Home » HP Manuals » Storage Devices » HP 8/20q » Manual Viewer

HP 8/20q HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabr - Page 66

Port security, Device security

Add to My Manuals
Save this manual to your list of manuals

Page 66 highlights

Port security Port binding ties a specific device WWN to a physical port number. Using the Port Binding dialog box, you can enable/disable port binding for the port and add WWNs to the list of WWNs bound to the port. The dialog box displays the port binding data received from the switch for the selected port. To bind a WWN to a port: 1. Select a switch in the fabric tree. 2. Select a port, and select Port > Port Binding to open the Port Binding dialog box (Figure 30). 3. Select a WWN in the WWN field, and click Add to place the WWN into the WWN List. You can specify a maximum of 32 WWNs. To remove a WWN from the list, select the WWN, and click Remove. 4. To enable port binding for the list of WWNs, check the Port Binding checkbox, and click OK. NOTE: Enabling port binding for an empty WWN list will isolate the port. Figure 30 Port Binding dialog box Device security Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands. Device security is configured through the use of security sets and groups. A group is a list of device World Wide Names that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (Port), and a third for devices issuing management server commands (MS). A security set is a set of up to three groups with no more than one of each group type. The orphan security set contains the security groups and members that do not belong to a security set. Activating a security set applies security to the switch or fabric. Only one security set can be active at one time. An active security set with an ISL group allows changes to the security set to propagate to the other switches in the ISL group. ISL group WWN, domain ID, and configuration information (except secrets) propagate to the other switches in the ISL group so that all of the switches have the same security information. If fabric binding is enabled on the ISL group, WWNs and domain IDs are verified against the ISL group information before allowing a connection by another switch, providing another level of security. 66 Managing Fabric Security

Section	Page
Contents	3
Using Enterprise Fabric Management Suite	11
Installing Enterprise Fabric Management Suite	11
Table 1 Workstation requirements	11
Figure 1 Enterprise Fabric Management Suite installation	11
Starting Enterprise Fabric Management Suite	12
Figure 2 Initial Start dialog box	12
Figure 3 Add a New Fabric dialog box	13
Exiting Enterprise Fabric Management Suite	13
Figure 4 Save Default Fabric View File dialog box	13
Figure 5 Load Default Fabric View File dialog box	14
Uninstalling Enterprise Fabric Management Suite	14
Changing the encryption key for the default fabric view file	14
Saving and opening fabric view files	15
Setting Enterprise Fabric Management Suite preferences	15
Figure 6 Preferences dialog box—Enterprise Fabric Management Suite	15
Using online help	16
Viewing software version and copyright information	16
Enterprise Fabric Management Suite user interface	17
Figure 7 Topology display elements	17
Figure 8 SN6000 Fibre Channel Switch faceplate display	17
Figure 9 SN6000 Fibre Channel Switch backplate display	18
Fabric tree	18
Figure 10 Fabric tree	18
Graphic window	19
Data windows and tabs	19
Alerts panel	20
Figure 11 Alerts panel	20
Menu bars	21
Topology display menu	21
Table 2 Topology menu bar options	21
Faceplate display menu	22
Table 3 Faceplate menu bar options	22
Popup menus	25
Menu Shortcut keys	25
Tool bar	26
Table 4 Tool bar options	26
Working with switches and links	26
Working with ports	27
Managing Fabrics	29
Fabric firmware and software versions	29
Saving a version snapshot	29
Viewing and comparing version snapshots	29
Figure 12 Fabric Version Snapshot Analysis dialog box	29
Exporting version snapshots to a file	30
Managing the fabric database	30
Adding a fabric	30
Figure 13 Add a New Fabric dialog box	30
Removing a fabric	31
Opening a fabric view file	31
Saving a fabric view file	31
Rediscovering a fabric	31
Deleting switches and links	32
Adding a new switch to a fabric	32
Replacing a failed switch	32
Displaying fabric information	33
Link data window	33
Figure 14 Link data window	33
Displaying fabric status	34
Table 5 Topology display switch and status icons	34
Event browser	34
Figure 15 Event browser dialog box	35
Table 6 Port operational states	35
Filtering the event browser	36
Figure 16 Filter Events dialog box	36
Sorting the Event Browser	36
Saving the Event Browser to a file	36
Verifying Fibre Channel connections	36
FC Ping dialog box	37
Figure 17 FC Ping dialog box	37
FC Traceroute dialog box	38
Figure 18 FC TraceRoute dialog box	38
Device information and nicknames	38
Devices data window	39
Figure 19 Devices data window	39
Table 7 Devices data window fields	39
Figure 20 Detailed Devices Display window	40
Managing device port nicknames	40
Creating a nickname	40
Editing a nickname	41
Deleting a nickname	41
Exporting nicknames to a file	41
Importing a nicknames file	41
Fabric services	41
Enabling SNMP configuration	42
Enabling in-band management	42
Transparent router	42
Viewing inter-fabric routes	43
Transparent Routes data window	44
Figure 21 Transparent Routes data window	44
Table 8 Transparent Routes data window fields	44
Figure 22 Transparent Route dialog box	45
TR Mapping Manager dialog box	45
Figure 23 TR Mapping Manager dialog box	45
Adding an inter-fabric route	46
Figure 24 Add TR Mapping dialog box	46
Removing an inter-fabric route	47
Creating a zoning commands text file	47
Figure 25 Remote Fabric Zoning dialog box	47
Managing Fabric Zoning	49
Zoning concepts	49
Zones	49
Aliases	49
Zone sets	49
Zoning database	50
Using the Zoning Wizard	50
Managing the zoning database	50
Viewing zoning limits and properties	50
Viewing active and configured zone set information	51
Figure 26 Active Zoneset data window	51
Figure 27 Configured Zoneset data window	52
Editing the zoning database	52
Figure 28 Edit Zoning dialog box	52
Table 9 Edit Zoning dialog box tool bar	53
Table 10 Port/device icons	54
Configuring the zoning database	54
Figure 29 Zoning Config dialog box	54
Merge Auto Save	54
Default Zone	55
Discard Inactive	55
Saving and restoring the zoning database to a file	55
Saving the zoning database to a file	55
Restoring the zoning database from a file	55
Restoring the default zoning database	55
Removing all zone and zone set definitions	56
Merging fabrics and zoning	56
Zone merge failure	56
Zone merge failure recovery	56
Resolving active, configured, and merged zone sets	57
Managing zone sets	57
Creating a zone set	57
Activating and deactivating a zone set	58
Renaming a zone set	58
Removing a zone set	59
Managing zones	59
Creating a zone in a zone set	59
Copying a zone to a zone set	60
Adding zone members	60
Renaming a zone	61
Removing a zone member	62
Removing a zone from a zone set	62
Removing a zone from all zone sets	62
Managing aliases	63
Creating an alias	63
Adding a member to an alias	63
Removing an alias from all zones	64
Managing Fabric Security	65
Connection security	65
User account security	65
Port security	66
Figure 30 Port Binding dialog box	66
Device security	66
Figure 31 Edit Security dialog box	67
Managing the security database	67
Viewing the device security database	68
Figure 32 Configured Security data window	68
Figure 33 Active Security data window	68
Configuring the security data base	69
Figure 34 Security Config dialog box	69
Saving the security database to a file	69
Restoring the security database from a file	70
Resetting the security database	70
Managing security sets	70
Creating a security set	70
Figure 35 Create a Security Set dialog box	70
Removing a security set	71
Renaming a security set	71
Adding an existing group to a security set	71
Removing a group from a security set	71
Removing a group from all security sets	72
Activating a security set	72
Deactivating a security set	72
Managing security groups and members	72
Creating a security group	72
Figure 36 Create a Security Group dialog box	72
Creating a security group member	73
Figure 37 Create a Security Group Member dialog box	73
Modifying a security group member	74
Removing a member from a group	74
Using RADIUS servers	74
Adding a RADIUS server	75
Figure 38 Radius Server Information dialog box—Add server	75
Removing a RADIUS server	76
Figure 39 Radius Server Information dialog box—Remove server	76
Editing RADIUS server information	77
Figure 40 Radius Server Information dialog box—Edit server	77
Modifying authentication order RADIUS server information	78
Figure 41 Radius Server Information dialog box—Modify authentication order	78
Managing Switches	79
Managing user accounts	79
Creating user accounts	80
Figure 42 User Account Administration dialog box—Add account	80
Removing a user account	80
Figure 43 User Account Administration dialog box—Remove account	81
Changing a user account password	81
Figure 44 User Account Administration dialog box—Change password	82
Modifying a user account	82
Figure 45 User Account Administration dialog box—Modify account	83
Viewing switch information	83
Switch data window	84
Figure 46 Switch data window	84
Figure 47 Switch data window buttons	84
Table 11 Switch data window fields	84
Stack Links data window	89
Figure 48 Stack Links data window	89
Table 12 Stack Links data window	89
Configuring port threshold alarms	90
Figure 49 Port Threshold Alarm Configuration dialog box	90
Figure 50 Port threshold alarm example	91
Paging a switch	91
Setting the date/time and enabling NTP client	91
Figure 51 Date/Time dialog box	92
Resetting a switch	93
Table 13 Switch resets	93
Configuring a switch	93
Using the configuration wizard	93
Switch properties	93
Figure 52 Switch Properties dialog box	94
Domain ID and Domain ID lock	94
Syslog	94
Symbolic name	95
Switch administrative states	95
Broadcast support	95
In-band management	95
Fabric device management interface	95
Advanced switch properties (timeout values)	96
Figure 53 Advanced Switch Properties dialog box	96
Managing system services	97
Figure 54 System Services dialog box	97
Managing switch stacks	98
Configuring switches in a stack	98
Security consistency checklist	99
Figure 55 Security Consistency Checklist dialog box	99
Configuring the network	99
Figure 56 Network Properties dialog boxes	100
Network IP configuration	100
Table 14 Network Properties dialog box—IP fields	101
Network DNS configuration	102
Table 15 Network Properties dialog box—DNS fields	102
Network IP Security	103
Figure 57 IPsec Configuration dialog box	103
Table 16 IPsec Configuration dialog box buttons	103
Security policies	104
Figure 58 Create IP Security Policy dialog box	104
Table 17 Create IP Security Policy dialog box fields	104
Security associations	106
Figure 59 Create IP Security Association dialog box	106
Table 18 Create IP Security Association dialog box fields	106
Configuring SNMP	107
SNMP configuration and trap configuration parameters	107
Figure 60 SNMP Properties dialog box	108
Table 19 SNMP Properties dialog box fields	108
SNMP v3 security	109
Figure 61 SNMP v3 Manager dialog box	109
Adding an SNMP v3 user	110
Figure 62 SNMP v3 User Editor dialog box	110
Table 20 SNMP v3 User Editor dialog box fields	110
Modifying an SNMP v3 user	111
Removing an SNMP v3 user	111
Configuring Call Home	111
Figure 63 Call Home Setup dialog box	111
Table 21 Call Home Setup dialog box fields	112
Using the Call Home profile manager	113
Figure 64 Call Home Profile Manager dialog box	113
Creating a profile	114
Figure 65 Call Home Profile Editor dialog box	114
Table 22 Call Home Editor dialog box fields	114
Editing a profile	115
Copying a profile	115
Applying all profiles on a switch to other switches	116
Figure 66 Call Home Profile Multiple Switch Apply dialog box	116
Using the Call Home message queue	117
Figure 67 Call Home Message Queue dialog box	117
Testing Call Home profiles	117
Figure 68 Call Home Test Profile dialog box	117
Changing SMTP servers	117
Figure 69 Call Home Change Over dialog box	117
Testing a switch	118
Figure 70 Switch Diagnostics dialog box	118
Archiving a switch	119
Restoring a switch	120
Figure 71 Restore dialog boxes—full and selective	120
Restoring the factory default configuration	121
Table 23 Factory default configuration settings	121
Installing feature license keys	122
Figure 72 Feature Licenses dialog box	123
Figure 73 Add License Key dialog box	123
Downloading a support file	123
Figure 74 Download Support File dialog box	123
Installing firmware	124
Figure 75 Load Firmware dialog box for a single switch	125
Figure 76 Load Firmware dialog box for a stack	125
Managing Ports	127
Viewing port information	127
Port Information data window	127
Figure 77 Port Information data window	127
Table 24 Port Information data window buttons	127
Table 25 Port Information data window—Summary	128
Table 26 Port Information data window—Advanced	129
Table 27 Port Information data window—Extended Credits	129
Table 28 Port Information data window—Media	129
Table 29 Port Information data window—Digital Diagnostics Monitoring	130
Figure 78 Detailed Media Display dialog box	130
Port Statistics data window	131
Figure 79 Port Statistics data window	131
Table 30 Port Statistics data window fields	131
Configuring ports	134
Figure 80 Port Properties dialog box	134
Table 31 Port Properties dialog box fields	134
Port symbolic name	135
Port types	135
Table 32 Port types	135
Port states	136
Table 33 Port operational states	136
Table 34 Port administrative states	137
Port speeds	137
Table 35 Port speeds	137
Port media status	138
Table 36 Port media status	138
I/O StreamGuard	138
Device Scan	138
Auto Performance Tuning and AL Fairness	139
Figure 81 Advanced Port Properties dialog box	139
Using the Extended Credits wizard	139
Table 37 Extended Credits—Minimum Cable Lengths	140
Figure 82 Extended Credit Wizard dialog box	140
Moving a licensed port	141
Figure 83 Move Port License dialog box	141
Resetting a port	141
Testing ports	141
Figure 84 Port Diagnostics dialog box	142
Graphing port performance	143
Figure 85 EFMS Performance View graph	143
Starting EFMS Performance View	143
Exiting EFMS Performance View	143
Figure 86 Save Default Fabric View File dialog box—EFMS Performance View	144
Figure 87 Load Default Fabric View File dialog box—EFMS Performance View	144
Saving and opening Fabric View files	144
Changing the default Fabric View file encryption key for EFMS Performance View	144
Setting EFMS Performance View preferences	145
Figure 88 Preferences dialog box—EFMS Performance View	145
Setting the polling frequency	145
Figure 89 Set Graph Polling Frequency dialog box	145
Displaying Graphs	146
Arranging graphs in the display	146
Customizing graphs	147
Figure 90 Default Graph Options dialog box	147
Setting global graph type	148
Rescaling a selected graph	148
Printing graphs	148
Saving graph statistics to a file	148
Support and Other Resources	149
Document conventions and symbols	149
Table 38 Document conventions	149
JDOM license	149
Contacting HP	150
HP contact information	150
Subscription service	150
Documentation feedback	150
Related information	150
Documents	150
Other HP websites	151
Glossary	153
Index	157
A	157
B	157
C	157
D	157
E	157
F	157
G	158
H	158
I	158
L	158
M	158
N	158
O	158
P	158
R	159
S	159
T	159
U	159
V	159
W	159
X	160

Match case Limit results 1 per page

Managing Fabric Security

Port security

Port binding ties a specific device WWN to a physical port number. Using the Port Binding dialog box,

you can enable/disable port binding for the port and add WWNs to the list of WWNs bound to the port.

The dialog box displays the port binding data received from the switch for the selected port.

To bind a WWN to a port:

Select a switch in the fabric tree.

Select a port, and select

Port > Port Binding

to open the Port Binding dialog box (

Figure 30

Select a WWN in the WWN field, and click

Add

to place the WWN into the WWN List. You can

specify a maximum of 32 WWNs. To remove a WWN from the list, select the WWN, and click

Remove

To enable port binding for the list of WWNs, check the Port Binding checkbox, and click

NOTE:

Enabling port binding for an empty WWN list will isolate the port.

Figure 30

Port Binding dialog box

Device security

Device security provides for the authorization and authentication of devices that you attach to a switch. You

can configure a switch with a group of devices against which the switch authorizes new attachments by

devices, other switches, or devices issuing management server commands.

Device security is configured through the use of security sets and groups. A group is a list of device World

Wide Names that are authorized to attach to a switch. There are three types of groups: one for other

switches (ISL), another for devices (Port), and a third for devices issuing management server commands

(MS).

A security set is a set of up to three groups with no more than one of each group type. The orphan security

set contains the security groups and members that do not belong to a security set. Activating a security set

applies security to the switch or fabric. Only one security set can be active at one time.

An active security set with an ISL group allows changes to the security set to propagate to the other

switches in the ISL group. ISL group WWN, domain ID, and configuration information (except secrets)

propagate to the other switches in the ISL group so that all of the switches have the same security

information. If fabric binding is enabled on the ISL group, WWNs and domain IDs are verified against the

ISL group information before allowing a connection by another switch, providing another level of security.