Dell Brocade 300 Fabric OS Administrator's Guide v7.1.0
Dell Brocade 300 Manual
 |
View all Dell Brocade 300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Brocade 300 manual content summary:
- Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 1
53-1002745-02 ® 25 March 2013 Fabric OS Administrator's Guide Supporting Fabric OS 7.1.0 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 2
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes .brocade.com/support/oscd. Brocade Communications Systems, Incorporated Corporate and Latin American Headquarters Brocade Communications Systems, Inc. 130 Holger Way San - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 3
Chapter 14 Chapter 15 Chapter 16 Chapter 17 Section II Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Fabric OS Administrator's Guide 53-1002745-02 Standard Features Understanding Fibre Channel Services 43 Performing Basic Configuration Tasks 55 Performing Advanced - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 4
Appendix A Appendix B Appendix C Port Indexing 611 FIPS Support 615 Hexadecimal Conversion 627 4 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 5
status 49 Enabling topology discovery 49 Disabling topology discovery 50 Device login 51 Principal switch 51 E_Port login process 51 Fabric login process 52 Port login process 52 RSCNs 52 Duplicate Port World Wide Name 53 High availability of daemon processes 53 Fabric OS Administrator - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 6
names. . . . 76 Config file upload and download considerations for fabric names 76 Switch activation and deactivation 76 Disabling a switch 76 Enabling a switch 76 Switch and Backbone shutdown 76 Powering off a Brocade switch 77 Powering off a Brocade Backbone 77 Basic connections 78 Device - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 7
assignment 82 Ports 84 Port Types 84 Backbone port blades 84 Configuring two Ethernet ports on one CP8 blade 85 Setting port names 86 Port identification by slot and port number 87 Port identification by port area ID 87 Port identification by index 87 Configuring a device-switch connection - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 8
Inter-switch links 114 Buffer credits 115 Congestions versus over-subscription 115 Virtual channels 115 Gateway links 117 Configuring a .124 Lossless Dynamic Load Sharing on ports 125 Lossless core 126 Configuring Lossless Dynamic Load Sharing 127 Lossless Dynamic 's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 9
and OpenLDAP 165 TACACS+ service 171 Remote authentication configuration on the switch 174 Configuring local authentication as backup 176 Configuring Protocols Security protocols 177 Secure Copy 178 Setting up SCP for configuration uploads and downloads . . .179 Secure Shell protocol - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 10
applications 192 Ports and applications used by switches 192 Port configuration 193 Configuring Security Policies FCS policy 201 Modifying the order of FCS switches 201 FCS policy distribution 202 Device Connection for DH-CHAP 213 FCAP configuration overview 215 Fabric-wide distribution - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 11
file restoration 246 Restrictions 246 Configuration download without disabling a switch 248 Configurations across a fabric 250 Downloading a configuration file from one switch to another switch of the same model 250 Security considerations 250 Configuration management for Virtual Fabrics 250 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 12
extended ISLs 283 Account management and Virtual Fabrics 286 Supported platforms for Virtual Fabrics 286 Supported port configurations in the fixed-port switches. . . .286 Supported port configurations in Brocade Backbones . . . . . .287 Virtual Fabrics interaction with other Fabric OS features - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 13
a command in a different logical switch context . . . . . .293 Deleting a logical switch 294 Adding and moving ports on a logical switch 295 Displaying logical switch configuration 296 Changing the fabric ID of a logical switch 296 Changing a logical switch to a base switch 297 Setting up IP - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 14
configuration configuration 330 Disabling a zone configuration 330 Deleting a zone configuration 331 Abandoning zone configuration changes 331 Viewing all zone configuration information 331 Viewing selected zone configuration information 332 Viewing the configuration configuration configurations - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 15
Displaying TI zones 369 Troubleshooting TI zone routing problems 370 Setting up TI over FCR (sample procedure 371 Bottleneck Detection Bottleneck detection overview 375 Types of bottlenecks 376 How bottlenecks are reported 376 Supported configurations for bottleneck detection 377 Limitations - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 16
port from bottleneck detection 389 Displaying bottleneck statistics 391 Disabling bottleneck detection on a switch Configuring NPIV 421 Enabling and disabling NPIV 422 Viewing NPIV port configuration information 423 Viewing virtual PID login information 424 16 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 17
427 Configuring an FA-PWWN for an HBA connected to an edge switch 428 Supported switches and configurations for FA-PWWN 429 Configuration upload and download considerations for FA-PWWN430 Firmware Validating an Admin Domain member list 454 Fabric OS Administrator's Guide 17 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 18
459 Configuration upload and download in an AD context . . . . . .460 Licensed Features Administering Licensing Licensing overview 463 Brocade 7800 475 Enabling 10 Gbps operation on an FC port 476 Enabling the 10-GbE ports on an FX8-24 blade 477 Temporary licenses 478 Restrictions on upgrading - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 19
port license assignments 486 Enabling Dynamic Ports on Demand 486 Disabling Dynamic Ports on Demand 487 Reserving a port license 488 Releasing a port from a POD set 488 Inter-chassis Links Inter-chassis links 491 ICLs for the Brocade EE monitors 501 Supported port configurations for EE - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 20
523 Manually disabling QoS on trunked ports 524 QoS zones 525 QoS on E_Ports 526 QoS over FC routers 527 Virtual Fabrics considerations for QoS zone-based traffic prioritization 528 High-availability considerations for QoS zone-based traffic prioritization 528 Supported configurations for - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 21
535 High Availability support for trunking 536 Supported platforms for trunking 536 Requirements for trunk groups 536 Recommendations for trunk groups 537 Configuring trunk groups 538 Enabling trunking on a port or switch 538 Disabling trunking on a port or switch 538 Displaying trunking - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 22
F_Ports 562 Monitoring buffers in a port group 562 Buffer credits switch or blade model 563 Maximum configurable distances for Extended Fabrics . . License requirements for FC-FC routing 570 Supported platforms for FC-FC routing 570 Supported configurations for FC-FC routing 571 Network OS - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 23
the range of output ports connected to xlate domains 609 Port Indexing FIPS Support FIPS overview 615 Zeroization functions 615 Power-on self tests 617 Conditional tests 617 FIPS mode configuration 617 LDAP in FIPS mode 618 LDAP certificates for FIPS mode 620 Preparing a switch for FIPS 621 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 24
24 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 25
15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 switch added to existing fabric 114 Virtual channels on a QoS-enabled ISL 116 Gateway link merging SANs 117 Single host and target 130 Windows 2000 VSA configuration 154 Example of a Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 26
383 Encryption and compression on 16 Gbps ISLs 394 EX_Ports, E_Ports, IFLs, and ISLs 411 Fabric-assigned port world wide name provisioning scenarios 529 Trunk group configuration for the Brocade 5100 535 Switch in Access Gateway mode without F_Port masterless trunking 544 Switch in Access Gateway - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 27
topology 578 Example of setting up Speed LSAN tag 596 LSAN zone binding 599 EX_Ports in a base switch 607 Logical representation of EX_Ports in a base switch 608 Backbone-to-edge routing across base switch using FC router in legacy mode 609 Fabric OS Administrator's Guide 27 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 28
28 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 29
FCS switch operations 200 Distribution policy states 202 DCC policy states 203 DCC policy behavior with FA-PWWN when created using lockdown support . . 205 DCC policy behavior when created manually with PWWN 206 SCC policy states 206 FCAP certificate files 215 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 30
457 Configuration upload and download scenarios in an AD context 460 Available Brocade licenses 464 License requirements and location name by feature 467 Base to Upgrade license comparison 470 List of available ports when implementing PODs 484 Number of logical switches that support performance - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 31
F_Port and N_Port trunk ports 548 Fibre Channel data frames 558 Total FC ports, ports per port group, and unreserved buffer credits per port group 563 Configurable distances for Extended Fabrics 620 Decimal-to-hexadecimal conversion table 628 Fabric OS Administrator's Guide 31 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 32
32 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 33
your switch configurations. • Chapter 9, "Installing and Maintaining Firmware," provides preparations and procedures for performing firmware downloads. • Chapter 10, "Managing Virtual Fabrics," describes the concepts and provides procedures for using Virtual Fabrics. Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 34
parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for Fabric OS v7 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 35
are supported by this release of Fabric OS: • Fixed-port switches: - Brocade 300 switch - Brocade 5100 switch - Brocade 5300 switch - Brocade 5410 embedded switch - Brocade 5424 embedded switch - Brocade 5430 embedded switch - Brocade 5450 embedded switch - Brocade 5460 embedded switch - Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 36
of ports supported. • Brocade 6520 did not require a Trunking license. The Brocade 6520 does require the Trunking license. • In "Buffer credit recovery over an E_Port" on page 566, clarified that for an ISL between a device that supports 16 Gbps and a device that supports guide this manual follows - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 37
The following notices and statements are used in this manual. They are listed below in order of increasing to you or cause damage to hardware, firmware, software, or data. DANGER A Danger to Brocade and Fibre Channel, see the Brocade Glossary. For definitions of SAN-specific Guide 37 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 38
with Brocade Fabric Switches through: http://www.amazon.com For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource Library location: http://www.brocade.com Release notes are available on the My Brocade website and are also bundled with the Fabric OS firmware - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 39
The serial number label is located as follows: • Brocade 5424 - On the bottom of the switch module. • Brocade 300, 5100, and 5300 - On the switch ID pull-out tab located on the bottom of the port side of the switch. • Brocade 6510, and 6520 - On the switch ID pull-out tab located inside the chassis - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 40
Document feedback Quality is our first concern at Brocade and we have made every effort to ensure topic needs further development, we want to hear from you. Forward your feedback to: [email protected] Provide the title and version number of the document and as much detail as possible about - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 41
4, "Routing Traffic" •Chapter 5, "Managing User Accounts" •Chapter 6, "Configuring Protocols" •Chapter 7, "Configuring Security Policies" •Chapter 8, "Maintaining the Switch Configuration File" •Chapter 9, "Installing and Maintaining Firmware" •Chapter 10, "Managing Virtual Fabrics" •Chapter 11 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 42
42 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 43
the time to the member switches in the fabric from either the principal switch or, if configured, the primary fabric configuration server (FCS) switch. Refer to Chapter 7, "Configuring Security Policies," for additional information on FCS policies. Fabric OS Administrator's Guide 43 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 44
consistent format and behavior when a service provider is accessed for registration and query purposes. Management server The Brocade Fabric OS management server (MS) allows a SAN management application to retrieve information and administer interconnected switches, servers, and storage devices. The - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 45
the msplMgmtDeactivate command. 3. Enter y to confirm the deactivation, as in the following example. switch:admin> msplmgmtdeactivate MS Platform Service is currently enabled. This will erase MS Platform Service configuration information as well as database in the entire fabric. Would you like to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 46
is logical switch-capable. All management server features are supported within a logical switch. Displaying 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 0 done ... Adding a 's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 47
switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 2 Port Port/Node WWN 3 Delete member based on its Port 24 on its Port/Node WWN 3 Delete member based on its Port/Node switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 48
management server ACL switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 3 Port/Node WWN [30] "http://java.sun.com/products/1" 48 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 49
Example of enabling discovery switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress.... Fabric OS Administrator's Guide 49 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 50
Request to disable MS Topology Discovery Service in progress.... *MS Topology Discovery disabled locally. switch:admin> mstddisable all This may Service in progress.... *MS Topology Discovery disabled locally. *MS Topology Discovery Disable Operation Complete!! 50 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 51
powered on and connected, the following logins occur: 1. FLOGI-Fabric Login command establishes a 24-bit address for the device logging in, and establishes buffer-to-buffer credits and the class of service supported. 2. PLOGI-Port Login command logs the device into the name server to register its - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 52
service parameters with the fabric controller. A successful FLOGI sends back the 24 port port decides to end the current session, it initiates a logout. A logout concludes the session and terminates any work in progress associated with that session. To display the contents of a switch A switch name - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 53
to a switch in Access Gateway mode. High availability of daemon processes Starting non-critical daemons is automatic; you cannot configure the is used by manageability applications. Reliability, Availability, and Supportability daemon logs error detection, reporting, handling, and presentation - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 54
automatically restarted (Continued) Description webd Webserver daemon used for WebTools (includes httpd as well). weblinkerd Weblinker daemon provides an HTTP interface to manageability applications for switch management and fabric discovery. 54 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 55
CLI, you can also use the following methods to configure a SAN: • Web Tools For Web Tools procedures, refer to Web Tools Administrator's Guide. • Brocade Network Advisor For additional information, refer to the Brocade Network Advisor User Manual for the version you have. • A third-party application - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 56
supported by Brocade Communications Systems, Inc., documenting all possible configurations and scenarios is beyond the scope of this document. In some cases, earlier releases are highlighted to present considerations for interoperating with them. The hardware reference manuals for Brocade products - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 57
Web Tools to perform a fast boot. When the switch comes up, the Telnet quota is cleared. (For instructions on performing a fast boot with Web Tools, see the Web Tools Administrator's Guide.) - If you have the required privileges, you can connect through the serial port, log in as admin, and use the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 58
switch's network interface is configured and that it is connected to the IP network through the RJ-45 Ethernet port. Switches in the fabric that are not connected through the Ethernet port can be managed through switches need specific information. 58 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 59
firmware downloads. This command is also supported for standby CPs. The log records the following information whenever a command ins entered in the switch cliHistory command output from root login switch:root> clihistory CLI history Date Thu Sep 27 05:25:45 2012 switch:root> Message root, 10.70.12. - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 60
only to Root, Admin, Factory and Securityadmin RBAC roles. Example cliHistory command output showing username switch:root> clihistory --showuser admin CLI history Date & Time Message Thu Sep 27 10:14:41 --help: Displays the command usage 60 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 61
commands that require a password (Examples: firmwaredownload, configupload/download, supportsave, and so on), only the command ( switch are admin, user, root, and factory. Use the "admin" account to log in to the switch for the first time and to perform the basic configuration Guide 61 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 62
configuration. Brocade Backbones On Brocade Backbones, you must set IP addresses for the following components: • Both Control Processors (CP0 and CP1) • Chassis management IP Brocade switches On Brocade switches to "DHCP activation" on page 66) 62 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 63
to set the Ethernet IP address if the Ethernet network interface is not configured already. For details, refer to "Connecting to Fabric OS through the serial port" on page 56. Virtual Fabrics and the Ethernet interface On the Brocade DCX and DCX-4S, the single-chassis IP address and subnet mask are - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 64
gateway address are displayed, then the network interface is configured. Verify the information on your switch is correct. If DHCP is enabled, the network static Ethernet network interface addresses on Brocade DCX and DCX-4S Backbones, and in environments where DHCP service is not available. To use - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 65
an account assigned to the admin role. 2. Enter the ipAddrSet -chassis command. switch:admin> ipaddrset -chassis Ethernet IP Address [192.168.166.148]: Ethernet Subnetmask [255.255.255.0]: Committing configuration...Done. 3. Enter the network information in dotted-decimal notation for the Ethernet - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 66
Ethernet interface DHCP activation Some Brocade switches have DHCP enabled by default. Fabric OS support for DHCP functionality is only provided for Brocade fixed-port switches. These are listed in the Preface. NOTE The Brocade DCX and Brocade DCX-4S Backbones do not support DHCP. The Fabric OS DHCP - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 67
IPv4 interactively: switch:admin> ipaddrset switch:admin> Example of enabling DHCP for IPv4 using a single command: switch:admin> ipaddrset -ipv4 -add -dhcp ON switch:admin> ipaddrshow SWITCH of the switch and default 1. Connect to the switch and log in using IPv4 interactively: switch:admin> - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 68
IP Address: 10.20.128.1 DHCP: Off switch:admin> IPv6 autoconfiguration IPv6 can assign multiple IP addresses to each network interface. Each interface is configured with a link local address in almost all all managed entities on the target platform. 68 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 69
troubleshooting, you must set them correctly. In a Virtual Fabric, there can be a maximum of eight logical switches per Backbone. Only the default switch switch, the date command request is dropped by a Fabric OS v6.2.0 and later switch and the pre-Fabric OS v6.2.0 switch the switch and switch: switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 70
for a switch, you can perform the following tasks: • Display all of the time zones supported in the firmware. • switches are set to Greenwich Mean Time (0,0). If all switches in a fabric are in one time zone, it is possible for you to keep the time zone setup at the default setting. • System services - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 71
server value on the principal or primary FCS switch are propagated to all switches in the fabric. In a Virtual Fabric, all the switches in the fabric must have the same NTP clock server configured. This includes any Fabric OS v6.2.0 or earlier switches in the fabric. This ensures that time does - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 72
configuration...done. Updated with the NTP servers Changes to the clock server value on the principal or primary FCS switch are propagated to all switches in the fabric. Domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can change them manually Brocade switches is - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 73
as follows: Example 64: fffc40 64 is the switch domain_ID fffc40 is the hexadecimal format of the embedded port D_ID. World Wide Name The switch WWN. Enet IP Addr The switch Ethernet IP address for IPv4- and IPv6-configured switches. For IPv6 switches, only the static IP address displays. FC IP - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 74
and log in on an account assigned to the admin role. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the Fabric Parameters prompt. Fabric parameters (yes, y, no, n): [no] y 5. Enter a unique domain ID at the Domain prompt. Use a domain - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 75
in a logical fabric must be running Fabric OS v7.1.0. Switches running earlier versions of the firmware can co-exist in the fabric, but do not show the fabric name details. • You must have admin permissions to configure the fabric name. Configuring the fabric name To set and display the fabric name - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 76
considerations for fabric names A new key, "fabric name" is added to store the user configuration. You can only configure fabric names using config download when the switch is offline. Switch activation and deactivation By default, the switch is enabled after power is applied and diagnostics and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 77
Wed Jan 25 16:12:09 2006... The system is going down for system halt NOW !! INIT: Switching to runlevel: 0 . 5. Power off the switch. Powering off a Brocade Backbone Use the following procedure to power off a Brocade Backbone device: 1. From switch. Fabric OS Administrator's Guide 77 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 78
different firmware versions, you must first set the same port identification (PID) format on all switches. The presence of different PID formats in a fabric causes fabric segmentation. • For information on PID formats and related procedures, refer to Chapter 3, "Performing Advanced Configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 79
102 •Track and control switch changes 104 •Audit log configuration 107 •Duplicate PWWN handling during device login 109 Port Identifiers (PIDs) and PID binding overview Port identifiers (PIDs, also called Fabric Addresses) are used by the routing and zoning services in Fibre Channel fabrics to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 80
0x8F. NOTE The default switch in the Brocade Backbones uses the fixed addressing mode. The 10-bit addressing mode utilizes the 8-bit area ID and the borrowed upper two bits from the AL_PA portion of the PID. Areas 0x00 through 0x8F use only 8 bits for the port address and support up to 256 NPIV - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 81
the default switch. • 48-port cards are supported in port-based addressing mode (mode 2) on both DCX-4S and 8510-4 devices. However, the upper 16 ports of a 64-port card are not supported.The Brocade DCX does not support port-based addressing (mode 2) on the FC8-48 blade, but does support zero-based - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 82
assignment is disabled by default and is supported in the default switch on the Brocade DCX and DCX 8510 Backbone families. This feature is not supported on application blades such as the FS8-18, FX8-24, and the FCOE10-24. The total number of ports in the default switch must be 256 or less. When the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 83
switch: admin> configure Configure... Fabric parameters (yes, y, no, n): [no] y WWN Based persistent PID (yes, y, no, n): [no] y System services to the switch and log in using an account with admin permissions. 2. Enter the wwnAddress -bind command to assign a 16-bit PID Guide 83 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 84
. • M_Port - A mirror port that is configured to duplicate (mirror) the traffic passing between a specified source port and destination port. This is only supported for pairs of F_Ports. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for more information on port mirroring. • U_Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 85
. • AP blades are used for Fibre Channel Application Services and Routing Services, FCIP, Converged Enhanced Ethernet, and encryption support. NOTE On each port blade, a particular port must be represented by both slot number and port number. The Brocade DCX and DCX 8510-8 each have 12 slots that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 86
correctly; the bonding feature will not be available. Supported devices This feature is available on a CP8 blade when it is installed on a Brocade DCX, Brocade DCX-4S, Brocade DCX 8510-8 or Brocade DCX 8510-4. Setting up the second Ethernet port on a CP8 blade To set up the second Ethernet - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 87
numbering is still contiguous, but starts with 128. For example, port 15 in slot 1 has a port number and area ID of 15; port 16 has a port number and area ID of 128; port 17 has a port number and area ID of 129. For 48-port blades (FC8-48, FC8-48E, FC16-48), the numbering is the same as for 32 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 88
and both switch ports must be disabled. The swapped area IDs for the two ports remain persistent across reboots, power cycles, and failovers. ATTENTION Brocade DCX and DCX 8510 Backbone families only: You can swap only ports 0 through 15 on the FC8-48 port blades. You cannot swap ports 16 through 47 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 89
the following instructions. CAUTION The fabric will be reconfigured if the port you are enabling or disabling is connected to another switch. The switch with a port that has If you change port configurations during a switch failover, the ports may become disabled. To bring the ports online, re-issue - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 90
apply to port decommissioning: • The local switch and the remote switch on the other end of the E_Port must both be running Fabric OS 7.0.0 or later. • Port decommissioning is not supported on links configured for encryption or compression. • Port decommissioning is not supported on ports with DWDM - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 91
] y Advertise 100 Mbps / Half Duplex (yes, y, no, n): [yes] y Advertise 10 Mbps / Full Duplex (yes, y, no, n): [yes] y Advertise 10 Mbps / Half Duplex (yes, y, no, n): [yes] y Committing configuration...done. switch:admin> Fabric OS Administrator's Guide 91 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 92
for all ports on the switch to 8 Gbps: switch:admin> switchcfgspeed 8 Committing configuration...done. The following example sets the speed for all ports on the switch to autonegotiate: switch:admin> switchcfgspeed 0 Committing configuration...done. 92 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 93
permissions. 2. Enter the portCfgOctetSpeedCombo command. Example The following example configures the ports in the first octet for combination 3 (support autonegotiated or fixed port speeds of 16 Gbps and 10 Gbps): switch:admin> portcfgoctetspeedcombo 1 3 NOTE For information on how encryption and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 94
port blade supporting 2, 4, 8, 10, and 16 Gbps port speeds. NOTE: 10 Gbps speed for FC16-xx blades requires the 10G license. Ports are numbered from 0 through 23 from bottom to top on the left set of ports and 24 through 47 from bottom to top on the right set of ports. 68 Yes Yes 16 FC Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 95
and Maintaining Firmware". Core blades Core blades provide intra-chassis switching and ICL connectivity, between DCX/DCX-4S platforms and between DCX 8510 platforms. • Brocade DCX supports two CORE8 core blades. • Brocade DCX-4S supports two CR4S-8 core blades. • Brocade DCX 8510-8 supports two CR16 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 96
compatibility Table 6 on page 94 identifies which port and application blades are supported for each Brocade Backbone. NOTE During power up of a Brocade DCX or DCX-4S Backbone, if an FCOE10-24 is detected first before any other AP blade, all other AP and FC8-64 blades are faulted. If a non-FCOE10 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 97
do not support FL_Ports. Port swapping on an FC8-48, FC8-48E, FC8-64, and FC16-48 is supported only on ports 0-15. For the FC8-32, FC8-32E, and FC16-32 port blades, port swapping is supported on all 32 ports. This means that if you replace a 32-port blade where a port has been swapped on ports 16-31 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 98
Ethernet to Ethernet, application to application, and so on). • Port count. Both blades must support the same number of front ports (for example, 16 ports to 16 ports, 32 ports to 32 ports, 48 ports to 48 ports, and so on). • Availability. The ports on the destination blade must be available for the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 99
blade. In Figure 4 shows Virtual Fabrics, where the blades can be carved up into different logical switches as long as they are carved the same way. If slot 1 and slot 2 ports 0-7 are all in the same logical switch, then blade swapping slot 1 to slot 2 will work. The entire blade does not need to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 100
configurations. 3. Once the command completes successfully, move the cables from the source blade to the destination blade. 4. Enter the bladeEnable command on the destination blade to enable all user ports. Enabling and disabling switches Switches procedure to disable a switch: 1. Connect to the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 101
Displays the command usage. Power management All blades are powered on by default when the switch chassis is powered on. Blades cannot be powered off when POST or AP initialization is components are powered off, using the powerOffListSet command. Fabric OS Administrator's Guide 101 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 102
You must manually power off switch operation: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchShow command. This command displays a switch summary and a port summary. 3. Check that the switch and ports are online. 102 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 103
switch power supplies. Refer to the hardware reference manual FC8-16 ENABLED 10 AP BLADE 43 FS8-18 ENABLED 11 SW BLADE 55 FC8-32 ENABLED 12 AP BLADE 24 FS8-18 ENABLED Verifying fabric connectivity Use the following procedure to verify fabric connectivity: 1. Connect to the switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 104
1. Connect to the switch and log in using an 24-bit Fibre Channel addresses of all devices in the fabric. switch and control switch changes The track changes feature allows the system messages log for the switch. Use the errDump or errShow command feature: 1. Connect to the switch and log in using an account - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 105
the status of the switch will change if three ports fail. Only one policy parameter needs to pass the MARGINAL or DOWN threshold to change the overall status of the switch. For more information about setting policy parameters, see the Fabric Watch Administrator's Guide. Use the following procedure - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 106
switchStatusPolicyShow command to view your current switch status policy configuration. Example output from a switch The following example displays what is typically seen from a Brocade switch, but the quantity and types vary by platform. switch:admin> switchstatuspolicyshow To change the overall - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 107
SANs you may want to audit certain classes of events to ensure that you can view and generate an audit log for what is happening on a switch, particularly for security-related event changes. These events include login failures, zone configuration changes, firmware downloads, and other configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 108
daemon, refer to the Fabric OS Troubleshooting and Diagnostics Guide. NOTE If an AUDIT message is logged configured in step 2. switch:admin> auditcfg --enable Audit filter is enabled. To disable an audit event configuration, enter the auditCfg --disable command. 108 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 109
configuration and confirm that the correct event classes are being audited, and the correct filter state appears (enabled or disabled). switch:admin> auditcfg --show Audit filter is enabled. 2-SECURITY 4-FIRMWARE 220.7 raslogd: AUDIT, 2008/10/10-08:28:16 (GMT), [SEC-3021], INFO, SECURITY, admin/NONE - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 110
log in using an account with admin permissions. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the F_Port login parameters prompt. F-Port login parameters (yes, y, no, n): [no] y 5. Enter one of the following options at the Enforce FLOGI - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 111
118 •Route selection 122 •Frame order delivery 123 •Lossless Dynamic Load Sharing on ports 125 •Enabling forward error correction (FEC 128 •Frame Redirection 130 Routing overview Data moves through a fabric from switch to switch and from storage to server along one or more paths that make up - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 112
ISL from each switch is used as the principal ISL. Figure 5 shows the thick red lines as principal ISLs, and thin green lines as regular ISLs. FIGURE 5 Principal ISLs NOTE FSPF only supports 16 routes in a zone, including Traffic Isolation Zones. 112 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 113
Source ID (SID) address has a frame destined to a port on a remote switch Destination ID (DID). When an ISL is attached or removed from a switch, the FSPF updates the route tables to reflect the addition or space of their corresponding fabric. Fabric OS Administrator's Guide 113 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 114
. If the fabric service is enabled in the fabric, then the switch you are introducing into the fabric must also have it enabled. If you experience a segmented fabric, refer to the Fabric OS Troubleshooting and Diagnostics Guide to fix the problem. 114 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 115
the switch, depending on the device type, driver version, and configuration. This determines the maximum number of frames the port be further prioritized to provide higher levels of Quality of Service. P3 is the lowest priority and is used for broadcast and multicast Administrator's Guide 115 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 116
4 Inter-switch links FIGURE 7 Virtual channels on a QoS-enabled ISL 116 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 117
with ELP mode 2, also referred to as ISL R_RDY mode. Therefore, to enable two switches to link through a gateway, the ports on both switches must be set for ELP mode 2. Any number of E_Ports in a fabric can be configured for gateway links, provided the following guidelines are followed: • All - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 118
on one of two user-selected routing policies: • Port-based routing • Exchange-based routing Notes • On the Brocade 300, 5100, 5300, 5410, 5430, 5450, 5460, 5470, 5480, 6505, 6510, 6520, 7800, 8000, and VA-40FC switches, and also the Brocade DCX and DCX 8510 Backbone families, routing is handled - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 119
. switch:admin> aptpolicy Current Policy: 3 3 : Default Policy 1: Port Based Routing Policy 2: Device Based Routing Policy (FICON support only policy a switch is using applies to the VE_Ports as well. For more information on VE_Ports, refer to the Fibre Channel over IP Administrator's Guide. Exchange - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 120
recommended that you design a SAN that localizes host-to-target Virtual Fabrics Virtual Fabrics support DPS on all partitions. port-based, is configured on a per-logical switch basis. In-order delivery (IOD) and DLS settings are set per logical switch as well. IOD and DLS settings for the base switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 121
command. • If the port-based policy is required, enter the aptPolicy 1 command. Setting up the AP route policy The AP route policy can only be set in the base switches that are using Virtual policy is required, enter the aptPolicy -ap 1 command. Fabric OS Administrator's Guide 121 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 122
effect. When the port-based policy is in force switches. DLS recomputes load sharing when any of the following occurs: • A switch DLS: 1. Connect to the switch and log in using an switch:admin> dlsshow DLS is not set switch:admin> dlsset switch:admin> dlsshow DLS is set switch:admin> dlsreset switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 123
an incoming port for a given exchange are guaranteed to exit the switch in the same configured on other switches in the fabric. NOTE Some devices do not tolerate out-of-order exchanges; in such cases, use the port across topology changes: 1. Connect to the switch and log in using an account with - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 124
the following procedure to view frames. 1. Connect to the switch and log in using an account with admin permissions. 2. Port in Frame Viewer The Frame Viewer --show command supports specifying that the TX port or RX port of displayed frames should be a back-end port. To filter by TX port or RX port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 125
• Brocade FC8-16, FC8-32, FC8-48, and FC8-64 port blades • Brocade DCX 8510 Backbone family and supported blades • Brocade FC16-32 and FC16-48 port blades • Brocade FC8-32E and FC8-48E port blades • Brocade FX8-24 application blades in the Brocade DCX and DCX-4S Backbones On the Brocade 7800 switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 126
DLS enabled Port-based Port-based Disabled works with the default configuration of the Brocade DCX 8510-8 and DCX supported with IOD disabled, which means Lossless core cannot guarantee in-order delivery of exchanges • ICL limitations • Traffic flow limitations 126 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 127
insertion. The path between an FA4-18 blade and an FX8-24 blade, or vice versa, experiences I/O disruption because the FA4-18 blades do not support this feature. Configuring Lossless Dynamic Load Sharing You configure Lossless DLS switch- or chassis-wide by using the dlsSet command to specify that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 128
of this feature: • FEC is configurable only on 16 Gbps-capable switches (Brocade 6505, 6510, 6520, and the Brocade DCX 8510 Backbone family). • FEC is supported only on 1860 and 1867 Fabric Adapter ports operating in HBA mode connected to 16 Gbps Brocade switches running Fabric OS 7.1 and later - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 129
to be enabled. portcfgfec --enable slot/port To enable the FEC feature on a single port and display the configuration, enter the following commands. switch:admin> portcfgfec --enable 1 switch:admin> portcfgfec --show 1 Port: 1 FEC Capable: YES FEC Configured: ON Enabling forward error correction To - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 130
out to all other Fabric OS switches in the fabric that support Frame Redirection. Redirection zones exist only in the defined configuration and cannot be added to the effective configuration. NOTE Fabric OS v7.1.0 is not supported on the Brocade 7600 or Brocade SAS blade. However, this hardware can - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 131
target (40:40:40:40:40:40:40:40): switch:admin>zone --rdcreate 10:10:10:10:10:10:10 delete a frame redirect zone: 1. Connect to the switch and log in using an account with admin permissions. configuration. Example of deleting a frame redirect zone switch 1. Connect to the switch and log in using - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 132
4 Frame Redirection 132 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 133
roles of root, factory, admin, and user, Fabric OS supports up to 252 additional user accounts on the chassis. These of the user's Virtual Fabrics. • Chassis role - Similar to switch-level roles, but applies to a different subset of commands. NOTE Fabric OS Administrator's Guide 133 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 134
• Remote TACACS+ service. Users are managed in a remote TACACS+ server. All switches in the fabric can be configured to authenticate against database is manually synchronized by means of the distribute command to push a copy of the switch's local user database to all other switches in the fabric - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 135
the user and all of them are inactive, the user will not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the system provides a default home domain show the permissions that apply to a specific command. Fabric OS Administrator's Guide 135 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 136
for authentication, the total number of sessions on a switch may not exceed 32. TABLE 14 Maximum number of The role name should have a minimum of 4 letters and can be up to 16 letters long. • The maximum number of user-defined roles that are allowed on a OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 137
of the account that is making the change. In addition to the default administrative and user accounts, Fabric OS supports up to 252 user-defined accounts in each switch (domain). These accounts expand your ability to track account access and audit administrative activities. Fabric OS Administrator - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 138
installation and configuration of each switch. TABLE information 1. Connect to the switch and log in using an account information for a switch • userConfig --show an account 1. Connect to the switch and log in using an account with logical switch to 128 • Admin role permissions • - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 139
on local user accounts. 1. Connect to the switch and log in using an account with admin permissions "Managing Administrative Domains". 1. Connect to the switch and log in using an account with admin the current login account 1. Connect to the switch and log in using an account with admin permissions - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 140
. NOTE If Virtual Fabrics mode is enabled and there are logical switches defined other than the default logical switch, then distributing the password database to switches is not supported. Distributing the password database to switches is not allowed if there are users associated with user defined - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 141
in this section apply to the local-switch user database only. Configured password policies (and all user account be manually distributed across the fabric (see "Local user account database distribution" on page 140). A list of the configurable password Administrator's Guide 141 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 142
past password values that are disallowed when setting a new password. Allowable password history values range between 0 and 24. If the value is set to 0, it means that the new password cannot be set to the current in the user's password history. 142 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 143
a password after a configurable period of time. The expiration policies The following example configures a password expiration policy for warning 3 The following example configures a password expiration policy for across all user accounts. You can configure this policy to keep the account locked - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 144
user on each switch instance. The duration passes or when it is manually unlocked by either a user account lockout policy 1. Log in to the switch using an account that has admin or account 1. Log in to the switch using an account that has admin 1. Log in to the switch using an account that has admin - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 145
switch service Brocade 300, 5410, 5424, 5450, 5460, 5470, 5480, 5100, 5300, 6505, 6510, 6520, 7800, 8000, and 8510 switches, as well as the Brocade Encryption Switch and VA-40FC. If your switch is not listed, please contact your switch support provider for instructions. 1. Connect to the serial port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 146
Support firmware applies to the Brocade DCX, DCX port" on page 56. 2. Connect to the active CP blade over a serial or Telnet connection and enter the haDisable command to prevent failover during the remaining steps. 3. Reboot the standby CP blade by sliding the On/Off switch Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 147
is recommended for higher security. The firmware only prompts for this password once port switch models. The password recovery instructions provided within this section are only for the switches listed in the Preface. If your switch is not listed, contact your switch support provider for instructions - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 148
string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 Backbones. On the Brocade DCX Backbone, set the password to Fabric OS through the serial port" on page 56. 4. Reboot the standby CP blade by sliding the On/Off switch on the ejector handle of Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 149
, LDAP, or TACACS+) and local switch authentication. The switch can also be configured to use only a remote authentication service, or only local switch authentication. Client/server model When configured to use one of the supported remote authentication services, the switch acts as a network access - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 150
one is present. It is saved in a configuration upload and applied in a configuration download. Brocade recommends configuring at least two authentication servers, so that if one fails the other will assume service. Up to five servers are supported. You can set the configuration with any one of the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 151
Brocade support for each. TABLE 16 Protocol LDAP options Description Channel type Default port URL Brocade supported configuration the RADIUS service is not supported supported Authenticates management connections On On against any RADIUS databases. If RADIUS fails because the service service - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 152
configuration service is not available or the credentials do not match, the login fails. not not supported supported . not supported not supported Authenticates management available. not supported not supported Prevents users OS switch. With each account name, assign the appropriate switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 153
name and password when logging in to a switch that has been configured with remote authentication. After the remote authentication (RADIUS, LDAP, or TACACS+) server authenticates a user, it responds with the assigned switch role in a Brocade Vendor-Specific Attribute (VSA). If the response does - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 154
affect any account on the RADIUS server. Windows 2000 IAS To configure a Windows 2000 internet authentication service (IAS) server to use VSA to pass the admin role to the switch in the dial-in profile, the configuration specifies the Vendor code (1588), Vendor-assigned attribute number (1), and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 155
Brocade-Passwd-ExpiryDate = "11/10/2011", Brocade-Passwd-WarnPeriod = "30" RADIUS configuration with Admin Domains or Virtual Fabrics When configuring first valid HomeLF key-value pair is accepted by the switch, additional HomeLF key-value pairs are ignored. • LFRoleList is Guide 155 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 156
. Along with each account name, the administrator must assign appropriate switch access permissions. To manage a fabric, one can set these permissions to user, admin, and securityAdmin. Configuring RADIUS server support with Linux The following procedures work for FreeRADIUS on Solaris and Red Hat - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 157
Remote authentication 5 Configuring RADIUS service on Linux consists of the following tasks: • Adding the Brocade attributes to the server • Creating the user • Enabling clients Adding the Brocade attributes to the server 1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 158
"Adding an authentication server to the switch configuration" on page 175). 2. Save the file $PREFIX/etc/raddb/client.config, and then start the RADIUS server as follows: $PREFIX/sbin/radiusd Configuring RADIUS server support with Windows 2000 The instructions for setting up RADIUS on a Windows - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 159
you want to associate to the appropriate group. 4. Configuring the server For more information and instructions on configuring the server, refer to the Microsoft website. Below is the information you will need to configure the RADIUS server for a Brocade switch. A client is the device that uses the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 160
e. After returning to the Internet Authentication Service window, add additional policies for all Brocade login types for which you want to use the RADIUS server. After this is done, you can configure the switch. NOTE Windows 2008 RADIUS (NPS) support is also available. RSA RADIUS server - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 161
=%s%] ATTRIBUTE Brocade-Auth-Role ATTRIBUTE Brocade-Passwd-ExpiryDate ATTRIBUTE Brocade-Passwd-WarnPeriod Brocade-VSA(1,string) r Brocade-VSA(6,string) r Brocade-VSA(7,integer) r brocade.dct -- Brocade Dictionary FIGURE 11 Example of a Brocade DCT file Fabric OS Administrator's Guide 161 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 162
switch. e. Add the Brocade profile. f. In RSA Authentication Manager, edit the user records that will be authenticating using RSA SecurID. LDAP configuration users from the local switch database to Active Directory. This is a manual process explained later. • Only IPv4 is supported for LDAP on - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 163
2003, and 2008 are supported. When authentication is performed Configuring Microsoft Active Directory LDAP service The following is an overview of the process used to set up LDAP. 1. If your Windows Active Directory server for LDAP needs to be verified by the LDAP client (that is, the Brocade switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 164
group. For instructions on how to set to the group corresponding to the switch role. You can choose any other group user must use to log in to the switch. or If you have a user-defined roles available on a switch. Adding an Admin Domain Service Pack 1 or you can download this utility from the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 165
• Add brcdAdVfData to the person's properties. LDAP configuration and OpenLDAP Fabric OS provides user authentication and authorization by means of OpenLDAP or the Microsoft Active Directory service in conjunction with LDAP on the switch. This section discusses authentication and authorization using - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 166
, refer to Chapter 7, "Configuring Security Policies". The following restrictions membership. This feature is supported in OpenLDAP through the Brocade switch), then you must install a Certificate Authority (CA) certificate on the OpenLDAP server. Follow OpenLDAP instructions Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 167
the Directory, where test.ldif is the file you created in step 1. > ldapadd -D cn=Manager,dc=mybrocade,dc=com -x -w secret -f test.ldif Fabric OS Administrator's Guide 167 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 168
group member: cn=sachin,cn=Users,dc=mybrocade,dc=com Assigning the LDAP role to a switch role Use the ldapCfg --maprole ldap_role_name switch_role command to map LDAP server permissions to one of Sachin,dc=mybrocade,dc=com -x -w secret -f test.ldif 168 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 169
sample schema file defines a new objectClass named "user" with optional attributes "brcdAdVfData" and "description". #New attr brcdAdVfData attributetype ( 1.3.6.1.4.1.8412.100 NAME ( 'brcdAdVfData' ) Fabric OS Administrator's Guide 169 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 170
.115.121.1.26{256} ) objectclass ( 1.3.6.1.4.1.8412.110 NAME 'user' DESC 'Brocade switch specific person' SUP top AUXILIARY MAY ( brcdAdVfData $ description ) ) 2. Include Sachin,cn=Users,dc=mybrocade,dc=com objectClass: user objectClass: person 170 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 171
cn=Sachin,dc=mybrocade,dc=com -x -w secret -f test4.ldif TACACS+ service FabricOS can authenticate users with a remote server using the Terminal Access Controller configured to use TACACS+, a Brocade switch becomes a Network Access Server (NAS). The following authentication protocols are supported - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 172
Cisco documentation for installation instructions. 2. Configure the TACACS+ server by editing the tac_plus.cfg file. Refer to "The tac_plus.cfg file" (below) for details. 3. Run the tac_plus daemon to start and enable the TACACS+ service on the server. Example > tac_plus -d 16 /usr/local/etc/mavis - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 173
Configuring is accepted by the switch, and any additional service = shell { set brcd-role = securityAdmin set brcd-AV-Pair1 = "homeAD=255;ADList=1,2,3"; set brcd-AV-Pair2 = "ADList=200-255"; } } Configuring is accepted by the switch. Additional HomeLF key- = clear "password" service = shell { set - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 174
of a failover. RADIUS, LDAP, or TACACS+ configuration is chassis-based configuration data. On platforms containing multiple switch instances, the configuration applies to all instances. The configuration is persistent across reboots and firmware downloads. On a chassis-based system, the command must - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 175
servers are contacted for service 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aaaConfig --move command. When the command succeeds, the event log indicates that a server configuration is changed. Fabric OS Administrator's Guide 175 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 176
, or TACACS+ service is not configured, only the parameter heading line is displayed. Parameters include: Position Server Port Secret Timeouts Authentication The order in which servers are contacted to provide service. The server names or IPv4 or IPv6 addresses. IPv6 is not supported when using - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 177
Ports and applications used by switches 192 Security protocols Security protocols provide endpoint authentication and communications privacy using cryptography. Typically, you are authenticated to the switch while the switch (SSH) protocol. Configuration upload and download support the use of SCP - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 178
OS versions can be part of the secure fabric, but they do not support secure management. Secure management protocols must be configured for each participating switch. Nonsecure protocols may be disabled on nonparticipating switches. If SSL is used, then certificates must be installed. For more - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 179
prompt. Example of setting up SCP for configUpload/download switch:admin# configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] n ssl attributes (yes, y, no, n): [no] n http - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 180
firmware download. Both password and public key authentication can coexist on the switch. Allowed-user For outgoing authentication, the default admin user must set up the allowed-user with admin permissions. By default, the admin is the configured switch by logging in to the switch switch switch: - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 181
by logging in to the switch from a remote device, or by running a command remotely using SSH. Configuring outgoing SSH authentication After the allowed-user is configured, the remaining setup steps , such as firmwareDownload or configUpload. Fabric OS Administrator's Guide 181 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 182
management tools such as Web Tools. SSL support is a standard Fabric OS feature. Switches configured for SSL grant access to management tools through be able to download an encryption patch from the Microsoft website at http://www.microsoft.com. 182 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 183
and Java support, refer to the Web Tools Administrator's Guide. SSL configuration overview You configure SSL access for a switch by obtaining, switches, consider using one certificate authority (CA) to sign all management certificates for a fabric. If you use different CAs, management services - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 184
switch private key pair Done. Because CA support for the 2048-bit key size Connect to the switch and log in ):San Jose Organization Name (eg, company name):Brocade Organizational name switch/director. The IP address or FQDN is the switch Enter the IP address of the switch on which you generated the CSR - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 185
support the following types of files from the Certificate Authority(CA): • .cer (binary) • .crt (binary) • .pem (text) Typically, the CA provides the certificate files listed in Table 24. TABLE 24 SSL certificate files Certificate file Description name.pem The switch Follow the instructions to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 186
already installed, check the certificate store on your browser. The next procedures are guides for installing root certificates to Internet Explorer and Mozilla Firefox browsers. For more detailed instructions, refer to the documentation that came with the certificate. Checking and installing root - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 187
, select nameRoot.crt. 6. Click Open and follow the instructions to import the certificate. Root certificates for the Java plugin For information on Java requirements, refer to "Browser and Java support" on page 182. This procedure is a guide for installing a root certificate to the Java plugin on - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 188
management security in the storage area network. For details on Brocade MIB files, naming conventions, loading instructions, and information about using Brocade's SNMP agent, refer to the Fabric OS MIB Reference. You can configure SNMPv3 and SNMPv1 for the automatic transmission of SNMP information - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 189
Brocade SW traps. For information on Brocade corresponding switch local switch database. the default switch as their switch# snmpwalk -u admin -v 3 -n VF:4 10.168.176.181.1 Filtering ports Each port Switch-level attributes Attributes that are specific to each logical switch belong to the switch switches - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 190
set command to change either the SNMPv3 or SNMPv1 configuration. You can also change access control, MIB capability, and system group. For details on Brocade MIB files, naming conventions, loading instructions, and information about using the Brocade SNMP agent, refer to the Fabric OS MIB Reference - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 191
ipfilter --activate command. switch:admin> ipfilter --activate switch:admin> ipfilter --show Name: BlockTelnet, Type: ipv4, State: defined Rule Source IP Protocol Dest Port State: defined Rule Source IP Protocol Dest Port 1 any tcp 22 2 any tcp to the switch through a serial port or - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 192
Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Ports and applications used by switches If you are using the FC-FC Routing Service, be aware that the secModeEnable command is not supported. Table 26 lists the defaults for accessing hosts, devices - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 193
can connect to any FC port in the fabric. Any switch can join the fabric. All switches in the fabric can be accessed through a serial port. No zoning is enabled. Port configuration Table 27 provides information on ports that the switch uses. When configuring the switch for various policies, take - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 194
6 Ports and applications used by switches 194 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 195
Each supported Access switches can change the configuration of the fabric. • Device connection control (DCC) policies - Used to restrict which Fibre Channel device ports can connect to which Fibre Channel switch ports. • Switch Fabric OS v6.2.0 and later switches present, the limit for security - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 196
as DCC, SCC, and FCS can be configured on each logical switch. The limit for security policy database size is set to 1Mb per logical switch. Policy members The FCS, DCC and SCC policy members are specified by device port WWN, switch WWN, domain IDs, or switch names, depending on the policy. The - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 197
policies are automatically deleted if the you log out without saving them. 1. Connect to the switch and log in using an account with admin permissions, or an account with O permission for the deletion by entering the secPolicyActivate command. Fabric OS Administrator's Guide 197 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 198
: switch:admin> secpolicyadd "SCC_POLICY", "12:24:45:10:0a:67:00:40" Member(s) have been added to SCC_POLICY. Example of adding members to the DCC policy To add two devices to the DCC policy, and to attach domain 3 ports 1 and 3 (WWNs of devices are 11:22:33:44:55:66:77:aa and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 199
fabric. Automatic distribution is supported and you can either configure the switches in your fabric to accept the FCS policy or manually distribute the FCS policy a new switch that joins the FCS-enabled fabric could still propagate the AD and zone database. Fabric OS Administrator's Guide 199 53- - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 200
except the show commands SNMP commands All AD commands configupload Any local-switch commands Any AD command that does not affect fabric-wide configuration In Fabric OS v7.1.0 and later, to avoid segmentation of ports due to a member-list order mismatch, security policy members are sorted - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 201
not be able to perform any fabric-wide configurations from the primary FCS. Modifying the order of FCS switches 1. Log in to the Primary FCS switch using an account with admin permissions, or command to activate and save the new order. Fabric OS Administrator's Guide 201 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 202
distributed using the fddCfg --fabwideset command or it can be manually distributed to the switches using the distribute -p command. Each switch that receives the FCS policy must be configured to receive the policy. To configure the switch to accept distribution of the FCS policy, refer to "Database - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 203
(HBAs) do not respond to port login from the switch and are not enforced by the DCC policy. This does not create a security problem because these HBAs cannot contact any . • DCC policies are not supported on the CEE ports of the Brocade 8000. Fabric OS Administrator's Guide 203 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 204
4 of switch domain 4, and all devices currently connected to ports 1 through 4 of switch domain 4: switch:admin> secpolicycreate "DCC_POLICY_example", "44:55:66:77:22:33:44:dd;33:44:55:66:77:11:22:cc;4[1-4]" DCC_POLICY_example has been created 204 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 205
switch support Configuration WWN seen on Behavior when DCC policy Behavior on portDisable DCC policy list activates and portEnable • FA-PWWN has logged into the switch into the switch • DCC port will disable the port for a security violation. As the traffic is already disrupted for this port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 206
the logical ISL is formed if the SCC enforcement passes on the extended ISL. The following changes: • A logical switch supports an SCC policy. You can configure and distribute an SCC policy on a logical switch. • SCC enforcement is performed on a ISL based on the SCC policy present on the logical - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 207
"Setting a secret key pair" on page 214. When configured, the secret key pair is used for authentication. Authentication occurs whenever there is a state change for the switch or port. The state change can be due to a switch reboot, a switch or port disable and enable, or the activation of a policy - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 208
will be initiated automatically on ports or switches brought online if the policy is set to activate authentication. The AUTH policy is distributed by command; automatic distribution of the AUTH policy is not supported. The default configuration directs the switch to attempt FCAP authentication - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 209
supported on logical ports ". For more information on Virtual Fabrics, refer to Chapter 10, "Managing Virtual Fabrics". Configuring E_Port authentication 1. Connect to the switch ports will be disabled upon reboot. Would you like to continue [Y/N] y switch switch:admin next E-port bring-up - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 210
switch. This command does not work on loop, NPIV and FICON devices, or on ports configured supported from Brocade fabric switches in native mode to Access Gateway switches and from Access Gateway switches to HBAs. For more information, refer to the Access Gateway Administrator's Guide, Supporting - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 211
port bring-up. ARE YOU SURE (yes, y, no, n): [no] y Device authentication is set to PASSIVE AUTH policy restrictions All fabric element authentication configurations are performed on a local switch basis. Device authentication policy supports Configupload and download will not be supported for the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 212
to DH-CHAP or FCAP, have not configured shared secrets or certificates, and authentication is checked (for example, you enable the switch), then switch authentication will fail. If the E_Port Compression," for details about in-flight encryption. 212 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 213
DH-CHAP When you configure the switches at both ends of 1 switchA Note about Access Gateway switches Because Domain ID and name are not supported for Access Gateway, secAuthSecret --show switch or device on Access Gateway, only the WWN can be used. Fabric OS Administrator's Guide 213 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 214
switch switch specification, peer secret entry, and local secret entry. To exit the loop, press Enter for the switch switch is configured to do DH-CHAP, it is performed whenever a port or a switch , or switch name ( , Domain, or switch name (Leave blank Domain, or switch name (Leave blank when done): - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 215
configuration overview Beginning with Fabric OS release 7.0.0, you must configure the switch to use third-party certificates for authentication with the peer switch switch. 3. Store the CSR from each switch supported and remote switches that will to the switch using an the local switch. switch:admin> - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 216
The CA will in turn provide two files as outlined in "FCAP configuration overview" on page 215. 1. Log in to the switch using an account with admin permissions, or an account associated with the Success: imported certificate [01.pem]. 216 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 217
manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the AUTH policy, see "Distributing the local ACL policies" on page 227 for instructions. Local Switch configuration with the active CP. Fabric OS Administrator's Guide 217 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 218
different IP Filter policies. IP Filter policies are treated as a chassis-wide configuration and are common for all the logical switches in the chassis. Creating an IP Filter policy You can create an IP the active policies. Use --activate instead. 218 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 219
destination port number or name, such as: Telnet, SSH, HTTP, HTTPS. • Protocol: The protocol type. Supported types are TCP or UDP. • Action: The filtering action taken by this rule, either Permit or Deny. A rule type and destination IP can also be specified Fabric OS Administrator's Guide 219 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 220
.0/24 represents a 24- switch. A valid port number range is represented by a dash, for example 7-30. Alternatively, service names can also be used instead of port number. Table 37 lists the supported service names and their corresponding port numbers. TABLE 37 Supported services Service name Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 221
configuration to filter other protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed to support ICMP echo request and reply on commands like ping and traceroute. Action For the action, only "permit" and "deny" are valid. Fabric OS Administrator's Guide 221 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 222
of the policy. This ensures that TCP and UDP traffic to dynamic port ranges is allowed, so that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not affected. TABLE 38 Permit Permit Permit Permit Permit Permit 222 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 223
first rule. If a match is found for the source address, destination port, and protocol, the corresponding action for this rule is taken, and the saved to the persistent configuration until a save or activate subcommand is run. 1. Log in to the switch using an account with Guide 223 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 224
transaction is aborted. The IPFilter policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the IPFilter policy, see "Distributing the local ACL policies" on page 227 for instructions. Switches with Fabric OS v6.2.0 or later have - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 225
that database when a policy change is activated. If a fabric-wide consistency policy is not set, then the policies are managed on a per switch basis. For configuration instructions, see "Fabric-wide enforcement" on page 227. Virtual Fabric considerations: Fabric-wide consistency policies are - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 226
41 Supported database distribution settings 1. Connect to the switch and log in using an account with database distribution settings switch:admin> fddcfg --showall Local Switch Configuration for all Databases:- command. Disabling local switch protection 1. Connect to the switch and log in using - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 227
database cannot be manually distributed. When you 1. Connect to the switch and log in using distributed to other switches in the fabric. target switches. Policy switches in the fabric. NOTE FC routers cannot join a fabric with a strict fabric-wide consistency policy. FC routers do not support - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 228
DCC" switch:admin> fddcfg --showall Local Switch Configuration for all Databases:- DATABASE - Accept/Reject SCC - accept DCC - accept PWD - accept FCS - accept AUTH - accept IPFILTER - accept Fabric Wide Consistency Policy:- "SCC:S;DCC" 228 Fabric OS Administrator's Guide 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 229
one side to resolve ACL policy conflict. If neither the fabric nor the joining switch is configured with a fabric-wide consistency policy, there are no ACL merge checks required. do not match, a warning displays and policy commands are disabled1. Fabric OS Administrator's Guide 229 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 230
Ports are disabled. 1. To resolve the policy conflict, manually distribute the database you want to use to the switch the ports are disabled. Table 44 on page 230 shows merges that are not supported. TABLE fabwideset "policy_ID" from any switch with the desired configuration to fix the conflict. - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 231
have a Brocade switch or support services configure port numbers, and protocols used (UDP/TCP/ICMP). You must specify the transforms and processing choices for the traffic flow (drop, protect or bypass). Also, you must select and configure the key management protocol using an automatic or manual - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 232
inner IP header would contain the IP addresses of the actual endpoints. FIGURE 15 Gateway tunnel configuration Endpoint-to-gateway tunnel In this scenario, a protected endpoint (typically a portable computer) connects gateway and be tunneled back. 232 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 233
security 7 FIGURE 16 Endpoint-to-gateway tunnel configuration RoadWarrior configuration In endpoint-to- protection against replay attacks in which an attacker attempts a denial of service attack by replaying an old sequence of packets. IP sec protocols Administrator's Guide 233 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 234
. Use the IP secConfig --flush manual-sa command to remove all SA is the supported combination. Authentication configuring An IP sec policy determines the security services afforded to a packet and the treatment port information) and transform set. 234 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 235
Key management The IP sec key management supports Internet Key Exchange or Manual key/SA entry. The Internet Key switch populates the security association database (SAD) accordingly. Pre-shared keys A pre-shared key has the .psk extension and is one of the available methods IKE can be configured - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 236
an associated IP sec policy in the local policy database. Manual SA entries are persistent across system reboots. Creating the tunnel Each side of the tunnel must be configured in order for the tunnel to come up. Once you are logged into the switch, do not log off as each step requires that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 237
to use AH01 as SA. switch:admin> IP secconfig --add policy ips sa-proposal -t IP sec-AH -sa AH01 6. Import the pre-shared key file. Refer to Chapter 6, "Configuring Protocols" for information on how and destination addresses than outbound packets. Fabric OS Administrator's Guide 237 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 238
Use the IP secConfig --flush manual-sa command with the specified operands and configure IKE with pre-shared keys. The two systems are a switch, switch as Admin. 2. Enable IP sec. a. Connect to the switch and switch. 3. Create an IP sec SA policy named AH01, which uses AH protection with MD5. switch: - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 239
switch certificate" on page 185. 7. Configure an IKE policy for the remote peer. switch and 2000 do not support IKEv2. 8. Create an manual-sa -a command. 11. Perform the equivalent steps on the remote peer to complete the IP sec configuration. Refer to your server administration guide for instructions - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 240
the specified operands to display IKE policies. • Use the IP secConfig --flush manual-sa command with the specified operands to flush the created SAs in the kernel • As of Fabric OS 7.0.0, IP sec no longer supports null encryption (null_enc) for IKE policies. • IPv6 policies cannot tunnel IMCP - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 241
Managing Administrative Domains". For more information about troubleshooting configuration file uploads and downloads, refer to the Fabric OS Troubleshooting and Diagnostics Guide. There are two ways to view configuration settings for a switch in a Brocade fabric: • Issue the configShow -all command - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 242
the following options when uploading or downloading a configuration file: -fid -all -chassis To upload the specified FID configuration. To upload all of the system configuration, including the chassis section and all switch sections for all logical switches. NOTE: Use this parameter when obtaining - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 243
Security policies] [Active Security policies] [cryptoDev] [FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 1] Chassis section There is only one chassis section within a configuration. It defines configuration data for chassis components that affect the entire system, not just one - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 244
• CryptoDev • FICU saved files • VS_SW_CONF • Banner Configuration file backup Brocade recommends keeping a backup configuration file. You should keep individual backup files for all switches in the fabric and avoid copying configurations from one switch to another. The configUpload command, by - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 245
). SFTP can be used for the configupload/download, supportsave, and auto FFDC/trace upload (supportftp) commands. Uploading a configuration file in interactive mode 1. Verify that the FTP, SFTP, or SCP service is running on the host computer. 2. Connect to the switch and log in using an account with - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 246
in both the downloaded configuration file and the current system. NOTE Brocade recommends you disable a switch before downloading a configuration file. If you plan to download a configuration file while the switch is enabled, refer to "Configuration download without disabling a switch" on page 248 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 247
configuration files downloaded to a Virtual Fabric system have a configuration applied only to the default switch. If there are multiple logical switches created in a Virtual Fabric-enabled system, there may be problems if there are ports features. IP address. Configuration state of the iSNS client - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 248
Watch, or ACL, then you must disable the switch. When you use the configDownload command, you are prompted to disable the switch only when necessary. Configuration download without disabling a switch is independent of the hardware platform and supported on all hardware platforms running Fabric OS v6 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 249
" command. Downloading configuration to an online switch may result in some configuration not being downloaded to that switch. configDownload operation may take several minutes to complete for large files. Do you want to continue [y/n]:y Password: Fabric OS Administrator's Guide 249 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 250
features, you can save a configuration file from one switch and download it to other switches of the same model type. Do not download a configuration file from one switch to another switch that is a different model or runs a different firmware version, because it can cause the switch to fail. If you - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 251
using configDownload The configDownload -vf command specifies that the Virtual Fabrics configuration download file is downloaded instead of the regular configuration. After the Virtual Fabrics configuration file is downloaded, the switch is automatically rebooted. On dual-CP platforms, if CPs are - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 252
is not limited to, logical switch definitions, whether Virtual Fabrics is enabled or disabled, and the F_Port trunking ports, except the LISL ports. The LISL ports on the system are not affected by the Virtual Fabrics configuration file download. 252 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 253
Table 48 as a hard copy reference for your configuration information. In the hardware reference manuals for the Brocade DCX and DCX-4S Backbones, there is a guide for FC port-setting. TABLE 48 Brocade configuration and connection form Brocade configuration settings IP address Gateway address Chassis - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 254
8 Brocade configuration form 254 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 255
download process overview Fabric OS v7.1.0 provides nondisruptive firmware installation. This chapter refers to the following specific types of blades inserted into the Brocade DCX and DCX 8510 Backbone families: • FC blades or port blades that contain only Fibre Channel ports; the Brocade FC8-16 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 256
the secondary partition. ATTENTION The Brocade 8000 does not support a nondisruptive firmware download. The switch reboots once the firmware upgrade or downgrade is complete. In dual-CP systems, the firmware download process, by default, sequentially upgrades the firmware image on both CPs using HA - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 257
testing and restoring firmware, refer to "Testing and restoring firmware on Backbones" on page 270. Passwordless firmware download You can download firmware without a password using the sshutil command for public key authentication when SSH is selected. The switch must be configured to install the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 258
enable you to provide your switch support provider the information required to troubleshoot the firmware download. It is recommended that you use the configUpload command to back up the current configuration before you download firmware to a switch. Refer to "Configuration file backup" on page 244 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 259
helps to troubleshoot the firmware download process if a problem is encountered. 6. Optional: Enter the errClear command to erase all existing messages in addition to internal messages. Obtaining and decompressing firmware Firmware upgrades are available for customers with support service contracts - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 260
9 Firmware download on switches Firmware download on switches Brocade fixed-port switches maintain primary and secondary partitions for firmware. The firmwareDownload command defaults to an autocommit option that automatically copies the firmware from one partition to the other. NOTE This section - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 261
Firmware download on switches 9 Upgrading firmware for Brocade fixed-port switches 1. Take the following appropriate action based on what service supports a USB memory device, verify that it is connected and running. 2. Obtain the firmware file from the Brocade website at http://www.brocade. - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 262
and Diagnostics Guide. If the troubleshooting information fails to help resolve the issue, contact your switch service provider. During the upgrade process, the Backbone fails over to its standby CP blade and the IP address for the Backbone moves to that CP blade's Ethernet port. This may - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 263
contact your switch service provider. For further troubleshooting, refer to the Fabric OS Troubleshooting and Diagnostics Guide. 8. Enter the firmwareDownload command and respond to the interactive prompts. 9. At the "Do you want to continue [y/n]" prompt, enter y. The firmware is downloaded to one - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 264
on the FX8-24 blade, the FCIP tunnel traffic will be impacted for at least two minutes. ecp:admin> firmwaredownload Type of Firmware (FOS, switch, and log in again as admin. Using a separate session to connect to the switch, enter the firmwareDownloadStatus command to monitor the firmware download - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 265
command to display the new firmware versions. Firmware download from a USB device The Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, 8000, and VA-40FC switches and the Brocade DCX, DCX-4S, or DCX 8510 Backbones support a firmware download from a Brocade branded USB device attached to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 266
OpenSSL utility to provide FIPS support. To use the digitally signed software, you must configure the switch to enable signed firmware download. If it is not enabled, the firmware download process ignores the firmware signature and performs as before. If signed firmware download is enabled, and if - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 267
firmware is not from Brocade, or the contents have been modified. • If the firmware file has a signature and the validation succeeds, firmware download proceeds normally. SAS, DMM, and third-party application images are not signed. Configuring a switch for signed firmware 1. Connect to the switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 268
server is running on the host server and that you have a user ID on that server. 2. Obtain the firmware file from the Brocade website at http://www.brocade.com or the switch support provider and store the file on the FTP or SSH server. 3. Unpack the compressed files preserving directory structures - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 269
step 8, then you have committed the firmware on the switch and you have completed the firmware download procedure. 9. Restore the firmware. a. Enter the firmwareRestore command. The switch reboots and comes up with the original firmware again. A firmware commit automatically begins to copy the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 270
firmware download. This command cannot be used to restore SAS and SA images. NOTE Brocade recommends that, under normal operating conditions, you maintain the same firmware firmware download process overview" on page 262 for details about autoleveling. 270 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 271
firmware is now running on the active CP by entering the firmwareShow command. 9. Update firmware this point the firmware downloads to the firmware on both CPs, which completes the firmware download firmware. b. Enter the firmwareCommit command to update the secondary partition with the new firmware - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 272
firmware on both CPs and you have completed the firmware download procedure. 12. Restore the firmware ends. The Backbone is now running the original firmware. 14. Restore firmware on the "new" standby CP. a. Wait restoring firmware on switches" on page 268. Be aware that upgrading a Backbone - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 273
devices prior to the firmware download. fabricShow Displays all switches in a fabric. Make sure the number of switches in the fabric after the firmware download is exactly the same as the number of attached devices prior to the firmware download. Fabric OS Administrator's Guide 273 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 274
9 Validating a firmware download 274 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 275
using XISLs 300 Virtual Fabrics overview Virtual Fabrics is an architecture to virtualize hardware boundaries. Traditionally, SAN design and management is done at the granularity of a physical switch. Virtual Fabrics allows SAN design and management to be done at the granularity of a port. Virtual - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 276
Fabrics" on page 606. For information about supported switches and port types, refer to "Supported platforms for Virtual Fabrics" on page 286. logical switch P0 P3 P6 P9 P1 P4 P7 P2 P5 P8 FIGURE 17 Switch before and after enabling Virtual Fabrics 276 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 277
and after it is divided into logical switches. Before you create logical switches, the chassis appears as a single switch (default logical switch). After you create logical switches, the chassis appears as multiple independent logical switches. All of the ports continue to belong to the default - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 278
P1 P3 P5 P7 P9 Logical switch 2 Logical switch 1 (Default logical switch) P0 P1 P7 P8 P2 Logical switch 2 P3 Logical switch 3 P4 P9 Logical switch 3 P5 Logical switch 4 P6 Logical switch 4 FIGURE 20 Assigning ports to logical switches 278 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 279
and E_Ports from one logical switch to another. If you want to configure a different type of port, such as a VE_Port or EX_Port, you must configure them after you move them. Some types of ports cannot be moved from the default logical switch. Refer to "Supported platforms for Virtual Fabrics" on - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 280
Fabric 15 Fabric 8 FIGURE 22 Logical switches in a single chassis belong to separate fabrics For information on allowing device sharing across fabrics in a Virtual Fabrics environment, refer to "FC-FC routing and Virtual Fabrics" on page 606. 280 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 281
as: - Logical switch configuration (creating, deleting, or modifying logical switches) - Account management (determining which accounts can access which logical switches) - Field-replaceable unit (FRU) management (slot commands, such as slotShow) - Firmware management (firmware upgrade, HA failover - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 282
1 P4 P5 P7 Logical switch 7 P6 Fabric ID 15 Logical switch 4 P6 Fabric ID 8 Switch P8 Logical switch 8 P9 Fabric ID 8 FIGURE 23 Logical switches connected to other logical switches through physical ISLs Figure 24 shows a logical representation of the configuration in Figure 23. Fabric 128 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 283
logical switches. • Base switches do not support direct device connectivity. A base switch can have only E_Ports, VE_Ports, EX_Ports, or VEX_Ports, but no F_Ports. • The base switch provides a common address space for communication between different logical fabrics. • A base switch can be configured - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 284
logical ISLs are not connected to ports because they are not physical cables. They are a logical representation of the switch connections that are allowed by the XISL. FIGURE 26 Logical ISLs connecting logical switches To use the XISL, the logical switches must be configured to allow XISL use. By - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 285
switches. A logical port represents the ports at each end of a logical ISL. A logical port is a software construct only and does not correspond to any physical port. Most port commands are not supported on logical ports. For example, you cannot change the state or configuration of a logical port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 286
40FC, in Native mode only • Brocade DCX • Brocade DCX-4S • Brocade DCX 8510 family Some restrictions apply to the ports, depending on the port type and blade type. The following sections explain these restrictions. Supported port configurations in the fixed-port switches There are no restrictions on - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 287
and port types supported on logical switches Blade type Default logical switch User-defined logical switch Base switch FC8-16 FC8-32 FC8-32E FC8-48 FC8-48E FC16-32 FC16-48 FC8-64 Yes (F, E) Yes (F, E)1 Yes (F, E) Yes (F, E) Yes (E, EX) Yes (E, EX)2 FS8-18 Yes (F, E) No No FCOE10-24 Yes - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 288
platforms and the maximum number of logical switches (including the default logical switch) supported on each. TABLE 52 Platform Maximum number of logical switches per chassis Maximum number of logical switches Brocade DCX 8 Brocade DCX-4S 8 288 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 289
per chassis (Continued) Maximum number of logical switches Brocade DCX 8510 family 8 Brocade 5300 4 Brocade 5100 3 Brocade 6510 4 Brocade 6520 4 Brocade 7800 4 Brocade VA-40FC 3 Refer to "Supported port configurations in Brocade Backbones" on page 287 for restrictions on the default - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 290
logical switch and Switch Service: disabled Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform switch:admin> fosconfig --enable vf WARNING: This is a disruptive operation that requires a reboot to take effect. All EX ports - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 291
Ethernet Switch Service Service not supported on this Platform switch:admin> fosconfig --disable vf WARNING: This is a disruptive operation that requires a reboot to take effect. Would you like to continue [Y/N] y Configuring logical switches to use basic configuration values All switches in - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 292
. switchdisable 5. Configure the switch attributes, including assigning a unique domain ID. configure 6. Enable the logical switch. switchenable 7. Assign ports to the logical switch, as described in "Adding and moving ports on a logical switch" on page 295. 292 Fabric OS Administrator's Guide 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 293
activating the Logical Switch. sw0:FID128:admin> setcontext 4 switch_4:FID4:admin> switchdisable switch_4:FID4:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [1] 100 Select Addressing Mode: (1 = Zero Based Area Assignment, 2 = Port Based Area Assignment - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 294
from the logical switch as described in "Adding and moving ports on a logical switch." 3. Enter the lsCfg command to delete the logical switch: lscfg --delete fabricID The fabricID parameter is the fabric ID of the logical switch to be deleted. 294 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 295
are currently configured. If the -port option is omitted, all ports on the specified slot are assigned to the logical switch. NOTE On the Brocade DCX and DCX 8510-8, the lscfg command does not allow you to add ports 48- 63 of the FC8-64 blade to the base switch. These ports are not supported on the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 296
configuration for a logical switch: 1. Connect to the physical chassis and log in using an account with the chassis-role permission. 2. Enter the lsCfg command to display a list of all logical switches and the ports logical switch context. NOTE If you are in the context of the logical switch with - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 297
ON LS Attributes: [FID: 7, Base Switch: No, Default Switch: No, Address Mode 0] (output truncated) switch_25:FID7:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Fabric OS Administrator's Guide 297 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 298
Configure... Fabric parameters (yes, y, no, n): [no] y WWN Based persistent PID (yes, y, no, n): [no] Allow XISL Use (yes, y, no, n): [yes] n WARNING!! Disabling this parameter will cause removal of LISLs to other logical switches. Do you want to continue? (yes, y, no, n): [no] y System services - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 299
supported in some cases. See "Limitations and restrictions of Virtual Fabrics" on page 288 for restrictions on XISL use. Use the following procedure to configure a logical switch logical switch you want to switch to and manage. The switchname parameter is the name assigned to the logical switch. You - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 300
ports on a logical switch" on page 295. e. Repeat step a through step d in all chassis that are to participate in the logical fabric. 2. Physically connect ports in the base switches to form XISLs. 3. Enable all of the base switches. This forms the base fabric. 300 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 301
devices and ISLs to these ports on the logical switch. e. (Optional) Configure the logical switch to use XISLs, if it is not already XISL-capable. See "Configuring a logical switch to use XISLs" on page 299 for instructions. By default, newly created logical switches are configured to allow XISL use - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 302
10 Creating a logical fabric using XISLs 302 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 303
or encryption. See "Frame Redirection" on page 130 for more information. • LSAN zones Provide device connectivity between fabrics without merging the fabrics. See "LSAN zone configuration" on page 590 for more information. Fabric OS Administrator's Guide 303 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 304
path through the fabric. See Chapter 12, "Traffic Isolation Zoning," for more information. Zoning overview Zoning is a fabric-based service that enables you to partition your storage area network (SAN) into logical groups of devices that can access each other. For example, you can partition your - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 305
target devices is added to the zone. Typically, a zone is created for the HBA and the disk storage ports are added. If the HBA also accesses tape devices, a second zone is created with the HBA and zoning philosophy is the preferred method. Fabric OS Administrator's Guide 305 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 306
, "3,13" specifies port 13 in switch domain ID 3. The following issues affect zone membership based on the type of zone object: • When a zone object is the physical port number, then all devices connected to that port are in the zone. • World Wide Names are specified as 8-byte (16-digit) hexadecimal - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 307
such as port numbers or switch at once, and you can quickly alternate between them. For example, you might want to have one configuration enabled during the business hours and another enabled overnight. However, only one zone configuration can be enabled at a time. Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 308
configuration. • Disabled Configuration The effective configuration is removed from flash memory. If you disable the effective configuration configuration. The switch performs this blocking at the transmit side of the port how the zones are configured. A zone can members. If a port is in multiple - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 309
Connect to the switch and log in are a normal part of a functioning SAN, the pause in I/O might not . Ensuring that the HBA drivers are current can shorten the problems. This is especially useful as fabrics increase in size. Confirming operation After changing or enabling a zone configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 310
Fabric OS-level switch. Switches with earlier Fabric OS switch versus an edge switch. • Zone using a Backbone rather than a switch . A broadcast zone can have domain,port, WWN, and alias members. Broadcast zones Broadcast packets are forwarded to all the ports that are part of the broadcast zone - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 311
its membership in the AD2 broadcast zone. When a switch receives a broadcast packet it forwards the packet only to "Validating a zone" on page 323 for complete instructions. Broadcast zones and FC-FC routing If you create fabric. See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 312
11 Zone aliases High availability considerations with broadcast zones If a switch has broadcast zone-capable firmware on the active CP (Fabric OS v5.3.x or later) and broadcast zone-incapable firmware on the standby CP (Fabric OS version earlier than v5.3.0), then you cannot create a broadcast zone - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 313
aliadd "array1", "1,2" switch:admin> aliadd "array2", "21:00:00:20:37:0c:72:51" switch:admin> aliadd "loop1", "5,6" switch:admin> cfgsave WARNING!!! The changes you are attempting to save will render the Effective configuration and the Defined configuration Fabric OS Administrator's Guide 313 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 314
an alias: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliDelete command, using the following syntax. alidelete "aliasname" 3. Enter the cfgSave command to save the change to the defined configuration. 314 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 315
configuration and the Defined configuration inconsistent. The inconsistency will result in different Effective Zoning configurations for switches the defined and effective configuration) is displayed. Example The following example shows all zone aliases beginning with "arr". switch:admin> alishow " - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 316
on logical ports. Displaying existing zones Use the following procedure to display a list of existing zones: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command. Example Displaying existing zones switch:admin> cfgshow Defined configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 317
transaction was aborted. 4. Enter the cfgShow command to view the changes. Example Creating a new zone switch:admin> zonecreate sloth, "b*; 10:00:00:00:01:1e:20:20" switch:admin> cfgsave switch:admin> cfgshow Defined configuration: zone: matt 30:06:00:07:1e:a2:10:20; 3,2 zone: sloth bawn; bolt; bond - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 318
to indicate that the transaction was aborted. 4. Enter the cfgShow command to view the changes. Example Removing members from a zone switch:admin> cfgshow Defined configuration: zone: matt zeus; bond; jake; jeff; jones; 3,2; 30:06:00:07:1e:a2:10:20 zone: sloth bawn; bolt; bond; brain; 10 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 319
support partial pattern matching ("wildcards") of zone member aliases. 3. Enter the cfgSave command to save the change to the defined configuration view the changes. Example Replacing zone members switch:admin> cfgshow Defined configuration: zone: matt zeus; bond; jeff; Guide 319 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 320
a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneDelete command, using the following syntax: zonedelete "zonename" 3. Enter the cfgSave command to save the change to the defined configuration. 320 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 321
4,7; 6,8; 9,2 Effective configuration: No Effective configuration: (No Access) switch:admin> switch:admin> zonedelete sloth switch:admin> cfgsave WARNING!!! zeus 4,7; 6,8; 9,2 Effective configuration: No Effective configuration: (No Access) Fabric OS Administrator's Guide 321 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 322
is in front of port index. If this was a deleted zone member, it would have been shown as "-5,-1". A "-" before a domain ID would indicate that this TI zone member has been deleted. Example Displaying existing zone database switch:admin> cfgshow Defined configuration: cfg: fabric_cfg Blue_zone zone - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 323
permissions. 2. Enter the cfgShow command to view the zone configuration objects you want to validate. switch:admin> cfgShow Defined configuration: cfg: USA_cfg Purple_zone; White_zone; Blue_zone zone: Blue_zone 1,1; :22; 21:00:00:20:37:0c:76:28 Fabric OS Administrator's Guide 323 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 324
in the zone database in the defined configuration. switch:admin> zone --validate -m 1 Defined configuration: cfg: cfg1 zone1 cfg: cfg2 :1e:35:81:88* Invalid configuration * - Member does not exist The mode flag -m can be used to specify the zone database location. Supported mode flag values are: • - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 325
'Inconsistent Defined and Effective Zone Database' warning to user switch: admin> zoneShow Defined configuration: cfg: cfg1 zone1; zone2 zone: zone1 10:00: configuration: cfg: cfg1 zone: zone1 10:00:00:00:00:00:00:01; 10:00:00:00:00:00:00:02 zone: zone2 1,1; 1,2 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 326
zone configuration. The switch model. The default setting is "All Access". Typically, when you disable the zoning configuration configuration disable operation, set the default zoning mode to No Access. NOTE For switches zone configuration and more than commands. Example switch:admin> defzone - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 327
the switch and log in using an account with admin permissions. 2. Enter the defZone --show command. NOTE If you perform a firmware download of configuration. Use the cfgSize command to display the zone database size. The supported maximum zone database size is 2 MB for systems running only Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 328
fabric, but cannot exceed 64 bytes for each item. When enabling a new zone configuration, ensure that the size of the defined configuration does not exceed the maximum configuration size supported by all switches in the fabric. This is particularly important if you downgrade to a Fabric OS version - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 329
switches in the fabric if a zone merge or HA failover happens. To avoid inconsistency it is recommended to commit the configurations using the 'cfgenable' command. Do you still want to proceed with saving the Defined zoning configuration only? (yes, y, no, n): [no] y Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 330
3. Enter y at the prompt. Example switch:admin> cfgdisable You are about to disable zoning configuration. This action will disable any previous zoning configuration enabled. Do you want to disable zoning configuration? (yes, y, no, n): [no] y 330 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 331
switch:admin> zoneremove "zone1","3,5" switch:admin> cfgtransabort Viewing all zone configuration configuration displays. Use the following procedure to view all zone configuration information: 1. Connect to the switch no operands. Example switch:admin> cfgshow Defined configuration: cfg: USA1 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 332
:00:20:37:0c:71:df Viewing selected zone configuration information Use the following procedure to view the selected zone configuration information: 1. Connect to the switch and log in using an account with admin permissions. 00:00:20:37:0c:71:df 332 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 333
zone objects you want to copy along with the new object name. NOTE Zone configuration names are case-sensitive, blank spaces are ignored, and the zone --copy command works in any Admin Domain except AD255. switch:admin> zone --copy Test1 US_Test1 Fabric OS Administrator's Guide 333 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 334
switch:admin> cfgshow "Test*" cfg: Test1 Blue_zone cfg: Test_cfg Purple_zone; Blue_zone switch configuration objects you want to delete. switch:admin> cfgShow Defined configuration :37:0c:71:df Effective configuration: cfg: USA_cfg zone: Blue_zone configuration names are case-sensitive, blank spaces - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 335
object is present. 5. If you want the change preserved when the switch reboots, enter the cfgSave command to save it to nonvolatile (flash) memory. 6. Enter the cfgEnable command for the appropriate zone configuration to make the change effective. Fabric OS Administrator's Guide 335 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 336
database" on page 332. If you are adding a switch that is already configured for zoning, clear the zone configuration on that switch before connecting it to the zoned fabric. See "Clearing all zone configurations" on page 333 for instructions. 336 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 337
is very similar to adding a new switch. All switches in the new fabric inherit the zone configuration data. If the existing fabric has an effective zone configuration, then the same configuration becomes the effective configuration for the new switches. Before the new fabric can merge successfully - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 338
. For example: cfg1 = z1; z2 is different from cfg1 = z2; z1, even though members of the configuration are the same. If zoneset members on two switches have the same names defined in the configuration, make sure zoneset members are listed in the same order. Fabric segmentation and zoning If the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 339
and effective configurations Switch A Switch B Expected results Switch A has a defined configuration. Switch B does not have a defined configuration. defined: cfg1: zone1: ali1; ali2 effective: none Switch A has a defined and effective configuration. Switch B has a defined configuration but no - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 340
Switch A Switch B Expected results Switch A and Switch B have different defined: cfg2 defined configurations. Switch B has an zone2: ali3; ali4 effective configuration. effective: none Switch A does not have a defined configuration. Switch B has a defined configuration 's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 341
with different TI zone configurations. Clean merge. TI zones are not automatically activated after the merge. defined: none Fabric segments because all switches in the fabric must be running Fabric OS v6.4.0 or later to support Enhanced TI zones. Switch B Expected results defzone: noaccess - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 342
Switch A Switch B Switch A is running Fabric OS 7.0.0 or later. Switch B is running a Fabric OS version earlier than 7.0.0. effective: cfg1 defzone = allaccess Switch A is running Fabric OS 7.0.0 or later. Switch B is running a Fabric OS version earlier than 7.0.0. No effective configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 343
configuration. This action will only save the changes on Defined configuration. transactions Do you want to save the Defined zoning configuration only? (yes, y, no, n): [no switch:admin> cfgtransshow Current transaction token is 0x571010459 It is abortable switch help : Help switch:admin> cfgtransshow - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 344
11 Concurrent zone transactions 344 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 345
for TI zones 356 •Supported configurations for Traffic Isolation Zoning zone 369 •Displaying TI zones 369 •Troubleshooting TI zone routing problems 370 •Setting up TI over FCR zone is activated, the fabric attempts to isolate all inter-switch traffic entering from a member of the zone to only - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 346
traffic entering Domain 4 from E_Port 7 is routed to the devices through N_Ports 5 and 6. Traffic coming from other ports in Domain 1 would not use E_Port 1, but would use E_Port 2 instead. Use the zone command to create is enabled and disabled. 346 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 347
considerations: • This feature is intended for use in simple linear fabric configurations, such as that shown in Figure 31 on page 346. • the path between devices in a TI zone is broken, no inter-switch RSCNs are generated. Each switch that is part of the TI zone generates RSCNs to locally attached - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 348
switches to enable the zone configuration, if you have failover can use any path between switches. Disabling failover does not 6 = Ports in the TI zone 5 Domain 2 Domain 4 FIGURE 32 Fabric incorrectly configured for TI switch changes its active domain ID, the route is broken. See the configure - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 349
not the shortest path. Domain 1 8 1 9 3 Domain 3 9 14 12 15 = Dedicated Path 16 = Ports in the TI zone Domain 2 FIGURE 33 Dedicated path is the only shortest path 7 6 5 Domain the dedicated path is configured to be the shortest path. Fabric OS Administrator's Guide 349 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 350
1 8 1 9 3 Domain 3 9 14 12 15 16 FIGURE 34 = Dedicated Path = Ports in the TI zone Domain 2 Dedicated path is not the FICON fabrics. See the FICON Administrator's Guide for example topologies using enhanced TI zones. See "Additional configuration rules for enhanced TI zones" on page - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 351
. You can also display a report of existing and potential problems with TI zone configurations, as described in "Troubleshooting TI zone routing problems" on page 370. Illegal ETIZ configuration: separate paths from a port to devices on same domain Figure 36 shows two enhanced TI zones that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 352
one port = ETIZ 1 = ETIZ 2 Traffic Isolation Zoning over FC routers This section describes how TI zones work with Fibre Channel routing (TI over FCR). See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. Some - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 353
path is used. If failover is disabled and the TI path is not available, then devices are not imported. NOTE For TI over FCR, all switches in the backbone fabric and in the edge fabrics must be running Fabric OS v6.1.0 or later. Fabric OS Administrator - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 354
-1 Host 2 E_Ports EX_Ports -1 = Dedicated Path = Ports in the TI zone FIGURE 39 TI zone in an designate E_Ports between the front and xlate phantom switches, you must use -1 in place of the for the xlate phantom domain) NOTE In this configuration the traffic between the front and xlate domains can - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 355
a backbone fabric and should not be used in other TI zones. Using D,I and port WWN notation, the members of the TI zone in Figure 40 are: • 1,1 Port WWN for the host) • 10:00:00:00:00:02:00:00 (Port WWN for target 1) • 10:00:00:00:00:03:00:00 (Port WWN for target 2) Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 356
with FC Fast Write. • For the FC8-16, FC8-32, FC8-48, FC8-64, and FX8-24 blades only: If Virtual Fabrics is disabled, two or more shared area EX_Ports connected to the same edge fabric should not be configured in different TI zones. This configuration is not supported. General rules for TI zones The - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 357
41, the TI zone was configured incorrectly and E_Port "3,9" was erroneously omitted from the zone. The domain 3 switch assumes that traffic coming from switch:admin> zone --showTItrunkerrors TI Zone Name: brackets E-Port Trunks Trunk members in TI zone: 16 18 Trunk members not in TI zone: 17 F-Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 358
Trunk members not in TI zone: 9 10 E-Port Trunks Trunk members in TI zone: 16 Trunk members not in TI zone: 17 18 Supported configurations for Traffic Isolation Zoning The following configuration rules apply to TI zones: • Ports in a TI zone must belong to switches that run Fabric OS v6.0.0 or later - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 359
include all ports of the trunk in the TI zone. • Trunked ISL ports cannot be switch:admin> zone --showTItrunkerrors TI Zone Name: brackets E-Port Trunks Trunk members in TI zone: 16 18 Trunk members not in TI zone: 17 F-Port in a backbone fabric, which use port WWNs. See "Traffic Isolation Zoning - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 360
members with port index greater than 511 are not supported with Fabric OS versions earlier than v6.4.0. If such a TI zone and Fabric OS version combination is detected, a warning is issued. These configurations are not prevented, but their behavior is unpredictable. • When you merge two switches, if - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 361
failover disabled, this is not a supported configuration. Base switches do not allow the creation of FID1 Domain 5 LS2, FID3 16 Domain 6 Base switch Domain 2 17 Chassis 2 = Dedicated Path = Ports in the TI zones FIGURE ports shown in Figure 43. Fabric OS Administrator's Guide 361 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 362
by a dotted line) in the base fabric can be reserved for FID1 by defining and activating a base fabric TI zone that consists of ports 10, 12, 14, and 16. You must also include ports 3 and 8, because they belong to logical switches participating in the logical fabric. For the TI zone, it is as though - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 363
Domain 6 11 E 12 E 15 E 16 E 13 EX Base switch Domain 2 14 EX FIGURE 45 = Dedicated Path = Ports in the TI zones Example configuration for TI zones over FC routers in logical fabrics Figure 46 shows a logical representation of the configuration in Figure 45. This SAN is similar to that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 364
enable the current effective configuration to enforce the configuration. To activate a TI zone in a base fabric, you should create a "dummy" configuration route might be missing for ports in that TI zone. " on page 366. 1. Connect to the switch and log in using an account with admin configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 365
5,16; 5,8; 9,5; 9,9" Then create a TI zone in the base fabric, as described in "Creating a TI zone in a base fabric". Remember that your changes are not enforced until you enter the cfgEnable command, as shown here: switch:admin> cfgenable "USA_cfg" You are about to enable a new zoning configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 366
a base fabric 1. Connect to the switch and log in using an account with admin permissions. 2. Create a "dummy" zone configuration in the base fabric. For example: -o f "ti_zone2" -p "1,3; 1,10; 7,12; 7,14; 2,16; 2,8" BS_D1> cfgenable "base_config" 366 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 367
remove the overlapping ports from the zones, then change the failover type, and finally re-add the overlapping members. 1. Connect to the switch and log in current effective configuration and enforce the TI zones. cfgenable "current_effective_configuration" Fabric OS Administrator's Guide 367 53- - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 368
16:f2;" To disable failover on the existing TI zone bluezone: switch:admin> zone --add -o n bluezone To enable failover and add ports to TI zone greenzone: switch:admin> zone --add -o f greenzone -p "3,4" To remove ports from the TI zone bluezone: switch configuration and switch:admin> zone - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 369
about the TI zone purplezone switch:admin> zone --show purplezone Defined TI zone configuration: TI Zone Name: redzone: Port List: 1,2; 1,3; 3,3; 4,5 Configured Status: Activated / Failover-Enabled Enabled Status: Activated / Failover-Enabled Fabric OS Administrator's Guide 369 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 370
12 Troubleshooting TI zone routing problems Example displaying information about all TI zones in the defined configuration in ascending order switch:admin> zone --show -ascending Defined TI zone configuration: TI Zone Name: bluezone: Port List: 8,3; 8,5; 9,2; 9,3; Configured Status: Deactivated - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 371
24, Switch ID Worldwide Name Enet IP Addr FC IP Addr Name 1: fffc01 50:00:51:e3:95:36:7e:04 0.0.0.0 0.0.0.0 "fcr_fd_1" 4: fffc04 10:00:00:60:69:80:1d:bc 10.32.72.4 0.0.0.0 >"E1switch" 6: fffc06 50:00:51:e3:95:48:9f:a0 0.0.0.0 0.0.0.0 "fcr_xd_6_9" Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 372
The Fabric has 3 switches b. Enter the following commands to create and display a TI zone: E1switch:admin> zone --create -t ti TI_Zone1 -p "4,8; 4,5, 1,-1; 6,-1" E1switch:admin> zone --show Defined TI zone configuration: TI Zone Name: TI_Zone1 Port List: 4,8; 4,5; 1,-1; 6,-1 Status: Activated - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 373
configuration. This action will replace the old zoning configuration with the current configuration zone --show Defined TI zone configuration: TI Zone Name: TI_Zone1 Port List: 1,9; 1,1; 2,4; 2,7; configuration. This action will replace the old zoning configuration with the current configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 374
12 Setting up TI over FCR (sample procedure) 374 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 375
Supported configurations for bottleneck detection 377 •Credit Loss 379 •Enabling bottleneck detection on a switch 380 •Displaying bottleneck detection configuration of bottlenecks. • Reduce the time it takes to troubleshoot network problems. If you notice one or more applications slowing down, - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 376
if it is contributing to the congestion. Notes • Bottleneck detection is configured on a per-switch basis, with optional per-port exclusions. • Bottleneck detection is disabled by default. Best practice is cannot be turned on and off independently. 376 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 377
OS Command Reference. Supported configurations for bottleneck detection The following configuration rules apply to bottleneck detection: • Bottleneck detection is supported only on Fibre Channel ports and FCoE F_Ports. • Bottleneck detection is supported only on the following port types: - E_Ports - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 378
is supported in both VF and non-VF modes. In VF mode, if a port on which bottleneck detection is enabled is moved out of a logical switch, any per-port configurations are retained by the logical switch. The per-port configuration does not propagate outside of the logical switch. If the port is - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 379
on these switches, and the Fabric OS Troubleshooting and Diagnostics Guide for more general information. Back-end credit loss detection and recovery support on Brocade 5300 switches The following credit loss detection methods are supported for Brocade 5300 back-end ports: • Per-port polling to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 380
OS Troubleshooting and Diagnostics Guide for more information. • The bottleneck detection commands are supported on F_Ports, FL_Ports, E_Ports, and EX_Ports. • The credit recovery commands are supported only on back-end ports of 4G, 8G, and 16G Capable FC platforms for blades in the Brocade DCX - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 381
to display the details of bottleneck detection configuration for the switch, which includes the following: • Whether the feature is enabled • Switch-wide parameters • Per-port overrides, if any • Excluded ports The initials in the section "Per-port overrides for alert parameters," indicate which - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 382
QTime(s) 1 Y 0.100 0.800 300 300 2 C -- 0.800 600 600 3 L 0.100 -- 300 300 4 N -- -- -- -- NOTE If there are no per-port overrides, then that section is not displayed. Setting bottleneck detection alerts You can configure Fabric OS to log per-port alerts based on the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 383
- 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: Alerts - Yes Latency threshold for alert - 0.100 Congestion threshold for alert - 0.800 Averaging time for alert - 300 seconds Quiet time for alert - 300 seconds Fabric OS Administrator's Guide 383 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 384
threshold for alert - 0.100 Averaging time for alert - 300 seconds Quiet time for alert - 300 seconds Changing bottleneck detection parameters When you enable bottleneck detection, you can configure switch-wide or port-specific alerting parameters. The alerting parameters indicate whether - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 385
-related settings. Use the following procedure to configure the bottleneck detection parameters: 1. Connect to the switch and log in using an account with admin . To remove any port-specific alerting and sub-second latency criterion parameters and revert to the switch-wide parameters, enter the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 386
-only and the latency threshold value to 0.75, both on port 47 only. switch:admin> bottleneckmon --config -alert=latency -lthresh 0.75 47 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch-wide sub-second latency bottleneck criterion: Time threshold - 0.800 Severity - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 387
to 250 seconds for port 47 only. Notice that the command must include -alert=latency to preserve the latency-only alerts configured in the previous example. In general, -alert must be specified (with =latency or =congestion if desired), on every --config command when alerts are desired. switch:admin - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 388
of bottleneck alerts Depending on the circumstances, a problematic switch or port might be triggering alerts more frequently than desired. The An --enable operation behaves as if there is no preexisting user configuration, so if the --enable command does not include -alert, but Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 389
on a per-port basis. You cannot change them on the entire switch, as you port exclusions might be needed if, for example, a long-distance port is known to be a bottleneck because of credit insufficiency. In general, however, per-port exclusions are not recommended. Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 390
for a port This restores bottleneck detection for port 7. Notice that the "Excluded ports" section is not displayed as there are no excluded ports. switch:admin> bottleneckmon --include 7 switch:admin> bottleneckmon --status Bottleneck detection - Enabled 390 Fabric OS Administrator's Guide 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 391
both combined. • Display bottleneck statistics for a single port, bottleneck statistics for all ports on the switch, or a list of ports affected by bottleneck conditions. • Continuously update the displayed Jan 13 18:54:30 Jan 13 18:54:35 0 Fabric OS Administrator's Guide 391 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 392
13 Disabling bottleneck detection on a switch Disabling bottleneck detection on a switch When you disable bottleneck detection on a switch, all bottleneck configuration details are discarded, including the list of excluded ports and non-default values of alerting parameters. Use the following - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 393
enable either encryption or compression selectively. Figure 49 shows an example of 16 Gbps links connecting three Brocade switches. One link is configured with encryption and compression, one with just encryption, and one with just compression. Fabric OS Administrator's Guide 393 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 394
. See Table 62 on page 395 for specific details about the number of ports supported for encryption and compression. • Ports must be 16 Gbps capable, although port speed can be any configurable value. • The devices at either end of the ISL must run Fabric OS 7.0.0 or later software. • Only E_Ports - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 395
Fixed-port switches3 2 ports 3 ports 4 ports 2 ports 16 Gbps 8 ports 8 ports 8 ports 10 Gbps 12 ports 12 ports 12 ports 8/4/2 Gbps 16 ports 16 ports 16 ports Auto-negotiate (AN) 8 ports 8 ports 8 ports 1. For port blades, two ASICs; per ASIC limit = numbers above/two 2. For Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 396
successfully negotiates a speed other than 16G. See also "Configuring encryption and compression" on page 399 and the Fabric OS Command Reference for more details. Usage: portEncCompShow [slot/]port Example output switch:admin> portStatsShow 16/17 16 16 011000 id N8 Online FC 2" (downstream) 17 17 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 397
14 No No No No 15 No No No No 16 No No Yes Yes 16G 17 No No Yes Yes port. Usage: portCfgEncrypt action [slot/]port Example Enabling the encryption configuration for port 2 switch:admin> portcfgencrypt --enable 2 Example Disabling the encryption configuration for port 2 switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 398
to different ASICs of the peer switch. Configuring all 4 ports of the blade with this suggested configuration will provide redundancy in the event of encryption/compression port failures. For Brocade 6510 and 6520 switches, if the two ports are not configured for trunking, we recommend that you - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 399
and EX_Ports in the user-created logical switch, base switch, or default switch; and EX_Ports on base switches can support encryption and compression. You can configure encryption on XISL ports, but not on LISL ports. However, frames from the LISL ports are implicitly encrypted or compressed as they - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 400
was due to mismatched encryption or compression configurations on the ports at either end of the ISL, if port-level authentication failed, or if a required resource was not available. The following topics provide step-by-step instructions for performing encryption and compression tasks: • "Viewing - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 401
, use the switchShow command to determine the slot number of a specific user port. switch:admin> portenccompshow User Encryption Compression Config Port configured Active configured Active Speed ------ ---------- ------ ----- 17 No No No No 4G 18 No No No No 4G 19 No - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 402
No 16G No 16G switch> portcfgspeed 1 0 Configuration for port (1) failed as it exceeds current supported capacity. Compression ratios and encryption/compression enabled ports The compression ratio value the tx values are before compression. 402 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 403
compression ratio data, we recommend that you enable ports for compression only. Configuring and enabling authentication To configure authentication for ports that will later be configured for encryption, follow these steps: 1. Log in to the switch using an account with admin permissions, or an - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 404
32 blade in slot 9 of an enterprise class platform: switch:admin> portcfgencrypt --enable 9/15 4. Enable the port with the portEnable command. After manually enabling the port, the new configuration becomes active. Configuring compression NOTE Before performing this procedure, it is recommended that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 405
disables compression on port 15 of an FC16-32 blade in slot 9 of an enterprise class platform: switch:admin> portcfgcompress --disable 9/15 4. Enable the port with the portEnable command. After enabling the port, the new configuration becomes active. Fabric OS Administrator's Guide 405 53-1002745 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 406
following examples show configuring and enabling encryption and compression. In this case, encryption and compression are being applied to the E_Ports at either end of an ISL connecting a port on a blade in an enterprise class platform named 'myDCX' to a port on a Brocade 6510 switch named 'myswitch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 407
configures and enables encryption and compression on a given port. The commands in this example are shown entered on the Brocade 6510 named 'myswitch'. The same commands must also be entered on the peer switch switch switch is configured to do DH-CHAP, it is performed whenever a port or a switch switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 408
AUTH TYPE HASH TYPE GROUP TYPE dhchap md5 4 Switch Authentication Policy: ON Device Authentication Policy: OFF myswitch: port. myswitch:admin> portcfgencrypt --enable 0 Please disable port to configure Encryption Port Auto Disable: OFF 408 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 409
: OFF Rate Limit EX Port Mirror Port Credit Recovery F_Port Buffers Fault Delay: NPIV PP Limit: CSCTL mode: Frame Shooter Port D-Port mode: Compression: Encryption: FEC: myswitch:admin> OFF OFF OFF ON OFF 0(R_A_TOV) 126 OFF OFF OFF ON ON OFF Fabric OS Administrator's Guide 409 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 410
: OFF Rate Limit EX Port Mirror Port Credit Recovery F_Port Buffers Fault Delay: NPIV PP Limit: CSCTL mode: Frame Shooter Port D-Port mode: Compression: Encryption: FEC: myswitch:admin> OFF OFF OFF ON OFF 0(R_A_TOV) 126 OFF OFF OFF OFF OFF OFF 410 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 411
do not match at both ends. Example: If at one end there is a switch that does not support encryption/compression, the port will be disabled. • Encryption or compression configuration is enabled but resources are not available, or there are other failures preventing encryption or compression - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 412
configures and enables encryption and compression on an EX_Port. The commands in this example are shown entered on a Brocade 6510 named 'myswitch' as Fibre Channel Router (FCR) and an edge switch as 'edge'. Example Displaying port --set 412 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 413
is 8 characters and maximum 40 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed whenever a port or a switch is enabled. Warning: Please use a secure channel for setting secrets. Using an insecure channel is not safe - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 414
Delay: 0(R_A_TOV) NPIV PP Limit: 255 CSCTL mode: OFF D-Port mode: OFF Compression: ON Encryption: ON FEC: ON myswitch:admin> Example Setting the secret key for the front phantom wwn projected by the FCR on the 'edge' switch Use portCfgExPort EX_Port# on the remote FCR to learn the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 415
Brocade Native 20 160 50:00:53:31:37:43:ee:14 8 10:00:00:05:33:13:70:3e Auto Negotiate 10000(N) 2000(N) None N/A N/A OFF OFF OFF N/A N/A Example Configuring the 'edge' switch during next E-port bring-up. dhchap md5 4 Switch Authentication Policy: ON switch. Use portCfgExPort EX_Port# on that switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 416
switch is configured to do DH-CHAP, it is performed whenever a port or a switch Domain, or switch name (Leave blank Domain, or switch name (Leave blank when done port 1 of the 'edge' switch As with the FCR switch Port AE Port Auto Disable: OFF Rate Limit OFF EX Port OFF Mirror Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 417
port. The portCfgShow command shows that both encryption and compression are now enabled on this port SW) AL_PA Offset 13: OFF Trunk Port ON Long Distance OFF VC Link Init Port AE Port Auto Disable: OFF Rate Limit OFF EX Port OFF Mirror Port mode: OFF D-Port mode: OFF Compression - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 418
and compression). Usage: portCfgExPort [slot/]port Example Setting port 47 to be an EX_Port, and displaying the port configuration parameters switch:admin> portcfgexport 47 Port 47 info Admin: enabled State: OK Pid format: core(N) Operate mode: Brocade Native Edge Fabric ID: 17 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 419
is therefore capable of registering with all services of the fabric. This chapter does not discuss the Access Gateway feature. For more information on the Access Gateway feature, refer to the Access Gateway Administrator's Guide. Each NPIV device has a unique device PID, Port WWN, and Node WWN, and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 420
that do not have Virtual Fabrics enabled. When Virtual Fabrics is enabled on the Brocade DCX and DCX-4S, fixed addressing mode is used only on the default logical switch. The number of NPIV devices supported on shared area ports (48-port blades) is reduced to 64 from 128 when Virtual Fabrics mode is - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 421
Yes, 255 virtual device limit.3 DCX-4S Enabled Base switch No. 1. Maximum limit support takes precedence if user-configured maximum limit is greater. This applies to shared areas on the FC4-48, FC8-48, and FC8-64 port blades. 2. The first 112 physical NPIV-capable devices connected to a logical - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 422
and disabling NPIV On the Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, and 8000 switches, the Brocade 5410, 5424, 5430, 5450, 5460, 5470, and 5480 embedded switches, Brocade DCX and DCX 8510 Backbone families, and the FA4-18 blade, NPIV is enabled for every port. NOTE NPIV is a requirement for - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 423
portCfgShow command to view the switch ports information. The following example shows whether a port is configured for NPIV: switch:admin> portcfgshow Ports of Slot 0 0 1 1e:0a:16:59 4. Use the portShow command to view the NPIV attributes and all the N_Port (physical and virtual) port WWNs that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 424
port configuration information switch fb:00:16:fc c0:50:76:ff:fb:00:16:f8 ... ... c0:50:76:ff:fb:00:16:80 normal portSpeed: N2Gbps Interrupts: 0 Link_failure: 16 Frjt: 0 Unknown: 0 Loss_of_sync: 422 16:80 192 2048 c scr=3 scr=3 scr=3 d_id=FFFFFC d_id= - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 425
-PWWN 425 •User- and auto-assigned FA-PWWN behavior 426 •Configuring FA-PWWNs 426 •Supported switches and configurations for FA-PWWN 429 •Configuration upload and download considerations for FA-PWWN 430 •Firmware upgrade and downgrade considerations for FA-PWWN 430 •Security considerations for - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 426
multiple chassis causes duplicate PWWNs. Configuring FA-PWWNs Use the faPwwn command to create and manage FA-PWWNs. The faPwwn command supports the following management tasks: • Binding an automatically assigned or a user-assigned FA-PWWN to a switch port. • Overriding an automatically assigned FA - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 427
are shown in Figure 51. Access Gateway Switch running FOS 7.0.0 F-Port N-Port Edge Switch running FOS 7.0.0 NPIV F-Port HBA Scenario 1 An FA-PWWN is configured for an HBA device connected to an Access Gateway Switch. F-Port HBA Scenario 2 Configure an FA-PWWN for an HBA device connected - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 428
a version of Fabric OS earlier than 7.0.0, the HBA will continue to disable its port. Configuring an FA-PWWN for an HBA connected to an edge switch For this procedure, some of the steps are to be executed on the switch and some are to be executed on the server. 1. Log in to the edge - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 429
port. Supported switches and configurations for FA-PWWN The FA-PWWN feature is supported on the following platforms: • Switch platforms running Fabric OS v7.0.0 or later: - Brocade DCX, DCX-4S, and DCX 8510 family - Brocade 300 - Brocade 5100 - Brocade 5300 - Brocade 6505 - Brocade 6510 - Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 430
16 Configuration upload and download considerations for FA-PWWN • Access Gateway platforms running Fabric OS v7.0.0 or later: - Brocade 300 - Brocade 5100 - Brocade 6505 - Brocade 6510 • Brocade HBAs with driver version 3.0.0.0: - Brocade 415 - Brocade 425 - Brocade 815 - Brocade 825 Configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 431
the FA-PWWN feature: • FA-PWWN is supported only on Brocade HBAs and adapters. Refer to the release notes for the supported Brocade HBA or adapter versions. • FA-PWWN is not supported for the following: - FCoE devices - FL_Ports - Swapped ports (using the portswap command) - Cascaded Access Gateway - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 432
16 Access Gateway N_Port failover with FA-PWWN 432 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 433
that defines which switches, ports, and devices you can view and modify. An Admin Domain is a filtered administrative view of the fabric. NOTE If you do not implement Admin Domains, the feature has no impact on users and you can ignore this chapter. Admin Domains permit access to a configured set of - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 434
Admin Domain and has a range from 0 through 255. The domain ID identifies a switch in the fabric and has a range from 1 through 239. Figure 52 shows a 53, users can see all switches and E_Ports in the fabric, regardless of their Admin Domain; however, the switch ports and end devices are filtered - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 435
switches, not supported on the Brocade 8000. The Brocade instructions). • Gigabit Ethernet (GbE) ports cannot be members of an Admin Domain. • Traffic Isolation Zoning is supported 24, "Using FC-FC Routing to Connect Fabrics," for information about the FC-FC Routing Service Domain configuration and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 436
implicit membership list contains all devices, switch ports, and switches in the fabric. When you create AD1 through AD254, the devices, switch ports, and switches used to create these user-defined Admin deleted unless you explicitly remove them. 436 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 437
Admin Domain. AD0 is useful when you create Admin Domains because you can see which devices, switch ports, and switches are not yet assigned to any Admin Domains. AD0 owns the root zone database (legacy zone encompasses the entire physical fabric. Fabric OS Administrator's Guide 437 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 438
The home Admin Domain, like the Admin Domain list, is a configurable property of a non-default user account. Here is some additional You can later switch to a different Admin Domain (refer to "Switching to a different Admin Domain context" on page 456 for instructions). • For Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 439
members in the zone configuration. If you specify a device WWN member in the Admin Domain member list, zone enforcement ignores zones with the corresponding port (the port to which the device is connected) member usage. Switch port members Switch port members are defined by switch domain,index and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 440
to the switch. • A switch member grants port control for all ports in that switch. • A switch member allows switch administrative operations such as disabling and enabling a switch, rebooting, and firmware downloads. • A switch member does not provide zoning rights for the switch ports or devices - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 441
56 shows the filtered view of the fabric as seen from AD3 and AD4. The switch WWNs are converted to the NAA=5 syntax; the device WWNs and domain IDs remain the 10:00:00:00:c8:3a:fe:a2 FIGURE 56 Filtered fabric views showing converted switch WWNs Fabric OS Administrator's Guide 441 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 442
Domains maintain continuity of service for Fabric OS features and operate in mixed-release Fabric OS environments. High availability is supported with some backward compatibility. When an E_Port comes online, the adjacent switches merge their AD databases. The receiving switch accepts an AD database - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 443
SAN switch with necessary, switch to switch, switch port, configuration or make it the effective configuration directly. The following procedure describes the steps for creating Admin Domains. 1. Log in to the switch instructions. 4. Switch to the AD255 context, if you are not already in - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 444
for instructions. Example of creating Admin Domains The following example creates Admin Domain AD1, consisting of two switches, which are designated by domain ID and switch WWN. switch:AD255:admin Domain-specific zones and zone configurations. 444 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 445
it. This example also assigns blue_ad1 as the user's home Admin Domain. switch:admin> userconfig --add ad1admin -r admin -h blue_ad1 -a "blue_ad1" The fabric administrator. switch:admin> userconfig --add pfa_admin1 -r admin -h 255 -a "0-255" Fabric OS Administrator's Guide 445 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 446
Connect to the switch and log in using green_ad2 from the user account adm1 switch:admin> userconfig --deletead adm1 -a to the switch and log in using an account with admin permissions. 2. Switch to the AD255 following example activates Admin Domain AD_B5. switch:AD255:admin> ad --activate AD_B5 You - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 447
are terminated. The ad --deactivate command does not disable ports. Example of deactivating Admin Domain AD_B4 switch:AD255:admin> ad --deactivate AD_B4 You are about to deactivate an AD. This operation will fail if an effective zone configuration exists in the AD Do you want to deactivate 'AD_B5 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 448
fabric, enter ad --apply. Example of adding two switch ports, designated by domain,index, to AD1 switch:AD255:admin> ad --add AD1 -d "100,5; rename is part of the effective configuration. 1. Connect to the switch and log in using an account with admin permissions. 2. Switch to the AD255 context, if - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 449
name of Admin Domain Eng_AD to Eng_AD2 switch:AD255:admin> ad --rename Eng_AD Eng_AD2 Connect to the switch and log in using an account with admin permissions. 2. Switch to the Admin switch:AD255:admin> ad --delete AD_B3 You are about to delete an AD. This operation will fail if zone configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 450
(switches, ports, and devices) are returned to the implicit membership list of AD0. You cannot clear the Admin Domain configuration if zone configurations all zone configurations" on page 333 for instructions. 2. Connect to the switch and log in using an account with admin permissions. 3. Switch to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 451
newly added zones in AD0 to the zone configuration. cfgadd "cfgName", "member[;member]" 5. Enable the configuration to complete the transaction. cfgenable cfgName 6. Switch to the AD255 context. ad --select 255 device WWN2 is in both AD0 and AD1. Fabric OS Administrator's Guide 451 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 452
Zone CFG Info for AD_ID: 0 (AD Name: AD0, State: Active) : Defined configuration: cfg: AD0_cfg AD0_RedZone zone: AD0_RedZone 10:00:00:00:01:00:00:00; 10:00:00:00:02 :00:00:00 Effective configuration: cfg: AD0_cfg zone: AD0_RedZone 10:00:00:00:01:00:00:00 10:00 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 453
:00:00 Effective configuration: cfg: AD1_cfg Defined configuration: cfg: AD2_cfg AD2_GreenZone zone Effective configuration: cfg ports associated with the traffic isolation zone changes Do you want to enable 'AD0_cfg' configuration saved AD configuration. This action will trigger AD apply to all switches in the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 454
switches and their devices. 1. Connect to the switch and log in using an account with admin permissions. 2. Switch configuration: AD Number: 2 AD Name: ad2 State: Active Switch port members: 1,1; 1,3; 2,5+; 3,6; * - Member does not exist + - Member is AD Unaware SAN switch switch ports - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 455
to the switch and log in. 2. Enter the ad --exec command, specifying the Admin Domain and the command you want to execute. ad --exec ad_id "command" Example of executing the switchShow command in the AD7 context switch:AD255:admin> ad --exec 7 "switchshow" Fabric OS Administrator's Guide 455 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 456
SAN management with Admin Domains Displaying an Admin Domain configuration configuration stored in the persistent memory (defined configuration). • 2 to display the currently enforced Admin Domain configuration (effective configuration). Example of displaying membership information about AD1 switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 457
Admin Domain. Configuration upload and download Refer to "Configuration upload and download in an AD context" on page 460 for details. Fabric Watch Fabric Watch configuration operations are allowed only if the local switch is part of the current Admin Domain. FC-FC Routing Service You can - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 458
requires additional physical control of the ports. You must set up the switch as a physical member of the FICON AD. Device Connection Control (DCC) and Switch Connection Control (SCC) policies are supported only in AD0 and AD255, because ACL configurations are supported only in AD0 and AD255. iSCSI - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 459
SAN current Admin Domain. Refer to "Validating a zone" on page 323 for instructions on using the zone --validate command. NOTE AD zone databases do not (AD1 through AD254 are not configured and no explicit members are added to AD0), AD0 supports both All Access and No Access Guide 459 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 460
Admin Domains. Device discovery problems might occur if LSAN zones in one Admin Domain contain devices that belong to another Admin Domain. Refer to Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about LSAN zones. Configuration upload and download in an AD context The - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 461
Licensed Features Section II This section describes optionally licensed Brocade Fabric OS features and includes the following chapters: • Chapter Chapter 23, "Managing Long-Distance Fabrics" • Chapter 24, "Using FC-FC Routing to Connect Fabrics" Fabric OS Administrator's Guide 461 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 462
462 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 463
overview 463 •Brocade 7800 Upgrade license •Removing a licensed feature 482 •Ports on Demand 483 Licensing overview Feature Fabric OS includes basic switch and fabric support software, and support for optionally licensed software switch. Fabric OS Administrator's Guide 463 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 464
. It is chassis-based when applied to a Brocade 6510 or 6520 switch. • Enables full hardware capabilities on the Brocade 7800 base switch, increasing the number of Fibre Channel ports from four to sixteen and the number of GbE ports from two to six. • Supports up to eight FCIP tunnels instead of two - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 465
on those products that support Access Gateway deployment. Brocade Ports on Demand Allows you to instantly scale the fabric by provisioning additional ports using license key upgrades. NOTE: Applies to the Brocade 300, 5100, 5300, 6505, 6510, 6520, and VA-40FC switches. DataFort Compatibility - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 466
a DCX and a DCX-4S; the latter cannot support more than eight links on an ICL port. Available on the Brocade DCX and DCX-4S Backbones only. ICL 16-Link Activates all 16 links on ICL ports on a Brocade DCX chassis. Each chassis must have the ICL 16-Link license installed in order to enable the full - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 467
licenses (Continued) Description Integrated Routing • Allows any ports in Brocade 5100, 5300, 6510, 6520, and VA-40FC switches, the Brocade Encryption Switch, or the Brocade DCX, DCX-4S, and DCX 8510 family platforms to be configured as an EX_Port supporting FC-FC routing. • Eliminates the need to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 468
FIPS Firmware download switches. No license required. N/A No license required. N/A Adaptive Networking with QoS. • ICL 1st POD (Ports on Demand) on the Brocade DCX 8510 Backbone family only. • ICL 2nd POD on the Brocade DCX 8510-8 only. • ICL 8-link on the Brocade DCX and DCX-4S only. • ICL 16 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 469
to enable 10Gb Ethernet ports on the FX8-24 extension blades. • Brocade 8000 - Must have license installed to enable the 8 FC ports. A maximum of 8 FC ports are allowed. Local switch. Local switch. QoS Adaptive Networking with QoS Local switch and attached switches. (Brocade 6520 does not - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 470
Gbps on the Brocade 300, 5100, 5300, and VA-40FC switches and embedded switches only. NOTE: The 8 Gbps license is installed by default, and you should not remove it. A 10-Gb FCIP/Fibre Channel license is needed to support 10Gb FC ports on FC16-32 blades, FC16-48 blades, and the Brocade 6510 and 6520 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 471
ICL 1st POD licence. ICL ports on core blades of a DCX can be used only with an ICL 16-link or ICL 8-link license. ICL ports on core blades of a Brocade DCX 8510-8 and a DCX 8510-4, as the latter supports half the bandwidth of the DCX 8510-8 on each ICL port. This license is available on the Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 472
support more than eight links on an ICL port. This license is available on the Brocade DCX-4S and DCX platforms only. ICL 16-link license The ICL 16-link license provides dedicated high-bandwidth links between two Brocade and not on the logical switches. • If the maximum number Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 473
300, 5100, 5300, and VA-40FC switches and the 8 Gbps embedded switches; this license does not apply to the Brocade 6505, 6510, or 6520. The following list describes the basic rules of using, adding, or removing 8G licenses: • Without an 8G license, even if there is an 8 Gbps SFP plugged into a port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 474
Brocade DCX and DCX 8510 Backbone families to support the FX8-24 blade, and on the Brocade DCX 8510 Backbone family to support the 16 Gbps FC port blades (FC16-24 considerations When a slot-based license is present on the switch, firmware downgrade to pre-Fabric OS v6.3.0 is allowed, but the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 475
Fibre Channel license (10G license) enables the following features: • 10 Gbps access on the 16 Gbps FC ports on Brocade 6510 or 6520 switches, and FC16-32 and FC16-48 port blades. • The two 10-GbE ports on the FX8-24 extension blade. This 10G license is applied as a slot-based license on the FC16-32 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 476
be used for FC long distance connectivity. FC ports licensed and configured to operate at 10 Gbps on a Brocade 6510 or 6520 switch or 16 Gbps FC port blade cannot interoperate with 10 Gbps FC ports on the Mc-6140 platform. The new FC ports use different protocols and physical connections. Enabling - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 477
1 Consumed 1 Configured Blade Slots 4 8510-8switch:admin> portcfgoctetspeedcombo 4/2 2 8510-8switch:admin> portcfgspeed 4/2 10 8510-8switch:admin> Example of assigning a 10G license on a Brocade 6510 and enabling 10 Gbps operation on a port This example assigns a license to a Brocade 6510 switch and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 478
Consumed 1 Configured Blade Slots license Capacity 1 Consumed 1 Configured Blade Slots 7 8510-4switch switch basis. • A universal temporary license can be installed on a switch, but can be applied to multiple switches QoS license (not required for Brocade 6520) • Advanced Performance Monitoring - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 479
time between your network devices, including switches or Backbones, then do not attempt to change the system date and time when a temporary license is installed. Configupload and download considerations The configDownload and configUpload commands download the legacy, enhanced, consumed capacities - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 480
. An expired license may become unusable after a reboot, failover, firmware download, or a port or switch disable or enable operation. Removing an expired license CAUTION This procedure is licensed feature can no longer be used on the switch. 480 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 481
the software license keys and installation instructions. Adding a licensed feature To enable a feature, go to the feature's appropriate section in this manual. Enabling a feature on a switch may be a separate task from adding the license. For the Brocade Backbones, licenses are effective on both - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 482
installed on the switch are listed. If the feature is not listed, enter the licenseAdd command again. Some features may require additional configuration, or you Ports on Demand license - additional 16 port upgrade license 2 Domain Fabric license Integrated Routing license Storage Application Services - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 483
purchased with 24, 32, or 40 licensed ports. A maximum of 40 ports is allowed. ATTENTION Licenses are not interchangeable between units. For example, if you bought a POD license for a Brocade 300, you cannot use that license on a Brocade 5100 or VA-40FC. The licenses are based on the switch License - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 484
key, make sure to insert the transceivers in ports 16 through 23. If you later install a second license key, insert the transceivers in ports 24 through 31. For details on inserting transceivers, see the switch's hardware reference manual. Displaying installed licenses If a single license is - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 485
or switch installation. The following platforms support Dynamic POD: • Switches: - Brocade 6505 - Brocade 6510 - Brocade 6520 • Embedded switch modules for bladed servers: - Brocade 5410 - Brocade 5424 - Brocade 5450 - Brocade 5460 - Brocade 5470 - Brocade 5480 Fabric OS Administrator's Guide 485 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 486
--show command. Example showing manually assigned POD licenses switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned for use in this switch: 12 port assignments are provisioned by the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 487
by a full POD license 24 ports are assigned to installed licenses: 12 ports are assigned to the base switch license 12 ports are assigned to the full POD license Ports assigned to the base switch license: 1, 2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20 Fabric OS Administrator's Guide 487 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 488
reserve a license for the port. switch:admin> licenseport -reserve 0 • If all port reservations are assigned, select a port to release its POD license. Follow the instructions in "Releasing a port from a POD set" to release a port from its POD assignment. Once the port is released, you can reserve - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 489
POD license: None Ports not assigned to a license: 0, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 6. Enter the switchEnable command to bring the switch back online. 7. Enter the switchShow command to verify the switch state is now online. Fabric OS Administrator's Guide 489 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 490
18 Ports on Demand 490 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 491
DCX 8510 Backbone family supports optical ICL QSFPs. • The Brocade DCX Backbone family supports proprietary copper ICL connectors. When two Brocade Backbones are interconnected by ICLs, each chassis requires a unique domain and is managed as a separate switch. ICL ports can be used only with an - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 492
blade. The Brocade DCX 8510-4 has two port groups on the CR16-4 core blade. Each port group has four QSFP connectors, and each QSFP connector maps to four user ports. Refer to the hardware reference manuals for details about the port groups. Following are ICL configuration guidelines for trunking - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 493
are not supported. This is a topology restriction with 16 Gbps ICLs and any ISLs that are E_Ports or VE_Ports. ICL trunking on the Brocade DCX 8510-8 and DCX 8510-4 ICL trunks form automatically but additional licenses may be required for enabling all ICL ports or for larger ICL configurations. For - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 494
XISLs. The "Allow XISL Use" attribute for the switch must be off. • All of the user ports in an ICL cable must be in the same logical switch. Distributing the user ports within the same cable across multiple logical switches is not supported. 494 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 495
point-to-point.) The illustrations in this section show sample topologies. Refer to the Brocade SAN Scalability Guidelines for details about maximum topology configurations. Mesh topology You can connect the Brocade Backbones in a mesh topology, in which every chassis is connected to every other - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 496
19 Supported topologies for ICL connections FIGURE 62 Full nine-mesh topology During of the ISL path being lesser or greater than the ICL path between the two switches. Core-edge topology You can also connect the Brocade DCX 8510 Backbones in a core-edge topology. For example, Figure 63 shows six - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 497
Supported topologies for ICL connections 19 FIGURE 63 64 Gbps ICL core-edge topology Fabric OS Administrator's Guide 497 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 498
19 Supported topologies for ICL connections 498 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 499
515 •Saving and restoring monitor configurations 515 •Performance data collection 516 Brocade Network Advisor. Refer to the Web Tools Administrator's Guide and Brocade Network Advisor User Manual the slot/port syntax required by Backbones. For fixed-port switches, use only the port number where - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 500
are supported Brocade DCX 8 4 Brocade DCX-4S Brocade 8510 family Brocade 6510 4 4 Brocade 6520 4 4 Brocade 5100 3 3 Brocade VA-40FC Brocade 5300 4 3 Each logical switch can have its own set of performance monitors. The installation of monitors is restricted to the ports that - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 501
per port. • The Brocade 300, 5300, 5410, 5424, 5430, 5450, 5460, 5470, 5480, and 7800 models allow up to 768 end-to-end monitors shared by all ports in the same ASIC. Also, these models allow up to 192 end-to-end monitors per port. The number of interswitch links (ISLs) configured on the switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 502
on one logical switch. Supported port configurations for EE monitors You can configure EE monitors on F_Ports and, depending on the switch model, on E_Ports. The following platforms support EE monitors on E_Ports: • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade DCX 8510 family Identical - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 503
is ff:ff:ff. NOTE Only one mask per port can be set. When you set a mask, all existing end-to-end monitors are deleted. ATTENTION End-to-end masks are supported only on the Brocade 8000 and the Brocade Encryption Switch. 1. Connect to the switch and log in using an account with admin permissions - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 504
-to-end monitors on port 0 (the monitor numbers are listed in the KEY column) and deletes monitor number 2 on port 0: switch:admin> perfmonitorshow --class the switch and log in using an account with admin permissions. 2. Enter the perfMonitorShow command. 504 Fabric OS Administrator's Guide 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 505
port at 10-second intervals switch port switch:admin> perfMonitorShow --class EE 4/5 There are 7 end-to-end monitor(s) defined on port switch port: switch:admin> perfMonitorClear --class EE 1/2 This will clear ALL EE monitors' counters on port by a port, and generates transmitted by the port) or a - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 506
number of frame monitors per port Maximum number of offsets per port Brocade 300, 5300, 5410, 5424, 5450, 8 131 5460, 5470, 5480, and 7800 Brocade 5100, 6505, 6510, 6520, 8000, 12 252 VA-40FC, DCX, DCX-4S, DCX 8510, and Brocade Encryption Switch 1. For switches in Access Gateway mode, the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 507
frame type and applying frame monitors to ports 3, 4, and 5 switch:admin> fmmonitor --create myframemonitor -pat "17,0xFF,0x007;7,0x4F,0x01;" -port 3-5 Deleting frame types Deleting a frame type removes the entire configuration, including configured thresholds and associated actions. It also - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 508
3 through 12, but does not save the port configuration. The second command saves the port configuration persistently. switch:admin> fmmonitor --addmonitor SCSI -port 3-12 -nosave switch:admin> fmmonitor --save SCSI Displaying frame monitors 1. Connect to the switch and log in using an account with - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 509
. Notice that in the last entry, the "-" in the Count column indicates that the monitor is configured, but is not installed on the port. switch:admin> fmmonitor --show SCSI Port|Frame Type |Count |HIGH Thres|Actions |TIMEBASE |CFG 000001|scsi |0x0000000000000123|1000 |Email |None |saved - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 510
originating from the port and flowing to different destinations. You can configure Top Talker monitors on F_Ports and, depending on the switch model, on E_Ports. The following platforms support Top Talker monitors on E_Ports: - Brocade 6505 - Brocade 6510 - Brocade 6520 - Brocade DCX 8510 family - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 511
-to-edge configurations. Note the following restrictions: • An E_Port-attached switch must be connected and merged with the backbone FC router before you can enable Top Talker monitors on the FC router. • Fabric mode Top Talker monitors does not support requests for domains (either front port domain - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 512
are not supported on VE_Ports, EX_Ports, and VEX_Ports. • The maximum number of all port mode Top Talker monitors on an ASIC is 16. If Virtual Fabrics is enabled, the maximum number of all port mode Top Talker monitors on an ASIC is 8. • If the ingress and egress monitor ports are configured on the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 513
run the perfTTmon --add fabricmode command on that switch. The Top Talker monitor configuration information is not automatically propagated to the new switch. Displaying the top n bandwidth-using flows on a port (port mode) 1. Connect to the switch and log in using an account with admin permissions - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 514
slot 2, port 4 on a Backbone in PID format: perfttmon --show 2/4 pid switch:admin> port The following example deletes the monitor on port 7: perfttmon --delete 7 The following example deletes the monitor on slot 2, port 4 on a Backbone: perfttmon --delete 2/4 514 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 515
for trunks, except for the Brocade 300, which supports 8 frame monitors for trunks. • For the Brocade 8000, trunk monitoring is supported only on the FC ports and not on the CEE ports. Saving and restoring monitor configurations To prevent the switch configuration flash from running out of memory - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 516
Performance Monitoring is deleted when the switch is rebooted. Using the Brocade Network Advisor Enterprise Edition, you can store performance data persistently. For details on this feature, refer to the Brocade Network Advisor User Manual. 516 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 517
to ensure optimized behavior in the SAN. Even under the worst congestion n bandwidth-consuming flows passing through a specific port in the network. Top Talkers requires an Advanced for traffic flowing from a specific set of source ports (F_Ports). Traffic Isolation Zoning does not require a - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 518
the switch port. feature. NOTE The Brocade 6520 does not require services based on requirements. • To enable more important devices to use the network bandwidth during specific services port is only a 2-Gbps port, then Ingress Rate Limiting is not enforced. The Ingress Rate Limiting configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 519
Fabrics considerations If Virtual Fabrics is enabled, the rate limit configuration on a port is on a per-logical switch basis. That is, if a port is configured to have a certain rate limit value, and the port is then moved to a different logical switch, it would have no rate limit applied to it in - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 520
Must be manually enabled after to the zone configuration. • Save and then enable the zone configuration. • Enable QoS switch that is in the path between a configured device pair. NOTE The Brocade E_Ports, you must manually enable QoS zone-based you must manually disable QoS on the 8-Gbps ports. See - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 521
and then honored by the switch, which assigns the frame, 1-8 9-16 17-24 Low Medium -level configurations. For configuration details, Supported configurations for CS_CTL-based frame prioritization • CS_CTL-based frame prioritization is supported on all 8-Gbps and 16-Gbps platforms. • All switches - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 522
Table 77 on page 521), as in the following example. switch:admin> configurechassis Configure... cfgload attributes (yes, y, no, n): [no] y Enforce secure config Upload/Download (yes, y, no, n): [no] Enforce signature validation for firmware (yes, y, no, n): [no] Add Suffix to the uploaded file name - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 523
configuration. It does not provide options to enable CS_CTL QoS on the ports the switch port connected to the initiator host and the switch port connected 16-Gbps ports that are not long-distance ports. If ports ports for which you have not manually disabled QoS, as the ports Guide 523 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 524
the portcfgshow output, the value of QOS_E_Port is AE for port 19 and ".." for port 24. This means that QoS is enabled by default on port 19 and disabled on port 24. You need to disable QoS on port 19. switch:admin> islshow 1: 2->300 10:00:00:05:1e:43:00:00 100 DCX sp: 8.000G bw: 32.000G - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 525
zones switch:admin> portcfgshow (output truncated) Ports of Slot 0 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN Fill Word 0000 0000 0000 0000 AL_PA Offset 13 Trunk Port ON ON - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 526
switch S2 15 = Low priority 87 = Medium priority S3 = High priority 16 Domain 2 FIGURE 68 QoS traffic prioritization Domain 4 For this fabric, you Members: H1, H2, S3 QoS on E_Ports In addition to configuring the hosts and targets in a zone, you must also enable Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 527
over an FC router. See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. To establish QoS over FC over FC routers" on page 532 for detailed instructions. Fabric OS Administrator's Guide 527 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 528
interopmode 3. • QoS over FC routers is supported for the following configurations: - Edge-to-edge fabric configuration: supported on all platforms. - Backbone-to-edge fabric configuration: supported on 16-Gbps-capable platforms only (Brocade 6510, 6520, and Brocade DCX 8510 family), and only if no - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 529
priority, hosts and targets must be connected to a Brocade 8-Gbps or 16-Gbps switch or port blade. - To preserve the priority level across ISLs, the switches must be running Fabric OS v6.0.0 or later and must be one of the following platforms: Brocade 300, 4100, 4900, 5000, 5100, 5300, 5410, 5424 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 530
use D,I notation. • QoS zones that use D,I notation are not supported for QoS over FCR. • QoS zones that use D,I notation should not be used for loop or NPIV ports. • If QoS is enabled, an additional 16 buffer credits are allocated per port for 8-Gbps ports in LE mode. See Chapter 23, "Managing Long - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 531
the portCfgQos command to enable QoS on a specific port, the port is toggled to apply this configuration, even though the port already has QoS enabled. The port is toggled because the user configuration changed, even though the actual configuration of the port did not change. If you later use the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 532
1. Connect to the switch in the edge fabric for instructions. 3. Create LSAN zones in the " on page 591 for instructions. 4. Enter the portCfgQos command switch and log in using an account with admin permissions. 2. Enter the cfgRemove command to remove the QoS zones from the current zone configuration - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 533
Supported configurations for trunking 535 •Supported platforms for trunking 536 •Requirements for trunk groups 536 •Recommendations for trunk groups 537 •Configuring trunk groups 538 •Enabling trunking on a port or switch 538 •Disabling trunking on a port or switch ports appear as a single port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 534
trunking. The trunk ports are N_Ports (on the Access Gateway or adapter) connected to F_Ports (on the switch). For more information, see "Configuring F_Port trunking for a Brocade adapter" on page 545, the Access Gateway Administrator's Guide, and the Brocade Adapters Administrators Guide. NOTE This - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 535
but they might not be. Refer to the hardware reference manual for your switch for information about which ports can be used in the same port group for trunking. FIGURE 71 Trunk group configuration for the Brocade 5100 Supported configurations for trunking • Trunk links can be 2 Gbps, 4 Gbps, 8 Gbps - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 536
. - They must be configured for the same distance. - They must have the same encryption, compression, QoS, and FEC settings. • Trunk groups must be between Brocade switches (or Brocade adapters, in the case of F_Port trunking). Brocade trunking is proprietary and is not supported on M-EOS or third - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 537
the standard guidelines for SAN design: • Evaluate the traffic patterns within the fabric. • Place trunking-capable switches adjacent to each other as business requirements grow, consider leaving one or two ports in the group available for the future nondisruptive addition 's Guide 537 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 538
trunking for an Access Gateway" on page 544 or "Configuring F_Port trunking for a Brocade adapter" on page 545 for information. Enabling trunking on a port or switch You can enable trunking for a single port or for an entire switch. Because trunking is automatically enabled when you install the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 539
-> 15 10:00:00:60:69:51:43:04 99 deskew 16 3: 24-> 14 10:00:00:60:69:51:42:dd 2 deskew 15 MASTER This example shows trunking information along with the bandwidth and throughput for all the trunk groups in a switch. switch:admin> trunkshow -perf 1: 2-> 2 10:00:00:05:1e:81:56 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 540
16.00Gbps, Throughput 1.67Gbps (12.12%) Rx: Bandwidth 16 port speed instead of setting it to autonegotiate. In addition to the criteria listed in "Supported configurations for trunking" on page 535, observe the following criteria for trunking over extended fabrics: • It is supported only on switches - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 541
This feature should be enabled only if the entire configuration is running Fabric OS v5.2.0 or later. If router port cost is used with EX_Port trunking, the master port and slave ports share the router port cost of the master port. See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for more - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 542
supported only with Brocade edge fabrics. You can use EX_Port frame trunking in the following configurations and cases: • For ports with speeds of 2 Gbps up to a maximum speed of 16 Gbps and trunking over long distance. • In the edge fabric, when the FC router is connected to a switch that supports - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 543
of the Port ID (also referred to as the Address Identifier) when F_Ports go offline, and it increases F_Port bandwidth. This section describes how you configure F_Port trunking on the switch. See the Access Gateway Administrator's Guide and the Brocade Adapters Administrator's Guide for information - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 544
73 Switch in Access Gateway mode with F_Port masterless trunking NOTE You do not need to map the host to the master port manually, because the Access Gateway will perform a cold failover to the master port. See "Configuring F_Port trunking for an Access Gateway" on page 544 for instructions on - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 545
. This section describes the configuration steps you do on the switch. See the Brocade Adapters Administrator's Guide for a detailed description and requirements of N_Port trunking on the adapters. 1. On the switch side, perform the following steps: a. Configure both ports for trunking by using the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 546
3/41. 2. On the host side, enable trunking as described in the Brocade Adapters Administrator's Guide. 3. On the switch side, enable the ports by using the portEnable command. switch:admin> portenable 3/40 switch:admin> portenable 3/41 F_Port trunking considerations Table 80 describes the F_Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 547
master trunk. PID format F_Port trunking is supported only in the CORE PID format. Port mirroring Port mirroring is not supported on Trunk Area ports or on the PID of an F_Port trunk port. Port mirroring is not supported on the Brocade Encryption Switch. Port Swap When you assign a Trunk Area - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 548
an 8-bit area address that remains persistent. After F_Port trunking configurations are removed from a port in a logical switch, that port returns to the default 10-bit area address model, which supports up to 1024 F_Ports in a logical switch. NOTE Because the DCX and DCX 8510-8 platforms have - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 549
port configuration. switch:admin> porttrunkarea --show enabled Port Type State Master TI DI 36 F-port Master 36 37 36 37 F-port Slave 36 37 37 38 F-port Slave 36 37 38 39 F-port deskew 15 Tx: Bandwidth 16.00Gbps, Throughput 1.63Gbps (11.84%) Rx: Bandwidth 16.00Gbps, Throughput 1.62Gbps ( - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 550
. 3. Turn on the trunk ports. Turn on trunk ports after issuing the secPolicyActivate command, to prevent the ports from becoming disabled in case there is a DCC security policy violation. You can configure authentication on all Brocade trunking configurations. For more information on authentication - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 551
on long-distance links 568 Long-distance fabrics overview The most effective configuration for implementing long-distance SAN fabrics is to deploy Fibre Channel switches at each location in the SAN. Each switch handles local interconnectivity and multiplexes traffic across long-distance dark fiber - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 552
Brocade 8000 FCoE switch Extended Fabrics is not supported on this platform. • FC8-64 port blade Brocade recommends that you do not use the FC8-64 port supported link distance is up to 5 km at 2 Gbps, up to 2 km at 4 Gbps, and up to 1 km at 8, 10, and 16 Gbps. • Extended Mode (LE) - LE configures - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 553
configurations, refer to Chapter 22, "Managing Trunking Connections". • Only qualified Brocade SFPs are used. Only Brocade-branded or certain Brocade-qualified SFPs are supported. 1. Connect to the switch ARB as the fill word. portcfgfillword [slot/]port, mode The mode parameter in this command - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 554
configures slot 1, port 2 to support a 100-km link in LS mode and to use the extended link initialization sequence. This example is for an 8-Gbps platform. switch:admin> portcfgfillword 1/2 3 switch (TDM) devices and your Brocade switch has QoS and buffer credit recovery enabled. 554 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 555
switch:admin> portcfgcreditrecovery --disable [slot/]port 4. Configure the port to support long-distance links. switch:admin> portcfglongdistance [slot/]port the frames sent from that port. Buffer credits represent finite physical-port memory. Within a fabric, each port may have a different number - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 556
services and rely on the Fibre Channel Receiver-Ready (R_RDY) control word to be sent by the receiving link port to the sender. The rate of frame transmission is regulated by the receiving port processed by the receiving port. If another frame arrives the receiving port, the of ports on a switch. The - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 557
ports can be configured for long distance on all Fabric OS v7.x-capable switch modules: • Each port is part of a port an overall 4-byte frame alignment. The standard frame header size is 24 bytes. If applications require extensive control information, up to 64 additional Guide 557 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 558
and Table 84 on page 564 to get the total ports in a switch or blade, the number of user ports in a port group, and the unreserved buffer credits available per port group. The values reflect an estimate, and may differ from the supported values in Table 84. Calculating the number of buffers required - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 559
Gbps / 2) +6 = 256 buffers • If you have a distance of 50 km at 16 Gbps then, (50 km * 16 Gbps / 2) + 6 = 406 buffers Example Consider the Brocade 300, which has a single 24-port port group and a total of 676 buffer credits for that port group. The maximum remaining number of buffer credits for the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 560
ports Allocating buffer credits based on average-size frames In cases where the frame size is average, for example 1024 bytes, you must allocate twice the buffer credits or configure . If buffer credit recovery is enabled, Fabric OS supports a BB_SC_N range of 1 to 15; therefore, Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 561
port is Total Buffers = 100 + 6 = 106 NOTE You cannot use the -buffers option with the -distance option or the -frameSize option. Example switch:admin> portcfglongdistance 2/35 LS 1 -buffers 400 Reserved Buffers = 420 Configuring and HA failover. Example switch:admin> portcfglongdistance 2/35 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 562
, use the --disable option switch:admin> portcfgfportbuffers --disable 2/44 NOTE The configured number of buffers for a given port is stored in the configuration database and is persistent across reboots. The F_Port buffer feature does not support EX_Port, Port Mirroring, Long-Distance, L_Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 563
26 468 5480 24 24 484 6505 24 24 7952 6510 48 48 7760 6520 96 48 4256 7800 16 16 408 8000 *** Extended Fabrics is not supported on this switch *** VA-40FC 40 40 1692 Brocade Encryption Switch 32 16 1392 FC8-16 16 16 1292/508 Fabric OS Administrator's Guide 563 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 564
FC ports (per switch/blade) User port group size Unreserved buffer credits per port group FC8-32 FC8-32E FC8-48 FC8-48E FC8-64 FC16-32 FC16-48 FS8-18 FX8-24 32 16 1292/508 32 16 5456 48 24 1228/716 48 24 5008 *** Extended Fabrics is not supported on this blade *** 32 16 5456 48 24 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 565
a Brocade 300 switch, the maximum equally distributed distance is calculated as 486 / 3 = 164 km. Downgrade considerations When Fabric OS firmware is downgraded from version 7.1 to an earlier version, the effect depends on whether the number of buffer credits for the long-distance port is configured - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 566
or between devices that support 8 Gbps. • Devices that support 16 Gbps: - Brocade 6505, 6510, 6520 - FC8-32E, FC8-48E,FC16-32, FC16-48 • Devices that support 8 Gbps: - Brocade 300, 5100, 5300, 5410, 5424, 5450, 5480, VA-40FC - FC8-16, FC8-32, FC8-48 If a device that supports 16 Gbps is connected to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 567
an adapter, the following conditions must be met: • The Brocade switch or Access Gateway must run Fabric OS v7.1 or later. • Fabric OS must support buffer credit recovery at both ends of the link. • The adapter must be running HBA v3.2 firmware or later. • The adapter must operate at maximum speed - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 568
FEC has been disabled. Reserved Buffers = 982 Warning: port (132) may be reserving more credits depending on port speed. switch:admin> portcfgfec --show 1/20 Forward Error Correction capable: YES Forward Error Correction configured: OFF 568 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 569
-FC Routing to Connect Fabrics 24 In this chapter •FC-FC routing overview 569 •Fibre Channel routing concepts 572 •Setting up FC-FC routing 579 •Backbone fabric IDs 581 •FCIP tunnel configuration 582 •Inter-fabric link configuration 583 •FC router port cost configuration 587 •EX_Port frame - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 570
Switch For the Brocade Backbone families, the following restrictions apply: • EX_Ports and VEX_Ports are supported only on the FX8-24 DCX Extension Blade, and the 8-Gbps and 16-Gbps port blades. Ports on the core blade cannot be configured as EX_Ports. 570 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 571
an M-EOS Fabric Mode edge fabric. • FC router interoperating with legacy FC routers (Brocade 7500 switch). In configurations with two backbone fabrics connected to the same edge fabric, routing is not supported between edge fabrics that are not directly attached to the same backbone fabric. Routing - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 572
24 Fibre Channel routing concepts Fibre Channel routing concepts Fibre Channel routing introduces the following concepts: • Fibre Channel router (FC router) A switch running the FC-FC routing service. Refer to "Supported platforms for FC-FC routing" on page 570 for a list of platforms that can be - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 573
(PID) of the proxy device. The proxy device appears to the fabric as a real Fibre Channel device, has a name server entry, and is assigned a valid port ID. The port ID is relevant only on the fabric in which the proxy device has been created. Fabric OS Administrator's Guide 573 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 574
24 configured with the same FID. - If they must be configured with a unique IDs must be the same. If you configure the same fabric ID for two backbone fabrics is the collection of all SANs interconnected with Fibre Channel routers. SAN 1 connected to storage in Edge SAN 2 through - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 575
24 ISL FC router EX_Port FC router EX_Port Backbone fabric IFL IFL E_Port Edge SAN 1 Edge SAN 2 E_Port = LSAN FIGURE 76 Edge SANs connected are exported from the edge SAN to which they are attached and, correspondingly, imported into the edge SAN reached through Fibre Channel routing. - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 576
the shared physical devices in the edge. The FC-FC routing service receives the frames from the backbone switches destined to the proxy devices, and redirects the frames to the fabrics using LSANs. Refer to "LSAN zone configuration" on page 590 for more information. 576 Fabric OS Administrator - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 577
Fibre Channel routing concepts 24 Phantom domains A phantom domain is a domain created by the Fibre Channel router. The FC router 4. • Target 1', Target 2', and Target 3' are proxy devices for Target 1, Target 2, and Target 3, respectively. Fabric OS Administrator's Guide 577 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 578
24 Fibre Channel routing concepts Host 1 Fabric 1 Front domain 1 (FC router 1) Xlate domain 1 (Fabric 2) Front domain 2 (FC router 2) Xlate domain 2 (Fabric 3) Target 1' Target 2' Target 3' FIGURE 79 EX_Port phantom switch about this command. 578 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 579
24 Brocade port command of the EX_Port connecting to the edge fabric. The FCR switch should use the edge switch's WWN to configure Configure FCIP tunnels if you are connecting Fibre Channel SANs over IP-based networks. (Refer to "FCIP tunnel configuration" on page 582.) Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 580
BootProm: 1.0.9 2. If you are configuring a Backbone, enter the slotShow command to verify that an FX8-24 blade is present or an 8-Gbps or 16-Gbps port blade is present. The following example shows slots 1, 2, 3, 9, 10, and 12 with 8-Gbps port blades enabled. switch:admin> slotshow -m Slot Blade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 581
platforms. FC-FC routing and fabric mode Top Talker monitors are concurrently supported only on the Brocade 6510 and 6520 switches, and on the Brocade DCX Backbone family with only 16-Gbps-capable ports. Backbone fabric IDs If your configuration has only one backbone fabric, then you do not need to - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 582
Port's Fabric ID Backbone fabric ID: (1-128)[128] switch:admin> fosconfig --enable fcr FC Router service is enabled switch:admin> switchenable FCIP tunnel configuration The optional Fibre Channel over IP (FCIP) Tunneling Service enables you to use "tunnels" to connect instances of Fibre Channel SANs - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 583
Inter-fabric link configuration 24 Refer to the Fibre Channel over IP Administrator's Guide for instructions on how to configure FCIP tunnels. Inter-fabric link configuration Before configuring an inter-fabric link (IFL), be aware that you cannot configure both IFLs (EX_Ports, VEX_Ports) and ISLs - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 584
from the Fibre Channel router to the edge fabric. 7. Enter the portCfgShow command to view ports that are persistently disabled. FC ports on the Brocade 7800 switches and FX8-24 blades are configured as persistently disabled by default, to avoid inadvertent fabric merges when installing a new FC - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 585
Enter either the portCfgEXPort or portShow command to verify that each port is configured correctly. switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT OK Pid format: Not Applicable Operate mode: Brocade Native Edge Fabric ID: 30 Preferred Domain ID: 160 Front WWN - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 586
24 Inter-fabric link configuration Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A portDisableReason: None portCFlags: 0x1 portFlags: 0x1 PRESENT U_PORT EX_PORT portType: 10.0 portState: 2 Offline portPhys: 2 No_Module portScn: 0 port generation number: 0 portId: 014a00 portIfId: - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 587
FC router port cost configuration 24 4 95 10:00:00:05:1e:37:00:45 10.32.156.31 "5300" FCR WWN: 10:00:00:05:1e:12:e0:00, Dom ID: 100, Info: 10.32.156.50, "fcr_Brocade 5300" EX_Port FID Neighbor Switch Info (WWN, enet IP, name 4 95 10:00:00:05:1e - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 588
24 FC router port cost configuration Port cost considerations The router port cost has the following considerations: • Router port sets are defined as follows: - 0-7 and FCIP Tunnel 16-23 - 8-15 and FCIP Tunnel 24-31 • The router port cost does not help distinguish one IFL (or EX_ and VEX_Port link - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 589
0 5. Enter the portEnable command to enable the ports that you disabled in step 1. switch:admin> portenable 7/10 EX_Port frame trunking configuration You can configure EX_Ports to use frame-based trunking just as you do regular E_Ports. EX_Port frame trunking support is designed to provide the best - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 590
to manage inter-fabric device connectivity through extensions to existing switch management interfaces. You can define and manage LSANs using Brocade Advanced Zoning. NOTE For performance reasons, Brocade recommends that you do not configure LSANs for device sharing between Fabric OS fabrics until - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 591
configuration 24 If the SANs are under device, the port WWN, and the node WWN; the port WWN must be used for LSANs. switch:admin> nsshow Port Name: 20:0f:00:05:1e:37:00:44 Permanent Port Name: 10:00:00:00:c9:2b:c9:0c LSAN: Yes The Local Name Server has 1 entry } Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 592
: no configuration in effect 10. Enter the cfgAdd and cfgEnable commands to create and enable the LSAN configuration. switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric2" switch:admin> cfgenable "zone_cfg" You are about to enable a new zoning configuration. 592 Fabric OS Administrator's Guide 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 593
configuration 24 This action will replace the old zoning configuration with the current configuration selected. Do you want to enable 'zone_cfg' configuration . switch:admin configuring the LSAN in the second edge fabric, configure the LSAN in the backbone fabric. Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 594
of LSAN zones, or LSAN count, that can be configured on the edge fabrics. By default, the maximum LSAN count is set to 3000. You can increase the maximum LSAN count to 5000 without disabling the switch. The maximum number of LSAN devices supported is 10,000 (this includes both physical and proxy - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 595
LSAN zone configuration 24 You can specify two types of tags: • Enforce tag - Specifies which LSANs are to be enforced in an FC router. • Speed tag - Specifies which LSANs are to be imported or exported faster than other LSANs. The LSAN tags are persistently saved and support configupload and - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 596
must be disabled before you configure the Enforce tag. Configuring the Speed tag does not require that the FC router be disabled; however, after configuring the Speed tag, you must toggle the host or target port to trigger the fast import process. 596 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 597
configuration 24 • The tag is from 1 through 8 alphanumeric characters. • You can configure only one Speed tag on an FC router, and up to eight Enforce tags on an FC router. The maximum number of tags (Enforce and Speed) on an FC router is eight. • Up to 500 Speed LSAN tags are supported port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 598
24 LSAN zone configuration 1. Log in to the FC router as admin. 2. Enter the fcrlsan --remove command to remove an existing LSAN tag. If you remove an Enforce LSAN tag, you must disable the switch supported only on FC routers with Fabric OS v5.3.0 and later. The FC router matrix feature is supported - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 599
configuration 24 With LSAN zone binding, each FC router in the backbone fabric stores only the LSAN zone entries of the remote edge fabrics that can access its local edge fabrics. The LSAN zone limit supported in LSAN zone binding is in effect. Fabric OS Administrator's Guide 599 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 600
24 LSAN zone configuration can import more than 10,000 devices and the backbone fabric can support more FC routers. • With LSAN zone binding, CPU consumption by this FC router to other FC routers. • You must manually configure the LSAN fabric matrix on these FC routers to match the Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 601
LSAN zone configuration 24 FC router matrix definition Depending on the structure of the backbone fabric, you can specify pairs of FC routers which fabrics can access each other, with the LSAN fabric matrix providing more specific binding. Fabric OS Administrator's Guide 601 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 602
24 LSAN zone configuration Setting up LSAN zone binding 1. Log in to the FC router as admin. 2. Enter the following command to add FCR:Admin> fcrlsanmatrix --fabricview -lsan LSAN MATRIX is activated Fabric ID Fabric ID 4 5 4 7 10 19 602 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 603
By default, EX_Ports and VEX_Ports detect, autonegotiate, and configure the fabric parameters without user intervention. You can optionally configure these parameters manually. • To change the fabric parameters on a switch in the edge fabric, use the configure command. Note that to access all of the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 604
24 forwarding is not supported in an FCR fabric with a Brocade 8000. By Brocade 8000, do not enable broadcast frame forwarding on the FC router, because this can degrade FCR performance when there is excessive broadcast traffic. Displaying the current broadcast configuration Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 605
24 command to display physical port (EX_Port) resources. switch:admin> fcrresourceshow Daemon Limits 9 | 6 34 10 | 6 34 11 | 6 34 12 | 6 34 13 | 6 34 14 | 6 34 15 | 6 34 16 | 8 34 17 | 8 34 18 | 8 34 19 | 8 34 Fabric OS Administrator's Guide 605 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 606
, then the EX_Port or VEX_Port is disabled. Refer to "Configuring a logical switch to use XISLs" on page 299 for instructions on disallowing XISL use. Because XISL use is disallowed, dedicated links must be configured to route traffic across switches in the same logical fabric, as shown in Figure 23 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 607
Fabrics 24 • Although the Brocade 6510 and 6520 supports up to four logical switches, if you are using FC-FC routing, they can have a maximum of three logical switches. Logical switch configuration for any of the devices in the other fabrics. Fabric OS Administrator's Guide 607 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 608
not supported in the base switch, unless you use a legacy FC router. A legacy FC router is an FC router configured on a Brocade 7500 switch. Base switches can device C, however, because the base switches do not support backbone-to-edge routing. 608 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 609
operations on the switch. Brocade recommends that you save your FC-FC routing configuration (using the configUpload command) before performing any downgrades. For further instructions on downgrading, refer to Chapter 9, "Installing and Maintaining Firmware". How replacing port blades affects EX_Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 610
24 Displaying the range of output ports connected to xlate domains 1. Log in to a switch in the edge fabric. 2. Enter the lsDbShow command on the edge fabric. In the lsDbShow output, ports in the range from 129 through 255 are the output ports on the front domain. The following example shows the - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 611
port index, slot/port numbers, and the 24-bit port ID (PID) on any Brocade Backbone. Enter the switchShow command without parameters to show the port Switch: No, Default Switch: Yes, Address Mode 0] Index Slot Port QSFP ------ -- 16G No_Module FC 736 3 16 4 ------ -- 16G No_Module FC 737 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 612
Switch: Yes, Address Mode 0] Index Slot Port Address Media Speed State Proto 0 1 0 500000 -- N16 No_Module FC 1 1 1 500100 -- N16 No_Module FC 2 1 2 500200 -- N16 No_Module FC (output truncated) Example of port index mapping on an FC8-64 blade on a Brocade 16 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 613
This example shows the truncated switchShow output for an FX8-24 application blade on the Brocade DCX 8510-8 Backbone. The assignment of port index numbers to PIDs will vary depending on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 10 switchName: my8510-8 (output - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 614
truncated switchShow output for an FS8-18 encryption blade on the Brocade DCX 8510-8 Backbone. The assignment of port index numbers to PIDs will vary depending on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 2 switchName: myswitch (output truncated) Slot Blade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 615
FIPS Support Appendix B In this appendix •FIPS overview 615 •Zeroization functions 615 •FIPS mode configuration 617 •Preparing a switch for FIPS 621 FIPS overview Federal information removes all FCAP certificates and FCAP private keys. Fabric OS Administrator's Guide 615 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 616
and zeroize the keys. All the DHCHAP/FCAP authenticated ports are disabled after zeroization. The given LDAP certificate file is --remove command zeroizes the secret and deletes a configured server. The aaaConfig --add command configures the RADIUS server. /dev/urandom is used as Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 617
logging both passing and failing results. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for instructions on how to recover if your system cannot get out of the conditional test mode. FIPS mode configuration By default, the switch comes up in non-FIPS mode. You can run the fipsCfg - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 618
supported HTTPS authentication Radius auth protocols PEAP-MSCHAPv2 Root account Disabled Secure RPC protocols TLS/AES128 cipher suite Signed firmware download Mandatory firmware server certificate must be installed on the switch. the switch. Configure FIPS-compliant TLS ciphers [TDES-168, - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 619
RADIUS CONFIGURATIONS RADIUS configuration does not exist. adldap.local LDAP CONFIGURATIONS Position Server Port Domain Timeout(s) : 1 : GEOFF5.ADLDAP.LOCAL : 389 : adldap.local : 3 Primary AAA Service: LDAP Secondary AAA Service: Switch database Fabric OS Administrator's Guide 619 53 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 620
instructions in "LDAP configuration and Microsoft Active Directory" on page 162, and then perform the following additional Microsoft Active Directory settings a. To support FIPS mode To utilize the LDAP services for FIPS between the switch and the host, you must generate 's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 621
root-only functions are not available. • HTTP, Telnet, RPC, and SNMP need to be disabled. Once these ports are blocked, you cannot use them to read or write data from and to the switch. • The configDownload and firmwareDownload commands using an FTP server are blocked. See Table 88 on page 618 for - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 622
only PEAP-MSCHAPv2. Note that among the Windows RADIUS servers supported, only Windows 2000-, Windows 2003, and Windows 2008-based RADIUS servers may be used in a FIPS-compliant configuration. • If the switch is set for LDAP, refer to the instructions in "Setting up LDAP for FIPS mode" on page 619 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 623
the LDAP CA certificate on the switch and Microsoft Active Directory server. Refer to Telnet, HTTP, and RPC ports: ipfilter --addrule policyname -rule rule_number configure command and respond to the following prompts to enable signed firmware: Fabric OS Administrator's Guide 623 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 624
secure config Upload/Download: Press Enter to accept the default. • Enforce firmware signature validation: Yes Example switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 625
admin and user) should be changed after every zeroization operation to maintain FIPS 140-2 compliance. 3. Power-cycle the switch. Displaying FIPS configuration 1. Log in to the switch using an account with admin or securityadmin permissions, or a user account with OM permissions for the FCIPCfg RBAC - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 626
B Preparing a switch for FIPS 626 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 627
a base of 16, usually written by known addresses and port IDs. Example conversion output is in hexadecimal. switch:admin> nsshow { Type Port Name: 20:08:00:05:1e:01:23:e0 Permanent Port Name: 10:00:00:00:c9:29:b3:84 Port Domain ID = 97 06 = Area (port number) = 06 00 = Port (ALPA) = 0 (not used - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 628
19 20 Hex 0b 0c 0d 0e 0f 10 11 12 13 14 Decimal 21 22 23 24 25 26 27 28 29 30 Hex 15 16 17 18 19 1a 1b 1c 1d 1e Decimal 31 32 33 34 35 36 37 38 aa Decimal 171 172 173 174 175 176 177 178 179 180 628 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 629
f1 f2 f3 f4 f5 f6 f7 f8 f9 fa Decimal 251 252 253 254 255 Hex fb fc fd fe ff Fabric OS Administrator's Guide 629 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 630
C Hexadecimal Conversion 630 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 631
, 192 SNMP access control list, 188 switch defaults, 192 telnet, 192 blocking, 190 unblocking, 191 using SSL, HTTPS, 182 Access Control List. See: ACL. Access Gateway authentication, 211 Fabric OS Administrator's Guide 53-1002745-02 configuring F_Port trunking on, 544 considerations for Advanced - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 632
, 313 end-to-end monitors, 501 frame monitors to a port, 508 licensed features, 481 members to a zone configuration, 329 ports to logical switches, 295 public key to switch, 180 rules to an IP Filter policy, 223 switch or fabric to a zone, 336 switches to a zone, 336 Top Talker monitors on all - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 633
switch members, 440 switch port members, 439 switch WWN, 440 switching context, 456 system-defined, 436 TACACS+ service, 173 175 data, 150 deleting, 175 reordering, 175 authentication service configuring, 149-152 disabling, 175 enabling, 175 local, Fabric OS Administrator's Guide 633 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 634
supported, 287 port restrictions, 287 shutdown, 77 upgrading firmware, 263 Backbone fabric, and TI zones, 355 Backbone firmware, 262-265 download, 262 download process overview, 262 version testing, 270 Backbone-to-edge routing, 576, 581 backing up a configuration, 244 base fabric, 285 base switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 635
DCX-4S, 494 Brocade FC16-48 port blade enabling exceptions, 97 Brocade FC8-48 port blade enabling exceptions, 97 Brocade FC8-48E port blade enabling exceptions, 97 Brocade FC8-64 port blade enabling exceptions, 97 Brocade fixed-port switches, upgrading firmware, 261 Brocade FX8-24 compatibility, 96 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 636
support, 111 classConfig command, 135 classless inter-domain routing. See: CIDR. clearing performance monitor counters, 505 clearing zone configurations, 333 CLI capitalization in, 56 command history, 59 commands to display switch configuration 293 636 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 637
, 516 perfCfgSave, 516 perfMonitorClear, 505 perfMonitorShow, 504 perfSetPortEEMask, 503 perfTTmon, 513, 514, 515 portBufferCalc, 399 Fabric OS Administrator's Guide 53-1002745-02 portBufferShow, 402, 562, 399 portCfg, 624 portCfgCompress, 397, 404, 405 portCfgEncrypt, 397, 404, 405, 624 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 638
Fabrics, 250 CP8 blade dual port, 85 FA-PWWN upload and download considerations, 430 format of configuration file, 242 in fabrics, 250 modifying for switches, 247 restoring, 248 saving for frame monitors, 508 security considerations, 250 setup form, 253 supported for FA-PWWN, 429 without disabling - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 639
switch switch, TACACS+ service, 171 switches, 279 connecting device to a switch, 88 multiple EX_Ports to an edge fabric, 579 switches running different firmware versions, 78 to devices, 78 to switch supporting dual port, 86 dual port configuration, 85 creating Admin Domains, 443 alias, 313 base switches - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 640
222 logical switch, 276 zone access mode, viewing current, 327 zone mode, 326, 443 zoning mode, setting, 326 default logical switch base switch restriction, accessing, 192 configuring authentication, 211 connecting, 78 CP8 blade dual port configuration, 85 CP8 blade dual port support, 86 limiting - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 641
, 292 displaying, 73 displaying top talking flows for, 514 domain ID 0, 72 setting, 74 downgrading firmware, 257 download configuration file, 460 DPS described, 119 device-based routing, 120 support on Virtual Fabrics, 120 dropped frames, discovering why, 124 DSA key pair generation, 180 duplicate - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 642
maximum number, 501 setting a mask for, 503 supported port configurations for, 502 effective AD configuration, 442 effective zone configuration, defined, 308 ELP mode, 117 enabling 10 Gbps operation on an FC port, 476 10-GbE ports on an FX8-24 blade, 477 admin lockout policy, 144 authentication, 403 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 643
, 554 extended ISL about, 283 and base switches, 283 and fmsmode, 289 logical fabric creation, 300 restrictions, 289 See also: XISL. extending a universal temporary license, 480 F F_Port configuring trunking for Brocade adapters, 545 configuring trunking on an Access Gateway, 544 described - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 644
download considerations, 430 configuring, 426-429 DCC policy behavior, 205 dynamic fabric provisioning, 425-431 firmware upgrade and downgrade considerations, 430 N_Port Access Gateway failover, 431 priority, 426 restrictions, 431 security considerations, 430 supported switches and configurations - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 645
checksum test for FIPS, 268 signed, 267 switch version testing, 268 upgrading, 257 upgrading for Brocade fixed-port switches, 261 upgrading on Backbones, 263 upgrading on blades, 263 firmware download, 256 auto-leveling, 270 Backbones, 262 connected switches, 259 FICON CUP considerations, 257 FIPS - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 646
port configurations supported, 286 port port, 508 restoring configuration, 515 saving configuration enabling, 158 646 configuring, 156 Fabric OS 112 number of routes supported, 112 path calculation, links, 117 buffer credits, 552 gateway, configuring a link through, 118 generating DSA support for - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 647
IAS configuring, 159 remote access policies, 159 ICL 16-link configuration, 583 configuring, 583 described, 572 ifModeSet command, 91 IKE policies and IP sec, 235 policies, null encryption support, 240 implementing Admin Domains, 443 Fabric OS Administrator's Guide 53-1002745-02 indexing ports - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 648
, 219 policy rules using service names, 220 saving policy, 218 supported actions, 221 supported protocols, 221 supported services and port numbers, 220 IP interface for chassis management, 65 IP sec algorithms, 234 Authentication Header protocol, 233 configuration on the management interface, 231 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 649
IPv4 and IPv6 support, 162 non-FIPS mode restrictions, 162 role mapping and OpenLDAP, 168 role mapping, and Microsoft Active Directory, 163 secure service, 150 LDAP server adding, 175 deleting, 175 reordering, 175 LDAP service configuration, displaying, 176 configuring, 162 configuring for OpenLDAP - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 650
creating using XISLs, 300 defined, 276 formation, 285 ISLs and, 282 logical ISLs, 284 logical network interface, bond0, 85 logical ports zoning, 316 logical ports in ISL, 285 Logical SANs, described, 573 logical switches, 276-280 about, 276 allowing XISL use, 299 650 basic configuration values, 291 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 651
configurations in a fabric, 333 manually service configuring, 163 Microsoft Active Directory service configuring for LDAP, 162 groups, creating, 164 role, assigning, 164 users, adding, 164 vendor attributes, adding to schema, 165 mirror port. See also: M_Port. modifying FCS policy, 199 FCS switch - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 652
, 143 strength, 141 password strength policy, 141 652 passwordless firmware download, 257 passwords boot PROM, 145-149 Backbone with recovery string, 146 Backbone without recovery string, 148 switch with recovery string, 145 switch without recovery string, 147 local user accounts, 139 policies for - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 653
240 manually distributing , 218 using service names in IP ports, 402 for encryption-enabled ports, 402 configuration of ports, 193 configurations supported for Backbones, 287 configurations supported for fixed-port switches, 286 configuring E_Port authentication, 209 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 654
, 125-128 manually disabling QoS on trunked ports, 524 moving, 279 naming, 86 port login command, 51 port login process, 52 port types, 84 ports and applications used by switches, 192 re-authenticating , 402, 476 portCfgTrunkPort command, 538, 545 654 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 655
for authentication, 212 supported for IP Filter, switch, 182 generation, 183 public key infrastructure and encryption, 182 public key infrastructure. See also: PKI. PWWN assigned by fabric, 425 configuring FLOGI-time handling of duplicates, 109 duplicates, 53 handling duplicates, 110 See also: Port - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 656
, 526 QSFP ports in DCX 8510 chassis, 492 Quality of Service. See: QoS. R RADIUS client configuration, 158 enabling, 158 RADIUS server adding, 175 configuration for FIPS, 622 configuration with Admin Domains or Virtual Fabrics, 155 configuring support with Linux, 156 configuring support with Windows - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 657
, defined, 112 routes, number supported using FSPF, 112 routing AP policies and route selection, 112 performance, 118 port-based, 118, 119, 123 route generation, 180 Fabric OS Administrator's Guide 53-1002745-02 RSA RADIUS server, , 206 SCP configuration for uploads and downloads, 179 described, - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 658
AUTH policy, 207 Brocade MIB, 188 browser support, 182 certificates, 178 configuration, 241-253 shared ISL. See: extended ISL. shared secrets on Access Gateway, 213 shelf life of a universal temporary license, 480 shutdown Backbone, 77 switch, 77 SID/DID traffic prioritization, 519 signed firmware - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 659
, 62 exporting public key, 181 firmware download, 260 firmware version testing, 268 firmware version, finding, 259 host access, 192 joining to fabric, 229 LDAP certificates deleting, 621 exporting, 621 installing, 620 modifying FCS order, 201 modifying switch configuration, 247 name limitations, 74 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 660
, 175 failover, 171 installing, 172 reordering, 175 retry, 171 supported protocols, 171 timeout, 171 TACACS+ service ADList, 173 Admin Domains, configuring, 173 authentication service, 171 configuration, 171 configuration, displaying, 176 disabling, 175 enabling, 175 home Virtual Fabric, 173 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 661
and controlling switch changes, traffic support, 111 traffic, limiting from a device, 519 Fabric OS Administrator's Guide 53 port violation handling, for TI zones, 357 trunked ports, manually disabling QoS on, 524 trunking Adaptive Networking license considerations, 523 configuring F_Port for Brocade - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 662
firmware, 257 upgrading temporary slot-based licenses, restrictions, 479 uploading AD configuration 84 routing policy, 119 XISL and FX8-24, 287 verification check, 580 verifying device switch about, 283 creating, 292 changing logical switch to base switch, 297 662 Fabric OS Administrator's Guide - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 663
considerations, 528 RADIUS configuration, 155 RADIUS server configuration, 155 restrictions, 288 SCC policy considerations, 206 supported platforms, 286 TACACS+ service, 173 TI zone considerations, 361, 364 with traffic isolation over FCR, 363 XISL, allowing on logical switches, 299 zone alias - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 664
mode, viewing current, 327 accessing, 192 adding a new switch or fabric, 336 adding members, 317 administering security, 357, 364, 367, 368, 369, 370 zone configuration database, maximum items, 328 zone configurations clearing, 333 creating, 328 deleting, 331 disabling, 330 's Guide 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 665
zoneRemove command, 318 zoneShow command, 322 zoning advanced, 303-342 advanced commands, 304 defined, 304 enforcement, 308 on logical ports, 316 overview, 304 Fabric OS Administrator's Guide 665 53-1002745-02 - Dell Brocade 300 | Fabric OS Administrator's Guide v7.1.0 - Page 666
666 Fabric OS Administrator's Guide 53-1002745-02
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
 |
 |
53-1002745-02
25 March 2013
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS 7.1.0