HP 8/8 Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010)
HP 8/8 Manual
View all HP 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP 8/8 manual content summary:
- HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 1
53-1001763-01 ® 30 March 2010 Fabric OS Administrator's Guide Supporting Fabric OS v6.4.0 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 2
obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd. Brocade Communications Systems, Incorporated Corporate and Latin American Headquarters Brocade Communications Systems, Inc. 1745 Technology Drive San Jose, CA 95110 Tel: 1-408-333-8000 Fax: 1-408-333 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 3
-01 Fabric OS Administrator's Guide 53-1001336-02 Fabric OS Administrator's Guide 53-1001763-01 Removed SilkWorm 4016 and 4020 June 2006 from supported switches; FCIP chapter updates. Revised for Fabric OS v5.2.0 features. September 2006 Added new hardware platforms: Brocade FC4-48 and FC4-16IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 4
iv Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 5
How this document is organized xxxiii Supported hardware and software xxxiv What's new Services In this chapter 3 Fibre Channel services overview 3 The Management Server 4 Platform services 4 Platform services in a Virtual Fabric 5 Enabling platform services 5 Disabling platform services - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 6
31 Disabling a switch 31 Enabling a switch 31 Switch and enterprise-class platform shutdown 31 Powering off a Brocade switch 32 Powering off a Brocade enterprise-class platform 32 Basic connections 33 Device connection 33 Switch connection 33 vi Fabric OS Administrator's Guide 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 7
46 FX8-24 compatibility notes 48 Enabling and disabling blades 48 Enabling blades 48 Disabling blades 50 Blade swapping 50 Swapping blades 51 Swapping blades 52 Power management 53 Powering off a port blade 53 Powering on a port blade 53 Equipment status 54 Checking switch operation 54 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 8
NAT 65 Inter-switch links 66 Buffer credits 67 Virtual Channels 67 Gateway links 69 Configuring a link through a gateway 70 Inter-chassis links 71 Supported topologies 72 Routing policies 73 Displaying the current routing policy 74 Exchange-based routing 74 Port-based routing 74 AP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 9
127 SNMP and Virtual Fabrics 128 The security level 129 The snmpConfig command 129 Telnet protocol 129 Blocking Telnet 129 Unblocking Telnet 130 Listener applications 131 Ports and applications used by switches 131 Port configuration 132 Fabric OS Administrator's Guide ix 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 10
of FCS switches 139 IP Filter policy 155 IP Filter policy rules 155 IP Filter policy enforcement 157 Adding a rule to an IP Filter policy 157 Deleting a rule to an IP Filter policy 157 Aborting an IP Filter transaction 157 IP Filter policy distribution 158 x Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 11
from a switch with Virtual Fabrics enabled 185 Restoring logical switch configuration using configDownload 185 Restrictions 186 Brocade configuration form 187 Installing and Maintaining Firmware In this chapter 189 Firmware download process overview 189 Upgrading and downgrading firmware 190 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 12
and ISL sharing 216 Management model for logical switches 219 Account management and Virtual Fabrics 220 Supported platforms for Virtual Fabrics 220 Supported port configurations in the Brocade 5100, 5300, and VA40FC 220 Supported port configurations in the Brocade DCX and DCX-4S221 Virtual - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 13
Guide 53-1001763-01 Deleting a logical switch 228 Adding and removing ports on a logical switch 229 Displaying logical switch configuration 230 Changing the fabric ID of a logical switch 230 Changing a logical switch to a base switch 231 Setting up IP zones and default zoning 246 Zone - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 14
. . . . .255 Enabling a zone configuration 255 Disabling a Zoning configuration management 261 New switch or fabric additions 261 rules for TI zones 276 Supported configurations for Traffic Isolation Zoning Creating a TI zone in a base fabric 284 Modifying TI zones 284 Changing the state - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 15
McDATA Open Fabric mode configuration restrictions 302 Interoperability support for logical switches 302 Switch configurations for interoperability 303 Enabling McDATA Open Fabric mode 303 Enabling McDATA Fabric mode 304 Enabling Brocade Native mode 305 Zone management in interoperable fabrics - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 16
HCL on switches firmware downloads 325 Upgrade and downgrade considerations for HCL for interoperability 325 McDATA-aware features 325 McDATA-unaware features 326 M-EOS feature limitations in mixed fabrics 328 Supported hardware in an interoperable environment 329 Supported features in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 17
Licensing overview 365 The Brocade 7800 Upgrade license 371 ICL licensing 371 ICL 16-link license 371 ICL 8-link license 371 8G licensing 372 Slot-based licensing 372 Upgrade/downgrade considerations 373 Adding a license to a slot 373 Removing a license from a slot 373 Time-based licenses - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 18
376 Removing a licensed feature 377 Ports on Demand 377 Activating Ports on Demand 379 Dynamic Ports on Demand 379 Displaying the port license assignments 379 Enabling Dynamic Ports on Demand 380 Disabling Dynamic Ports on Demand 380 Reserving a port license 381 Releasing a port from a POD - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 19
OS Administrator's Guide 53-1001763- 403 QoS: SID/DID traffic prioritization 403 License requirements for traffic prioritization 404 QoS zones Supported configurations for traffic prioritization 410 Upgrade .418 Enabling bottleneck detection on a switch 419 Excluding a port from bottleneck - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 20
extended ISL 443 Enabling long distance when port group 450 Buffer credits for each switch model 451 Maximum configurable distances for Extended Fabrics . . . . .452 Buffer credit recovery 453 Using the FC-FC Routing Service In this chapter 455 FC-FC routing service overview 455 Supported - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 21
462 Setting up the FC-FC routing service 464 Verifying the setup for FC-FC configuration 490 Enabling broadcast frame switch configuration for FC routing 493 Backbone-to-edge routing with Virtual Fabrics 494 Upgrade and downgrade considerations for FC-FC routing . . . . . .495 How replacing port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 22
Indexing In this appendix 513 Port indexing on the Brocade 48000 director 513 Port indexing on the Brocade DCX backbone 515 Port indexing on the Brocade DCX-4S backbone 517 FIPS Support In this appendix 521 FIPS overview 521 Zeroization functions 521 Power-up self tests 522 Conditional tests - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 23
the switch for FIPS 527 Overview of steps 527 Enabling FIPS mode 528 Disabling FIPS mode 529 Zeroizing for FIPS 530 Displaying FIPS configuration 530 Hexadecimal Hexadecimal overview 531 Example conversion of the hexadecimal triplet Ox616000 . .531 Fabric OS Administrator's Guide xxiii - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 24
xxiv Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 25
24 -known Windows 2000 VSA configuration 103 Example of a Brocade DCT file 110 Example of the dictiona.dcm file 110 DH-CHAP authentication 144 Protected endpoints configuration 165 Gateway tunnel configuration 166 Endpoint to gateway tunnel configuration 166 Switch before and after enabling - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 26
end-to-end monitors 388 QoS traffic prioritization 407 QoS with E_Ports enabled 408 Traffic prioritization in a logical fabric 409 Distribution of traffic over ISL Trunking groups 426 Trunk group configuration for the Brocade 5100 431 Switch in Access Gateway mode without F_Port trunking 434 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 27
Figure 79 Figure 80 Figure 81 Inband Management process 506 Management Station on same subnet 509 Management Station on a different subnet 511 Fabric OS Administrator's Guide xxvii 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 28
xxviii Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 29
13 Table 2 Default administrative account names and passwords 19 Table 3 Port numbering schemes for the Brocade 48000, Brocade DCX and DCX-4S enterprise-class platforms 40 Table 4 Brocade enterprise-class platform terminology and abbreviations 44 Table 5 Port blades supported by each platform - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 30
and associated authentication policies 168 CLI commands to display or modify switch configuration information 181 Brocade configuration and connection 187 Enterprise-class platform HA sync states 191 Blade and port types supported on logical switches 221 Virtual Fabrics interaction with Fabric - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 31
an AD context 362 Available Brocade licenses 366 License requirements 368 Base to Upgrade License Comparison 371 List of available ports when implementing PODs 378 Types of monitors supported on Brocade switch models 384 Number of logical switches that support performance monitors 384 Maximum - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 32
xxxii Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 33
1, "Understanding Fibre Channel Services," provides information on the Fibre Channel services on Brocade switches. • Chapter 2, " password and user account management. • Chapter 7, "Configuring Security Policies," provides information and procedures for configuring ACL policies for FC port and switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 34
13, "Administering NPIV," provides procedures for enabling and configuring N-Port ID Virtualization (NPIV). • Chapter 14, "Interoperability for Merged SANs," provides information about using Brocade switches with other brands of switches. • Chapter 15, "Managing Administrative Domains," describes - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 35
-40FC What's new in this document • Information that was added: - Support for new hardware platforms • Brocade VA-40FC switch - Information on device login behavior - 10-bit addressing mode enhancements - WWN-based PID assignment enhancements - NPIV enhancements - Blade compatibility - Loss Dynamic - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 36
narrative portions of this guide are presented in mixed lettercase: for example, switchShow. In actual examples, command lettercase is often all lowercase. Otherwise, this manual specifically notes those cases in which a command is case sensitive. Command syntax conventions Command syntax in this - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 37
damage to hardware, firmware, software, or Windows, Windows Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, go to http://my.brocade.com and register at no cost for a user ID and password. Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 38
• Switch model • Switch operating system version • Error numbers and messages received • supportSave command output • Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 39
- Inside the chassis next to the power supply bays. • Brocade DCX Backbone - On the bottom right on the port side of the chassis. • Brocade DCX-4S Backbone - On the bottom right on the port side of the chassis. 3. World Wide Name (WWN) Use the wwn command to display the switch WWN. If you cannot use - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 40
xl Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 41
Firmware" •Chapter 10, "Managing Virtual Fabrics" •Chapter 11, "Administering Advanced Zoning" •Chapter 12, "Traffic Isolation Zoning" •Chapter 13, "Administering NPIV" •Chapter 14, "Interoperability for Merged SANs" •Chapter 15, "Managing Administrative Domains" Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 42
2 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 43
Server, Security Key Distribution Server, and Time Server. Every Brocade switch has reserved three-byte addresses referred to as well-known addresses. These services provided by Brocade switches reside at these addresses and provide a service to either nodes or management applications in the fabric - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 44
consistent format and behavior when a service provider is accessed for registration and query purposes. The Management Server The Brocade Fabric OS Management Server (MS) allows a SAN management application to retrieve information and administer interconnected switches, servers, and storage devices - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 45
Enabling platform services When FCS policy is enabled, the msplMgmtActivate command can be issued only from the primary FCS switch. The execution of the msplMgmtActivate command management applications. If the list is empty (the default), the management server is accessible to all systems connected - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 46
member to the ACL 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msConfigure command. The command becomes interactive. 3. At the "select" prompt, enter 2 to add a member based on its port/node WWN. 4. At the "Port/Node WWN" prompt, enter the WWN of - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 47
20:00:00:20:37:65:ce:44 10:00:00:60:69:04:11:24 10:00:00:60:69:04:11:23 21:00:00:e0:8b:04:70 the switch and log in as admin. 2. Enter the msConfigure command. The command becomes interactive. 3. At the "select" prompt, enter 3 to delete a member based on its port/node WWN. 4. At the "Port/Node - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 48
/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 0 Viewing the contents of the management server database 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msPlatShow command. Example of viewing the contents of the management - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 49
appropriate following command based on how you want to enable discovery: • For the local switch, enter the mstdEnable command. • For the entire fabric, enter the mstdEnable all command. Example of enabling discovery switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 50
storage and host devices are powered on and connected, the following logins occur: 1. FLOGI-Fabric Login command establishes a 24-bit address for the device logging in, and establishes buffer-to-buffer credits and the class of service supported. 2. PLOGI-Port Login command logs the device into the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 51
specific source port and destination port traffic passing though any switch port. This is only supported between F_Ports. • VE_Port - A virtual E_Port is a gigabit Ethernet switch port configured for an FCIP tunnel. However, with a VEX_Port at the other end, it does not propagate fabric services or - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 52
the fabric. • An existing device has been removed from the fabric. • A zone has changed. • A switch name has changed or an IP address has changed. • Nodes leaving or joining the fabric, such as zoning or powering on or shutting down a device, or zoning changes. NOTE Fabric reconfigurations with no - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 53
the switch at data to hosts when the switch is accessed through the APIs . Reliability, Availability, and Supportability daemon logs error detection, and when date/time changed by command. Maintains the trace dump trigger check" if auto-FTP is enabled. Traffic daemon implements Bottleneck detection - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 54
1 High availability of daemon processes 14 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 55
This chapter describes how to configure your Brocade SAN using the Fabric OS command line interface (CLI). Before you can configure a storage area network (SAN), you must power up the enterprise-class platform or switch and blades, and then set the IP addresses of those devices. Although this - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 56
interoperating with them. The hardware reference manuals for Brocade products describe how to power up devices and set their IP addresses. After the IP address is set, you can use the CLI procedures contained in this guide. For additional information about the commands used in the procedures, see - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 57
as described in "Console sessions using the serial port" on page 16. NOTE To automatically configure the network interface on a DHCP-enabled switch, plug the switch into the network and power it on. The DHCP client automatically gets the IP and gateway addresses from the DHCP server. The DHCP server - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 58
The switch automatically prompts you to change the default account passwords after logging in for the first time. If you do not change the passwords, the switch prompts you after each subsequent login until all the default passwords have been changed. 18 Fabric OS Administrator's Guide 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 59
. For more information on default accounts, see "Default accounts" on page 88. Table 2 describes the default administrative accounts for switches by model number. TABLE 2 Default administrative account names and passwords Model Administrative account Password Brocade 300, 4100, 4900, 5000 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 60
switches. The IP addresses can also be assigned to each CP individually. This allows for direct communication with a CP including the standby CP. On the Brocade DCX and DCX-4S Backbones, each CP has two management Ethernet ports Virtual Fabrics". 20 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 61
. If DHCP is enabled, the network interface information was acquired from the DHCP server. NOTE You can use either IPv4 or IPv6 with a classless inter-domain routing (CIDR) block notation (also known as a network prefix length) to set up your IP addresses. Fabric OS Administrator's Guide 21 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 62
assigned to the admin role. 2. Perform the appropriate action based on whether you have a switch or enterprise-class platform: • If you are setting the IP address for a switch, enter the ipAddrSet command. • If you are setting the IP address for an enterprise-class platform, enter the ipAddrSet - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 63
By default, some Brocade switches have DHCP enabled. The Brocade 48000 director and Brocade DCX and Brocade DCX-4S enterprise-class platforms do not support DHCP. The Fabric OS DHCP client supports the following parameters: • External Ethernet port IP addresses and subnet masks • Default gateway IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 64
OS v6.2.0 or later, will cause IPv6 autoconfiguration to be enabled on the upgraded platform. In upgrades or downgrades between versions of Fabric OS that support autoconfiguration, the enabled state of IPv6 autoconfiguration will not be changed. 24 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 65
, there can be a maximum of eight logical switches per director or enterprise-class platform. Only the default switch in the chassis will update the hardware clock. When the date command is issued from a non-principal pre-Fabric OS v6.2.0 switch, the date command request is dropped by a Fabric OS v6 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 66
format. For more information about the tsTimeZone command, refer to the Fabric OS Command Reference. When you set the time zone for a switch, you can perform the following tasks: • Display all of the time zones supported in the firmware. • Set the time zone based on a country and city combination or - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 67
to the switch and log in using an account assigned to the admin role and with the chassis-role permission. 2. Enter the tsTimeZone command. • Use tsTimeZone with no parameters to display the current time zone setting. • Use --interactive to list all of the time zones supported by the firmware. • Use - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 68
propagated to all switches in the fabric. Domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can change them manually so that you can control the ID number or resolve a domain ID conflict when you merge fabrics. 28 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 69
to have its domain ID changed to a domain ID not used within the fabric. The default domain ID for Brocade switches is 1. ATTENTION Do not use domain ID 0. The use of this domain ID can cause the switch to reboot continuously. Avoid changing the domain ID on the FCS in secure mode. To minimize - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 70
accept the other settings and exit. 7. Enter the switchEnable command to re-enable the switch. Switch names Switches can be identified by IP address, domain ID, World Wide Name (WWN), or by customized switch names that are unique and meaningful. Switch names can be from 1 to 30 characters long. All - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 71
you perform graceful shutdowns of Brocade switches and enterprise-class platforms. Warm reboot refers to shutting down the appliance per the instructions below, also known as a graceful shutdown. Cold boot refers to shutting down the appliance by suddenly shutting down power and then turning it back - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 72
Power down. 5. Power off the switch. Powering off a Brocade enterprise-class platform 1. From the active CP in a dual-CP platform, enter the sysShutdown command. NOTE When the sysShutdown command is issued system halt NOW !! 4. Power off the switch. 32 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 73
one. For devices that cannot be powered off, first use the portDisable command to disable the port on the switch, connect the device, and then use the portEnable command to enable the port. Switch connection See the hardware user's guide of your specific switch for interswitch link (ISL) connection - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 74
2 Basic connections 34 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 75
44 •Enabling and disabling blades 48 •Blade swapping 50 •Power management 53 •Equipment status 54 •Track and control switch changes 56 •Audit log configuration 59 PIDs and PID binding overview Port identifiers (PIDs, also called Fabric Addresses) are used by the routing and zoning services in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 76
mode enabled, each port has a fixed address assigned by the system based on the port number. This address does not change unless you choose to swap the address using the portSwap command. 10-bit addressing mode This is the default mode for all the logical switches created in the Brocade DCX - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 77
Port-based mode does not support the upper 16 ports of a 48 port blade in a logical switch. WWN-based PID assignment WWN-based PID assignment is disabled by default. When the feature is enabled devices when you enable the feature, you must manually enter the WWN-based PID assignments through the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 78
and is supported in the default switch on a Brocade DCX and DCX-4S. This feature is not supported on application blades such as the FS8-18, FX8-24, and the FCOE10-24. The total number of ports in the default switch must be 256 or less. When the WWN-base PID assignment feature is enabled and a new - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 79
differ from those for fixed-port switches. For example, fixed-port models identify ports only by the port number, while enterprise-class platforms identify ports by slot/port notation. NOTE For detailed information about the Brocade 48000 director, and the Brocade DCX and DCX-4S enterprise - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 80
-class platforms. TABLE 3 Port blades Port numbering schemes for the Brocade 48000, Brocade DCX and DCX-4S enterprise-class platforms Numbering scheme FC2-16 FC4-16 FC8-16 FC4-32 FC8-32 FC4-48 FC8-48 FC8-64 FC10-6 FC4-16IP FA4-18 FR4-18i FS8-18 FCOE10-24 FX8-24 Ports are numbered from 0 through - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 81
ID no longer match. On 48-port blades, port swapping is supported only on ports 0-15. To determine the area ID of a particular port, enter the switchShow command. This command displays all ports on the current (logical) switch and their corresponding area IDs. Port identification by index With the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 82
IDs of two physical switch ports. In order to swap port area IDs, the port swap feature must be enabled, and both switch ports must be disabled. The swapped area IDs for the two ports remain persistent across reboots, power cycles, and failovers. Brocade 48000 and Brocade DCX platforms only: You - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 83
persistently disabled and you use the portEnable command to enable a disabled port, the port will revert to being disabled after a power cycle or a switch reboot. To ensure the port remains enabled, use the portCfgPersistentEnable command as instructed below. CAUTION The fabric will be reconfigured - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 84
. The third generation Brocade platform 16-port blade supporting 1, 2, and 4 Gbps port speeds. This port blade is compatible only with the Brocade 48000 CP blades. A 16-port Brocade platform port blade supporting 1, 2, 4, and 8 Gbps port speeds. 44 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 85
port speeds. The Brocade DCX and DCX-4S support loop devices on 64-port blades in a Virtual Fabric-enabled environment. The loop devices can only be attached to ports on a 64-port blade that is not a part of the default logical switch. A 6-port Brocade platform port blade supporting 10 Gbps port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 86
becomes faulty. You can correct this issue by upgrading the firmware on the CP blade in a Brocade DCX or DCX-4S chassis. Mixed CP blades are not supported on a single chassis, except during specific upgrade procedures detailed in the Brocade 48000 Hardware Reference Manual. CP4 and CP8 blades cannot - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 87
Blade terminology and compatibility 3 TABLE 5 Port blades supported by each platform (Continued) Port blades Brocade 48000 (CP4) Brocade DCX and DCX-4S FS8-18 Unsupported Supported FX8-24 Unsupported Supported 1. During power up when an FCOE10-24 is detected first before any other AP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 88
-versa) is allowed without any pre-conditions • When Virtual Fabrics is enabled (regardless of whether the FR4 -18i or FX8-24 blade is in the default switch), replacing an FR4 -18i with an FX8-24 (and vice-versa) without rebooting or power cycling the chassis will fault the blade with reason code 91 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 89
not supported in either the Brocade DCX or DCX-4S enterprise-class platform. • You have turned on the power to the chassis and the FR4-18i blade in that slot was not active prior to the power-on you must persistently enable the ports manually. For instructions on how to manually persistently enable - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 90
. • Blade swapping is not supported when swapping to a different model of blade or a different port count. For example, you cannot swap an FC8-32 blade with an FC8-48 port blade. NOTE This feature is not supported on the FX8-24 DCX Extension blade. 50 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 91
associated with logical switches. For example Figure 3 shows the source blade has ports in a logical switch or logical fabric, then the corresponding destination ports must be included in the associated logical switch or logical fabric of the source ports. Fabric OS Administrator's Guide 51 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 92
action is effectively an iteration of the portSwap command for each port on the source blade to each corresponding port on the destination blade. In Figure 4 shows Virtual Fabrics, where the blades can be carved up into different logical switches as long as they are carved the same way. If slot - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 93
the source blade to the destination blade. 4. Enter the bladeEnable command on the destination blade to enable all user ports. Power management All blades are powered on by default when the switch chassis is powered on. Blades cannot be powered off when POST or AP initialization is in progress. To - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 94
the appropriate values. 5. Enter the psShow to display the current status of the switch power supplies. Refer to the hardware reference manual of your system to determine the appropriate values. 6. Enter the slotShow -m command to display the inventory and the current status of each slot in the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 95
, and running the POST. ENABLED: The blade is on and enabled. DISABLED: The blade is powered on but disabled. FAULTY: The blade is faulty because an error was detected. The reason code numbers displayed are used by Support personnel to assist with problem diagnosis. Review the system error logs for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 96
switch changes 4. Enter the nsAllShow command to display the 24-bit Fibre Channel addresses of all devices in the fabric. switch: can also be enabled (see the trackChangesHelp command in the Fabric OS Command Reference). Enabling the track changes feature 1. Connect to the switch and log in using - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 97
switch to MARGINAL or DOWN. For example, if the FaultyPorts DOWN parameter is set to 3, the status of the switch will change if three ports Guide. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchStatusPolicyShow command. Whenever there is a switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 98
switchStatusPolicyShow command to view your current switch status policy configuration. Example output from a switch The following example displays what is typically seen from a Brocade 300, of range Flash contributing to DOWN status: (0..1) [0] 58 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 99
Brocade DCX and DCX-4S enterprise-class platforms, the command output includes parameters related to CP blades. Audit log configuration When managing SANs you may want to audit certain classes of events to ensure that you can view and generate an audit log for what is happening on a switch default, - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 100
classes and the auditCfg command operands used to enable auditing of a specific IP address>/,/,/, , Switch names are logged for switch to the Fabric OS Troubleshooting and Diagnostics Guide. Verifying host syslog prior - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 101
be generated. 2. On the switch where the audit configuration is enabled, enter the syslogdIpAdd command to add the IP address of the host machine so enable command, which enables audit event logging based on the classes configured in step 2. switch:admin> auditcfg --enable Audit filter is enabled - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 102
3 Audit log configuration 62 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 103
Dynamic Load Sharing on ports 79 •Frame Redirection 81 Routing overview Data moves through a fabric from switch to switch and from storage to server supported. Both Unicast Class 2 and 3 traffic are supported. Broadcast and multicast are supported in Class 3 only. Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 104
and destination based upon the the switches in ports on the switch. FSPF is not involved in frame switching switch will be used as the Principal ISL. Figure 5 shows the thicker red lines as principal ISLs, and thinner green lines as regular ISLs. FIGURE 5 Principal ISLs ATTENTION FSPF only supports - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 105
FSPF calculates paths based on the destination known as cut-through routing. A frame may begin to emerge from the output port before it has been entirely received by the input port. The entire frame does not need to be buffered in the switch equivalent to this IP-NAT is the Guide 65 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 106
link between two switches, E_Port-to-E_Port. The ports of the two switches automatically come online as E_Ports, once the login process finishes successfully. For more information on the login process refer to Chapter 1, "Understanding Fibre Channel Services". FIGURE 6 New switch added to existing - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 107
. Some fabric services, such as Management Server must match. If it is enabled in the fabric, then the switch you are introducing into the fabric must also have it enabled. If you experience a segmented fabric, refer to the Fabric OS Troubleshooting and Diagnostics Guide to fix the problem. Buffer - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 108
switch links FIGURE 7 Virtual Channels on a 1/2/4 Gbps ISL Quality of Service (QoS) is a licensed traffic shaping feature available in Fabric OS. QoS allows the prioritization of data traffic based VC8-14, are used to multiplex data frames based upon QoS Zones when congestion occurs. For more - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 109
such as IP or SONET. Except for link initialization, gateways are transparent to switches; the gateway simply provides E_Port connectivity from one switch to another. Figure 9 shows two separate SANs, A-1 and A-2, merged together using a gateway. Fabric OS Administrator's Guide 69 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 110
link merges SAN By default, switch ports initialize links using the Exchange Link Parameters (ELP) mode 1. However, gateways expect initialization with ELP mode 2, also referred to as ISL R_RDY mode. Therefore, to enable two switches to link through a gateway, the ports on both switches must be - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 111
Mode is enabled for port 3. Please make sure the PID formats are consistent across the entire fabric. Inter-chassis links An Inter-chassis link (ICL) is a licensed feature used to interconnect two Brocade DCX Backbones, two Brocade DCX-4S, or a Brocade DCX and a Brocade DCX-4S Backbone. ICL ports in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 112
addition or removal of a license, the license enforcement is performed on the ICL ports only when you issue the portDisable or portEnable commands on the switch for the ports. All ICL ports must be disabled, and then re-enabled for the license to take effect. An ICL license must be installed on both - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 113
Hardware Reference Manual for instructions on how to cable ICLs. Chassis 1 Chassis 3 ICL 3 ICL 1 ICL 2 Chassis 2 FIGURE 11 ICL triangular topology Virtual Fabrics considerations: In Virtual Fabrics, the ICL ports can be split across the logical switch, base switch and default switch. The - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 114
supported policies for the switch. Example of the output from the aptPolicy command. In the following example, the current policy is exchange-based routing (3) with the additional AP dedicated link policy. switch:admin> aptpolicy Current Policy: 3 1(ap) 3 0(ap): Default Policy 1: Port Based Routing - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 115
backbone traffic is load-balanced based on SID, DID, and OXID. Whatever routing policy a switch is using applies to the VE_Ports as well. For more information on VE_Ports, refer to the Fibre Channel over IP Administrator's Guide. AP route policy On the Brocade 7500 switch and FR4-18i blade, eight - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 116
based routing policy, DLS is enabled by default and cannot be disabled. In other words, you cannot enable or disable DLS when the exchange-based routing policy is in effect. When the port-based policy is in force, you can enable to the switch and log in as admin. 2. Enter the dlsShow command to view - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 117
:admin> dlsreset switch:admin> dlsshow DLS is not set Static route assignment A static route can be assigned only when the active routing policy is port-based routing. When exchange-based routing is active, you cannot assign static routes. Static routes are supported only on the Brocade 4100 and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 118
By default, out-of-order frame-based delivery is allowed to minimize the number of frames dropped. Enabling in- command. Restoring out-of-order frame delivery across topology changes 1. Connect to the switch and log in as admin. 2. Enter the iodReset command. 78 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 119
-32 and FX8-18 application blades in the Brocade DCX and DCX-4S enterprise-class platforms. On the Brocade 7800 switch and the FX8-24 application blade, Lossless DLS is supported only on FC to FC port flows. ATTENTION When you implement Lossless DLS, the switches in the fabric must all have either - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 120
DLS enabled Exchange-based Disabled Exchange-based Enabled No frame loss, but out of order frames may occur. No frame loss and no out of order frames. Topology restrictions apply. Intended for FICON environment. Lossless core Lossless core works with the default configuration of the Brocade DCX - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 121
of how DLS affects other logical switches in the fabric On a Brocade DCX platform, logical switch 1 consists of ports 0 through 5 in slot 1. Logical switch 2 consists of ports 6-10 in slot 1. The Lossless DLS feature is enabled on logical switch 1. Because ports 0-10 in slot 1 belong to a logical - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 122
as the virtual initiator and the port where the appliance is attached to the target switch is the virtual target. Creating a frame redirect zone The first time this command is run the following zone objects are created by default: • The base zone object, "red_______base". • The RD zone configuration - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 123
password 95 •The authentication model using RADIUS and LDAP 99 User accounts overview In addition to the default accounts-root, factory, admin, and user-Fabric OS supports up to 252 additional user-defined accounts in each logical switch in to by default. The home in to by default. The home enabled - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 124
user database. The local user database is manually synchronized using the distribute command to push a copy of the switch's local user database to all other Fabric OS v5.3.0 and later switches in the fabric. Role-Based Access Control (RBAC) Role-Based Action Control (RBAC) defines the capabilities - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 125
user-defined accounts, the default home domain is the Admin -a to show all users on a switch. M Modify The user can run commands using options that create, change, and ON OM O NO O O NO N N NN O O ON N N NN N OM O N OM N NN Fabric OS Administrator's Guide 85 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 126
Basic Switch Admin Fabric Admin Operator Security Switch Firmware Management FRU Management HA (High Availability) IPsec Management iSCSI License LDAP Local User Environment Logging Management Access Configuration Management Server Name Server Nx_Port Management Physical Computer System PKI Port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 127
Port OM O OM OM N Switch Configuration OM O OM OM OM Switch Management OM O OM OM O Switch Management-IP Configuration OM O OM OM OM Switch Port Configuration OM OM OM OM O Switch Port management workstation and the switch. Table 13 shows the on a switch may not exceed - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 128
Connect to the switch and log in using an account assigned to the admin role. 2. Enter the userConfig --add command. 3. In response to the prompt, enter a password for the account. The password is not displayed when you enter it on the command line. 88 Fabric OS Administrator's Guide 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 129
account 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the passwd command specifying the name of the account for which the password is being changed. 3. Enter the requested information at the prompts. Fabric OS Administrator's Guide 89 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 130
. NOTE If Virtual Fabrics mode is enabled and there are logical switches defined other than the default logical switch, then distributing the password database to switches is not supported. If the distribute command is issued from a pre-Fabric OS v6.2.0, switches running Fabric OS v6.2.0 or later - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 131
changes are not permitted on the standby CP. Password authentication policies configured using the passwdCfg command are not enforced during initial prompts to change default passwords. Password strength policy The password strength policy is enforced across all user accounts, and enforces a set - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 132
values that are disallowed when setting a new password. Allowable password history values range between 0 and 24. If the value is set to 0, it means that the new password cannot be set to current password, but can be set to 1 previous password. The default value is 1, which means the current and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 133
the maximum number of days that can elapse before a password must be changed, and is also known as the password expiration period. MaxPasswordAge values range from 0 to 999. The default value is zero. Setting this parameter to zero disables password expiration. • Warning Specifies the number of days - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 134
using an incorrect password before the 999, and the default value is 0. , and the default value is 30 Enabling the admin lockout policy 1. Log in to the switch switch using an account that is an Admin role or securityAdmin role. 2. Enter the passwdCfg --disableadminlockout command. Denial of service - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 135
to the following switch models: Brocade 300, 4100, 4900, 5000, 5410, 5424, 5450, 5460, 5470, 5480, 5100, 5300, 7500, 7500E, 7600, 7800 and 8000 switches. If your switch is not listed, please contact your switch support provider for instructions. 1. Connect to the serial port interface as described - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 136
is automatically saved. 7. Reboot the switch by typing the reset command at the prompt. Setting the boot PROM password for a director with a recovery string This procedure applies to the following enterprise-class platforms: Brocade 48000 director and Brocade DCX and DCX-4S Data Center Backbones - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 137
models: Brocade 300, 4100, 4900, 5000, 5410, 5424, 5450, 5460, 5470, 5480, 5100, 5300, 7500, 7500E, 7600, 7800, 8000, and VA-40FC switches. The password recovery instructions contained within this section are only for the switches listed. If your switch is not listed, contact your switch support - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 138
use. 7. Enter the saveEnv command to save the new password. 8. Reboot the switch by entering the reset command. Setting the boot PROM password for a director without a recovery string This procedure applies to the following enterprise-class platforms: Brocade 48000 director, Brocade DCX and DCX-4S - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 139
high availability. NOTE To recover lost passwords refer to the Fabric OS Troubleshooting and Diagnostics Guide. The authentication model using RADIUS and LDAP Fabric OS supports the use of either the local user database and the remote authentication dial-in user service (RADIUS) at the same time; or - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 140
LDAP servers do not respond due to power failure or network problems, the switch uses local authentication. Consider the effects of the use of RADIUS or LDAP service on other Fabric OS features. For example, when RADIUS or LDAP service is enabled, all account passwords must be managed on the RADIUS - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 141
LDAP server role to one of the default roles available on a switch. RADIUS and LDAP support all the defined RBAC roles described in Table 10 on page 84. Users must enter their assigned RADIUS or LDAP account name and password when logging in to a switch that has been configured with RADIUS or LDAP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 142
name of the assigned role and other supported attribute values such as Admin Domain member list. Fabric OS users on the RADIUS server All existing Fabric OS mechanisms for managing local switch user accounts and passwords remain functional when the switch is configured to use RADIUS. Changes made - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 143
The authentication model using RADIUS and LDAP 5 Windows 2000 IAS To configure a Windows 2000 internet authentication service (IAS) server to use VSA to pass the Admin role to the switch in the dial-in profile, the configuration specifies the Vendor code (1588), Vendor-assigned attribute number - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 144
model codes to specify key-value pairs. Note that a switch always parses these attributes from Vendor-Type code 2 to Password == "password" Brocade-Auth-Role = "operator", Brocade-AVPairs1 = "ADList=1,2;HomeAD=2", Brocade-AVPairs2 = "ADList=-4-8,20;ADList=7,9,12" 104 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 145
To set up the RADIUS server, you must know the switch IP address, in either IPv4 or IPv6 notation, or the name to connect to switches. Use the ipAddrShow command to display a switch IP address. For Brocade directors, the switch IP addresses are aliases of the physical Ethernet interfaces on the CP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 146
information service (NIS) for authentication, the only way to enable authentication with the password file is to force the Brocade switch to authenticate using password authentication protocol (PAP); this requires the -a pap option with the aaaConfig command. 106 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 147
model using RADIUS and LDAP 5 Enabling clients Clients are the switches that will use the RADIUS server; each client must be defined. By default, all IP addresses are blocked. The Brocade 48000 director, Brocade DCX and DCX-4S enterprise-class platforms send their RADIUS requests using the IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 148
to the Internet Authentication Service window, add additional policies for all Brocade login types for which you want to use the RADIUS server. After this is done, you can configure the switch. RSA RADIUS server Traditional password-based authentication methods are based on one-factor authentication - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 149
authentication model brocade ignore-ports = no port-number-usage = per-port-type help-id = 2000 b. Create a brocade.dct file that needs to be added into the dictiona.dcm file located in the following path: C:\Program Files\RSA Security\RSA RADIUS\Service Figure 14 on page 110 shows what the brocade - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 150
.dct @bandwagn.dct @brocade.dct - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 151
use the ldapCfg --maprole ldap_role name switch_role command to map an LDAP server role to one of the default roles available on a switch. For more information on RBAC roles, see "Role-Based Access Control (RBAC)" on page 84. NOTE All instructions involving Microsoft Active Directory can be obtained - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 152
's role name. or Use the ldapCfg --maprole ldap_role_name switch_role command to map an LDAP server role to one of the default roles available on the switch. 4. Associate the user to the group by adding the user to the group. For instructions on how to create a user refer to www.microsoft.com or - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 153
installed to proceed with the rest of the setup. For Windows 2003, this utility comes with Service Pack 1 or you can download this utility from the Microsoft web 128,10;ChassisRole=admin In this example, the logical switch that would be logged into by default is 10. If 10 is not available then the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 154
You must be logged in as admin or switchAdmin to configure the RADIUS service. NOTE On dual-CP enterprise-class platforms (Brocade 48000, Brocade DCX and DCX-4S backbones), the switch sends its RADIUS or LDAP request using the IP address of the active CP. When adding clients, add both the active and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 155
can log in to the default switch accounts (admin and user) or any user-defined account. You must know the passwords of these accounts. When the command succeeds, the event log indicates that local database authentication is disabled or enabled. Fabric OS Administrator's Guide 115 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 156
5 The authentication model using RADIUS and LDAP 116 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 157
129 •Listener applications 131 •Ports and applications used by switches 131 Security protocols Security protocols communicating, is known as two-factor authentication. Two-factor authentication requires public key infrastructure (PKI) deployment to clients. Fabric OS supports the secure - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 158
the user, if necessary. Fabric OS uses secure socket layer (SSL) to support HTTPS. A certificate must be generated and installed on each switch to enable SSL. Supports SSLv3, 128-bit encryption by default. Table 19 describes additional software or certificates that you must obtain to deploy secure - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 159
prompt. Example of setting up SCP for configUpload/download switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] n ssl attributes (yes, y, no, n): [no] n http - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 160
password-less logins, known based authentication systems is that in many cases, it is possible to establish secure connections without having to manually type in a password. RSA and DSA asynchronous algorithms are FIPS-compliant. Allowed-user The default command: switch to-switch ( command: switch: - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 161
-user and entering the sshUtil exportpubkey command to export the key. Example of exporting a public key from the switch switch:kghanta> sshutil exportpubkey Enter IP address:192.168.38.244 Enter remote directory:~auser/.ssh Enter login name:auser Password: public key out_going.pub is exported - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 162
Internet Certificate Authority (CA) that acts as the trusted key agent. Certificates are based on the switch IP address or fully qualified domain name (FQDN), depending on the issuing CA. If you change a switch IP address or FQDN after activating an associated certificate, you may have to obtain and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 163
listed in Table 21. Brocade supports .pem, .crt. services operate correctly, but the Web Tools Fabric Events button is unable to retrieve events for the entire fabric. Each CA (for example, Verisign or GeoTrust) has slightly different requirements; for example, some generate certificates based on IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 164
this procedure on each switch. 1. Connect to the switch and log in as admin. 2. Enter the secCertUtil genkey command to generate a public/ name):San Jose Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Eng Common Name (Fully qualified Domain Name, or IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 165
and go to the CA Web site. Follow the instructions to request a certificate. Locate the area in the request form into which you are to paste the CSR. 3. Through a Telnet window, connect to the switch and log in as admin. 4. Enter the secCertUtil showcsr command. The contents of the CSR are displayed - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 166
action based on whether instructions to import the certificate. Root certificates for the Java Plug-in For information on Java requirements, see "Browser and Java support" on page 122. This procedure is a guide Command Prompt window and change the directory to the Java Plug-in bin. - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 167
, changeit is the default password and RootCert is an Brocade switches specifically. • FibreAlliance MIB trap Associated with the FibreAlliance MIB (FA-MIB), this MIB manages SAN switches and devices from any company that complies with FibreAlliance specifications. Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 168
allow SNMP to obtain the port information only from within the current Virtual Fabrics context. Switch and Chassis context enforcement All attributes are classified into one of two categories: • Chassis-level attributes • Switch-level attributes 128 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 169
MIB files, naming conventions, loading instructions, and information about using the Brocade SNMP agent, see the Fabric OS MIB Reference. Telnet protocol Telnet is enabled by default. To prevent passing clear text passwords over the network when connecting to the switch, you can block the Telnet - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 170
has to precede the default rule number for this switch through a serial port or SSH and log in as admin. 2. Type in the ipfilter --delete command. Refer to "Deleting a rule to an IP Filter policy" on page 157 for more information on deleting IP filter rules. 130 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 171
Ports and applications used by switches If you are using the FC-FC Routing Service, be aware that the secModeEnable command is not supported in Fabric OS v6.1.0 and later. Table 23 lists the defaults for accessing hosts, devices, switches, and zones. TABLE 23 Access defaults Access default - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 172
default Devices Switch access Zoning All devices can access the management server. Any device can connect to any FC port in the fabric. Any switch can join the fabric. All switches in the fabric can be accessed through a serial port. No zoning is enabled. Port configuration Table 24 provides - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 173
(DCC) policies - Used to restrict which Fibre Channel device ports can connect to which Fibre Channel switch ports. • Switch connection control (SCC) policy - Used to restrict which switches can join with a switch. NOTE Run all commands in this chapter by logging in to Administrative Domain (AD - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 174
for specifying policy members are listed in Table 25. TABLE 25 Valid methods for specifying policy members Policy name Device port WWN Switch WWN Domain ID Switch name FCS_POLICY DCC_POLICY_nnn SCC_POLICY No Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes ACL policy management All - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 175
command. Until a secPolicySave or secPolicyActivate command is issued, all policy changes are in volatile memory only and are lost upon rebooting. 1. Connect to the switch by entering the secPolicyActivate command. Example of deleting an ACL policy switch:admin> secpolicydelete "DCC_POLICY_010" - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 176
: switch:admin> secpolicyadd "SCC_POLICY", "12:24:45:10:0a:67:00:40" Member(s) have been added to SCC_POLICY. Example of adding members to the DCC policy To add two devices to the DCC policy, and to attach domain 3 ports 1 and 3 (WWNs of devices are 11:22:33:44:55:66:77:aa and 11 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 177
because of a fabric merge is not blocked. Consequently, a new switch that joins the FCS-enabled fabric could still propagate the AD and zone database. Table 27 on page 138 shows the commands for switch operations for Primary FCS enforcement. Fabric OS Administrator's Guide 137 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 178
localreject secPolicyDelete (Allowed on all switches for SCC and DCC policies as -FCS switch.) secPolicyRemove (Allowed on all switches for commands secPolicyAbort All zoning commands except the show commands SNMP commands All AD commands configupload Any local-switch commands Any AD command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 179
the fddCfg --fabwideset command or it can be manually distributed to the switches using the distribute -p command. Each switch that receives the FCS switch. FCS policy configuration and management is performed using the command line or a manageability interface. Fabric OS Administrator's Guide 139 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 180
and loop hubs. By default, all device ports are allowed to connect to all switch ports; no DCC policies exist until switch ports that are not specified in any DCC policies. When a DCC violation occurs, the related port is automatically disabled and must be re-enabled using the portEnable command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 181
are not supported on the CEE ports of the Brocade 8000. port or area number) • deviceportWWN;switchname (port or area number) 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the secPolicyCreate "DCC_POLICY_nnn" command. Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 182
secPolicyActivate command. If neither of these commands is entered, the changes are lost when the session is logged out. Example s of creating DCC policies To create the DCC policy "DCC_POLICY_server" that includes device 11:22:33:44:55:66:77:aa and port 1 and port 3 of switch domain 1: switch:admin - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 183
domain IDs, or switch names. Only one SCC policy can be created. By default, any switch is allowed to join switch supports an SCC policy. You can configure and distribute an SCC policy on a logical switch. • SCC enforcement is performed on a ISL based on the SCC policy present on the logical switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 184
feature is available in base Fabric OS. No license is required. FCAP requires the exchange of certificates between two or more switches to authenticate to each other before they form or join a fabric. By default, these certificates are issued by Brocade, and therefore Brocade is the root CA - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 185
will be initiated automatically on ports or switches brought online if the policy is set to activate authentication. The AUTH policy is distributed by command; automatic distribution of the AUTH policy is not supported. The default configuration directs the switch to attempt FCAP authentication - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 186
using an account assigned to the admin role. 2. Enter the authUtil --authinit command. Example for specific ports on the switch switch:admin> authutil --authinit 2,3,4 Example for all E_Ports on the switch switch:admin> authutil --authinit allE Example for enterprise-class platforms using the slot - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 187
the device authentication requires manual interaction in setting the HBA shared secrets and switch shared secrets, and most of the HBAs do not support the defined DH groups for use in the DH-CHAP protocol. By default the switch is in the OFF state, which means the switch clears the security bit - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 188
HBAs The following HBAs support authentication: • Emulex LP11000 (Tested with Storport Miniport v2.0 windows driver) • Qlogic QLA2300 (Tested with Solaris v5.04 driver) • Brocade Fibre Channel HBA models 415, 425, 815 and 825 Authentication protocols Use the authUtil command to perform the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 189
list of secret key pairs in the current switch database 1. Log in to the switch using an account assigned to the admin role. 2. Enter the secAuthSecret --show command. The output displays the WWN, domain ID, and name (if known) of the switches with defined shared secrets: WWN DId Name 10 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 190
Done. 3. Disable and enable the ports on a peer switch using the portDisable and portEnable commands. FCAP configuration overview You can configure the switch to use either Brocade or a third-party certificates for authentication with the peer switch. By default, Brocade certificates are used for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 191
ATTENTION Only the .pem file is supported for FCAP authentication. TABLE 31 FCAP Private Key and Csr... Switch key pair and CSR generated... 3. Repeat step 2 on the remote switch. Exporting the CSR for command. switch:admin> seccertutil export -fcapswcert Select protocol [ftp or scp]: scp Enter IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 192
authinit command to start the authentication using the newly imported certificates. 3. Enter the authUtil --policy -sw command and select active or on, the default is passive. This makes the changes permanent and forces the switch to request authentication. 152 Fabric OS Administrator's Guide 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 193
IP Filter policy 7 Fabric-wide distribution of the Auth policy The AUTH policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the AUTH policy, see "Distributing the local ACL policies" on page 160 for instructions. Local Switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 194
to its default state. An IP Filter policy without any rule cannot be activated. This subcommand prompts for a user confirmation before proceeding. 1. Log in to the switch using an account assigned to the admin role. 2. Enter the ipFilter --activate command. 154 Fabric OS Administrator's Guide 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 195
used by clients. For an IP Filter policy rule, you can only select port numbers in either the well-known or the registered port number range, between 0 and 49151, inclusive. This means that you have the ability to control how to expose the management services hosted on a switch, but not the ability - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 196
affected. TABLE 33 Implicit IP Filter rules Source address Destination port Protocol Action Any 1024-65535 TCP Permit Any 1024-65535 UDP Permit A switch with Fabric OS v6.2.0 or later will have a default IP Filter policy for IPv4 and IPv6. The default IP Filter policy cannot be deleted - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 197
match is found for the source address, destination port, and protocol, the corresponding action for this default action, which is to deny, is taken. When the IPv4 or IPv6 address for the management interface of a switch is changed through the ipAddrSet command or manageability tools, the active IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 198
transaction is aborted. The IPFilter policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the IPFilter policy, see "Distributing the local ACL policies" on page 160 for instructions. Switches with Fabric OS v6.2.0 or later have - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 199
(default) switches. TABLE 36 Supported policy databases Database type Database identifier (ID) Authentication policy database DCC policy database FCS policy database IP Filter policy database Password database SCC policy database AUTH DCC FCS IPFILTER PWD SCC Use the chassisDistribute command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 200
Consistency Policy:- "" Enabling local switch protection 1. Connect to the switch and log in command. ACL policy distribution to other switches This section explains how to manually distribute local ACL policy databases. The distribute command has the following dependencies: • All target switches - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 201
switches in the fabric. NOTE FC routers cannot join a fabric with a strict fabric-wide consistency policy. FC routers do not support automatically distributed to other switches in the fabric. All switch and log in using an account assigned to the admin role. 2. Enter the fddCfg --fabwideset command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 202
and Defined policy set where it is absent. If the ACL policies do not match, the switch cannot join the fabric and the neighboring E_Ports are disabled. Use the fddCfg --fabwideset command on either this switch or the fabric to set a matching strict SCC or DCC fabric-wide consistency policy. Use ACL - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 203
SCC/DCC Different SCC/DCC Fails policies policies Ports are disabled. 1. To resolve the policy conflict, manually distribute the database you want to use to the switch with the mismatched database. Until the conflict is resolved, commands such as fddCfg --fabwideset and secPolicyActivate are - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 204
to create a tunnel that protects traffic flows. The tunnel has at each end a Brocade switch or enterprise-class platform. There may be routers, gateways, and firewalls in between the two ends. ATTENTION Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 205
of service (DoS command, you must configure multiple security policies for traffic flows on the Ethernet management interfaces based on IPv4 or IPv6 addresses, a range of IPv4 or IPv6 addresses, the type of application, port numbers, and port no inner IP header. If there is an inner IP header, - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 206
of protection provided by a corporate firewall against Internet-based attacks. In either case, the protected endpoint will want an IP address associated with the security gateway so that packets integrity and confidentiality of the communication. 166 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 207
IP datagram. This HMAC is then included in the IPsec protocol header and the receiver of the packet can check the HMAC if it has access to the secret key. To protect against denial of service attacks, the IPsec protocols use a sliding window flush manual-sa command to remove all SA entries - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 208
MD5 hash algorithm is blocked when FIPS mode is enabled Triple DES is a more secure variant of DES services afforded to a packet and the treatment of a packet in the network. An IPsec policy allows classifying IP policy are: IP packet filter and selector (IP address, protocol, and port information) - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 209
command can be used for manually keyed connections, which means that all parameters needed for the setup of the connection are provided by you. Based on which protocol, algorithm, and key used for the creation of the security associations, the switch command does not support manipulating pre-shared - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 210
. Manual SA entries are persistent across system reboots. Creating the tunnel These instructions do not take the place of creating a tunnel for either a FR4-18i or FX8-24. For information on creating tunnels for those application blades, refer to the Fibre Channel over IP Administrator's Guide Each - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 211
protected. a. Initiate a telnet, SSH, or ping session from the two switches. b. Verify that IP traffic is encapsulated. c. Monitor IPsec SAs created using IKE for above traffic flow • Use the ipSecConfig --show manual-sa -a command with the operands specified to display the outbound and inbound SAs - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 212
keys. The two systems are a switch, BROCADE300 (IPv4 address 10.33.74 enable command to enable IPsec on the switch. 3. Create an IPsec SA policy named AH01, which uses AH protection with MD5. switch:admin> ipsecconfig --add policy ips Windows XP or 2000 Host as Windows XP and 2000 do not support - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 213
the IPsec SAs created with IKE using the ipsecConfig --show manual-sa -a command. 11. Perform the equivalent steps on the remote peer to complete the IPsec configuration. Refer to your server administration guide for instructions. 12. Generate IP traffic and verify that it is protected using defined - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 214
7 Management interface security 174 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 215
Guide. There are two ways to view configuration settings for a switch in a Brocade fabric: • Issue the configShow -all command. To display configuration settings, connect to the switch, log in as admin, and enter the configShow -all command. The configuration settings vary depending on switch model - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 216
, and one or more switch sections. If you upgrade the firmware on any existing switches from pre-Fabric OS v6.2.0 to v6.2.0, then you must perform the configUpload command to upload both chassis and switch information. CAUTION If you have Virtual Fabrics enabled, you must follow the procedure - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 217
ID = 1 [Boot Parameters] [Configuration] [Bottleneck Configuration] [Zoning] [Defined Security policies] [Active Security policies] [iSCSI] [cryptoDev] [FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 1] Fabric OS Administrator's Guide 53-1001763-01 Configuration settings 8 177 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 218
files for all switches in the fabric and avoid copying configurations from one switch to another. The configUpload command, by default, only uploads the switch context configuration for the logical switch context in which the command is executed. 178 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 219
the configUpload command while logged into AD255. switch:AD5:admin> ad --select 5 switch:AD5:admin> configUpload Protocol (scp or ftp) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: /pub/configurations/config.txt Password: - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 220
switch model, because configuration files from other model switches or firmware versions might cause your switch to fail. If a configDownload command is issued on a non-FCR platform (for example, the configuration file from a Brocade 7500 downloads to a Brocade to the default switch or chassis - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 221
Fabric system will only have configuration applied to the default switch. If there are multiple logical switches created in a Virtual Fabric-enabled system, there could be some issues if there are ports that belong to the default switch in a Virtual Fabric-disabled system, but are now assigned - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 222
, or ACL, then you must disable the switch. When you use the configDownload command, you will be prompted to disable the switch only when necessary. Configuration download without disabling a switch is independent of the hardware platform and supported on all hardware platforms running Fabric OS v6 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 223
to complete for large files. Do you want to continue [y/n]: y Password: configDownload complete. Example of configDownload with Admin Domains switch:AD5:admin>configdownload Protocol (scp or ftp) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 224
switch to another switch that is a different model or firmware version, because it can cause the switch to fail. If you need to reset affected switches, issue the configDefault command the switch identity cannot be changed by the configDownload command. Parameters such as the switch name and IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 225
a configuration file from a switch with Virtual Fabrics enabled The configUpload command with the -vf option IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: 5100.txt Potentially remote file may get overwritten Section (all|chassis|FID# [all]): Password - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 226
command. 6. Respond to the prompts. 7. Wait for the configuration file to download to the switch. 8. Verify the LISL ports are set up correctly. Example of a non-interactive download from a switch with an FID = 8, to FID 10 configdownload -fid 8 -sfid 10 -ftp 10.1.2.3,UserFoo,config.txt,password - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 227
43 as a hard copy reference for your configuration information. In the hardware reference manuals for the Brocade 48000 director and the Brocade DCX and DCX-4S enterprise-class platform, there is a guide for FC port setting tables. The tables can be used to record configuration information for the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 228
8 Brocade configuration form 188 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 229
and 6 on the Brocade DCX-4S. NOTE For more information on troubleshooting a firmware download, refer to the Fabric OS Troubleshooting and Diagnostics Guide. You can download Fabric OS to a director, which is a chassis; and to a nonchassis-based system, also referred to as a switch. The difference in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 230
the secondary partition. ATTENTION The Brocade 8000 does not support a non-disruptive firmwareDownload. The switch reboots once the firmware upgrade or downgrade is complete. In dual-CP systems, the firmware download process, by default, sequentially upgrades the firmware image on both CPs using HA - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 231
To prevent channel errors during nondisruptive firmware installation, the switch CUP port must be taken offline from all host inSync n/a inSync n/a If Ethernet Switch Service Run firmwareDownload -s on the is enabled, no sync. standby CP and upgrade it to v6.3.0. inSync n/a InSync - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 232
with any trouble reports. 5. Connect to the switch and log in to the switch as admin. Enter the supportSave command to retrieve all current core files prior to executing the firmware download. This helps to troubleshoot the firmware download process if a problem is encountered. If you are upgrading - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 233
and decompress firmware Firmware upgrades are available for customers with support service contracts and for partners on the Brocade Web site at http://www.brocade.com. At the Brocade Web site click Brocade Connect, log in, and follow the instructions to register and download firmware. Partners with - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 234
, wait for the time-out (30 minutes for network problems) before issuing the firmwareDownload command again. Disrupting the process can render the switch inoperable and require you to seek help from your switch service provider. Do not disconnect the switch from power during the process because the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 235
download on switches 9 Upgrading firmware for Brocade 300, 4100, 4900, 5000, 5100, 5300, 5410, 5424, 5450, 5460, 5470, 5480, 7500, 7500E, 7600, 7800, 8000, and VA-40FC switches. 1. Take the following appropriate action based on what service you are using: • If you are using FTP or SCP, verify - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 236
sync, run the haSyncStart command. If the problem persists, refer to the Fabric OS Troubleshooting and Diagnostics Guide. If the troubleshooting information fails to help resolve the issue, contact your switch service provider. NOTE This section only applies when upgrading from Fabric OS v6.1.x to - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 237
issuing the firmwareDownload command again. Disrupting the process can render the switch inoperable and require you to seek help from your switch service provider. Do not disconnect the switch from power during the process because the switch could become inoperable when rebooted. Upgrading firmware - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 238
, contact your switch service provider. For further troubleshooting, refer to the Fabric OS Troubleshooting and Diagnostics Guide. 8. Enter the firmwareDownload command and respond to the interactive prompts. 9. At the "Do you want to continue [y/n]" prompt, enter y. The firmware is downloaded to - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 239
completed successfully. Use firmwareshow to verify the firmware versions. 11. Enter the firmwareShow command to display the new firmware versions. Following is an example of firmwareShow output on the Brocade 48000 director. switch:admin> firmwareshow Slot Name Appl Primary/Secondary Versions - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 240
, 7800, 8000, and VA-40FC switches and the Brocade DCX and DCX-4S Backbones support a firmware download from a Brocade branded USB device attached to the switch or active CP. Before the USB device can be accessed by the firmwareDownload command, it must be enabled and mounted as a file system. The - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 241
public key files should be documented in the release notes or stored in a known location in the Brocade website. This command allows the customer to handle unplanned firmware key changes. NOTE If FIPS is enabled, all logins should be done through SSH or direct serial and the transfer protocol - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 242
. Configuring the switch for signed firmware 1. Connect to the switch and log in using an account assigned to the admin role. 2. Type the configure command. 3. Respond to the prompts as follows: System Service Default is no; press Enter to select default setting. ssl attributes Default is no - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 243
server is running on the host server and that you have a user ID on that server. 2. Obtain the firmware file from the Brocade Web site at http://www.brocade.com or switch support provider and store the file on the FTP or SSH server. 3. Unpack the compressed files preserving directory structures. The - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 244
fully up and operational. c. Log in to the switch. Enter the firmwareShow command and verify that both partitions on the switch have the original firmware. Test and restore firmware on enterprise-class platforms This procedure enables you to perform a firmware download on each CP and verify that the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 245
firmware versions on enterprise-class platforms 1. Connect to the Brocade enterprise-class platform IP address. 2. Enter the ipAddrShow command and note the address of CP0 and CP1. 3. Enter the haShow command to the same version as the active CP. Fabric OS Administrator's Guide 205 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 246
a commit on the standby CP. From the current enterprise-class platform session on the standby CP, enter the firmwareCommit command to update the secondary partition with new firmware. It takes several minutes to complete the commit operation. Do not do anything on the enterprise-class platform while - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 247
discrepancy, it is possible that a device or switch cannot connect to the fabric and further troubleshooting is necessary. firmwareShow Displays the current firmware level on the switch. For Brocade directors, this command displays the firmware loaded on both partitions (primary and secondary) for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 248
of attached devices prior to the firmware download. Displays all switches in a fabric. Make sure the number of switches in the fabric after the firmware download is exactly the same as the number of attached devices prior to the firmware download. 208 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 249
overview 210 •Logical fabric overview 214 •Management model for logical switches 219 •Account management and Virtual Fabrics 220 •Supported platforms for Virtual Fabrics 220 •Limitations and restrictions of Virtual Fabrics 222 •Enabling Virtual Fabrics mode 223 •Disabling Virtual Fabrics - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 250
must be Virtual Fabrics-capable (Brocade DCX, DCX-4S, 5300, 5100, or VA-40FC). Enabling Virtual Fabrics creates a single logical switch in the physical chassis. This logical switch is called the default logical switch, and it initially contains all of the ports in the physical chassis. In this - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 251
can create up to eight logical switches, depending on the switch model. Figure 21 shows a Virtual Fabrics-enabled switch before and after it is divided into logical switches. Before you create logical switches, the chassis appears as a single switch (default logical switch). After you create logical - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 252
has 10 ports, labeled P0 through P9. After logical switches are created, the ports are assigned to specific logical switches. Note that ports 0, 1, 7, and 8 have not been assigned to a logical switch and so remain assigned to the default logical switch. 212 Fabric OS Administrator's Guide 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 253
be moved from the default logical switch. See "Supported platforms for Virtual Fabrics" on page 220 for detailed information about these ports. Logical switches and connected devices You can connect devices to logical switches, as shown in Figure 24 on page 214. In Logical switch 2, P2 is an F_Port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 254
different fabrics. Physical chassis Logical switch 1 P1 (Default logical switch) Fabric ID 128 H1 Logical switch 2 P2 Fabric ID 1 P3 D1 P4 Logical switch 3 Fabric ID 15 P5 D2 FIGURE 24 Logical switch 4 P6 ISL Fabric ID 8 Switch Logical switches connected to devices and non-Virtual - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 255
a single logical fabric. In Figure 26, Fabric 128 has two switches (the default logical switches), but they cannot communicate with each other because they have no ISLs between them and they cannot use the ISLs between the other logical switches. Fabric OS Administrator's Guide 215 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 256
Default logical switch) Fabric ID 128 P2 Logical switch 6 Fabric ID 1 P4 Logical switch 3 Fabric ID 15 P5 P6 Base switch Fabric ID 8 XISL P7 Logical switch 7 P6 Fabric ID 15 P8 P9 Base switch Fabric ID 8 FIGURE 28 Base switches connected by an XISL 216 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 257
to ports because they are not physical cables. They are just a logical representation of the switch connections that are allowed by the XISL. Physical chassis 1 Logical switch 1 P1 (Default logical switch) Fabric ID 128 P2 Logical switch 2 Fabric ID 1 Logical switch 3 Fabric ID 15 P5 P6 Base - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 258
, logical ISLs are formed to connect logical switches. A logical port represents the ports at each end of a logical ISL. A logical port is a software construct only and does not correspond to any physical port. Most port commands are not supported on logical ports. For example, you cannot change the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 259
) - FRU management (slotShow) - Firmware management (one firmware applies to all logical switches, firmware upgrade, HA failover) • Logical switch operations These are operations that are limited to the logical switch, such as displaying or changing port states. Logical switch operations include all - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 260
restrictions. Supported port configurations in the Brocade 5100, 5300, and VA-40FC There are no restrictions on the ports in the Brocade 5100, 5300, and VA-40FC; however, the following rules apply: • Any port can belong to any logical switch (including the base and default logical switches), with - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 261
Yes Yes 1. In the Brocade DCX, ports 56-63 of the FC8-64 blade are not supported as E_Ports on the default logical switch. The Brocade DCX-4S does not have this limitation. 2. In the Brocade DCX, ports 48-63 of the FC8-64 blade are not supported in the base switch. The Brocade DCX-4S does not have - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 262
on the switch model. Table 47 lists the supported platforms and the maximum number of logical switches (including the default logical switch) supported on each. TABLE 47 Platform Maximum number of logical switches per chassis Maximum number of logical switches Brocade DCX 8 Brocade DCX-4S - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 263
FICON CUP enabled. • The logical switch is operating in interoperability mode 2 or 3. • The logical switch has ICL ports. • The logical switch is an edge switch for an FC router. • The logical switch is using GbE ports (VE_Ports). • The logical switch is the default logical switch in the Brocade DCX - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 264
: Ethernet Switch Service: disabled Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform switch:admin> fosconfig --enable vf WARNING: This is a disruptive operation that requires a reboot to take effect. All EX ports will be - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 265
your switch service provider to determine if you need to use this procedure. You need to run this procedure only once on each chassis, after you enable Virtual Fabrics but before you create logical switches. The configuration settings are then preserved across reboots and firmware upgrades and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 266
been successfully created. Logical Switch has been created with default configurations. Please configure the Logical Switch with appropriate switch and protocol settings before activating the Logical Switch. sw0:FID128:admin> setcontext 4 Please change passwords for switch default accounts now. Use - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 267
:00:05:1e:82:3c:2b zoning: OFF switchBeacon: OFF FC Router: OFF Allow XISL Use: ON LS Attributes: [FID: 4, Base Switch: No, Default Switch: No, Address Mode 0] Index Port Address Media Speed State Proto 22 22 0e1600 -- N8 No_Module FC Disabled 23 23 0e1700 -- N8 No_Module FC Disabled - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 268
" on FID 5: Switch ID Worldwide Name Enet IP Addr FC IP Addr Name 30: fffc1e 10:00:00:05:1e:82:3c:2c 10.32.79.105 0.0.0.0 >"switch_5" Deleting a logical switch You must remove all ports from the logical switch before deleting it. You cannot delete the default logical switch. NOTE If you - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 269
Specify the -force option to execute the command without any user prompts or confirmation. NOTE On the Brocade DCX, the lscfg command does not allow you to add ports 48-63 of the FC8-64 blade to the base switch. These ports are not supported on the base switch. The Brocade DCX-4S does not have this - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 270
2. Enter the following command to change the fabric ID of a logical switch: lscfg --change fabricID -newfid newFID [ -force ] Specify the -force option to execute the command without any user prompts or confirmation. 3. Enable the logical switch. 230 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 271
fffc1e switchWwn: 10:00:00:05:1e:82:3c:2c zoning: OFF switchBeacon: OFF FC Router: OFF Allow XISL Use: ON LS Attributes: [FID: 7, Base Switch: No, Default Switch: No, Address Mode 0] Index Port Address Media Speed State Proto 18 18 1e1200 -- N8 No_Module FC Fabric OS Administrator - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 272
Would you like to continue [y/n]?: y Disabling the proposed new base switch... Disabling switch fid 7 Please enable your switches when ready. switch_25:FID7:admin> switchenable Setting up IP addresses for a Virtual Fabric NOTE IPv6 is not supported when setting the IPFC interface for Virtual Fabrics - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 273
to a different logical fabric 10 XISL use is not supported for the following cases: • FICON logical fabrics. • Logical switches in an edge fabric connected to an FC router. If the logical switch is enabled, you cannot allow XISL use. If the logical switch is disabled or has not yet joined the edge - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 274
feature, if it is not already enabled. See "Enabling Virtual Fabrics mode" on page 223 for instructions. This automatically creates the default logical switch, with FID 128. All ports in the chassis are assigned to the default logical switch. c. Create a base switch and assign it a fabric ID that - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 275
devices and ISLs to these ports on the logical switch. e. (Optional) Configure the logical switch to use XISLs, if it is not already XISL-capable. See "Configuring a logical switch to use XISLs" on page 232 for instructions. By default, newly created logical switches are configured to allow XISL - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 276
10 Creating a logical fabric using XISLs 236 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 277
•Zone aliases 246 •Zone creation and maintenance 249 •Default zoning mode 252 •Zoning database size 253 •Zoning Special zones Fabric OS has the following types of zones: • Zones Enable you to partition your fabric into logical groups of devices that can Administrator's Guide 237 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 278
for more information. • Traffic Isolation zones (TI zones) Isolate inter-switch traffic to a specific, dedicated path through the fabric. See " SAN into two zones, winzone and unixzone, so that your Windows servers and storage do not interact with your UNIX servers and storage. When zoning is enabled - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 279
WWN, or domain,port of the switch to which the device is connected. The primary approaches to fabric-based zoning are summarized in Table 49. Table 49 on page 240 lists the various approaches you can take when implementing zoning in a fabric. Fabric OS Administrator's Guide 239 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 280
necessary. Operating system Zoning by operating system has issues similar to zoning by application. In a based zoning or LUN masking is deployed. Zone objects A zone object is any device in a zone, such as: • Physical port number or port index on the switch • Node World Wide Name (N-WWN) • Port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 281
port 14 in slot number 2 (domain ID 4, port index 30). On fixed-port models, "3,13" specifies port 13 in switch domain ID 3. Note the following effects on zone membership based is the port WWN name, only the single port is in domain ID, port number, or domain objects such as port numbers or a services - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 282
Default zoning mode" on page 252). This does not mean that the zoning database is deleted, however, only that there is no configuration active in the fabric. On power-up, the switch switch performs this blocking at the transmit side of the port on which the destination device is located. Frame-based - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 283
have an Advanced Zoning license enabled. The zone configuration is managed on a fabric basis. When a change in the configuration is saved, enabled, or disabled according to the transactional model, it is automatically (by closing the transaction) distributed to all switches in the fabric, preventing - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 284
switch. An enterprise-class platform has more resources to handle zoning changes and implementations. Broadcast zones Fibre Channel allows sending broadcast frames to all Nx_Ports if the frame is sent to a broadcast well-known packets are forwarded to all the ports that are part of the broadcast - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 285
membership in the AD2 broadcast zone. When a switch receives a broadcast packet it forwards the packet only a zone" on page 251 for complete instructions. Broadcast zones and FC-FC routing If you an FC router, the broadcast zone must include the IP device that exists in the edge or backbone fabric - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 286
and default zoning The default zoning port numbers. Zoning is not enforced on logical ports. Creating an alias 1. Connect to the switch and log in as admin. 2. Enter the aliCreate command, using the following syntax: alicreate "aliasname", "member[; member...]" 246 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 287
will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Removing members from an alias 1. Connect to the switch and log in as admin. 2. Enter the aliRemove command, using the following syntax: aliremove "aliasname", "member[; member - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 288
configuration will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Deleting an alias 1. Connect to the switch and log in as admin. 2. Enter the aliDelete command, using the following syntax. alidelete "aliasname" 3. Enter the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 289
Virtual Fabric considerations: Zone definitions should not include logical port numbers. Zoning is not enforced on logical ports. Creating a zone 1. Connect to the switch and log in as admin. 2. Enter the zoneCreate command, using the following syntax: zonecreate "zonename", "member[; member...]" To - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 290
configuration will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Deleting a zone 1. Connect to the switch and log in as admin. 2. Enter the zoneDelete command, using the following syntax: zonedelete "zonename" 3. Enter the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 291
11 Viewing a zone in the defined configuration 1. Connect to the switch and log in as admin. 2. Enter the zoneShow command, using the following syntax: zoneshow[--sort] ["pattern"] [, mode] If * Invalid configuration * - Member does not exist Fabric OS Administrator's Guide 251 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 292
other devices. • No Access-Devices in the fabric cannot access any other device in the fabric. The default zone mode applies to the entire fabric, regardless of switch model. The default setting is All Access. Typically, when you disable the zoning configuration in a large fabric with thousands of - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 293
until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Updating flash ... Viewing the current default zone access mode 1. Connect to the switch and log in as admin. 2. Enter the defZone --show command. NOTE If you perform a firmware download of an - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 294
Zoning configurations When enabling a new zone configuration, ensure that the size of the defined configuration does not exceed the maximum configuration size supported by all switches in the fabric. This is particularly important if you downgrade to a Fabric OS version that supports a smaller zone - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 295
the transaction was aborted. 1. Connect to the switch and log in as admin. 2. Enter the cfgenable command, using the following syntax: cfgenable "cfgname" 3. Enter y at the prompt. Example switch:admin> cfgenable "USA_cfg" You are about to enable a new zoning configuration. This action will replace - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 296
result in localized disruption to traffic on ports associated with the traffic isolation zone changes. Do you want to enable 'USA_cfg' configuration (yes, y, no, this would enable All Access mode and cause a large number of requests to the switch. In this situation, set the default zoning mode - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 297
enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Clearing changes to a configuration 1. Enter the cfgTransAbort command. When this command the switch and log in as admin. 2. Enter the cfgShow command with no operands. Example switch: Guide 257 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 298
• If no effective zoning configuration exists, enter the cfgSave command. • If an effective zoning configuration exists, enter the cfgDisable command to disable and clear the zone configuration in nonvolatile memory for all switches in the fabric. 258 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 299
command to view the zone configuration objects you want to delete. switch:admin> cfgShow Defined configuration: cfg: USA_cfg Purple_zone; White_zone; Blue_zone zone: Blue_zone 1,1; array1; 1,2; array2 zone: Purple_zone 1,0; loop1 zone: White_zone 1,3; 1,4 Fabric OS Administrator's Guide 259 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 300
--expunge command to delete switch switch reboots, enter the cfgSave command to save it to nonvolatile (flash) memory. 7. Enter the cfgEnable command switch and log in as admin. 2. Enter the cfgShow command to view the zone configuration objects you want to rename. switch zoneObjectRename command to - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 301
fabric should be configured with the same default zone mode as the existing switches. • Merging and segmentation The fabric is checked for segmentation during power-up or when a switch is disabled or enabled, or when a new switch is added. Fabric OS Administrator's Guide 261 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 302
default zoning you must set the switch you are adding into the fabric to the same default switches switches within the merge request. • Merging two fabrics Both fabrics have identical zones and configurations enabled, including the default Command Reference for detailed information about these commands - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 303
enabled in both fabrics and the zone configurations that are enabled Brocade Advanced Zoning is configured on the primary Fabric Configuration Server (FCS). The primary FCS switch Guide for information about security policies). You must perform zone management operations from the primary FCS switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 304
Switch A Switch B Expected results Switch A has a defined configuration. Switch B does not have a defined configuration. defined: cfg1: zone1: ali1; ali2 effective: none Switch A has a defined and enabled configuration. Switch effective: none 264 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 305
to: Zone Conflict cfg mismatch. Cannot merge switches with different TI zone configurations. Clean merge. defined: none Fabric segments because all switches in the fabric must be running Fabric OS v6.4.0 or later to support Enhanced TI zones. Fabric OS Administrator's Guide 265 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 306
Switch A Different default zone access mode settings. defzone: allaccess Switch B defzone: noaccess Different default zone access mode settings. defzone: noaccess defzone: allaccess Same default zone access mode settings. Same default defzone configuration from Switch B propagates to fabric - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 307
276 •Supported configurations a specific set of source ports (N_Ports). For example, you FCIP-based applications such as tape pipelining Zoning does not require a license. Traffic isolation is implemented the fabric attempts to isolate all inter-switch traffic entering from a member of the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 308
coming from other ports in Domain 1 would not use E_Port 1, but would use E_Port 2 instead. Use the zone command to create and manage TI zones. Refer to the Fabric OS Command Reference for details about the zone command. TI zone failover A TI zone can have failover enabled or disabled. Disable - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 309
enabled or disabled in TI zones Failover enabled option: • If failover is enabled for the TI zone, the : • If failover is enabled for the TI zone, E_Ports, failover must be enabled. If failover is disabled, inter-switch RSCNs are generated. Each switch that paths between switches. Disabling failover - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 310
Ports in the TI zone 5 Domain 2 Domain 4 FIGURE 35 Fabric incorrectly configured for TI zone with failover disabled • For the Brocade problem, enabled; if a switch changes its active domain ID, the route is broken. See the configure command in the Fabric OS Command failover is enabled, the traffic - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 311
Domain 2. If failover is enabled, all traffic will use the 9 14 12 15 = Dedicated Path 16 = Ports in the TI zone Domain 2 FIGURE 36 Dedicated In this situation, if failover is enabled, the TI zone traffic uses the 16 FIGURE 37 = Dedicated Path = Ports in the TI zone Domain 2 Dedicated - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 312
= ETIZ 2 Enhanced TI zones are especially useful in FICON fabrics. See the FICON Administrator's Guide for example topologies using enhanced TI zones. When you create TI zones, ensure that all traffic from a port to all destinations on a remote domain have the same path. You cannot create separate - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 313
OS routing implementation does not support separate routes to separate ports on a destination domain. Service," for information about FC routers, phantom switches, and the FC-FC Routing Service. Some VE_Port-based VE_Port tunnel in a backbone fabric. Figure 40 shows how three TI zones form a - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 314
Edge fabric 2 FIGURE 40 = Dedicated path with each other. If failover is enabled and the TI path is not available imported. NOTE For TI over FCR, all switches in the backbone fabric and in the Host 2 E_Ports EX_Ports -1 = Dedicated Path = Ports in the TI zone FIGURE 41 TI zone in an - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 315
TI zone, when you designate E_Ports between the front and xlate phantom switches, you must use -1 in place of the "I" in the command to obtain the port WWN.) Port WWNs should be used only in TI zones within a backbone fabric and should not be used in other TI zones. Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 316
router port (DRP supported only from edge fabric to edge fabric. Traffic isolation from backbone to edge is not supported enabled or disabled. • TI over FCR is not supported swapped with another port. • A ports enable switch and each switch considers only the routing required for its local ports - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 317
: Devices - M-switch - Brocade 7500 - Brocade 7500 - M-switch - Devices • In interopmode 2, a zone member for a TI zone is limited to a port index of 255 or less. • VE_Ports are supported in TI zones. • TI Zoning is not supported in fabrics with switches running firmware versions earlier than - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 318
legacy switches in a zone merge. Firmware downgrade is prevented if TI over FCR zones exist. Additional configuration rules for enhanced TI zones Enhanced TI zones (ETIZ) have the following additional configuration rules: • Enhanced TI zones are supported only on the following platforms: Brocade 300 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 319
enabled TI zones. • TI zones that have members with port index greater than 511 are not supported with Fabric OS versions earlier than v6.4.0. If such a TI zone and Fabric OS version combination is detected, a warning is issued this is not a supported configuration. Base switches do not allow the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 320
Domain 1 11 XISL XISL Domain 7 12 14 13 15 XISL XISL 8 7 LS1, FID1 Domain 5 LS2, FID3 16 Domain 6 Base switch Domain 2 17 Chassis 2 FIGURE 44 = Dedicated Path = Ports in the TI zones Dedicated path with Virtual Fabrics Figure 45 shows a logical representation of FID1 in Figure 44. To - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 321
E 13 EX Base switch Domain 2 14 EX FIGURE 47 = Dedicated Path = Ports in the TI zones Example configuration for TI zones over FC routers in logical fabrics Figure 48 shows a logical representation of the configuration in Figure 47. This SAN is similar to that shown in Figure 40 on page 274 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 322
TI zone in a base fabric, use the procedure described in "Creating a TI zone in a base fabric" on page 284. 1. Connect to the switch and log in as admin. 2. Enter the zone --create command: zone --create -t objtype [-o optlist] name -p "portlist" 282 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 323
to deactivated (failover is enabled by default): switch:admin> zone --create base fabric, as described in "Creating a TI zone in a base fabric". Remember that your changes are not enforced until you enter the cfgEnable command, as shown here: switch:admin> cfgenable "USA_cfg" You are about to enable - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 324
disable failover option is not supported in base fabrics. 4. Enter the cfgEnable command to reactivate your current effective configuration switch and log in as admin. 2. Enter one of the following commands, depending on how you want to modify the TI zone. • Enter the zone --add command to add ports - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 325
cfgEnable command to enable failover and add ports to TI zone greenzone: switch:admin> zone --add -o f greenzone -p "3,4" To remove ports from the TI zone bluezone: switch:admin> zone --remove bluezone -p "3,4; 3,6" Remember that your changes are not enforced until you enter the cfgEnable command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 326
about the TI zone purplezone: switch:admin> zone --show purplezone Defined TI zone configuration: TI Zone Name: redzone: Port List: 1,2; 1,3; 3,3; 4,5 Configured Status: Activated / Failover-Enabled Enabled Status: Activated / Failover-Enabled 286 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 327
switch:admin> zone --show -ascending Defined TI zone configuration: TI Zone Name: bluezone: Port List: 8,3; 8,5; 9,2; 9,3; Configured Status: Deactivated / Failover-Disabled Enabled Status: Activated / Failover-Enabled TI Zone Name: greenzone: Port OS Administrator's Guide 287 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 328
switches b. Enter the following commands to create and display a TI zone: E1switch:admin> zone --create -t ti TI_Zone1 -p "4,8; 4,5, 1,-1; 6,-1" E1switch:admin> zone --show Defined TI zone configuration: TI Zone Name: TI_Zone1 Port List: 4,8; 4,5; 1,-1; 6,-1 Status: Activated Failover: Enabled - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 329
command to display the switches in the fabric. From the output, you can determine the front and translate domains. E2switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Port List: 9,2; 9,3; 9,6; 1,-1; 4,-1 Status: Activated Failover: Enabled c. Enter the following commands - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 330
Enter the following commands to reactivate your 00 BB_DCX_1:admin> cfgenable cfg_TI You are about to enable a new zoning configuration. This action will replace the disruption to traffic on ports associated with the traffic isolation zone changes Do you want to enable 'cfg_TI' configuration (yes - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 331
virtual N_Port IDs, you must use WWN-based zoning. If you are using domain,port zoning for an NPIV port, and all the virtual PIDs associated with the port are included in the zone, then a port login (PLOGI) to a non-existent virtual PID is not blocked by the switch; rather, it is delivered to the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 332
. The number of NPIV devices supported on shared area ports (48-port blades) is reduced to 64 from 128 when Virtual Fabrics mode is enabled. 10-bit addressing mode The 10-bit addressing mode is the default mode for all the logical switches created in the Brocade DCX and DCX-4S enterprise-class - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 333
non-Brocade) NPIV HBAs. Configuring NPIV The NPIV feature is enabled by default. You can set the number of virtual N_Port_IDs per port to a value between 1 and 255 per port. The default setting is 126. To specify the number of virtual N_Port_IDs per port on a switch, use the portCfgNPIVport command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 334
. NOTE CEE/FCoE ports on the Brocade 8000 have NPIV enabled by default, but NPIV cannot be enabled or disabled on these ports. The login limit can be set on these ports provided you disable and enable the ports using the fcoe --disable and fcoe --enable commands. 1. Connect to the switch and log in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 335
to view the NPIV attributes and all the N_Port (physical and virtual) port WWNs that are listed under portWwn of device(s) connected. Following is sample output for the portShow command: switch:admin> portshow 2 portName: 02 portHealth: HEALTHY Authentication: None portDisableReason: None portCFlags - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 336
information Use the portLoginShow command to display the login information for the virtual PIDs of a port. Following is sample output from the portLoginShow command: switch:admin> portloginshow 2 Type scr=3 scr=3 scr=3 d_id=FFFFFC d_id=FFFFFC 296 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 337
management functions must be disabled. Interoperability supports enabling the switch with the following modes: • InteropMode 0 for Brocade Native mode, which supports all stand-alone Brocade fabrics, but provides no interoperability support. Fabric OS Administrator's Guide 297 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 338
Service". • Access Gateway connectivity Use Access Gateway (AG) when you have switches from different vendors. AG uses N_Port Virtualization (NPIV) functionality in Brocade embedded switches in AG mode. NPIV enables multiple hosts to connect through one port to any fabric switch that supports - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 339
Fabric OS switches in IM2 or IM3 to work in all of the domain ID ranges currently supported by Fabric OS. By default, Fabric OS switches operate the interopMode --enable -mcdata/openmcdata command, configured domain ID offset values do not change when you switch between IM2 Guide 299 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 340
C1XXYY 01XXYY For instructions to convert supported in IM2 or IM3 or the operation fails. Following are the configurable domain ID offset modes: • Domain ID default mode (McDATA Legacy domain ID mode) - In this mode, a default offset of 0x60 (96) is used. The default mode is used when you enable - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 341
assign the incoming switch a different domain ID. If the principal switch cannot assign a different domain ID to the incoming switch, it will segment from the fabric. • The DCC policy or port based security is not supported in McDATA Fabric mode. Fabric OS Administrator's Guide 301 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 342
means that McDATA Fabric mode, McDATA Open Fabric mode, and Brocade Native mode are supported in the same chassis. Although there is always at least one logical switch instance per chassis, multiple logical switch instances can exist in a chassis. 302 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 343
, all configuration parameters return to their default states and can be modified using the configure command. Enabling McDATA Open Fabric mode When configuring McDATA Open Fabric mode, avoid domain ID conflicts before fabric reconfiguration. When configuring multiple switches, you should wait for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 344
, the interopMode command defaults to 97. (For detailed instructions, see Chapter 2, "Performing Basic Configuration Tasks".) switch:admin> configure Configure... Fabric Parameters (yes, y, no, n): [no] y Domain (1...239): [1] 97 5. Enter the interopMode 3 command to enable interoperability. This - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 345
fabric it joins or a new configuration must be configured. When you change the switch to Brocade Native mode, all configuration parameters return to their default states and can be modified using the configure command. The existing preferred configuration must be changed to a value within the user - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 346
configuration is in effect, and without default zoning enabled on an M-EOS switch, by default, all ports are isolated and traffic is not permitted. This is unlike Brocade behavior with Brocade Native mode enabled (and all data traffic is enabled). If the default zone is disabled and there is no - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 347
creates zone configurations on legacy McDATA switches. McDATA default zone and safe zone modes replace the Brocade default zoning mode. You can set McDATA default zone mode or McDATA safe zone mode, but not both. Setting the default zone enables any device in the default zone to see any other device - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 348
command. switch:admin> cfgmcdtmode --enable safezoning safezoning McDATA mode has been enabled ... NOTE The interopMode and cfgMcdtMode commands perform the same basic functions. However, the interopMode command only affects the local configuration and the command must be issued on each switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 349
objects that are currently enabled; only one configuration any inaccurate parameters must be manually corrected. In McDATA Fabric mode the cfgDownload and cfgUpload commands support the zone database if the , which supports the initial configuration of new switches. This Guide 309 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 350
source ports through Fabric OS switches using zones. Traffic isolation (TI) is supported in McDATA Fabric mode on Fabric OS switches only; McDATA Fabric mode is the only mode that supports the Defined see Chapter 18, "Optimizing Fabric Behavior". 310 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 351
DCFM automatically enables Insistent Domain ID on all Fabric OS and M-EOS switches in the fabric. Disabling Fabric Binding does not turn off Insistent Domain ID. The firmware supports a Fabric OS switch sending the Exchange Fabric Binding Membership Data (EFMD) command to neighbor switches during - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 352
. The ISL goes down (port disable) if the connecting M-EOS switch does not support authentication, for example, if the authentication feature key is not installed on the M-EOS switch. Yes Turns off the authentication and the switch rejects any authentication requests issued from the M-EOS - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 353
Authentication (Fabric builds normally). No E_Port does not connect (Authentication Rejected). When the Fabric OS switch generates the reject, it will disable the Fabric OS port. When the M-EOS switch generates the reject, it will go to an invalid attachment state. Yes Connected without any - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 354
Rejected). When the Fabric OS switch generates the reject, it will disable the Fabric OS port. When the M-EOS switch generates the reject, it will switch is in Active or On mode, and the M-EOS switch is Off, the E_Port does not connect because the Fabric OS switch rejects the authentication based - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 355
). How authentication is affected when the M-EOS switch does not have the feature keys enabled is discussed in this section. Table 63 on page 316 shows how authentication is affected when a Fabric OS switch is connected to a dumb M-EOS switch. Fabric OS Administrator's Guide 315 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 356
the shared secret on the E_Port side. M-EOS switches do not support VE_Port or VEX_Port connections; any configurations with these port types are Fabric OS-only configurations. However, both VE and VEX_Ports support running in McDATA interop mode. 316 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 357
OS switches. Table 64 shows the switch switch authentication policy for a VE_Port connected to another VE_Port when the secrets are not known. In this case, two-way authentication by the Fabric OS switches switch generates the reject, it disables the Fabric OS port. When the M-EOS switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 358
the Fabric the reject, it OS port. When the disables the M-EOS switch Fabric OS port. generates the reject, When the M-EOS it goes to an invalid switch generates attachment state. the reject, it goes to an invalid attachment state. 318 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 359
OS switch generates the reject, it disables the Fabric OS port. When the M-EOS switch generates OS switch generates the reject, it disables the Fabric OS port. When the M-EOS switch generates the OS switch generates the reject, it disables the Fabric OS port. When the M-EOS switch generates the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 360
switch Fabric OS switch the Fabric OS disables the Fabric OS port. generates the reject, generates the reject, switch generates When the M-EOS switch it goes OS port. When the OS port. When the disables the to an invalid attachment M-EOS switch M-EOS switch Fabric OS port. state. generates - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 361
and implies the use of Insistent Domain IDs. When Fabric Binding is enabled, a Fabric Binding check is performed each time a link is enabled to ensure that the switches can connect. If the binding check fails, the McDATA port goes to an invalid attachment state and the EX_Port disables itself. NOTE - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 362
switch before the Fabric Binding List can be filled in with the FCR front port domain ID and WWN entry. If you downgrade to a Fabric OS version that does not support it matches the default value. The configured preferred domain ID becomes insistent whenever Fabric Binding is enabled. If the EX_Port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 363
an interoperable environment The following restrictions apply when upgrading and downgrading firmware to a switch set to interopmode 2 or 3: • Downgrading from Fabric OS v6.3.0 is allowed only when a switch is in the default Domain_ID mode because this is only supported in Fabric OS v6.2.0. In other - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 364
. All domains are not capable of supporting Coordinated HCL On switches in interop fabrics, the Coordinated HCL protocol is used to ensure data traffic is not disrupted during firmware upgrades. Using the firmwareDownload with the -o allows the firmware download to continue even if Coordinated HCL - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 365
does not consider upgrades or downgrades from Brocade Native mode. • switch and port operations. Supported in McDATA Open Fabric mode and McDATA Fabric mode. Displays the firmware version in the M-EOS format as 9.7.2, and the Fabric OS format as v6.4.0. In a mixed configuration, the fabric issues - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 366
to 60, are supported. Cascaded CUP is only supported in McDATA Fabric mode. The configure command displays the number of buffer credits allocated to a port. Displays the device PID with domain offset. For example, a host attached to a switch with domain value 1 will have a default PID of 0x61AAPP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 367
port logins. Support Domain offset, McDATA specific SWRSCN, FCFG commands (GE_PT, GSNN_NN, GSPN_ID, and GA_NXT). Autonegotiates the R_RDY mode by default. Uses portCfgIsMode to static configure the port. Fabric OS v6.2.0 and later supports 8 Gbps port mirroring. Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 368
. The maximum port number is also available in the ESS ILS. • NPIV NPIV management on the Fabric OS switch is the same as in the standard Fabric OS SAN that is not merged. There are no limitations for NPIV support in an M-EOS Fabric 1.0 mode fabric. 328 Fabric OS Administrator's Guide 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 369
OS switches support trunking when participating in Brocade Native, McDATA Fabric, or McDATA Open Fabric mode. Trunk ports (bandwidth aggregation) only apply to an ISL between two Fabric OS switches. Note the following: - Fabric OS frame-based trunking Fabric OS frame-based trunking is supported for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 370
port -8G FC4-16IP FR4-18i Brocade DCX Backbone FA4-18 FC8-16/32/48/641 10G FC4-16IP FR4-18i FA4-18 FS8-18 Brocade DCX-4S FX8-24 FC8-16/32/48/641 FC10-6 FR4-18i FA4-18 FS8-18 FX8-24 Switches and Appliances Brocade 300 Brocade 4100 Brocade 4900 Brocade 5000 Brocade 5100 Brocade - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 371
Supported features in an interoperable environment 14 TABLE 71 Fabric OS interoperability with M-EOS (Continued) Fabric OS v6.2.0 Fabric OS v6.3.0 Fabric OS v6.4.0 Chassis Type Blade Type Brocade VA-40FC Embedded Server Switches 3016 5410 5424 5450 5480 M-EOS Hardware Mi10K M6140 M6064 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 372
and v6.4.0 Interop mode 2 Interop mode 3 Dynamic Load Sharing Yes (DLS); port based routing Dynamic Path Selection (DPS); exchange based routing Yes Supported outbound from Fabric OS-based switches. M-EOS can provide reciprocal load balancing using OpenTrunking. E/EX_Port Yes Authentication - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 373
in conjunction with Layer 2 Fabric Binding. Traffic Isolation zones Yes VE-to-VEX Port Yes Virtual Channels (VC RDY) Yes Only allowed between Fabric OS-based switches. Zone Activation support Yes Yes Yes No No Yes Yes No In Virtual Fabrics, ACL policies such as DCC, SCC and FCS - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 374
features are not supported in McDATA Fabric and McDATA Open Fabric modes and cannot be installed on any Fabric OS switch in the fabric: • Administrative Domains • Quickloop and QuickLoop Zoning • Timer Server function • Open E_Port • Broadcast Zoning • Management Server service and FDMI • Alias - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 375
SAN management with Admin Domains 356 Administrative Domains overview An Administrative Domain (Admin Domain or AD) is a logical grouping of fabric elements that defines which switches, ports are mutually exclusive and are not supported at the same time on a switch. Do not confuse Admin Domains with - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 376
Admin Domain they are in. As shown in Figure 52, users can see all switches and E_Ports in the fabric, regardless of their Admin Domain; however, the switch ports and end devices are filtered based on Admin Domain membership. FIGURE 52 Filtered fabric views when using Admin Domains 336 Fabric - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 377
: • Admin Domains are not supported on the Brocade 8000. The Brocade 8000 can be in AD0 only. • The default zone mode setting must be set to No Access before you create Admin Domains (see "Setting the default zoning mode for Admin Domains" on page 344 for instructions). • Virtual Fabrics must be - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 378
is a system-defined Admin Domain that contains all online devices, switch ports, and switches that are not assigned to any user-defined Admin Domain. AD0 • The implicit membership list contains all devices, switch ports, and switches that have not been assigned to any other Admin Domain. - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 379
Admin Domain. AD0 is useful when you create Admin Domains because you can see which devices, switch ports, and switches are not yet assigned to any Admin Domains. AD0 owns the root zone database (legacy zone encompasses the entire physical fabric. Fabric OS Administrator's Guide 339 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 380
switch to a different Admin Domain (see "Switching to a different Admin Domain context" on page 358 for instructions). • For default accounts such as admin and user, the home Admin Domain defaults switch:admin> switch:AD1:admin> switch:AD255:admin> 340 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 381
ports, or switches. Defining these member types is similar to defining a traditional zone member type. An Admin Domain does not require or have a new domain ID or management IP address linked to it. Device members Device members are defined by the device World Wide Name (WWN) and have the following - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 382
to the switch. • A switch member grants port control for all ports in that switch. • A switch member allows switch administrative operations such as disabling and enabling a switch, rebooting, and firmware downloads. • A switch member does not provide zoning rights for the switch ports or devices - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 383
55 shows the filtered view of the fabric as seen from AD3 and AD4. The switch WWNs are converted to the NAA=5 syntax; the device WWNs and domain IDs remain the 10:00:00:00:c8:3a:fe:a2 FIGURE 55 Filtered fabric views showing converted switch WWNs Fabric OS Administrator's Guide 343 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 384
Domains maintain continuity of service for Fabric OS features and operate in mixed-release Fabric OS environments. High availability is supported with some backward compatibility. When an E_Port comes online, the adjacent switches merge their AD databases. The receiving switch accepts an AD database - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 385
create an Admin Domain, you must specify at least one member (switch, switch port, or device). You cannot create an empty Admin Domain. For Set the default zone mode to No Access, if you have not already done so. See "Setting the default zoning mode" on page 252 for instructions. 4. Switch to the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 386
command using the -d option to specify device and switch port members and the -s option to specify switch members: ad --create ad_id -d "dev_list" -s "switch_list" 6. Enter the appropriate command based as the home Admin Domain, which is the default Admin Domain context after login. • If you do - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 387
for managing Admin Domains 1. Connect to the switch and log in as admin. 2. Enter the userConfig --add command using the -r option to set the role, physical fabric administrator. switch:admin> userconfig --add pfa_admin1 -r admin -h 255 -a "0-255" Fabric OS Administrator's Guide 347 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 388
activate option prompts for confirmation. ad --activate ad_id By default, after the Admin Domain is activated, the devices specified under that AD are not able to see each other until they are zoned together. 4. Enter the appropriate command based on whether you want to save or activate the Admin - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 389
AD255 context, if you are not already in that context. ad --select 255 3. Enter the ad --add command using the -d option to specify device and switch port members and the -s option to specify switch members: ad --add ad_id -d "dev_list" -s "switch_list" where ad_id is the Admin Domain name or number - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 390
two switch ports, designated by domain,index, to AD1. switch:AD255: switch port members and the -s option to specify switch members: ad --remove ad_id -d "dev_list" -s "switch_list" Removing the last member element of an Admin Domain deletes the Admin Domain. 4. Enter the appropriate command based - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 391
name. ad --rename present_name new_name 4. Enter the appropriate command based on whether you want to save or activate the Admin 1. Connect to the switch and log in as admin. 2. Switch to the Admin Domain that you want to delete. ad --select ad_id 3. Enter the appropriate command to clear the zone - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 392
cleared, and all fabric resources (switches, ports, and devices) are returned to on page 258 for instructions. 2. Connect to the switch and log in as admin. 3. Switch to the AD255 context before enabling Virtual Fabrics. 1. Connect to the switch and log in as admin. 2. Enter the cfgshow command in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 393
cfgName", "member[;member]" 5. Enable the configuration to complete the transaction. cfgenable cfgName 6. Switch to the AD255 context. ad -defined ADs. ad --clear -f 10. Enter the ad --apply command to save the Admin Domain definition and directly apply the definitions to Guide 353 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 394
: cfg: AD1_cfg AD1_BlueZone zone: AD1_BlueZone 10:00:00:00:02:00:00:00; 10:00:00:00:03:00:00:00 354 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 395
about to enable a new zoning on ports associated with the traffic isolation zone changes Do you want to enable 'AD0_cfg configuration. This action will trigger AD apply to all switches in the fabric Do you want to apply all admin apply to all switches in the fabric Do you want to apply all admin domains - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 396
the user role and type (User_ID), users are presented with only their relevant AD-based views (see Figure 51 on page 336 and Figure 52 on page 336). Any devices and switch ports that are not defined as part of the Admin Domain are not shown and are not available to that AD - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 397
Enter the ad --exec command, specifying the Admin Domain and the command you want to execute. ad --exec ad_id "command" Example The following example executes the switchShow command in the AD7 context. switch:AD255:admin> ad --exec 7 "switchshow" Fabric OS Administrator's Guide 357 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 398
: the membership of the current Admin Domain is displayed. • AD0: the device and switch list members are categorized into implicit and explicit member lists. 1. Connect to the switch and log in as any user type. 2. Enter the ad --show command. ad --show If you are in the AD0 context, you can use the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 399
. A user logged into a switch can control only the local switch ports as specified in the Admin Domain. When the fabric is in secure mode, the following applies: • There is no support for ACL configuration under each Administrative Domain. • ACL configuration commands are allowed only in AD0 and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 400
controlled using the Management Server ACL support provided by the msConfigure command. Note that this is a switch-specific setting and not a fabric-wide setting. Port-Swapping and PID formats Admin Domain port members are specified in domain,index format. Based on the PID format, a domain,index - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 401
, see the Fabric OS Command Reference. NOTE AD zone databases do not have an enforced size limit. The zone database size is calculated by the upper limit of the AD membership definition and the sum of all the zone databases for each AD. Admin Domains support the default zone mode of noaccess only - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 402
SAN Service," for information about LSAN zones. Configuration upload and download in an AD context The behavior of the configUpload and configDownload commands varies depending on the AD context and whether the switch the Switch Configuration Admin Domains and then issue configDownload to restore - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 403
, "Administering Licensing" • Chapter 17, "Monitoring Fabric Performance" • Chapter 18, "Optimizing Fabric Behavior" • Chapter 19, "Managing Trunking Connections" • Chapter 20, "Managing Long Distance Fabrics" • Chapter 21, "Using the FC-FC Routing Service" Fabric OS Administrator's Guide 363 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 404
364 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 405
Brocade 7800 Upgrade license 371 •ICL licensing 371 •8G licensing 372 •Slot-based licensing 372 •Time-based licenses 373 •Universal Time-based licenses 374 •Viewing installed licenses 375 •Activating a license 375 •Adding a licensed feature 376 •Removing a licensed feature 377 •Ports on - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 406
Performance Extension license feature set. This license enables full hardware capabilities on the Brocade 7800 base switch, increasing the number of Fibre Channel ports from four to sixteen and the number of GbE ports from two to six. A Brocade 7800 switch with the Upgrade License also supports up - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 407
over Ethernet (FCoE) functionality on the Brocade 8000 switch. This license is included by default for the Brocade 8000 switch. FICON Management Server Enables host-control of switches in mainframe environments. (Also known as "CUP", Control Unit Port) High Performance Extension over FCIP/FC - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 408
is a command and comes with the OS on the switch. Converged Enhanced Ethernet Requires FCoE base license and POD1 license. NOTE: These licenses are installed by default and you should not remove them. Local switch. Brocade 8000 only. Data Center Fabric Manager No license required for base use - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 409
Emulation over an FCIP Tunnel FICON XRC Local and attached switches. High-Performance Extension over FCIP/FC or Advanced FICON Acceleration on Brocade 7800 FIPS No license required. n/a Firmware download No license required. n/a Firmwaredownload is a command and comes with the OS on the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 410
Ports on demand licenses. This license applies to a select set of switches. Upgrade license for the 7500E and 7800 switches to use all ports. 10 Gigabit Ethernet license to use 10GbE ports on FX8-24 blade. Brocade 8000 - Must have license installed to enable the 8 FC ports. A maximum of 8 FC ports - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 411
because it can only support ICL connections with eight links. After the addition or removal of a license, the license enforcement is performed on the ICL ports only when the portDisable and portEnable commands are issued on the ports. An ICL license must be installed on both Brocade DCX and DCX-4S - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 412
Gbps are not disturbed until the port goes offline or the switch is rebooted. The switch ports return to their pre-licensed state maximum speed of 4 Gbps. Slot-based licensing Slot-based licensing is used on the Brocade DCX and DCX-4S platforms to support the FX8-24 blade, where capacity is equal to - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 413
Time-based licenses 16 Upgrade/downgrade considerations When a Slot-based license is present on the switch, firmware downgrade to pre-Fabric OS v6.3.0 is allowed, but the Slot-based features that were licensed will not be functional. Adding a license to a slot 1. Connect to the switch and log in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 414
to the switch. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the reboot command for the expiry to take affect. Universal Time-based licenses Universal Time-based licenses behave the same way as the Time-based temporary licenses supported in prior - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 415
of the Universal Time-based license key provides a mechanism to discontinue offering of a particular feature. Viewing installed licenses 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the licenseShow command. Activating a license The transaction key is - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 416
with the software license keys and installation instructions. Adding a licensed feature To enable a feature, go to the feature's appropriate section in this manual. Enabling a feature on a switch may be a separate task from adding the license. For the Brocade 48000 director and the Brocade DCX and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 417
or 80 licensed ports. A maximum of 80 ports is allowed. Brocade 8000-Must have license installed to enable the 8 FC ports. A maximum of 8 ports are allowed. Brocade VA-40FC-Can be purchased with 24, 32, or 40 licensed ports. A maximum of 40 ports is allowed. Fabric OS Administrator's Guide 377 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 418
use that license on a Brocade 5100 or VA-40FC. The licenses are based on the switches WWN and are not interchangeable. Table 80 shows the ports that are enabled by default and the ports that can be enabled after you install the first and second Ports on Demand licenses for each switch type. TABLE - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 419
show command. Example of manually assigned POD licenses. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Static POD method is in use 24 port assignments are provisioned for use in this switch: 12 port assignments are provisioned by the base switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 420
command to verify the switch started the Dynamic POD feature. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned for use in this switch: 12 port assignments are provisioned by the base - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 421
show command to verify there are port reservations available. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned for use in this switch: 12 port assignments are provisioned by the base - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 422
command to verify the port is no longer assigned to a POD set. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned for use in this switch: 12 port assignments are provisioned by the base - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 423
is a licensed feature Guide and DCFM User's Manual for information about monitoring performance using a graphical interface. Advanced Performance Monitor commands VA-40FC, and the Brocade Encryption Switch, use only the port number where needed in the commands. Types of monitors Advanced Performance - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 424
Brocade Encryption Switch, Brocade DCX, Brocade DCX-4S Yes Yes Yes Yes Yes Yes No Yes 1. For the Brocade 8000, performance monitoring is supported only on the FC ports and not on the CEE ports. NOTE Advanced Performance Monitoring is not supported on VE_Ports and EX_Ports. If you issue commands - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 425
monitors The maximum number of end-to-end monitors supported varies depending on the switch model: • The Brocade 4100, 4900, 5000, 7500, 7500E, 7600, and 48000 models allow up to 256 end-to-end monitors shared by all ports in the same ASIC chip. • The Brocade DCX, DCX-4S, 5100, 8000, VA-40FC, and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 426
using either of the following conditions: • For frames received at the port with the end-to-end monitor installed, the frame SID is the If Virtual Fabrics is enabled, the Brocade DCX, DCX-4S, and 5300 models allow up to 256 end-to-end monitors on one logical switch. The Brocade 5100 and VA- - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 427
existing end-to-end monitors are deleted. End-to-end masks are not supported on the Brocade DCX, DCX-4S, 300, 5100, 5300, 5410, 5424, 5450, 5480, 7800, and VA-40FC models. On FC4-48 port blades, the upper 32 ports can be addressed only when the area ID and the AL_PA are used together - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 428
to the switch and log in as admin. 2. Enter the perfMonitorShow command to list the valid end-to-end monitor numbers for a port. 3. Enter the perfDelEEMonitor command to delete switch:admin> perfdeleemonitor 0, 2 End-to-End monitor number 2 deleted switch:admin> 388 Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 429
you configure actions and alerts through the fmConfig command, Fabric Watch uses these values and generates alerts based on the configuration. If you do not have a Fabric Watch license, these values are ignored. See the Fabric Watch Administrator's Guide for more information about using Fabric Watch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 430
's Guide for more information about using this command. Example of creating a user-defined frame type switch:admin> fmconfig --create MyFrameMonitor -pat "17,0xFF,0x07;7,0x4F,0x01;" -action email Create Success :0 Example of creating a user-defined frame type and applying frame monitors to ports - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 431
This example adds a standard SCSI frame type monitor to ports 3 through 12. switch:admin> fmconfig --addmonitor SCSI -port 3-12 Removing frame monitors from a port 1. Connect to the switch and log in as admin. 2. Enter the fmConfig --delmonitor command to remove a specific monitor from one or more - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 432
adds a standard SCSI frame type monitor to ports 3 through 12, but does not save the port configuration. The second command saves the port configuration persistently. switch:admin> fmconfig --addmonitor SCSI -port 3-12 -nosave switch:admin> fmconfig --save SCSI Displaying frame monitors 1. Connect - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 433
supported. Virtual Fabrics considerations: ISL monitors are supported only on the default logical switch and not on the base switch or other logical switches , 48000, and Brocade Encryption Switch. Top Talker monitors are not supported on the CEE ports of the Brocade 8000 switch. Applications can use - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 434
17 Top Talker monitors The Top Talker monitor is based on SID/DID and not WWNs. Once Top Talker is installed on a switch or port, it remains installed across power cycles. Top Talkers supports two modes, port mode and fabric mode: • Port mode Top Talker A Top Talker monitor can be installed on an - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 435
perfTTmon --add fabricmode command. perfttmon --add fabricmode The system responds: Before enabling fabric mode, port 7 in WWN (default) format: perfttmon --show 7 5 To display the top flows on slot 2, port 4 on the Brocade 48000, Brocade DCX, or DCX-4S in PID format: perfttmon --show 2/4 pid switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 436
on an F_Port 1. Connect to the switch and log in as admin. 2. Enter the perfTTmon --delete command. perfttmon --delete [slotnumber/]port For example, to delete the monitor on port 7: perfttmon --delete 7 To delete the monitor on slot 2, port 4 on the Brocade 48000, Brocade DCX, or DCX-4S: perfttmon - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 437
, 5480, 7500, 7500E, 7600, 7800, 8000, VA-40FC48000, Brocade Encryption Switch, Brocade DCX, and DCX-4S platforms support 12 frame monitors for trunks. • For the Brocade 8000, trunk monitoring is supported only on the FC ports and not on the CEE ports. Displaying end-to-end and ISL monitor counters - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 438
N/A 5 0x11000 0x21fd6 WEB_TOOLS 0x00000004d0bade54 0x0000000067229e87 192.168.169.40 6 0x11000 0x21fe0 WEB_TOOLS 0x00000004d0baed41 0x0000000067229e98 192.168.169.40 Example of displaying ISL monitor information on a port switch:admin> perfMonitorShow --class ISL 1/1 Total transmit count for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 439
port or switch exceeds the limit, then you will receive an error message indicating the count has been exceeded and that some monitors have been discarded. 1. Connect to the switch and log in as admin. 2. Type one of the following commands the perfCfgSave command: switch:admin> command: switch switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 440
17 Performance data collection 400 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 441
Enabling bottleneck detection on a switch 419 •Excluding a port switch 423 Adaptive Networking overview Adaptive Networking is a suite of tools and capabilities that enable you to ensure optimized behavior in the SAN Bottleneck detection does not require a license. See "Bottleneck detection" on page - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 442
a particular device to the switch port. Use ingress rate limiting for the following situations: • To reduce existing congestion in the network or proactively avoid congestion. • To enable you to offer flexible bandwidth limit services based on requirements. • To enable more important devices to use - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 443
, 7800, 8000, VA-40FC, Brocade Encryption Switch, Brocade DCX, or DCX-4S. • QoS traffic prioritization takes precedence over ingress rate limiting. • Ingress rate limiting is not enforced on trunked ports. Virtual Fabrics considerations: If Virtual Fabrics is enabled, the rate limit configuration on - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 444
48000. You must manually enable QoS on 4 Gbps ports. • 8 Gbps platforms SID/DID traffic prioritization is a licensed feature for the 8 Gbps platforms: Brocade 300, 5100, 5300, 5410, 5424, 5450, 5460, 5470, 5480, 7800, 8000, VA-40FC, DCX, DCX-4S, and Brocade Encryption Switch. An Adaptive Networking - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 445
the portcfgshow output, the value of QOS_E_Port is AE for port 19 and ".." for port 24. This means that QoS is enabled by default on port 19 and disabled on port 24. You need to disable QoS on port 19. switch:admin> islshow 1: 2->300 10:00:00:05:1e:43:00:00 100 DCX sp: 8.000G bw: 32.000G TRUNK - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 446
TOV enable .. .. .. .. NPIV capability ON ON ON ON NPIV PP Limit 126 126 126 126 QOS E_Port AE AE AE AE EX Port .. .. .. .. Mirror Port ON QOSL1_LowPriorityZone The switch automatically sets the priority for the "host,target" pairs specified in the zones based on the Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 447
. For example, in Figure 62, QoS should be enabled on the encircled E_Ports. NOTE By default, QoS is enabled on 8 Gbps ports, except for long-distance 8 Gbps ports. QoS is disabled by default on all 4 Gbps ports and long-distance 8 Gbps ports. Fabric OS Administrator's Guide 407 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 448
prioritization over FC routers" on page 415 for detailed instructions. Following are requirements for establishing QoS over FCR: • QoS over FC routers is supported in Brocade native mode only. It is not supported in interopmode 2 or interopmode 3. 408 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 449
Domain 8 10 Base switch Domain 10 11 Domain 2 12 14 13 15 = High priority = E_Ports with QoS enabled FIGURE 63 Traffic prioritization in a logical fabric 9 S1 5 6 8 7 LS1, FID1 Domain 5 LS2, FID3 16 Domain 6 Base switch Domain 9 17 Chassis 2 Fabric OS Administrator's Guide 409 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 450
, 5424, 5450, 5480, 7500, 7500E, 7600, 7800, 8000, VA-40FC, 48000, Brocade DCX, or DCX-4S. • QoS is enabled by default on 8 Gbps ports. QoS is disabled by default on all 4 Gbps ports and long-distance 8 Gbps ports. Upgrade considerations for traffic prioritization This section applies only to 4 Gbps - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 451
was enabled by default prior to the upgrade. NOTE If you already manually enabled QoS on these ports before the upgrade, you do not have to manually enable them again after the upgrade. Manually enabling QoS on 4 Gbps ports and long-distance 8 Gbps ports after upgrade 1. Connect to the switch and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 452
disabled on this ISL, so you should not enable QoS on port 24. In the portcfgshow output, the value of QOS_E_Port is AE for ports 2 and 19 and ON for port 8. This means that QoS is enabled by default on ports 2 and 19 and enabled manually on port 8. Port 19 is an 8 Gbps port, so you do not need to - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 453
NotApplicable, ??:INVALID, switch:admin> portcfgqos --enable 2 switch:admin> portcfgqos --enable 19 Limitations and port is marked as a session-based zoning port. • Traffic prioritization is enforced on the egress ports only, not on the ingress ports. • Traffic prioritization is not supported - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 454
, 5450, 5460, 5470, 5480, 7800, 8000, VA-40FC, Brocade Encryption Switch, and the Brocade DCX and DCX-4S enterprise-class platform, QoS is enabled by default on all ports. If you use the portCfgQos command to enable QoS on a specific port, the port is toggled to apply this configuration, even though - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 455
on ports associated with the traffic isolation zone changes Do you want to enable 'cfg1 sw0:admin> portcfgqos --enable 3 Setting traffic prioritization over FC routers 1. Connect to the switch in the edge fabric on page 478 for instructions. 4. Enter the portCfgQos command to enable QoS on the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 456
to device latency rather than problems in the fabric. In Fabric OS 6.3.x, bottleneck detection was configured on a per-port basis. Starting in Fabric OS 6.4.0, you configure bottleneck detection on a per-switch basis, with per-port exclusions. 416 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 457
default. Best practice is to enable bottleneck detection on all switches in the fabric, and leave it on to continuously gather statistics. Supported a CLI command to display a history of bottleneck conditions on a port. A history is maintained for a maximum of three hours for each port. Limitations - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 458
support E_Ports, FCoE ports, and trunks. If you downgrade to a firmware version earlier than Fabric OS v6.3.0, bottleneck detection is no longer supported. If you later upgrade to Fabric OS 6.4.0, the switch attempts to enable is not possible to attribute a base fabric bottleneck to the exact logical - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 459
exceed a specified threshold. These settings apply to all ports in the switch. 1. Connect to the switch and log in as admin. 2. Enter the bottleneckmon --enable command to enable bottleneck detection on all eligible ports on the switch. By default, alerts are not sent unless you specify the alert - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 460
including the following: • Whether the feature is enabled • Switch-wide alerting parameters • Port-specific alerting parameters • Excluded ports 1. Connect to the switch and log in as admin. 2. Enter the bottleneckmon --status command to display the details of bottleneck detection configuration for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 461
Excluded ports Port ==== 2 3 4 Example The following example changes alert settings for the entire logical switch. switch:admin> bottleneckmon --config -alert -lthresh .97 -cthresh .8 -time 5000 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Fabric OS Administrator's Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 462
fresh data. 1. Connect to the switch and log in as admin. 2. Enter the bottleneckmon --show command. Example of displaying the bottleneck history in 5-second windows over a period of 30 seconds In this example, the definition of bottlenecked ports is any port that had a bottleneck occur during any - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 463
the list of excluded ports and non-default values of alerting parameters. 1. Connect to the switch and log in as admin. 2. Enter the bottleneckmon --disable command to disable bottleneck detection on the switch. switch:admin> bottleneckmon --disable Fabric OS Administrator's Guide 423 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 464
18 Disabling bottleneck detection on a switch 424 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 465
16, "Administering Licensing". Brocade's trunking feature supports the following trunking configurations: • ISL trunking configurations are only applicable to E_Ports. • F_Port trunking configurations are only applicable to two separate Fabric OS switches where all the ports on each switch reside in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 466
, which supports all stand-alone Brocade switches, but provides no interoperability support. See "Interoperability for Merged SANs" on page 297 for information and procedures related to interoperability. • The port ISL R_RDY mode must be disabled (using the portCfgIslMode command). Trunks operate - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 467
19 Supported hardware Trunking is supported on the FC ports of all Brocade platforms and blades supported in Fabric OS v6.4.0. Recommendations for trunking groups To identify the most useful trunking groups, consider the following recommendations along with the standard guidelines for SAN design - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 468
time. To re-initialize the ports, you can either disable and then re-enable the switch, or disable and then re-enable the affected ports. You can enable or disable Trunking for a single port or for an entire switch. When you issue the portCfgTrunkPort or switchCfgTrunk command to update the trunking - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 469
role. 2. Enter the trunkShow command. This example shows trunking groups 1, 2, and 3; ports 4, 13, and 14 are masters. switch:admin> trunkshow 1: 6-> 4 24-> 14 10:00:00:60:69:51:42:dd 2 deskew 15 MASTER This example shows trunking information for a switch Administrator's Guide 429 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 470
5450, 5480, and VA-40FC switches with the 8 Gbps SFPs installed. The Brocade 300, 5100, 5300, 5410, 5424, 5450, 5480, and VA-40FC support long-distance modes L0, LE, LS, and LD. The distance supported on each platform depends on the available buffers, number of back-end ports, and number of offline - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 471
modules (edge switch and the switch running in AG mode) have the Trunking licenses enabled. • The ports have Trunking enabled by displaying the port configuration using the portCfgShow command. • The ports are set to the same speed within the trunk. Fabric OS Administrator's Guide 431 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 472
in the Brocade 48000. F_Port trunking is supported on the shared area ports on the FC8-48 and FC8-64 in the Brocade DCX and DCX-4S. Enabling F_Port trunking 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portDisable command to disable the ports that are - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 473
not allowed on the base switch. NOTE A base switch is a logical switch that is used to communicate among different logical switches. • F_Port trunks enabled on Fabric OS v6.2.0 are non-disruptive to Fabric v6.4.0. • If F_Port trunking is enabled on some ports in the default switch, and you disable - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 474
ports 2f:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch's Fx_Ports. 25:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch's based platforms. This feature does not work on M-EOS or third party switches. Figure 66 shows a switch in AG mode without F_Port masterless trunking. Figure 67 shows a switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 475
details when you issue the portShow command. configdownload Note: Switches in Access Gateway mode do not perform authentication. If you issue the configDownload command for a port configuration that is not compatible with F_Port trunking, and the port is Trunk Area-enabled, then the port will be - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 476
FC4-48 blade, F_Port masterless trunking is supported only on ports 0 - 15. FICON is not supported on F_Port trunk ports. However, FICON can still run on ports that are not F_Port trunked within the same switch. If you plug in a standby CP with a firmware version earlier than Fabric OS v6.2.0 and - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 477
against the F_Port trunk master. Port and exchange-based routing is supported on the F_Port trunk masters. Bandwidth information will be modified accordingly as the F_Port trunk forms. The switchCfgTrunk 0 command will fail if a port has TA enabled. All ports on a switch must be TA-disabled first - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 478
. 4. Re-enable ports 36-39 by issuing portEnable for each port in the TA. 5. Enter the switchshow command to display the switch and port information. 6. Enter the porttrunkarea --show enabled command to display the TA-enabled port configuration. switch:admin> porttrunkarea --show enabled Port Type - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 479
DCC policy. You must enable the TA before issuing the secPolicyActivate command in order for security to enforce the DCC policy on the trunk ports. 3. Turn on the trunk ports. Trunk ports should be turned on after issuing the secPolicyActivate command to prevent the ports from becoming disabled in - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 480
19 F_Port masterless trunking 440 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 481
switch handles local interconnectivity and multiplexes traffic across long-distance dark fiber or wave division multiplexing (WDM) links while the Brocade Extended Fabrics software enables SAN management over long distances. Brocade Extended Fabrics is an optional licensed feature for Brocade SAN - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 482
buffers on a particular port. Changes made by this command are persistent across switch reboots and power cycles. This command supports the following long-distance link modes: • Static Mode (LO) - L0 is the normal (default) mode for a port. It configures the port as a regular port. A total of 20 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 483
are used. Only Brocade-branded or certain Brocade-qualified SFPs are supported on the 8 Gbps platforms. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command. 3. Enter the configure command to set the switch fabric-wide configurations - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 484
to Time-Division Multiplexing (TDM) devices and your Brocade switch has QoS and buffer credit recovery enabled. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Disable QoS. switch:admin> portcfgqos --disable [slot/]port If you do not disable QoS, after the second - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 485
BB credits are used by Class 2 and Class 3 service and rely on the Fibre Channel Receiver-Ready (R_RDY) control word to be sent by the receiving link port to the sender. The rate of frame transmission is regulated by the receiving port based on the availability of buffers to hold received frames - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 486
when online or offline. • Any remaining buffers can be reserved by any port in the port group. • When QoS is enabled and the port is online, an additional 14 buffers are allocated to that port. • The following switches and blades have a limitation of 255 buffers maximum that can be allocated to - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 487
The standard frame header size is 24 bytes. If applications require extensive control allocate buffer credits based on distance using the portCfgLongDistance command. The Long distance port initialization versus the desired_distance parameter, which is required when a port Guide 447 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 488
then, (50 km * 8 Gbps / 2) + 6 = 206 buffers Example : Consider the Brocade 300, which has a single 24-port port group and a total of 676 buffer credits for that port group The maximum remaining number of buffer credits for the port group, after each port reserves its eight buffer credits, is: 676 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 489
port) = 492 buffers to a single port, you can calculate the maximum single port extended distance supported: [Maximum Distance X in km] = (BufferCredits + 6) * 2 / LinkSpeed 498 km = (492 + 6 buffers for Fabric Services) * 2 / 2 Gbps How many 50 km ports ports Allocating buffer credits based command, - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 490
desired_distance based on the data size entered, regardless of the distance. If buffer credit recovery is enabled, Fabric OS supports a BB_SC_N command. switch:admin> portcfgfportbuffers --enable 2/44 12 To disable the port buffer configuration and return to the default buffer allocation: switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 491
Buffer credits Switch/blade model Total FC ports (per switch/blade) User port group size Unreserved buffers (per port group) 300 24 4100/5000 32 4900 64 5100 40 5300 80 5410 12 5424 24 5450 26 5480 24 7500 16 7600 16 7800 16 VA-40FC 40 Brocade Encryption Switch 32 FA4 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 492
model 1 Gbps 2 Gbps 4 Gbps 8 Gbps 300 4100/5000 4900 5100 5300 5410 5424 5450 5480 7500 7600 7800 VA-40FC Brocade Encryption Switch FA4-18 FC4-16 FC4-16IP FC4-32 FC4-48 FC8-16 FC8-32 FC8-48 FC10-6 FR4-18i FS8-18 FX8-24 972 486 243 121 500 250 100 N/A 500 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 493
frame and credit loss counters are reset without performance degradation. This feature is only supported on E_Ports that are configured for long distance and are connected between the following switch or blade models: • Brocade 300, 5100, 5300, 5410, 5424, 5450, 5480, VA-40FC • FC8-16, FC8-32, FC8 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 494
20 Buffer credit recovery 454 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 495
those fabrics. A Fibre Channel router (FC router) is a switch running the FC-FC routing service. The FC-FC routing service can be simultaneously used as an FC router and as a SAN extension over wide area networks (WANs) using FCIP. FCR supports backbone-to-edge routing, allowing devices in the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 496
service overview Supported platforms for Fibre Channel routing Fibre Channel routing is supported on the following platforms: • Brocade DCX and DCX-4S (FC8-16, FC8-32, FC8-48, FC8-64, FS8-18, FX8-24, or FR4-18i blade) • Brocade 5100 switch • Brocade 5300 switch • Brocade VA-40FC switch • Brocade - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 497
18, and FX8-24 blades) • Brocade 5100 switch • Brocade 5300 switch • Brocade VA-40FC switch • Brocade 7800 Extension Switch • Brocade Encryption Switch You do not need a license for EX_Ports on the Brocade 7500 Extension Switch or FR4-18i blade. Enabling the Integrated Routing license and capability - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 498
initiators connected through the supported platforms by using an SAN, the backbone fabric consists of at least one FC router and possibly a number of Fabric OS-based Fibre Channel switches connected through a Brocade DCX with inter enable Fibre Channel zones to cross physical SAN Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 499
Edge fabric 1 E_Port Edge fabric 2 VE_Port IP cloud Edge fabric 3 E_Port IFL IFL IFL Fibre Channel device, has a name server entry, and is assigned a valid port ID. The port ID is relevant only on the fabric in which the proxy device has been created Administrator's Guide 459 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 500
ISL FC router EX_Port FC router EX_Port Backbone fabric IFL IFL E_Port Edge SAN 1 Edge SAN 2 E_Port = LSAN FIGURE 70 Edge SANs connected through a backbone fabric • Phantom domains A phantom domain is a , see "Phantom domains" on page 462. 460 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 501
. A backbone fabric can be used as a transport fabric that interconnects edge fabrics. FC routers also enable hosts and targets in edge fabrics to communicate with devices in the backbone fabric, known as backbone-to-edge routing. From the edge fabric's perspective, the backbone fabric is just like - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 502
phantom domain can never be the principal switch of the backbone fabric. Front domains . NOTE Management Server Platform services and interopmode are not supported in the backbone fabric. The second level of phantom domains is known as a translate phantom domain, also referred Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 503
Target 3, respectively. Host 1 Fabric 1 Front domain 1 (FC router 1) Xlate domain 1 (Fabric 2) Front domain 2 (FC router 2) Xlate domain 2 (Fabric 3) Target 1' Target 2' Target 3' FIGURE 73 EX_Port phantom switch topology Fabric OS Administrator's Guide 463 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 504
IP-based networks. (See "FCIP tunnel configuration" on page 467.) • Configure IFLs for edge and backbone fabric connection. (See "Inter-fabric link configuration" on page 468.) • Modify port cost for EX_Ports, if you want to change from the default settings. (See "FC Router port cost configuration - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 505
Gbps port blades enabled. Proceed to step 3. • If you are not configuring a Brocade 48000, Brocade DCX, or Brocade DCX-4S platform, then skip to step 4. switch:admin> slotshow -m Slot Blade Type ID Model Name Status 1 AP BLADE 33 FA4-18 ENABLED 2 AP BLADE 24 FR4-18i ENABLED 3 SW - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 506
routing is not supported. To turn off interoperability mode, disable the switch and enter the interopMode 0 command, as described in "Enabling Brocade Native mode" on page 305. 5. Verify that the Fabric Wide Consistency Policy is not in 'strict' mode by issuing the fddCfg --showall command. When it - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 507
(1-128)[128] switch:admin> fosconfig --enable fcr FC Router service is enabled switch:admin> switchenable FCIP tunnel configuration The optional Fibre Channel over IP (FCIP) Tunneling Service enables you to use "tunnels" to connect instances of Fibre Channel SANs over IP-based networks to transport - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 508
or portCfgVEXPort command to: • Enable or disable EX_Port or VEX_Port mode. • Set the fabric ID (avoid using fabric IDs 1 and 128, which are the default IDs for backbone connections). The following example configures the EX_Port (or VEX_Port) and assigns a Fabric ID of 30 to port 7. switch:admin - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 509
router to the edge fabric. 7. Enter the portCfgShow command to view ports that are persistently disabled. FC ports on the Brocade 7500 and 7800 switches and FR4-18i and FX8-24 blades are configured as persistently disabled by default, to avoid inadvertent fabric merges when installing a new - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 510
command to verify that each port is configured correctly: switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT OK Pid format: Not Applicable Operate mode: Brocade : 2 Offline portPhys: 2 No_Module portScn: 0 port generation number: 0 portId: 014a00 portIfId: 4372080f - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 511
.32.156.31 "Brocade 7500" FC Router port cost configuration The router port cost is set automatically. This section provides information about the router port cost and describes how you can modify the cost for a port if you want to change the default value. Fabric OS Administrator's Guide 471 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 512
sets are defined as follows: - 0-7 and FCIP Tunnel 16-23 - 8-15 and FCIP Tunnel 24-31 More than two router port sets can exist in a Brocade 48000, Brocade DCX, or Brocade DCX-4S with two FR4-18i blades. • The router port cost does not help distinguish one IFL (or EX_ and VEX_Port link) from another - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 513
7/10 10000 • To set the cost of the EX_Port back to the default, enter a cost value of 0: switch:admin> fcrrouterportcost 7/10 0 6. Enter the portEnable command to enable the ports that you disabled in step 1. switch:admin> portenable 7/10 Fabric OS Administrator's Guide 473 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 514
is supported only on EX_Ports in the following platforms: • Brocade DCX and DCX-4S (FC8-16, FC8-32, FC8-48, FC8-64, FS8-18, or FX8-24) • Brocade 5100 switch • Brocade 5300 switch • Brocade VA-40FC switch • Brocade Encryption Switch For the Brocade DCX and DCX-4S, Virtual Fabrics must be enabled for - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 515
yes Brocade 5300 yes Brocade VA-40FC yes Brocade Encryption Switch yes Brocade 7500 no Brocade 7800 no Brocade 48000: FR4-18i no enabled enabled enabled enabled enabled enabled n/a enabled or disabled enabled or disabled enabled or disabled enabled or disabled n/a n/a n/a Supported - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 516
prior to the HA failover, it remains enabled after the HA failover. Backward compatibility support For backward compatibility, an FC router that supports EX_Port trunking can continue to interoperate with older FC routers and all previously supported Brocade switches in the backbone fabric or - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 517
connectivity through extensions to existing switch management interfaces. You can define and manage LSANs using Brocade Advanced Zoning. Use of are online, FCR triggers a device import. To support legacy applications, WWNs are reported based on the administrative domain context. As a result, you - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 518
by the zoning setup on both fabrics. If the SANs are under separate administrative control, then separate administrators cfgEnable commands to add and enable the LSAN configuration. switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric75" switch:admin> cfgenable "zone_cfg" You are about to enable a - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 519
FCP [IBM DNEF-309170 F90F] Fabric Port Name: 20:08:00:05:1e:34:11:e5 Permanent Port Name: 50:05:07:61:00: commands to create and enable the LSAN configuration. switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric2" switch:admin> cfgenable "zone_cfg" You are about to enable Guide 479 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 520
LSAN count, that can be configured on the edge fabrics. By default, the maximum LSAN count is set to 3000. You can increase the maximum LSAN count to 5000 without disabling the switch. The maximum number of LSAN devices supported is 10000 (this includes both physical and proxy devices). If you have - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 521
Be aware of how LSAN zones impact high availability and firmware downgrades: • The LSAN zone matrix is synchronized to the standby CP. • On a dual CP switch, both CPs must have Fabric OS v5.3.0 or later to enable the feature. • If the feature is enabled on the active CP, introducing a CP with an - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 522
2), even if the host is brought down. A target proxy is removed from the host fabric when the target device is offline. 482 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 523
switches. If Virtual Fabrics are enabled, you configure the tags on the base switch host or target port to trigger the supported. Configuring an Enforce LSAN tag 1. Log in to the FC router as admin. 2. Enter the following command to disable the FC router: switchdisable 3. Enter the following command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 524
command to enable in the names. 4. Toggle the host or target port to trigger the fast import process. Example sw0:admin> --remove command to remove an existing LSAN tag. If you remove an Enforce LSAN tag, you must disable the switch first. command. 484 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 525
entries of the remote edge fabrics that can access its local edge fabrics. The LSAN zone limit supported in the backbone fabric is not limited by the capability of one FC router. In addition, due store information about LSAN zones 1, 2, 3, and 4. Fabric OS Administrator's Guide 485 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 526
number of LSAN devices is 10,000. • With LSAN zone binding, the metaSAN can import more than 10,000 devices and the backbone fabric can support more FC routers. • With LSAN zone binding, CPU consumption by an FC router is lower. 486 Fabric OS Administrator - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 527
each other. You set up LSAN zone binding using the fcrLsanMatrix command. This command has two options: -fcr and -lsan. The -fcr option from this FC router to other FC routers. • You must manually configure the LSAN fabric matrix on these FC routers to match 's Guide 487 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 528
lsan 5 6 Fabrics that are not specified are part of the default binding and can access other edge fabrics that are not specified. the fabric IDs of the edge fabrics. 4. Enter the following command to apply the changes persistently: FCR:Admin> fcrlsanmatrix --apply 's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 529
domain ID to a translate domain. Fabric parameter considerations By default, EX_Ports and VEX_Ports detect, autonegotiate, and configure the fabric parameters without user intervention. You can optionally configure these parameters manually. Fabric OS Administrator's Guide 489 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 530
command, you must disable the switch using the switchDisable command. If executed on an enabled switch portCfgEXPort command. supported in an FCR fabric with a Brocade 8000. By default, broadcast frame forwarding is disabled on an FC router. If your edge fabric includes a Brocade 8000, do not enable - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 531
proxy devices • Max NR_Ports The following example shows the use of the fcrResourceShow command to display physical port (EX_Port) resources. switch:admin> fcrresourceshow Daemon Limits: Max Allowed Currently Used LSAN Zones: 3000 28 Fabric OS Administrator's Guide 491 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 532
is present, with the default fabric ID (FID) of 128. All previously configured EX_Ports and VEX_Ports are persistently disabled with the reason "ExPort in non base switch". You must explicitly create a base switch, move the EX_ and VEX_Ports to the base switch, and then enable the ports. If you move - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 533
supported. • Backbone-to-edge routing is not supported in the base switch. base switch. • All FCR commands can be executed only in the base switch context. • The fcrConfigure command is not allowed when Virtual Fabrics is enabled. Instead, use the lsCfg command to configure the FID. Logical switch - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 534
E Fabric ID 15 E EX Logical switch 4 EX (Base switch) Fabric ID 8 E ISL IFL XISL Physical chassis 2 E Logical switch 5 F (Default logical switch) Fabric ID 128 Logical switch 6 F Fabric ID 1 Allows XISL use E Logical switch 7 Fabric ID 15 Logical switch 8 (Base switch) E Fabric ID 8 FIGURE 76 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 535
operations on the switch. Brocade recommends that you save your FC-FC routing configuration (using the configUpload command) before performing any downgrades. For further instructions on downgrading, refer to Chapter 9, "Installing and Maintaining Firmware". How replacing port blades affects EX_Port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 536
xlate domain is 1-128. This range enables the front domain to connect to 127 remote xlate domains. 1. Log in to a switch in the edge fabric. 2. Enter the lsDbShow command on the edge fabric. In the lsDbShow output, ports in the range of 129-255 are the output ports on the front domain. The following - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 537
connect to an M-EOS fabric by using an E_Port without disrupting the existing services. All the EX_Port functionality, such as fabric isolation and device sharing, remains the same as when connecting to an existing Fabric OS fabric. NOTE M-EOS fabrics are supported only as edge fabrics and are not - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 538
modes are supported. 2. Fabric Brocade 7500 Brocade 7500, or FR4-18i blade. The Fibre Channel routing feature for M-EOS interoperability is not a licensed supported. Connected SANs provide additional functionality not possible with segregated SANs long-distance IP links beyond port to an - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 539
Trunking is not supported on EX_Ports connected to the M-EOS fabric. Connectivity modes You can connect to M-EOS fabrics in both McDATA Open mode or McDATA Fabric mode. If the mode is not configured correctly, the port is disabled because of incompatibility. Fabric OS Administrator's Guide 499 53 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 540
persistently disabled by default. 5. Enter the portCfgExPort command to configure the port as an EX_Port with a different FID within the McDATA Fabric Mode. This port can now connect to an M-EOS switch in McDATA Fabric mode or McDATA Open mode. 500 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 541
37 -m 2 6. Enable the port by issuing the portEnable command. ecp:admin_06> portenable 10/13 If the port was persistently disabled, use the following command to enable the port: ecp:admin_06> portcfgpersistentenable 10/13 7. Physically attach the IFLs from the FC router to the switches in the - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 542
support up to 2048 zones when connected to an M-EOS v9.6 switch. NOTE For detailed instructions for the steps in the following procedure, refer to the Zoning User Manual. http://www.brocade and issue the fcrProxyDevShow command on to verify that the devices are configured and exported. switch:admin - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 543
on the connected fabric. b. Enter the portLogClear command for the port. c. Enable the port on the FC router. d. Enter the portLogDump command for the port, capturing the output. Use the portLogDump tool to troubleshoot the problem, using the command output. If an EX_Port connecting an FC router - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 544
: 10:00:00:00:00:03:00:00 Port Index: na Share Area: No Device Shared in Other AD: No All of the devices from both LSANs should appear in the output. If the devices do not appear in the output, issue the cfgShow command to verify your zone configuration. Use the cfgactvshow - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 545
the CP through the GE ports for tasks such as downloading firmware, SNMP polling, SNMP traps, troubleshooting, and configuration. To facilitate this communication, the Brocade 7500 Extension Switch uses IP forwarding and IP routing to forward IP traffic through the switch to the management station - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 546
The switch automatically uses the IP address default, there will be no IP addresses associated with these new Ethernet interfaces. To manage the IP addresses for the CP and GE port processor Ethernet interfaces, use the portCfg inbandmgmt command on the CP. Specifying the portCfg inbandmgmt command - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 547
, use the ge option for the portCfg inbandmgmt ipaddrset command. This command sets the appropriate interface based on the GE port number entered. 1. Connect to the switch and log in as admin. 2. Enter the portCfg inbandmgmt command to configure an IP address to the internal interface on the GE - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 548
Station. switch:admin> portcfg inbandmgmt ge0 routedel 192.168.3.0 255.255.255.0 Viewing Inband Management IP addresses and routes The portShow inbandmgmt command displays the addresses that are currently configured for that GE port number and a status of Inband Management (Enabled/Disabled - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 549
Management Station is on the same subnet as the GE ports on the Brocade 7500 Extension Switches. Using the network diagram shown in Figure 80, the configuration would be set up as listed below. FIGURE 80 Management Station on same subnet 1. Configure the IP address for each of the 7500s (L1 and R1 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 550
of supported configurations b. On the 7500 R1, create an IP address on the GE interface: switch:admin> portcfg ipif ge0 create 192.168.3.20 255.255.255.0 1500 2. Configure the management interfaces on the 7500 L1. a. Configure the internal addresses for the inbd devices for CP and GE port (GE port - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 551
(GE port 0 for this example). switch:admin> portcfg inbandmgmt ge0 ipaddrset cp 192.168.255.1 255.255.255.0 switch:admin> portcfg inbandmgmt ge0 ipaddrset ge 192.168.255.2 255.255.255.0 b. Add the route on the switch going to the Management Station. Fabric OS Administrator's Guide 511 53-1001763 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 552
B Examples of supported configurations switch:admin> portcfg inbandmgmt ge0 b. Configure the route going to the Management Station. linux> route add -net 192.168.3.0/24 gw 172.0.1.3 5. Configure the routes on Router B. a. Configure the route going to the Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 553
supported on the Brocade 48000 director. If your blade does not have the maximum number of ports, use the lower sections of the table to determine the area_ID and index. TABLE 99 Default index/area_ID core PID assignment with no port swap for the Brocade 48000 director Port 377/241 40 264/128 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 554
on the Brocade 48000 director TABLE 99 Default index/area_ID core PID assignment with no port swap for the Brocade 48000 director (Continued) Port on blade Slot 41/41 57/57 73/73 89/89 105/105 121/121 8 8/8 24/24 40/40 56/56 72/72 88/88 104/104 120/120 7 7/7 23/ Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 555
N4 No_Module (output truncated) TABLE 100 Default index/16-bit PID assignment with no port swap on a Brocade DCX backbone Port (DCX) Slot 1 Index/PID Slot 2 0x79c0 56 776/0x08c0 792/0x18c0 808/0x28c0 824/0x38c0 840/0x48c0 856/0x58c0 872/0x68c0 888/0x78c0 55 775/ Guide 515 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 556
Brocade DCX backbone TABLE 100 Default index/16-bit PID assignment with no port swap on a Brocade DCX backbone (Continued) Port 0xc1c0 345/0xd1c0 361/0xe1c0 377/0xf1c0 40 264/0x80c0 280/0x90c0 296/0xa0c0 217/0xd940 233/0xe940 249/0xf940 24 136/0x8840 152/0x9840 168/0xa840 Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 557
TABLE 100 Default index/16-bit PID assignment with no port swap on a Brocade DCX backbone (Continued) Port (DCX) 73/0x4940 89/0x5940 105/0x6940 121/0x7940 8 8/0x0840 24/0x1840 40/0x2840 56/0x3840 72/0x4840 88/0x5840 104/0x6840 120 truncated) Fabric OS Administrator's Guide 517 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 558
-4S backbone TABLE 101 Default index/16-bit PID assignment with no port swap for the Brocade DCX-4S Port on blade Slot 1 Index 170/0xaa00 234/0xea00 41 41/0x2900 105/0x6900 169/0xa900 233/0xe900 40 40/0x2800 104/0x6800 168/0xa800 232/0xe800 39 39/0x2700 103/0x6700 167 's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 559
DCX-4S backbone C TABLE 101 Default index/16-bit PID assignment with no port swap for the Brocade DCX-4S (Continued) Port on blade Slot 1 Index/PID Slot 2 Index/PID Slot 7 Index/PID 0x8100 193/0xc100 0 0/0x0000 64/0x4000 128/0x8000 192/0xc000 Fabric OS Administrator's Guide 519 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 560
C Port indexing on the Brocade DCX-4S backbone 520 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 561
level 2 compliance passwords, shared secrets, and the private keys used in SSL, TLS, and system login need to be cleared out or zeroized. Power-up self tests are executed when the switch is powered on to check for the consistency of the algorithms implemented in the switch. Known-answer-tests (KATs - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 562
default passwords for the root, admin, and user default accounts. However only root has permissions for this command Key-based SSH authentication is not used for SSH sessions. Key-based SSH switch. For more information on this procedure, refer to the Fabric OS Troubleshooting and Diagnostics Guide - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 563
to the Fabric OS Troubleshooting and Diagnostics Guide for instructions on how to recover if your system cannot get out of the conditional test mode. FIPS mode configuration By default, the switch comes up in non-FIPS mode. You can run the fipsCfg --enable fips command to enable FIPS mode, but you - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 564
CONFIGURATIONS RADIUS configuration does not exist. adldap.local LDAP CONFIGURATIONS Position Server Port Domain Timeout(s) : 1 : GEOFF5.ADLDAP.LOCAL : 389 : adldap.local : 3 Primary AAA Service: LDAP Secondary AAA Service: Switch database 524 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 565
using the dnsConfig command. Example of setting the DNS switch:admin> dnsconfig Enter option 1 Display Domain Name Service (DNS) configuration 2 Set DNS configuration 3 Remove DNS configuration 4 Quit Select an item: (1..4) [4] 2 Enter Domain Name: [] domain.com Enter Name Server IP address in dot - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 566
D FIPS mode configuration LDAP certificates for FIPS mode To utilize the LDAP services for FIPS between the switch and the host, you must generate a CSR on the Active Directory server and import and export the CA certificates. To support server certificate validation, it is essential to have the CA - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 567
on Microsoft Active Directory server and CA certificate on the switch for using LDAP authentication. 4. Block Telnet, HTTP, and RPC. 5. Disable BootProm access. 6. Configure the switch for signed firmware. 7. Disable root access. 8. Enable FIPS. Fabric OS Administrator's Guide 527 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 568
to the boot PROM: fipscfg --disable bootprom Block boot PROM access before disabling root account. 7. Enable signed firmware by typing the configure command and respond to the prompts as follows: System services No cfgload attributes Yes 528 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 569
Upload/Download Press enter to accept default. Enforce firmware signature validation Yes Example switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] ... cfgload - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 570
the admin or securityAdmin role. 2. Type the command fipsCfg --zeroize. 3. Reboot the switch. Displaying FIPS configuration 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg --showall. 530 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 571
base known addresses and port IDs. Example conversion of the hexadecimal triplet Ox616000 Notice the PID in the nsShow output is in hexadecimal. switch Port Name: 20:08:00:05:1e:01:23:e0 Permanent Port Name: 10:00:00:00:c9:29:b3:84 Port = 97 06 = Area (port number) = 06 00 = Port (ALPA) = 0 (not - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 572
17 18 19 1a 1b 1c 1d 1e Decimal 31 32 33 34 35 36 37 38 39 40 Hex 1f 20 21 22 23 24 25 26 27 28 Decimal 41 42 43 44 45 46 47 48 49 50 Hex 29 2a 178 179 180 Hex ab ac ad ae af b0 b1 b2 b3 b4 532 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 573
f1 f2 f3 f4 f5 f6 f7 f8 f9 fa Decimal 251 252 253 254 255 Hex fb fc fd fe ff Fabric OS Administrator's Guide 533 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 574
E Hexadecimal overview 534 Fabric OS Administrator's Guide 53-1001763-01 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 575
Index Numerics 239 domain ID mode, 301 A AAA service requests, 99 access browser support, 122 changing account parameters, 89 CP blade, 105 creating accounts, 88 deleting accounts, 89 IP address changes, 17 log in fails, 17 NTP, 28 password, changing, 19 remote access policies, 108 secure, HTTPS, - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 576
178 base switches about, 216 creating, 225 blade swapping, 50 blades compatibility, 44, 46 disabling and enabling, 44 enabling exceptions for the FR4-18i, 49 port area ID, 41 port identification, 41 port indexing, 41 port numbering schemes, 40 powering off and on, 53 types of, 39 boot PROM password - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 577
, 123, 151 changing an account password, 91 FID of logical switch, 230 logical switch to base switch, 231 RADIUS configuration, 115 RADIUS servers, 115 clearing performance monitor counters, 398 clearing zone configurations, 258 command line interface, 16 configuration file backing up, 178 chassis - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 578
349 TI zones, 285 default IP Policy Rules, 156 logical switch, 210 zone mode, known address, 4 Distrubted Management Server well-known address, 5 domain ID 239 mode, 301 offset mode, 301 offset, default enabling bottleneck detection, 419 port, 43 Virtual Fabrics, 223 zone configurations, 255 enabling - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 579
port buffer switch, 308 zoning restrictions, 307 Fabric Login, 10 Fabric login, 3 Fabric OS Administrator's Guide 53-1001763-01 Fabric OS supported service, 455 FCIP link, 498 FCR and traffic isolation, 273 FCS policy modifying, 137 feature licenses, 365 Fibre Channel NAT, 65 Fibre Channel over IP - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 580
, 33 inter-switch link (ISL), 66 IP Filter supported services, 155 IP-NAT, 65 IPsec algorithms, 167 Authentication Header protocol, 166 configuration on the management interface, 164 Encapsulating Security Payload protocol, 166 flushing SAs, 173 IKE policies, 169 key management, 169 manual key entry - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 581
214 changing context, 233 logical ISLs, 217 logical ports, 218 logical switches about, 210 allowing XISL use, 232 changing FID, 230 changing to a base switch, 231 creating, 225 deleting, 228 displaying configuration, 230 moving ports, 229 login changing password, 89 fails, 17 with Admin Domains, 340 - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 582
routing supported, 456 PLOGI, 12 POD activating, 379 enabling ports, 43 policies, routing, 63 policy creating, 143 creating, SCC, 143 members, identifying, 134 password expiration, 93 password strength, 91 SCC, 143 port, 43 activating POD, 379 enabling, 43 Port Login, 10 port mirroring, 11 port type - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 583
changing passwords, 19 default zone mode, 344 mask for end-to-end monitors, 387 password, boot PROM, 95 security level, 129 switch date and time, 25 the IP route, 77 storage-based zoning, 239 support FC router, 143 Java version, 122 SNMPv3 and v1, 127 SW-EXTTRAP, 128 switch access methods, Web - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 584
, 228 overview, 209 platform services, 5 ports, moving, 229 restrictions, 222 supported platforms, 220 with traffic isolation over FCR, 281 XISL, allowing on logical switches, 232 VSA, 101 W Web Tools access methods, configuration, 15 well-known addresses, 3 Windows RADIUS, configuring, 107 working - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 585
based PID assignment, 37 WWNs switch WWNs in Admin Domains, 342 X XISL, about, 216 xlate domains, 462 Fabric OS Administrator's Guide 53-1001763-01 Z zone adding a new switch default zone enabling a configuration, 255 enforcement, 242 host-based, 239 LUN masking, 239 merging, 253 name server-based - HP 8/8 | Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 586
zone configurations creating, 254 deleting, 256 disabling, 256 enabling, 255 removing, 255 zone database and Admin Domains, 360 zone, broadcast, 244 zones QoS zones, 406 TI zones, 267 546 Fabric OS Administrator's Guide 53-1001763-01
53-1001763-01
30 March 2010
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS v6.4.0