium blue text: Figure 1 Cross-reference links and e-mail addresses Medium blue, underlined text Web site addresses (http://www.hp.com) Key names Bold font • • Text typed into a GUI element, such as into a box •...
• Operating system type and revision level • Detailed, specific questions For continuous quality improvement, calls may be recorded or monitored. HP strongly recommends that customers sign up online using the Subscriber's choice web site: http://www.hp.com/go/e-updates. • Subscribing to this service provides you with e-mail updates on the latest product enhancements, newest versions of drivers, and firmware documentation updates as well as instant access to numerous other product resources.
Introducing Fabric OS CLI procedures This chapter contains procedures for configuring and managing an HP StorageWorks Storage Area Network (SAN) using the Fabric OS Command Line Interface (CLI). The guide applies to the following HP StorageWorks product models: • HP StorageWorks switches: 4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32 These HP StorageWorks models contain a fixed number of ports (they are fixed-port switches).
• Advanced Web Tools: For Advanced Web Tools procedures, see the HP StorageWorks Fabric OS 5.x Advanced Web Tools administrator guide. • Fabric Manager: For Fabric Manager procedures, see the HP StorageWorks Fabric Manager 5.x administrator guide. • A third-party application using the API: For third-party application procedures, see the third-party API documentation.
For example: switch:admin> help configure Administrative Commands configure(1m) NAME configure - change system configuration settings SYNOPSIS configure AVAILABILITY admin DESCRIPTION This command changes some system configuration settings, including: o Arbitrated loop settings o Switch fabric settings o System services settings o Virtual channel settings (output truncated) Additional help topics...
Performing basic configuration tasks This chapter contains procedures for performing basic switch configuration tasks using the Fabric OS CLI. Connecting to the Command Line Interface You can connect to the CLI either through a telnet connection or through the serial port. Connecting with telnet Verify that the switch is connected to the IP network through the RJ-45 Ethernet port.
Open a terminal emulator application (such as HyperTerminal on a PC, or TERM, TIP, or Kermit in a UNIX® environment), and configure the application as follows: • In a Windows® environment: Parameter Value Bits per second 9600 Databits Parity None Stop bits Flow control None...
For the Core Switch 2/64 and SAN Director 2/128 (configured with two domains), each logical switch has its own set of default access accounts. The default account names and passwords are the same for both of the logical switches. You can also create up to 15 additional accounts per logical switch and designate their roles as either admin, switchAdmin, or user.
NOTE: Record the passwords exactly as entered and store them in a secure place; recovering passwords requires significant effort and fabric downtime. The initial login prompt accepts a maximum password length of eight characters. Characters beyond the eighth are ignored. Only the default password is subject to the eight-character limit.
Setting the date and time Connect to the switch and log in as admin. Issue the date command using the following syntax: date “mmddHHMMyy” where: • mm is the month; valid values are 01 through 12. • dd is the date; valid values are 01 through 31. •...
Repeat the procedure on all switches for which the Time Zone needs to be set. This needs to be done only once; the value is written to nonvolatile memory. For U.S. time zones, use Table 3 to determine the correct parameter for the tsTimeZone command.
Page 27
If you want to generate a single license key, select Generate 1 license key. If you want to generate multiple license keys, select Batch Generation of Licenses. The Software License Key instruction page opens. Enter the requested information in the required fields. When generating multiple license keys, enter the worldwide names and transaction keys in the table at the bottom of the screen.
Removing a licensed feature Connect to the switch and log in as admin. Issue the licenseShow command to display the active licenses. Remove the license key using the licenseRemove command: switch:admin> licenseremove “key” The license key is case-sensitive and must be entered exactly as given. The quotation marks are optional.
Connect to the switch and log in as admin. For the 4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, and SAN Switch 4/32: Proceed to the next step. For the SAN Director 2/128 and 4/256 SAN Director: If configured for one domain (the default) proceed to the next step.
Disabling and enabling a port All licensed ports are enabled by default. You can disable and reenable them as necessary. Ports that you activate with Ports on Demand must be enabled explicitly, as described in ”Activating Ports on Demand” on page 30. Disabling a port Connect to the switch and log in as admin.
switch vendor. You might need to generate a license key from a transaction key supplied with your purchase. If so, launch an Internet browser and visit the HP web site: http://webkey.external.hp.com/welcome.asp. Select Generate a license key and follow the instructions to generate the key.
For information on extended ISL modes, which enable longer-distance ISLs, see ”Administering extended fabrics” on page 163. Working with domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can reset them manually to control the ID number or to resolve a domain ID conflict when you merge fabrics. If a switch already has a domain ID when it is enabled, and that domain ID conflicts with a switch already in the fabric, the conflict is resolved.
The fields in the fabricShow display are: • Switch ID: The switch Domain_ID and embedded port D_Id. • Worldwide Name: The switch WWN. • Enet IP Addr: The switch Ethernet IP address. • FC IP Addr: The switch FC IP address. •...
Issue the portCfgIslMode command: For the 4/8 SAN Switch, 4/16 SAN Switch, portCfgIslMode port mode SAN Switch 2/8V, SAN Switch 2/16, SAN Specify a port number. Valid values for port number Switch 2/32, Brocade 4Gb SAN Switch for HP depend on the switch type. The mode operand is p-Class BladeSystem, and SAN Switch 4/32: required: Specify 1 to enable ISL R_RDY mode (gateway link) or specify 0 to disable it.
• Configuration file change from task • TC feature on • TC feature off An SNMP-TRAP mode can also be enabled; see the trackChangesHelp command in the HP StorageWorks Fabric OS 5.x command reference guide. For troubleshooting information on the TC feature, see ”Inaccurate information in the system message log”...
For the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director: The output is similar to the following: switch:admin> switchstatuspolicyshow The current overall switch status policy parameters: Down Marginal ---------------------------------- PowerSupplies Temperatures Fans Blade Flash MarginalPorts FaultyPorts MissingSFPs switch:admin> The policy parameter determines the number of failed or inoperable units for each contributor that triggers a status change in the switch.
Page 38
For the SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32: The following example shows the command as executed on a SAN Switch 2/32. The output is similar on SAN Switch 2/8V, SAN Switch 2/16V, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32: switch:admin>...
Configuring standard security features This chapter provides information and procedures for configuring standard Fabric OS security features such as account and password management. Additional security features are available when secure mode is enabled. For information about licensed security features available in Secure Fabric OS, see the HP StorageWorks Secure Fabric OS administrator guide.
Table 6 Main security scenarios Fabric Management Comments interfaces Nonsecure Nonsecure No special setup is need to use telnet or HTTP. An HP switch certificate must be installed if sectelnet is used. Nonsecure Secure Secure protocols may be used. An SSL switch certificate must be installed if SSH/HTTPS is used.
Commands that require a secure login channel must be issued from an original SSH session. If you start an SSH session, and then use the login command to start a nested SSH session, commands that require a secure channel are rejected. Fabric OS 4.4.0 and later supports SSH protocol 2.0 (ssh2).
In response to the telnetd prompt, enter on. The telnet interface is enabled. Blocking listeners HP StorageWorks switches block Linux® subsystem listener applications that are not used to implement supported features and capabilities. Table 7 lists the listener applications that HP StorageWorks switches either block or do not start.
Creating and maintaining user-defined accounts In addition to the default administrative and user accounts, Fabric OS supports up to 15 user-defined accounts in each logical switch (domain). These accounts expand your ability to track account access and audit administrative activities. User-defined accounts can be assigned either admin-, switchAdmin-, or user-level roles.
In response to the prompt, enter a password for the account. The password is not displayed when you enter it on the command line. Deleting a user-defined account Only accounts with the admin role can delete user-defined accounts on the logical switch. Connect to the switch and log in as admin.
Changing an account password At each level of account access, you can change passwords for that account and accounts that have lesser privileges. If you log in to a user account, you can change only that account’s password. If you log in to an admin account, you can change admin and user passwords. You must provide the old password when the account being changed has the same or higher privileges than the current login account.
Configure at least two RADIUS servers so that if one fails, the other assumes service. You can set the configuration with both RADIUS service and local authentication enabled so that if all RADIUS servers do not respond (because of power failure or network problems), the switch uses local authentication. Consider the following effects of the use of RADIUS service on other Fabric OS features: •...
Linux The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a freeware RADIUS server that you can find at the following web site: www.freeradius.org. Follow the installation instructions at the web site. FreeRADIUS runs on Linux (all versions), FreeBSD, NetBSD, and Solaris.
Enabling clients Clients are the switches that use the RADIUS server; each client must be defined. By default, all IP addresses are blocked. On dual-CP switches (Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director), the switch sends its RADIUS request using the IP address of the active CP. When adding clients, add both the active and standby CP IP addresses so that users can still log in, in case of a failover.
Configuring users From the Windows Start menu, select Programs > Administrative Tools > Computer Management to open the Computer Management window. In the Computer Management window, expand the Local Users and Groups folder and select the Groups folder. Right-click the Groups folder and select New Group from the pop-up menu. In the New Group window, provide a Name and Description for the group and click Add.
15.In the Add Remote Access Policy window, confirm that the Conditions section displays the groups that you selected and click Next. 16.After the Add Remote Access Policy window refreshes, select the Grant remote access permission radio button and click Next. After the Add Remote Access Policy window refreshes again, click Edit Profile.
Adding a RADIUS server to the switch configuration Connect to the switch and log in as admin. Issue the following command: switch:admin> aaaConfig --add server [-p port] [-s secret] [-t timeout] [-a pap | chap] where: Is either a server name or an IP address. Avoid duplicating server listings server (that is, listing the same server once by name and again by IP address).
Is an optional argument; enter a server port. -p port Is an optional argument; enter a shared secret. -s secret Is an optional argument; enter the length of time (in seconds) the server -t timeout has to respond before the next server is contacted. -a[pap|chap] Specifies PAP or CHAP as authentication protocol.
Browser and Java support Fabric OS supports the following web browsers for SSL connections: • Internet Explorer (Microsoft Windows) • Mozilla (Solaris and Red Hat Linux) In countries that allow the use of 128-bit encryption, use the latest version of your browser. For example, Internet Explorer 6.0 and later supports 128-bit encryption by default.
Choosing a CA To ease maintenance and allow secure out-of-band communication between switches, consider using one CA to sign all management certificates for a fabric. If you use different CAs, management services operate correctly, but the Advanced Web Tools Fabric Events button is unable to retrieve events for the entire fabric.
Enter the requested information. For example: Select protocol [ftp or scp]: 192.1.2.3 Enter IP address: Enter remote directory: path_to_remote_directory Enter Login Name: your account Enter Password: your password Success: exported CSR. If you are set up for secure file copy protocol, you can select it; otherwise, select ftp. Enter the IP address of the switch on which you generated the CSR.
Activating a switch certificate Issue the configure command and respond to the prompts that apply to SSL certificates: Enter yes. SSL attributes Enter the name of the switch certificate file, for example, Certificate File 192.1.2.3.crt. If you want the CA name to be displayed in the browser CA Certificate File window, enter the name of the CA certificate file;...
Browse to the certificate location and select the certificate. For example, select nameRoot.crt. Click Open and follow the instructions to import the certificate. Installing a root certificate to the Java Plug-in For information on Java requirements, see ”Browser and Java support”...
Troubleshooting certificates If you receive messages in the browser or in a pop-up window when logging in to the target switch using HTTPS, see Table Table 11 SSL messages and actions Message Action The SSL certificate is not installed correctly or HTTPS is not The page cannot be displayed enabled correctly.
You can also use the following MIBs and their associated traps: • FICON-MIB (for FICON environments) • HA-MIB (for the Core Switch 2/64 and SAN Director 2/128) • SW-EXTTRAP, whcih includes the Software Serial Number (swSsn) as a part of HP StorageWorks SW traps.
Page 60
Sample SNMPv3 configuration: switch:admin> snmpconfig --set snmpv3 SNMPv3 user configuration: User (rw): [snmpadmin1] adminuser Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 1 New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv[2]): (1..2) [2] 1 New Priv Passwd: Verify Priv Passwd: User (rw): [snmpadmin2] shauser Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 2 New Auth Passwd: Verify Auth Passwd:...
Page 61
Sample SNMPv1 configuration: switch:admin> snmpconfig --set snmpv1 SNMP community and trap recipient configuration: Community (rw): [Secret C0de] admin Trap Recipient's IP address in dot notation: [0.0.0.0] 10.32.225.1 Trap recipient Severity level : (0..5) [0] 1 Community (rw): [OrigEquipMfr] Trap Recipient's IP address in dot notation: [10.32.225.2] Trap recipient Severity level : (0..5) [1] Community (rw): [private] Trap Recipient's IP address in dot notation: [10.32.225.3]...
Sample mibCapability configuration: switch:admin> snmpconfig --show mibCapability FA-MIB: YES FICON-MIB: YES HA-MIB: YES SW-TRAP: YES swFCPortScn: YES swEventTrap: YES swFabricWatchTrap: YES swTrackChangesTrap: NO FA-TRAP: YES connUnitStatusChange: YES connUnitEventTrap: NO connUnitSensorStatusChange: YES connUnitPortStatusChange: YES SW-EXTTRAP: NO FICON-TRAP: NO HA-TRAP: YES fruStatusChanged: YES cpStatusChanged: YES fruHistoryTrap: NO Sample systemGroup configuration (default):...
Page 63
Sample SNMP agent configuration information: switch:admin> agtcfgshow Current SNMP Agent Configuration Customizable MIB-II system variables: sysDescr = FC Switch sysLocation = End User Premise sysContact = Field Support. authTraps = 1 (ON) SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) Trap recipient: 192.168.1.51 Trap recipient Severity level: 4 Community 2: OrigEquipMfr (rw)
Page 64
Sample modification of the SNMP configuration values: agtcfgset switch:admin> Customizing MIB-II system variables ... At each prompt, do one of the followings: o <Return> to accept current value, o enter the appropriate new value, o <Control-D> to skip the rest of configuration, or o <Control-C>...
Page 65
Sample reset of the SNMP agent configuration to default values: agtcfgdefault switch:admin> ***** This command will reset the agent's configuration back to factory default ***** Current SNMP Agent Configuration Customizable MIB-II system variables: sysDescr = Fibre Channel Switch. sysLocation = End User Premise sysContact = sweng authTraps = 0 (OFF) SNMPv1 community and trap recipient configuration:...
Page 66
Sample modification of the options for configuring SNMP MIB traps: snmpmibcapset switch:admin> The SNMP Mib/Trap Capability has been set to support FE-MIB SW-MIB FA-MIB FA-TRAP FA-MIB (yes, y, no, n): [yes] FICON-MIB (yes, y, no, n): [no] HA-MIB (yes, y, no, n): [no] SW-TRAP (yes, y, no, n): [no] swFCPortScn (yes, y, no, n): [no] swEventTrap (yes, y, no, n): [no]...
4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32 Follow this procedure to set the boot PROM password with a recovery string: Connect to the serial port interface as described in ”Connecting through the serial port”...
The following options are available: Option Description Start system Continues the system boot process. Recovery password Lets you set the recovery string and the boot PROM password. Enter command shell Provides access to boot parameters. Enter 2. If no password was previously set, the following message is displayed: Recovery password is NOT set.
4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32 Follow this procedure to set the boot PROM password without a recovery string: Create a serial connection to the switch as described in ”Connecting through the serial port”...
The following options are available: Option Description Start system. Continues the system boot process. Recovery password. Lets you set the recovery string and the boot PROM password. Enter command shell. Provides access to boot parameters. Enter 3. Issue the passwd command at the shell prompt. NOTE: The passwd command applies only to the boot PROM password when it is entered from the boot interface.
Maintaining configurations and firmware This chapter contains procedures for maintaining switch configurations and maintaining firmware. Maintaining configurations It is important to maintain consistent configuration settings on all switches in the same fabric, because inconsistent parameters (such as inconsistent PID formats) can cause fabric segmentation. As part of standard configuration maintenance procedures, HP recommends that you back up all important configuration data for every switch on a host computer server for emergency reference.
Respond to the prompts as follows: If your site requires the use of Secure Copy, specify scp. Otherwise, Protocol specify ftp. Enter the name or IP address of the server where the file is to be stored; Server for example, 192.1.2.3. You can enter a server name if DNS is Name or IP enabled.
At the Do you want to continue [y/n] prompt, enter y. Wait for the configuration to be restored. When the process is finished, issue the switchEnable command. For example: switch:admin> configdownload Protocol (scp or ftp) [ftp]: ftp Server Name or IP Address [host]: 192.1.2.3 User Name [user]: JohnDoe File Name [config.txt]: /pub/configurations/config.txt Password: xxxxx...
If fmsmode is enabled in a configuration file, but is disabled on the switch, the configdownload command fails and displays an error message. This prevents undesirable conditions that could result from enabling fmsmode on a switch that does not require it. Downloading configurations across a fabric To save time when configuring fabric parameters and software features, you can save a configuration file from one switch and download it to other switches of the same model type, as shown in the following...
In the Product information section on the right side, select Software & drivers. The download drivers & software page is displayed. Click the appropriate switch in the select your product section. The specify operating system page is displayed. Click Cross operating system (BIOS, Firmware, Diagnostics, etc.). The download drivers and software page is displayed.
Table 13 Recommended firmware Switch model Earliest recommended Fabric OS version 4/8 SAN Switch and 4/16 SAN 5.0.1 Switch 1 GB Switches 2.6.1 SAN Switch 2/8-EL, SAN Switch 3.1.0 2/16-EL, and SAN Switch 2/16 SAN Switch 2/8V and SAN 4.2.0 Switch 2/16V SAN Switch 2/32 4.1.0...
CAUTION: To ensure a nondisruptive download, for each nondirector class switch in your fabric, complete all firmware download changes before issuing the firmwareDownload command on the next switch. HP StorageWorks fixed-port models and each CP blade of the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director have two partitions of nonvolatile storage areas (a primary and a secondary) to store two firmware images.
Do not override an autocommit under normal circumstances; use the default. See ”Upgrading firmware in single-CP mode” on page 239 for details about overriding the autocommit option. As an alternative, before starting a firmware download, you can connect the switch with a serial console cable to a computer that is running a session capture.
Page 81
Issue the firmwareDownload command. At the Do you want to continue [y/n] prompt, enter y. Respond to the prompts as follows: Enter the name or IP address of the server where the firmware file is Server stored, for example, 192.1.2.3. You can enter a server name if DNS is Name or IP enabled.
NOTE: After you start the process, do not issue any disruptive commands (such as reboot) that will interrupt the process. The entire firmware download and commit process takes approximately 15 minutes. If there is a problem, wait for the timeout (30 minutes for network problems; 10 minutes for incorrect IP address).
Page 84
10.Respond to the prompts as follows: Enter the name or IP address of the server where the firmware file is Server stored, for example, 192.1.2.3. You can enter a server name if DNS is Name or IP enabled. Address Enter the user name of your account on the server, for example, User name JohnDoe.
Start a new session to view the upgrade progress: switch:admin> firmwaredownloadstatus [0]: Tue Apr 20 15:18:56 2003 cp0: Firmwaredownload has started on Standby CP. It may take up to 10 minutes. [1]: Tue Apr 20 15:24:17 2003 cp0: Firmwaredownload has completed successfully on Standby CP. [2]: Tue Apr 20 15:24:19 2003 cp0: Standby CP reboots.
Page 86
Decide which firmware version you want to be applied to each CP blade. If you want the version on the standby CP, issue the haFailover command on the active CP. If you want the version from the active CP, issue the firmwareDownload -s command on the standby CP. After entering the haFailover command, you must issue the firmwareDownload -s command on the new standby CP.
Configuring Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director This chapter contains procedures that are specific to the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director. Because directors contain interchangeable 16-port blades (32-port blades in the 4/256 SAN Director), their procedures differ from those for the 4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32 fixed-port switches.
The following example shows how to enable port 4 on a blade in slot 2: switch:admin> portenable 2/4 By port area ID Zoning commands require that you specify ports using the area ID method. In Fabric OS 4.0.0 and later, each port on a particular domain is given a unique area ID.
Disabling and enabling port blades Port blades are enabled by default. You might need to disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the port blade to be disabled. This ensures that diagnostic activity does not interfere with normal fabric traffic.
Table 15 HP StorageWorks director terminology and abbreviations Term Abbreviation Blade ID Definition Core Switch 2/64 CP blade The first-generation CP blade provided with the Core Switch 2/64. This CP supports 1- and 2-Gbit/sec port speeds. It supports only the dual domain configuration within the chassis.
Port blade compatibility Table 16 indicates which blades are supported for each HP StorageWorks director. Table 16 Blades supported by each HP StorageWorks director Director Port Blades FC-16 FC2-16 FC4-16 FC4-32 Core Switch 2/64 Supported (CP1) SAN Director Supported Supported Supported 2/128 (CP2) 4/256 SAN...
Table 17 Supported configuration options (continued) Option Number of Maximum number Supported port Supported Notes Results domains of ports per switch blades CP blades Two 64-port 64/64 Left side: FC-16 switches (Blade Right side: FC2-16 ID 2 on slots 1–4; ID 4 on slots 7–10.
Field Value Displays the status of the blade: Status • VACANT: The slot is empty. • INSERTED, NOT POWERED ON: The blade is present in the slot but is turned off. • DIAG RUNNING POST1: The blade is present, powered on, and running the post-initialization POST.
Use the configure command to configure the sw0 to match your fabric specifications. If the director is to be merged into an existing fabric, do not configure zoning parameters; these are propagated when you merge the director into the fabric. Log in to the second logical switch (sw1) as admin.
Issue the ipAddrSet command to set and confirm the IP address of sw1 (sw1 takes on a default that must be corrected). The IP address of sw0 is already set. After the system reboots, log in again as admin to each logical switch and issue the switchName command to assign a name to the new switch.
Page 96
Configuring Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director...
Routing traffic This chapter describes HP StorageWorks switch routing features and procedures. About data routing and routing policies Data moves through a fabric from switch to switch and from storage to server along one or more paths that make up a route. Routing policies determine the correct path for each frame of data. CAUTION: For most configurations, the default routing policy is optimal, and provides the best performance.
You must disable the switch before changing the routing policy, and reenable it afterward. In the following example, the routing policy for a SAN Switch 4/32 is changed from exchange-based to device-based: switch:admin> aptpolicy Current Policy: 3 3: Default Policy 1: Port Based Routing Policy 2: Device Based Routing Policy 3: Exchange Based Routing Policy...
In a stable fabric, frames are always delivered in order, even when the traffic between switches is shared among multiple paths. However, when topology changes occur in the fabric (for example, if a link goes down), traffic is rerouted around the failure, and some frames could be delivered out of order. Most destination devices tolerate out-of-order delivery, but some do not.
Viewing routing path information The topologyShow and uRouteShow commands provide information about the routing path. Connect to the switch and log in as admin. Issue the topologyShow command to display the fabric topology, as it appears to the local switch. The following entries appear: Domain number of the local switch Local Domain ID...
Page 101
Issue the uRouteShow command to display unicast routing information. For the 4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32, use the following syntax: urouteshow [portnumber][, domainnumber] For the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director: Use the following syntax:...
Viewing routing information along a path You can display detailed routing information from a source port (or area) on the local switch to a destination port (or area) on another switch. This routing information describes the full path that a data stream travels between these ports, including all intermediate switches.
Page 103
• Name: The name of the switch. • Out Port: The output port that the frames use to reach the next hop on this path. For the last hop, the destination port. • BW: The bandwidth of the output ISL, in Gbit/sec. It does not apply to the embedded port. •...
Administering FICON fabrics NOTE: FICON is not supported on HP B-Series Fibre Channel switches. The FICON information in this document is included for reference only. FICON overview IBM FICON is an industry-standard, high-speed input/output (I/O) interface for mainframe connections to storage devices.
Page 106
• Switch binding is a security method for restricting devices that connect to a particular switch. If the device is another switch, security handled by the SCC policy. If the device is a host or storage device, the Device Connection Control (DCC) policy binds those devices to a particular switch. Policies range from completely restrictive to reasonably flexible, based upon customer needs.
Table 18 Fabric OS commands related to FICON and FICON CUP Command Description Standard Fabric OS commands: Sets the domain ID and the IDID mode. configure Swaps ports. portSwap Disables the portSwap command. portSwapDisable Enables the portSwap command. portSwapEnable Displays information about swapped ports. portSwapShow Commands specific to FICON: Removes all registered link incident records (RLIRs) from the local RLIR...
Configuring switches This section describes how to configure a switch in a FICON environment. Use the worksheet shown in Figure 3 on page 119 to record your configuration information. The following are recommended FICON environment configuration settings: • Disable DLS (dlsReset command). If DLS is enabled, traffic on existing ISL ports might be affected when one or more new ISLs are added between the same two switches.
Configuring a high-integrity fabric To configure a high-integrity fabric (cascaded configuration): Disable each switch in the fabric. For each switch: a. Enable the IDID flag. b. Set the domain ID. c. Install security certificates and keys. Enable the switches. This builds the fabric. Set up security on the primary FCS switch.
Respond to the remaining prompts (or press Ctrl-d to accept the other settings and exit). Issue the switchEnable command to reenable the switch. For example: switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [3] 5 R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] Data field size: (256..2112) [2112]...
FRU failures To display FRU failure information, connect to the switch, log in as admin, and issue one of the following commands: • For the local switch: ficonshow ilir • For all switches defined in the fabric: ficonshow ilir fabric Swapping ports If a port malfunctions, or if you want to connect to different devices without having to rewire your infrastructure, you can move a port’s traffic to another port (swap ports) without changing the I/O...
A mode register controls the behavior of the switch with respect to CUP itself, and with respect to the behavior of other management interfaces. FICON Management Server mode (fmsmode) must be enabled on the switch to enable CUP management features. When this mode is enabled, Fabric OS prevents local switch commands from interfering with host-based management commands by initiating serialized access to switch parameters.
NOTE: You cannot use the portCfgPersistentEnable and portCfgPersistentDisable commands to persistently enable and disable ports when FMS mode is on. See the procedure ”Persistently enabling and disabling ports” on page 115. Changing fmsmode from disabled to enabled triggers the following events: •...
Table 19 FICON CUP mode register bits Description POSC Programmed offline state control. When this bit is set on, the host is prevented from taking the switch offline. The default setting is 1 (on). User alert mode. When this bit is set on, a warning is issued when an action is attempted that writes CUP parameters on the switch.
The command format is: ficoncupset modereg [bitname] 0 | 1 where: Specifies one of the mode register bits described in Table 19 on page 114. bitname Specifies that the bit is off. Specifies that the bit is on. The following example sets the mode register bit HCP to off: switch:admin>...
Port and switch naming standards Fabric OS handles differences in port and switch naming rules between CUP and itself as follows: • CUP employs 8-bit characters in port address names and switch names; Fabric OS employs 7-bit characters. When fmsmode is enabled, all characters greater than 0x40 and not equal to 0xFF (EBCIDC code page 37 [0x25]) are allowed in the name;...
Backing up FICON files The FICON file access facility is used to store configuration files. This includes IPL and other configuration files. Fabric OS saves the IPL and all other configuration files on the switch. A maximum of 16 configuration files, including the IPL file, are supported. You can upload the configuration files saved on the switch to a management workstation using the configUpload command.
Sample IOCP configuration file for the SAN Switch 2/32, Core Switch 2/64, and SAN Director 2/128 The channel subsystem controls communication between a configured channel, the CU, and the device. The IOCDS defines the channels, CUs, and devices to the designated logical partitions (LPARs) within the server;...
IOCP (and not in decimal values); the Domain IDs in the following example are for demonstration purposes only. *------------------------------------------------------------------ * SilkWorm 24000 Domain_ID=61 (in hex) *------------------------------------------------------------------ CNTLUNIT CUNUMBR=0D8,UNITADD=00,UNIT=2032, PATH=(50,51), LINK=(61FE,61FE) IODEVICE ADDRESS=(0D8,1),CUNUMBR=0D8,UNIT=2032,STADET=Y,UNITADD=00 *--------------------------------------------------------------- *SilkWorm 12000 Domain_ID=22 (left side logical switch 0 in hex) *--------------------------------------------------------------- CNTLUNIT CUNUMBR=0D9,UNITADD=00,UNIT=2032, PATH=(8A,8B),...
Page 122
/*********************************************************************/ MONITOR I OPTIONS O N L Y /*********************************************************************/ /* FICON Director CHAN /* COLLECT CHANNEL STATISTICS /* COLLECT CPU STATISTICS CYCLE(1000) /* SAMPLE ONCE EVERY SECOND DEVICE(NOSG) /* PREVENT SORT OF STORAGE GROUPS*/ DEVICE(NOCHRDR) /* CHARACTER READER STATISTICS WILL NOT BE COLLECTED DEVICE(COMM) /* COMMUNICATION EQUIPMENT STATS.
Configuring the Distributed Management Server The HP Fabric OS Distributed Management Server allows a SAN management application to retrieve information and administer interconnected switches, servers, and storage devices. The management server assists in the autodiscovery of switch-based fabrics and their associated topologies. A client of the Distributed Management Server can find basic information about the switches in the fabric and use this information to construct topology relationships.
For example: switch:admin> msplmgmtdeactivate MS Platform Service is currently enabled. This will erase MS Platform Service configuration information as well as database in the entire fabric. Would you like to continue this operation? (yes, y, no, n): [no] y Request to deactivate MS Platform Service in progress..*Completed deactivating MS Platform Service in the fabric! switch:admin>...
At the select prompt, enter 2 to add a member based on its port/node WWN. Enter the WWN of the host to be added to the ACL. At the select prompt, enter 1 to verify the WWN you entered was added to the ACL. After verifying that the WWN was added correctly, enter 0 at the prompt to end the session.
At the Update the FLASH? prompt, enter y. Press Enter to update the nonvolatile memory and end the session. For example: switch:admin> msconfigure Done Display the access list Add member based on its Port/Node WWN Delete member based on its Port/Node WWN select : (0..3) [1] 3 Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 20:00:00:20:37:65:ce:aa *WWN is successfully deleted from the MS ACL.
The contents of the management server platform database are displayed. For example: switch:admin> msplatshow ----------------------------------------------------------- Platform Name: [9] "first obj" Platform Type: 5 : GATEWAY Number of Associated M.A.: 1 [35] "http://java.sun.com/products/plugin" Number of Associated Node Names: 1 Associated Node Names: 10:00:00:60:69:20:15:71 ----------------------------------------------------------- Platform Name: [10] "second obj"...
For example: switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress..*MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress..*MS Topology Discovery enabled locally. *MS Topology Discovery Enable Operation Complete!! Disabling topology discovery Connect to the switch and log in as admin.
Working with diagnostic features This chapter provides information on diagnostics and how to display system, port, and specific hardware information. It also describes how to set up system logging mapping (syslogd) and how to set up the offloading of error messages (supportSave). The purpose of the diagnostic subsystem is to evaluate the integrity of the system hardware.
The following example shows a typical boot sequence, including POST messages: The system is coming up, please wait... Read board ID of 0x80 from addr 0x23 Read extended model ID of 0x16 from addr 0x22 Matched board/model ID to platform index 4 PCI Bus scan at bus 0 Checking system RAM - press any key to stop test Checking memory address: 00100000...
For example: switch:admin> uptime 4:43am up 1 day, 12:32, 1 user, load average: 1.29, 1.31, 1.27 switch:admin> The uptime command displays the length of time the system has been in operation, the total cumulative amount of uptime since the system was first powered-on, the date and time of the last reboot (applies only to Fabric OS 3.x and 2.6.x systems), the reason for the last reboot (applies only to Fabric OS 3.x and 2.6.x systems), and the load average over the past one minute (1.29 in the preceding example), five minutes (1.31 in the example), and 15 minutes (1.27 in the example).
Displaying the port statistics Connect to the switch and log in as admin. Issue the portStatsShow command. Port statistics include information such as number of frames received, number of frames sent, number of encoding errors received, and number of class 2 and class 3 frames received. See the HP StorageWorks Fabric OS 5.x command reference guide for additional portStatsShow command information, such as the syntax for slot or port numbering.
The following example shows output from the portErrShow command: switch:admin> porterrshow frames enc disc link loss loss frjt fbsy err shrt long c3 fail sync sig sig===================================================================== 1.5m 1.2m 149m 149m 147m 150m 99m 146m 99m 149m 99m 152m 99m 147m The portErrShow command output provides one output line per port.
Table 20 Port error summary description (continued) Error type Description Frames rejected with F_RJT frjt Frames busied with F_BSY fbsy Viewing equipment status You can display status for fans, power supply, and temperature. NOTE: The number of fans, power supply units, and temperature sensors depends on the switch type. For detailed specifications on these components, see the SAN Switch installation guide for your switch model.
The possible status values are: • OK: Power supply is functioning correctly. • Absent: Power supply is not present. • Unknown: An unknown power supply unit is installed. • Predicting failure: Power supply is present but predicting failure. • FAULTY: Power supply is present but faulty (no power cable, power switch turned off, fuse blown, or other internal error).
Viewing the port log Fabric OS maintains an internal log of all port activity. The port log stores entries for each port as a circular buffer. Each port has space to store 8000 log entries. When the log is full, the newest log entries overwrite the oldest log entries.
Because a portLogDump output is long, a truncated example is presented: switch:admin> portlogdump task event port cmd args ------------------------------------------------- 16:30:41.780 PORT Rx 9 40 02fffffd,00fffffd,0061ffff,14000000 16:30:41.780 PORT Tx 9 0 c0fffffd,00fffffd,0061030f 16:30:42.503 PORT Tx 9 40 02fffffd,00fffffd,0310ffff,14000000 16:30:42.505 PORT Rx 9 0 c0fffffd,00fffffd,03100062 16:31:00.464 PORT Rx 9 20 02fffc01,00fffca0,0063ffff,01000000 16:31:00.464 PORT Tx 9 0 c0fffca0,00fffc01,00630311 16:31:00.465 nsd ctin 9 fc 000104a0,0000007f...
In the following example, Fabric OS messages map to local7 facility level 7 in the /etc/syslog.conf file: local7.emerg /var/adm/swcritical local7.alert /var/adm/alert7 local7.crit /var/adm/crit7 local7.err /var/adm/swerror local7.warning /var/adm/swwarning local7.notice /var/adm/notice7 local7.info /var/adm/swinfo local7.debug /var/adm/debug7 If you prefer to map Fabric OS severities to a different UNIX local7 facility level, see ”Setting the facility level”...
Verify the IP address was deleted by issuing the syslogDipShow command. Viewing and saving diagnostic information Issue the supportShow command to dump important diagnostic and status information to the session screen, where you can review it or capture its data. To save a set of files that customer support technicians can use to further diagnose the switch condition, issue the supportSave command.
Setting up periodic checking of the remote server Connect to the switch and log in as admin. Issue the following command: supportftp -t interval where the interval is in hours. The minimum interval is 1 hour. Specify 0 hours to disable the checking feature.
10 Troubleshooting Troubleshooting should begin at the center of the SAN—the fabric. Because switches are located between the hosts and storage devices and have visibility into both sides of the storage network, starting with them can help narrow the search path. After eliminating the possibility of a fault within the fabric, determine whether the problem is on the storage side or the host side, and continue a more detailed diagnosis from there.
Gathering information for technical support If you are troubleshooting a production system, you need to gather data quickly. As soon as a problem is observed, perform the following tasks (if you are using a dual-CP system, run the commands on both CPs): Issue the supportSave command to save RASLOG, TRACE, and supportShow (active CP only) information for the local CP to a remote FTP location.
• Commands pdShow and save Core output Determine the following host information: • OS version and patch level • HBA type • HBA firmware version • HBA driver version • Configuration settings Determine the following storage information: • Disk/tape type •...
Page 146
The following is sample output from the fcPing command in which one device accepts the request and another device rejects the request: switch:admin> fcping 10:00:00:00:c9:29:0e:c4 21:00:00:20:37:25:ad:05 Source: 10:00:00:00:c9:29:0e:c4 Destination: 21:00:00:20:37:25:ad:05 Zone Check: Not Zoned Pinging 10:00:00:00:c9:29:0e:c4 [0x20800] with 12 bytes of date: received reply from 10:00:00:00:c9:29:0e:c4: 12 bytes time:1162 usec received reply from 10:00:00:00:c9:29:0e:c4: 12 bytes time:1013 usec received reply from 10:00:00:00:c9:29:0e:c4: 12 bytes time:1442 usec...
Checking the Simple Name Server (SNS) Issue the nsShow command on the switch to which the device is attached. For example: The Local Name Server has 9 entries { Type Pid PortName NodeName TTL(sec) 021a00; 2,3;20:00:00:e0:69:f0:07:c6;10:00:00:e0:69:f0:07:c6; 895 Fabric Port Name: 20:0a:00:60:69:10:8d:fd 051edc;...
Checking for zoning problems Issue the cfgActvShow command to determine whether zoning is enabled. If zoning is enabled, it is possible that the problem is being caused by zoning enforcement (for example, two devices in different zones cannot see each other). Confirm that the specific edge devices that need to communicate with each other are in the same zone.
Issue the configure command to edit the fabric parameters for the segmented switch. See the HP StorageWorks Fabric OS 5.x command reference guide for detailed information. Enable the switch by issuing the switchEnable command. You can also reconcile fabric parameters by issuing the configUpload command for each switch. Downloading a correct configuration You can restore a segmented fabric by downloading a previously saved correct backup configuration to the switch.
Table 25 Commands for debugging zoning Command Function Use to create a zone alias. aliCreate Use to delete a zone alias. aliDelete Use to create a zone configuration. cfgCreate Displays zoning configuration. cfgShow Displays current license keys and associated (licensed) products. licenseShow Displays currently enabled configuration and any E_Port segmentations due to zone switchShow...
Editing zone configuration members Log in to one of the switches in a segmented fabric as admin. Issue the cfgShow command and print its output. Start another telnet session and connect to the next fabric as an administrator. Issue the cfgShow command and print its output. Compare the two fabric zone configurations line by line and look for an incompatible configuration.
Checking fan components Log in to the switch as user. Issue the fanShow command. Check the fan status and speed output. If any of the fan speeds display abnormal RPMs, replace the fan FRU. Checking the switch temperature Log in to the switch as user. Issue the tempShow command.
Page 153
For example: switch:admin> switchshow switchName: sw094135 switchType: 26.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: switchId: fffc7e switchWwn: 10:00:00:05:1e:34:00:69 zoning: ON (cfg_em) switchBeacon: Port Media Speed State ========================= Online E-Port 10:00:00:60:69:11:f9:fc “2800_116” Online E-Port 10:00:00:60:69:11:f9:fc “2800_116” No_Light No_Light Online E-Port (Trunk port, master is Port Online E-Port...
Page 154
For example: sw094135:admin> porterrshow frames enc disc link loss loss frjt fbsy err shrt long c3 fail sync ===================================================================== 59m 102 59m 103 3.0m 2.9m 1.2m 1.1m • A high number of errors relative to the frames transmitted and frames received can indicate a marginal link (see ”Correcting marginal links”...
Table 26 Component test descriptions Test name Operands Checks [-nframes count] Functional test of port external transmit crossporttest [-lb_mode mode][-spd_mode mode] and receive path. [-gbic_mode mode] [-norestore mode] The crossport is set to loopback using [-ports itemlist] an external cable by default. However, this command can be used to check internal components by setting the lb operand to 5.
Testing components to and from the HBA Connect to the switch and log in as admin. Issue the fPortTest command. See the HP StorageWorks Fabric OS 5.x command reference guide for information on the command options. The following example executes the fPortTest command 100 times on port 8 with payload pattern 0xaa55, pattern width 2 (meaning word width) and a default payload size of 512 bytes: switchname:admin>...
Issue the portCfgShow command to display the port speed settings of all the ports. Issue the switchShow command to determine whether the port has module light. Determine whether the port at 1 Gig/sec completes by issuing the portCfgSpeed command, and then change the port speed to 2 Gig/sec.
Verify that the event area for the port state entry is pstate. The command entry AC indicates that the port has completed point-to-point initialization. For example: termB:root> portlogdumpport 4 time task event port cmd args ------------------------------------------------- 11:38:21.726 INTR pstate Skip over the loop initialization phase. After becoming an active port, the port becomes an F_Port or an E_Port, depending on the device on the opposite side.
To troubleshoot a marginal link: Issue the portErrShow command. For example: switch:admin> porterrshow frames enc disc link loss loss frjt fbsy err shrt long c3 fail sync sig sig===================================================================== 1.5m 1.2m 149m 149m 147m 150m 99m 146m 99m 149m 99m 152m 99m 147m switch:admin>...
Table 29 Loopback modes (continued) Mode Description Internal (parallel) loopback (indicates no external equipment) Backend bypass and port loopback Backend bypass and SERDES loopback Backend bypass and internal loopback Check the results of the loopback test and proceed as follows: •...
Page 162
accept PRLI represent a majority of storage targets. Private hosts require the QuickLoop feature, which is not available in Fabric OS 4.0.0 or later. A fabric-capable device implicitly registers information with the Name Server during a FLOGI. These devices typically register information with the Name Server before querying for a device list. The embedded port still performs a PLOGI and attempts PRLI with these devices.
11 Administering extended fabrics This chapter contains procedures for using the HP Extended Fabrics licensed feature, which extends the distance that ISLs can reach. To use extended ISL modes, you must first purchase and install the Extended Fabrics license. For details on obtaining and installing licensed features, see ”Maintaining licensed features”...
• Starting with Fabric OS 4.4.0, VC translation link initialization (an option of the portCfgLongDistance command) is enabled by default for LD links. For previous Fabric OS versions that support this option, it was disabled by default. To avoid inconsistency in the fabric, make sure that this value is enabled on both ends of the link.
Issue the portCfgLongDistance command, using the following syntax: portcfglongdistance [slotnumber/]portnumber [distance_level] [vc_translation_link_init] [desired_distance] where: Specifies the slot number for Core Switch 2/64, SAN Director slotnumber 2/128, and 4/256 SAN Director. This option is not applicable to fixed-port switches. The slot number must be followed by a slash ( / ) and the port number.
12 Administering ISL trunking This chapter contains procedures for using the HP ISL Trunking licensed feature, which optimizes the use of bandwidth by allowing a group of ISLs to merge into a single logical link. About ISL trunking HP ISL Trunking reduces or eliminates situations that require static traffic routes and individual ISL management to achieve optimal performance.
The maximum number of ports per trunk and trunks per switch depends on the HP StorageWorks model. For detailed information about trunking commands, see online help or the HP StorageWorks Fabric OS 5.x command reference guide. Standard trunking criteria Observe the following criteria for standard distance trunking: •...
• Consider how the addition of a new path affects existing traffic patterns: • A trunking group has the same link cost as the master ISL of the group, regardless of the number of ISLs in the group. This allows slave ISLs to be added or removed without causing data to be rerouted, because the link cost remains constant.
• Fabric Watch allows you to monitor traffic flow through specified ports on the switch and send alerts when the traffic exceeds or drops below configurable thresholds. See the HP StorageWorks Fabric OS 5.x Fabric Watch administrator guide for additional information. •...
Enabling and disabling ISL trunking You can enable or disable HP ISL Trunking for a single port or for an entire switch.When you execute the portCfgTrunkPort or switchCfgTrunk command to update the trunking configuration, the ports for which the configuration applies are disabled and reenabled with the new trunk configuration. As a result, traffic through those ports could be disrupted.
Setting the speed for one port Connect to the switch and log in as admin. Issue the portCfgSpeed command: portcfgspeed [slotnumber/]portnumber, speed_level where: Is for bladed systems only; it specifies the slot number of the port to be slotnumber configured, followed by a slash (/). This operand is required only for switches with slots, such as the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director.
The following example sets the speed for all ports on the switch to 2 Gbit/second: switch:admin> switchcfgspeed 2 Committing configuration...done. switch:admin> The following example sets the speed for all ports on the switch to auto-negotiate: switch:admin> switchcfgspeed 0 Committing configuration...done. switch:admin>...
Troubleshooting trunking problems If you have difficulty with trunking, try the solutions in this section. Listing link characteristics If a link that is part of an ISL trunk fails, use the trunkDebug command to troubleshoot the problem, as shown in the following procedure: Connect to the switch and log in as admin.
Page 175
If you are in buffer-limited mode on the LD port, increase the estimated distance. These changes are implemented only after disabling (portDisable) and enabling (portEnable) the buffer-limited port (or buffer-limited switch). Reconfiguring a port to LD from another mode can result in the port being disabled for lack of buffers—this does not apply to the SAN Switch 4/32 and 4/256 SAN Director (using FC4-16 and FC4-32 port blades).
13 Administering advanced zoning This chapter provides procedures for using the HP Advanced Zoning feature. Zoning terminology The following terms are used in the advanced zoning procedures: • A zone is a region within the fabric where a specified group of fabric-connected devices (called zone members) have access to one another.
To list the commands associated with zoning, use the zoneHelp command. For detailed information on the zoning commands used in the procedures, see the HP StorageWorks Fabric OS 5.x command reference guide or to the online man page for each command. Zoning concepts Before using the procedures, become familiar with the zoning concepts described in the following sections.
Table 34 Approaches to fabric-based zoning Form Description Single HBA Zoning by single HBA most closely re-creates the original SCSI bus. Each zone created has only one HBA (initiator) in the zone; each of the target devices is added to the zone. Typically, a zone is created for the HBA and the disk storage ports are added.
WWNs are specified as 8-byte (16-digit) hexadecimal numbers, separated by colons, for example, 10:00:00:90:69:00:00:8a. When a node name specifies a zone object, all ports on such a device are in the zone. When a port name specifies a zone object, only the single port is in the zone. The types of zone objects used to define a zone can be mixed and matched.
Zoning enforcement Software-enforced and hardware-enforced zoning are supported. Software-enforced zoning Zoning enables users to restrict access to devices in a fabric. Software-enforced zoning prevents hosts from discovering unauthorized target devices, while hardware-enforced zoning prevents a host from accessing a device it is not authorized to access. Software-enforced zoning: •...
Table 35 Enforcing hardware zoning Fabric type Methodology Best practice HP StorageWorks Enables hardware-enforced zoning Use domain, port identifiers 1-GB switches only on domain, port zones; WWN (PIDs). Do not identify a zone or mixed zones are not member by its WWN. hardware-enforced.
Port_Zone1 WWN_Zone1 Core WWN_Zone2 Port_Zone2 Switch Zone Boundaries 22.2b(13.2) Figure 6 Hardware-enforced non-overlap ping zones Figure 7 shows the same fabric components zoned in an overlapping fashion. WWN_Zone1 Port_Zone1 Core Port_Zone2 WWN_Zone2 Switch Zone Boundaries 22.3b(13.3) Figure 7 Hardware-enforced overlapping zones Any zone using both WWNs and domain, port entries on the HP StorageWorks 2-Gbit/sec platform relies on Name Server authentication as well as hardware-assisted (ASIC) authentication, which ensures that any PLOGI/ADISC/PDISC/ACC from an unauthorized device attempting to access a device it is not...
Port_WWN Port_WWN Zone3 Zone1 Core Port_WWN Port_WWN Switch Zone2 Zone4 Zone Boundaries 22.4b(13.4) Figure 8 Zoning with hardware assist (mixed-port and WWN zones) Port_Zone2 Port_Zone1 Core WWN_Zone1 WWN_Zone2 Switch Zone Boundaries 22.5b(13.5) Figure 9 Session-based hard zoning Figure 9, only the ports that are overlapped are software-enforced with hardware assist. Rules for configuring zones Observe the following rules when configuring zones.
• QuickLoop: Evaluate whether the fabric will also use QuickLoop Fabric Assist (QLFA) or QuickLoop. If you are running Fabric OS 4.x, consider the following before creating and setting up QLFA zones: • QuickLoop Zoning. QuickLoop and QuickLoop zones cannot run on switches running Fabric OS 4.x.
Adding members to an alias Connect to the switch and log in as admin. Issue the aliAdd command. Issue the cfgSave command to save the change to the defined configuration. For example: switch:admin> aliadd “array1”, “1,2” switch:admin> aliadd “array2”, “21:00:00:20:37:0c:72:51” switch:admin>...
Viewing an alias in the defined configuration Connect to the switch and log in as admin. Issue the aliShow command. The following example shows all zone aliases beginning with arr: switch:admin> alishow “arr*” alias: array1 21:00:00:20:37:0c:76:8c alias: array2 21:00:00:20:37:0c:66:23 If no parameters are specified, the entire zone database (both the defined and effective configuration) is displayed.
Removing devices (members) from a zone Connect to the switch and log in as admin. Issue the zoneRemove command. Issue the cfgSave command to save the change to the defined configuration. For example: switch:admin> zoneremove “greenzone”, “1,2” switch:admin> zoneremove “redzone”, “21:00:00:20:37:0c:72:51” switch:admin>...
Symmetrical segmentation occurs when both ends of an ISL are shut down. Subsequently, no frames are exchanged between the two switches. Asymemetrical segmentation not only prevents frames from being exchanged between switches, but also causes routing inconsistencies. The best way to avoid either type of segmentation is to know the zone database size limit of adjacent switches.
For important considerations for managing zoning in a fabric, and details about the maximum zone database size for each version of the FOS, see ”Maintaining zone objects” on page 193. Creating a zoning configuration Connect to the switch and log in as admin. Issue the cfgCreate command.
For example: switch:admin> cfgdelete “testcfg” switch:admin> cfgsave You are about to save the Defined zoning configuration. This action will only save the changes on the Defined configuration. Any changes made on the Effective configuration will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Clearing changes to a configuration Use the cfgTransAbort command.
Viewing a configuration in the effective zone database Connect to the switch and log in as admin. Issue the cfgActvShow command. For example: switch:admin> cfgactvshow Effective configuration: cfg: NEW_cfg zone: Blue_zone 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 21:00:00:20:37:0c:76:22 21:00:00:20:37:0c:76:28 zone: Red_zone 21:00:00:20:37:0c:76:85 21:00:00:20:37:0c:71:df Maintaining zone objects You can use the cfgDelete command to delete a zone configuration, but there is a quicker and easier way to perform the same task via the zone object commands (zoneObjectExpunge, zoneObjectCopy, and zoneObjectRename).
Managing zoning configurations in a fabric To modify an existing zone configuration, you can add, delete, or remove individual elements to create the desired configuration. After the changes have been made, save the configuration to ensure the configuration is permanently saved in the switch and that the configuration is replicated throughout the fabric.
Page 196
copy of this database. When a change is made to the defined configuration, the switch where the changes were made must close its transaction for the change to get propagated throughout the fabric. • Merging rules: Observe the following rules when merging zones: •...
Splitting a fabric If the connections between two fabrics are no longer available, the fabric segments into two separate fabrics. Each new fabric retains the same zone configuration. If the connections between two fabrics are replaced and no changes have been made to the zone configuration in either of the two fabrics, the two fabrics merge back into one single fabric.
Table 41 lists considerations for zoning architecture. Table 41 Considerations for zoning architecture Item Description Type of zoning: hard or If security is a priority, HP recommends hard zoning. soft (session-based) Use of aliases The use of aliases is optional with zoning. Using aliases requires structure when defining zones.
14 Administering advanced performance monitoring This topic contains procedures for the HP Advanced Performance Monitoring licensed feature: Based on HP Frame Filtering technology and a unique performance counter engine, advanced performance monitoring is a comprehensive tool for monitoring the performance of networked storage resources.
Table 42 Advanced performance monitoring commands (continued) Command Description Set the overall mask for EE monitors. perfSetPortEEMask Display the AL_PA CRC count by port or by AL_PA. perfShowAlpaCrc Show user-defined EE monitors. perfShowEEMonitor Show filter-based monitors. perfShowFilterMonitor Display the current EE mask of a port. perfShowPortEEMask NOTE: The command examples in this chapter use the slot/port syntax required by the Core Switch...
Monitoring EE performance EE performance monitoring counts the number of words and CRC errors in Fibre Channel frames for a specified SID-DID pair. An EE performance monitor includes the following counts: • RX_COUNT (words in frames received at the port) •...
NOTE: EE performance monitoring looks at traffic on the receiving port respective to the SID only. In Figure 10, if you add a monitor to slot 2, port 2, on Switch X, specifying Dev B as the SID and Host A as the DID, no counters (except CRC) are incremented.
CAUTION: Only one mask per port can be set. When you set a mask, all existing EE monitors are deleted. You can specify a mask using the perfSetPortEeMask command in the form dd:aa:pp, where dd is the domain ID mask, aa is the area ID mask, and pp is the AL_PA mask. The values for dd, aa, and pp are either ff (the field must match) or 00 (the field is ignored).
The EE mask has 12 fields, each with a value of on or off. The following example shows how to set and display and EE mask (the EE mask is set on slot 1, port 11): switch:admin> perfsetporteemask 1/11, “00:00:ff” “00:00:ff” “00:00:ff” “00:00:ff”...
Adding standard filter-based monitors Table 43 lists the commands for adding standard filter-based monitors to a port. Table 43 Commands to add filter-based monitors Telnet command Description Counts the number of SCSI read commands. perfAddReadMonitor Counts the number of SCSI write commands. perfAddWriteMonitor Counts the number of SCSI read and write commands.
• SAN Switch 4/32 (Fabric OS 4.4.0 or later): Up to 15 different offsets per port (14 offsets when FMS is enabled) • 4/8 SAN Switch, 4/16 SAN Switch, and Brocade 4Gb SAN Switch for HP p-Class BladeSystem (Fabric OS 5.0.1): Up to 7 different offsets per port (6 offsets when fmsmode is enabled) You can specify up to four values to compare against each offset.
The following example displays the monitors on slot 1, port 4 using the perfShowFilterMonitor command (the monitor numbers are listed in the KEY column) and deletes monitor number 1 on slot 1: switch:admin> perfshowfiltermonitor 1/4 There are 4 filter-based monitors defined on port 4. ALIAS OWNER_APP OWNER_IP_ADDR...
Page 208
The command format is: perfmonitorshow --class monitor_class [slotnumber/]portnumber [interval] where: Specifies the monitor class, which can be EE, FLT (filter-based), or ISL. The monitor_class --class monitor_class operand is required. Specifies the slot number for a Core Switch 2/64, SAN Director 2/128, or slotnumber 4/256 SAN Director.
The following example displays filter-based monitor on a port at an interval of every 6 seconds: switch:admin> perfMonitorShow --class FLT 2/5 6 perfmonitorshow 21, 6 #Frames #Frames #Frames #Frames #Frames #Frames #Frames --------------------------------------------------------------- The following example displays filter monitor information on a port: switch:admin>...
Page 210
The command format is: perfmonitorclear --class monitor_class [slotnumber/]portnumber [monitorId] where: Specifies the monitor class, which can be one of EE, FLT (filter-based), or monitor_class ISL. The --class monitor_class operand is required. Specifies the slot number for a Core Switch 2/64, SAN Director 2/128, or slotnumber 4/256 SAN Director.
Saving and restoring monitor configurations To save the current EE and filter monitor configuration settings into nonvolatile memory, use the perfCfgSave command. For example: switch:admin> perfcfgsave This will overwrite previously saved Performance Monitoring settings in FLASH ROM. Do you want to continue? (yes, y, no, n): [no] y Please wait...
Configuring the PID format Port identifiers (PIDs) are used by the routing and zoning services in Fibre Channel fabrics to identify ports in the network. All devices in a fabric must use the same PID format, so when you add new equipment to your SAN, you might need to change the PID format on legacy equipment.
• If you are running dual-fabrics with multipathing software, you can update one fabric at a time without disrupting traffic. Move all traffic onto one fabric in the SAN and update the other fabric, and then move the traffic onto the updated fabric, and update the final fabric. •...
Table 45 Effects of PID format changes on configurations PID format before PID format after Configuration effect change change Native Extended Edge No impact Extended Edge Native No impact Native Core You must: • Reenable zoning, if there is an active zone set and it Core Native uses port zones.
Table 46 PID format recommendations for adding new switches Existing Fabric OS versions; Switch to be Recommendations (in order of preference) PID format added • Use Native PID format for new switch. Host reboot is not Version 2.6.2 and later; 2.6.2 and version 3.1.2 and later;...
Page 217
Collect device, software, hardware, and configuration data. The following is a non-comprehensive list of information to collect: • HBA driver versions • Fabric OS versions • RAID array microcode versions • SCSI bridge code versions • JBOD drive firmware versions •...
If either of the first two options are used, the procedures should again be validated in the test environment. Determine the behavior of multipathing software, including but not limited to: • HBA time-out values • Multipathing software time-out values • Kernel time-out values Planning the update procedure Whether it is best to perform an offline or online update depends on the uptime requirements of the site.
Schedule an outage for all devices attached to the fabric. Back up all data and verify backups. Shut down all hosts and storage devices attached to the fabric. Disable all switches in the fabric. Change the PID format on each switch in the fabric. Reenable the switches in the updated fabric one at a time.
switch:admin> switchdisable switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] y Domain: (1..239) [1] BB credit: (1..27) [16] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] WAN_TOV: (1000..120000) [0] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] SYNC IO mode: (0..1) [0] Switch PID Address Mode: (0..2) [1] <...
Page 221
Change the switch configuration in the fabric to Extended Edge PID format: a. Configure Extended Edge PID (Format 2) on each switch. (See ”PID format changes” on page 224 for a sample configure command on an HP StorageWorks switch running Fabric OS 3.1.2 and for a sample configure command on an HP StorageWorks switch running Fabric OS 4.2.0 and later.) b.
Example of the configure command on a switch running Fabric OS 5.0.1: configure Configure... Fabric parameters (yes, y, no, n): [no] y Domain: (1..239) [11] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] WAN_TOV: (0..30000) [0] MAX_HOPS: (7..19) [7] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0]...
PID format changes There are several routine maintenance procedures which might result in a device receiving a new PID. Examples include, but are not limited to: • Changing compatibility mode settings • Changing switch domain IDs • Merging fabrics • Relocating devices to new ports or new switches (that is, for add, move, and change type operations) •...
For example: switch:admin> switchdisable switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [1] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] SYNC IO mode: (0..1) [0] Core Switch PID Format: (0..2) [0] 1 Per-frame Route Priority: (0..1) [0]...
Page 226
11.Issue the command cfgEnable [effective_zone_configuration]. For example: cfgEnable my_zones 12.Issue the switchEnable command. Enable the core switches first, and then the edges. 13.Clean the lvmtab file by using the command vgscan. 14.Change to /dev and untar the file that was tared in step For example: tar –xf /tmp/jbod.tar...
Executing the AIX procedure This procedure is not intended to be comprehensive. It provides a starting point from which a SAN administrator can develop a site-specific procedure for a device that binds by PID and cannot be rebooted due to uptime requirements. Backup all data and verify the backups.
Page 228
Use the following procedure to swap the port area IDs of two physical switch ports. In order to swap port area IDs, the port swap feature must be enabled, and both switch ports must be disabled. The swapped area IDs for the two ports remain persistent across reboots, power cycles, and failovers. Connect to the switch and log in as admin.
Configuring interoperability mode For supported interoperability configurations and restrictions, see the HP StorageWorks SAN design reference guide (AA–RMPNW–TE): http://www.hp.com/go/SANDesignGuide. Fabric OS 5.x administrator guide 229...
Using the HP Remote Switch feature The HP Remote Switch feature (Remote Switch), which aids in ensuring gateway compatibility, was formerly a licensed feature. Its functionality is now available as part of the Fabric OS standard feature set through the use of the portCfgIslMode command, which is described in ”Linking through a gateway”...
Page 232
• Suppress Class F Traffic: Use this parameter to disable class F traffic. Some network-bridge devices might not have a provision for handling class F frames. In this case, the transmission of class F frames must be suppressed throughout the entire Remote Switch fabric. To set the access and reconfigure these parameters: Connect to the switch and log in as admin.
Understanding legacy password behavior The following sections provide password information for early versions of Fabric OS firmware. Password management information Table 48 describes the password standards and behaviors between various versions of firmware. Table 48 Account and password characteristics matrix Characteristic Version 4.0.0 Versions 4.1.0 to 4.2.0...
Table 48 Account and password characteristics matrix (continued) Characteristic Version 4.0.0 Versions 4.1.0 to 4.2.0 Versions 4.4.0 to 5.0.1 Can passwd change Yes, but you must Yes; if users connect as Yes, if users connect as higher-level supply the old admin, they can change admin, they can change the passwords? For...
Table 49 Password prompting matrix (continued) Issue Version 4.0.0 Version 4.1.0 and later Does password prompting reappear when passwords are changed back to the defaults using the passwd command? Does password prompting reappear when passwords are changed back to the defaults using the passwdDefault command? Password migration during firmware changes...
Password recovery options Table 51 describes the options available when one or more types of passwords are lost. Table 51 Password recovery options Issue Version 4.0.0 Versions 4.1.0 and later If all the passwords are forgotten, Contact your switch service Contact your switch service what is the password recovery provider.
Zone merging scenarios Table 52 provides information on merging zones and the expected results. Table 52 Zone merging scenarios Description Switch A Switch B Expected Results Switch A has a defined defined: none defined: none Configuration from Switch A to configuration.
Page 238
Table 52 Zone merging scenarios (continued) Description Switch A Switch B Expected Results There is a cfg content defined: cfg1 defined: cfg1 Fabric segments due to a zone conflict mismatch. zone1: ali1; ali2 zone1: ali3; ali4 content mismatch. effective: irrelevant effective: irrelevant defined: cfg1 defined: cfg1...
Upgrading firmware in single-CP mode For all HP StorageWorks switches and directors, the firmwareDownload command, by default, performs a full installation, automatic reboot (autoreboot), and automatic firmware commit (autocommit). Automatic reboot and automatic commit modes are not selectable by default; however, they become selectable when single-CP mode is enabled by entering the -s option on the command line.
Answer the next prompts as indicated: Do Auto Commit after reboot [Y]: y If you specify no, you must manually issue the firmwareCommit command. Reboot system after download [N]: y The default is no. If you take the default, you must later use the haReboot command to perform an HA reboot manually.
Page 241
Enter the full path to the firmware file on the server. For example: /pub/v5.0.1/release.plist Enter your password. Answer the next prompts as indicated: Do Auto Commit after reboot [Y]: y If you answer no in the previous example, you must manually issue the firmwareCommit command. Reboot system after download [N]: y The default is no.
Page 242
242 Upgrading firmware in single-CP mode...
Index collecting performance data accessing switches and fabrics combining SilkWorm 12000 and 24000 cards in account ID one chassis account privilege levels command activating advanced performance monitoring a switch certificate chassisshow ports on demand configupload adding fabricshow a new switch or fabric hashow and removing FICON CUP licenses licenseadd...
Page 244
correcting link failures correcting marginal links effective zone configuration correcting zoning setup issues enabling and disabling FICON management server CRC errors, displaying mode creating a zone enabling and disabling ISL trunking creating and maintaining user-defined accounts enabling and disabling local authentication creating and maintaining zones enabling and disabling the platform services creating and managing zone aliases...
Page 245
fru failures license, generating on the web fru failures, monitoring in FICON environments license key activating gateway license keys gateway, remote switch generating gathering information for technical support licenseadd command generating licensed features batch of licenses licenseremove command generating a public/private key licenseshow command generating and storing a csr link incidents...
Page 246
default end-to-end monitors password management information filter-based monitors password migration during firmware changes removing members password prompting behaviors zone password recovery options resolving zone conflicts passwords restoring a configuration recovering forgotten passwords restoring a segmented fabric perfaddeemonitor command restoring monitor configuration perfaddIPmonitor command restoring the system configuration settings perfaddusermonitor command...
Page 247
configuring in a FICON environment system status web sites switch access HP storage switch names HP Subscriber’s choice switchshow command without a recovery string SWL, ISL Trunking support for working with domain IDs symbols in text zone tag field, interpreting adding members technical support, HP adding switches...