Home » HP Manuals » Storage Devices » HP StorageWorks 2/16V » Manual Viewer

HP StorageWorks 2/16V Brocade Web Tools Administrator's Guide (53-0000194-01, - Page 275

Managing RADIUS Service

View all HP StorageWorks 2/16V manuals

Add to My Manuals
Save this manual to your list of manuals

Page 275 highlights

17 Managing RADIUS Service Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS client. In this configuration, authentication records are stored in the RADIUS host server database. Login and logout account name, assigned role, and time accounting records are also stored on the RADIUS server. You should set up RADIUS service through a secure connection such as SSH. The three choices in the drop-down menu when RADIUS is selected as the primary service are: • Switch Database when RADIUS Authentication Fails-When selected, the switch user login database will be checked whenever RADIUS authentication fails. • Switch Database When RADIUS Times Out-Switch user login database is checked only if the physical connection to the RADIUS server fails. • None-Switch user login database is never checked. Only a RADIUS server can be used for authentication. If the switch database is selected as primary, there is no secondary option. The RADIUS server cannot be configured as a backup for the switch user login database. When the primary AAA service is RADIUS you can enable the secondary service which offers two choices, None or Switch Database from the drop-down menu. When RADIUS login fails, even though RADIUS server is available, the additional service allows you the option to use the Switch Database as backup authentication service when the RADIUS server is not available. Alternatively, you can have no secondary AAA service, which means that only the primary service will be used for authentication. Use the AAA Service tab of the Switch Admin module to manage the RADIUS service (see Figure 17-6). Web Tools Administrator's Guide Publication Number: 53-0000194-01 17-15

Section	Page
Web Tools	1
Contents	5
About This Document	5
Chapter 1 Introducing Web Tools	5
Chapter 2 Using the Web Tools Interface	6
Chapter 3 Managing Fabrics and Switches	7
Chapter 4 Maintaining Configurations and Firmware	8
Chapter 5 Managing Your Ports	8
Chapter 6 Administering ISL Trunking	8
Chapter 7 Using the FCIP Tunneling Service	9
Chapter 8 Managing Administrative Domains	9
Chapter 9 Administering Zoning	10
Chapter 10 Monitoring Performance	12
Chapter 11 Using the FC-FC Routing Service	12
Chapter 12 Working With Diagnostic Features	13
Chapter 13 Administering Fabric Watch	13
Chapter 14 Administering Extended Fabrics	14
Chapter 15 Administering the iSCSI Target Gateway	14
Chapter 16 Routing Traffic	14
Chapter 17 Configuring Standard Security Features	15
Chapter 18 Administering FICON CUP Fabrics	15
Chapter 19 Limitations	16
Index	16
About This Document	17
How This Document Is Organized	17
Supported Hardware and Software	18
What’s New in This Document	19
Document Conventions	20
Text Formatting	20
Notes, Cautions, and Warnings	20
Key Terms	20
Additional Information	21
Brocade Resources	21
Optional Brocade Features	23
Other Industry Resources	24
Getting Technical Help	24
Document Feedback	25
Introducing Web Tools	27
Requirements, Installation, and Support	27
Requirements	28
Installing a Web Tools License	32
Value Line Licenses	33
Launching Web Tools	34
Administrative Domains	36
Admin Domains and Login	37
Admin Domains and Switch WWN	37
Admin Domains and Zoning	38
Role-Based Access Control	38
Session Management	39
Logging In	39
Logging Out	42
Using the Web Tools Interface	43
Viewing the Switch Explorer	43
SilkWorm 24000 Director	45
SilkWorm 48000 Director	46
SilkWorm 4100 Switch	47
Blade View	48
Fabric Tree	49
Fabric Toolbar	49
Admin Domain Context	50
Switch View	52
Switch View Button Menu	53
Switch Information View	54
Status Legend	54
AD/User/Role Indicator	54
Displaying Tool Tips	54
Refresh Rates	55
Displaying Switches in the Fabric	56
Using Web Tools and Secure Mode	57
Web Tools Access and HTTP_POLICY	57
Opening Modules in a Secure Fabric	57
Primary-FCS-Only Functionality	57
Disabled Functionality	58
Working with Web Tools: Recommendations	58
Managing Fabrics and Switches	59
Managing Fabrics and Switches Using Web Tools	59
Launching the Switch Admin Module	61
Refreshing the Switch Admin Module	61
Launching the Telnet Window	61
Configuring IP and Netmask Information	62
Configuring a syslog IP Address	63
Enabling and Disabling Blades	64
Configuring a Switch	65
Enabling and Disabling a Switch	65
Changing the Switch Name	65
Changing the Switch Domain ID	66
Viewing and Printing a Switch Report	66
Rebooting the Switch	66
Performing a Fast Boot	67
Performing a Reboot	67
Changing System Configuration Parameters	67
Configuring Fabric Parameters	68
Enabling Insistent Domain ID Mode	70
Configuring Virtual Channel Settings	70
Configuring Arbitrated Loop Parameters	71
Configuring System Services	71
Managing Licensed Features	72
Activating a License on a Switch	73
Removing a License from a Switch	73
Administering High Availability	74
Launching the High Availability Module	74
Synchronizing Services on the CP	76
Initiating a CP Failover	77
Monitoring Events	78
Displaying Fabric Events	79
Displaying Switch Events	80
Filtering Fabric and Switch Events	81
Displaying a Fabric Topology Report	83
Displaying the Name Server Entries	84
Physically Locating a Switch Using Beaconing	86
Maintaining Configurations and Firmware	87
Maintaining Configurations	87
Backing Up a Configuration File	88
Restoring a Configuration	89
Performing a Firmware Download	90
Managing Your Ports	93
Viewing and Managing Ports Using Web Tools	93
Port Management Module Components	95
Identifying Controllable Ports	96
Configuring Ports	97
Configuring FC Ports	97
Configuring FCIP Ports	98
Configuring GbE Ports	99
Enabling and Disabling a Port	101
Persistent Enabling and Disabling Ports	102
Enabling and Disabling NPIV Ports	103
Activating Ports	104
Swapping Port Index	105
Administering ISL Trunking	107
About Interswitch Link Trunking	107
Displaying Trunk Group Information	108
Disabling or Reenabling Trunking Mode on a Port	109
Using the FCIP Tunneling Service	111
About the FCIP Tunneling Service	111
Compression	113
Fastwrite	113
Tape Pipelining	114
IKE/IPSec Policy	114
Configuring an FCIP Interswitch/Interfabric Link	117
Configuring an IKE or IPSEC Policy	117
Configuring Virtual Ports	118
Configuring Interfaces, Routes, and Tunnels	119
Enabling Persistently Disabled Ports	121
Managing the FCIP Tunneling Service	121
Managing IP Interfaces for a GbE Port	122
Managing IP Routes for a GbE Port	124
Managing FCIP Tunnels	125
Managing Administrative Domains	129
About Administrative Domains	129
Requirements for Admin Domains	129
User-Defined Admin Domains	130
System-Defined Admin Domains	130
Admin Domain Membership	131
Implementing Administrative Domains	131
Using the Admin Domain Module	132
Launching the Admin Domain Module	134
Refreshing Fabric Information	134
Refreshing Admin Domain Information	135
Saving Local Admin Domain Changes	135
Closing the Admin Domain Module	136
Creating and Populating Domains	136
Managing Administrative Domains	139
Adding and Removing Members	139
Renaming Admin Domains	141
Deleting Admin Domains	141
Administering Zoning	143
Introducing Zoning	143
Zoning and Admin Domains	144
Configuring Zoning	144
Launching the Zone Admin Module	145
Setting the Default Zoning Mode	145
Managing Zoning with WebTools	146
Refreshing Fabric Information	148
Refreshing Zone Admin Module Information	148
Saving Local Zoning Changes	149
Closing the Zone Admin Module	150
Zoning Views	150
Managing Zone Aliases	151
Creating and Populating Zone Aliases	151
Adding and Removing Members of a Zone Alias	152
Renaming Zone Aliases	152
Deleting Zone Aliases	153
Managing Zones	153
Creating and Populating Zones	153
Adding and Removing Members of a Zone	154
Renaming Zones	155
Copying Zones	155
Deleting Zones	156
Managing QuickLoops	156
Creating QuickLoops	156
Adding and Removing Members of a QuickLoop	157
Renaming QuickLoops	158
Deleting QuickLoops	158
Managing Fabric Assist Zones	159
Creating Fabric Assist Zones	159
Adding and Removing Fabric Assist Zone Members	160
Renaming Fabric Assist Zones	161
Deleting Fabric Assist Zones	161
Managing Zone Configurations	162
Creating Zone Configurations	163
Adding or Removing Zone Configuration Members	164
Renaming Zone Configurations	164
Copying Zone Configurations	165
Deleting Zone Configurations	165
Enabling Zone Configurations	165
Disabling Zone Configurations	166
Displaying Enabled Zone Configurations	167
Displaying Zone Configuration Summaries	168
Creating Configuration Analysis Reports	169
Displaying Zones Initiator/Target Accessibility	170
Managing the Zoning Database	171
Adding a WWN to Multiple Aliases, Zones, and FA Zones	172
Removing a WWN from Multiple Aliases, Zones, and FA Zones	172
Replacing a WWN in Multiple Aliases, FA Zones, and Zones	173
Searching for Zone Members	173
Clearing the Zoning Database	174
Using Zoning Wizards	174
Best Practices for Zoning	177
Monitoring Performance	179
Monitoring Performance Using Web Tools	179
Predefined Performance Graphs	180
User-Defined Graphs	184
Canvas Configurations	184
Launching the Performance Monitor Module	185
Creating Basic Performance Monitor Graphs	185
Customizing Basic Monitoring Graphs	186
Creating Advanced Performance Monitoring Graphs	188
Creating SID-DID Performance Graphs	188
Creating an SCSI vs. IP Traffic Graph	190
Creating SCSI Command Graphs	191
Creating AL_PA Error Graphs	191
Managing Performance Graphs	192
Saving Graphs to a Canvas	192
Adding Graphs to a Canvas	193
Printing Graphs	193
Modifying Graphs	194
Using the FC-FC Routing Service	195
Supported Switches for Fibre Channel Routing	195
About Fibre Channel Routing	195
McData Interoperability	196
Setting Up FC-FC Routing	197
Managing FC-FC Routing with Web Tools	198
Launching the FC Routing Module	198
Viewing and Managing LSAN Fabrics	199
Viewing and Configuring EX_Ports	200
Viewing and Configuring FCR Router Port Cost	202
Viewing and Configuring LSAN Zones	203
Viewing LSAN Devices	204
Configuring the Backbone Fabric ID	205
Working With Diagnostic Features	207
Managing Trace Dumps	207
How a Trace Dump Is Used	208
Setting Up Automatic Trace Dump Transfers	209
Disabling Automatic Trace Uploads	209
Displaying Switch Information	210
Displaying Detailed Fan Hardware Status	211
Displaying the Temperature Status	212
Displaying the Power Supply Status	212
Checking the Physical Health of a Switch	213
Interpreting Port LEDs	216
Port Icon Colors	216
LED Representations	216
SilkWorm 48000 Director LEDs	217
Administering Fabric Watch	219
Introduction to Fabric Watch	219
Using Fabric Watch with Web Tools	220
Configuring Fabric Watch Thresholds	221
Configuring Threshold Traits	221
Configuring Threshold Alarms	223
Enabling or Disabling Threshold Alarms for Individual Elements	224
Configuring Alarms for FRUs	225
Displaying Fabric Watch Alarm Information	225
Displaying an Alarm Configuration Report	225
Displaying Alarms	226
Configuring Email Notifications	227
Configuring the Email Server on a Switch	227
Configuring the Email Alert Recipient	227
Administering Extended Fabrics	229
About Extended Link Buffer Allocation	229
Configuring a Port for Long Distance	231
Administering the iSCSI Target Gateway	233
Supported Platforms for iSCSI	233
About the iSCSI Service	233
Common Functions in the iSCSI Target Gateway Admin module	234
Terminology	235
Saving Changes	237
Setting Up iSCSI Target Gateway Services	237
Launching the iSCSI Target Gateway Admin Module	238
Activating the iSCSI Feature	239
Configuring the IP Interface	239
Managing the iSCSI Virtual Targets	243
Viewing iSCSI Initiators	246
Managing Discovery Domains	247
Configuring CHAP	251
Configuring an iSCSI Fibre Channel Zone	252
Managing and Troubleshooting Accessibility	255
Routing Traffic	257
About Routing	257
Displaying FSPF Routing	258
Enabling and Disabling Dynamic Load Sharing	259
Specifying Frame Order Delivery	259
Configuring Link Cost	260
Configuring Standard Security Features	261
Creating and Maintaining User-Defined Accounts	261
Creating and Deleting User-Defined Accounts	264
Changing Account Parameters	265
Maintaining Passwords	267
Configuring Access Control List Policies	269
Configuring SNMP	272
Setting SNMP Trap Levels	273
Configuring SNMP Information	274
Managing RADIUS Service	275
Enabling and Disabling RADIUS Service	276
Configuring the RADIUS Service	277
Modifying the RADIUS Server	277
Modifying the RADIUS Server Order	278
Removing a RADIUS Server	278
Administering FICON CUP Fabrics	279
Enabling Port-Based Routing on the SilkWorm 4100 and SilkWorm 48000	280
Enabling or Disabling FMS Mode	281
Configuring FMS Parameters	282
Displaying Code Page Information	284
Displaying the Control Device State	284
Configuring CUP Port Connectivity	285
Displaying CUP Port Connectivity Configurations	286
Creating or Editing CUP Port Connectivity Configurations	288
Activating a CUP Port Connectivity Configuration	289
Copying a CUP Port Connectivity Configuration	290
Deleting a CUP Port Connectivity Configuration	290
Limitations	291
General Web Tools Limitations	291
Platform-Specific Limitations	296
Limitations of Using a Mozilla Browser	297

Match case Limit results 1 per page

Web Tools Administrator’s Guide

17-15

Publication Number: 53-0000194-01

Managing RADIUS Service

Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When

configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS

client. In this configuration, authentication records are stored in the RADIUS host server database.

RADIUS server.

You should set up RADIUS service through a secure connection such as SSH.

The three choices in the drop-down menu when RADIUS is selected as the primary service are:

•

Switch Database when RADIUS Authentication Fails—

When selected, the switch user login

database will be checked whenever RADIUS authentication fails.

•

Switch Database When RADIUS Times Out—

Switch user login database is checked only if the

physical connection to the RADIUS server fails.

•

None—

Switch user login database is never checked. Only a RADIUS server can be used for

authentication.

If the switch database is selected as primary, there is no secondary option. The RADIUS server cannot

be configured as a backup for the switch user login database.

When the primary AAA service is RADIUS you can enable the secondary service which offers two

choices,

None

Switch Database

from the drop-down menu. When RADIUS login fails, even though

RADIUS server is available, the additional service allows you the option to use the Switch Database as

backup authentication service when the RADIUS server is not available. Alternatively, you can have no

secondary AAA service, which means that only the primary service will be used for authentication.

Use the

AAA Service

tab of the Switch Admin module to manage the RADIUS service (see

Figure 17-6