Home » HP Manuals » Storage Devices » HP 8/20q » Manual Viewer

HP 8/20q HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabr - Page 74

Using RADIUS servers

Add to My Manuals
Save this manual to your list of manuals

Page 74 highlights

You can also click Generate to create a random secondary secret. Re-type the secondary secret in the Confirm Secondary field. If the initiator does not support either hash, the link becomes isolated. 8. For ISL groups when fabric binding is enabled (see "Configuring the security data base" (page 69)), in the Domain ID Binding field, enter the domain ID (1-239) for the switch. The WWN of the switch must correspond to the specified domain ID when attempting to enter the fabric, otherwise the switch becomes isolated. 9. Click OK to close the Create a Security Group Member dialog box. 10. Click Apply to display the Save Security dialog box. 11. Click Save Security to apply changes to switch. 12. In the Security Set Activation dialog box, click Yes to save and activate the security set, or click No to save the security set without activation. 13. Click Close to close the Save Security dialog box. Modifying a security group member To modify a group member: 1. Select the entry switch in the fabric tree. 2. Click Security on the toolbar, or select Security > Edit Security to open the Edit Security dialog box (Figure 31). 3. Select a member, and select Edit > Edit security group member. 4. In the Edit a Security Group Member dialog box, make the necessary changes, and click OK. 5. Click Apply to display the Save Security dialog box. 6. Click Save Security to apply changes to switch. 7. In the Security Set Activation dialog box, click Yes to save and activate the security set, or click No to save the security set without activation. 8. Click Close to close the Save Security dialog box. Removing a member from a group to remove a member from a group: 1. Select the entry switch in the fabric tree. 2. Click Security on the toolbar, or select Security > Edit Security to open the Edit Security dialog box (Figure 31). 3. Select a member in a group, and select Edit > Remove Security Group Member. 4. Click Yes to confirm the group member removal. 5. Click Apply to display the Save Security dialog box. 6. Click Save Security to apply changes to switch. 7. In the Security Set Activation dialog box, click Yes to save and activate the security set, or click No to save the security set without activation. 8. Click Close to close the Save Security dialog box. Using RADIUS servers Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of authentication passwords in larger networks. It has a client/server model, where the server is the password repository and third party authentication point and the clients are all of the managed devices. You can configure RADIUS for just the switch, or both the switch and the initiator device, and user accounts. When using a RADIUS server, every switch in the fabric must have a network connection. You can configure up to five RADIUS servers to provide failover. RADIUS authenticates users and devices using a challenge/response protocol. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject. The RADIUS client does not need to be configured with any user authentication information. All of this information resides on the 74 Managing Fabric Security

Section	Page
Contents	3
Using Enterprise Fabric Management Suite	11
Installing Enterprise Fabric Management Suite	11
Table 1 Workstation requirements	11
Figure 1 Enterprise Fabric Management Suite installation	11
Starting Enterprise Fabric Management Suite	12
Figure 2 Initial Start dialog box	12
Figure 3 Add a New Fabric dialog box	13
Exiting Enterprise Fabric Management Suite	13
Figure 4 Save Default Fabric View File dialog box	13
Figure 5 Load Default Fabric View File dialog box	14
Uninstalling Enterprise Fabric Management Suite	14
Changing the encryption key for the default fabric view file	14
Saving and opening fabric view files	15
Setting Enterprise Fabric Management Suite preferences	15
Figure 6 Preferences dialog box—Enterprise Fabric Management Suite	15
Using online help	16
Viewing software version and copyright information	16
Enterprise Fabric Management Suite user interface	17
Figure 7 Topology display elements	17
Figure 8 SN6000 Fibre Channel Switch faceplate display	17
Figure 9 SN6000 Fibre Channel Switch backplate display	18
Fabric tree	18
Figure 10 Fabric tree	18
Graphic window	19
Data windows and tabs	19
Alerts panel	20
Figure 11 Alerts panel	20
Menu bars	21
Topology display menu	21
Table 2 Topology menu bar options	21
Faceplate display menu	22
Table 3 Faceplate menu bar options	22
Popup menus	25
Menu Shortcut keys	25
Tool bar	26
Table 4 Tool bar options	26
Working with switches and links	26
Working with ports	27
Managing Fabrics	29
Fabric firmware and software versions	29
Saving a version snapshot	29
Viewing and comparing version snapshots	29
Figure 12 Fabric Version Snapshot Analysis dialog box	29
Exporting version snapshots to a file	30
Managing the fabric database	30
Adding a fabric	30
Figure 13 Add a New Fabric dialog box	30
Removing a fabric	31
Opening a fabric view file	31
Saving a fabric view file	31
Rediscovering a fabric	31
Deleting switches and links	32
Adding a new switch to a fabric	32
Replacing a failed switch	32
Displaying fabric information	33
Link data window	33
Figure 14 Link data window	33
Displaying fabric status	34
Table 5 Topology display switch and status icons	34
Event browser	34
Figure 15 Event browser dialog box	35
Table 6 Port operational states	35
Filtering the event browser	36
Figure 16 Filter Events dialog box	36
Sorting the Event Browser	36
Saving the Event Browser to a file	36
Verifying Fibre Channel connections	36
FC Ping dialog box	37
Figure 17 FC Ping dialog box	37
FC Traceroute dialog box	38
Figure 18 FC TraceRoute dialog box	38
Device information and nicknames	38
Devices data window	39
Figure 19 Devices data window	39
Table 7 Devices data window fields	39
Figure 20 Detailed Devices Display window	40
Managing device port nicknames	40
Creating a nickname	40
Editing a nickname	41
Deleting a nickname	41
Exporting nicknames to a file	41
Importing a nicknames file	41
Fabric services	41
Enabling SNMP configuration	42
Enabling in-band management	42
Transparent router	42
Viewing inter-fabric routes	43
Transparent Routes data window	44
Figure 21 Transparent Routes data window	44
Table 8 Transparent Routes data window fields	44
Figure 22 Transparent Route dialog box	45
TR Mapping Manager dialog box	45
Figure 23 TR Mapping Manager dialog box	45
Adding an inter-fabric route	46
Figure 24 Add TR Mapping dialog box	46
Removing an inter-fabric route	47
Creating a zoning commands text file	47
Figure 25 Remote Fabric Zoning dialog box	47
Managing Fabric Zoning	49
Zoning concepts	49
Zones	49
Aliases	49
Zone sets	49
Zoning database	50
Using the Zoning Wizard	50
Managing the zoning database	50
Viewing zoning limits and properties	50
Viewing active and configured zone set information	51
Figure 26 Active Zoneset data window	51
Figure 27 Configured Zoneset data window	52
Editing the zoning database	52
Figure 28 Edit Zoning dialog box	52
Table 9 Edit Zoning dialog box tool bar	53
Table 10 Port/device icons	54
Configuring the zoning database	54
Figure 29 Zoning Config dialog box	54
Merge Auto Save	54
Default Zone	55
Discard Inactive	55
Saving and restoring the zoning database to a file	55
Saving the zoning database to a file	55
Restoring the zoning database from a file	55
Restoring the default zoning database	55
Removing all zone and zone set definitions	56
Merging fabrics and zoning	56
Zone merge failure	56
Zone merge failure recovery	56
Resolving active, configured, and merged zone sets	57
Managing zone sets	57
Creating a zone set	57
Activating and deactivating a zone set	58
Renaming a zone set	58
Removing a zone set	59
Managing zones	59
Creating a zone in a zone set	59
Copying a zone to a zone set	60
Adding zone members	60
Renaming a zone	61
Removing a zone member	62
Removing a zone from a zone set	62
Removing a zone from all zone sets	62
Managing aliases	63
Creating an alias	63
Adding a member to an alias	63
Removing an alias from all zones	64
Managing Fabric Security	65
Connection security	65
User account security	65
Port security	66
Figure 30 Port Binding dialog box	66
Device security	66
Figure 31 Edit Security dialog box	67
Managing the security database	67
Viewing the device security database	68
Figure 32 Configured Security data window	68
Figure 33 Active Security data window	68
Configuring the security data base	69
Figure 34 Security Config dialog box	69
Saving the security database to a file	69
Restoring the security database from a file	70
Resetting the security database	70
Managing security sets	70
Creating a security set	70
Figure 35 Create a Security Set dialog box	70
Removing a security set	71
Renaming a security set	71
Adding an existing group to a security set	71
Removing a group from a security set	71
Removing a group from all security sets	72
Activating a security set	72
Deactivating a security set	72
Managing security groups and members	72
Creating a security group	72
Figure 36 Create a Security Group dialog box	72
Creating a security group member	73
Figure 37 Create a Security Group Member dialog box	73
Modifying a security group member	74
Removing a member from a group	74
Using RADIUS servers	74
Adding a RADIUS server	75
Figure 38 Radius Server Information dialog box—Add server	75
Removing a RADIUS server	76
Figure 39 Radius Server Information dialog box—Remove server	76
Editing RADIUS server information	77
Figure 40 Radius Server Information dialog box—Edit server	77
Modifying authentication order RADIUS server information	78
Figure 41 Radius Server Information dialog box—Modify authentication order	78
Managing Switches	79
Managing user accounts	79
Creating user accounts	80
Figure 42 User Account Administration dialog box—Add account	80
Removing a user account	80
Figure 43 User Account Administration dialog box—Remove account	81
Changing a user account password	81
Figure 44 User Account Administration dialog box—Change password	82
Modifying a user account	82
Figure 45 User Account Administration dialog box—Modify account	83
Viewing switch information	83
Switch data window	84
Figure 46 Switch data window	84
Figure 47 Switch data window buttons	84
Table 11 Switch data window fields	84
Stack Links data window	89
Figure 48 Stack Links data window	89
Table 12 Stack Links data window	89
Configuring port threshold alarms	90
Figure 49 Port Threshold Alarm Configuration dialog box	90
Figure 50 Port threshold alarm example	91
Paging a switch	91
Setting the date/time and enabling NTP client	91
Figure 51 Date/Time dialog box	92
Resetting a switch	93
Table 13 Switch resets	93
Configuring a switch	93
Using the configuration wizard	93
Switch properties	93
Figure 52 Switch Properties dialog box	94
Domain ID and Domain ID lock	94
Syslog	94
Symbolic name	95
Switch administrative states	95
Broadcast support	95
In-band management	95
Fabric device management interface	95
Advanced switch properties (timeout values)	96
Figure 53 Advanced Switch Properties dialog box	96
Managing system services	97
Figure 54 System Services dialog box	97
Managing switch stacks	98
Configuring switches in a stack	98
Security consistency checklist	99
Figure 55 Security Consistency Checklist dialog box	99
Configuring the network	99
Figure 56 Network Properties dialog boxes	100
Network IP configuration	100
Table 14 Network Properties dialog box—IP fields	101
Network DNS configuration	102
Table 15 Network Properties dialog box—DNS fields	102
Network IP Security	103
Figure 57 IPsec Configuration dialog box	103
Table 16 IPsec Configuration dialog box buttons	103
Security policies	104
Figure 58 Create IP Security Policy dialog box	104
Table 17 Create IP Security Policy dialog box fields	104
Security associations	106
Figure 59 Create IP Security Association dialog box	106
Table 18 Create IP Security Association dialog box fields	106
Configuring SNMP	107
SNMP configuration and trap configuration parameters	107
Figure 60 SNMP Properties dialog box	108
Table 19 SNMP Properties dialog box fields	108
SNMP v3 security	109
Figure 61 SNMP v3 Manager dialog box	109
Adding an SNMP v3 user	110
Figure 62 SNMP v3 User Editor dialog box	110
Table 20 SNMP v3 User Editor dialog box fields	110
Modifying an SNMP v3 user	111
Removing an SNMP v3 user	111
Configuring Call Home	111
Figure 63 Call Home Setup dialog box	111
Table 21 Call Home Setup dialog box fields	112
Using the Call Home profile manager	113
Figure 64 Call Home Profile Manager dialog box	113
Creating a profile	114
Figure 65 Call Home Profile Editor dialog box	114
Table 22 Call Home Editor dialog box fields	114
Editing a profile	115
Copying a profile	115
Applying all profiles on a switch to other switches	116
Figure 66 Call Home Profile Multiple Switch Apply dialog box	116
Using the Call Home message queue	117
Figure 67 Call Home Message Queue dialog box	117
Testing Call Home profiles	117
Figure 68 Call Home Test Profile dialog box	117
Changing SMTP servers	117
Figure 69 Call Home Change Over dialog box	117
Testing a switch	118
Figure 70 Switch Diagnostics dialog box	118
Archiving a switch	119
Restoring a switch	120
Figure 71 Restore dialog boxes—full and selective	120
Restoring the factory default configuration	121
Table 23 Factory default configuration settings	121
Installing feature license keys	122
Figure 72 Feature Licenses dialog box	123
Figure 73 Add License Key dialog box	123
Downloading a support file	123
Figure 74 Download Support File dialog box	123
Installing firmware	124
Figure 75 Load Firmware dialog box for a single switch	125
Figure 76 Load Firmware dialog box for a stack	125
Managing Ports	127
Viewing port information	127
Port Information data window	127
Figure 77 Port Information data window	127
Table 24 Port Information data window buttons	127
Table 25 Port Information data window—Summary	128
Table 26 Port Information data window—Advanced	129
Table 27 Port Information data window—Extended Credits	129
Table 28 Port Information data window—Media	129
Table 29 Port Information data window—Digital Diagnostics Monitoring	130
Figure 78 Detailed Media Display dialog box	130
Port Statistics data window	131
Figure 79 Port Statistics data window	131
Table 30 Port Statistics data window fields	131
Configuring ports	134
Figure 80 Port Properties dialog box	134
Table 31 Port Properties dialog box fields	134
Port symbolic name	135
Port types	135
Table 32 Port types	135
Port states	136
Table 33 Port operational states	136
Table 34 Port administrative states	137
Port speeds	137
Table 35 Port speeds	137
Port media status	138
Table 36 Port media status	138
I/O StreamGuard	138
Device Scan	138
Auto Performance Tuning and AL Fairness	139
Figure 81 Advanced Port Properties dialog box	139
Using the Extended Credits wizard	139
Table 37 Extended Credits—Minimum Cable Lengths	140
Figure 82 Extended Credit Wizard dialog box	140
Moving a licensed port	141
Figure 83 Move Port License dialog box	141
Resetting a port	141
Testing ports	141
Figure 84 Port Diagnostics dialog box	142
Graphing port performance	143
Figure 85 EFMS Performance View graph	143
Starting EFMS Performance View	143
Exiting EFMS Performance View	143
Figure 86 Save Default Fabric View File dialog box—EFMS Performance View	144
Figure 87 Load Default Fabric View File dialog box—EFMS Performance View	144
Saving and opening Fabric View files	144
Changing the default Fabric View file encryption key for EFMS Performance View	144
Setting EFMS Performance View preferences	145
Figure 88 Preferences dialog box—EFMS Performance View	145
Setting the polling frequency	145
Figure 89 Set Graph Polling Frequency dialog box	145
Displaying Graphs	146
Arranging graphs in the display	146
Customizing graphs	147
Figure 90 Default Graph Options dialog box	147
Setting global graph type	148
Rescaling a selected graph	148
Printing graphs	148
Saving graph statistics to a file	148
Support and Other Resources	149
Document conventions and symbols	149
Table 38 Document conventions	149
JDOM license	149
Contacting HP	150
HP contact information	150
Subscription service	150
Documentation feedback	150
Related information	150
Documents	150
Other HP websites	151
Glossary	153
Index	157
A	157
B	157
C	157
D	157
E	157
F	157
G	158
H	158
I	158
L	158
M	158
N	158
O	158
P	158
R	159
S	159
T	159
U	159
V	159
W	159
X	160

Match case Limit results 1 per page

Managing Fabric Security

You can also click

Generate

to create a random secondary secret. Re-type the secondary secret in the

Confirm Secondary field. If the initiator does not support either hash, the link becomes isolated.

For ISL groups when fabric binding is enabled (see ”

Configuring the security data base

” (page 69)), in

the Domain ID Binding field, enter the domain ID (1–239) for the switch. The WWN of the switch must

correspond to the specified domain ID when attempting to enter the fabric, otherwise the switch

becomes isolated.

Click

to close the Create a Security Group Member dialog box.

10.

Click

Apply

to display the Save Security dialog box.

11.

Click

Save Security

to apply changes to switch.

12.

In the Security Set Activation dialog box, click

Yes

to save and activate the security set, or click

save the security set without activation.

13.

Click

to close the Save Security dialog box.

Modifying a security group member

To modify a group member:

Select the entry switch in the fabric tree.

Click

Security

on the toolbar, or select

Security > Edit Security

to open the Edit Security dialog box

(

Figure 31

Select a member, and select

Edit > Edit security group member

In the Edit a Security Group Member dialog box, make the necessary changes, and click

Click

Apply

to display the Save Security dialog box.

Click

Save Security

to apply changes to switch.

In the Security Set Activation dialog box, click

Yes

to save and activate the security set, or click

save the security set without activation.

Click

to close the Save Security dialog box.

Removing a member from a group

to remove a member from a group:

Select the entry switch in the fabric tree.

Click

Security

on the toolbar, or select

Security > Edit Security

to open the Edit Security dialog box

(

Figure 31

Select a member in a group, and select

Edit > Remove Security Group Member

Click

Yes

to confirm the group member removal.

Click

Apply

to display the Save Security dialog box.

Click

Save Security

to apply changes to switch.

In the Security Set Activation dialog box, click

Yes

to save and activate the security set, or click

save the security set without activation.

Click

to close the Save Security dialog box.

Using RADIUS servers

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of

authentication passwords in larger networks. It has a client/server model, where the server is the password

repository and third party authentication point and the clients are all of the managed devices. You can

configure RADIUS for just the switch, or both the switch and the initiator device, and user accounts. When

using a RADIUS server, every switch in the fabric must have a network connection. You can configure up to

five RADIUS servers to provide failover.

RADIUS authenticates users and devices using a challenge/response protocol. Basic implementations

consist of a central RADIUS server containing a database of authorized users as well as authentication

information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and

collects the response to the challenge. This information is forwarded to the RADIUS server for

authentication and the server responds with the results, either an accept or reject. The RADIUS client does

not need to be configured with any user authentication information. All of this information resides on the