HP StorageWorks 2/16V HP StorageWorks Fabric OS 5.2.x administrator guide (569 - Page 209
Configuring FCIP tunnels (optional)
View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 209 highlights
5. Then enter the fosConfig --enable fcr command. switch:admin_06> fosconfig --disable fcr FC Router service is disabled switch:admin_06> fcrconfigure FC Router parameter set. to skip a parameter Backbone fabric ID: (1-128)[1] switch:admin_06> fosconfig --enable fcr FC Router service is enabled Configuring FCIP tunnels (optional) The optional Fibre Channel over IP (FCIP) Tunneling Service enables you to use "tunnels" to connect instances of Fibre Channel SANs over IP-based networks to transport all Fibre Channel ISL and IFL traffic. FCIP is a prerequisite for configuring VEX_Ports; if you are only using FC_Ports, then there is no need to perform this step. NOTE: If using FCIP in your FC-FC Routing configuration, you must first configure FCIP tunnels. Once a tunnel is created, it defaults to a disabled state. Then configure the VE_Port or VEX_Port. After the appropriate ports are configured, enable the tunnel. See "Configuring and monitoring FCIP tunneling" on page 367 for instructions on how to configure FCIP tunnels. Configuring FC-FC routing to work with Secure Fabric OS (optional) If you do not have Secure Fabric OS enabled in the edge fabric, then you are not required to complete the tasks in this section. NOTE: Secure Fabric OS is not supported in backbone fabrics. The 400 MP Router and 4/256 SAN Director with a B-Series MP Router blade support Fibre Channel routing between secure fabric employing Secure Fabric OS via DH-CHAP (Diffie-Hellman with Challenge-Handshake Authentication Protocol) authentication. It also supports secure fabric to nonsecure fabrics. Secure Fabric OS is an optionally licensed product that provides customizable security restrictions through local and remote management channels on an HP fabric. The FC-FC Routing Service uses only the DH-CHAP shared secrets to provide switch-to-switch authentication when connecting to a Secure Fabric OS fabric. To determine whether or not an EX_Port or VEX_Port is connected to a Secure Fabric OS fabric, enter the portShow, portCfgEXPort, or portCfgVEXPort command, as described in the Fabric OS Command Reference Manual. Note that you should issue these commands only after the IFLs have been configured and for VEX ports, the FCIP tunnel(s) are up and running. For more details, see "Configuring an interfabric link" on page -211 and "Configuring FCIP tunnels (optional)" on page -209. Configuring Secure Fabric OS DH-CHAP secret While Secure Fabric OS supports the SLAP, FCAP and DH-CHAP authentication protocols to communicate with each switch, Fabric OS v5.2.x (and Fabric OS v5.1.0) supports only DH-CHAP. The 400 MP Router and 4/256 SAN Director with a B-Series MP Router blade do not initiate DH-CHAP authentication requests; rather, they respond to DH-CHAP requests only from the edge switch to which they are connected-in this case, the Secure Fabric OS switch. As soon as you connect the 400 MP Router or 4/256 SAN Director with a B-Series MP Router blade to a Secure Fabric OS switch, DH-CHAP authentication is initiated. The DH-CHAP secrets are configured both on the Secure Fabric OS switch and the 400 MP Router or 4/256 SAN Director with a B-Series MP Router blade. Each entry specifies the WWN of the peer to which Fabric OS 5.2.x administrator guide 209