Home » HP Manuals » Storage Devices » HP StorageWorks 8/80 » Manual Viewer

HP StorageWorks 8/80 Brocade Converged Enhanced Ethernet Administrator's Guide - Page 140

x authentication configuration tasks, Con authentication between the switch and CNA or NIC

View all HP StorageWorks 8/80 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 140 highlights

10 802.1x authentication configuration tasks 802.1x authentication configuration tasks The tasks in this section describe the common 802.1x operations that you will need to perform. For a complete description of all the available 802.1x CLI commands for the Brocade FCoE hardware, see the Converged Enhanced Ethernet Command Reference. Configure authentication between the switch and CNA or NIC For complete information on the aaaConfig command, see the Fabric OS Command Reference and the Fabric OS Administrator's Guide. NOTE The aaaConfig command attempts to connect to the first RADIUS server. If the RADIUS server is not reachable, the next RADIUS server is contacted. However, if the RADIUS server is contacted and the authentication fails, the authentication process does not check for the next server in the sequence. Perform the following steps to configure authentication. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Add the RADIUS to the switch as the authentication server. This FOS CLI command moves the new RADIUS server to the top of the access list. switch:admin> aaaconfig --add 10.2.2.147 -conf radius 1 3. Enter global configuration mode. switch:admin>cmsh switch#configure t 4. Enable 802.1x authentication globally switch(config)#dot1x enable 5. Enter the copy command to save the running-config file to the startup-config file. switch(config)#end switch#copy running-config startup-config Interface-specific administrative tasks for 802.1x It is most efficient to configure the 802.1z port authentication protocol globally on the Brocade FCoE hardware, and then make customized changes to specific interface ports. Since all of the interfaces were enabled and configured in "802.1x authentication configuration tasks", use the administrative tasks in this section to make any necessary customizations to specific interface port settings. Configuring 802.1x on specific interface ports To configure 802.1x port authentication on a specific interface port, perform the following steps from Privileged EXEC mode. Repeat this task for each interface port you wish to modify. 1. Enter the configure terminal command to enter global configuration mode. 120 Converged Enhanced Ethernet Administrator's Guide 53-1001346-01

Section	Page
Contents	3
Chapter 1 Introducing FCoE	3
Chapter 2 Using the CEE CLI	4
Chapter 3 Standard CEE Integrations and Configurations	4
Chapter 4 Configuring VLANs Using the CEE CLI	4
Chapter 5 Configuring STP, RSTP, and MSTP using the CEE CLI	5
Chapter 6 Configuring Link Aggregation using the CEE CLI	6
Chapter 7 Configuring LLDP using the CEE CLI	6
Chapter 8 Configuring ACLs using the CEE CLI	7
Chapter 9 Configuring QoS using the CEE CLI	7
Chapter 10 Configuring 802.1x Port Authentication	8
Chapter 11 Configuring FCoE using the Fabric OS CLI	8
Chapter 12 Administering the switch	8
Chapter 13 Configuring RMON using the CEE CLI	8
Figures	11
Tables	13
About This Document	15
In this chapter	15
How this document is organized	15
Supported hardware and software	16
What’s new in this document	17
Document conventions	17
Text formatting	17
Command syntax conventions	17
Notes, cautions, and warnings	18
Key terms	18
Notice to the reader	18
Additional information	19
Brocade resources	19
Other industry resources	19
Getting technical help	19
Document feedback	20
Introducing FCoE	21
In this chapter	21
FCoE terminology	21
FCoE overview	21
FCoE hardware	22
Layer 2 Ethernet overview	28
Layer 2 forwarding	28
VLAN tagging	29
Loop-free network environment	30
Frame classification (incoming)	30
Congestion control and queuing	31
Access control	32
Trunking	33
Flow Control	33
FCoE Initialization Protocol	33
FIP discovery	33
FIP login	34
FIP logout	35
FCoE login	35
FCoE logout	35
Logincfg	36
Name server	36
FC zoning	36
Registered state change notification (RSCN)	37
FCoE queuing	37
Using the CEE CLI	39
In this chapter	39
Management Tools	39
CEE Command Line Interface	39
Saving your configuration changes	40
CEE CLI RBAC permissions	40
Accessing the CEE CLI through the console or Telnet	41
Accessing the CEE CLI from the Fabric OS shell	41
CEE CLI command modes	41
CEE CLI keyboard shortcuts	43
Using the do command as a shortcut	44
Displaying CEE CLI commands and command syntax	44
CEE CLI command completion	45
CEE CLI command output modifiers	45
Standard CEE Integrations and Configurations	47
In this chapter	47
Overview of standard CEE integrations	47
SAN Integration	47
Integrating a Brocade 8000 switch on a SAN	48
CEE and LAN integration	48
Creating the CEE map	50
Configuring DCBX	51
Configuring Spanning Tree Protocol	52
Configuring VLAN Membership	52
Configuring the CEE Interfaces	53
Server connections to the Brocade 8000 switch	55
Fibre Channel configuration for the CNA	55
Ethernet configuration for the CNA	55
Minimum CEE configuration to allow FCoE traffic flow	55
Configuring VLANs Using the CEE CLI	57
In this chapter	57
VLAN overview	57
Ingress VLAN filtering	57
VLAN configuration guidelines and restrictions	59
Default VLAN configuration	59
VLAN configuration and management	59
Enabling and disabling an interface port	60
Configuring the MTU on an interface port	60
Creating a VLAN interface	60
Enabling STP on a VLAN	61
Disabling STP on a VLAN	61
Configuring a VLAN interface to forward FCoE traffic	61
Configuring an interface port as a Layer 2 switch port	62
Configuring an interface port as an access interface	62
Configuring an interface port as a trunk interface	62
Disabling a VLAN on a trunk interface	63
Configuring an interface port as a converged interface	63
Disabling a VLAN on a converged interface	64
Configuring protocol-based VLAN classifier rules	64
Configuring a VLAN classifier rule	65
Configuring MAC address-based VLAN classifier rules	65
Deleting a VLAN classifier rule	65
Creating a VLAN classifier group and adding rules	65
Activating a VLAN classifier group with an interface port	66
Clearing VLAN counter statistics	66
Displaying VLAN information	66
Configuring the MAC address table	66
Specifying or disabling the aging time for MAC addresses	67
Adding static addresses to the MAC address table	67
Configuring STP, RSTP, and MSTP using the CEE CLI	69
In this chapter	69
STP overview	69
Configuring STP on Brocade FCoE hardware	70
RSTP overview	71
MSTP overview	73
Configuring MSTP on Brocade FCoE hardware	74
STP, RSTP, and MSTP configuration guidelines and restrictions	75
Default STP, RSTP, and MSTP configuration	75
STP, RSTP, and MSTP configuration and management	77
Enabling STP, RSTP, or MSTP	77
Disabling STP, RSTP, or MSTP	77
Shutting down STP, RSTP, or MSTP globally	77
Specifying the bridge priority	78
Specifying the bridge forward delay	78
Specifying the bridge maximum aging time	79
Enabling the error disable timeout timer	79
Specifying the error disable timeout interval	79
Specifying the port-channel path cost	80
Specifying the bridge hello time (STP and RSTP)	80
Specifying the transmit hold count (RSTP and MSTP)	80
Enabling Cisco interoperability (MSTP)	81
Disabling Cisco interoperability (MSTP)	81
Mapping a VLAN to an MSTP instance	81
Specifying the maximum number of hops for a BPDU (MSTP)	82
Specifying a name for an MSTP region	82
Specifying a revision number for an MSTP configuration	82
Flushing MAC addresses (RSTP and MSTP)	83
Clearing spanning tree counters	83
Clearing spanning tree-detected protocols	83
Displaying STP, RSTP, and MSTP-related information	84
Configuring STP, RSTP, or MSTP on CEE interface ports	84
Enabling automatic edge detection	84
Configuring the path cost	84
Enabling a port (interface) as an edge port	85
Enabling the guard root	85
Specifying the MSTP hello time	86
Specifying restrictions for an MSTP instance	86
Specifying a link type	87
Enabling port fast (STP)	87
Specifying the port priority	87
Restricting the port from becoming a root port	88
Restricting the topology change notification	88
Enabling spanning tree	88
Disabling spanning tree	89
Configuring Link Aggregation using the CEE CLI	91
In this chapter	91
Link aggregation overview	91
Link Aggregation Group configuration	91
Link Aggregation Control Protocol	95
Dynamic link aggregation	95
Static link aggregation	95
Brocade-proprietary aggregation	95
LAG distribution process	95
LACP configuration guidelines and restrictions	96
Default LACP configuration	96
LACP configuration and management	96
Enabling LACP on a CEE interface	97
Configuring the LACP system priority	97
Configuring the LACP timeout period on a CEE interface	97
Clearing LACP counter statistics on a LAG	98
Clearing LACP counter statistics on all LAG groups	98
Displaying LACP information	98
LACP troubleshooting tips	98
Configuring LLDP using the CEE CLI	101
In this chapter	101
LLDP overview	101
Layer 2 topology mapping	102
DCBX overview	104
Enhanced Transmission Selection (ETS)	104
Priority Flow Control (PFC)	105
DCBX interaction with other vendor devices	105
LLDP configuration guidelines and restrictions	105
Default LLDP configuration	106
LLDP configuration and management	106
Enabling LLDP globally	106
Disabling and resetting LLDP globally	106
Configuring LLDP global command options	107
Configuring LLDP interface-level command options	111
Clearing LLDP-related information	111
Displaying LLDP-related information	111
Configuring ACLs using the CEE CLI	113
In this chapter	113
ACL overview	113
Default ACL configuration	114
ACL configuration guidelines and restrictions	114
ACL configuration and management	114
Creating a standard MAC ACL and adding rules	114
Creating an extended MAC ACL and adding rules	115
Modifying MAC ACL rules	115
Removing a MAC ACL	116
Reordering the sequence numbers in a MAC ACL	116
Applying a MAC ACL to a CEE interface	117
Applying a MAC ACL to a VLAN interface	117
Configuring QoS using the CEE CLI	119
In this chapter	119
QoS overview	119
Rewriting	120
Queueing	120
User-priority mapping	120
Traffic class mapping	124
Congestion control	126
Tail drop	126
Ethernet pause	128
Ethernet Priority Flow Control	129
Multicast rate limiting	129
Scheduling	130
Strict priority scheduling	130
Deficit weighted round robin scheduling	131
Traffic class scheduling policy	131
Multicast queue scheduling	133
Converged Enhanced Ethernet map configuration	133
Configuring 802.1x Port Authentication	139
In this chapter	139
802.1x protocol overview	139
802.1x configuration guidelines and restrictions	139
802.1x authentication configuration tasks	140
Configure authentication between the switch and CNA or NIC	140
Interface-specific administrative tasks for 802.1x	140
Configuring 802.1x on specific interface ports	140
Configuring 802.1x timeouts on specific interface ports	141
Configuring 802.1x re-authentication on specific interface ports	141
Disabling 802.1x on specific interface ports	141
Configuring FCoE using the Fabric OS CLI	143
In this chapter	143
FCoE configuration guidelines and restrictions	143
Managing and displaying the FCoE configuration	143
Enabling or disabling an FCoE port	144
Configuring FCMAP values for a VLAN	144
Configuring FIP multicast advertisement intervals	144
Clearing logins	145
Displaying FCoE configuration-related information	145
Managing and displaying the FCoE login configuration	145
Enabling or disabling FCoE login configuration management	145
Displaying or aborting the current configuration transaction	146
Cleaning up login groups and VN_port mappings	146
Displaying the FCoE login configuration	146
Saving the current FCoE configuration	147
Creating and managing the FCoE login group configuration	147
Creating an FCoE login group	147
Modifying the FCoE login group device list	148
Deleting an FCoE login group	148
Renaming an FCoE login group	148
Administering the switch	149
In this chapter	149
CEE configuration management guidelines and restrictions	149
CEE configuration management tasks	149
Flash file management commands	150
Debugging and logging commands	151
Configuring RMON using the CEE CLI	153
In this chapter	153
RMON overview	153
RMON configuration and management	153
Default RMON configuration	153
Configuring RMON settings	153
Configuring RMON events	154
Configuring RMON Ethernet group statistics collection	154
Index	157
Symbols	157
Numerics	157
A	157
B	157
C	158
D	158
E	158
F	158
G	159
H	159
I	159
K	159
L	159
M	160
N	160
O	160
P	160
Q	161
R	161
S	161
T	161
U	162
V	162
W	162

Match case Limit results 1 per page

120

Converged Enhanced Ethernet Administrator’s Guide

53-1001346-01

802.1x authentication configuration tasks

The tasks in this section describe the common 802.1x operations that you will need to perform. For

a complete description of all the available 802.1x CLI commands for the Brocade FCoE hardware,

see the

Converged Enhanced Ethernet Command Reference

Configure authentication between the switch and CNA or NIC

For complete information on the aaaConfig command, see the

Fabric OS Command Reference

and

the

Fabric OS Administrator’s Guide

NOTE

The

aaaConfig

command attempts to connect to the first RADIUS server. If the RADIUS server is not

reachable, the next RADIUS server is contacted. However, if the RADIUS server is contacted and the

authentication fails, the authentication process does not check for the next server in the sequence.

Perform the following steps to configure authentication.

Connect to the switch and log in using an account assigned to the admin role.

Add the RADIUS to the switch as the authentication server. This FOS CLI command moves the

new RADIUS server to the top of the access list.

switch:admin>

aaaconfig --add 10.2.2.147 -conf radius 1

Enter global configuration mode.

switch:admin>

cmsh

switch#

configure t

Enable 802.1x authentication globally

switch(config)#

dot1x enable

Enter the

copy

command to save the

running-config

file to the

startup-config

file.

switch(config)#end

switch#

copy running-config startup-config

Interface-specific administrative tasks for 802.1x

It is most efficient to configure the 802.1z port authentication protocol globally on the Brocade

FCoE hardware, and then make customized changes to specific interface ports. Since all of the

interfaces were enabled and configured in

“802.1x authentication configuration tasks”

, use the

administrative tasks in this section to make any necessary customizations to specific interface port

settings.

Configuring 802.1x on specific interface ports

To configure 802.1x port authentication on a specific interface port, perform the following steps

from Privileged EXEC mode. Repeat this task for each interface port you wish to modify.

Enter the

configure terminal

command to enter global configuration mode.