Dell Brocade 6510 Fabric OS Administrator's Guide v7.1.0
Dell Brocade 6510 Manual
 |
View all Dell Brocade 6510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Brocade 6510 manual content summary:
- Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 1
53-1002745-02 ® 25 March 2013 Fabric OS Administrator's Guide Supporting Fabric OS 7.1.0 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 2
E-mail: [email protected] Document History Title Publication number Summary of changes Date Fabric OS Administrator's Guide 53-1002745-01 Fabric OS Administrator's Guide 53-1002745-02 Added Fabric OS v7.1.0 software features and support for new hardware platforms: Brocade 5430 and 6520 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 3
the Switch Configuration File 241 Installing and Maintaining Firmware 255 Managing Virtual Fabrics 275 Administering Advanced Zoning 303 Traffic Isolation Zoning 345 Bottleneck Detection 375 In-flight Encryption and Compression 393 NPIV 419 Dynamic Fabric Provisioning: Fabric-Assigned - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 4
Appendix A Appendix B Appendix C Port Indexing 611 FIPS Support 615 Hexadecimal Conversion 627 4 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 5
database . . . 48 Clearing the management server database 49 Topology discovery 49 Displaying topology discovery status 49 Enabling topology discovery 49 Disabling topology discovery 50 Device login 51 Principal switch 51 E_Port login process 51 Fabric login process 52 Port login process - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 6
Basic Configuration Tasks Fabric OS overview 55 Fabric OS command line interface 56 Console sessions using the serial port 56 Telnet or SSH sessions 57 Getting help on a command 58 Viewing a history of command line entries 59 Password modification 61 Default account passwords 61 The switch - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 7
compatibility 96 FX8-24 compatibility notes 96 Enabling and disabling blades 96 Enabling blades 97 Disabling blades 97 Blade swapping 97 How blades are swapped 98 Swapping blades 100 Enabling and disabling switches 100 Power management 101 Powering off a port blade 102 Powering on a port - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 8
Configuring Lossless Dynamic Load Sharing 127 Lossless Dynamic Load Sharing in Virtual Fabrics 127 Enabling forward error correction (FEC 128 Limitations 128 Frame Redirection 130 Creating a frame redirect zone 130 Deleting a frame redirect zone 131 Viewing frame redirect zones 131 Managing - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 9
the boot PROM password for a switch without a recovery string 147 Setting the boot PROM password for a Backbone without a recovery string 148 Remote authentication 149 Remote Authentication Configuration 149 Setting the switch authentication mode 152 Fabric OS user accounts 152 Fabric OS users - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 10
ACL policy 198 Abandoning unsaved ACL policy changes 198 FCS policies 199 FCS policy restrictions 199 Ensuring fabric domains share policies 200 Creating an FCS policy 201 Modifying the order of FCS switches 201 FCS policy distribution 202 Device Connection Control policies 203 DCC policy - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 11
joining a switch to the fabric 229 Management interface security 231 Configuration examples 231 IP sec protocols 233 Security associations 233 Authentication and encryption algorithms 234 IP sec policies 234 IKE policies 235 Creating the tunnel 236 Example of an end-to-end transport tunnel - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 12
Logical fabric overview 281 Logical fabric and ISLs 282 Base switch and extended ISLs 283 Account management and Virtual Fabrics 286 Supported platforms for Virtual Fabrics 286 Supported port configurations in the fixed-port switches. . . .286 Supported port configurations in Brocade Backbones - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 13
broadcast zones 312 Broadcast zones and default zoning mode 312 Zone aliases 312 Creating an alias 313 Adding members to an alias 313 Removing members from an alias 314 Deleting an alias 314 Viewing an alias in the defined configuration 315 Fabric OS Administrator's Guide 13 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 14
349 Enhanced TI zones 350 Illegal configurations with enhanced TI zones 351 Traffic Isolation Zoning over FC routers 352 TI zones within an edge fabric 354 TI zones within a backbone fabric 355 Limitations of TI zones over FC routers 356 14 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 15
and recovery support on Brocade 5300 switches 379 Back-end credit loss detection and recovery support on Brocade 6520 switches 379 Enabling back-end credit loss detection and recovery . . . . . .380 Enabling bottleneck detection on a switch 380 Displaying bottleneck detection configuration - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 16
412 NPIV NPIV overview 419 Upgrade considerations 420 Fixed addressing mode 420 10-bit addressing mode 420 Configuring NPIV 421 Enabling and disabling NPIV 422 Viewing NPIV port configuration information 423 Viewing virtual PID login information 424 16 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 17
and login 438 Admin Domain member types 439 Admin Domains and switch WWNs 440 Admin Domain compatibility, availability, and merging . . . . . .442 Admin Domain management for physical fabric administrators . .442 Setting the default zoning mode for Admin Domains 443 Creating an Admin Domain - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 18
SAN management with Admin Domains 454 CLI commands in an AD context 455 Executing a command in a different AD context 455 Displaying an Admin Domain configuration 456 Switching to a different Admin Domain context 456 Admin Domain interactions with other Fabric OS features . . .457 Admin Domains - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 19
499 Restrictions for installing monitors 500 Virtual Fabrics considerations for Advanced Performance Monitoring 500 Access Gateway considerations for Advanced Performance Monitoring 501 End-to-end performance monitoring 501 Maximum number of EE monitors 501 Supported port configurations for EE - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 20
-based traffic prioritization 523 Trunking considerations before you install the Adaptive Networking license 523 Manually disabling QoS on trunked ports 524 QoS zones 525 QoS on E_Ports 526 QoS over FC routers 527 Virtual Fabrics considerations for QoS zone-based traffic prioritization 528 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 21
Enabling trunking on a port or switch 538 Disabling trunking on a port or switch 538 Displaying trunking information 539 Trunk Area and Admin Domains 540 ISL trunking over long-distance fabrics 540 EX_Port trunking 541 Masterless EX_Port trunking 542 Supported configurations and platforms for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 22
required given the distance, speed, and frame size 561 Allocating buffer credits for F_Ports 562 Monitoring buffers in a port group 562 Buffer credits switch or blade model 563 Maximum configurable distances for Extended Fabrics . . . . .564 Downgrade considerations 565 Buffer credit recovery - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 23
Fabrics 608 Upgrade and downgrade considerations for FC-FC routing . . . . . .609 How replacing port blades affects EX_Port configuration. . . .609 Displaying the range of output ports connected to xlate domains 609 Port Indexing FIPS Support FIPS overview 615 Zeroization functions 615 Power - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 24
24 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 25
99 Blade swap with Virtual Fabrics after the swap 100 Principal ISLs 112 New switch added to existing fabric 114 Virtual channels on a QoS-enabled ISL 116 Gateway link merging SANs 117 Single host and target 130 Windows 2000 VSA configuration 154 Example of a Brocade DCT file 161 Example of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 26
topology with Brocade DCX 8510-8 chassis 495 Full nine-mesh topology 496 64 Gbps ICL core-edge topology 497 Setting end-to-end monitors on a port 502 Mask positions for end-to-end monitors 504 Fabric mode Top Talker monitors on FC router do not monitor any flows . . . . 512 Fabric mode Top - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 27
topology 578 Example of setting up Speed LSAN tag 596 LSAN zone binding 599 EX_Ports in a base switch 607 Logical representation of EX_Ports in a base switch 608 Backbone-to-edge routing across base switch using FC router in legacy mode 609 Fabric OS Administrator's Guide 27 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 28
28 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 29
FCS switch operations 200 Distribution policy states 202 DCC policy states 203 DCC policy behavior with FA-PWWN when created using lockdown support . . 205 DCC policy behavior when created manually with PWWN 206 SCC policy states 206 FCAP certificate files 215 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 30
Example ISL connections 406 Number of supported NPIV devices 420 AD user types 436 Ports and devices in CLI output 455 Admin Domain interaction with Fabric OS features 457 Configuration upload and download scenarios in an AD context 460 Available Brocade licenses 464 License requirements and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 31
546 PWWN format for F_Port and N_Port trunk ports 548 Fibre Channel data frames 558 Total FC ports, ports per port group, and unreserved buffer credits per port group 563 Configurable distances for Extended Fabrics 564 LSAN information stored in FC routers, with and without LSAN zone binding - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 32
32 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 33
"Maintaining the Switch Configuration File," provides procedures for maintaining and backing up your switch configurations. • Chapter 9, "Installing and Maintaining Firmware," provides preparations and procedures for performing firmware downloads. • Chapter 10, "Managing Virtual Fabrics," describes - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 34
for use of the Brocade Extended Fabrics licensed feature. • Chapter 24, "Using FC-FC Routing to Connect Fabrics," provides information for setting up and using the FC-FC Routing Service. • The appendices provide special procedures or information for Fabric OS. Supported hardware and software In - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 35
type into account when determining which login to use. • Added section "Supported LDAP options" on page 151. • In "RADIUS configuration with Admin Domains or Virtual Fabrics" on page 155, added ChassisRole to the list of accepted keys. • In "Installing a switch certificate" on page 185, added an - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 36
the note that said the Brocade 6520 did not require a Trunking license. The Brocade 6520 does require the Trunking license. • In "Buffer credit recovery over an E_Port" on page 566, clarified that for an ISL between a device that supports 16 Gbps and a device that supports only 8 Gbps, buffer credit - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 37
this manual. They are listed below in order of increasing severity of potential hazards. NOTE A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information. ATTENTION An Attention statement indicates potential damage to hardware or data - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 38
.com and register at no cost for a user ID and password. For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through: http://www.amazon.com For additional Brocade documentation, visit the Brocade SAN Info Center and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 39
class platform, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis. For the Brocade 5424 embedded switch: Provide the license ID. Use the licenseIdShow command to display the WWN. Fabric OS Administrator's Guide 39 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 40
document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade .com Provide the title and version number of the document and as much detail - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 41
Traffic" •Chapter 5, "Managing User Accounts" •Chapter 6, "Configuring Protocols" •Chapter 7, "Configuring Security Policies" •Chapter 8, "Maintaining the Switch Configuration File" •Chapter 9, "Installing and Maintaining Firmware" •Chapter 10, "Managing Virtual Fabrics" •Chapter 11, "Administering - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 42
42 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 43
nodes or management applications in the fabric. FIGURE 1 Well-known addresses Fabric Login - The Fabric Login server assigns a fabric address to a fabric node, which allows it to communicate with services on the switch or other nodes in the fabric. The fabric address is a 24-bit address (0x000000 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 44
to activate the MS platform service for each switch in the fabric. The change takes effect immediately and is committed to the configuration database of each affected switch. MS activation is persistent across power cycles and reboots. NOTE The commands msplMgmtActivate and msplMgmtDeactivate are - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 45
may be in place. Use the following procedure to enable platform services: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msCapabilityShow command to verify that all switches in the fabric support the MS platform service; otherwise, the next step fails - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 46
the following procedure to display the management server ACL: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msConfigure command. The command becomes interactive. 3. At the "select" prompt, enter 1 to display the access list. A list of WWNs that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 47
the ACL list is empty, then the management server will be accessible to all systems connected in-band to the fabric. Use the following procedure to delete a member from the ACL: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the msConfigure command. The command - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 48
the nonvolatile memory and end the session. Example of deleting a member from the management server ACL switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 3 Port/Node WWN (in hex - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 49
all command. Example of enabling discovery switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress.... Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 50
following procedure to disable topology discovery: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the appropriate following command based on how you want to disable discovery: • For the local switch, enter the mstdDisable command. • For the entire fabric, enter - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 51
the fabric. Once storage and host devices are powered on and connected, the following logins occur: 1. FLOGI-Fabric Login command establishes a 24-bit address for the device logging in, and establishes buffer-to-buffer credits and the class of service supported. 2. PLOGI-Port Login command logs - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 52
a fabric login (FLOGI) to determine if a fabric is present. If a fabric is detected then it exchanges service parameters with the fabric controller. A successful FLOGI sends back the 24-bit address for the device in the fabric. The device must issue and successfully complete a FLOGI command before - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 53
fabric is an illegal configuration. If a PWWN conflict occurs with two devices attached to the same domain, Fabric OS handles device login in such a way that only one device may be logged in to the fabric at a time. For more information, refer to send management data to hosts when the switch is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 54
automatically restarted (Continued) Description webd Webserver daemon used for WebTools (includes httpd as well). weblinkerd Weblinker daemon provides an HTTP interface to manageability applications for switch management and fabric discovery. 54 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 55
OS overview This chapter describes how to configure your Brocade SAN using the Fabric OS command line interface (CLI). Before you can configure a storage area network (SAN), you must power up the Backbone platform or switch and blades, and then set the IP addresses of those devices. Although this - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 56
interoperating with them. The hardware reference manuals for Brocade products describe how to power up devices and set their IP addresses. After the IP address is set, you can use the CLI procedures contained in this guide. For additional information about the commands used in the procedures, refer - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 57
For instructions on performing a fast boot with Web Tools, see the Web Tools Administrator's Guide.) - If you have the required privileges, you can connect through the serial port, log in as admin, and use the killTelnet command to identify and kill the Telnet processes without disrupting the fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 58
passwords, refer to "Default account passwords" on page 61. 7. Verify the login was successful. The prompt displays the switch name and user ID to which you are connected. login: admin password: xxxxxxx Getting help on a command You can display a list of all command help topics for a given login - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 59
and firmware downloads. This command is also supported for standby CPs. The log records the following information whenever a command ins entered in the switch CLI: • Timestamp • Username • IP address of the telnet session • Options • Arguments Use the following procedure to view the CLI command log - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 60
2 Fabric OS command line interface Example cliHistory command output from admin login switch:admin> clihistory CLI history Date & Time Thu Sep 27 10:14:41 2012 Thu Sep 27 10:14:48 2012 switch:admin> Message admin, 10.70.12.101, clihistory admin, 10.70.12.101, clihistory --show cliHistory --show - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 61
following the login; the passwords cannot be changed using the passwd command later in the session. If you skip the prompt, and then later decide to change the passwords, log out and then back in. The default accounts on the switch are admin, user, root, and factory. Use the "admin" account to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 62
management access, including direct access to the Fabric OS CLI, and allows other tools, such as Web Tools, to interact with the switch. You can use either Dynamic Host Configuration Protocol (DHCP) or static IP addresses for the Ethernet network interface configuration. Brocade Backbones On Brocade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 63
is not configured already. For details, refer to "Connecting to Fabric OS through the serial port" on page 56. Virtual Fabrics and the Ethernet interface On the Brocade DCX and DCX-4S, the single-chassis IP address and subnet mask are assigned to the management Ethernet ports on the front panels of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 64
2 The switch Ethernet interface Host Name: ecp1 Gateway IP Address: 10.1.2.3 IPFC address for virtual fabric ID 123: 11.1.2.3/24 IPFC address for virtual fabric ID 45: 13.1.2.4/20 Slot 7 eth0: 11.1.2.4/24 Gateway: 11.1.2.1 Backplane IP address of CP0 : 10.0.0.5 Backplane IP address of CP1 : 10.0.0.6 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 65
for the chassis management IP interface Use the following procedure to set the chassis management IP interface static addresses: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ipAddrSet -chassis command. switch:admin> ipaddrset -chassis Ethernet - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 66
only provided for Brocade fixed-port switches. These are listed in the Preface. NOTE The Brocade DCX and Brocade DCX-4S Backbones do not support DHCP. The Fabric OS DHCP client supports the following parameters: • External Ethernet port IP addresses and subnet masks • Default gateway IP address The - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 67
can confirm that the change has been made using the ipAddrShow command. Example of disabling DHCP for IPv4 interactively: switch:admin> ipaddrset Ethernet IP Address [10.1.2.3]: Ethernet Subnetmask [255.255.255.0]: Gateway IP Address [10.1.2.1]: Fabric OS Administrator's Guide 67 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 68
: 10.20.128.1 DHCP: Off switch:admin> IPv6 autoconfiguration IPv6 can assign multiple IP addresses to each network interface. Each interface is configured with a link local address in almost all cases, but this address is only accessible from other hosts on the same network. To provide for wider - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 69
are used for logging, error detection, and troubleshooting, you must set them correctly. In a Virtual Fabric, there can be a maximum of eight logical switches per Backbone. Only the default switch in the chassis can update the hardware clock. When the date command is issued from a non-principal pre - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 70
to the switch and log in using an account assigned to the admin role and with the chassis-role permission. 2. Enter the tsTimeZone command. • Use tsTimeZone with no parameters to display the current time zone setting. • Use --interactive to list all of the time zones supported by the firmware. • Use - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 71
server value on the principal or primary FCS switch are propagated to all switches in the fabric. In a Virtual Fabric, all the switches in the fabric must have the same NTP clock server configured. This includes any Fabric OS v6.2.0 or earlier switches in the fabric. This ensures that time does not - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 72
using a DNS name switch:admin> tsclockserver "10.1.2.4;10.1.2.5;ntp.localdomain.net" Updating Clock Server configuration...done. Updated with the NTP servers Changes to the clock server value on the principal or primary FCS switch are propagated to all switches in the fabric. Domain IDs Although - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 73
The switch WWN. Enet IP Addr The switch Ethernet IP address for IPv4- and IPv6-configured switches. For IPv6 switches, only the static IP address displays. FC IP Addr The switch Fibre Channel IP address. Name The switch symbolic or user-created name in quotes. Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 74
ID Use the following procedure to set the domain ID: 1. Connect to the switch and log in on an account assigned to the admin role. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the Fabric Parameters prompt. Fabric parameters (yes, y, no - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 75
chassis names Use the following procedure to customize the chassis name: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the chassisName command. ecp:admin> chassisname newname 3. Record the new chassis name for future reference. Fabric name You can assign - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 76
procedure to enable a switch: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchEnable command. All Fibre Channel ports that passed Power On Self Test (POST) are enabled. If the switch has inter-switch links (ISLs) to a fabric, it joins the fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 77
procedure to gracefully shut down a Brocade switch. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the sysShutdown command. 3. Enter y at the prompt. switch:admin> sysshutdown This command will shutdown the operating systems on your switch. You are required - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 78
on configuring extended inter-switch connections, refer to Chapter 23, "Managing Long-Distance Fabrics". Device connection To minimize port logins, power off all devices before connecting them to the switch. When powering the devices back on, wait for each device to complete the fabric login before - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 79
and compatibility 93 •Enabling and disabling blades 96 •Blade swapping 97 •Enabling and disabling switches 100 •Power management 101 •Equipment status 102 •Track and control switch changes 104 •Audit log configuration 107 •Duplicate PWWN handling during device login 109 Port Identifiers - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 80
change unless you choose to swap the address using the portSwap command. 10-bit addressing mode The 10-bit addressing mode is the default mode for all the logical switches created in the Brocade Backbones. This addressing scheme is flexible to support a large number of F_Ports. In the regular 10-bit - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 81
mode This configurable addressing mode is available only in a logical switch on the Brocade Backbone. In this mode, only 256 ports are supported and each port receives a unique 8-bit area address. This mode can be used in FICON environments, which have strict requirements for 8-bit area FC addresses - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 82
entry is purged from the database to free up the reserved area for the new FLOGI. Virtual Fabrics considerations for WWN-based PID assignment WWN-based PID assignment is disabled by default and is supported in the default switch on the Brocade DCX and DCX 8510 Backbone families. This feature is not - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 83
binding overview 3 Use the following procedure to enable automatic PID assignment: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the configure command. 3. At the Fabric Parameters prompt, type y. 4. At the WWN Based persistent PID prompt, type y. 5. Press - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 84
switches. For example, fixed-port models identify ports only by the port number, while Backbones identify ports by slot/port notation. NOTE For detailed information about the Brocade DCX and DCX 8510 Backbone families, refer to the hardware reference manuals. 84 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 85
for host, storage, and interswitch connections. • AP blades are used for Fibre Channel Application Services and Routing Services, FCIP, Converged Enhanced Ethernet, and encryption support. NOTE On each port blade, a particular port must be represented by both slot number and port number. The Brocade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 86
to specify a port name. For Backbones, specify the slot number where the blade is installed. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the portName command. Example of naming port 0 ecp:admin> portname 1/0 trunk1 86 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 87
introduction of 48-port blades, indexing was introduced. Unique area IDs are possible for up to 255 areas, but beyond that there needed to be some way to ensure uniqueness. A number of fabric-wide databases supported by Fabric OS (including ZoneDB, the ACL DDC, and Admin Domain) allow a port to be - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 88
and applied any time an 8G device logs in. Upgrades from prior releases which supported only modes 0 and 1 will not change the existing setting, but switches reset to factory defaults with Fabric OS v6.3.1 or later will be configured to Mode 0 by default. The default setting on new units may - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 89
will be segmented from the fabric and all traffic flowing between it and the fabric will be lost. Enabling a port Use the following procedure to enable a port: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the appropriate command based on the current state - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 90
on the other end of the E_Port must both be running Fabric OS 7.0.0 or later. • Port decommissioning is not supported on links configured for encryption or compression. • Port decommissioning is not supported on ports with DWDM, CWDM, or TDM. • Port decommissioning requires that the lossless feature - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 91
be subject to Virtual Fabric or Admin Domain restrictions. Refer to the Fabric OS Command Reference for details. Use the following procedure to set the mode of a port: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the ifModeSet command. Example of setting the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 92
(yes, y, no, n): [no] y Committing configuration...done. switch:admin> NOTE The caution shown in the first example is not displayed when the command is entered using the serial console port Setting port speeds Use the following procedure to set port speeds: 1. Connect to the switch and log in using - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 93
and compatibility 3 Setting port speed for a port octet You can use the portCfgOctetSpeedCombo command to configure the speed for a port octet. Be aware that in a Virtual Fabrics environment, this command applies chassis-wide and not just to the logical switch. Use the following procedure to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 94
port blade supporting 2, 4, 8, 10, and 16 Gbps port speeds. NOTE: 10 Gbps speed for FC16-xx blades requires the 10G license. Ports are numbered from 0 through 23 from bottom to top on the left set of ports and 24 through 47 from bottom to top on the right set of ports. 68 Yes Yes 16 FC Brocade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 95
firmware in your Backbone, refer to Chapter 9, "Installing and Maintaining Firmware". Core blades Core blades provide intra-chassis switching and ICL connectivity, between DCX/DCX-4S platforms and between DCX 8510 platforms. • Brocade DCX supports two CORE8 core blades. • Brocade DCX-4S supports - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 96
with the FCOE10-24 blade. Enabling and disabling blades Port blades are enabled by default. In some cases, you will need to disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the port blade to be disabled - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 97
command with the slot number of the port blade you want to enable. ecp:admin> bladeenable 3 Slot 3 is being enabled FC8-48, FC8-48E, FC8-64, and FC16-48 port blade enabling exceptions Because the area IDs are shared with different port IDs, the FC8-48, FC8-48E, FC8-64, and FC16-48 blades support - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 98
be of compatible technology types (for example, Fibre Channel to Fibre Channel, Ethernet to Ethernet, application to application, and so on). • Port count. Both blades must support the same number of front ports (for example, 16 ports to 16 ports, 32 ports to 32 ports, 48 ports to 48 ports, and so - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 99
in the associated logical switch or logical fabric of the source ports. FIGURE 3 Blade swap with Virtual Fabrics during the swap 4. Port swapping The swap ports action is effectively an iteration of the portSwap command for each port on the source blade to each corresponding port on the destination - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 100
with admin permissions. 2. Enter the command switchCfgPersistentDisable --setdisablestate. This sets the switch to the disabled state without actually disabling it. However, on reset, the switch will be in a disabled state, and will need to be enabled. 100 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 101
status of the switch to 'disabled'. switchCfgPersistentDisable --help: Displays the command usage. Power management All blades are powered on by default when the switch chassis is powered on. Blades cannot be powered off when POST or AP initialization is in progress. To manage power and ensure that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 102
up and running, then physical removal or powering off the chassis is required. Powering off a port blade Use the following procedure to power off a port blade: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the slotPowerOff command with the slot number of the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 103
switch power supplies. Refer to the hardware reference manual of your system to determine the appropriate values. 6. Enter the slotShow -m command to display the inventory and the current status of each slot in the system. Example of the slot information displayed for a DCX chassis DCX:FID128:admin - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 104
connected. 3. Optional: Enter the nsShow command to verify devices, hosts, and storage have successfully registered with the name server. 4. Enter the nsAllShow command to display the 24-bit Fibre Channel addresses of all devices in the fabric. switch:admin> nsallshow { 010e00 012fe8 012fef 030500 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 105
parameters, see the Fabric Watch Administrator's Guide. Use the following procedure to view the switch status policy threshold values: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchStatusPolicyShow command. Whenever there is a switch change, an - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 106
command to view your current switch status policy configuration. Example output from a switch The following example displays what is typically seen from a Brocade switch, but the quantity and types vary by platform. switch:admin Number of ports: 48 Note that the Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 107
When managing SANs you may want to audit certain classes of events to ensure that you can view and generate an audit log for what is happening on a switch, particularly for security-related event changes. These events include login failures, zone configuration changes, firmware downloads, and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 108
Diagnostics Guide. NOTE If an AUDIT message is logged from the CLI, any environment variables will be initialized with proper values for login, interface, IP and other session information. Refer to the Fabric OS Message Reference for more information. Verifying host syslog prior to configuring the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 109
, admin/NONE/10.3.220.13/None/CLI, None/ras007/FID 128, , Event: login, Status: failed, Info: Failed login attempt via REMOTE, IP Addr: 10.3.220.13. Duplicate PWWN handling during device login If a device attempts to log in with the same PWWN as another device on the switch, you can configure - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 110
procedure to set the behavior for handling duplicate PWWNs: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the F_Port login parameters prompt. F-Port login - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 111
switch to switch and from storage to server along one or more paths that make up a route. Routing policies determine the path for each frame of data. Before the fabric can begin routing traffic, it must discover the route a packet should take to reach the intended destination. Route tables are lists - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 112
ISL. Only one ISL from each switch is used as the principal ISL. Figure 5 shows the thick red lines as principal ISLs, and thin green lines as regular ISLs. FIGURE 5 Principal ISLs NOTE FSPF only supports 16 routes in a zone, including Traffic Isolation Zones. 112 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 113
ports be identified by a unique port identifier (PID). In a single fabric, FC protocol guarantees that domain IDs are unique, and so a PID formed by a domain ID and area ID is unique within a fabric. However, the domain IDs and PIDs in one fabric may be duplicated within another fabric, just as IP - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 114
fabric services, such as management server, must match. If the fabric service is enabled in the fabric, then the switch you are introducing into the fabric must also have it enabled. If you experience a segmented fabric, refer to the Fabric OS Troubleshooting and Diagnostics Guide to fix the problem - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 115
and configuration. This determines the maximum number of frames the port can transmit before receiving an acknowledgement from the receiving device. For more information on how to set the buffer-to-buffer credits on an extended link, refer to Chapter 23, "Managing Long-Distance Fabrics". Congestions - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 116
4 Inter-switch links FIGURE 7 Virtual channels on a QoS-enabled ISL 116 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 117
format, as described in "Configuring a link through a gateway" on page 118. • The switches connected to both sides of the gateway are included when determining switch-count maximums. • Extended links (those created using the Extended Fabrics licensed feature) are not supported through gateway links - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 118
switch at the other end of the gateway. Example of enabling a gateway link on slot 2, port 3 ecp:admin> portcfgislmode 2/3, 1 Committing configuration...done. ISL R_RDY Mode is enabled for port 3. Please make sure the PID formats are consistent across the entire fabric. Routing policies By default - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 119
by the supported policies for the switch. Example of the output from the aptPolicy command In the following example, the current policy is exchange-based routing (3) with the additional AP dedicated link policy. switch:admin> aptpolicy Current Policy: 3 3 : Default Policy 1: Port Based Routing - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 120
communication paths between end devices in a fabric to egress ports in ratios proportional to the potential bandwidth of the ISL, ICL, or supported in FICON environments only. AP route policies Two additional AP policies are supported under exchange-based routing: • AP Shared Link policy (default - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 121
routing policy Use the following procedure to set the routing policy: 1. Connect to the VF switch and log in as admin. 2. Enter the setcontext command for the correct Fabric ID or switch name. - The fabricID parameter is the FID of the logical switch you just created. - The switchname parameter is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 122
procedure. 3. Enter the dlsSet command to enable DLS or enter the dlsReset command to disable it. Example of setting and resetting DLS switch:admin> dlsshow DLS is not set switch:admin> dlsset switch:admin> dlsshow DLS is set switch:admin> dlsreset switch:admin> dlsshow DLS is not set 122 Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 123
of-order frame delivery across topology changes Use the following procedure to restore out-of-order frame delivery across topology changes: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the iodReset command. Fabric OS Administrator's Guide 123 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 124
frames should be a back-end port. To filter by TX port or RX port, you issue a command like: framelog --show -txport [/] or framelog --show -rxport [/] or framelog --show -txport [/] -rxport [/] 124 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 125
DCX-4S Backbones On the Brocade 7800 switch and the FX8-24 application blade, Lossless DLS is supported only on FC-to-FC port flows. ATTENTION When you implement Lossless DLS, the switches in the fabric must have either Fabric OS v6.3.0 or Fabric OS v6.4.0 or later installed to guarantee no frame - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 126
core works with the default configuration of the Brocade DCX 8510-8 and DCX 8510-4 hardware to prevent frame loss during a core blade removal and insertion. This feature is on by default and cannot be disabled. Lossless core has the following limitations: • Only supported with IOD disabled, which - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 127
18 blades do not support this feature. Configuring Lossless Dynamic Load Sharing You configure Lossless DLS switch- or chassis-wide by using the dlsSet command to specify that no frames are dropped while rebalancing or rerouting traffic. Use the following procedure to configure Lossless Dynamic Load - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 128
, trunking, and BB_Credit recovery. Limitations The following are limitations of this feature: • FEC is configurable only on 16 Gbps-capable switches (Brocade 6505, 6510, 6520, and the Brocade DCX 8510 Backbone family). • FEC is supported only on 1860 and 1867 Fabric Adapter ports operating in HBA - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 129
as required. switch:admin> portcfglongdistance [slot/]port,[other parameters] See Chapter 23, "Managing Long-Distance Fabrics" for more details on working with long distance ports. Viewing current FEC settings Use portCfgFec --show to display the current FEC configuration - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 130
to all other Fabric OS switches in the fabric that support Frame Redirection. Redirection zones exist only in the defined configuration and cannot be added to the effective configuration. NOTE Fabric OS v7.1.0 is not supported on the Brocade 7600 or Brocade SAS blade. However, this hardware can run - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 131
Viewing frame redirect zones Use the following procedure to view frame redirect zones: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command. Fabric OS Administrator's Guide 131 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 132
4 Frame Redirection 132 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 133
•Local user account database distribution 140 •Password policies 141 •The boot PROM password 145 •Remote authentication 149 User accounts overview In addition to the default permissions assigned to the roles of root, factory, admin, and user, Fabric OS supports up to 252 additional user accounts - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 134
that are configured when user-defined roles are created. The chassis role is similar to a switch-level role, except that it affects a different subset of commands. You can use the userConfig command to add this permission to a user account. Table 12 outlines the Fabric OS predefined (default) roles - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 135
access to the RBAC Class 'authentication' are: Role name --------Admin Factory Root Security Admin Permission ---------- OM OM OM OM You can also use the classConfig --showcli command to show the permissions that apply to a specific command. Fabric OS Administrator's Guide 135 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 136
Admin 2 BasicSwitchAdmin 4 FabricAdmin 4 Operator 4 SecurityAdmin 4 SwitchAdmin 4 User 4 ZoneAdmin 4 Managing user-defined roles Fabric OS provides an extensive toolset for managing user-defined roles: • The roleConfig command is available for defining new roles, deleting created - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 137
commands: > classConfig --showroles security Roles that have access to RBAC Class 'security' are: Role Name --------User Admin Factory Root with the -c option to create a new user account and default administrative and user accounts, Fabric OS supports up to 252 user-defined accounts in each switch - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 138
-switch user database. The password for all default accounts should be changed during the initial installation and configuration of each switch. TABLE 15 Default local user accounts Account name Role Admin Domain Logical Fabric Description admin factory root user Admin AD0-255 home: 0 Factory - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 139
password. • You cannot change passwords by using SNMP. Changing the password for the current login account 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the passwd command. 3. Enter the requested information at the prompts. Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 140
admin permissions. 2. Enter the distribute -p PWD -d command. NOTE If Virtual Fabrics mode is enabled and there are logical switches defined other than the default logical switch, then distributing the password database to switches is not supported. Distributing the password database to switches - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 141
also be manually distributed across the fabric (see "Local user account database distribution" on page 140). A list of the configurable password policies follows. • Password strength • Password history • Password expiration • Account lockout All password policies are enforced during logins to the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 142
that are disallowed when setting a new password. Allowable password history values range between 0 and 24. If the value is set to 0, it means that the new password cannot be set to the current password, but can be set to the most recent password. The default value is 1, which means the current - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 143
. Use the following attributes to the passwdCfg command to set the password expiration policy: • MinPasswordAge Specifies the minimum number of days that must elapse before a user can change a password. MinPasswordAge values range from 0 through 999. The default value is zero. Setting this parameter - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 144
has been reached. Subsequent failed login attempts do not extend the lockout period. Enabling the admin lockout policy 1. Log in to the switch using an account that has admin or securityAdmin permissions. 2. Enter the passwdCfg --enableadminlockout command. Unlocking an account 1. Log in - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 145
PROM password for a switch with a recovery string This procedure applies to the following switch models: Brocade 300, 5410, 5424, 5450, 5460, 5470, 5480, 5100, 5300, 6505, 6510, 6520, 7800, 8000, and 8510 switches, as well as the Brocade Encryption Switch and VA-40FC. If your switch is not listed - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 146
is automatically saved. 7. Reboot the switch by typing the reset command at the prompt. Setting the boot PROM password for a Backbone with a recovery string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 Backbones. The boot PROM and recovery passwords must be set for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 147
a switch without a recovery string This procedure applies to the fixed-port switch models. The password recovery instructions provided within this section are only for the switches listed in the Preface. If your switch is not listed, contact your switch support provider for instructions. 1. Create - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 148
are not recorded). Record this password for future use. 7. Enter the saveEnv command to save the new password. 8. Reboot the switch by entering the reset command. Setting the boot PROM password for a Backbone without a recovery string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 149
CP blade over a serial or Telnet connection and enter the haEnable command to restore high availability. NOTE To recover lost passwords refer to the Fabric OS Troubleshooting and Diagnostics Guide. Remote authentication Fabric OS supports user authentication through the local user database or one of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 150
not respond because of a power failure or network problems, the switch uses local authentication. Consider the effects of the use of a remote authentication service on other Fabric OS features. For example, when a remote authentication service is enabled, all account passwords must be managed on the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 151
"ldap" Default setting. Authenticates management Off On connections against the local database only. If the password does not match or the user is not defined, the login fails. Authenticates management connections On Off against any RADIUS databases only. If the RADIUS service is not - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 152
by the account names created on a Fabric OS switch. With each account name, assign the appropriate switch access permissions. For LDAP servers, you can use the ldapCfg --maprole ldap_role name switch_role command to map LDAP server permissions. 152 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 153
Virtual Fabric member list. For more information on Admin Domains or Virtual Fabrics, see "RADIUS configuration with Admin Domains or Virtual Fabrics" on page 155. Brocade-AVPairs1 3 Brocade-AVPairs2 4 Brocade-AVPairs3 5 Brocade-AVPairs4 6 Brocade Password ExpiryDate 7 Brocade Password - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 154
. For example, to grant the user jsmith admin permissions, you would add the following statement to the configuration file: swladmin Auth-Type := Local, User-Password == "myPassword" Brocade-Auth-Role = "admin", Brocade-AVPairs1 = "HomeLF=70", 154 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 155
-Passwd-ExpiryDate = "11/10/2011", Brocade-Passwd-WarnPeriod = "30" RADIUS configuration with Admin Domains or Virtual Fabrics When configuring users with Admin Domains or Virtual Fabrics, you must also include the Admin Domain or Virtual Fabric member list. This section describes the way that you - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 156
names created on a Fabric OS switch. Along with each account name, the administrator must assign appropriate switch access permissions. To manage a fabric, one can set these permissions to user, admin, and securityAdmin. Configuring RADIUS server support with Linux The following procedures work - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 157
"johnPassword", Brocade-Auth-Role = "admin", Brocade-Passwd-ExpiryDate = "05/28/08", Brocade-Passwd-WarnPeriod = "30" Example of using the local system password to authenticate users The next example uses the local system password file to authenticate users. Fabric OS Administrator's Guide 157 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 158
is to force the Brocade switch to authenticate using password authentication protocol (PAP); this requires the -a pap option with the aaaConfig command. Enabling clients Clients are the switches that will use the RADIUS server; each client must be defined. By default, all IP addresses are blocked - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 159
switch role. For example, you should configure a user group for root, admin, factory, switchAdmin, and user, and then add any users whose logins you want to associate to the appropriate group. 4. Configuring the server For more information and instructions on configuring the server, refer to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 160
Authentication Service window, add additional policies for all Brocade login types for which you want to use the RADIUS server. After this is done, you can configure the switch. NOTE Windows 2008 RADIUS (NPS) support is also available. RSA RADIUS server Traditional password-based authentication - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 161
=+2 data=%s%] ATTRIBUTE Brocade-Auth-Role ATTRIBUTE Brocade-Passwd-ExpiryDate ATTRIBUTE Brocade-Passwd-WarnPeriod Brocade-VSA(1,string) r Brocade-VSA(6,string) r Brocade-VSA(7,integer) r brocade.dct -- Brocade Dictionary FIGURE 11 Example of a Brocade DCT file Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 162
the Add Return List Attribute, select Brocade-Auth-Role and type the string Admin. The string will equal the role on the switch. e. Add the Brocade profile. f. In RSA Authentication Manager, edit the user records that will be authenticating using RSA SecurID. LDAP configuration and Microsoft Active - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 163
and installing CA certificates on a Windows server. 2. Create a user in Microsoft Active Directory server. For instructions on how to create a user, refer to www.microsoft.com or Microsoft documentation to create a user in your Active Directory. 3. Create a group name that uses the switch's role - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 164
have a user-defined group, then use the ldapCfg --maprole ldap_role_name switch_role command to map an LDAP server permissions to one of the default roles available on a switch. Adding an Admin Domain or Virtual Fabric list 1. From the Windows Start menu, select Programs> Administrative Tools> ADSI - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 165
Directory service in conjunction with LDAP on the switch. This section discusses authentication and authorization using OpenLDAP. For information about authentication and authorization using Microsoft Active Directory, refer to "LDAP configuration and Microsoft Active Directory" on page 162. Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 166
command to map LDAP server permissions to one of the default roles available on a switch. For more information on RBAC roles, see "Role-Based Access Control" on page 134. OpenLDAP server configuration overview For complete details about how to install and configure an OpenLDAP server, refer - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 167
cn: Manager description: Directory Manager 2. Enter the ldapadd command to add the contents of the .ldif file to the Directory, where test.ldif is the file you created in step 1. > ldapadd -D cn=Manager,dc=mybrocade,dc=com -x -w secret -f test.ldif Fabric OS Administrator's Guide 167 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 168
permission #Add members for admin group member: cn=sachin,cn=Users,dc=mybrocade,dc=com Assigning the LDAP role to a switch role Use the ldapCfg --maprole ldap_role_name switch_role command to map LDAP server permissions to one of the default roles available on a switch. Modifying an entry To modify - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 169
replace: uid uid: test 2. Enter the following ldapmodify command, where test3.ldif is the name of the file you edited in step 1. > ldapmodify -D cn=admin,dc=mybrocade,dc=com -x -w secret -f test3.ldif The value of the uid attribute is changed to "test". Adding an Admin Domain or Virtual Fabric list - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 170
a range. • The ChassisRole field designates the permissions that apply to the ChassisRole subset of commands. Example for adding Virtual Fabrics In the following example, the logical switch that would be logged into by default is 10. If 10 is not available then the lowest FID available will be - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 171
user and, if Admin Domains or Virtual Fabrics are in use, provide lists of Admin Domains or Virtual Fabrics to which the user should have access. For details, refer to "The tac_plus.cfg file" on page 172. On the Brocade switch, use the aaaConfig command to configure the switch to use TACACS+ for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 172
+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the following steps. 1. Download the TACACS+ software from http://www.cisco.com and install it. Refer to the Cisco documentation for installation instructions. 2. Configure the TACACS+ server by editing the tac_plus - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 173
clear "password" password = clear "password" service = shell { set brcd-role = securityAdmin set brcd-AV-Pair1 = "homeAD=255;ADList=1,2,3"; set brcd-AV-Pair2 = "ADList=200-255"; } } Configuring Virtual Fabric lists If your network uses Virtual Fabrics, you should create Virtual Fabric lists for each - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 174
-based configuration data. On platforms containing multiple switch instances, the configuration applies to all instances. The configuration is persistent across reboots and firmware downloads. On a chassis-based system, the command must replicate the configuration to the standby CP. Multiple login - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 175
servers are contacted for service 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aaaConfig --move command. When the command succeeds, the event log indicates that a server configuration is changed. Fabric OS Administrator's Guide 175 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 176
in to the default switch accounts (admin and user) or any user-defined account. You must know the passwords of these accounts. When the aaaConfig command succeeds, the event log indicates that local database authentication is disabled or enabled. 176 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 177
computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. Configuration upload and download support the use of SCP. Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 178
client No requirement on host side except a browser that supports HTTPS SSH daemon, SCP server None None Switch IP certificate for SSL None None The security protocols are designed with the four main use cases described in Table 23. TABLE 23 Fabric Main security scenarios Management interfaces - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 179
Secure Shell protocol 6 Setting up SCP for configuration uploads and downloads Use the following procedure to configure SCP for configuration uploads and downloads. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the configure command. 3. Enter y or yes at the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 180
commands, or performing firmware download. Both password and public key authentication can coexist on the switch. Allowed-user For outgoing authentication, the default admin user must set up the allowed-user with admin permissions. By default, the admin is the configured allowed-user. While creating - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 181
a command remotely using SSH. Configuring outgoing SSH authentication After the allowed-user is configured, the remaining setup steps must be completed by the allowed-user. Use the following procedure to configure outgoing SSH authentication: 1. Log in to the switch as the default admin. 2. Change - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 182
on IP filter policies, refer to Chapter 7, "Configuring Security Policies". Secure Sockets Layer protocol Secure Sockets Layer (SSL) protocol provides secure access to a fabric through web-based management tools such as Web Tools. SSL support is a standard Fabric OS feature. Switches configured for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 183
more details on levels of browser and Java support, refer to the Web Tools Administrator's Guide. SSL configuration overview You configure SSL access for a switch by obtaining, installing, and activating digital certificates. Certificates are required on all switches that are to be accessed through - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 184
), you can select it; otherwise, select FTP. Enter the IP address of the switch on which you generated the CSR. Enter the remote directory name of the FTP server to which the CSR is to be sent. Enter your account name and password on the server. 184 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 185
note of the path name and make sure you have a login name and password on the server. Installing a switch certificate Use the following procedure to install a security certificate on a switch. NOTE You must perform this procedure on each switch. Fabric OS Administrator's Guide 185 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 186
. 2. Enter the secCertUtil import command. 3. Select a protocol, enter the IP address of the host on which the switch certificate is saved, and enter your login name and password. Example of installing a switch certificate in interactive mode switch:admin> seccertutil import -config swcert - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 187
and follow the instructions to import the certificate. Root certificates for the Java plugin For information on Java requirements, refer to "Browser and Java support" on page 182. This procedure is a guide for installing a root certificate to the Java plugin on the management workstation. If the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 188
using the Fabric OS command line interface (CLI), Web Tools, or Brocade Network Advisor. The SNMP access control list (ACL) provides a way for the administrator to restrict SNMP get, set, trap, and inform operations to certain hosts and IP addresses. This is used for enhanced management security in - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 189
the VF:xxx field is used in the snmpwalk command. This command is executed on the host and it walks the entire MIB tree specified (.1). switch# snmpwalk -u admin -v 3 -n VF:4 10.168.176.181.1 Filtering ports Each port can belong to only one Virtual Fabric at any time. An SNMP request coming to one - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 190
lose all IP access to the switch, including Telnet, SSH, and management ports. Use the following procedure to block Telnet access. 1. Connect to the switch and log in using an account with admin permissions. 2. Clone the default policy by typing the ipFilter --clone command. switch:admin> ipfilter - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 191
permit permit permit permit permit permit permit permit Unblocking Telnet Use the following procedure to unblock Telnet access. 1. Connect to the switch through a serial port or SSH and log in as admin. 2. Enter the ipfilter --delete command. Fabric OS Administrator's Guide 191 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 192
FC-FC Routing Service, be aware that the secModeEnable command is not supported. Table 26 lists the defaults for accessing hosts, devices, switches, and zones. TABLE 26 Access defaults Access default Hosts Any host can access the fabric by SNMP. Any host can Telnet to any switch in the fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 193
UDP NTP 161 UDP SNMP Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. 443 TCP HTTPS Use the ipfilter command to block the port. 512 TCP exec 513 TCP login 514 TCP shell 897 TCP This port is used by the Platform API. Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 194
6 Ports and applications used by switches 194 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 195
policy management 196 •FCS policies 199 •Device Connection Control policies 203 •SCC Policies 206 •Authentication policy for fabric elements 207 •IP Filter policy 217 •Policy database distribution 224 •Management interface security 231 ACL policies overview Each supported Access Control List - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 196
from occurring. Each logical switch will have its own access control list. The FCS, SCC and DCC policies in Secure Fabric OS are not interchangeable with Fabric OS FCS, SCC and DCC policies. Uploading and saving a copy of the Fabric OS configuration after creating policies is strongly recommended - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 197
, policies created in the same login session also appear but these policies are automatically deleted if the you log out without saving them. 1. Connect to the switch and log in using an account with admin permissions, or an account with O permission for the Security RBAC class of commands. 2. Type - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 198
activated, the aspect of the fabric managed by that policy is enforced. 1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the Security RBAC class of commands. 2. Enter the secPolicyRemove command. 3. To implement the change immediately - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 199
FCS policy is not present by default, but must be created. When the FCS policy is created, the WWN of the local switch is automatically included in the FCS list. Additional switches can be included in the FCS list. The first switch in the list becomes the Primary FCS switch. Switches in the fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 200
OS Command Reference, Supporting Fabric OS, v7.1.0. Ensuring fabric domains share policies Whether your intention is to create new FCS policies or manage your current FCS policies, you must follow certain steps to ensure the domains throughout your fabric have the same policy. The local-switch WWN - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 201
not be able to perform any fabric-wide configurations from the primary FCS. Modifying the order of FCS switches 1. Log in to the Primary FCS switch using an account with admin permissions, or an account with OM permissions for the Security RBAC class of commands. 2. Type secPolicyShow "Defined - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 202
the Primary FCS switch. FCS policy configuration and management is performed using the command line or a manageability interface. Only the Primary FCS switch is allowed to distribute the database. The FCS policy can be manually distributed across the fabric using the distribute -p command. Since - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 203
they are created. For information regarding DCC policies and F_Port trunking, refer to the Access Gateway Administrator's Guide. Each device port can be bound to one or more switch ports; the same device ports and switch ports may be listed in multiple DCC policies. After a switch port is specified - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 204
, ports 1 through 4 of switch domain 4, and all devices currently connected to ports 1 through 4 of switch domain 4: switch:admin> secpolicycreate "DCC_POLICY_example", "44:55:66:77:22:33:44:dd;33:44:55:66:77:11:22:cc;4[1-4]" DCC_POLICY_example has been created 204 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 205
to log in on a different NPIV port. Table 33 lists the behavior of the DCC policy with FA-PWWNs in the fabric when the DCC policy is created using lockdown support. TABLE 33 DCC policy behavior with FA-PWWN when created using lockdown support Configuration WWN seen on Behavior when DCC policy - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 206
on the extended ISL. The following changes: • A logical switch supports an SCC policy. You can configure and distribute an SCC policy on a logical switch. • SCC enforcement is performed on a ISL based on the SCC policy present on the logical switch. For more information on Virtual Fabrics, refer to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 207
authentication defaults to DH-CHAP if both switches are configured to accept the DH-CHAP protocol in authentication. To use FCAP on both switches, PKI certificates have to be installed. NOTE The fabric authentication feature is available in base Fabric OS. No license is required. FCAP requires the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 208
to activate authentication. The AUTH policy is distributed by command; automatic distribution of the AUTH policy is not supported. The default configuration directs the switch to attempt FCAP authentication first, DH-CHAP second. The switch may be configured to negotiate FCAP, DH-CHAP, or both. The - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 209
you execute the authUtil --authinit command on logical-ISLs, "Failed to initiate authentication. Authentication is not supported on logical ports ". For more information on Virtual Fabrics, refer to Chapter 10, "Managing Virtual Fabrics". Configuring E_Port authentication 1. Connect to the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 210
to HBAs. For more information, refer to the Access Gateway Administrator's Guide, Supporting Fabric OS v7.1.0 By default the devicepolicy is in the OFF state, which means the switch clears the security bit in the FLOGI (fabric login). The authUtil command provides an option to change the device - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 211
loop • NPIV devices • FICON channels • Configupload and download will not be supported for the following AUTH attributes: auth type, hash type, group type. NOTE For information about how to use authentication with Access Gateway, refer to the Access Gateway Administrator's Guide Supporting Fabric OS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 212
command specifying fcap, dhchap, or all. Example of setting the DH-CHAP authentication protocol switch:admin> authutil --set -a dhchap Authentication is set to dhchap. When using DH-CHAP, make sure that you configure the switches at both ends . 212 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 213
for fabric elements 7 Secret key pairs for DH-CHAP When you configure the switches at both ends of a link to use DH-CHAP for authentication, you must also define a secret key pair-one for each end of the link. Use the secAuthSecret command to perform the following tasks: • View the WWN of switches - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 214
: Enter WWN, Domain, or switch name (Leave blank when done): Are you done? (yes, y, no, n): [no] y Saving data to key store... Done. 3. Disable and enable the ports on a peer switch using the portDisable and portEnable commands. 214 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 215
command on the local switch. switch:admin> seccertutil generate -fcapall -keysize 1024 WARNING!!! About to create FCAP: ARE YOU SURE (yes, y, no, n): [no] y Installing Private Key and Csr... Switch key pair and CSR generated... 3. Repeat step 2 on the remote switch. Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 216
PKI RBAC class of commands. 2. Enter the secCertUtil export -fcapswcsr command. switch:admin> seccertutil export -fcapswcsr Select protocol [ftp or scp]: scp Enter IP address: 10.1.2.3 Enter remote directory: /myHome/jdoe/OPENSSL Enter Login Name: jdoe [email protected]'s password: Success - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 217
policy using the distribute command and whether the switch may initiate distribution of the policy. To set the local switch configuration parameter, refer to "Policy database distribution" on page 224. NOTE This is not supported for Access Gateway mode. IP Filter policy The IP Filter policy is a set - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 218
. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM permissions for the IPfilter RBAC class of commands. 2. Enter in the ipFilter --create command. Cloning an IP Filter policy You can create an IP Filter policy as an exact - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 219
policy continues to remain in the defined configuration. The policy to be activated replaces the existing active policy of the same type. Activating the default IP Filter policies returns the IP management interface to its default state. An IP Filter policy without any rule cannot be activated - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 220
numbers are used by clients. For an IP Filter policy rule, you can only select port numbers in the well-known port number range, between 0 and 1023, inclusive. This means that you have the ability to control how to expose the management services hosted on a switch, but not the ability to affect the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 221
Filter policy 7 TABLE 37 Supported services (Continued) Service name Port number bootps 67 bootpc 68 tftp 69 http 80 kerberos 88 hostnames 101 sunrpc 111 sftp 115 ntp 123 snmp 161 snmp trap 162 https 443 ssmtp 465 exec 512 login 513 shell 514 uucp 540 biff 512 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 222
A switch with Fabric OS v6.2.0 or later will have a default IP Filter policy for IPv4 and IPv6. The default IP Filter policy cannot be deleted or changed. When an alternative IP Filter policy is activated, the default IP Filter policy becomes deactivated. Table 39 lists the rules of the default IP - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 223
. Aborting an IP Filter transaction A transaction is associated with a command line or manageability session. It is opened implicitly when the --create, --addrule, --delrule, --clone, and --delete subcommands are run. The --transabort, --save, or --activate subcommands explicitly end the transaction - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 224
can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the IPFilter policy, see "Distributing the local ACL policies" on page 227 for instructions. Switches with Fabric OS v6.2.0 or later have the ability to accept or deny IP Filter policy - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 225
set, then the policies are managed on a per switch basis. For configuration instructions, see "Fabric-wide enforcement" on page 227. Virtual Fabric considerations: Fabric-wide consistency policies are configured on a per logical switch-basis and are applied to the fabrics connected to the logical - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 226
--showall command. Example shows the database distribution settings switch:admin> fddcfg --showall Local Switch Configuration for all Databases:- DATABASE - Accept/Reject SCC - accept DCC - accept PWD - accept FCS - accept AUTH - accept IPFILTER - accept Fabric Wide Consistency - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 227
three) to the other switches in the fabric. NOTE FC routers cannot join a fabric with a strict fabric-wide consistency policy. FC routers do not support the fabric-wide consistency policies. Table 42 describes the fabric-wide consistency settings. Fabric OS Administrator's Guide 227 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 228
Enter the fddCfg --showall command. Example shows policies for a fabric where no consistency policy is defined. switch:admin> fddcfg --showall Local Switch Configuration for all Databases:- DATABASE - Accept/Reject SCC - accept DCC - accept PWD - accept FCS - accept AUTH - accept - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 229
DCC, or FCS fabric-wide consistency policy. Use ACL policy commands to delete the conflicting ACL policy from one side to resolve ACL policy conflict. If neither the fabric nor the joining switch is configured with a fabric-wide consistency policy, there are no ACL merge checks required. Under both - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 230
/Absent SCC;DCC DCC SCC;DCC SCC DCC SCC Error message logged. Run fddCfg --fabwideset "policy_ID" from any switch with the desired configuration to fix the conflict. The secPolicyActivate command is blocked until conflict is resolved. 230 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 231
security You can secure an Ethernet management interface between two Brocade switches or Backbones by implementing IP sec and IKE policies to create a tunnel that protects traffic flows. While the tunnel must have a Brocade switch or Backbone at each end, there may be routers, gateways, and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 232
by a corporate firewall against Internet-based attacks. In either case, the protected endpoint will want an IP address associated with the security gateway so that packets returned to it will go to the security gateway and be tunneled back. 232 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 233
on a protected network. A combination of the two is referred to as a RoadWarrior configuration where a host on the Internet requires access to a network through a security gateway that is protecting the network. IP sec protocols IP sec ensures confidentiality, integrity, and authentication using the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 234
cannot modify an SA once it is created. Use the IP secConfig --flush manual-sa command to remove all SA entries from the kernel SADB and re-create the SA. For more information on the IP secConfig command, refer to the Fabric OS Command Reference. IP sec proposal The IP sec sa-proposal defines an SA - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 235
, or a certificate-based method, such as RSA signatures. Key management The IP sec key management supports Internet Key Exchange or Manual key/SA entry. The Internet Key Exchange (IKE) protocol handles key management automatically. SAs require keying material for authentication and encryption. The - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 236
chassis role and having OM permissions for the IP sec RBAC class of commands. b. Enter the IP secConfig --enable command to enable IP sec on the switch. 4. Create an IP sec SA policy on each side of the tunnel using the IP secConfig --add command. 236 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 237
the IP secConfig --add command. Example of creating an IP sec proposal This example creates an IP sec proposal IP sec-AH to use AH01 as SA. switch:admin> IP secconfig --add policy ips sa-proposal -t IP sec-AH -sa AH01 6. Import the pre-shared key file. Refer to Chapter 6, "Configuring Protocols - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 238
7 Management interface security 10. Verify traffic is protected. a. Initiate a telnet, SSH, or ping session from the two switches. b. Verify that IP traffic is encapsulated. c. Monitor IP sec SAs created using IKE for above traffic flow • Use the IP secConfig --show manual-sa -a command with the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 239
TRANSFORM01 10. Verify the IP sec SAs created with IKE using the IP secConfig --show manual-sa -a command. 11. Perform the equivalent steps on the remote peer to complete the IP sec configuration. Refer to your server administration guide for instructions. 12. Generate IP traffic and verify that it - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 240
the IP secConfig --flush manual-sa command with the specified operands to flush the created SAs in the kernel SADB. CAUTION Flushing SAs requires IP sec to be disabled and re-enabled. This operation is disruptive to traffic using the tunnel. Notes • As of Fabric OS 7.0.0, IP sec no longer supports - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 241
file uploads and downloads, refer to the Fabric OS Troubleshooting and Diagnostics Guide. There are two ways to view configuration settings for a switch in a Brocade fabric: • Issue the configShow -all command. To display configuration settings, connect to the switch, log in as admin, and enter the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 242
DMM_WWN] [Licenses] [Chassis Configuration End] date = Tue Mar 1 21:28:52 2011 [Switch Configuration Begin : 0] SwitchName = Sprint5100 Fabric ID = 128 [Boot Parameters] [Configuration] [Bottleneck Configuration] [Zoning] [Defined Security policies] 242 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 243
User-defined role configuration • LicensesDB - License Database (slot-based) • DMM_WWN - Data migration manager World Wide Name configuration • Licenses - (Feature-based) Licenses configuration • AGWWN_MAPPING_CONF - Access Gateway WWN mapping configuration Fabric OS Administrator's Guide 243 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 244
GigE Mode configuration • FWD CHASSIS CFG - Fabric Watch configuration • FRAME LOG - Frame log configuration (enable/disable) • DMM_TB - Data migration manager configuration • MOTD - Message of the day Switch section There is always at least one switch section for the default switch or a switch that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 245
the configUpload command while logged in to AD255. switch:AD5:admin> ad --select 5 switch:AD5:admin> configUpload Protocol (scp or ftp) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: /pub/configurations/config.txt Password: - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 246
, you must follow the procedure in "Configuration management for Virtual Fabrics" on page 250 to restore the logical switches. If a configDownload command is issued on a non-FC router, any FC router parameters may be viewed in the downloaded data. This is harmless to the switch and can be ignored - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 247
Virtual Fabric-enabled system. Only configurations related to ports within the default switch are applied. If you must set up your switch again, run the commands listed in Table 47 and save the output in a file format. Store the files in a safe place for emergency reference. TABLE 47 CLI commands - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 248
then you must disable the switch. When you use the configDownload command, you are prompted to disable the switch only when necessary. Configuration download without disabling a switch is independent of the hardware platform and supported on all hardware platforms running Fabric OS v6.1.0 and later - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 249
with Admin Domains switch:AD5:admin>configdownload Protocol (scp or ftp) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: /pub/configurations/config.txt *** CAUTION *** This command is used to download a backed-up configuration for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 250
target switches. Refer to "Configuration file restoration" on page 246 for more information. Security considerations Security parameters and the switch identity cannot be changed by the configDownload command. Parameters such as the switch name and IP address (lines in the configuration file that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 251
as this name can be confused with a normal uploaded configuration file. Example of configUpload on a switch with Virtual Fabrics Sprint5100:FID128:admin> configupload Protocol (scp, ftp, sftp, local) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [ - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 252
txt,password Example of configDownload on a switch 5100:FID128:admin> configdownload -vf Protocol (scp, ftp, sftp, local) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: 5100_FID89.txt *** CAUTION *** This command is used to download - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 253
form in Table 48 as a hard copy reference for your configuration information. In the hardware reference manuals for the Brocade DCX and DCX-4S Backbones, there is a guide for FC port-setting. TABLE 48 Brocade configuration and connection form Brocade configuration settings IP address Gateway address - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 254
8 Brocade configuration form 254 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 255
270 •Validating a firmware download 273 Firmware download process overview Fabric OS v7.1.0 provides nondisruptive firmware installation. This chapter refers to the following specific types of blades inserted into the Brocade DCX and DCX 8510 Backbone families: • FC blades or port blades that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 256
the secondary partition. ATTENTION The Brocade 8000 does not support a nondisruptive firmware download. The switch reboots once the firmware upgrade or downgrade is complete. In dual-CP systems, the firmware download process, by default, sequentially upgrades the firmware image on both CPs using HA - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 257
and restoring firmware, refer to "Testing and restoring firmware on Backbones" on page 270. Passwordless firmware download You can download firmware without a password using the sshutil command for public key authentication when SSH is selected. The switch must be configured to install the private - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 258
enable you to provide your switch support provider the information required to troubleshoot the firmware download. It is recommended that you use the configUpload command to back up the current configuration before you download firmware to a switch. Refer to "Configuration file backup" on page 244 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 259
supported. Refer to the Fabric OS Compatibility section of the Brocade Fabric OS Release Notes, for the recommended firmware version. If fixed-port switches are adjacent and you start firmware downloads on them at the same time, there may be traffic disruption. To determine if you need to upgrade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 260
about overriding the autocommit option. Switch firmware download process overview The following list describes the default behavior after you enter the firmwareDownload command (without options) on Brocade fixed-port switches: • The Fabric OS downloads the firmware to the secondary partition. • The - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 261
Firmware download on switches 9 Upgrading firmware for Brocade fixed-port switches 1. Take the following appropriate action based on what service you are using: • If you are using FTP, SFTP, or SCP, verify that the FTP or SSH server is running on the host server and that you have a valid user ID - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 262
not in sync, run the haSyncStart command. If the CPs are still not in sync, refer to the Fabric OS Troubleshooting and Diagnostics Guide. If the troubleshooting information fails to help resolve the issue, contact your switch service provider. During the upgrade process, the Backbone fails over to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 263
contact your switch service provider. For further troubleshooting, refer to the Fabric OS Troubleshooting and Diagnostics Guide. 8. Enter the firmwareDownload command and respond to the interactive prompts. 9. At the "Do you want to continue [y/n]" prompt, enter y. The firmware is downloaded to one - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 264
[1]: Password: Checking version compatibility... Version compatibility check passed. The following AP blades are installed in the system. Slot Name Versions Traffic Disrupted 2 FS8-18 v7.1.0_main_bld27 Encrypted Traffic 8 FX8-24 v7.1.0_main_bld27 GigE This command will upgrade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 265
Enter the firmwareShow command to display the new firmware versions. Firmware download from a USB device The Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, 8000, and VA-40FC switches and the Brocade DCX, DCX-4S, or DCX 8510 Backbones support a firmware download from a Brocade branded USB device - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 266
For more information about FIPS, refer to Chapter 7, "Configuring Security Policies". Fabric OS v7.1.0 firmware is digitally signed using the OpenSSL utility to provide FIPS support. To use the digitally signed software, you must configure the switch to enable signed firmware download. If it is not - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 267
images are not signed. Configuring a switch for signed firmware 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the configure command. 3. Respond to the prompts as follows: System Service Press Enter to select default setting; default is no. ssl attributes - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 268
and restoring firmware on switches Power-on firmware checksum test FIPS requires the checksums of the executables and libraries on the filesystem to be validated before Fabric OS modules are launched. This is to make sure these files have not been changed after they are installed. When firmware RPM - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 269
step 8, then you have committed the firmware on the switch and you have completed the firmware download procedure. 9. Restore the firmware. a. Enter the firmwareRestore command. The switch reboots and comes up with the original firmware again. A firmware commit automatically begins to copy the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 270
you decide to back out of the installation prior to the firmware commit, you can enter the firmwareRestore command to restore the former active Fabric OS firmware image. The firmwareRestore command can only run if autocommit was disabled during the firmware download. This command cannot be used to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 271
this operation is in process. c. Upon completion of the firmwareCommit command, enter the firmwareShow command to confirm both partitions on both CPs contain the new firmware. d. Enter the haShow command to confirm that the HA state is in sync. Fabric OS Administrator's Guide 271 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 272
storage devices. If you want to upgrade a Backbone with only one CP in it, follow the procedures in "Testing and restoring firmware on switches" on page 268. Be aware that upgrading a Backbone with only one CP is disruptive to switch traffic. 272 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 273
CP within the Brocade Backbone. The firmwareShow command displays the firmware version on each CP. firmwareDownloadStatus Displays an event log that records the progress and status of events during Fabric OS, SAS, and SA firmware download. The event log is created by the current firmwareDownload - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 274
9 Validating a firmware download 274 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 275
Fabric 298 •Removing an IP address for a Virtual Fabric 298 •Configuring a logical switch to use XISLs 299 •Changing the context to a different logical fabric 299 •Creating a logical fabric using XISLs 300 Virtual Fabrics overview Virtual Fabrics is an architecture to virtualize hardware - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 276
information about device sharing with Virtual Fabrics, refer to "FC-FC routing and Virtual Fabrics" on page 606. For information about supported switches and port types, refer to "Supported platforms for Virtual Fabrics" on page 286. Virtual Fabrics and Admin Domains are mutually exclusive and are - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 277
P5 P8 Logical switch 1 (Default logical switch) P0 P2 P4 P6 P8 P1 P3 P5 P7 P9 Logical switch 2 Logical switch 3 Logical switch 4 FIGURE 18 Switch before and after creating logical switches Logical switches and fabric IDs When you create a logical switch, you must assign it a fabric ID (FID). The - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 278
P1 P3 P5 P7 P9 Logical switch 2 Logical switch 1 (Default logical switch) P0 P1 P7 P8 P2 Logical switch 2 P3 Logical switch 3 P4 P9 Logical switch 3 P5 Logical switch 4 P6 Logical switch 4 FIGURE 20 Assigning ports to logical switches 278 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 279
as a VE_Port or EX_Port, you must configure them after you move them. Some types of ports cannot be moved from the default logical switch. Refer to "Supported platforms for Virtual Fabrics" on page 286 for detailed information about these ports. Logical switches and connected devices You can connect - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 280
4 Fabric 1 Fabric 15 Fabric 8 FIGURE 22 Logical switches in a single chassis belong to separate fabrics For information on allowing device sharing across fabrics in a Virtual Fabrics environment, refer to "FC-FC routing and Virtual Fabrics" on page 606. 280 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 281
as: - Logical switch configuration (creating, deleting, or modifying logical switches) - Account management (determining which accounts can access which logical switches) - Field-replaceable unit (FRU) management (slot commands, such as slotShow) - Firmware management (firmware upgrade, HA failover - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 282
5 (Default logical switch) Fabric ID 128 P2 Logical switch 6 P3 Fabric ID 1 P4 P5 P7 Logical switch 7 P6 Fabric ID 15 Logical switch 4 P6 Fabric ID 8 Switch P8 Logical switch 8 P9 Fabric ID 8 FIGURE 23 Logical switches connected to other logical switches through physical ISLs Figure 24 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 283
switches. This ISL is an extended ISL (XISL) because it connects base switches. Physical chassis 1 Logical switch 1 P1 (Default logical switch) Fabric ID 128 Physical chassis 2 P1 Logical switch 5 (Default logical switch) Fabric ID 128 Logical switch 2 P2 Fabric ID 1 P2 Logical switch 6 Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 284
XISL. FIGURE 26 Logical ISLs connecting logical switches To use the XISL, the logical switches must be configured to allow XISL use. By default, they are configured to do so; you can change this setting, however, using the procedure described in "Configuring a logical switch to use XISLs" on page - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 285
at each end of a logical ISL. A logical port is a software construct only and does not correspond to any physical port. Most port commands are not supported on logical ports. For example, you cannot change the state or configuration of a logical port. The World Wide Name (WWN) for logical ports is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 286
:FID128:admin> switch:FID15:admin> Refer to Chapter 5, "Managing User Accounts," for information about creating user accounts and assigning FIDs to user accounts. Supported platforms for Virtual Fabrics The following platforms are Virtual Fabrics-capable: • Brocade 5100 • Brocade 5300 • Brocade 6510 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 287
an XISL, and on the base switch as an XISL. NOTE For the FX8-24 blade, if XISL use is enabled it is not recommended that you configure VE_Ports on both the logical switch and the base switch, because FCIP tunnels support only two hops maximum. Fabric OS Administrator's Guide 287 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 288
only on the default logical switch. FC-FC Routing Service All EX_Ports must reside in a base switch. You cannot attach EX_Ports to a logical switch that has XISL use enabled. You must use ISLs to connect the logical switches in an edge fabric. Refer to Chapter 24, "Using FC-FC Routing to Connect - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 289
3 Brocade 6510 4 Brocade 6520 4 Brocade 7800 4 Brocade VA-40FC 3 Refer to "Supported port configurations in Brocade Backbones" on page 287 for restrictions on the default logical switch. Restrictions on XISLs The Allow XISL Use option under the configure command, allows a logical switch to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 290
it. switch:admin> fosconfig --show FC Routing service: iSCSI service: iSNS client service: Virtual Fabric: Ethernet Switch Service: disabled Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform switch:admin> fosconfig - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 291
your switch service provider to determine if you need to use this procedure. You need to run this procedure only once on each chassis, after you enable Virtual Fabrics but before you create logical switches. The configuration settings are then preserved across reboots and firmware upgrades and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 292
procedure to create a logical switch or a base switch: 1. Connect to the physical chassis and log in using an account with the chassis-role permission. 2. Enter the lsCfg command to create a logical switch: lscfg --create fabricID [ -base ] [ -force ] In the command syntax, fabricID is the fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 293
has been created with default configurations. Please configure the Logical Switch with appropriate switch and protocol settings before activating the Logical Switch. sw0:FID128:admin> setcontext 4 switch_4:FID4:admin> switchdisable switch_4:FID4:admin> configure Configure... Fabric parameters (yes - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 294
22 0e1600 -- N8 No_Module FC Disabled 23 23 0e1700 -- N8 No_Module FC Disabled Example 2: Executing the fabricShow command on all logical switches sw0:FID128:admin> fosexec --fid all -cmd "fabricshow fabricshow" on FID 128: Switch ID Worldwide Name Enet IP Addr FC IP Addr Name 97: fffc61 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 295
are currently configured. If the -port option is omitted, all ports on the specified slot are assigned to the logical switch. NOTE On the Brocade DCX and DCX 8510-8, the lscfg command does not allow you to add ports 48- 63 of the FC8-64 blade to the base switch. These ports are not supported on the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 296
logical switch from 5 to 7 sw0:FID128:admin> lscfg --change 5 -newfid 7 Changing of a switch fid requires that the switch be disabled. Would you like to continue [y/n]?: y Disabling switch... All active login sessions for FID 5 have been terminated. 296 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 297
ON LS Attributes: [FID: 7, Base Switch: No, Default Switch: No, Address Mode 0] (output truncated) switch_25:FID7:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Fabric OS Administrator's Guide 297 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 298
a Virtual Fabric Use the following procedure to delete an IP address for a Virtual Fabric: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the ipAddrSet -ls FID - -delete command. switch:admin> ipaddrset -ls 123 -delete 298 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 299
to use XISLs 10 Configuring a logical switch to use XISLs When you create a logical switch, it is configured to use XISLs by default. Use the following procedure to allow or disallow the logical switch to use XISLs in the base fabric. XISL use is not supported in some cases. See "Limitations - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 300
using multiple chassis and XISLs and refers to the configuration shown in Figure 28 as an example. FIGURE 28 Example of logical fabrics in multiple chassis and XISLs Use the following procedure to create a logical fabric using XISLs: 1. Set up the base switches in each chassis: a. Connect to the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 301
connect devices and ISLs to these ports on the logical switch. e. (Optional) Configure the logical switch to use XISLs, if it is not already XISL-capable. See "Configuring a logical switch to use XISLs" on page 299 for instructions. By default, newly created logical switches are configured to allow - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 302
10 Creating a logical fabric using XISLs 302 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 303
316 •Default zoning mode 326 •Zone database size 327 •Zone configurations 328 •Zone object maintenance 333 •Zone configuration management 336 zones. Unless otherwise specified, all references to zones in this chapter refer to these regular zones. Beyond this, Fabric OS has the following types of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 304
use the switch with the highest Fabric OS level to perform zoning tasks. To list the commands associated with zoning, use the zoneHelp command. For detailed information on the zoning commands used in the procedures, see the Fabric OS Command Reference. 304 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 305
, a zone is created for the HBA and the disk storage ports are added. If the HBA also accesses tape devices, a second zone is created with the HBA and the clustering software can manage access to the shared devices. In a large fabric, zoning by single HBA requires the creation of possibly hundreds - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 306
unless the administration team has very rigidly enforced processes for port and device allocation in the fabric. It does, however, provide some positive features. For instance, when a storage port, server HBA, or tape drive is replaced, the change of WWN for the new device is of no consequence. As - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 307
. This simplifies cumbersome data entry and allows an intuitive naming structure (such as using "NT_Hosts" to define all NT hosts in the fabric). Zone aliases also simplify repetitive entry of zone objects such as port numbers or a WWN. For example, you can use the name "Eng" as an alias for "10:00 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 308
enforcement Zoning enforcement describes a set of predefined rules that the switch uses to determine where to send incoming data. Fabric OS uses hardware-enforced zoning. Hardware-enforced zoning means that each frame is checked by hardware (the ASIC) before it is delivered to a zone member and is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 309
Use the following procedure to identify zones and zone types: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the portZoneShow command, using the following syntax: portzoneshow Considerations for zoning architecture Table 54 lists considerations for zoning - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 310
zone can have domain,port, WWN, and alias members. Broadcast zones do ports that are part of the broadcast zone for any Admin Domain, have membership in that Admin Domain, and are zoned together (in a regular zone) with the sender of the broadcast frame. 310 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 311
in the current AD context. Refer to "Validating a zone" on page 323 for complete instructions. Broadcast zones and FC-FC routing If you create broadcast zones in a metaSAN consisting of multiple fabrics connected through an FC router, the broadcast zone must include the IP device that exists in the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 312
zoning mode" on page 326 for additional information about default zoning. Zone aliases A zone alias is a logical group of ports or WWNs. You can simplify the process of creating zones by first specifying aliases, which eliminates the need for long lists of individual zone member names. If you are - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 313
following procedure to create an alias: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliCreate command, using the following syntax: alicreate "aliasname", "member[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 314
Use the following procedure to delete an alias: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliDelete command, using the following syntax. alidelete "aliasname" 3. Enter the cfgSave command to save the change to the defined configuration. 314 Fabric OS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 315
(both the defined and effective configuration) is displayed. Example The following example shows all zone aliases beginning with "arr". switch:admin> alishow "arr*" alias: array1 21:00:00:20:37:0c:76:8c alias: array2 21:00:00:20:37:0c:66:23 Fabric OS Administrator's Guide 315 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 316
existing zones Use the following procedure to display a list of existing zones: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command. Example Displaying existing zones switch:admin> cfgshow Defined configuration: zone: matt 30:06:00 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 317
" in the command line. 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to nonvolatile memory. If a transaction is open on a different switch in the fabric when this command is run - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 318
" in the command line. 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to nonvolatile memory. If a transaction is open on a different switch in the fabric when this command is run - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 319
D,I. Use the following procedure to replace members in a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneObjectReplace command, using the following syntax: zoneobjectreplace old wwn/D,I new wwn/D,I NOTE This command does not support partial pattern - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 320
Use the following procedure to delete a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneDelete command, using the following syntax: zonedelete "zonename" 3. Enter the cfgSave command to save the change to the defined configuration. 320 Fabric OS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 321
on a different switch in the fabric when this command is run, the transaction on the other switch is automatically aborted. A message displays on the other switches to indicate that the transaction was aborted. Example Deleting zone members switch:admin> cfgshow Defined configuration: zone: matt - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 322
creation and maintenance Viewing a zone in the defined configuration Use the following procedure to view a zone in the configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneShow command, using the following syntax: zoneshow[--sort] ["pattern - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 323
4,2 switch:admin> Validating a zone Use the following procedure to validate a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command to view the zone configuration objects you want to validate. switch:admin> cfgShow Defined configuration: cfg - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 324
3. Enter the zone --validate command to list all zone members that are not part of the current zone enforcement table. Note that zone configuration names are case-sensitive; blank spaces are ignored. switch:admin> zone --validate "White_zone" 4. Enter the following command to validate all zones in - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 325
for switches in the fabric if a zone merge or HA failover happens. To avoid inconsistency it is recommended to commit the configurations using the 'cfgenable' command. Do you want to proceed with saving the Defined zoning configuration only? (yes, y, no, n): [no] y Updating flash ... switch:admin - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 326
are connected to the fabric. Use the following procedure to set the default zoning mode: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgActvShow command to view the current zone configuration. 3. Enter the defZone command with one of the following - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 327
... Viewing the current default zone access mode Use the following procedure to view the current default zone access mode: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the defZone --show command. NOTE If you perform a firmware download of an older release - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 328
, you must enable the configuration for the changes to take effect. Creating a zone configuration Use the following procedure to create a zone configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgCreate command, using the following syntax - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 329
[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to nonvolatile memory. If a transaction is open on a different switch in the fabric when this command is run, the transaction on the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 330
to indicate that the transaction was aborted. Use the following procedure to enable a zone configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgenable command, using the following syntax: cfgenable "cfgname" 3. Enter y at the prompt. Example - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 331
account with admin permissions. 2. Enter the cfgShow command with no operands. Example switch:admin> cfgshow Defined configuration: cfg: USA1 Blue_zone cfg: USA_cfg Purple_zone; Blue_zone zone: Blue_zone 1,1; array1; 1,2; array2 zone: Purple_zone 1,0; loop1 Fabric OS Administrator's Guide 331 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 332
procedure to view the configuration in the effective zone database: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgActvShow command. Example switch:admin> cfgactvshow Effective configuration 37:0c:71:df 332 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 333
zone objects you want to copy along with the new object name. NOTE Zone configuration names are case-sensitive, blank spaces are ignored, and the zone --copy command works in any Admin Domain except AD255. switch:admin> zone --copy Test1 US_Test1 Fabric OS Administrator's Guide 333 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 334
:0c:71:df 3. Use zone --expunge to delete the zone object. NOTE Zone configuration names are case-sensitive, blank spaces are ignored and the zone --expunge command works in any Admin Domain except AD255. switch:admin> zone --expunge "White_zone" 334 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 335
object is present. 5. If you want the change preserved when the switch reboots, enter the cfgSave command to save it to nonvolatile (flash) memory. 6. Enter the cfgEnable command for the appropriate zone configuration to make the change effective. Fabric OS Administrator's Guide 335 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 336
for archiving and it can be downloaded from the host to a switch in the fabric. See "Configuration file backup" on page 244, "Configuration file restoration" on page 246, or the configUpload and configDownload commands in the Fabric OS Command Reference for additional information on uploading and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 337
. • Merging and segmentation The fabric is checked for segmentation during power-up, when a switch is disabled or enabled, or when a new switch is added. The zone configuration database is stored in nonvolatile memory by the cfgSave command. All switches in the fabric have a copy of this database - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 338
can cause conflicts. See the Fabric OS Command Reference for detailed information about these commands. If the fabrics have different zone configuration data, the system attempts to merge the two sets of zone configuration data. If the zones cannot merge, the ISL will be segmented. A merge is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 339
59 on page 341: Default access mode • Table 60 on page 342: Mixed Fabric OS versions Zone merging scenarios: Defined and effective configurations Switch A Switch B Expected results Switch A has a defined configuration. Switch B does not have a defined configuration. defined: cfg1: zone1: ali1 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 340
of the two, with cfg1 as the effective configuration. Clean merge. Switch A absorbs the defined configuration from the fabric, with cfg1 as the effective configuration. In this case, however, the effective configurations for Switch A and Switch B are different. You should issue a cfgenable from the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 341
. Cannot merge switches with different TI zone configurations. Clean merge. TI zones are not automatically activated after the merge. defined: none Fabric segments because all switches in the fabric must be running Fabric OS v6.4.0 or later to support Enhanced TI zones. Switch B Expected results - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 342
, they will replace the existing active zone sets with the new zone sets or create more zone sets command. Use the cfgtransshow --opentrans command to display a list of domains with open transactions Do you want to enable 'cfg' configuration (yes, y, no, n): [no] 342 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 343
Defined zoning configuration only? (yes, y, no, n): [no] n Viewing zone database transactions You can use the cfgTransShow command to list all the domains in the fabric with open transactions Syntax: cfgTransShow [ |--opentrans | --help] Sample output: switch:admin> cfgtransshow Current transaction - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 344
11 Concurrent zone transactions 344 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 345
Isolation Zoning over FC routers with Virtual Fabrics 363 •Creating a TI zone 364 •Modifying TI zones 367 •Changing the state of a TI zone 368 •Deleting a TI zone 369 •Displaying TI zones 369 •Troubleshooting TI zone routing problems 370 •Setting up TI over FCR (sample procedure 371 Traffic - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 346
through N_Ports 5 and 6. Traffic coming from other ports in Domain 1 would not use E_Port 1, but would use E_Port 2 instead. Use the zone command to create and manage TI zones. Refer to the Fabric OS Command Reference for details about the zone command. TI zone failover A TI zone can have failover - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 347
configurations, such as that shown in Figure 31 on page 346. • Ensure that there are non-dedicated paths through the fabric for all devices that are not in a TI zone. • If you create a TI zone with just E_Ports, failover must be enabled. If failover is disabled, the specified ISLs will not be able - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 348
• It is recommended that the insistent Domain ID feature be enabled; if a switch changes its active domain ID, the route is broken. See the configure command in the Fabric OS Command Reference for information about setting insistent Domain ID. 348 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 349
cost path instead. • If failover is disabled, the TI zone traffic is blocked. If the dedicated ISL is the only lowest cost path ISL 14 12 15 = Dedicated Path 16 = Ports in the TI zone Domain 2 FIGURE 33 configured to be the shortest path. Fabric OS Administrator's Guide 349 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 350
shortest path 7 6 5 Domain 4 NOTE For information about setting or displaying the FSPF cost of a path, see the linkCost and topologyShow commands in the Fabric OS Command Reference. Enhanced TI zones In Fabric OS v6.4.0 and later, ports can be in multiple TI zones at the same time. Zones with - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 351
. You can also display a report of existing and potential problems with TI zone configurations, as described in "Troubleshooting TI zone routing problems" on page 370. Illegal ETIZ configuration: separate paths from a port to devices on same domain Figure 36 shows two enhanced TI zones that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 352
Fibre Channel routing (TI over FCR). See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. Some VE_Port-based features, such as tape pipelining, require the request and corresponding response traffic to traverse - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 353
path is used. If failover is disabled and the TI path is not available, then devices are not imported. NOTE For TI over FCR, all switches in the backbone fabric and in the edge fabrics must be running Fabric OS v6.1.0 or later. Fabric OS Administrator's Guide 353 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 354
In this configuration the traffic between the front and xlate domains can go through any path between these two domains. The -1 does not identify any specific ISL. To guarantee a specific ISL, you need to set up a TI zone within the backbone fabric. 354 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 355
for FC router 1) • 1,4 (VE_Port for FC router 1) • 2,7 (VE_Port for FC router 2) • 2,1 (EX_Port for FC router 2) • 10:00:00:00:00:01:00:00 (Port WWN for the host) • 10:00:00:00:00:02:00:00 (Port WWN for target 1) • 10:00:00:00:00:03:00:00 (Port WWN for target 2) Fabric OS Administrator's Guide 355 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 356
is not supported with FC Fast Write. • For the FC8-16, FC8-32, FC8-48, FC8-64, and FX8-24 blades only: If Virtual Fabrics is disabled, two or more shared area EX_Ports connected to the same edge fabric should not be configured in different TI zones. This configuration is not supported. General rules - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 357
TI zones. The CLI essentially displays the details of the trunk members present in the TI zone and those not present in the TI zone. These details are displayed per TI Zone basis. Example RASlog message when --showTItrunkerrors is added to zone command switch:admin> zone --showTItrunkerrors TI - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 358
. The Brocade DCX-4S and DCX 8510-4 do not have this limitation. • VE_Ports are supported in TI zones. • TI Zoning is not supported in fabrics with switches running firmware versions earlier than Fabric OS v6.0.0. However, the existence of a TI zone in such a fabric is backward-compatible and does - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 359
. • A TI zone can be created using D,I (Domain, Index) notation only, except for TI zones in a backbone fabric, which use port WWNs. See "Traffic Isolation Zoning over FC routers" on page 352 for information about TI zones in a backbone fabric. Fabric OS Administrator's Guide 359 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 360
TI zones. • TI zones that have members with port index greater than 511 are not supported with Fabric OS versions earlier than v6.4.0. If such a TI zone and Fabric OS version combination is detected, a warning is issued. These configurations are not prevented, but their behavior is unpredictable - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 361
disabled, this is not a supported configuration. Base switches do not allow the creation of a TI zone with failover disabled. • To create a TI zone for a logical fabric that uses XISLs, you must create two TI zones: one in the logical fabric and one in the base fabric. The combination of TI zones - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 362
2,16 E_Port for XISL 2,8 E_Port for ISL in logical switch Notice that the base fabric zone contains a reference to port 1,3 even though the base switch with domain 1 does not have a port 3 in the switch. This number refers to the port in the chassis with port index 3, which actually belongs to LS3 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 363
Domain 6 11 E 12 E 15 E 16 E 13 EX Base switch Domain 2 14 EX FIGURE 45 = Dedicated Path = Ports in the TI zones Example configuration for TI zones over FC routers in logical fabrics Figure 46 shows a logical representation of the configuration in Figure 45. This SAN is similar to that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 364
following procedure to create a TI zone. If you are creating a TI zone in a base fabric, use the procedure described in "Creating a TI zone in a base fabric" on page 366. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zone --create command: zone --create - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 365
in the base fabric, as described in "Creating a TI zone in a base fabric". Remember that your changes are not enforced until you enter the cfgEnable command, as shown here: switch:admin> cfgenable "USA_cfg" You are about to enable a new zoning configuration. This action will replace the old zoning - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 366
a TI zone in a base fabric 1. Connect to the switch and log in using an account with admin permissions. 2. Create a "dummy" zone configuration in the base fabric. For example: zone --create "z1", "1,1" cfgcreate "base_config", z1 3. Enter the zone --create command to create the TI zone in the base - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 367
" c. Reset the failover option to failover disabled. Then continue with step 4. zone --add -o n name 4. Enter the cfgEnable command to reactivate your current effective configuration and enforce the TI zones. cfgenable "current_effective_configuration" Fabric OS Administrator's Guide 367 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 368
, type: switch:admin> zone --activate bluezone To change the state of the existing TI zone greenzone to deactivated, type: switch:admin> zone --deactivate greenzone Remember that your changes are not enforced until you enter the cfgEnable command. 368 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 369
about the TI zone purplezone switch:admin> zone --show purplezone Defined TI zone configuration: TI Zone Name: redzone: Port List: 1,2; 1,3; 3,3; 4,5 Configured Status: Activated / Failover-Enabled Enabled Status: Activated / Failover-Enabled Fabric OS Administrator's Guide 369 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 370
/ Failover-Enabled TI Zone Name: purplezone: Port List: 1,2; 1,3; 3,3; 4,5; Configured Status: Activated / Failover-Enabled Enabled Status: Deactivated / Failover-Enabled Troubleshooting TI zone routing problems Use the following procedure to generate a report of existing and potential - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 371
about creating LSAN zones. 2. Log in to the edge fabric 1 and set up the TI zone. a. Enter the fabricShow command to display the switches in the fabric. From the output, you can determine the front and translate domains. E1switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 372
procedure) The Fabric has 3 switches b. Enter the following commands to create and display a TI zone: E1switch:admin> zone --create -t ti TI_Zone1 -p "4,8; 4,5, 1,-1; 6,-1" E1switch:admin> zone --show Defined TI zone configuration: TI Zone Name: TI_Zone1 Port List: 4,8; 4,5; 1,-1; 6,-1 Status - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 373
Enter the following commands to create and display a TI zone: BB_DCX_1:admin> zone --create -t ti TI_Zone1 -p "1,9; 1,1; 2,4; 2,7; 10:00:00:00:00:08:00:00; 10:00:00:00:00:02:00:00; 10:00:00:00:00:03:00:00" BB_DCX_1:admin> zone --show Defined TI zone configuration: TI Zone Name: TI_Zone1 Port List - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 374
12 Setting up TI over FCR (sample procedure) 374 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 375
it takes to troubleshoot network problems. If you notice one or more applications slowing down, you can determine whether any latency devices are attached to the fabric and where. You can use the CLI to display a history of bottleneck conditions on a port. If the CLI shows above-threshold bottleneck - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 376
is configured on a per-switch basis, with optional per-port exclusions. • Bottleneck detection is disabled by default. Best practice is to enable bottleneck detection on all switches in the fabric, and leave it on to continuously gather statistics. • Bottleneck detection does not require a license - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 377
the Fabric OS Command Reference. Supported configurations for bottleneck detection The following configuration rules apply to bottleneck detection: • Bottleneck detection is supported only on Fibre Channel ports and FCoE F_Ports. • Bottleneck detection is supported only on the following port types - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 378
configuration is persistent across firmware upgrades and downgrades. The sub-second latency criterion parameter settings are not preserved on downgrade to firmware versions earlier than Fabric OS 7.0.0. If you downgrade and then upgrade back to Fabric OS 7.0.0, the settings revert to their default - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 379
on these switches, and the Fabric OS Troubleshooting and Diagnostics Guide for more general information. Back-end credit loss detection and recovery support on Brocade 5300 switches The following credit loss detection methods are supported for Brocade 5300 back-end ports: • Per-port polling to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 380
Fabric OS Troubleshooting and Diagnostics Guide for more information. • The bottleneck detection commands are supported on F_Ports, FL_Ports, E_Ports, and EX_Ports. • The credit recovery commands are supported only on back-end ports of 4G, 8G, and 16G Capable FC platforms for blades in the Brocade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 381
still view the bottleneck history using either the CLI or BNA. switch:admin> bottleneckmon --enable Displaying bottleneck detection configuration details Use the following procedure to display the bottleneck detection configuration details: 1. Connect to the switch and log in using an account with - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 382
Switch-wide switch level has been set switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch Per-port overrides for alert parameters: Port Alerts configure Fabric OS to log per-port alerts based on the latency and congestion history of the port example, Figure 48 shows an - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 383
bottleneckmon --enable -alert command enables both alerts using the default alert values. Example of setting an alert for both congestion and latency This example enables both alerts and shows their values. switch:admin> bottleneckmon --enable -alert switch:admin> bottleneckmon --status Bottleneck - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 384
you can configure switch-wide or port-specific alerting port 47 without affecting any other port. You can also change the parameters on ports that have been excluded from bottleneck detection.For a trunk, you can change the parameters only on the master port. 384 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 385
about --config and -alert-related settings. Use the following procedure to configure the bottleneck detection parameters: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bottleneckmon --config command to set the alerting and sub-second latency criterion - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 386
--status Bottleneck detection - Enabled Switch-wide sub-second latency bottleneck criterion: Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: Alerts - Yes Latency threshold for alert - 0.200 386 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 387
are no per-port overrides. switch:admin> bottleneckmon --configclear 46-47 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch-wide sub-second latency bottleneck criterion: Time threshold - 0.800 Severity threshold - 50.000 Fabric OS Administrator's Guide 387 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 388
port might be triggering alerts more frequently than desired. The -qtime parameter can be used to throttle alerts by specifying the minimum number of seconds between consecutive alerts. Thresholds are configured separately for each type of bottleneck and statistical data are collected independently - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 389
of alerts you are receiving about known latency bottlenecks in the fabric, so you temporarily decrease the sub-second latency sensitivity on these ports. • You have a latency bottleneck on an ISL that is not at the edge of the fabric. The sub-second latency criterion parameters are always applicable - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 390
the trunk. Use the following procedure to exclude a port from bottleneck detection: 1. Connect to the switch to which the target port belongs and log in using an account with admin permissions. 2. Enter the bottleneckmon --exclude command to exclude the port from bottleneck detection. To later - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 391
, or a list of ports affected by bottleneck conditions. • Continuously update the displayed data with fresh data. Use the following procedure to display the bottleneck statistics: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bottleneckmon --show command - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 392
discarded, including the list of excluded ports and non-default values of alerting parameters. Use the following procedure to disable bottleneck detection: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bottleneckmon --disable command to disable bottleneck - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 393
ends of the ISL must terminate in 16G-capable FC ports. Encryption and compression can be enabled at the same time for an ISL, or you can enable either encryption or compression selectively. Figure 49 shows an example of 16 Gbps links connecting three Brocade switches. One link is configured with - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 394
page 395 for specific details about the number of ports supported for encryption and compression. • Ports must be 16 Gbps capable, although port speed can be any configurable value. • The devices at either end of the ISL must run Fabric OS 7.0.0 or later software. • Only E_Ports, EX_Ports, and XISL - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 395
the AES-GCM authenticated encryption block cipher mode. A key, Initial Vector (IV), segment number and Salt are required to encrypt the data before it is transmitted, and to decode the data after it is received on the other end of the link. Fabric OS Administrator's Guide 395 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 396
See also "Configuring encryption and compression" on page 399 and the Fabric OS Command Reference for more details. Usage: portEncCompShow [slot/]port Example output switch:admin> portStatsShow 16/17 16 16 011000 id N8 Online FC 2" (downstream) 17 17 011100 id N8 Online FC 2" E-Port E-Port 10:00 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 397
the specified port. Usage: portCfgEncrypt action [slot/]port Example Enabling the encryption configuration for port 2 switch:admin> portcfgencrypt --enable 2 Example Disabling the encryption configuration for port 2 switch:admin> portcfgencrypt --disable 2 portShow The portShow command allows you - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 398
. For Brocade 6510 and 6520 switches, if the two ports are not configured for trunking, we recommend that you connect each ISL to different ASICs on the peer switch. NOTE If any port on the ASIC with encryption or compression enabled encounters rare error conditions that would need error recovery to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 399
the Fabric OS Command Reference for details on using these commands. Configuring encryption and compression On a given ISL between two 16 Gbps E_Ports or EX_Ports, you can configure each port for encryption, compression, or both. Your encryption and compression settings must match at either end of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 400
command. This command will tell you if the segmentation was due to mismatched encryption or compression configurations on the ports at either end of the ISL, if port-level authentication failed, or if a required resource was not available. The following topics provide step-by-step instructions - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 401
or compression. ASIC 0 (above the dashed line) has no ports configured for either encryption or compression and therefore has any two ports available for this purpose. For bladed switches, use the switchShow command to determine the slot number of a specific user port. switch:admin> portenccompshow - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 402
over the previous 5 seconds. When a port is configured for compression, entering portStatsShow displays the port's compression ratio. See the Fabric OS Command Reference for more details on this command. Limitations and restrictions • The ASIC Compression Block can compress data only if there is at - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 403
Enter the secAuthSecret --set command to establish pre-shared secrets at each end of the ISL. It is recommended to use a 32-bit secret for an ISL carrying encrypted or compressed traffic. switch:admin> secauthsecret --set When prompted, enter the WWN for the local switch and secret strings for the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 404
RBAC class of commands. 2. Use the portDisable command to disable the port on which you want to configure compression. 3. Enter the portCfgCompress --enable command. The following example enables compression on port 21 on a Brocade 6510 switch: switch:admin> portcfgcompress --enable 21 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 405
disables compression on port 15 of an FC16-32 blade in slot 9 of an enterprise class platform: switch:admin> portcfgcompress --disable 9/15 4. Enable the port with the portEnable command. After enabling the port, the new configuration becomes active. Fabric OS Administrator's Guide 405 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 406
enterprise class platform named 'myDCX' to a port on a Brocade 6510 switch named 'myswitch'. Table 63 identifies each end of the ISL connection by device name, device WWN, and port number. TABLE 63 Example ISL connections Enterprise class platform Brocade 6510 Name WWN port ID myDCX 10:00:00:05 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 407
configures and enables encryption and compression on a given port. The commands in this example are shown entered on the Brocade 6510 named 'myswitch'. The same commands must also be entered on the peer switch get the WWN of the peer switch. myswitch:admin> secauthsecret --set This command is used - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 408
Link Init OFF Locked L_Port OFF Locked G_Port OFF Disabled E_Port OFF Locked E_Port OFF ISL R_RDY Mode OFF RSCN Suppressed OFF Persistent Disable OFF LOS TOV enable OFF NPIV capability ON QOS E_Port AE Port Auto Disable: OFF 408 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 409
: OFF Rate Limit EX Port Mirror Port Credit Recovery F_Port Buffers Fault Delay: NPIV PP Limit: CSCTL mode: Frame Shooter Port D-Port mode: Compression: Encryption: FEC: myswitch:admin> OFF OFF OFF ON OFF 0(R_A_TOV) 126 OFF OFF OFF ON ON OFF Fabric OS Administrator's Guide 409 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 410
: OFF Rate Limit EX Port Mirror Port Credit Recovery F_Port Buffers Fault Delay: NPIV PP Limit: CSCTL mode: Frame Shooter Port D-Port mode: Compression: Encryption: FEC: myswitch:admin> OFF OFF OFF ON OFF 0(R_A_TOV) 126 OFF OFF OFF OFF OFF OFF 410 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 411
to authenticate correctly. • Encryption or compression configurations do not match at both ends. Example: If at one end there is a switch that does not support encryption/compression, the port will be disabled. • Encryption or compression configuration is enabled but resources are not available - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 412
are shown entered on a Brocade 6510 named 'myswitch' as Fibre Channel Router (FCR) and an edge switch as 'edge'. Example Displaying port numbers on the FCR and Edge switches using the fcrEdgeShow command switch:admin> fcredgeshow FID EX-port E-port Neighbor Switch (PWWN, SWWN ) Flags 20 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 413
13: OFF Trunk Port OFF Long Distance OFF VC Link Init OFF Locked L_Port OFF Locked G_Port OFF Disabled E_Port OFF Locked E_Port OFF ISL R_RDY Mode OFF RSCN Suppressed OFF Persistent Disable OFF LOS TOV enable OFF NPIV capability ON Fabric OS Administrator's Guide 413 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 414
Limit OFF EX Port ON Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay: 0(R_A_TOV) NPIV PP Limit: 255 CSCTL mode: OFF D-Port mode: OFF Compression: ON Encryption: ON FEC: ON myswitch:admin> Example Setting the secret key for the front phantom wwn projected by - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 415
front phantom switch. Use portCfgExPort EX_Port# on that switch to learn its wwn value. edge:admin> secauthsecret --set This command is used to set up secret keys for the DH-CHAP authentication. The minimum length of a secret key is 8 characters and maximum 40 Fabric OS Administrator's Guide 415 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 416
RSCN Suppressed OFF Persistent Disable OFF LOS TOV enable OFF NPIV capability ON QOS Port AE Port Auto Disable: OFF Rate Limit OFF EX Port OFF Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay: 0(R_A_TOV) 416 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 417
OFF Disabled E_Port OFF Locked E_Port OFF ISL R_RDY Mode OFF RSCN Suppressed OFF Persistent Disable OFF LOS TOV enable OFF NPIV capability ON QOS Port AE Port Auto Disable: OFF Rate Limit OFF EX Port OFF Mirror Port OFF Credit Recovery ON F_Port Buffers OFF Fault Delay - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 418
> [slot/]port Example Setting port 47 to be an EX_Port, and displaying the port configuration parameters switch:admin> portcfgexport 47 Port 47 info Admin: enabled State: OK Pid format: core(N) Operate mode: Brocade Native Edge Fabric ID: 17 Preferred Domain ID: 160 Front WWN: 50:00 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 419
of registering with all services of the fabric. This chapter does not discuss the Access Gateway feature. For more information on the Access Gateway feature, refer to the Access Gateway Administrator's Guide. Each NPIV device has a unique device PID, Port WWN, and Node WWN, and behaves the same - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 420
Proto 127 12 15 a07f40 id N4 Online FC F-Port (AoQ) 1 N Port + 63 NPIV public Upgrade considerations The maximum logins per switch has decreased with Fabric OS v6.4.0. When upgrading from a release previous to Fabric OS v6.4.0 and later, the configured maximum is carried forward and may exceed - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 421
Fabrics Logical switch type NPIV support DCX-4S Enabled Logical switch Yes, 255 virtual device limit.3 DCX-4S Enabled Base switch No. 1. Maximum limit support takes precedence if user-configured maximum limit is greater. This applies to shared areas on the FC4-48, FC8-48, and FC8-64 port - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 422
. NOTE NPIV is a requirement for FCoE. The CEE/FCoE ports on the Brocade 8000 have NPIV enabled by default, but NPIV cannot be enabled or disabled on these ports. The login limit can be set on these ports provided you disable and enable the ports using the fcoe --disable and fcoe --enable commands - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 423
:00:05:1e:0a:16:59 4. Use the portShow command to view the NPIV attributes and all the N_Port (physical and virtual) port WWNs that are listed under portWwn of device(s) connected. The following example is sample output for the portShow command: Fabric OS Administrator's Guide 423 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 424
15 Viewing NPIV port configuration information switch:admin> portshow 2 portName: 02 portHealth: HEALTHY Authentication: None portDisableReason: None portCFlags: 0x1 portFlags: 0x24b03 PRESENT ACTIVE F_PORT G_PORT NPIV LOGICAL_ONLINE LOGIN NOELP LED ACCEPT portType: 10.0 portState: 1Online - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 425
to Dynamic Fabric Provisioning using FA-PWWN 425 •User- and auto-assigned FA-PWWN behavior 426 •Configuring FA-PWWNs 426 •Supported switches and configurations for FA-PWWN 429 •Configuration upload and download considerations for FA-PWWN 430 •Firmware upgrade and downgrade considerations - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 426
in multiple chassis. There is no fabric-wide database, and adding the same FA-PWWNs in multiple chassis causes duplicate PWWNs. Configuring FA-PWWNs Use the faPwwn command to create and manage FA-PWWNs. The faPwwn command supports the following management tasks: • Binding an automatically assigned - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 427
• If you are manually assigning a WWN, enter the following command: fapwwn --assign -ag AG_WWN -port AG_port -v Virtual_PWWN • If you want the WWN to be automatically assigned, enter the following command: fapwwn --assign -ag AG_WWN -port AG_port Fabric OS Administrator's Guide 427 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 428
the FA-PWWN. • If you are manually assigning a WWN, enter the following command: fapwwn --assign -port [slot/]port -v Virtual_PWWN • If you want the WWN to be automatically assigned, enter the following command: fapwwn --assign -port [slot/]port 428 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 429
port. Supported switches and configurations for FA-PWWN The FA-PWWN feature is supported on the following platforms: • Switch platforms running Fabric OS v7.0.0 or later: - Brocade DCX, DCX-4S, and DCX 8510 family - Brocade 300 - Brocade 5100 - Brocade 5300 - Brocade 6505 - Brocade 6510 - Brocade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 430
export the FA-PWWN configuration. ATTENTION Brocade recommends you delete all FA-PWWNs from the switch with the configuration being replaced before you upload or download a modified configuration. This is to ensure no duplicate FA-PWWNs in the fabric. Firmware upgrade and downgrade considerations - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 431
feature: • FA-PWWN is supported only on Brocade HBAs and adapters. Refer to the release notes for the supported Brocade HBA or adapter versions. • FA-PWWN is not supported for the following: - FCoE devices - FL_Ports - Swapped ports (using the portswap command) - Cascaded Access Gateway topologies - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 432
16 Access Gateway N_Port failover with FA-PWWN 432 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 433
define which users can manage which devices, hosts, and switches. You can have up to 256 Admin Domains in a fabric (254 user-defined and 2 system-defined), numbered from 0 through 255. Admin Domains are designated by a name and a number. This document refers to specific Admin Domains using the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 434
Figure 53, users can see all switches and E_Ports in the fabric, regardless of their Admin Domain; however, the switch ports and end devices are filtered based on Admin Domain membership. FIGURE 53 Filtered fabric views when using Admin Domains 434 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 435
Domains are not supported on the Brocade 8000. The Brocade 8000 can be in AD0 only. • The default zone mode setting must be set to No Access before you create Admin Domains (refer to "Setting the default zoning mode for Admin Domains" on page 443 for instructions). • Virtual Fabrics must be disabled - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 436
, switch ports, and switches in the fabric. When you create AD1 through AD254, the devices, switch ports, and switches used to create these user-defined Admin Domains disappear from the AD0 implicit membership list. • The explicit membership list contains all devices, switch ports, and switches that - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 437
is useful when you create Admin Domains because you can see which devices, switch ports, and switches are not yet assigned to any Admin Domains. AD0 owns the root zone database (legacy zone database). AD255 AD255 is a system-defined Admin Domain that is used for Admin Domain management. AD255 always - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 438
can later switch to a different Admin Domain (refer to "Switching to a different Admin Domain context" on page 456 for instructions). • For default accounts such as admin and user, the home Admin Domain defaults to AD0 and cannot be changed. • The Admin Domain list for the default admin account is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 439
be devices, switch ports, or switches. Defining these member types is similar to defining a traditional zone member type. An Admin Domain does not require or have a new domain ID or management IP address linked to it. Device members Device members are defined by the device World Wide Name (WWN) and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 440
:n9:xx In the syntax, xx is the Admin Domain number. For example, the following switch WWN is in NAA=1 format: 10:00:00:60:69:e4:24:e0 The following switch WWN is the converted WWN for the previous example in AD1: 50:06:06:9e:42:4e:09:01 440 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 441
on page 441 shows an unfiltered view of a fabric with two switches, three devices, and two Admin Domains. The devices are labeled with device WWNs and the switches are labeled with domain IDs and switch WWNs. FIGURE 55 Fabric showing switch and device WWNs Figure 56 shows the filtered view of the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 442
Admin Domain management for physical fabric administrators Admin Domain compatibility, availability, and merging Admin Domains maintain continuity of service for Fabric OS features and operate in mixed-release Fabric OS environments. High availability is supported with some backward compatibility - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 443
, as described in "Disabling Virtual Fabrics mode" on page 290. Admin Domains and Virtual Fabrics cannot co-exist. 3. Set the default zone mode to No Access, if you have not already done so. Refer to "Setting the default zoning mode" on page 326 for instructions. 4. Switch to the AD255 context, if - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 444
is the default Admin Domain context after login. • If you do not specify one, the home Admin Domain is the lowest valid Admin Domain in the numerically-sorted AD list. • Users can log in to their Admin Domains and create their own Admin Domain-specific zones and zone configurations. 444 Fabric OS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 445
management for physical fabric administrators 17 Creating a new user account for managing Admin Domains 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the userConfig --add command using the -r option to set the role, the -a option to provide access to Admin - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 446
or becomes the lowest Admin Domain ID in the remaining list. Example of removing Admin Domain green_ad2 from the user account adm1 switch:admin> userconfig --deletead adm1 -a "green_ad2" Broadcast message from root (pts/0) Wed Jan 27 20:57:14 2010... Security Policy, Password or Account Attribute - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 447
is the Admin Domain name or number, dev_list is a list of device WWNs or domain,index members, and switch_list is a list of switch WWNs or domain IDs. 4. Enter the appropriate command based on whether you want to save or activate the Admin Domain definition: Fabric OS Administrator's Guide 447 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 448
the switch and log in using an account with admin permissions. 2. Switch to the AD255 context, if you are not already in that context. ad --select 255 3. Enter the ad --rename command with the present name and the new name. ad --rename present_name new_name 448 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 449
state. 6. Enter the ad --apply command to save the Admin Domain definition and directly apply the definition to the fabric. Example of deleting Admin Domain AD_B3 switch:AD255:admin> ad --delete AD_B3 You are about to delete an AD. This operation will fail if zone configuration exists in the AD Do - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 450
ADs. You can use this procedure to remove all Admin Domains before enabling Virtual Fabrics. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgshow command in the AD255 context to display the zone configurations for all Admin Domains. ad --exec 255 "cfgshow - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 451
10. Enter the ad --apply command to save the Admin Domain definition and directly apply the definitions to the fabric. ad --apply All user-defined Admin Domains have now been removed, but all device communication that was allowed with the original Admin Domain configuration is still permitted in the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 452
17 Admin Domain management for physical fabric administrators FIGURE 57 AD0 and two user-defined Admin Domains, AD1 and AD2 At the conclusion of the procedure, all devices and zones are moved to AD0, and the user-defined Admin Domains are deleted, as shown in Figure 58. FIGURE 58 AD0 with three - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 453
to clear all admin domains (yes, y, no, n): [no] y sw0:AD255:admin> ad --apply You are about to enforce the saved AD configuration. This action will trigger AD apply to all switches in the fabric Do you want to apply all admin domains (yes, y, no, n): [no] y Fabric OS Administrator's Guide 453 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 454
affect commands and other Fabric OS features. If you are a physical fabric administrator and you want to create, modify, or otherwise manage Admin Domains, refer to "Admin Domain management for physical fabric administrators" on page 442. The Admin Domain looks like a virtual switch or fabric to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 455
appears in CLI command output or other management tool outputs if any one of the conditions listed in Table 66 is met. TABLE 66 For Ports and devices in CLI output Condition domain,index • The port is specified in the domain,index member list of the Admin Domain. • One or more WWNs specified in - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 456
is not activated, the operation fails. 1. Connect to the switch and log in as any user type. 2. Enter the ad --select command and the Admin Domain to which you want to switch. 3. Leave the new Admin Domain context by exiting from the shell. logout 456 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 457
and download Refer to "Configuration upload and download in an AD context" on page 460 for details. Fabric Watch Fabric Watch configuration operations are allowed only if the local switch is part of the current Admin Domain. FC-FC Routing Service You can create LSAN zones as a physical fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 458
and FC-CT-based management applications. Access from applications or hosts using management server calls can be controlled using the management server ACL support provided by the msConfigure command. Note that this is a switch-specific setting and not a fabric-wide setting. Admin Domain port members - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 459
zone databases for each AD. Admin Domains support the default zone mode of No Access only. Before configuring any Admin Domain, you must set the default zone to No Access mode. Admin Domains without effective zone configurations are presented with No Access. Refer to "Default zoning mode" on page - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 460
to another Admin Domain. Refer to Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about LSAN zones. Configuration upload and download in an AD context The behavior of the configUpload and configDownload commands varies depending on the AD context and whether the switch is - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 461
Licensing" • Chapter 19, "Inter-chassis Links" • Chapter 20, "Monitoring Fabric Performance" • Chapter 21, "Optimizing Fabric Behavior" • Chapter 22, "Managing Trunking Connections" • Chapter 23, "Managing Long-Distance Fabrics" • Chapter 24, "Using FC-FC Routing to Connect Fabrics" Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 462
462 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 463
features associated with the licenses installed on your switch, use the configUpload command before you upgrade or downgrade Fabric OS. Fabric OS includes basic switch and fabric support software, and support for optionally licensed software that is enabled using license keys. In Fabric OS v7.0.0 or - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 464
in Fabric OS 7.1. TABLE 69 License Available Brocade licenses Description 10 Gigabit FCIP/Fibre Channel (10G license) 7800 Upgrade • Allows 10 Gbps operation of FC ports on the Brocade 6510or 6520 switches or the FC ports of FC16-32 or FC16-48 port blades installed on a Brocade DCX 8510 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 465
products that support Access Gateway deployment. Brocade Ports on Demand Allows you to instantly scale the fabric by provisioning additional ports using license key upgrades. NOTE: Applies to the Brocade 300, 5100, 5300, 6505, 6510, 6520, and VA-40FC switches. DataFort Compatibility Provides - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 466
Management Server Enables host-control of switches in mainframe environments. (Also known as Control Unit Port or "CUP") High Performance Extension over FCIP/FC Includes the IPsec capabilities. (formerly known as "FC-IP Services") ICL 8-Link Activates all eight links on ICL ports on a Brocade - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 467
required. N/A Configuration up/download No license required. N/A NOTE: The configUpload and configDownload commands are provided automatically with Fabric OS on the switch. Converged Enhanced Ethernet Requires FCoE base license and POD1 license. NOTE: These licenses are installed by default - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 468
over FCIP/FC or Advanced FICON Acceleration license on Brocade 7800 Local switch. Local and attached switches. Local and attached switches. No license required. N/A No license required. N/A NOTE: The firmwareDownload command is provided automatically with Fabric OS on the switch. Full Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 469
. Port fencing Ports Fabric Watch • Ports on Demand licenses required, applicable to a select set of switches only. • 7800 Upgrade license for the 7800 switches to use all ports. • 10 Gigabit FCIP/Fibre Channel license to use 10Gb FC ports on FC16-32 blades, FC16-48 blades, and the Brocade 6510 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 470
8 Gbps license is installed by default, and you should not remove it. A 10-Gb FCIP/Fibre Channel license is needed to support 10Gb FC ports on FC16-32 blades, FC16-48 blades, and the Brocade 6510 and 6520, as well as to support the 10Gb Ethernet ports on FX8-24 blades. (See the Ports feature above - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 471
-8 platforms without consuming valuable front-end ports. Each Brocade DCX 8510-8 platform must have the ICL 2nd POD license installed to enable the full number of ICL connections possible. This license is available for the Brocade DCX 8510-8 only. Fabric OS Administrator's Guide 471 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 472
-4S and DCX platforms only. ICL 16-link license The ICL 16-link license provides dedicated high-bandwidth links between two Brocade DCX chassis, without consuming valuable front-end ports. Each Brocade DCX chassis must have the ICL 16-link license installed in order to enable the full number of ICL - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 473
. The 8 Gbps license applies to the Brocade 300, 5100, 5300, and VA-40FC switches and the 8 Gbps embedded switches; this license does not apply to the Brocade 6505, 6510, or 6520. The following list describes the basic rules of using, adding, or removing 8G licenses: • Without an 8G license, even if - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 474
feature on the FX8-24 blade and the 10 Gbps FC feature on the 16 Gbps FC blades are both enabled by the same 10 Gigabit FCIP/Fibre Channel license (10G license). This license can also enable the 10 Gbps FC feature on a Brocade 6510 or 6520 switch as a chassis-based license. Any unassigned slot-based - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 475
-remove command to remove the license from the slot. 10G licensing The 10 Gbps FCIP/Fibre Channel license (10G license) enables the following features: • 10 Gbps access on the 16 Gbps FC ports on Brocade 6510 or 6520 switches, and FC16-32 and FC16-48 port blades. • The two 10-GbE ports on the FX8-24 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 476
at 10G FC speed on a 16G FC blade or 16G FC switch does not need an Extended Fabrics license to be used for FC long distance connectivity. FC ports licensed and configured to operate at 10 Gbps on a Brocade 6510 or 6520 switch or 16 Gbps FC port blade cannot interoperate with 10 Gbps FC ports on the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 477
FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 6510-switch:admin> portcfgoctetspeedcombo 2 6510-switch:admin> portcfgspeed 2 10 Enabling the 10-GbE ports on an FX8-24 blade Use the following procedure to enable the 10-GbE ports on an FX8-24 blade: 1. Connect to the Brocade Backbone - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 478
-based) • Advanced FICON Acceleration license (slot-based) • Adaptive Networking with QoS license (not required for Brocade 6520) • Advanced Performance Monitoring license • Enterprise ICL license • Fabric (E_Port) license • Fabric Watch license 478 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 479
Temporary licenses 18 • FICON Management Server (CUP) license • Extended Fabrics license • High Performance Extension over FCIP/FC license • Integrated Routing license • Server Application Optimization license • ISL Trunking license Restrictions on upgrading temporary slot-based licenses If the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 480
procedure to remove an expired licence: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the reboot command for the expiry to take affect. Universal temporary licenses Universal temporary license keys include a duration period. Once installed on a switch - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 481
with the software license keys and installation instructions. Adding a licensed feature To enable a feature, go to the feature's appropriate section in this manual. Enabling a feature on a switch may be a separate task from adding the license. For the Brocade Backbones, licenses are effective on - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 482
16 port upgrade license 2 Domain Fabric license Integrated Routing license Storage Application Services license FICON Tape license FICON XRC license Adaptive Networking license Inter Chassis Link license Enhanced Group Management license 8 Gig FC license DataFort Compatibility license Server - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 483
of 24 ports is allowed. • Brocade 6510-Can be purchased with 24, 36, or 48 licensed ports. A maximum of 48 ports is allowed. • Brocade 6520-Can be purchased with 48, 72, or 96 licensed ports. A maximum of 96 ports is allowed. • Brocade 8000-Must have license installed to enable the 8 FC ports - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 484
in ports 24 through 31. For details on inserting transceivers, see the switch's hardware reference manual. Displaying installed licenses If a single license is installed that enables all Ports on Demand, the license will display as "Full Ports on Demand license - additional X port upgrade license - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 485
or switch installation. The following platforms support Dynamic POD: • Switches: - Brocade 6505 - Brocade 6510 - Brocade 6520 • Embedded switch modules for bladed servers: - Brocade 5410 - Brocade 5424 - Brocade 5450 - Brocade 5460 - Brocade 5470 - Brocade 5480 Fabric OS Administrator's Guide 485 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 486
. Use the following procedure to display the port license assignments: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the licensePort --show command. Example showing manually assigned POD licenses switch:admin> licenseport --show 24 ports are available in this - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 487
by a full POD license 24 ports are assigned to installed licenses: 12 ports are assigned to the base switch license 12 ports are assigned to the full POD license Ports assigned to the base switch license: 1, 2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20 Fabric OS Administrator's Guide 487 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 488
using an account with admin permissions. 2. Enter the licensePort --show command to verify there are port reservations available. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 489
port from the POD license. switch:admin> licenseport --release 0 5. Enter the licensePort --show command to verify the port is no longer assigned to a POD set. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 490
18 Ports on Demand 490 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 491
you connect two Brocade Backbones, the following features are supported: • Trunking NOTE A Brocade trunking license is not required for trunking on ICL connections but is required for ISL trunking connections. • Buffer-to-buffer credit sharing • QoS Fabric OS Administrator's Guide 491 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 492
DCX Backbone family chassis to a Brocade DCX 8510 Backbone family chassis. Refer to the specific hardware reference manuals for additional information about LED status meanings and ICL connections, including instructions on how to cable ICLs. ICLs for the Brocade DCX 8510 Backbone family Each ICL - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 493
are not supported. This is a topology restriction with 16 Gbps ICLs and any ISLs that are E_Ports or VE_Ports. ICL trunking on the Brocade DCX 8510-8 and DCX 8510-4 ICL trunks form automatically but additional licenses may be required for enabling all ICL ports or for larger ICL configurations. For - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 494
the Brocade DCX-4S, each ICL is managed as one 8-port ISL trunk. Follow the guidelines in the specific hardware reference manuals for connecting the ICL cables. Virtual Fabrics considerations for ICLs In Virtual Fabrics, the ICL ports can be split across the logical switch, base switch, and default - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 495
form is the full nine-mesh topology shown in Figure 62. This topology is supported by DCX 8510-8 Backbones only. (You can use DCX 8510-4 Backbones for a five-mesh topology.) FIGURE 61 ICL triangular topology with Brocade DCX 8510-8 chassis Fabric OS Administrator's Guide 495 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 496
. In this case, the triangular topology broken message is posted independently of the cost of the ISL path being lesser or greater than the ICL path between the two switches. Core-edge topology You can also connect the Brocade DCX 8510 Backbones in a core-edge topology. For example, Figure 63 shows - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 497
Supported topologies for ICL connections 19 FIGURE 63 64 Gbps ICL core-edge topology Fabric OS Administrator's Guide 497 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 498
19 Supported topologies for ICL connections 498 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 499
. Refer to the Web Tools Administrator's Guide and Brocade Network Advisor User Manual for information about monitoring performance using a graphical interface. Advanced Performance Monitoring commands are available only to users with admin permissions. Use the perfhelp command to display a list of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 500
be installed only in the ingress direction. Virtual Fabrics considerations for Advanced Performance Monitoring In a fabric with Virtual Fabrics enabled, the number of logical switches that can be configured with monitors is restricted. Table 73 lists the platforms that support logical switches and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 501
maximum number of end-to-end monitors supported varies depending on the switch model: • The Brocade DCX 8510, 6505, 6510, and 6520 models allow up to 512 end-to-end monitors shared by all ports in the same ASIC. Also, these models allow up to 256 end-to-end monitors per port. • The Brocade DCX, DCX - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 502
to 341 end-to-end monitors on one logical switch. Supported port configurations for EE monitors You can configure EE monitors on F_Ports and, depending on the switch model, on E_Ports. The following platforms support EE monitors on E_Ports: • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade DCX - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 503
mask, all existing end-to-end monitors are deleted. ATTENTION End-to-end masks are supported only on the Brocade 8000 and the Brocade Encryption Switch. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfSetPortEEMask command. perfsetporteemask [slotnumber - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 504
65 Mask positions for end-to-end monitors Deleting EE monitors 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfMonitorShow command to list the valid end-to-end monitor numbers for a port. 3. Enter the perfDelEEMonitor command to delete a specific - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 505
that have been transmitted by the port) or a user-defined frame type customized for your particular use. For a complete list of the standard, predefined frame types, refer to the fmMonitor command description in the Fabric OS Command Reference. Fabric OS Administrator's Guide 505 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 506
requires the Fabric Watch license. When you configure actions and alerts through the fmMonitor command, Fabric Watch uses these values and generates alerts based on the configuration. If you do not have a Fabric Watch license, these values are ignored. Refer to the Fabric Watch Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 507
. To apply the custom values, use the thconfig --apply command. Refer to the Fabric Watch Administrator's Guide for more information about using this command. Example of creating a user-defined frame type switch:admin> fmmonitor --create myframemonitor -pat "17,0xFF,0x07;7,0x4F,0x01;" -action email - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 508
saves the port configuration persistently. switch:admin> fmmonitor --addmonitor SCSI -port 3-12 -nosave switch:admin> fmmonitor --save SCSI Displaying frame monitors 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the fmMonitor --show command. 508 Fabric OS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 509
the fmMonitor --clear command to clear the counters on the ports on which the specified frame type is monitored. Example The following example clears the counters for the ABTS monitor from ports 7 through 10. switch:admin> fmmonitor --clear ABTS -port 7-10 Fabric OS Administrator's Guide 509 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 510
from the port and flowing to different destinations. You can configure Top Talker monitors on F_Ports and, depending on the switch model, on E_Ports. The following platforms support Top Talker monitors on E_Ports: - Brocade 6505 - Brocade 6510 - Brocade 6520 - Brocade DCX 8510 family • Fabric mode - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 511
Top Talker monitors does not support requests for domains (either front port domain or xlate domain). • Fabric mode Top Talker monitors do not monitor flows over EX_Ports. For example, if a host is connected directly to an FC router and the target is on the edge switch (refer to Figure 66 on page - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 512
of all port mode Top Talker monitors on an ASIC is 8. • If the ingress and egress monitor ports are configured on the same ASIC, F_Port Top Talker monitors show the flow from only one of the ports, either the ingress or the egress port, but not both. 512 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 513
to the new switch. Displaying the top n bandwidth-using flows on a port (port mode) 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfTTmon --show command. perfttmon --show [slotnumber/]port [n] [wwn | pid] Fabric OS Administrator's Guide 513 53-1002745 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 514
mode) 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfTTmon --show dom command. perfttmon --show dom domainid [n] [wwn | pid] Fabric mode must be enabled for this option. The output is sorted based on the data rate of each flow. If you do not specify - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 515
when a trunk comes up, the monitor automatically moves to the master port of the trunk. Notes • End-to-end monitors are supported for ISLs only on the Brocade 6505, 6510, 6520, and DCX 8510 family. • If an EE monitor is installed on a trunk group and you disable the trunk, the EE monitor will be - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 516
Performance Monitoring is deleted when the switch is rebooted. Using the Brocade Network Advisor Enterprise Edition, you can store performance data persistently. For details on this feature, refer to the Brocade Network Advisor User Manual. 516 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 517
prioritization over FC routers 532 creating a dedicated path for traffic flowing from a specific set of source ports (F_Ports). Traffic Isolation Zoning does not require a license. See Chapter 12, "Traffic Isolation Zoning," for more information about this feature. Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 518
port. Ingress Rate Limiting requires an Adaptive Networking license. See "Ingress Rate Limiting" on page 518 for more information about this feature. • Quality of Service (QoS) SID/DID Traffic Prioritization SID/DID traffic prioritization allows you to categorize the traffic flow between a host - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 519
Rate Limiting on slot 3, port 9 portcfgqos --resetratelimit 3/9 QoS: SID/DID traffic prioritization SID/DID traffic prioritization allows you to categorize the traffic flow between a host and target as having a high, medium, or low priority. Fabric OS supports two types of prioritization: • Class - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 520
Networking license must be installed on every switch that is in the path between a configured device pair. NOTE The Brocade 6520 does not require licenses for the Ingress Rate Limiting and QoS SID/DID features. They are enabled by default. When you install the Adaptive Networking license, QoS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 521
" on page 523. Supported configurations for CS_CTL-based frame prioritization • CS_CTL-based frame prioritization is supported on all 8-Gbps and 16-Gbps platforms. • All switches in the fabric should be running Fabric OS v6.0.0 or later. Fabric OS Administrator's Guide 521 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 522
Mode options for the configureChassis CLI command to change from the chassis-wide default mode (see Table 77 on page 521), as in the following example. switch:admin> configurechassis Configure... cfgload attributes (yes, y, no, n): [no] y Enforce secure config Upload/Download (yes, y, no, n): [no - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 523
Adaptive Networking license is added, ISLs are formed without QoS. When you install the Adaptive Networking license, QoS is automatically enabled on all ports for which you have not manually disabled QoS, as the ports in the trunk group are set to QoS enabled by default. Adding the license does not - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 524
you install the Adaptive Networking license, manually disable QoS on these ports, as described in "Manually disabling QoS on trunked ports" on page 524. Manually disabling QoS on trunked ports NOTE QoS is disabled by default on long-distance 8-Gbps and 16-Gbps ports. The following procedure does - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 525
:AutoNegotiate, ..:OFF, NA:NotApplicable, ??:INVALID, switch:admin> portcfgqos --disable 19 QoS zones You assign high or low priority (QoS level) by configuring a QoS zone. A QoS zone is a special zone that indicates the priority of the traffic flow between a given host/target pair. The members of - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 526
QoS zones The switch automatically sets the priority for the "host,target" pairs specified in the zones according to the priority level (H or L) in the zone name. The flow id allows you to have control over the VC assignment and control over balancing the flows throughout the fabric. The id range - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 527
from the hosts to domain 3, but would switch to the default (medium) priority from domain 3 to the target S3. QoS over FC routers QoS over FC routers uses QoS traffic prioritization between devices in edge fabrics over an FC router. See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 528
fabric configuration: supported on 16-Gbps-capable platforms only (Brocade 6510, 6520, and Brocade DCX 8510 family), and only if no other platforms are used. For all other platforms, you cannot prioritize the flow between a device in an edge fabric and a device in the backbone fabric. • QoS over FC - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 529
crosses an ISL for a switch running a firmware version earlier than Fabric OS v6.0.0, the frames are dropped. • By default, all devices are assigned medium priority. - To be assigned high or low priority, hosts and targets must be connected to a Brocade 8-Gbps or 16-Gbps switch or port blade. - To - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 530
for loop or NPIV ports. • If QoS is enabled, an additional 16 buffer credits are allocated per port for 8-Gbps ports in LE mode. See Chapter 23, "Managing Long-Distance Fabrics," for information about buffer credit allocation in extended fabrics. • Trunking considerations: If some ports in a trunk - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 531
in localized disruption to traffic on ports associated with the traffic isolation zone changes Do you want to enable 'cfg1' configuration (yes, y, no, n): [no] y zone config "cfg1" is in effect Updating flash ... sw0:admin> portcfgqos --enable 3 Fabric OS Administrator's Guide 531 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 532
over FC routers 1. Connect to the switch in the edge fabric and log in using an account with admin permissions. 2. Create QoS zones in the edge fabric. The QoS zones must have WWN members only, and not D,I members. See "Setting QoS zone-based traffic prioritization" on page 530 for instructions - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 533
of links. The Trunking license is required for any type of trunking, and must be installed on each switch that participates in trunking. For details on obtaining and installing licensed features, see Chapter 18, "Administering Licensing". Fabric OS Administrator's Guide 533 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 534
master port and then come back online. Masterless trunking is supported for most platforms and trunking types: • All F_Port trunking is masterless. • ISL and ICL trunking are masterless. • EX_Port trunking is masterless, except on Backbones with VF disabled. 534 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 535
usually contiguous, but they might not be. Refer to the hardware reference manual for your switch for information about which ports can be used in the same port group for trunking. FIGURE 71 Trunk group configuration for the Brocade 5100 Supported configurations for trunking • Trunk links can be - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 536
between participating switches. • Trunking cannot be done if ports are in ISL R_RDY mode. (You can disable this mode by using the portCfgIslMode command.) • Trunking is supported only on FC ports. Virtual FC ports (VE_ or VEX_Ports) do not support trunking. 536 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 537
are using a core and edge topology, place trunking-capable switches at the core of the fabric and any switches that are not trunking-capable at the edge of the fabric. • When connecting two switches with two or more ISLs, ensure that all trunking requirements are met to allow a trunk group to form - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 538
or "Configuring F_Port trunking for a Brocade adapter" on page 545 for information. Enabling trunking on a port or switch You can enable trunking for a single port or for an entire switch. Because trunking is automatically enabled when you install the Trunking license, you need to use this procedure - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 539
in a switch. Use the portPerfShow command to monitor problem areas where there are congested paths or dropped links, to determine whether you need to adjust the fabric design by adding, removing, or reconfiguring ISLs and trunking groups. For additional information on using the Brocade Advanced - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 540
addition to the criteria listed in "Supported configurations for trunking" on page 535, observe the following criteria for trunking over extended fabrics: • It is supported only on switches running Fabric OS v6.1.0 and later. • Extended Fabrics and Trunking licenses are required on all participating - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 541
on the front of the product. ATTENTION This feature should be enabled only if the entire configuration is running Fabric OS v5.2.0 or later. If router port cost is used with EX_Port trunking, the master port and slave ports share the router port cost of the master port. See Chapter 24, "Using FC-FC - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 542
interoperate with older FC routers and all previously supported Brocade switches in the backbone fabric or Brocade edge fabric. Configuring EX_Port trunking With EX_Port trunking, you use the same CLI commands as you do for E_Port trunking. See "Configuring trunk groups" on page 538 for instructions - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 543
" F_Port trunking You can configure F_Port trunking in the following scenarios: • Between F_Ports on a Fabric OS switch and N_Ports on an Access Gateway module • Between F_Ports on a Fabric OS switch and N_Ports on a Brocade adapter For F_Port trunking, you must create a Trunk Area (TA) within - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 544
on page 544 for instructions on configuring F_Port trunking. Requirements for F_Port trunking on an Access Gateway In addition to the requirements listed in "Requirements for trunk groups" on page 536, refer to the Access Gateway Administrator's Guide for additional requirements that are specific to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 545
Brocade Adapters Administrator's Guide for a detailed description and requirements of N_Port trunking on the adapters. 1. On the switch side, perform the following steps: a. Configure both ports for trunking by using the portCfgTrunkPort command. switch:admin> portcfgtrunkport 3/40 1 switch:admin - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 546
296 Trunk index 296 enabled for ports 3/40 and 3/41. 2. On the host side, enable trunking as described in the Brocade Adapters Administrator's Guide. 3. On the switch side, enable the ports by using the portEnable command. switch:admin> portenable 3/40 switch:admin> portenable 3/41 F_Port trunking - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 547
. NPIV Supported on F_Port master trunk. PID format F_Port trunking is supported only in the CORE PID format. Port mirroring Port mirroring is not supported on Trunk Area ports or on the PID of an F_Port trunk port. Port mirroring is not supported on the Brocade Encryption Switch. Port Swap - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 548
for assigning to NPIV/Loop ports to support 112 (448/4) NPIV/Loop ports in a logical switch with 256 devices each. The following are the F_Port trunking considerations for Virtual Fabrics: • If a port is enabled for F_Port trunking, then you must disable the configuration before you can move - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 549
switch. See Chapter 10, "Managing Virtual Fabrics," for detailed information about Virtual Fabrics. Displaying F_Port trunking information Use the following commands on the edge switch to verify the F_Port trunking configuration. • Enter the switchshow command to display the switch and port - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 550
. 3. Turn on the trunk ports. Turn on trunk ports after issuing the secPolicyActivate command, to prevent the ports from becoming disabled in case there is a DCC security policy violation. You can configure authentication on all Brocade trunking configurations. For more information on authentication - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 551
distances beyond 10 km. A Brocade Extended Fabrics license is required before you can implement long-distance dynamic (LD) and long-distance static (LS) distance levels. The LD and LS settings are necessary to achieve maximum performance results over inter-switch links (ISLs) that are greater than - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 552
This efficiency ensures the highest possible performance on ISLs. Extended Fabrics device limitations Note the limitations regarding the following platforms: • Brocade 8000 FCoE switch Extended Fabrics is not supported on this platform. • FC8-64 port blade Brocade recommends that you do not use the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 553
configurations, refer to Chapter 22, "Managing Trunking Connections". • Only qualified Brocade SFPs are used. Only Brocade-branded or certain Brocade-qualified SFPs are supported. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 554
step 4 and step 5 for the remote extended ISL port. Both the local and remote extended ISL ports must be configured to the same distance_level. When the connection is initiated, the fabric will reconfigure. Example The following example configures slot 1, port 2 to support a 100-km link in LS mode - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 555
credit recovery is not compatible with the IDLE mode. If you do not disable buffer credit recovery, it continues to perform a link reset. switch:admin> portcfgcreditrecovery --disable [slot/]port 4. Configure the port to support long-distance links. switch:admin> portcfglongdistance [slot/]port,LS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 556
pool of credits is used to manage buffer-to-buffer flow control.A sending port uses its available credit supply and waits to have the credits replenished by the port on the opposite end of the link. These buffer credits are used by Class 2 and Class 3 services and rely on the Fibre Channel - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 557
how many ports can be configured for long distance on all Fabric OS v7.x-capable switch modules: • Each port is part of a port group that includes a pool of buffer credits that can be used. This port group is not the same as the port groups used for ISL Trunking. • Each user port reserves eight - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 558
is used to allocate the buffers required for the port. Refer to the data in Table 83 on page 563 and Table 84 on page 564 to get the total ports in a switch or blade, the number of user ports in a port group, and the unreserved buffer credits available per port group. The values reflect an estimate - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 559
to that user port) = 492 buffers to a single port, you can calculate the maximum single-port extended distance supported: Maximum Distance X (in km) = (BufferCredits + 6) * 2 / LinkSpeed 498 km = (492 + 6 buffers for Fabric Services) * 2 / 2 Gbps How many 50-km ports can you configure? If you have - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 560
to the real value of 100 km. LS mode allows for the necessary desired_distance value based on the data size entered, regardless of the distance. If buffer credit recovery is enabled, Fabric OS supports a BB_SC_N range of 1 to 15; therefore, it is impossible for the desired_distance value to be more - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 561
omit the distance, speed, or frame size, the command uses the currently configured values for the port. Given the buffer requirement and port speed, you can use the same distance and frame size values when using the portCfgLongDistance command. Fabric OS Administrator's Guide 561 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 562
procedure, 12 buffers are configured for an F_Port. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portCfgFPortBuffers command. switch:admin> portcfgfportbuffers --enable 2/44 12 3. To disable the port buffer configuration and return to the default - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 563
26 468 5480 24 24 484 6505 24 24 7952 6510 48 48 7760 6520 96 48 4256 7800 16 16 408 8000 *** Extended Fabrics is not supported on this switch *** VA-40FC 40 40 1692 Brocade Encryption Switch 32 16 1392 FC8-16 16 16 1292/508 Fabric OS Administrator's Guide 563 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 564
243 121.5 N/A N/A 6505 7426 3713 1856 1485 928 6510 6754 3377 1688 1350 844 6520 4064 2032 1016 812 508 7800 410 205 102 N/A N/A 8000 *** Extended Fabrics is not supported on this switch *** VA-40FC 1694 847 423 N/A N/A Brocade Encryption Switch 1392 696 348 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 565
credit management 23 TABLE 84 Configurable distances for Extended Fabrics (Continued) Maximum distances (km) that can be configured (assuming a 2112-byte frame size) Switch/blade model 2 Gbps 4 Gbps 8 Gbps 10 Gbps 16 Gbps FC8-32 FC8-32E FC8-48 FC8-48E FC8-64 FC16-32 FC16-48 FS8-18 FX8-24 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 566
For 16-Gbps FC devices and blades (Brocade 6505, 6510, 6520, CR16-4, CR16-8, FC8-32E, FC8-48E, FC16-32, FC16-48), you can use the portCfgCreditRecovery command to disable or enable buffer credit recovery on a port. Buffer credit recovery over an E_Port To support buffer credit recovery, E_Ports must - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 567
at either end of the EX_Port-to-E_Port link are not matched, the link will come up, but Refer to the Fabric OS Command Reference for lists of devices and blades that support 16 Gbps and 8 Gbps. Enabling and disabling buffer credit recovery To disable buffer credit recovery on a port, perform the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 568
example enables buffer credit recovery on port 1/20. switch:admin> portcfgcreditrecovery 1/20 -enable Forward error correction on long-distance links Forward error correction (FEC) on user ports is supported for LD and LS long-distance modes. Use the portCfgLongDistance command with the -fecEnable - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 569
Using FC-FC Routing to Connect Fabrics 24 In this chapter •FC-FC routing overview 569 •Fibre Channel routing concepts 572 •Setting up FC-FC routing 579 •Backbone fabric IDs 581 •FCIP tunnel configuration 582 •Inter-fabric link configuration 583 •FC router port cost configuration 587 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 570
QoS and instructions for setting traffic prioritization over an FC router. ATTENTION FCR is not supported on a Brocade 7800 that has been enabled for logical switches. License requirements for FC-FC routing The Integrated Routing license is required for FC-FC routing between Fabric OS fabrics and - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 571
the platforms listed in "Supported platforms for FC-FC routing" on page 570 support FC-FC routing to a Brocade Network OS fabric, except for the Brocade Encryption Switch. • VEX_Ports do not support Network OS connectivity. • FCoE devices connected to a Brocade 8000 switch or FCOE10-24 blade cannot - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 572
propagate fabric services or routing topology information from one edge fabric to another. Refer to the Fibre Channel over IP Administrator's Guide for details about VE_Ports. • Edge fabric An edge fabric is a Fibre Channel fabric with targets and initiators connected through the supported platforms - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 573
has a name server entry and is assigned a valid port ID. When a proxy device is created in a fabric, the real Fibre Channel device is considered to be imported into this fabric. The presence of a proxy device is required for inter-fabric device communication. Refer to "Proxy devices" on page 575 for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 574
routers can be used to increase the available bandwidth between fabrics and to provide redundancy. Figure 76 shows a metaSAN consisting of a host in Edge SAN 1 connected to storage in Edge SAN 2 through a backbone fabric connecting two FC routers. 574 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 575
two types of phantom domains: front phantom domains and translate phantom domains. For detailed information about phantom domains, refer to "Phantom domains" on page 577. Proxy devices An FC router achieves inter-fabric device connectivity by creating proxy devices (hosts and targets) in attached - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 576
never be the principal switch of the backbone fabric. Front domains are not created; rather, only translate phantom domains are created in the backbone fabric. Devices are exported from the backbone fabric to one or more edge fabrics using LSANs. Refer to "LSAN zone configuration" on page 590 for - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 577
24 Phantom domains A phantom domain is a domain created by the Fibre Channel router. The FC router creates two types of phantom domains: front phantom domains and translate phantom domains. A front phantom domain, or front domain, is a domain that is projected from the FC router to the edge fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 578
24 Fibre Channel routing concepts Host 1 Fabric 1 Front domain 1 (FC router 1) Xlate domain 1 (Fabric 2) Front domain 2 (FC router 2) Xlate domain 2 (Fabric 3) Target 1' Target 2' Target 3' FIGURE 79 EX_Port phantom switch topology All EX_Ports or VEX_Ports connected to an edge fabric use the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 579
leave the default Passive policy configured on the Fabric OS Router while the Active or On policy is required on the edge switch. Setting up FC-FC routing To set up FC-FC routing, perform the following tasks in the order listed. 1. Verify that you have the proper setup for FC-FC routing. (Refer to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 580
FC8-48 ENABLED Refer to Chapter 3, "Performing Advanced Configuration Tasks," for a list of blades and their corresponding IDs. 3. Enter the licenseShow command to verify that the Integrated Routing license is installed. switch:admin> licenseshow S9bddb9SQbTAceeC: Fabric license bzbzRcbcSc0c0SY - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 581
Routing license is not required if you are connecting to a Brocade Network OS fabric. 4. Verify that the Fabric-Wide Consistency Policy is not in "strict" mode by issuing the fddCfg --showall command. When it is in strict mode, ACL cannot support Fibre Channel routing in the fabric. switch:admin - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 582
ID does not conflict with any configured EX-Port's Fabric ID Backbone fabric ID: (1-128)[128] switch:admin> fosconfig --enable fcr FC Router service is enabled switch:admin> switchenable FCIP tunnel configuration The optional Fibre Channel over IP (FCIP) Tunneling Service enables you to use "tunnels - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 583
Inter-fabric link configuration 24 Refer to the Fibre Channel over IP Administrator's Guide for instructions on how to configure FCIP tunnels. Inter-fabric link configuration Before configuring an inter-fabric link (IFL), be aware that you cannot configure both IFLs (EX_Ports, VEX_Ports) and ISLs - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 584
the edge fabric. 7. Enter the portCfgShow command to view ports that are persistently disabled. FC ports on the Brocade 7800 switches and FX8-24 blades are configured as persistently disabled by default, to avoid inadvertent fabric merges when installing a new FC router. switch:admin> portcfgshow - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 585
the portCfgEXPort or portShow command to verify that each port is configured correctly. switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT OK Pid format: Not Applicable Operate mode: Brocade Native Edge Fabric ID: 30 Preferred Domain ID: 160 Front WWN: 50:06:06 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 586
static IPv6 addresses for each FC router and each edge fabric switch connected to the EX_Ports. switch:admin> fcrfabricshow FCR WWN: 10:00:00:05:1e:13:59:00, Dom ID: 2, Info: 10.32.156.52 1080::8:800:200C:1234/64,"Spirit-2" "fcr_5300" EX_Port FID Neighbor Switch Info (WWN, enet IP, name 7 10 10:00 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 587
iflshow command to display the FCR details and ensure the fabric is functioning correctly. switch:FID128:root> iflshow E-Port EX-Port FCR-WWN FCR-FID FCR-Name Speed BW 1 : 350 --> 12 10:00:08:00:88:04:93:94 39 fcr_sw 4G 8G TRUNK FC router port cost configuration The FC router port cost - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 588
link. For details about the use of any of the following commands, refer to the Fabric OS Command Reference. 1. Enter the portDisable command to disable any port on which you want to set the router port cost. switch:admin> portdisable 7/10 2. Enable EX_Port or VEX_Port mode with the portCfgEXPort or - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 589
• To set the cost of the EX_Port back to the default, enter a cost value of 0: switch:admin> fcrrouterportcost 7/10 0 5. Enter the portEnable command to enable the ports that you disabled in step 1. switch:admin> portenable 7/10 EX_Port frame trunking configuration You can configure EX_Ports to use - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 590
and manage LSANs using Brocade Advanced Zoning. NOTE For performance reasons, Brocade recommends that you do not configure LSANs for device sharing between Fabric OS fabrics until after you activate the Integrated Routing license. Use of Admin Domains with LSAN zones and FC-FC routing You can create - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 591
connect to switch1. 2. Enter the nsShow command to list the WWN of the host (10:00:00:00:c9:2b:c9:0c). NOTE The nsShow output displays the LSAN zone status of a device, the port WWN, and the node WWN; the port WWN must be used for LSANs. switch:admin> nsshow { Type Pid COS PortName NodeName - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 592
: no configuration in effect 10. Enter the cfgAdd and cfgEnable commands to create and enable the LSAN configuration. switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric2" switch:admin> cfgenable "zone_cfg" You are about to enable a new zoning configuration. 592 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 593
' configuration (yes, y, no, n): [no] y zone config "zone_cfg" is in effect Updating flash ... 11. Log in as an admin and connect to the FC router. 12. Enter the following commands to display information about the LSANs: • lsanZoneShow -s shows the LSAN. switch:admin> lsanzoneshow -s Fabric ID - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 594
against the LSANs configured using the fcrResourceShow command. HA and downgrade considerations for LSAN zones Be aware of how LSAN zones impact high availability and firmware downgrades: • The LSAN zone matrix is synchronized to the standby CP. • On a dual CP switch, both CPs must have Fabric OS v5 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 595
80 on page 596, assume that the host, H1, needs fast access to target devices D1 and D2. You could set up the Speed tag as follows: 1. In FC router 1 and FC router 2, configure the Speed tag as "super". 2. In Edge fabric 2, configure two LSANs: Fabric OS Administrator's Guide 595 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 596
must be disabled before you configure the Enforce tag. Configuring the Speed tag does not require that the FC router be disabled; however, after configuring the Speed tag, you must toggle the host or target port to trigger the fast import process. 596 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 597
is eight. • Up to 500 Speed LSAN tags are supported. Configuring an Enforce LSAN tag 1. Log in to the FC router as admin. 2. Enter the following command to disable the FC router: switchdisable 3. Enter the following command to create an Enforce LSAN tag: fcrlsan --add -enforce tagname The tagname - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 598
24 LSAN zone configuration 1. Log in to the FC router as admin. 2. Enter the fcrlsan --remove command to remove an existing LSAN tag. If you remove an Enforce LSAN tag, you must disable the switch first. Example of removing an Enforce LSAN tag sw0:admin> switchdisable sw0:admin> fcrlsan --remove - - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 599
LSAN zone configuration 24 With LSAN zone binding, each FC router in the backbone fabric stores only the LSAN zone entries of the remote edge fabrics that can access its local edge fabrics. The LSAN zone limit supported in the backbone fabric is not limited by the capability of one FC router. In - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 600
. You set up LSAN zone binding using the fcrLsanMatrix command. This command has two options: -fcr and -lsan. The -fcr option is for creating and updating the FC router matrix, and the -lsan option is used for creating and updating the LSAN fabric matrix. NOTE Best practice: Use this feature in - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 601
can use the fcrLsanMatrix command with the -fcr option to create the corresponding FC router matrix: fcrlsanmatrix --add -fcr wwn1 wwn2 fcrlsanmatrix --add -fcr wwn3 wwn4 The variables wwn1, wwn2, wwn3, and wwn4 are the WWNs of the four FC routers. Now edge fabrics 1, 2, 3, 7, and 8 can access each - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 602
24 LSAN zone configuration Setting up LSAN zone binding 1. Log in to the FC router as admin. 2. Enter the following command to add a pair of FC routers that can access each other: FCR:Admin> fcrlsanmatrix --add -fcr wwn1 wwn2 The variables wwn1 and wwn2 are the WWNs of the FC routers. 3. Enter the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 603
the switch and want to continue using the old PID assignments, you can configure it to do so; this value remains in the system even if the blade is replaced. To minimize disruption to the edge fabrics, set the proxy PIDs to the same values used with the old hardware. The fcrProxyConfig command - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 604
frames. (Refer to "Broadcast zones" on page 310 for information about setting up broadcast zones.) By default, broadcast frames are not forwarded from the FC router to the edge fabrics. NOTE Broadcast frame forwarding is not supported in an FCR fabric with a Brocade 8000. By default, broadcast - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 605
the number of translate node and port WWNs from this pool. • Phantom Node WWNs • Phantom Port WWNs • Max proxy devices • Max NR_Ports The following example shows the use of the fcrResourceShow command to display physical port (EX_Port) resources. switch:admin> fcrresourceshow Daemon Limits: Max - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 606
. • Backbone-to-edge routing is not supported in the base switch. Refer to "Backbone-to-edge routing with Virtual Fabrics" on page 608 for information about how to configure legacy FC routers to allow backbone-to-edge routing with Virtual Fabrics. • All FCR commands can be executed only in the base - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 607
FC-FC routing and Virtual Fabrics 24 • Although the Brocade 6510 and 6520 supports up to four logical switches, if you are using FC-FC routing, they can have a maximum of three logical switches. Logical switch configuration for FC routing Figure 82 shows an example of two chassis partitioned - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 608
-to-edge routing with Virtual Fabrics Backbone-to-edge routing is not supported in the base switch, unless you use a legacy FC router. A legacy FC router is an FC router configured on a Brocade 7500 switch. Base switches can participate in a backbone fabric with legacy FC routers. You cannot connect - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 609
all FC router operations on the switch. Brocade recommends that you save your FC-FC routing configuration (using the configUpload command) before performing any downgrades. For further instructions on downgrading, refer to Chapter 9, "Installing and Maintaining Firmware". How replacing port blades - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 610
. 2. Enter the lsDbShow command on the edge fabric. In the lsDbShow output, ports in the range from 129 through 255 are the output ports on the front domain. The following example shows the range of output ports. linkCnt = 2, flags = 0x0 LinkId = 53, out port = 1, rem port = 35, cost = 500, costCnt - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 611
the 24-bit port ID (PID) on any Brocade Backbone. Enter the switchShow command without parameters to show the port index mapping for the entire platform. Enter the switchShow -slot command for port mapping information for the ports on the blade in a specific slot. Include the --qsfp option to list - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 612
E-Port FC E-Port FC E-Port Example of port index mapping on an FC16-32 blade of a Brocade DCX 8510-8 Backbone This example shows the truncated output of the switchShow command for an FC16-32 port blade in slot 1 of a Brocade DCX 8510-8 Backbone. The Address column shows the PID. switch:FID128:admin - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 613
shows the truncated switchShow output for an FX8-24 application blade on the Brocade DCX 8510-8 Backbone. The assignment of port index numbers to PIDs will vary depending on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 10 switchName: my8510-8 (output truncated - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 614
switchShow output for an FS8-18 encryption blade on the Brocade DCX 8510-8 Backbone. The assignment of port index numbers to PIDs will vary depending on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 2 switchName: myswitch (output truncated) Slot Blade Type ID - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 615
and FFDC data are also removed upon FIPS Zeroization. Table 86 lists the various keys used in the system that will be zeroized in a FIPS-compliant Fabric OS module. TABLE 86 Keys Zeroization behavior Zeroization CLI Description DH private keys FCAP private key No command required secCertUtil - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 616
default accounts [root, factory, admin, and user] will be retained. These accounts will have the generic default passwords set. • To maintain FIPS 140-2 compliance, passwords for the default accounts (admin and user) must be changed after every zeroization operation. The aaaConfig --remove command - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 617
results. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for instructions on how to recover if your system cannot get out of the conditional test mode. FIPS mode configuration By default, the switch comes up in non-FIPS mode. You can run the fipsCfg --enable fips command to enable - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 618
be available. Common certificate for FCAP and Not supported HTTPS authentication Radius auth protocols PEAP-MSCHAPv2 Root account Disabled Secure RPC protocols TLS/AES128 cipher suite Signed firmware download Mandatory firmware signature validation (SCP only) SNMP Read-only operations - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 619
command to configure the DNS on the switch. Example of setting the DNS switch:admin> dnsconfig Enter option 1 Display Domain Name Service (DNS) configuration 2 Set DNS configuration 3 Remove DNS configuration 4 Quit Select an item: (1..4) [4] 2 Enter Domain Name: [] domain.com Enter Name Server IP - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 620
. To support server certificate validation, it is essential to have the CA certificate installed on the switch and Microsoft Active Directory server. Use the secCertUtil command to import the CA certificate to the switch. This command will prompt for the remote IP and login credentials to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 621
data from and to the switch. • The configDownload and firmwareDownload commands using an FTP server are blocked. See Table 88 on page 618 for a complete list of restrictions between FIPS and non-FIPS modes. ATTENTION You need both security admin and admin permissions to enable FIPS mode. Fabric - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 622
RADIUS servers supported, only Windows 2000-, Windows 2003, and Windows 2008-based RADIUS servers may be used in a FIPS-compliant configuration. • If the switch is set for LDAP, refer to the instructions in "Setting up LDAP for FIPS mode" on page 619. 622 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 623
to block access to the boot PROM. NOTE This command can be entered only from the root account. It must be entered before disabling the root account. 9. Enter the configure command and respond to the following prompts to enable signed firmware: Fabric OS Administrator's Guide 623 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 624
secure config Upload/Download: Press Enter to accept the default. • Enforce firmware signature validation: Yes Example switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 625
. 3. Power-cycle the switch. Displaying FIPS configuration 1. Log in to the switch using an account with admin or securityadmin permissions, or a user account with OM permissions for the FCIPCfg RBAC class of commands. 2. Enter the fipsCfg --showall command. Fabric OS Administrator's Guide 625 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 626
B Preparing a switch for FIPS 626 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 627
in hexadecimal. switch:admin> nsshow { port number) = 06 00 = Port (ALPA) = 0 (not used in this instance, but is used in loop, shared areas in PID assignments on blades, NPIV, and Access Gateway devices) Result: hexadecimal triplet 610600 = decimal triplet 97,06,00 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 628
33 34 35 36 37 38 39 40 Hex 1f 20 21 22 23 24 25 26 27 28 Decimal 41 42 43 44 45 46 47 48 49 50 Hex 29 2a 2b 2c 2d 2e 2f 30 31 32 Decimal a8 a9 aa Decimal 171 172 173 174 175 176 177 178 179 180 628 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 629
245 246 247 248 249 250 Hex f1 f2 f3 f4 f5 f6 f7 f8 f9 fa Decimal 251 252 253 254 255 Hex fb fc fd fe ff Fabric OS Administrator's Guide 629 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 630
C Hexadecimal Conversion 630 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 631
parameters, 139 creating accounts, 138 deleting accounts, 139 HTTP, 192 IP address changes, 57 log in fails, 57 management server, 193 NTP, 72 password, changing, 62 remote access policies, 159 secure using SSL, 182 serial, 193 SNMP, 192 SNMP access control list, 188 switch defaults, 192 telnet - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 632
to a port (port mode), 513 Admin Domain members, 447 alias members, 313 end-to-end monitors, 501 frame monitors to a port, 508 licensed features, 481 members to a zone configuration, 329 ports to logical switches, 295 public key to switch, 180 rules to an IP Filter policy, 223 switch or fabric to - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 633
configuring incoming SSH, 180 configuring outgoing SSH, 181 configuring policy, 207-217 enabling, 152 fabric license, 207 FCAP, starting, 217 joining FC routers and edge fabric switchws, 400 key generation, 398 protocols, 212 re-authenticating an E_Port, 210 setting protocols, 212 TACACS+ service - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 634
, 355 Backbone firmware, 262-265 download, 262 download process overview, 262 version testing, 270 Backbone-to-edge routing, 576, 581 backing up a configuration, 244 base fabric, 285 base switch about, 283 creating, 292 defined, 283 extended ISLs and, 283 blade application compatibility, 96 Backbone - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 635
DCX-4S, 494 Brocade FC16-48 port blade enabling exceptions, 97 Brocade FC8-48 port blade enabling exceptions, 97 Brocade FC8-48E port blade enabling exceptions, 97 Brocade FC8-64 port blade enabling exceptions, 97 Brocade fixed-port switches, upgrading firmware, 261 Brocade FX8-24 compatibility, 96 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 636
configurations, 333 CLI capitalization in, 56 command history, 59 commands to display switch configuration, 247 commands to modify switch configuration, 247 Fabric OS, 56-59 cliHistory command, 59 command 103 described, 273 fanShow, 103 faPwwn, 426 fcoe, 422 fcrConfigure, 581, 582 fcrEdgeShow, 400, - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 637
263 help, 58 ifModeSet, 91 iodReset, 123 iodSet, 123 iodShow, 123 IP secConfig, 231, 236, 238, 239 ipAddrSet, 65, 66, 67, 223 , 45 msConfigure, 46, 47 msPlatShow, 45, 48 msPlClearDb, 49 msplMgmtActivate, 44, 45 msplMgmtDeactivate, 44 portBufferCalc, 399 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 638
considerations, 250 setup form, 253 supported for FA-PWWN, 429 without disabling a switch, 248 zones, 336 configuration file backing up, 244 backup, 244 chassis section, 243 configDownload command, in Admin Domain context, 460 display settings, 241 downloading, 460 fabric name issues, 76 format, 242 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 639
topology and ISL trunking, 537 core-edge topology, 496 CP blades, 95 accessing, 156 licensed features and, 481 standby, 156 swapping, 481 CP8 blade devices supporting dual port, 86 dual port configuration, 85 creating Admin Domains, 443 alias, 313 base switches, 292 DCC policies, 204 FCS policies - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 640
assigned PWWNs, 205 Virtual Fabric considerations, 203 deactivating Admin Domains, 447 TI zones, 368 decimal to hexadecimal conversion table, 628 decommissioning ports, 90 default account passwords, 61 accounts, listed, 61 Fabric OS roles, 134 IP Filter policy names, 218 IP Policy Rules, 222 logical - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 641
flows for, 514 domain ID 0, 72 setting, 74 downgrading firmware, 257 download configuration file, 460 DPS described, 119 device-based routing, 120 support on Virtual Fabrics, 120 dropped frames, discovering why, 124 DSA key pair generation, 180 duplicate F_Port login, 110 NPIV port login, 110 Port - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 642
105 errShow command, 105 ESP, described, 234 eth0 port on CP8 blade, 86 eth3 port on CP8 blade, 86 ethernet address, static, 64 ethernet interface on switch, 62 Virtual Fabrics, 63 ethernet IP address, setting static, 65 ETIZ configuration rules, 358 defined, 350 platform restrictions and FC router - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 643
557 QoS buffer credit requirements, 565 time-division multiplexing, 554 extended ISL about, 283 and base switches, 283 and fmsmode, 289 logical fabric creation, 300 restrictions, 289 See also: XISL. extending a universal temporary license, 480 F F_Port configuring trunking for Brocade adapters, 545 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 644
FCR and Fibre Channel routing FCIP and FC-FC routing, 582 tunnel configuration, 582 tunnel hop support, 287 FC-NAT, defined, 113 fcoe command, 422 FCoE, NPIV required, 422 FCR and traffic isolation, 352 authentication, 579 Brocade 7800 logical switches, 570 fcrConfigure command, 581, 582 fcrEdgeShow - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 645
617 fipsCfg command, 617, 623, 624, 625 Firefox root certificate installation and verification, 187 SSL support, 182 firmware, 255-273 Backbone, 262-265 Backbone download process overview, 262 Backbone version testing, 270 downgrading, 257 download process, 255 downloading without a password, 257 FA - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 646
and passwords, 141 failover on RADIUS server, 156 QoS zone-based traffic prioritization considerations, 528 support for trunking, 536 synchronization, 257 verifying features, 103 history of CLI commands, 59 home Admin Domain, 438 Microsoft Access Directory, 165 OpenLDAP, 170 RADIUS, 155 Fabric OS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 647
identifying ports, 87 IE, root certificate installation and verification, 186 IFL about, 572 configuration, 583 configuring, 583 described, 572 ifModeSet command, 91 IKE policies and IP sec, 235 policies, null encryption support, 240 implementing Admin Domains, 443 Fabric OS Administrator's Guide 53 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 648
for SSL, 182 supported version, 183 Java plugin, installing root certificate for, 187 joining a switch to a fabric, 229 K key adding public key to switch, 180 deleting private from switch, 182 deleting public from switch, 182 generating for FCAP, 215 generation, 183 key management and IP sec, 235 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 649
, 520 requirements for trunking, 535 reserving for POD, 488 slot-based, 474-475 temporary, 478-480 time-based, 478-480 universal temporary extending, 480 shelf life, 480 universal temporary, described, 480 viewing installed, 481 licenseAdd command, 476, 477, 482 licensed features, 463 listed, 464 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 650
per chassis, 288 port assignment, 278 restoring configuration, 251 Top Talkers and, 295 unique names for, 74 login changing password, 139 command for fabric, 51 fails, 57 process for fabric, 52 with Admin Domains, 438 login sessions, maximum allowed, 136 long distance fabrics, and ISL trunking, 540 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 651
upgrade considerations, 420 viewing PID login information, 424 viewing port configuration information, 423 NPIV ports DCC policy behavior, 205 duplicate login, 110 nsAllShow command, 52, 104 described, 273 nsShow command, 52, 104 described, 273 NTP, 71 NTP access, 72 Fabric OS Administrator's Guide - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 652
account lockout, 143 strength, 141 password strength policy, 141 652 passwordless firmware download, 257 passwords boot PROM, 145-149 Backbone with recovery string, 146 Backbone without recovery string, 148 switch with recovery string, 145 switch without recovery string, 147 local user accounts - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 653
, 224 management of ACL, 196-199 members, identifying, 196 modifying FCS, 199 password strength, 141 rules for IP Filter, 219 saving IP Filter, 218 using service names in IP Filter rules, 220 policy database distribution, 224 settings, 225 viewing settings, 226 Virtual Fabric considerations - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 654
Fibre Channel fabrics, 113 identification by index, 87 by port area ID, 87 by slot and port number, 87 logical and zoning, 316 logical in ISL, 285 lossless dynamic load sharing, 125-128 manually disabling QoS on trunked ports, 524 moving, 279 naming, 86 port login command, 51 port login process, 52 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 655
command, 309 power management, 101 powering down, 76 powerOffListSet command, 101 powerOffListShow command, 102 power-on self tests for FIPS, 617 preparing a switch for FIPS, 621 preserving licenses, 463 pre-shared key, and IP sec, 235 pre-shared secret, length, 399 primary FCS, 45 primary FCS - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 656
, 526 QSFP ports in DCX 8510 chassis, 492 Quality of Service. See: QoS. R RADIUS client configuration, 158 enabling, 158 RADIUS server adding, 175 configuration for FIPS, 622 configuration with Admin Domains or Virtual Fabrics, 155 configuring support with Linux, 156 configuring support with Windows - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 657
: RBAC. roleConfig command, 136 roles Admin Domain considerations, 135 assigning user-defined, 137 creating user-defined, 136 default, 134 managing user-defined, 136-137 role permissions, 135 root certificates in Firefox, 187 in Internet Explorer, 186 installing in Java plugin, 187 installing to the - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 658
SAO. sessions, maximum allowed, 136 setContext command, 121, 299 setting changing passwords, 62 chassis configurations, 93 chassis management IP interface, 65 date, 69 default zone mode, 443 fabric-wide consistency policy, 228 mask for end-to-end monitors, 503 port speeds, 92 QoS zone-based traffic - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 659
, 62 exporting public key, 181 firmware download, 260 firmware version testing, 268 firmware version, finding, 259 host access, 192 joining to fabric, 229 LDAP certificates deleting, 621 exporting, 621 installing, 620 modifying FCS order, 201 modifying switch configuration, 247 name limitations, 74 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 660
supported protocols, 171 timeout, 171 TACACS+ service ADList, 173 Admin Domains, configuring, 173 authentication service, 171 configuration, 171 configuration, displaying, 176 disabling, 175 enabling, 175 home Virtual Fabric, 173 homeAD, 173 LINUX based, 172 modifying, 175 overview, 134 password - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 661
fabrics, 540 license requirements, 535 managing, 533-550 masterless, 534 overview, 533 port groups, 535 supported configurations, 535 supported platforms, 536 types, 534 with TI zones, 359 trunkShow command, 539 tsClockServer command, 71 tsTimeZone command, 69, 70 tunnel configurations using IP - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 662
, 197 alias, 315 authentication parameter settings, 212 compression configuration, 401 current default zone access mode, 327 encryption configuration, 401 fabric-wide consistency policy, 228 frame redirect zones, 131 installed licenses, 481 list of secret key pairs, 213 NPIV port configuration - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 663
logical ports, 285 switch WWNs in Admin Domains, 440 wwn command, 39 wwnAddress command, 83 WWN-based PID assignment, 82 considerations for Virtual Fabrics, 82 X XISL Brocade 7800 restriction, 286 default logical switch restriction, 287 ICL port restriction, 287 on FX8-24, 287 See also: extended ISL - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 664
managing, 333 configuring rules, 309 creating, 316 creating a configuration, 328 creating frame redirect, 130 creation and maintenance, 316-325 database changes, examining, 322 database configurations, viewing, 332 database size, 327 database size and Virtual Fabric considerations, 327 default zone - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 665
zoneRemove command, 318 zoneShow command, 322 zoning advanced, 303-342 advanced commands, 304 defined, 304 enforcement, 308 on logical ports, 316 overview, 304 Fabric OS Administrator's Guide 665 53-1002745-02 - Dell Brocade 6510 | Fabric OS Administrator's Guide v7.1.0 - Page 666
666 Fabric OS Administrator's Guide 53-1002745-02
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
 |
 |
53-1002745-02
25 March 2013
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS 7.1.0