1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Switch
  5. A7533A - Brocade 4Gb SAN Switch Base
  6. Administrator's manual

Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Brocade access gateway admin guide v6.1.0 (53-1000605-02, june 2008)
Hide thumbs Also See for A7533A - Brocade 4Gb SAN Switch Base:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Administrator's Manual
53-1000605-02
12 Mar 2008

Access Gateway

Administrator's Guide
Supporting Fabric OS v6.1.0

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base

Summary of Contents for Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base

  • Page 1: Access Gateway

    53-1000605-02 12 Mar 2008 Access Gateway Administrator’s Guide Supporting Fabric OS v6.1.0...
  • Page 2 Copyright © 2007-2008 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol, DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
  • Page 3 Brocade Communications Systems, Incorporated Corporate Headquarters Asia-Pacific Headquarters Brocade Communications Systems, Inc. Brocade Communications Singapore Pte. Ltd. 1745 Technology Drive 9 Raffles Place San Jose, CA 95110 #59-02 Republic Plaza 1 Tel: 1-408-333-8000 Singapore 048619 Fax: 1-408-333-8101 Tel: +65-6538-4700 Email: info@brocade.com Fax: +65-6538-0302 Email: apac-info@brocade.com European and Latin American Headquarters...
  • Page 4 Access Gateway Administrator’s Guide 53-1000605-02...

  • Page 5: Table Of Contents

    Contents About This Document How this document is organized ......vii Supported hardware and software ......vii What’s new in this document .
  • Page 6 Access Gateway policies ........8 Showing current policies .
  • Page 7 Connectivity to Cisco Fabrics ....... 34 Access Gateway routing requirements with Cisco fabrics..34 Enabling NPIV on a Cisco switch.
  • Page 8 Access Gateway Administrator’s Guide 53-1000605-02...

  • Page 9: About This Document

    About This Document This document is a procedural guide to help SAN administrators configure and manage Brocade Access Gateway. This preface contains the following sections: • How this document is organized ........vii •...

  • Page 10: What's New In This Document

    What’s new in this document The following changes have been made since this document was last released: Information that was added • Platforms • Brocade 300 and 4424 • 16-bit routing (8 Gbps platforms only) • Performance • Access Gateway masterless trunking •...

  • Page 11: Notes, Cautions, And Warnings

    Notes, cautions, and warnings The following notices appear in this document. NOTE A note provides a tip, emphasizes important information, or provides a reference to related information. ATTENTION An Attention statement indicates potential damage to hardware or data. CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you. DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you.

  • Page 12: Additional Information

    NPIV N_Port ID virtualization. Allows a single Fibre Channel port to appear as multiple, distinct ports providing separate port identification and security zoning within the fabric for each operating system image as if each operating system image had its own unique physical port. Preferred Secondary N_Port On the Brocade Access Gateway, the preferred secondary N_Port refers to the secondary path that and F_Port failovers to if the primary N_Port goes...

  • Page 13: Optional Brocade Features

    Optional Brocade features For a list of optional Brocade features and descriptions, see the Fabric OS Administrator’s Guide. Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1.

  • Page 14: Document Feedback

    Document feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade.com Provide the title and version number of the document and as much detail as possible about your comment, including the topic heading and page number and your suggestions for improvement.

  • Page 15: In This Chapter

    Chapter Getting Started This chapter describes how to create seamless connectivity to any Storage Area Network (SAN) fabric using Access Gateway (AG). It provides information on how to set the port types, port mappings, and the policies to ensure a stable fabric. AG is compatible with Fabric OS, M-EOS, and Cisco-based fabrics.

  • Page 16: Fabric Os Features In Access Gateway Mode

    Brocade Access Gateway FIGURE 1 Access Gateway and fabric switch comparison The following points summarize the differences between a Fabric OS switch in Native mode and a Fabric OS switch in AG mode: • The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.

  • Page 17: Access Gateway Port Types

    Access Gateway port types Access Gateway port types Access Gateway differs from a typical fabric switch because it is not a switch; instead, it is a mode that you enable on a switch using the ag command. After a switch is set in ag mode, it can connect to the fabric using node ports (N_Ports).

  • Page 18: How Access Gateway Maps Ports

    How Access Gateway maps ports Table 1 shows a comparison of port configurations with AG to a standard fabric switch. TABLE 1 Port configurations Port Type Access Gateway Fabric switch F_Port Connects hosts and targets to Connects devices, such as hosts, HBAs, Access Gateway.

  • Page 19: Upgrade And Downgrade Considerations

    Upgrade and downgrade considerations TABLE 2 Description of F_Port-to-N_Port mapping Access Gateway Fabric F_Port N_Port Edge switch F_Port F_1, F_2 Switch_A F_A1 F_3, F_4 Switch_A F_A2 F_5, F_6 Switch_B F_B1 F_7, F_8 Switch_B F_B2 Upgrade and downgrade considerations Downgrading to Fabric OS v6.0.0 or earlier is supported; however, you must first disable the switch from AG mode.
  • Page 20 Upgrade and downgrade considerations Access Gateway Administrator’s Guide 53-1000605-02...

  • Page 21: In This Chapter

    Chapter Enabling Policies on Switches in Access Gateway Mode This chapter provides information and procedures for enabling policies on switches in Access Gateway mode. In this chapter • Access Gateway policies ......... . 8 •...

  • Page 22: Access Gateway Policies

    Access Gateway policies • Access Gateway trunking considerations ......23 • Trunk group creation ..........25 •...

  • Page 23: Enabling The Advance Device Security Policy

    Access Gateway policies Enabling the Advance Device Security policy 1. Connect to the switch and log in as admin. 2. Enter the ag policyenable ads command. switch:admin> ag --policyenable ads The policy ADS is enabled Disabling the Advance Device Security policy 1.

  • Page 24: Setting Which Devices Cannot Log In If Ads Policy Is Enabled

    Access Gateway policies Setting which devices cannot log in if ADS policy is enabled For example, to set the list of allowed devices for ports 11 and 12 to no access: 1. Connect to the switch and log in as admin. 2.

  • Page 25: Displaying The List Of Devices On The Switch

    Access Gateway policies Displaying the list of devices on the switch 1. Connect to the switch and log in as admin. 2. Enter the ag --adsshow command. switch:admin> ag --adsshow F_Port WWNs Allowed -------------------------------------------------------------------------- ALL ACCESS 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b ALL ACCESS NO ACCESS NO ACCESS...

  • Page 26: Enabling The Automatic Port Configuration Policy

    Access Gateway policies Enabling the Automatic Port Configuration policy 1. Connect to the switch and log in as admin. 2. Ensure that the switch is disabled, enter the switchdisable command 3. Enter the ag --policyenable auto command to enable the APC policy. switch:admin>...

  • Page 27: Failover Policy

    Access Gateway policies Failover Policy When a port is configured as an N_Port and if by default, the Failover policy is enabled, F_Ports are not disabled if its N_Port goes off line. If you specify a Preferred Secondary N_Port for any of the F_Ports, and if the N_Port goes offline, the F_Ports will fail over to the Preferred Secondary N_Port and then re-enable.

  • Page 28: Enabling The Failover Policy

    Access Gateway policies The ports mapped to N_2 (F_1, F_3, and F_4) fail over to N_3 and N_4. Note that the F_Ports are evenly distributed to the remaining online N_Ports and that the F_2 port did not participate in the failover event. Example 1 Example 2 Access Gateway...

  • Page 29: Disabling The Failover Policy

    Access Gateway policies Disabling the Failover policy 1. Connect to the switch and log in as admin. 2. Enter the ag command with the failovershow <n_portnumber> operand to display the failover setting. switch:admin> ag --failovershow 13 Failover on N_Port 13 is supported 3.

  • Page 30: Enabling The Failback Policy

    Access Gateway policies Example 3 Fabric Access Gateway Hosts Edge Switch Host_1 (Switch_A) F_A1 NPIV Host_2 enabled F_A2 NPIV Host_3 enabled Edge Switch (Switch_B) Host_4 F_B1 NPIV enabled Host_5 F_B2 NPIV enabled Host_6 Host_7 Legend Physical connection Mapped online Failover route online Host_8 Original mapped route (offline)

  • Page 31: Cold Failover Policy

    Access Gateway policies Cold Failover policy All F_Ports for an N_Port that goes offline are failed over to other N_Ports. However, if the N_Port fails to come online after the switch comes online, it triggers cold failover of its F_Ports. If any of these F_Ports have a Preferred Secondary N_Port set, and if the Preferred Secondary N_Port is online, those F_Ports fail over to the Preferred Secondary N_Port during cold failover.
  • Page 32 Access Gateway policies FIGURE 6 Port grouping behavior When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can access the same target devices from both of the fabrics. In this case, you must group the N_Ports connected to the redundant fabric into a single port group.

  • Page 33: Creating A Port Group

    Access Gateway policies FIGURE 8 pg0 default setup You can create new port groups and add N_Ports to those groups. However, all N_Ports that are not part of any user-created port group are part of the default port group pg0. Because port groups cannot be overlapped, if you specify an N_Port as a Preferred Secondary N_Port and it already belongs to another port group, the Port Group creation fails.

  • Page 34: Adding An N_Port To A Port Group

    Access Gateway policies Adding an N_Port to a port group 1. Connect to the switch and log in as admin. 2. Enter the command ag --pgadd with the <PG_ID> “<N_Port1;N_Port2;…> operands. If you add more than one N_Port you must separate them with a semicolon. switch:admin>...

  • Page 35: Renaming A Port Group

    Access Gateway policies Renaming a port group 1. Connect to the switch and log in as admin. 2. Enter the command ag --pgrename with the <PG_ID> <newname> operands, for example, to rename port group with pgid 2 to "MyEvenFabric": switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully 3.

  • Page 36: Access Gateway N_Port Trunking

    Access Gateway N_Port trunking Access Gateway N_Port trunking On switches running in Access Gateway mode, the masterless trunking feature trunks N_Ports because only the external port or the N_Port can connect to a switch in AG mode. After you map or assign F_Ports to an N_Port, the N_Port distributes frames across a set of available path links on the switch in AG mode to an adjacent edge switch.

  • Page 37: Access Gateway Trunking Considerations

    Access Gateway N_Port trunking Access Gateway trunking considerations TABLE 4 Access Gateway trunking considerations Category Description Area assignment You statically assign the area within the trunk group on the edge switch. That group is the N_Port masterless trunk. The static trunk area you assign must fall within the F_Port trunk group starting from port 0 on a edge switch or blade.
  • Page 38 Access Gateway N_Port trunking TABLE 4 Access Gateway trunking considerations Category Description portCfgTrunkPort <port>, 0 portCfgTrunkPort <port>, 0 will fail if a Trunk Area is enabled on a port. The port must be Trunk Area disabled first. switchCfgTrunk 0 switchCfgTrunk 0 will fail if a port has TA enabled. All ports on a switch must be TA disabled first.

  • Page 39: Trunk Group Creation

    Access Gateway N_Port trunking TABLE 4 Access Gateway trunking considerations Category Description DCC Policy DCC policy enforcement for the F_Port trunk is based on the Trunk Area; the FDISC requests to a trunk port is accepted only if the WWN of the attached device is part of the DCC policy against the TA.

  • Page 40: Setting Up F_Port Trunking

    Access Gateway N_Port trunking Setting up F_Port trunking F_Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad.

  • Page 41: Enabling The Dcc Policy On Trunk

    Access Gateway N_Port trunking The following table shows an example of the Address Identifier. TABLE 6 Address identifier 21 20 19 18 16 15 14 10 9 7 6 5 Domain ID Area_ID Port ID Address Identifier 1. Connect to the switch and log in as admin. 2.

  • Page 42: Configuration Management For Trunk Areas

    Access Gateway N_Port trunking Configuration management for trunk areas Ports from different ADs are not allowed to join the same Trunk Area group. The porttrunkarea command prevents the different AD's from joining the TA group. When you assign a TA, the ports within the TA group will have the same Index. The Index that was assigned to the ports is no longer part of the switch.

  • Page 43: Disabling F_Port Trunking

    Access Gateway N_Port trunking No_Module Online F-Port 10:00:00:00:00:01:00:00 No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Light No_Light No_Light No_Light Online F-Port 20:14:00:05:1e:41:4b:4d Online F-Port 20:15:00:05:1e:41:4b:4d Online F-Port...

  • Page 44: F_Port Trunking Monitoring

    Access Gateway N_Port trunking F_Port Trunking monitoring For F_Port masterless trunking, you must install Filter, EE or TT monitors on the F_Port trunk port. Whenever the master port changes, it is required to move the monitor to the new master port. For example, if a master port goes down, a new master is selected from the remaining slave ports.

  • Page 45: Connecting Devices Using Access Gateway

    Chapter Connecting Devices Using Access Gateway This chapter describes how to connect multiple devices to a switch in Access Gateway (AG) mode, discusses edge switch compatibility, port requirements, NPIV HBA, and interoperability. Access Gateway supports Direct Target Attach, which allows you to directly attach a target device to a switch in AG mode if the AG switch is connected to an external fabric.

  • Page 46: Configuring The Fabric And Edge Switch

    Configuring the fabric and edge switch Configuring the fabric and edge switch To connect hosts to the fabric using Access Gateway, configure the fabric using the following parameters. These parameters apply to Fabric OS, M- EOS, and Cisco-based fabrics: • Install and configure the switch as described in the switch’s Hardware Reference Manual before performing these procedures.

  • Page 47: Setting The Fabric Os Switch To Native Mode

    Configuring the fabric and edge switch Online F-Port 50:06:0b:00:00:3c:b4:3e Online F-Port 10:00:00:00:c9:35:43:f3 No_Sync Disabled (Persistent) No_Sync No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Sync Disabled (Persistent) No_Module No_Module No_Module...

  • Page 48: Connectivity To Cisco Fabrics

    Connectivity to Cisco Fabrics Connectivity to Cisco Fabrics When connecting a switch in Access Gateway mode to a Cisco fabric where certain QLogic-based devices are present behind the switch in AG mode, some QLogic FC ASIC-based Host Bus Adapters (HBA)s are not compatible with the routing mechanism used by switches in AG mode. In this case, you must configure the Cisco switch using the Cisco provided procedures to ensure interoperability with Access Gateway.

  • Page 49: Workaround For Qlogic-Based Devices

    Connectivity to Cisco Fabrics Workaround for QLogic-based devices If there are QLogic-based devices behind a switch in AG mode, you must use the Cisco provided procedures to connect to a Fabric OS switch in AG mode to a Cisco fabric. Cisco software maintains a list of QLogic-based HBAs.

  • Page 50: Adding Or Deleting An Oui From The Company Id List

    Connectivity to Cisco Fabrics <- Explicitly deleted entry (from the original default list) 00:E0:8B * Total company ids 6 + - Additional user configured company ids * -Explicitly deleted company ids from default list. Adding or deleting an OUI from the Company ID List The following example shows how to add or delete an OUI (0x112233) from the Company ID List.

  • Page 51: Enabling Flat Fcid Mode If No Fc Target Devices On Switch

    Connectivity to Cisco Fabrics Enabling Flat FCID mode if no FC target devices on switch 1. Alternatively, you can place the Cisco switch FCID allocation mode into FLAT mode by entering the following commands: config t fcinterop fcid-allocation flat 2. Enter the following command to enable VSAN mode: vsan database 3.

  • Page 52: Access Gateway Mode

    Access Gateway mode Access Gateway mode Before enabling a switch to AG mode, you must save the switch configuration because after you enable AG mode, some fabric information is erased, such as the zone and security databases. For information on backing up and restoring the configuration file, refer to the Fabric OS Administrator’s Guide.

  • Page 53: Port States

    Access Gateway mode 4. Enter the switchShow command without any options to display the status of all ports. switch:admin> switchshow switchName: switch switchType: 43.2 switchState: Online switchMode: Access Gateway Mode switchWwn: 10:00:00:05:1e:03:4b:e7 switchBeacon: Area Port Media Speed State Proto ===================================== No_Module Online F-Port...

  • Page 54: Disabling Access Gateway Mode

    Access Gateway mode TABLE 8 Port state description State Description Diag_Flt Port failed diagnostics Lock_Ref locking to the reference signal Testing running diagnostics Offline Connection not established (only for virtual ports) Online The port is up and running Disabling Access Gateway mode Before you disable a switch in AG mode, you should always back up the current configuration.

  • Page 55: Re-Joining Switches To A Fabric

    Re-joining switches to a fabric Re-joining switches to a fabric After a switch reboots and AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected. Use one of the following methods to re-join a switch to the fabric: •...
  • Page 56 Re-joining switches to a fabric Access Gateway Administrator’s Guide 53-1000605-02...

  • Page 57: In This Chapter

    Chapter Configuring Ports in Access Gateway mode This chapter explains how to configure ports in Access Gateway mode and how to implement Access Gateway masterless trunking. In this chapter • Port Initialization in Access Gateway mode ......43 •...

  • Page 58: N_Ports

    N_Ports 4. The host logs into the fabric as follows: a. The host sends a FLOGI (fabric login) request. b. Access Gateway converts the FLOGI request into an FDISC request to the fabric with the same parameters as the host. The fabric processes the request and sends an FDISC response.

  • Page 59: Unlocking N_Ports

    N_Ports The enabled N_Port will automatically come online if it is connected to an Enterprise fabric switch that supports NPIV. NPIV capability should be enabled on the ports connected to the Access Gateway. Use the portcfgnpivport command to enable NPIV capability on the specific port. By default, NPIV is enabled on 8 Gbps switches.

  • Page 60: Displaying N_Port Configurations

    N_Ports Locked N_Port ....ON ON ON ON ON ON 3. Enter the portcfgnport command with <portnumber> 0 operand to unlock N_Port mode. switch:admin> portcfgnport 10 0 Alternatively, to lock a port in N_Port mode, enter the portcfgnport <portnumber> 1 command. switch:admin>...

  • Page 61: Displaying N_Port Mapping

    N_Ports Current F_Ports Shows the F_Ports that are currently connected to the fabric on the corresponding N_Port. In the case of failover, the current F_Ports and configured F_Ports differ. Failover and Failback Indicates whether the N_Port policy is enabled (1) or disabled (0).

  • Page 62: Port Configurations

    Port configurations No_Sync Disabled (Persistent) No_Module No_Module No_Light No_Module Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0200 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0100 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0000 NOTE For a description of the port state, see Table 8 on page 39. Port configurations The following mapping updates and adding and removing of ports are only applicable to the Port Grouping policy.

  • Page 63: Removing F_Ports From An N_Port

    Port configurations ===================================== No_Sync No_Sync Disabled (N-Port Offline for F-Port) No_Sync Disabled (N-Port Offline for F-Port) No_Sync Disabled (N-Port Offline for F-Port) No_Sync Disabled (N-Port Offline for F-Port) No_Sync Disabled (N-Port Offline for F-Port) No_Sync Disabled (No mapping for F-Port) No_Sync No_Sync No_Sync...

  • Page 64: Adding A Preferred Secondary N_Port

    Port configurations Failover(1=enabled/0=disabled) : 1 Failback(1=enabled/0=disabled) : 1 Current F_Ports : None Configured F_Ports PG_ID PG_Name : pg0 Adding a preferred secondary N_Port Preferred mapping is optional. Adding a preferred N_Port provides an alternate N_Port for F_Ports to fail over to. The F_Ports must have a primary N_Port mapping before a secondary N_Port can be configured.
  • Page 65 Port configurations The following table shows the default F_Port-to-N_Port mapping that is automatically configured when Access Gateway mode is enabled. All N_Ports have failover and failback enabled. All ports must have the POD license active to use Access Gateway on the Brocade 300 and 200E. TABLE 9 Access Gateway default F_Port-to-N_Port mapping Brocade...
  • Page 66 Port configurations TABLE 9 Access Gateway default F_Port-to-N_Port mapping Brocade Total Ports F_Ports N_Ports Default F_ to N_Port Mapping Model 4024 1–16 0, 17–23 1, 2 mapped to 17 9, 10 mapped to 18 3, 4 mapped to 19 11, 12 mapped to 20 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23...

  • Page 67: Appendix A Troubleshooting

    Appendix Troubleshooting This appendix provides troubleshooting instructions. TABLE 10 Troubleshooting Problem Cause Solution Switch is not in Access Switch is in Native switch mode Disable switch using the switchDisable command. Gateway mode Enable Access Gateway mode using the ag modeenable command. Answer yes when prompted;...
  • Page 68 Troubleshooting TABLE 10 Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that failover and failback policies are enabled, as follows: Enter the ag failoverShow command with the <port_number> operand. Enter the ag failbackShow command with the <port_number> operand.
  • Page 69 Index Access Gateway behavior comparison to standard switches failover policy compatible fabrics connecting devices description features mapping description Cisco switch port mapping adding OUIs port types AG routing requirements Access Gateway mode Company ID list comparison deleting OUIs direct target attach displaying FCID disabling editing Company ID list...
  • Page 70 portCfgNport portCfgShow switchDisable F_Port switchEnable adding external port on embedded switch switchMode Address Identifier switchShow allow list compatibility disabling trunking fabric internal ports configuration mapping, example show mapping, show configurations maximum number mapped to N_Port limitations with configdownload command remove re-joining switch to fabric settings, edge switch saving AG configuration...
  • Page 71 internal port NPIV F_Port edge switch enable with portcfgnpivport command enabling on Cisco switch enabling on M-EOS swtich support join fabric optional features long distance mode, edge switch Policies Access Gateway management server Advance Device Security mapping enabling DCC policy example enforcement matrix ports...
  • Page 72 port types trunk area limitations activate DCC policy Preferred assign configuration management preferred secondary N_Port disabling cold failover remove ports definition standby CP deleting F_Ports using the porttrunkarea command failover policy trunk groups forming groups create not online trunk master online PWWN limitation...

This manual is also suitable for:

Ae370a - brocade 4gb san switch 4/12

Table of Contents