Dell Brocade 6520 Administrator's Guide Supporting Fabric OS 7.1.0
Dell Brocade 6520 Manual
View all Dell Brocade 6520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Brocade 6520 manual content summary:
- Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 1
53-1002745-02 ® 25 March 2013 Fabric OS Administrator's Guide Supporting Fabric OS 7.1.0 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 2
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes Guide 53-1002745-01 Fabric OS Administrator's Guide 53-1002745-02 Added Fabric OS v7.1.0 software features and support for new hardware platforms: Brocade 5430 and 6520 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 3
16 Chapter 17 Section II Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Fabric OS Administrator's Guide 53-1002745-02 Standard Features Understanding Fibre Channel Services 43 Performing Basic Configuration Tasks 55 Performing Advanced Configuration Tasks 79 Routing - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 4
Appendix A Appendix B Appendix C Port Indexing 611 FIPS Support 615 Hexadecimal Conversion 627 4 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 5
Supported hardware and software 34 What's new in this document 35 Document conventions 36 Notice to the reader 37 Additional information 38 Getting technical help 38 Document feedback 40 Section I Standard Features Chapter 1 Understanding Fibre Channel Services 51 Principal switch 51 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 6
76 Switch activation and deactivation 76 Disabling a switch 76 Enabling a switch 76 Switch and Backbone shutdown 76 Powering off a Brocade switch 77 Powering off a Brocade Backbone 77 Basic connections 78 Device connection 78 Switch connection 78 6 Fabric OS Administrator's Guide 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 7
Chapter 3 Fabric OS Administrator's Guide 53-1002745-02 Performing Advanced Configuration Tasks Port Identifiers Port decommissioning 90 Setting port modes 90 Setting port speeds 92 Setting all ports on a switch to the same speed 92 Setting port speed for a port octet 93 Blade terminology and - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 8
overview 111 Paths and route selection 112 FSPF 112 Fibre Channel NAT 113 Inter-switch links 114 Buffer credits 115 Congestions versus over-subscription 115 Virtual channels 115 Gateway links channel 136 Managing user-defined roles 136 8 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 9
and OpenLDAP 165 TACACS+ service 171 Remote authentication configuration on the switch 174 Configuring local authentication as public key authentication 180 Secure Sockets Layer protocol 182 Browser and Java support 182 SSL configuration overview 183 The browser 186 Root certificates for the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 10
fabric domains share policies 200 Creating an FCS policy 201 Modifying the order of FCS switches 201 FCS policy distribution 202 Device Connection Control policies 203 DCC policy restrictions 203 distribution of the authorization policy 217 10 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 11
switch to another switch of the same model 250 Security considerations 250 Configuration management for Virtual Fabrics 250 Uploading a configuration file from a switch with Virtual Fabrics enabled 251 Restoring a logical switch configuration using configDownload 251 Restrictions 252 Brocade - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 12
switches 259 Finding the switch firmware version 259 Firmware download on switches 260 Switch path. .266 FIPS support 266 Public and private Supported platforms for Virtual Fabrics 286 Supported port configurations in the fixed-port switches. . . .286 Supported port configurations in Brocade - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 13
for a Virtual Fabric 298 Removing an IP address for a Virtual Fabric 298 Configuring a logical switch to use XISLs 299 Changing the context to a different logical fabric 299 Creating a logical fabric an alias in the defined configuration 315 Fabric OS Administrator's Guide 13 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 14
TI zones within an edge fabric 354 TI zones within a backbone fabric 355 Limitations of TI zones over FC routers 356 14 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 15
Deleting a TI zone 369 Displaying TI zones 369 Troubleshooting TI zone routing problems 370 Setting up TI over FCR (sample procedure loss detection and recovery support on Brocade 5300 switches 379 Back-end credit loss detection and recovery support on Brocade 6520 switches 379 Enabling back-end - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 16
bottleneck detection 389 Displaying bottleneck statistics 391 Disabling bottleneck detection on a switch 392 In-flight Encryption and Compression In-flight encryption and compression overview 423 Viewing virtual PID login information 424 16 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 17
Access Gateway 427 Configuring an FA-PWWN for an HBA connected to an edge switch 428 Supported switches and configurations for FA-PWWN 429 Configuration upload and download considerations for FA-PWWN430 Validating an Admin Domain member list 454 Fabric OS Administrator's Guide 17 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 18
AD context 455 Displaying an Admin Domain configuration 456 Switching to a different Admin Domain context 456 Admin Domain . . .460 Licensed Features Administering Licensing Licensing overview 463 Brocade 7800 Upgrade license 470 ICL licensing 471 ICL 1st POD license Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 19
Brocade DCX 8510-8 and DCX 8510-4 . .493 ICLs for the Brocade DCX Backbone family 493 ICL trunking on the Brocade DCX and DCX-4S 494 Virtual Fabrics considerations for ICLs 494 Supported frame monitors 508 Clearing frame monitor counters 509 Fabric OS Administrator's Guide 19 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 20
21 Top Talker monitors 510 Top Talker monitors and FC-FC routing 511 Limitations of Top Talker monitors 512 Adding a Top Talker monitor to a port (port mode 513 Adding Top Talker monitors on all switches Networking license 523 Manually disabling QoS on 528 Supported Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 21
support for trunking 536 Supported platforms for trunking 536 Requirements for trunk groups 536 Recommendations for trunk groups 537 Configuring trunk groups 538 Enabling trunking on a port or switch when connecting to TDM devices . . .554 Fabric OS Administrator's Guide 21 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 22
F_Ports 562 Monitoring buffers in a port group 562 Buffer credits switch or blade model 563 Maximum configurable distances for Extended Fabrics requirements for FC-FC routing 570 Supported platforms for FC-FC routing 570 Supported configurations for FC-FC routing 571 Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 23
output ports connected to xlate domains 609 Port Indexing FIPS Support FIPS overview 615 Zeroization functions 615 Power-on self tests mode 618 LDAP certificates for FIPS mode 620 Preparing a switch for FIPS 621 Overview of steps 622 Enabling FIPS mode Administrator's Guide 23 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 24
24 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 25
Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure after the swap 100 Principal ISLs 112 New switch added to existing fabric 114 Virtual channels on VSA configuration 154 Example of a Brocade DCT file 161 Example of the Guide 25 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 26
E_Ports enabled 527 Traffic prioritization in a logical fabric 529 Trunk group configuration for the Brocade 5100 535 Switch in Access Gateway mode without F_Port masterless trunking 544 Switch in Access Gateway mode with F_Port masterless trunking 544 A metaSAN with inter-fabric links 572 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 27
topology 578 Example of setting up Speed LSAN tag 596 LSAN zone binding 599 EX_Ports in a base switch 607 Logical representation of EX_Ports in a base switch 608 Backbone-to-edge routing across base switch using FC router in legacy mode 609 Fabric OS Administrator's Guide 27 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 28
28 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 29
20 Table 21 Table 22 brocade file 154 Brocade custom TACACS+ attributes 172 Secure protocol support switch operations 200 Distribution policy states 202 DCC policy states 203 DCC policy behavior with FA-PWWN when created using lockdown support . . 205 DCC policy behavior when created manually - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 30
74 Table 75 Table 76 Table 77 Supported services 220 Implicit IP Filter rules 222 Default IP policy rules switch configuration information 247 Brocade configuration and connection form 253 Backbone HA sync states 258 Blade and port types supported on logical switches Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 31
restrictions 617 FIPS and non-FIPS modes of operation 618 Active Directory keys to modify 620 Decimal-to-hexadecimal conversion table 628 Fabric OS Administrator's Guide 31 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 32
32 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 33
In this chapter •How this document is organized 33 •Supported hardware and software 34 •What's new in this document 35 : • Chapter 1, "Understanding Fibre Channel Services," provides information on the Fibre Channel services on Brocade switches. • Chapter 2, "Performing Basic Configuration Tasks - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 34
parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for Fabric OS v7 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 35
switch - Brocade 5410 embedded switch - Brocade 5424 embedded switch - Brocade 5430 embedded switch - Brocade 5450 embedded switch - Brocade 5460 embedded switch - Brocade 5470 embedded switch - Brocade 5480 embedded switch - Brocade 6505 switch - Brocade 6510 switch - Brocade 6520 switch - Brocade - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 36
Brocade 6520 did not require a Trunking license. The Brocade 6520 does require the Trunking license. • In "Buffer credit recovery over an E_Port" on page 566, clarified that for an ISL between a device that supports 16 Gbps and a device that supports this guide are in this manual follows these - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 37
and warnings The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential . Key terms For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. For definitions of SAN-specific 's Guide 37 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 38
Building SANs with Brocade Fabric Switches through: http://www.amazon.com For additional Brocade documentation, visit the Brocade SAN Info Center and org Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 39
and messages received • supportSave command output • Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps already performed and the results • Serial console and Telnet session - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 40
Document feedback Quality is our first concern at Brocade and we have made every effort to ensure topic needs further development, we want to hear from you. Forward your feedback to: [email protected] Provide the title and version number of the document and as much detail as possible about - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 41
chapters: •Chapter 1, "Understanding Fibre Channel Services" •Chapter 2, "Performing Basic Configuration Tasks" Configuring Security Policies" •Chapter 8, "Maintaining the Switch Configuration File" •Chapter 9, "Installing and Maintaining " Fabric OS Administrator's Guide 41 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 42
42 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 43
services overview Fibre Channel services define service address for each service. Services are provided to it to communicate with services on the switch or other nodes in switches in the fabric from either the principal switch or, if configured, the primary fabric configuration server (FCS) switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 44
knowledge of the existing configuration. • It is replicated on every Brocade switch within a fabric. • It provides an unzoned view of the server database. Platform services By default, all management services except platform services are enabled; the MS platform service and topology discovery are - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 45
services: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msCapabilityShow command to verify that all switches in the fabric support the MS platform service that are running management applications. Fabric OS Administrator's Guide 45 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 46
WWNs listed. NOTE The management server is logical switch-capable. All management server features are supported within a logical switch. Displaying the management server ACL Use the following to update the nonvolatile memory and end the session. 46 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 47
60:69:04:11:24 10:00:00:60:69:04:11:23 21:00:00:e0:8b:04:70:3b 10:00:00:60:69: the following procedure to delete a member from the ACL: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the msConfigure command Fabric OS Administrator's Guide 47 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 48
procedure to view the contents of the management server database: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msPlatShow Associated Management Addresses: [30] "http://java.sun.com/products/1" 48 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 49
Example of enabling discovery switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress.... Fabric OS Administrator's Guide 49 53-1002745 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 50
Request to disable MS Topology Discovery Service in progress.... *MS Topology Discovery disabled locally. switch:admin> mstddisable all This may Service in progress.... *MS Topology Discovery disabled locally. *MS Topology Discovery Disable Operation Complete!! 50 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 51
and the class of service supported. 2. PLOGI-Port Login switch, requesting principal switch priority and the domain ID list. Buffer-to-buffer credits for the device and switch ports are exchanged in the SW_ACC command sent to the device in response to the FLOGI. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 52
If a fabric is detected then it exchanges service parameters with the fabric controller. A successful FLOGI session. To display the contents of a switch's name server, use the nsShow or removed from the fabric. • A zone has changed. • A switch name has changed or an IP address has changed. • Nodes - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 53
on an F_Port, NPIV devices, or devices attached to a switch in Access Gateway mode. High availability of daemon processes Starting non used by manageability applications. Reliability, Availability, and Supportability daemon logs error detection, reporting, handling, and Guide 53 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 54
automatically restarted (Continued) Description webd Webserver daemon used for WebTools (includes httpd as well). weblinkerd Weblinker daemon provides an HTTP interface to manageability applications for switch management and fabric discovery. 54 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 55
switch Ethernet interface 62 •Date and time settings 69 •Domain IDs 72 •Switch names 74 •Chassis names 75 •Fabric name 75 •Switch activation and deactivation 76 •Switch 's Guide. • Brocade Network Advisor For additional information, refer to the Brocade Network Advisor User Manual for - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 56
tested and supported by Brocade Communications with them. The hardware reference manuals for Brocade products describe how to power up allowed to run a command, make modifications to the switch, or view the output of the command. To When command examples in this guide show user input enclosed in - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 57
these methods: - You can use Web Tools to perform a fast boot. When the switch comes up, the Telnet quota is cleared. (For instructions on performing a fast boot with Web Tools, see the Web Tools Administrator's Guide.) - If you have the required privileges, you can connect through the serial port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 58
, and the switchAdmin roles. Use the following procedure to get help on a command: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the help [|more] command with for which you need specific information. 58 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 59
supported for standby CPs. The log records the following information whenever a command ins entered in the switch : 1. Connect to the switch and log in. 2. command output from root login switch:root> clihistory CLI history Date Thu Sep 27 05:25:45 2012 switch:root> Message root, 10.70.12. - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 60
only to Root, Admin, Factory and Securityadmin RBAC roles. Example cliHistory command output showing username switch:root> clihistory --showuser admin CLI history Date & Time Message Thu Sep 27 10:14:41 --help: Displays the command usage 60 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 61
& Time Wed May 23 03:39:37 2012 Message root, console, firmwaredownload Password modification The switch automatically prompts you to change the default account passwords after logging in for the first time. they are needed for recovery purposes. Fabric OS Administrator's Guide 61 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 62
components: • Both Control Processors (CP0 and CP1) • Chassis management IP Brocade switches On Brocade switches, you must set the Ethernet and chassis management IP interfaces. Setting the chassis DHCP (refer to "DHCP activation" on page 66) 62 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 63
and log in using an account assigned to the admin role. 2. Enter the ipAddrShow command. ipAddrShow Example output for a Brocade Backbone ecp:admin> ipaddrshow SWITCH Ethernet IP Address: 10.1.2.3 Ethernet Subnetmask: 255.255.240.0 CP0 Ethernet IP Address: 10.1.2.3 Ethernet Subnetmask: 255.255.240 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 64
Ethernet network interface addresses on Brocade DCX and DCX-4S Backbones, and in environments where DHCP service is not available. To you choose not to use DHCP or to specify an IP address for your switch Ethernet interface, you can do so by entering "none" or "0.0.0.0" in 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 65
255.0.0]: Gateway IP Address [10.1.2.1]: DHCP [OFF]: off Example of setting an IPv6 address on a switch switch:admin> ipaddrset -ipv6 --add 1080::8:800:200C:417A/64 IP address is being changed...Done. For more the Ethernet Subnet mask at the prompt. Fabric OS Administrator's Guide 65 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 66
Brocade switches have DHCP enabled by default. Fabric OS support for DHCP functionality is only provided for Brocade fixed-port switches. These are listed in the Preface. NOTE The Brocade DCX and Brocade DCX-4S Backbones do not support by DHCP; for instructions on setting the FC Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 67
IPv4 interactively: switch:admin> ipaddrset switch:admin> Example of enabling DHCP for IPv4 using a single command: switch:admin> ipaddrset -ipv4 -add -dhcp ON switch:admin> ipaddrshow SWITCH of the switch and default 1. Connect to the switch and log in using IPv4 interactively: switch:admin> - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 68
IPv6 autoconfiguration Use the following procedure to enable IPv6 autoconfiguration: 1. Connect to the switch and log in using an account with admin permissions. 2. Take the appropriate following action all managed entities on the target platform. 68 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 69
troubleshooting, you must set them correctly. In a Virtual Fabric, there can be a maximum of eight logical switches per Backbone. Only the default switch switch, the date command request is dropped by a Fabric OS v6.2.0 and later switch and the pre-Fabric OS v6.2.0 switch the switch and switch: switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 70
switch, you can perform the following tasks: • Display all of the time zones supported switches are set to Greenwich Mean Time (0,0). If all switches in a fabric are in one time zone, it is possible for you to keep the time zone setup at the default setting. • System services switch zones supported by - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 71
interactive mode: 1. Connect to the switch and log in using an account local time of the principal and primary FCS switch to a maximum of eight external Network Time switch. When a switch enters the fabric, it stores the list and the active servers. NOTE In a Virtual Fabric, multiple logical switches - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 72
switch and log in using an account assigned to the admin role. 2. Enter the tsClockServer command. switch switch switch are propagated to all switches in the fabric. Domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can change them manually for Brocade switches is - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 73
Enet IP Addr The switch Ethernet IP address for IPv4- and IPv6-configured switches. For IPv6 switches, only the static IP address displays. FC IP Addr The switch Fibre Channel IP address. Name The switch symbolic or user-created name in quotes. Fabric OS Administrator's Guide 73 53-1002745 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 74
... Done. Switch name has been changed.Please re-login into the switch for the change to be applied. dilbert:FID128:# admin> NOTE The prompt does not change to the new switch name until AFTER you re-login. 3. Record the new switch name for future reference. 74 Fabric OS Administrator's Guide 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 75
Brocade recommends that you customize the chassis name for each platform. Some system logs identify devices by platform names; if you assign meaningful platform names, logs are more useful. All chassis names supported switches in a logical fabric must be running Fabric OS v7.1.0. Switches switch switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 76
avoid corrupting your file system, you must perform graceful shutdowns of Brocade switches and Backbones. Warm reboot (also known as graceful shutdown) refers to shutting down the switch or platform by way of the following instructions. Cold boot (also known as a hard boot) refers to shutting down - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 77
ide devices: hda Power down. 5. Power off the switch. Powering off a Brocade Backbone Use the following procedure to power off a Brocade Backbone device: 1. From the active CP in a dual is going down for system halt NOW !! 4. Power off the switch. Fabric OS Administrator's Guide 77 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 78
switches switch to the switch. When powering switch, connect the device, and then use the portEnable command to enable the port. Switch connection See the hardware reference manual of your specific switch switch links, refer to Chapter 23, "Managing Long-Distance Fabrics". 78 Fabric OS Administrator - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 79
, to use WWN binding or dynamic PID binding instead, because static PID binding creates problems in many routine maintenance scenarios. Fortunately, very few device drivers still behave this way. Many current device drivers enable you to select static PID binding as well as WWN binding. You should - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 80
which switch the device Brocade Backbone, fixed addressing mode is used only on the default logical switch switches created in the Brocade Backbones. This addressing scheme is flexible to support support up to 256 NPIV devices. A logical switch can support up to 144 ports that can each support - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 81
equal to the port area ID. 256-area addressing mode This configurable addressing mode is available only in a logical switch on the Brocade Backbone. In this mode, only 256 ports are supported and each port receives a unique 8-bit area address. This mode can be used in FICON environments, which have - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 82
any existing devices when you enable the feature, you must manually enter the WWN-based PID assignments through the CLI. is supported in the default switch on the Brocade DCX and DCX 8510 Backbone families. This feature is not supported on switch. 82 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 83
. Example of activating PID assignments switch: admin> configure Configure... Fabric parameters (yes, y, no, n): [no] y WWN Based persistent PID (yes, y, no, n): [no] y System services (yes, y, no, n): the PID assigned to the device WWN specified. Fabric OS Administrator's Guide 83 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 84
part of a Brocade device: • D_Port - A diagnostic port lets an administrator isolate the inter-switch link (ISL) to diagnose link level faults. This port runs only specific diagnostics tests and does not carry any fabric traffic. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for more - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 85
Services and Routing Services, FCIP, Converged Enhanced Ethernet, and encryption support. NOTE On each port blade, a particular port must be represented by both slot number and port number. The Brocade The bonding functions as follows: the bonding driver selects one of the physical ports as an - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 86
Supported devices This feature is available on a CP8 blade when it is installed on a Brocade DCX, Brocade DCX-4S, Brocade DCX 8510-8 or Brocade instructions on setting port modes, and "Setting port speeds" on page 92 for instructions - Take the entire switch down and then power to the switch and log - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 87
port to give it a unique identifier in a switch. To select a specific port in the Backbones to ensure uniqueness. A number of fabric-wide databases supported by Fabric OS (including ZoneDB, the ACL DDC, and Brocade DCX-4S and DCX 8510-4 Backbones. Fabric OS Administrator's Guide 87 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 88
prior releases which supported only modes 0 and 1 will not change the existing setting, but switches reset to Brocade DCX and DCX 8510 Backbone families only: You can swap only ports 0 through 15 on the FC8-48 port blades. You cannot swap ports 16 through 47. 88 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 89
switch:admin>portdisable 1 ecp:admin>portdisable 1/2 4. Enter the portSwap command. switch instructions. CAUTION The fabric will be reconfigured if the port you are enabling or disabling is connected to another switch. The switch a port: 1. Connect to the switch and log in using an account with switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 90
1. Connect to the switch and log in using to port decommissioning: • The local switch and the remote switch on the other end of the E_Port supported for all network interfaces or for all Ethernet network interfaces. On the CP in a Brocade DCX, DCX-4S, DCX 8510-4, or DCX 8510-8, this command supports - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 91
and 100 Mbps: switch:admin> ifmodeset eth3 Exercise care when using this command. Forcing the link to an operating mode not supported by the network 10 Mbps / Half Duplex (yes, y, no, n): [yes] y Committing configuration...done. switch:admin> Fabric OS Administrator's Guide 91 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 92
all ports on the switch to 8 Gbps: switch:admin> switchcfgspeed 8 Committing configuration...done. The following example sets the speed for all ports on the switch to autonegotiate: switch:admin> switchcfgspeed 0 Committing configuration...done. 92 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 93
logical switch. Use the following procedure to set the port speed for a port octet: 1. Connect to the switch and CR16-8 98 CR16-4 99 Yes Yes Brocade DCX and DCX 8510 Backbone family control processor blade. This CP supports all blades used in the DCX and Administrator's Guide 93 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 94
and 8 Gbps port speeds. The Brocade DCX and Brocade DCX 8510 Backbone families support loop devices on 64-port blades in a Virtual Fabric-enabled environment. The loop devices can only be attached to ports on a 64-port blade that is not a part of the default logical switch. Ports are numbered from - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 95
intra-chassis switching and ICL connectivity, between DCX/DCX-4S platforms and between DCX 8510 platforms. • Brocade DCX supports two CORE8 core blades. • Brocade DCX-4S supports two CR4S-8 core blades. • Brocade DCX 8510-8 supports two CR16-8 core blades. • Brocade DCX 8510-4 supports two CR16 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 96
which port and application blades are supported for each Brocade Backbone. NOTE During power up of a Brocade DCX or DCX-4S Backbone, if disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 97
switch support only F_ and E_Ports. They do not support FL_Ports. Port swapping on an FC8-48, FC8-48E, FC8-64, and FC16-48 is supported is supported on 1. Connect to the switch and log in using switches is not supported. The ports on the source and destination blades must be in the same logical switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 98
: 1. Blade selection The selection process includes selecting the switch and the blades to be affected by the swap operation Ethernet, application to application, and so on). • Port count. Both blades must support the same number of front ports (for example, 16 ports to 16 ports, Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 99
logical switches. For example Figure 3 shows the source blade has ports in a logical switch or must be included in the associated logical switch or logical fabric of the source ports. blades can be carved up into different logical switches as long as they are carved the same way. If slot 1 and - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 100
switches FIGURE switches Switches are enabled by default. In some cases, you may need to disable a switch Use the following procedure to disable a switch: 1. Connect to the Backbone and log the switch to the disabled state without actually disabling it. However, on reset, the switch will be - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 101
Displays the command usage. Power management All blades are powered on by default when the switch chassis is powered on. Blades cannot be powered off when POST or AP initialization is components are powered off, using the powerOffListSet command. Fabric OS Administrator's Guide 101 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 102
You must manually power off switch operation: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchShow command. This command displays a switch summary and a port summary. 3. Check that the switch and ports are online. 102 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 103
status of the switch. Verifying High Availability for a Backbone: 1. Connect to the switch and log in using an account with status of the switch power supplies. Refer to the hardware reference manual of your system verify fabric connectivity: 1. Connect to the switch and log in using an account with - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 104
1. Connect to the switch and log in using an devices in the fabric. switch:admin> nsallshow { 010e00 012fe8 and control switch changes The track changes feature allows the system messages log for the switch. Use the errDump or errShow command feature: 1. Connect to the switch and log in using an account - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 105
For more information about setting policy parameters, see the Fabric Watch Administrator's Guide. Use the following procedure to view the switch status policy threshold values: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchStatusPolicyShow command - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 106
Brocade switch, but the quantity and types vary by platform. switch:admin> switchstatuspolicyshow To change the overall switch status policy parameters The current overall switch [2]1 Bad Temperatures contributing to MARGINAL status: (0..4) [1]2 106 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 107
status: (0..2) [1] (output truncated) NOTE On the Brocade Backbones, the command output includes parameters related to CP the system message log facility and IP network to send messages from the switch to a remote host. Because the audit event log configuration has no Guide 107 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 108
the system error log daemon, refer to the Fabric OS Troubleshooting and Diagnostics Guide. NOTE If an AUDIT message is logged from the CLI running to receive the audit events that will be generated. 2. On the switch where the audit configuration is enabled, enter the syslogdIpAdd command to add the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 109
login If a device attempts to log in with the same PWWN as another device on the switch, you can configure whether the new login or the existing login takes precedence. You can configure how 9 describes the behavior when setting 1 is selected. Fabric OS Administrator's Guide 109 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 110
1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the 7. Enter the switchEnable command to re-enable the switch. With any of these settings, detection of duplicate - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 111
Redirection 130 Routing overview Data moves through a fabric from switch to switch and from storage to server along one or more paths supports unicast Class 2 and 3 traffic, multicast, and broadcast traffic. Broadcast and multicast are supported in Class 3 only. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 112
ISL from each switch is used as the principal ISL. Figure 5 shows the thick red lines as principal ISLs, and thin green lines as regular ISLs. FIGURE 5 Principal ISLs NOTE FSPF only supports 16 routes in a zone, including Traffic Isolation Zones. 112 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 113
fabric to include many physical loops because, without loops, there would not be multiple paths between switches, and consequently no redundancy. Without redundancy, if a link goes down, part of the fabric is space of their corresponding fabric. Fabric OS Administrator's Guide 113 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 114
. If the fabric service is enabled in the fabric, then the switch you are introducing into the fabric must also have it enabled. If you experience a segmented fabric, refer to the Fabric OS Troubleshooting and Diagnostics Guide to fix the problem. 114 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 115
to sixteen buffer credits from the switch, depending on the device type, driver version, and configuration. This Networking services. For more information on Adaptive Networking services, refer to Chapter 21, 21, "Optimizing Fabric Behavior". Fabric OS Administrator's Guide 115 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 116
4 Inter-switch links FIGURE 7 Virtual channels on a QoS-enabled ISL 116 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 117
gateway" on page 118. • The switches connected to both sides of the gateway are included when determining switch-count maximums. • Extended links (those created using the Extended Fabrics licensed feature) are not supported through gateway links. Fabric OS Administrator's Guide 117 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 118
based routing Notes • On the Brocade 300, 5100, 5300, 5410, 5430, 5450, 5460, 5470, 5480, 6505, 6510, 6520, 7800, 8000, and VA-40FC switches, and also the Brocade DCX and DCX 8510 Backbone families fabric configuration or application requires it. 118 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 119
. The current policy is displayed, followed by the supported policies for the switch. Example of the output from the aptPolicy command In more information on VE_Ports, refer to the Fibre Channel over IP Administrator's Guide. Exchange-based routing The choice of routing path is based on the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 120
supported in FICON environments only. AP route policies Two additional AP policies are supported supports the overall switch performance. It support a logical switch. The AP switch basis. In-order delivery (IOD) and DLS settings are set per logical switch as well. IOD and DLS settings for the base switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 121
to set the AP route policy: 1. Connect to the base switch and log in as admin. 2. Enter the switchDisable command to disable the switch. 3. Take the appropriate following action based on the AP is required, enter the aptPolicy -ap 1 command. Fabric OS Administrator's Guide 121 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 122
switches. DLS recomputes load sharing when any of the following occurs: • A switch boots to set up DLS: 1. Connect to the switch and log in using an account with admin permissions switch:admin> dlsshow DLS is not set switch:admin> dlsset switch:admin> dlsshow DLS is set switch:admin> dlsreset switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 123
switch guaranteed to exit the switch in the same to exit the switch in the same order even one switch in the fabric the policy configured on other switches in the fabric. NOTE when the traffic between switches is shared among multiple Connect to the switch and log in switch and log - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 124
the following procedure to view frames. 1. Connect to the switch and log in using an account with admin permissions. 2. type option requires an argument; currently only timeout is supported, this specifies that only timeout discards be shown Filtering Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 125
Brocade 300 • Brocade 5100 • Brocade 5300 • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade VA-40FC • Brocade FC8-16, FC8-32, FC8-48, and FC8-64 port blades • Brocade DCX 8510 Backbone family and supported blades • Brocade DLS on ports connecting switches to perform the following functions - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 126
environment. Lossless core Lossless core works with the default configuration of the Brocade DCX 8510-8 and DCX 8510-4 hardware to prevent frame loss during be disabled. Lossless core has the following limitations: • Only supported with IOD disabled, which means Lossless core cannot guarantee in- - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 127
are supported on the Brocade DCX switch 2: • If logical switch 2 has IOD enabled (iodSet only), IOD is enforced. • If logical switch 2 has Lossless DLS enabled, traffic is paused and resumed. • If logical switch 2 has no IOD (iodReset), traffic is paused and resumed. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 128
negotiation with a switch detects FEC capability. This feature is enabled by default and persists after driver reloads and system on 16 Gbps-capable switches (Brocade 6505, 6510, 6520, and the Brocade DCX 8510 Backbone family). • FEC is supported only on 1860 and Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 129
command. In this example, port 1 already has FEC enabled, and so it remains enabled. switch:admin> portcfgfec --enable 0-8 Same configuration for port 1 Disabling forward error correction To disable the to display the current FEC configuration. Fabric OS Administrator's Guide 129 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 130
switches in the fabric that support Frame Redirection. Redirection zones exist only in the defined configuration and cannot be added to the effective configuration. NOTE Fabric OS v7.1.0 is not supported on the Brocade 7600 or Brocade . 130 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 131
virtual target (40:40:40:40:40:40:40:40): switch:admin>zone --rdcreate 10:10:10:10:10:10:10:10 to delete a frame redirect zone: 1. Connect to the switch and log in using an account with admin permissions. a frame redirect zone switch:admin> zone --rddelete 1. Connect to the switch and log in using - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 132
4 Frame Redirection 132 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 133
roles of root, factory, admin, and user, Fabric OS supports up to 252 additional user accounts on the chassis. These of the user's Virtual Fabrics. • Chassis role - Similar to switch-level roles, but applies to a different subset of commands. NOTE Fabric OS Administrator's Guide 133 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 134
or OpenLDAP. • Remote TACACS+ service. Users are managed in a remote TACACS+ server. All switches in the fabric can be configured user database is manually synchronized by means of the distribute command to push a copy of the switch's local user database to all other switches in the fabric running - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 135
the user and all of them are inactive, the user will not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the system provides a default home domain show the permissions that apply to a specific command. Fabric OS Administrator's Guide 135 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 136
RADIUS, or TACACS+ are used for authentication, the total number of sessions on a switch may not exceed 32. TABLE 14 Maximum number of simultaneous sessions Role name Maximum sessions -class security -perm O Role added successfully 136 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 137
of the account that is making the change. In addition to the default administrative and user accounts, Fabric OS supports up to 252 user-defined accounts in each switch (domain). These accounts expand your ability to track account access and audit administrative activities. Fabric OS Administrator - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 138
configuration of each switch. TABLE 15 Default information 1. Connect to the switch and log in using an account information for a switch • userConfig --show Creating an account 1. Connect to the switch and log in using an account with logical switch to 128 • Admin role permissions • - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 139
on local user accounts. 1. Connect to the switch and log in using an account with admin permissions "Managing Administrative Domains". 1. Connect to the switch and log in using an account with admin the current login account 1. Connect to the switch and log in using an account with admin permissions - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 140
. NOTE If Virtual Fabrics mode is enabled and there are logical switches defined other than the default logical switch, then distributing the password database to switches is not supported. Distributing the password database to switches is not allowed if there are users associated with user defined - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 141
password policies described in this section apply to the local-switch user database only. Configured password policies (and all after an HA failover. Password policies can also be manually distributed across the fabric (see "Local user account database Administrator's Guide 141 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 142
; instead, the user's password history is preserved and the password set by the administrator is recorded in the user's password history. 142 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 143
to unlock it, or the locked account can be automatically unlocked after a specified period. Administrators can unlock a locked account at any time. Fabric OS Administrator's Guide 143 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 144
user on each switch instance. The duration passes or when it is manually unlocked by either a user account lockout policy 1. Log in to the switch using an account that has admin or account 1. Log in to the switch using an account that has admin 1. Log in to the switch using an account that has admin - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 145
PROM password by contacting your switch service provider. Without the recovery 6505, 6510, 6520, 7800, 8000, and 8510 switches, as well as the Brocade Encryption Switch and VA-40FC. If your switch is not listed, please contact your switch support provider for instructions Guide 145 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 146
following string to Customer Support for password recovery: afHTpyLsDo1Pz0Pk5GzhIw with a recovery string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510 the standby CP blade by sliding the On/Off switch on the ejector handle of the standby CP blade Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 147
provided within this section are only for the switches listed in the Preface. If your switch is not listed, contact your switch support provider for instructions. 1. Create a serial connection to the switch as described in "Connecting to Fabric OS through the serial port" on page 56. 2. Reboot - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 148
string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 Backbones. On the Brocade DCX Backbone, set the password on page 56. 4. Reboot the standby CP blade by sliding the On/Off switch on the ejector handle of the standby CP blade to Off, and 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 149
refer to the Fabric OS Troubleshooting and Diagnostics Guide. Remote authentication Fabric OS supports user authentication through the local user database or one of the following external authentication services: • Remote authentication dial-in user service (RADIUS) • Lightweight directory access - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 150
configuration. NOTE For systems such as the Brocade DCX Backbone, the switch IP addresses are aliases of the physical supported authentication services and local authentication enabled, so that if the authentication servers do not respond because of a power failure or network problems, the switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 151
Brocade support for each. TABLE 16 Protocol LDAP options Description Channel type Default port URL Brocade supported If the RADIUS service is not supported supported Authenticates management connections On On against any RADIUS databases. If RADIUS fails because the service LDAP service is - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 152
service is not available or the credentials do not match, the login fails. not not supported supported database. not supported not supported Authenticates management available. not supported not supported Prevents users OS switch. With each account name, assign the appropriate switch access - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 153
or TACACS+) server authenticates a user, it responds with the assigned switch role in a Brocade Vendor-Specific Attribute (VSA). If the response does not have a assigned role and other supported attribute values such as Admin Domain member list. Fabric OS Administrator's Guide 153 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 154
To configure a Windows 2000 internet authentication service (IAS) server to use VSA to pass the admin role to the switch in the dial-in profile, the Local, User-Password == "myPassword" Brocade-Auth-Role = "admin", Brocade-AVPairs1 = "HomeLF=70", 154 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 155
context. The first valid HomeLF key-value pair is accepted by the switch, additional HomeLF key-value pairs are ignored. • LFRoleList is a comma the account have valid permissions through the attribute type Brocade-Auth-Role. The additional attribute values ADList, HomeAD, Guide 155 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 156
IP address, in either IPv4 or IPv6 notation, or the name to connect to switches. Use the ipAddrShow command to display a switch IP address. For Brocade Backbones, the switch IP addresses are aliases of the physical Ethernet interfaces on the CP blades. When specifying client IP addresses for the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 157
in a text editor. 2. Add the user names and their permissions for users accessing the switch and authenticating through RADIUS. The user logs in using the permissions specified with Brocade-Auth-Role. The valid permissions include root, admin, switchAdmin, zoneAdmin, securityAdmin, basicSwitchAdmin - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 158
"Adding an authentication server to the switch configuration" on page 175). 2. Save the file $PREFIX/etc/raddb/client.config, and then start the RADIUS server as follows: $PREFIX/sbin/radiusd Configuring RADIUS server support with Windows 2000 The instructions for setting up RADIUS on a Windows - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 159
to the appropriate group. 4. Configuring the server For more information and instructions on configuring the server, refer to the Microsoft website. Below is the information you will need to configure the RADIUS server for a Brocade switch. A client is the device that uses the RADIUS server; in this - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 160
e. After returning to the Internet Authentication Service window, add additional policies for all Brocade login types for which you want to use the RADIUS server. After this is done, you can configure the switch. NOTE Windows 2008 RADIUS (NPS) support is also available. RSA RADIUS server - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 161
=%s%] ATTRIBUTE Brocade-Auth-Role ATTRIBUTE Brocade-Passwd-ExpiryDate ATTRIBUTE Brocade-Passwd-WarnPeriod Brocade-VSA(1,string) r Brocade-VSA(6,string) r Brocade-VSA(7,integer) r brocade.dct -- Brocade Dictionary FIGURE 11 Example of a Brocade DCT file Fabric OS Administrator's Guide 161 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 162
change through Active Directory. • There is no automatic migration of newly created users from the local switch database to Active Directory. This is a manual process explained later. • Only IPv4 is supported for LDAP on Windows 2000 and LDAP on Windows Server 2003. For LDAP on Windows Server 2008 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 163
Unit (OU). • Active Directory LDAP 2000, 2003, and 2008 are supported. When authentication is performed by User-Principal-Name, in Fabric OS Brocade switch), then you must install a Certificate Authority (CA) certificate on the Windows Active Directory server for LDAP. Follow Microsoft instructions - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 164
the group. For instructions on how to be set to the group corresponding to the switch role. You can choose any other group user must use to log in to the switch. or If you have a user-defined roles available on a switch. Adding an Admin Domain comes with Service Pack 1 or you can download - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 165
Fabric OS provides user authentication and authorization by means of OpenLDAP or the Microsoft Active Directory service in conjunction with LDAP on the switch. This section discusses authentication and authorization using OpenLDAP. For information about authentication and authorization using - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 166
memberOf attribute, which determines group membership. This feature is supported in OpenLDAP through the memberOf overlay. You must use this Brocade switch), then you must install a Certificate Authority (CA) certificate on the OpenLDAP server. Follow OpenLDAP instructions for Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 167
the Directory, where test.ldif is the file you created in step 1. > ldapadd -D cn=Manager,dc=mybrocade,dc=com -x -w secret -f test.ldif Fabric OS Administrator's Guide 167 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 168
group member: cn=sachin,cn=Users,dc=mybrocade,dc=com Assigning the LDAP role to a switch role Use the ldapCfg --maprole ldap_role_name switch_role command to map LDAP server permissions to one of Sachin,dc=mybrocade,dc=com -x -w secret -f test.ldif 168 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 169
sample schema file defines a new objectClass named "user" with optional attributes "brcdAdVfData" and "description". #New attr brcdAdVfData attributetype ( 1.3.6.1.4.1.8412.100 NAME ( 'brcdAdVfData' ) Fabric OS Administrator's Guide 169 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 170
.115.121.1.26{256} ) objectclass ( 1.3.6.1.4.1.8412.110 NAME 'user' DESC 'Brocade switch specific person' SUP top AUXILIARY MAY ( brcdAdVfData $ description ) ) 2. Include Sachin,cn=Users,dc=mybrocade,dc=com objectClass: user objectClass: person 170 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 171
ldif TACACS+ service FabricOS can Brocade switch becomes a Network Access Server (NAS). The following authentication protocols are supported switch" on page 174 for details about configuring the Brocade switch for authenticating users with a TACACS+ server. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 172
supports for installation instructions. 2. Configure Brocade implementation. Table 20 lists and defines attributes specific to Brocade. TABLE 20 Attribute Brocade on the switch, the account service = exec { brcd-role = securityAdmin; } } 172 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 173
value pair is accepted by the switch, and any additional HomeAD key-value clear "password" password = clear "password" service = shell { set brcd-role = securityAdmin value pair is accepted by the switch. Additional HomeLF key-value pairs { pap = clear "password" service = shell { set brcd-role - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 174
password = clear "password" service = shell { set brcd-role = securityAdmin set brcd-passwd-expiryDate = 03/21/2014; set brcd-passwd- configure the RADIUS service. NOTE On dual-CP Backbones (Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 devices), the switch sends its RADIUS Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 175
switch:admin> aaaconfig --authspec "radius;local" --backup Example enabling LDAP switch:admin> aaaconfig --authspec "ldap;local" --backup Example enabling TACACS+ switch Connect to the switch and log in using Connect to the switch and log in contacted for service 1. Connect to the switch and log - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 176
service. The server names or IPv4 or IPv6 addresses. IPv6 is not supported switch can take problems. Example of enabling local authentication as a backup for RADIUS switch:admin> aaaconfig --authspec "radius;local" --backup Example for LDAP switch in to the default switch accounts (admin and user - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 177
used by switches 192 Security are authenticated to the switch while the switch remains unauthenticated to supports the secure protocols shown in Table 21. TABLE 21 Secure protocol support (SSH) protocol. Configuration upload and download support the use of SCP. Simple Network Management - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 178
6 Secure Copy TABLE 21 Secure protocol support (Continued) Protocol Description SSH Secure No requirement on host side except a browser that supports HTTPS SSH daemon, SCP server None None Switch IP certificate for SSL None None The security protocols OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 179
switch:admin# configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services contains a daemon (sshd), which runs on the switch. The daemon supports a wide variety of encryption algorithms, such as Blowfish - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 180
switch. Outgoing authentication is used when the switch the switch. authenticating to the switch. The allowed for host-to-switch (incoming) authentication 21:f0:95:42:5c:d1 anyuser@mymachine 3. Import the public key to the switch by logging in to the switch key to the switch switch:anyuser> sshutil - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 181
export, and delete keys. 3. Set up the allowed-user by typing the following command: switch:admin> sshutil allowuser username where the username variable is the name of the user who can authentication, such as firmwareDownload or configUpload. Fabric OS Administrator's Guide 181 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 182
Sockets Layer (SSL) protocol provides secure access to a fabric through web-based management tools such as Web Tools. SSL support is a standard Fabric OS feature. Switches configured for SSL grant access to management tools through Hypertext Transfer Protocol over SSL links (which begin with https - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 183
and Java support, refer to the Web Tools Administrator's Guide. SSL configuration overview You configure SSL access for a switch by obtaining, switches, consider using one certificate authority (CA) to sign all management certificates for a fabric. If you use different CAs, management services - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 184
switch private key pair Done. Because CA support for the 2048-bit key size is Connect to the switch and log in Name (eg, company name):Brocade Organizational Unit Name (eg name switch/director. The IP address or FQDN is the switch where Enter the IP address of the switch on which you generated the CSR. - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 185
certificates Once you have generated a CSR, you will need to follow the instructions on the website of the certificate issuing authority that you want to use; and then obtain the certificate. Fabric OS and HTTPS support the following types of files from the Certificate Authority(CA): • .cer - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 186
with the applicable file extension before you import the certificate to the switch: For example, certificates that contain lines similar to the following procedures are guides for installing root certificates to Internet Explorer and Mozilla Firefox browsers. For more detailed instructions, refer to - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 187
to check and install a root security certificate on a switch using Firefox: 1. Select Tools > Options. 2. instructions to import the certificate. Root certificates for the Java plugin For information on Java requirements, refer to "Browser and Java support" on page 182. This procedure is a guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 188
and manipulate Brocade switch variables and set up enterprise-level management processes. Every Brocade switch carries an network. For details on Brocade MIB files, naming conventions, loading instructions, and information about using Brocade's SNMP agent, refer to 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 189
Brocade SW traps. For information on Brocade switch switch switch specified (.1). switch# snmpwalk -u Switch and chassis context Switch-level attributes Attributes that are specific to each logical switch belong to the switch switches switched back to the original context after the operation - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 190
Brocade SNMP instructions, and information about using the Brocade SNMP agent, refer to the Fabric OS MIB Reference. Telnet protocol Telnet is enabled by default. To prevent passing clear text passwords over the network when connecting to the switch a connection with the switch. Blocking Telnet If - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 191
policy by typing the ipfilter --activate command. switch:admin> ipfilter --activate BlockTelnet 9. Verify the default_ipv4 policy should be displayed as defined). switch:admin> ipfilter --show Name: BlockTelnet, Type: unblock Telnet access. 1. Connect to the switch through a serial port or SSH and - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 192
must add a rule to permit Telnet. Listener applications Brocade switches block Linux subsystem listener applications that are not used to implement supported features and capabilities. Table 25 lists the listener applications that Brocade switches either block or do not start. TABLE 25 Blocked - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 193
can connect to any FC port in the fabric. Any switch can join the fabric. All switches in the fabric can be accessed through a serial port. to block the port. 123 UDP NTP 161 UDP SNMP Disable the SNMP service on the remote host if you do not use it, or filter incoming 's Guide 193 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 194
6 Ports and applications used by switches 194 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 195
Each supported Access to restrict which switches can change switch ports. • Switch connection control (SCC) policy - Used to restrict which switches can join with a switch Fabric OS v6.2.0 and later switches present, the limit for security switch. • Defined, which means the policy has been - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 196
the switch is in a fabric that has a strict or tolerant fabric-wide consistency policy for the ACL policy type for SCC or DCC. See "Policy database distribution" on page 224 for more information on the database settings and fabric-wide consistency policy. 196 Fabric OS Administrator's Guide 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 197
policies are automatically deleted if the you log out without saving them. 1. Connect to the switch and log in using an account with admin permissions, or an account with O permission for the deletion by entering the secPolicyActivate command. Fabric OS Administrator's Guide 197 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 198
switch Connect to the switch and log in using using the switch WWN: switch:admin> secpolicyadd 44:55:66:77:bb): switch:admin> secpolicyadd "DCC_POLICY_abc", " 1. Connect to the switch and log in using 00:40 from the SCC_POLICY: switch:admin> secpolicyremove "SCC_POLICY", Connect to the switch and log - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 199
fabric. Automatic distribution is supported and you can either configure the switches in your fabric to accept the FCS policy or manually distribute the FCS policy a new switch that joins the FCS-enabled fabric could still propagate the AD and zone database. Fabric OS Administrator's Guide 199 53- - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 200
switch by using the -legacy option. For more information about using the -legacy option in the secPolicyAdd and secPolicyCreate commands, refer to Fabric OS Command Reference, Supporting wild_card (*) command to send the policies to all switches. 200 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 201
fabric-wide configurations from the primary FCS. Modifying the order of FCS switches 1. Log in to the Primary FCS switch using an account with admin permissions, or an account with OM permissions for command to activate and save the new order. Fabric OS Administrator's Guide 201 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 202
manually distributed to the switches using the distribute -p command. Each switch FCS switch. FCS switch to initiate the distribution. This is to support FCS policy creation specifying a remote switch as Primary. • For other database distributions, only the Primary FCS switch switch switch switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 203
do not respond to port login from the switch and are not enforced by the DCC policy. This does not create a security problem because these HBAs cannot contact any device outside • DCC policies are not supported on the CEE ports of the Brocade 8000. Fabric OS Administrator's Guide 203 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 204
Switch ports can be identified by the switch WWN, domain ID, or switch switch domain 1: switch switch domain 2, and all currently connected devices of switch domain 2: switch switch domain 3: switch: switch domain 4, and all devices currently connected to ports 1 through 4 of switch domain 4: switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 205
when created using lockdown support Configuration WWN seen on Behavior when DCC policy Behavior on portDisable DCC policy list activates and portEnable • FA-PWWN has logged into the switch • DCC policy will not be allowed to login again. Fabric OS Administrator's Guide 205 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 206
switch. TABLE 34 DCC policy behavior when created manually switch names. Only one SCC policy can be created. By default, any switch to a fabric or switch that has an active ISL-based switch, the SCC switch supports an SCC policy. You can configure and distribute an SCC policy on a logical switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 207
switches are configured to accept the DH-CHAP protocol in authentication. To use FCAP on both switches switches Brocade and third-party certificates between switches that are Fabric OS v6.4.0, but only Brocade-issued certificates (where Brocade known to both switches as a secret both switches. For - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 208
automatic distribution of the AUTH policy is not supported. The default configuration directs the switch to attempt FCAP authentication first, DH-CHAP second. The switch may be configured to negotiate FCAP, DH-CHAP a secret key pair" on page 214. 208 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 209
"Failed to initiate authentication. Authentication is not supported on logical ports ". For more information command again. Example of setting the policy to active mode switch:admin> authutil --policy -sw active Warning: Activating the Fabric OS Administrator's Guide 209 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 210
in the DH-CHAP protocol. NOTE Authentication is supported from Brocade fabric switches in native mode to Access Gateway switches and from Access Gateway switches to HBAs. For more information, refer to the Access Gateway Administrator's Guide, Supporting Fabric OS v7.1.0 By default the devicepolicy - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 211
by the switch. During this time, the Fibre Channel driver rejects switch and logical switch-based parameters, each logical switch switch basis. Device authentication policy supports devices that are connected to the switch and download will not be supported for the following AUTH attributes: - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 212
configured shared secrets or certificates, and authentication is checked (for example, you enable the switch), then switch authentication will fail. If the E_Port is to carry in-flight encrypted traffic, the for details about in-flight encryption. 212 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 213
:69:80:07:5c 1 switchA Note about Access Gateway switches Because Domain ID and name are not supported for Access Gateway, secAuthSecret --show output for Access Gateway secret for a switch or device on Access Gateway, only the WWN can be used. Fabric OS Administrator's Guide 213 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 214
switch switch specification, peer secret entry, and local secret entry. To exit the loop, press Enter for the switch switch is configured to do DH-CHAP, it is performed whenever a port or a switch or switch name ( Domain, or switch name (Leave Enter WWN, Domain, or switch name (Leave blank when done - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 215
switch. 3. Store the CSR from each switch supported switch to verify the validity of the switch certificate or switch validation fails. The switch certificate. 5. On each switch, install the CA certificate before installing switch remote switches that will the switch using local switch. switch:admin> - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 216
, you will need to install or import them onto the local and remote switches. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role Success: imported certificate [01.pem]. 216 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 217
manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the AUTH policy, see "Distributing the local ACL policies" on page 227 for instructions. Local Switch are synchronized with the active CP. Fabric OS Administrator's Guide 217 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 218
has the same type and rules as the existing defined or active policy. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM the active policies. Use --activate instead. 218 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 219
switch before proceeding. 1. Log in to the switch using an account with admin permissions, or cannot be deleted. 1. Log in to the switch using an account with admin permissions, or an , SSH, HTTP, HTTPS. • Protocol: The protocol type. Supported types are TCP or UDP. • Action: The filtering action - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 220
port numbers. TABLE 37 Supported services Service name Port number echo 7 discard 9 systat 11 daytime 13 netstat 15 chargen 19 ftp data 20 ftp 21 fsp 21 ssh 22 telnet 23 smtp 25 time 27 name 42 whois 43 domain 53 220 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 221
IP Filter policy 7 TABLE 37 Supported services (Continued) Service name Port number bootps 67 bootpc 68 allowed to support ICMP echo request and reply on commands like ping and traceroute. Action For the action, only "permit" and "deny" are valid. Fabric OS Administrator's Guide 221 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 222
TCP and UDP traffic to dynamic port ranges is allowed, so that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not affected. TABLE 38 Implicit IP Filter rules Source Permit Permit Permit Permit Permit Permit 222 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 223
saved to persistent configuration until a save or activate subcommand is run. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having subcommands that would open a new transaction. Fabric OS Administrator's Guide 223 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 224
transaction is aborted. The IPFilter policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the IPFilter policy, see "Distributing the local ACL policies" on page 227 for instructions. Switches with Fabric OS v6.2.0 or later have - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 225
is not set, then the policies are managed on a per switch basis. For configuration instructions, see "Fabric-wide enforcement" on page 227. Virtual Fabric a per-switch basis. Table 41 lists the databases supported in Fabric OS v6.2.0 and later switches. TABLE 41 Supported policy databases - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 226
Supported settings 1. Connect to the switch and log in using an distribution settings switch:admin> fddcfg --showall Local Switch Configuration :- "" Enabling local switch protection 1. Connect to the switch and log in using Disabling local switch protection 1. Connect to the switch and log - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 227
database cannot be manually distributed. When you 1. Connect to the switch and log in using distributed to other switches in the fabric. target switches. Policy switches in the fabric. NOTE FC routers cannot join a fabric with a strict fabric-wide consistency policy. FC routers do not support - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 228
DCC" switch:admin> fddcfg --showall Local Switch Configuration for all Databases:- DATABASE - Accept/Reject SCC - accept DCC - accept PWD - accept FCS - accept AUTH - accept IPFILTER - accept Fabric Wide Consistency Policy:- "SCC:S;DCC" 228 Fabric OS Administrator's Guide 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 229
policy. If the tolerant SCC, DCC, or FCS fabric-wide consistency policies do not match, the switch can join the fabric, but an error message flags the mismatch. If the tolerant SCC, DCC, , a warning displays and policy commands are disabled1. Fabric OS Administrator's Guide 229 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 230
manually distribute the database you want to use to the switch 230 shows merges that are not supported. TABLE 44 Examples of strict SCC:S;DCC SCC:S DCC:S Ports connecting switches are disabled. Table 45 has a matrix --fabwideset "policy_ID" from any switch with the desired configuration to - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 231
flows. While the tunnel must have a Brocade switch or Backbone at each end, there a chassis, nor does it support protection of traffic flows on FCIP the use of cryptographic security services. The goal of IP protocol using an automatic or manual key. For more information on Guide 231 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 232
associated with the security gateway so that packets returned to it will go to the security gateway and be tunneled back. 232 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 233
this sliding window to provide protection against replay attacks in which an attacker attempts a denial of service attack by replaying an old sequence of packets. IP sec protocols assign a sequence number to associations of the traffic. IKE uses Fabric OS Administrator's Guide 233 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 234
it is created. Use the IP secConfig --flush manual-sa command to remove all SA entries from the AH, ESP] is the supported combination. Authentication and encryption IP sec policies An IP sec policy determines the security services afforded to a packet and the treatment of a Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 235
supports Internet Key Exchange or Manual manually keyed connections, which means that all parameters needed for the setup of the connection are provided by you. Based on which protocol, algorithm, and key used for the creation of the security associations, the switch Guide 235 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 236
associated IP sec policy in the local policy database. Manual SA entries are persistent across system reboots. Creating the tunnel Each side of the tunnel must be configured in order for the tunnel to come up. Once you are logged into the switch, do not log off as each step requires that - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 237
hmac_md5 -auth psk -dh modp1024 \ -psk IP seckey.psk 8. Create an IP sec transform on each switch using the IP secConfig --add command. Example of creating an IP sec transform This example creates an IP destination addresses than outbound packets. Fabric OS Administrator's Guide 237 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 238
switches. b. Verify that IP traffic is encapsulated. c. Monitor IP sec SAs created using IKE for above traffic flow • Use the IP secConfig --show manual --flush manual-sa are a switch, BROCADE300 switch as Admin. 2. Enable IP sec. a. Connect to the switch use AH01 as SA. switch:admin> IP secconfig - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 239
as Windows XP and 2000 do not support IKEv2. 8. Create an IP sec transform as key management policy. switch:admin> IP secconfig -- manual-sa -a command. 11. Perform the equivalent steps on the remote peer to complete the IP sec configuration. Refer to your server administration guide for instructions - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 240
the specified operands to display IKE policies. • Use the IP secConfig --flush manual-sa command with the specified operands to flush the created SAs in the kernel • As of Fabric OS 7.0.0, IP sec no longer supports null encryption (null_enc) for IKE policies. • IPv6 policies cannot tunnel IMCP - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 241
file uploads and downloads, refer to the Fabric OS Troubleshooting and Diagnostics Guide. There are two ways to view configuration settings for a switch in a Brocade fabric: • Issue the configShow -all command. To display configuration settings, connect to the switch, log in as admin, and enter the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 242
switch sections for all logical switches. NOTE: Use this parameter when obtaining a complete capture of the switch configuration in a switch switch sections. The following is an example of a configuration file with two logical-switch date = Tue Mar 1 21:28:52 2011 [Switch Configuration Begin : 0] - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 243
[FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 0] date = Tue Mar 1 21:28:52 2011 [Switch Configuration Begin : 1] SwitchName = switch_2 Fabric ID Licenses configuration • AGWWN_MAPPING_CONF - Access Gateway WWN mapping configuration Fabric OS Administrator's Guide 243 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 244
Switch section There is always at least one switch section for the default switch or a switch Brocade recommends keeping a backup configuration file. You should keep individual backup files for all switches in the fabric and avoid copying configurations from one switch all logical switches and the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 245
interactive mode 1. Verify that the FTP, SFTP, or SCP service is running on the host computer. 2. Connect to the switch and log in using an account with admin permissions. 3. Enter complete: Only zoning parameters are uploaded from ad5. Fabric OS Administrator's Guide 245 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 246
for Virtual Fabrics" on page 250 to restore the logical switches. If a configDownload command is issued on a non-FC switches currently defined on the switch. The FID must be defined in both the downloaded configuration file and the current system. NOTE Brocade recommends you disable a switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 247
the default switch. If there are multiple logical switches created in a Virtual Fabric-enabled system, there may be problems if there are ports that belong to the default switch in a Virtual parameters. VEX_Port configuration parameters. Fabric OS Administrator's Guide 247 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 248
switch only when necessary. Configuration download without disabling a switch is independent of the hardware platform and supported switch. Use the SFID parameter only when the logical switch has no configuration information you want to save. 1. Verify that the FTP service switch by the switch, enter - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 249
. Downloading configuration to an online switch may result in some configuration not being downloaded to that switch. configDownload operation may take several minutes to complete for large files. Do you want to continue [y/n]:y Password: Fabric OS Administrator's Guide 249 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 250
logical switch. The -vf option only restores the Virtual Fabrics configuration information on to a switch of the same model. The Virtual Fabrics configuration on the switch defines all of the logical switches allowed and configured for a particular platform. 250 Fabric OS Administrator's Guide 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 251
restoring the Virtual Fabrics configuration to fully restore your switch or chassis configuration. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the configDownload -vf command. 3. Respond to the prompts. Fabric OS Administrator's Guide 251 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 252
switch. 6. Verify the LISL ports are set up correctly. Example of a non-interactive download from a switch Example of configDownload on a switch 5100:FID128:admin> configdownload the switch. Afterwards, the switch for any logical switch(s) that are switch switches. , logical switch definitions, whether - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 253
reference for your configuration information. In the hardware reference manuals for the Brocade DCX and DCX-4S Backbones, there is a guide for FC port-setting. TABLE 48 Brocade configuration and connection form Brocade configuration settings IP address Gateway address Chassis configuration option - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 254
8 Brocade configuration form 254 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 255
between two Brocade DCX 8510-8 Backbones. CR4S-8 blades can be inserted only into slots 3 and 6 on the Brocade DCX 8510-4. NOTE For more information on troubleshooting a firmware download, refer to the Fabric OS Troubleshooting and Diagnostics Guide. Fabric OS Administrator's Guide 255 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 256
download process then copies the new image from the primary partition to the secondary partition. ATTENTION The Brocade 8000 does not support a nondisruptive firmware download. The switch reboots once the firmware upgrade or downgrade is complete. In dual-CP systems, the firmware download process - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 257
without a password using the sshutil command for public key authentication when SSH is selected. The switch must be configured to install the private key, and then you must export the public key to you need to use the firmwareDownload -s command. Fabric OS Administrator's Guide 257 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 258
For additional support, connect the switch to a computer with a serial console cable. Ensure that all serial consoles (both CPs for Backbones) and any open network connection sessions, such as Telnet, are logged and included with any trouble reports. 258 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 259
helps to troubleshoot the firmware download process if a problem is encountered. 6. Optional: Enter the errClear command to erase all existing messages in addition to internal messages. Obtaining and decompressing firmware Firmware upgrades are available for customers with support service contracts - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 260
options) on Brocade fixed-port switches: • The problems) before issuing the firmwareDownload command again. Disrupting the process can render the switch inoperable and require you to seek help from your switch service provider. Do not disconnect the switch from power during the process. The switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 261
Brocade fixed-port switches 1. Take the following appropriate action based on what service you are using: • If you are using FTP, SFTP, or SCP, verify that the FTP or SSH server is running on the host server and that you have a valid user ID and password on that server. • If your platform supports - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 262
haSyncStart command. If the CPs are still not in sync, refer to the Fabric OS Troubleshooting and Diagnostics Guide. If the troubleshooting information fails to help resolve the issue, contact your switch service provider. During the upgrade process, the Backbone fails over to its standby CP blade - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 263
user ID on that server. 3. Obtain the firmware file from the Brocade website at http://www.brocade.com and store the file on the FTP or SSH server. 4. , contact your switch service provider. For further troubleshooting, refer to the Fabric OS Troubleshooting and Diagnostics Guide. 8. Enter - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 264
download status. sw0:FID128:admin> firmwaredownloadstatus [1]: Mon Mar 22 04:27:21 2010 Slot 7 (CP1, active): Firmware is being downloaded to the switch. This step may take up to 30 minutes. [2]: Mon Mar 22 . [4]: Mon Mar 22 04:35:30 2010 264 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 265
switch. Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, 8000, and VA-40FC switches and the Brocade DCX, DCX-4S, or DCX 8510 Backbones support a firmware download from a Brocade branded USB device attached to the switch switch using an account assigned to the the switch using support\ 0B 2010 Mar - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 266
using the absolute path 1. Log in to the switch using an account assigned to the admin role. 2. Enter the firmwareDownload command with the -U operand. ecp:admin>firmwaredownload -U /usb/usbstorage/brocade/firmware/v7.1.0 FIPS support Federal Information Processing Standards (FIPS) specify the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 267
validation fails, firmware download fails. This means the firmware is not from Brocade, or the contents have been modified. • If the firmware file has switch and log in using an account with admin permissions. 2. Enter the configure command. 3. Respond to the prompts as follows: System Service - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 268
user ID on that server. 2. Obtain the firmware file from the Brocade website at http://www.brocade.com or the switch support provider and store the file on the FTP or SSH server. 3. Network Protocol (1-auto-select, 2-FTP, 3-SCP, 4-SFTP) [1]: 268 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 269
step 8 to commit the firmware on the switch, which completes the firmware download operations. 8. switch is fully up and operational. c. Log in to the switch. Enter the firmwareShow command and verify that both partitions on the switch have the original firmware. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 270
do not run mixed firmware levels on CPs. Testing different firmware versions on Backbones 1. Connect to the Brocade Backbone IP address. 2. Enter the ipAddrShow command and note the address of CP0 and CP1. 3. 262 for details about autoleveling. 270 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 271
both partitions on both CPs contain the new firmware. d. Enter the haShow command to confirm that the HA state is in sync. Fabric OS Administrator's Guide 271 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 272
access their storage devices. If you want to upgrade a Backbone with only one CP in it, follow the procedures in "Testing and restoring firmware on switches" on page 268. Be aware that upgrading a Backbone with only one CP is disruptive to - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 273
switch cannot connect to the fabric and further troubleshooting is necessary. firmwareShow Displays the current firmware level on the switch. For Brocade Displays all devices directly connected to the switch that have logged in to the all switches in a fabric. Make sure the number of switches in - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 274
9 Validating a firmware download 274 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 275
switch overview 276 •Logical fabric overview 281 •Management model for logical switches 281 •Account management and Virtual Fabrics 286 •Supported platforms of the following specific features: • Logical switch • Logical fabric • Device sharing Fabric OS Administrator's Guide 275 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 276
about supported switches and port types, refer to "Supported exclusive and are not supported at the same time on a switch. NOTE A note switch. Each logical switch functions as an independent self-contained FC switch. NOTE Each chassis can have multiple logical switches. Default logical switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 277
FID 15 in the chassis. The default logical switch is initially assigned FID 128. You can change this value later. NOTE Each logical switch is assigned one and only one FID. The FID identifies the logical fabric to which the logical switch belongs. Fabric OS Administrator's Guide 277 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 278
P1 P3 P5 P7 P9 Logical switch 2 Logical switch 1 (Default logical switch) P0 P1 P7 P8 P2 Logical switch 2 P3 Logical switch 3 P4 P9 Logical switch 3 P5 Logical switch 4 P6 Logical switch 4 FIGURE 20 Assigning ports to logical switches 278 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 279
from the default logical switch. Refer to "Supported platforms for Virtual Fabrics" on page 286 for detailed information about these ports. Logical switches and connected devices You can connect devices to logical switches, as shown in Figure 21 on page 280. In logical switch 2, P2 is an F_Port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 280
chassis Logical switch 1 P1 (Default logical switch) Fabric ID 128 H1 Logical switch 2 P2 Fabric ID 1 P3 D1 P4 Logical switch 3 Fabric ID 15 P5 D2 Logical switch 4 P6 ISL Fabric ID 8 Switch FIGURE 21 Logical switches connected to devices and non-Virtual Fabrics switch Figure 22 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 281
switches and to other logical switches.You connect logical switches to non-Virtual Fabrics switches using an ISL, as shown in Figure 21. You connect logical switches to other logical switches in two ways: • Using ISLs • Using base switches and extended ISLs (XISLs) Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 282
no ISLs between them and they cannot use the ISLs between the other logical switches. NOTE Only logical switches with the same FID can form a fabric. If you connect two logical switches with different FIDs, the link between the switches segments. 282 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 283
can be used for communication among the other logical switches. • Base switches do not support direct device connectivity. A base switch can have only E_Ports, VE_Ports, EX_Ports, or VEX_Ports, but no F_Ports. • The base switch provides a common address space for communication between different - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 284
switch connections that are allowed by the XISL. FIGURE 26 Logical ISLs connecting logical switches To use the XISL, the logical switches in "Configuring a logical switch to use XISLs" on switches in FID 1 can travel over either the ISL or the XISL. Traffic between the other logical switches - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 285
switch, all of the logical ISLs are broken and the logical switches switches, the base switches must have the same FID to be connected. If the base switches have different FIDs, the link between the switches switches not supported on logical the Brocade Organizationally Unique logical switches. - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 286
switch:FID15:admin> Refer to Chapter 5, "Managing User Accounts," for information about creating user accounts and assigning FIDs to user accounts. Supported platforms for Virtual Fabrics The following platforms are Virtual Fabrics-capable: • Brocade 5100 • Brocade 5300 • Brocade 6510 • Brocade 6520 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 287
(F, E) Yes (VE) Yes (F, E,) Yes (VE) Yes (E, EX) Yes (VE, VEX) ICL ports Yes Yes Yes 1. In the Brocade DCX and DCX 8510-8, ports 56-63 of the FC8-64 blade are not supported as E_Ports on the default logical switch. The Brocade DCX-4S and DCX 8510-4 do not have this limitation. 2. In the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 288
platforms and the maximum number of logical switches (including the default logical switch) supported on each. TABLE 52 Platform Maximum number of logical switches per chassis Maximum number of logical switches Brocade DCX 8 Brocade DCX-4S 8 288 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 289
per chassis (Continued) Maximum number of logical switches Brocade DCX 8510 family 8 Brocade 5300 4 Brocade 5100 3 Brocade 6510 4 Brocade 6520 4 Brocade 7800 4 Brocade VA-40FC 3 Refer to "Supported port configurations in Brocade Backbones" on page 287 for restrictions on the default - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 290
such as logical switch and logical service: iSCSI service: iSNS client service: Virtual Fabric: Ethernet Switch Service: disabled Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform switch in the default switch, the F_Port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 291
> fosconfig --show FC Routing service: disabled iSCSI service: Service not supported on this Platform iSNS client service: Service not supported on this Platform Virtual Fabric: enabled Ethernet Switch Service Service not supported on this Platform switch:admin> fosconfig --disable vf - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 292
4. Enter the appropriate value at the Config Index prompt. Contact your switch service provider to determine the appropriate value. Config Index (0 to ignore): (0..1000) [3]: Creating a logical switch or base switch When the logical switch is created, it is automatically enabled and is empty-that is - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 293
--fid all -cmd "command" Example 1: Executing the switchShow command in a different logical switch context sw0:FID128:admin> fosexec --fid 4 -cmd "switchshow" "switchshow" on FID 4: switchName: switchType: switchState: switch_4 66.1 Online Fabric OS Administrator's Guide 293 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 294
FID: 4, Base Switch: No, Default Switch: No, Address switches sw0:FID128:admin> fosexec --fid all -cmd "fabricshow fabricshow" on FID 128: Switch "fabricshow" on FID 4: Switch ID Worldwide Name Enet IP switch from the one you are deleting. Use the following procedure to delete a logical switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 295
must manually reinstall them on the port after the move. Notes • If the logical switch to which FC8-64 blade to the base switch. These ports are not supported on the base switch. The Brocade DCX-4S and DCX 8510-4 switch when you are ready to continue. Fabric OS Administrator's Guide 295 53-1002745 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 296
a list of all logical switches and the ports assigned to switch. The fabric ID indicates in which fabric the logical switch participates. By changing the fabric ID, you are moving the logical switch switch context. NOTE If you are in the context of the logical switch logical switch from the one with - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 297
Changing a logical switch to a base switch Use the following procedure to change a logical switch to a base switch. 1. Connect to the switch and log in Allow XISL Use: ON LS Attributes: [FID: 7, Base Switch: No, Default Switch: No, Address Mode 0] (output truncated) switch_25:FID7:admin> configure - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 298
you like to continue [y/n]?: y Disabling the proposed new base switch... Disabling switch fid 7 Please enable your switches when ready. switch_25:FID7:admin> switchenable Setting up IP addresses for a Virtual Fabric NOTE IPv6 is not supported when setting the IPFC interface for Virtual Fabrics. Use - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 299
switch to use XISLs in the base fabric. XISL use is not supported logical switch you switch you want to switch to and manage. The switchname parameter is the name assigned to the logical switch switch you want to switch to and manage. The switchname parameter is the name assigned to the logical switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 300
in the chassis are assigned to the default logical switch. c. Create a base switch and assign it a fabric ID that will become the FID of the base fabric. See "Creating a logical switch or base switch" on page 292 for instructions on creating a base switch. For the example shown in Figure 28, you - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 301
FID in the base fabric. See "Creating a logical switch or base switch" on page 292 for instructions. For the example shown in Figure 28, you would create a logical switch with FID 1 and a logical switch with FID 15. c. Assign ports to the logical switch, as described in "Adding and moving ports on - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 302
10 Creating a logical fabric using XISLs 302 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 303
information. • LSAN zones Provide device connectivity between fabrics without merging the fabrics. See "LSAN zone configuration" on page 590 for more information. Fabric OS Administrator's Guide 303 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 304
based service that switch with the highest Fabric OS level to perform zoning tasks. To list the commands associated with zoning, use the zoneHelp command. For detailed information on the zoning commands used in the procedures, see the Fabric OS Command Reference. 304 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 305
affect the smallest possible number of devices, minimizing the impact of an incorrect zone change. This zoning philosophy is the preferred method. Fabric OS Administrator's Guide 305 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 306
A zone object is any device in a zone, such as: • Physical port number or port index on the switch • Node World Wide Name (N-WWN) • Port World Wide Name (P-WWN) Zone objects identified by port number or index only the single port is in the zone. 306 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 307
the configuration that can be implemented and provide the most generic services. If other configurations are used for specialized purposes, names that configuration are in effect. Several zone configurations can reside on a switch at once, and you can quickly alternate between them. For example, - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 308
however, only that there is no configuration active in the fabric. On power-up, the switch automatically reloads the saved configuration. If a configuration was active when it was saved, the same configuration -based hardware enforcement is in effect. 308 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 309
zone types: 1. Connect to the switch and log in using an account is predictable and acceptable. Ensuring that the HBA drivers are current can shorten the response time in Analyzer from Web Tools to isolate any possible problems. This is especially useful as fabrics increase Guide 309 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 310
following are recommendations for using zoning: • Always zone using the highest Fabric OS-level switch. Switches with earlier Fabric OS versions do not have the capability to view all the functionality zone) with the sender of the broadcast frame. 310 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 311
because of its membership in the AD2 broadcast zone. When a switch receives a broadcast packet it forwards the packet only to those devices Refer to "Validating a zone" on page 323 for complete instructions. Broadcast zones and FC-FC routing If you create broadcast zones Guide 311 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 312
and broadcast zones Delivery of broadcast packets to individual devices in a loop is not controlled by the switch. Consequently, adding loop devices to a broadcast zone does not have any effect. If a loop device is not enforced on logical ports. 312 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 313
aliadd "array1", "1,2" switch:admin> aliadd "array2", "21:00:00:20:37:0c:72:51" switch:admin> aliadd "loop1", "5,6" switch:admin> cfgsave WARNING!!! The changes you are attempting to save will render the Effective configuration and the Defined configuration Fabric OS Administrator's Guide 313 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 314
1. Connect to the switch and log in using switches to indicate that the transaction was aborted. Example switch:admin> aliremove "array1", "1,2" switch:admin> aliremove "array2", "21:00:00:20:37:0c:72:51" switch:admin> aliremove "loop1", "4,6" switch switches 1. Connect to the switch and log in using - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 315
following procedure to view an alias in the configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliShow switch:admin> alishow "arr*" alias: array1 21:00:00:20:37:0c:76:8c alias: array2 21:00:00:20:37:0c:66:23 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 316
zones: 1. Connect to the switch and log in using an account cfgShow command. Example Displaying existing zones switch:admin> cfgshow Defined configuration: zone: create a zone: 1. Connect to the switch and log in using an account with admin NOTE This command supports partial pattern matching - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 317
switch in the fabric when this command is run, the transaction on the other switch is automatically aborted. A message displays on the other switches switch:admin> zonecreate sloth, "b*; 10:00:00:00:01:1e:20:20" switch:admin> cfgsave switch 1. Connect to the switch and log in using command supports - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 318
procedure to remove members from a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter "zonename", "aliasname_pattern*[;members]" NOTE This command supports partial pattern matching ("wildcards") of zone member 318 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 319
following procedure to replace members in a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the wwn/D,I new wwn/D,I NOTE This command does not support partial pattern matching ("wildcards") of zone member aliases OS Administrator's Guide 319 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 320
configuration: (No Access) switch:admin> switch:admin> zoneobjectreplace 11,2 4,8 switch:admin> cfgsave switch:admin> cfgshow Defined configuration: zone Use the following procedure to delete a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 321
with saving the Defined zoning configuration only? (yes, y, no, n): [no] y switch:admin> switch:admin> cfgshow Defined configuration: zone: matt zeus; bond; jeff; 4,8 alias: bawn 3,5 configuration: No Effective configuration: (No Access) Fabric OS Administrator's Guide 321 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 322
a zone in the configuration: 1. Connect to the switch and log in using an account with admin permissions. with A, B, or C, in ascending order: switch:admin> zoneshow --sort "[A-C]*" zone: Blue_zone deleted. Example Displaying existing zone database switch:admin> cfgshow Defined configuration: cfg: - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 323
00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 Effective configuration: cfg: fabric_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 1,2 Example cfgShow --transdiffsonly output for the example above switch:admin> cfgshow --transdiffsonly *zone: green_zone -1,1; 1,2; +6,15 *zone - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 324
21:00:00:20:37:0c:71:df 3. Enter the zone --validate command to list all zone members that are not part of the current zone enforcement table. Note that zone configuration names are case-sensitive; blank spaces are ignored. switch zone database location. Supported mode flag values Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 325
?" (yes, y, no, n): [no] y Example 'Inconsistent Defined and Effective Zone Database' warning to user switch: admin> zoneShow Defined configuration: cfg: cfg1 zone1; zone2 zone: zone1 10:00:00:00:00:00:00:01 00:00:00:02 zone: zone2 1,1; 1,2 Fabric OS Administrator's Guide 325 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 326
to the entire fabric, regardless of switch model. The default setting is " zoning mode to No Access. NOTE For switches in large fabrics, the default zone mode mode: 1. Connect to the switch and log in using an account enter one of these commands. Example switch:admin> defzone --noaccess You are about - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 327
for switches in mode: 1. Connect to the switch and log in using an account supported maximum zone database size is 2 MB for systems running only Brocade switches running Fabric OS 7.0.0 or later and some switches switch, a zone database size of 128 KB is enforced. To avoid this problem, use the switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 328
not exceed the maximum configuration size supported by all switches in the fabric. This is particularly important if you downgrade to a Fabric OS version that supports a smaller zone database than the configuration only? (yes, y, no, n): [no] y 328 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 329
Defined configuration inconsistent. The inconsistency will result in different Effective Zoning configurations for switches in the fabric if a zone merge or HA failover happens. To avoid Defined zoning configuration only? (yes, y, no, n): [no] y Fabric OS Administrator's Guide 329 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 330
switch in the fabric when this procedure is run, the transaction on the other switch is automatically aborted. A message displays on the other switches Connect to the switch and log in the prompt. Example switch:admin> cfgenable of requests to the switch. In this situation, . Example switch:admin> - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 331
the switch and switch in the fabric when this command is run, switch is automatically aborted. A message displays on the other switches to indicate that the transaction was aborted. Example switch:admin> cfgdelete "testcfg" switch switch:admin> zoneremove "zone1","3,5" switch the switch switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 332
in using an account with admin permissions. 2. Enter the cfgActvShow command. Example switch:admin> cfgactvshow Effective configuration: cfg: NEW_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 1,2 21:00:00:20:37:0c:76:22 21:00:00:20:37:0c:76:28 zone: Purple_zone - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 333
or a zone. Use the following procedure to copy a zone object: 1. Connect to the switch and log in using an account with admin permissions. 2. Use cfgShow to view the zone any Admin Domain except AD255. switch:admin> zone --copy Test1 US_Test1 Fabric OS Administrator's Guide 333 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 334
21:00:00:20:37:0c:71:df 3. Use zone --expunge to delete the zone object. NOTE Zone configuration names are case-sensitive, blank spaces are ignored and the zone --expunge command works in any Admin Domain except AD255. switch:admin> zone --expunge "White_zone" 334 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 335
switch reboots switch switch 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df 3. Use zoneObjectRename to rename zone configuration objects. NOTE Zone configuration names are case-sensitive, blank spaces are ignored, and the zoneObjectRename command works in any Admin Domain except AD255. switch switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 336
database" on page 332. If you are adding a switch that is already configured for zoning, clear the zone configuration on that switch before connecting it to the zoned fabric. See "Clearing all zone configurations" on page 333 for instructions. 336 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 337
and TI zones are present on either switch, the TI zones are not automatically activated after the merge. Check the TI zone enabled status using the zone --show command and if the status does not match across switches, issue the cfgenable command. Fabric OS Administrator's Guide 337 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 338
zone configurations, they will not be merged. If the two fabrics cannot join, the ISL between the switches will segment. • Merge conflicts When a merge conflict is present, a merge will not take place and , then the fabrics might segment. 338 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 339
the fabric. No change (clean merge). No change (clean merge). Switch A will absorb the configuration from the fabric. Switch A will absorb the configuration from the fabric, with cfg1 as the : ali1; ali2 cfg2: zone2: ali3; ali4 effective: none Fabric OS Administrator's Guide 339 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 340
configuration will be a composite of the two, with cfg1 as the effective configuration. Clean merge. Switch A absorbs the defined configuration from the fabric, with cfg1 as the effective configuration. In this due to: Zone Conflict type mismatch 340 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 341
are not automatically activated after the merge. defined: none Fabric segments because all switches in the fabric must be running Fabric OS v6.4.0 or later to support Enhanced TI zones. Switch B Expected results defzone: noaccess defzone: allaccess defzone: noaccess effective: cfg2 defzone - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 342
both sides have default zone mode No Access set, the merge results vary depending on which switch initiates the merge. Concurrent zone transactions While working on zone sets, a special work space is 'cfg' configuration (yes, y, no, n): [no] 342 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 343
| --help] Sample output: switch:admin> cfgtransshow Current transaction token is 0x571010459 It is abortable switch:admin> cfgtransshow --help Usage: list of Domains with Open Transactions cfgTransShow --help : Help switch:admin> cfgtransshow --opentrans Current transaction token is 0x3109 It is - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 344
11 Concurrent zone transactions 344 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 345
for TI zones 356 •Supported configurations for Traffic Isolation Zoning zone 369 •Displaying TI zones 369 •Troubleshooting TI zone routing problems 370 •Setting up TI over FCR zone is activated, the fabric attempts to isolate all inter-switch traffic entering from a member of the zone to only - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 346
347 for additional information about using this feature. Table 61 compares the behavior of traffic when failover is enabled and disabled. 346 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 347
, the specified ISLs will not be able to route any traffic. • If the path between devices in a TI zone is broken, no inter-switch RSCNs are generated. Each switch that is part of the TI zone generates RSCNs to locally attached devices that are part of the TI zone and are registered - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 348
are multiple paths between switches. Disabling failover locks the • Domain controller frames can use any path between switches. Disabling failover does not affect Domain Controller connectivity. the insistent Domain ID feature be enabled; if a switch changes its active domain ID, the route is broken. - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 349
TI zone. If failover is disabled, the TI zone traffic stops until the dedicated path is configured to be the shortest path. Fabric OS Administrator's Guide 349 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 350
1 Domain 2 FIGURE 35 Enhanced TI zones = ETIZ 1 = ETIZ 2 Enhanced TI zones are especially useful in FICON fabrics. See the FICON Administrator's Guide for example topologies using enhanced TI zones. See "Additional configuration rules for enhanced TI zones" on page 358 for more information about - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 351
report of existing and potential problems with TI zone configurations, as described in "Troubleshooting TI zone routing problems" on page 370. Illegal ETIZ (1,1), (1,2), (3,6), (3,8) • ETIZ 2 contains (2,1), (2,2), (1,4), (1,3), (3,7), (3,8) Fabric OS Administrator's Guide 351 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 352
Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. Some VE_Port-based features, such as tape pipelining, require the request and can contain one or more FC routers. 352 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 353
path is used. If failover is disabled and the TI path is not available, then devices are not imported. NOTE For TI over FCR, all switches in the backbone fabric and in the edge fabrics must be running Fabric OS v6.1.0 or later. Fabric OS Administrator - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 354
Xlate Domain 4 Proxy Target In the TI zone, when you designate E_Ports between the front and xlate phantom switches, you must use -1 in place of the "I" in the D,I notation. Both the front and xlate domains a TI zone within the backbone fabric. 354 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 355
:00:00:00:02:00:00 (Port WWN for target 1) • 10:00:00:00:00:03:00:00 (Port WWN for target 2) Fabric OS Administrator's Guide 355 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 356
be defined within TI zones. Only one ISL or trunk can be defined between two backbone switches. • TI over FCR is supported only from edge fabric to edge fabric. Traffic isolation from backbone to edge is not supported. • Non-TI data traffic is not restricted from going through the TI path in the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 357
the TI zone was configured incorrectly and E_Port "3,9" was erroneously omitted from the zone. The domain 3 switch assumes that traffic coming from E_Port 9 is not part of the TI zone and so that traffic is not in TI zone: 1 TI Zone Name: operand Fabric OS Administrator's Guide 357 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 358
TI traffic. The Brocade DCX-4S and DCX 8510-4 do not have this limitation. • VE_Ports are supported in TI zones. • TI Zoning is not supported in fabrics with switches running firmware versions earlier TI zones with these switches in the fabric. 358 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 359
the TI zone, separated into present and not present, and displayed per TI Zone basis. Sample output switch:admin> zone --showTItrunkerrors TI Zone Name: brackets E-Port Trunks Trunk members in TI zone: 16 18 about TI zones in a backbone fabric. Fabric OS Administrator's Guide 359 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 360
zones that have members with port index greater than 511 are not supported with Fabric OS versions earlier than v6.4.0. If such a TI zone TI zones on ICL ports in topologies that span more than two switches connected with ICLs. If a user-defined TI zone breaks the ICL 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 361
fabrics, with the following exceptions: • The disable failover option is not supported in logical fabrics that use XISLs. Although logical switches that use XISLs allow the creation of a TI zone with failover circled ports shown in Figure 43. Fabric OS Administrator's Guide 361 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 362
that the base fabric zone contains a reference to port 1,3 even though the base switch with domain 1 does not have a port 3 in the switch. This number refers to the port in the chassis with port index 3, which actually belongs to LS3 in FID 1. 362 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 363
over the EX_Ports in the base switches. 1 F 2 E LS3, FID1 3 E Domain 3 4 EX 5 EX Base switch Domain 1 6 E 7 E 10 F LS2, FID3 Domain 6 11 E 12 E 15 E 16 E 13 EX Base switch Domain 2 14 EX FIGURE 45 FC routers in logical fabrics Fabric OS Administrator's Guide 363 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 364
described in "Creating a TI zone in a base fabric" on page 366. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zone --create command: zone --create zones. cfgenable "current_effective_configuration" 364 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 365
TI zones in a logical fabric, such as the one shown in Figure 43 on page 362: Log in to the logical switch FID1, Domain 7 and create a TI zone in the logical fabric with FID=1: LS1> zone --create -t ti -o "USA_cfg" is in effect Updating flash ... Fabric OS Administrator's Guide 365 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 366
zone in a base fabric 1. Connect to the switch and log in using an account with admin f name -p "portlist" The disable failover option is not supported in base fabrics. 4. Perform the following steps if you have 2,8" BS_D1> cfgenable "base_config" 366 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 367
then change the failover type, and finally re-add the overlapping members. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter one of the following commands the TI zones. cfgenable "current_effective_configuration" Fabric OS Administrator's Guide 367 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 368
switch:admin> zone --add bluezone -p "3,4; 3,6" To add port members to the existing TI zone in a backbone fabric: switch switch:admin> zone --add -o f greenzone -p "3,4" To remove ports from the TI zone bluezone: switch state. 1. Connect to the switch and log in using an switch:admin> zone - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 369
zones" on page 367. 1. Connect to the switch and log in using an account with admin permissions. zone bluezone, type: switch:admin> zone --delete effective zone configuration. 1. Connect to the switch and log in using an account with about the TI zone purplezone switch:admin> zone --show purplezone - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 370
Troubleshooting TI zone routing problems Example displaying information about all TI zones in the defined configuration in ascending order switch a problem for devices that join the fabric later. 1. Connect to the switch and in Figure 36 on page 351. switch:admin> zone --showTIerrors My Domain: - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 371
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name 1: fffc01 50:00:51:e3:95:36:7e:04 0.0.0.0 0.0.0.0 "fcr_fd_1" 4: fffc04 10:00:00:60:69:80:1d:bc 10.32.72.4 0.0.0.0 >"E1switch" 6: fffc06 50:00:51:e3:95:48:9f:a0 0.0.0.0 0.0.0.0 "fcr_xd_6_9" Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 372
00:00:05:1e:40:f0:7d 10.32.72.9 0.0.0.0 >"E2switch" The Fabric has 3 switches b. Enter the following commands to create and display a TI zone: E2switch:admin> zone -- Port List: 9,2; 9,3; 9,6; 1,-1; 4,-1 Status: Activated Failover: Enabled 372 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 373
traffic isolation zone changes Do you want to enable 'cfg_TI' configuration (yes, y, no, n): [no] y zone config "cfg_TI" is in effect Updating flash ... Fabric OS Administrator's Guide 373 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 374
12 Setting up TI over FCR (sample procedure) 374 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 375
Supported configurations for bottleneck detection 377 •Credit Loss 379 •Enabling bottleneck detection on a switch have a history of bottlenecks. • Reduce the time it takes to troubleshoot network problems. If you notice one or more applications slowing down, you can Guide 375 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 376
if it is contributing to the congestion. Notes • Bottleneck detection is configured on a per-switch basis, with optional per-port exclusions. • Bottleneck detection is disabled by default. Best practice cannot be turned on and off independently. 376 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 377
F_Ports - FL_Ports • F_Port and E_Port trunks are supported. • Long distance E_Ports are supported. • FCoE F_Ports are supported. • Bottleneck detection is supported on 4-Gbps, 8-Gbps, and 16-Gbps platforms, for link utilizations above 85%. Fabric OS Administrator's Guide 377 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 378
the trunk. Virtual Fabrics considerations for bottleneck detection Bottleneck detection is supported in both VF and non-VF modes. In VF mode, if bottleneck detection If bottleneck detection is enabled on a logical switch with some F_Ports connected to an Access Gateway, you 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 379
-end ports and core blades as well as on the Brocade 5300 and 6520 switches, although the support is slightly different on each device. See below for details on these switches, and the Fabric OS Troubleshooting and Diagnostics Guide for more general information. Back-end credit loss detection and - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 380
13 Enabling bottleneck detection on a switch The following credit loss recovery methods are supported for Brocade 6520 back-end ports: • For all the credit loss methods described above, a link reset will automatically be performed, assuming that this option was enabled. See "Enabling - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 381
detection on a switch" on page 380 for instructions on enabling bottleneck detection. Example of status output showing that bottleneck detection is enabled for both congestion and latency switch:admin> bottleneckmon --status Bottleneck detection - Enabled Fabric OS Administrator's Guide 381 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 382
that only a congestion alert at the switch level has been set switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch-wide sub-second latency bottleneck criterion: Time 3 seconds are affected by a latency bottleneck. 382 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 383
values. switch:admin> bottleneckmon --enable -alert switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch-wide bottleneck criterion: Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: Alerts - Yes Latency threshold for alert - - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 384
for ports. After you enable bottleneck detection, you can change the alerting parameters for the entire switch or just for individual ports. For example, you can change only the latency threshold for only parameters only on the master port. 384 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 385
2: Changing time window value for an entire switch This changes the time window value to 200 seconds for the entire switch. switch:admin> bottleneckmon --config -alert -time 200 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Fabric OS Administrator's Guide 385 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 386
--status Bottleneck detection - Enabled Switch-wide sub-second latency bottleneck criterion: Time threshold - 0.800 Severity threshold - 50.000 Switch-wide alerting parameters: Alerts - Yes Latency threshold for alert - 0.200 386 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 387
switch:admin> bottleneckmon --config -alert=latency -time 250 47 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch 50.000 Switch-wide alerting switch:admin> bottleneckmon --configclear 46-47 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 388
- 150 seconds Adjusting the frequency of bottleneck alerts Depending on the circumstances, a problematic switch or port might be triggering alerts more frequently than desired. The -qtime parameter can be specific F_Ports for this application. 388 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 389
criterion parameters only on a per-port basis. You cannot change them on the entire switch, as you can with alerting parameters, unless you disable and then re-enable bottleneck detection general, however, per-port exclusions are not recommended. Fabric OS Administrator's Guide 389 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 390
detection: 1. Connect to the switch to which the target port bottleneck detection on a switch" on page 392 switch:admin> bottleneckmon --exclude 7 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch 50.000 Switch-wide alerting switch:admin> bottleneckmon --include 7 switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 391
of bottlenecked ports is any port that had a bottleneck occur during any second in the corresponding interval. switch:admin> bottleneckmon --show -interval 5 -span 30 Wed Jan 13 18:54:35 UTC 2010 List Jan 13 18:54:30 Jan 13 18:54:35 0 Fabric OS Administrator's Guide 391 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 392
to disable bottleneck detection on the switch. switch:admin> bottleneckmon --disable Example of disabling bottleneck detection on a switch switch:admin> bottleneckmon --disable switch:admin> bottleneckmon --status Bottleneck detection - Disabled 392 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 393
an ISL between two Brocade switches, and then to be switch. NOTE The in-flight encryption and compression features are supported for any port speed, but only on 16G-capable E_Ports and EX_Ports on the Brocade 6510 and 6520 switches and the Brocade links connecting three Brocade switches. One link is - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 394
R_CTL = 0x4 are supported. For compression, only R_CTL = 0x1 is supported. Non FCP data frames 0x8) are not supported. NOTE No license number of ports supported for encryption support encryption or compression. ICL ports do not currently support encryption or compression. • Encryption is not supported - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 395
above/one 3. For Brocade 6520, four edge ASICs; per ASIC limit = numbers above/four NOTE Even though this table does not show all the possible combinations of different speeds for the encryption/compression ports, other combinations are also supported. The number of supported ports is automatically - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 396
values. At this time expiry keys are not supported. This means that the keys generated for a port details. Usage: portEncCompShow [slot/]port Example output switch:admin> portStatsShow 16/17 16 16 011000 id :33:13:71:3e "switch16 switch> portenccompshow User Encryption Compression Port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 397
No No No 21 No No No switch:admin> portcfgcompress --enable 2 Example Disabling the compression configuration on port 2 switch switch:admin> portcfgencrypt --enable 2 Example Disabling the encryption configuration for port 2 switch switch:admin> portshow 10/44 portIndex: 348 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 398
following points apply to authentication and Key generation on the supported devices: • The Diffie-Hellman - Challenge Handshake Authentication the event of encryption/compression port failures. For Brocade 6510 and 6520 switches, if the two ports are not configured for trunking Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 399
E_Ports and EX_Ports in the user-created logical switch, base switch, or default switch; and EX_Ports on base switches can support encryption and compression. You can configure encryption on occur during port initialization if authentication fails. Fabric OS Administrator's Guide 399 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 400
to enable authentication across a FC router and an edge fabric switch, you must first bring all EX_Ports online without using authentication. . The following topics provide step-by-step instructions for performing encryption and compression tasks: • Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 401
switch:admin> portenccompshow User Encryption Compression Config Port configured Active configured Active Speed ------ ---------- ------ ----- 17 No No No No 4G 18 No No No No 4G 19 No No No No 4G 20 No No No No 4G 21 that can support the encryption and compression - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 402
No 4G No 8G No 16G No 16G switch> portcfgspeed 1 0 Configuration for port (1) failed as it exceeds current supported capacity. Compression ratios and encryption/compression enabled ports and the tx values are before compression. 402 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 403
:admin> authutil --set -g 4 DH Group was set to 4. or alternatively: switch:admin> authutil --set -g "*" DH Group was set to 0,1,2,3,4. For additional information about establishing DH-CHAP secrets, see "Secret key pairs for DH-CHAP" on page 213. Fabric OS Administrator's Guide 403 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 404
on a Brocade 6510 switch: switch:admin> portcfgencrypt --enable 21 The following example enables encryption on port 15 of an FC16-32 blade in slot 9 of an enterprise class platform: switch:admin> portcfgencrypt --enable 9/15 4. Enable the port with the portEnable command. After manually enabling the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 405
on port 21 on a Brocade 6510 switch: switch:admin> portcfgcompress --disable 21 The following example switch:admin> portcfgcompress --disable 9/15 4. Enable the port with the portEnable command. After enabling the port, the new configuration becomes active. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 406
port on a blade in an enterprise class platform named 'myDCX' to a port on a Brocade 6510 switch named 'myswitch'. Table 63 identifies each end of the ISL connection by device name, device compression • Disabling encryption • Disabling compression 406 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 407
Brocade 6510 named 'myswitch'. The same commands must also be entered on the peer switch Switch get the WWN of the peer switch. myswitch:admin> secauthsecret --set switch is configured to do DH-CHAP, it is performed whenever a port or a switch peer WWN, Domain, or switch name (Leave blank when done - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 408
to ON myswitch:admin> authutil --show AUTH TYPE HASH TYPE GROUP TYPE dhchap md5 4 Switch Authentication Policy: ON Device Authentication Policy: OFF myswitch:admin> Enabling encryption Next, you enable encryption Auto Disable: OFF 408 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 409
Shooter Port D-Port mode: Compression: Encryption: FEC: myswitch:admin> OFF OFF OFF ON OFF 0(R_A_TOV) 126 OFF OFF OFF ON ON OFF Fabric OS Administrator's Guide 409 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 410
Port D-Port mode: Compression: Encryption: FEC: myswitch:admin> OFF OFF OFF ON OFF 0(R_A_TOV) 126 OFF OFF OFF OFF OFF OFF 410 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 411
do not match at both ends. Example: If at one end there is a switch that does not support encryption/compression, the port will be disabled. • Encryption or compression configuration is of available ports has reached the bandwidth limitation. Fabric OS Administrator's Guide 411 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 412
Brocade 6510 named 'myswitch' as Fibre Channel Router (FCR) and an edge switch as 'edge'. Example Displaying port numbers on the FCR and Edge switches using the fcrEdgeShow command switch: secret key database myswitch:admin> secauthsecret --set 412 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 413
3e Enter peer secret: Re-enter peer secret: Enter local secret: Re-enter local secret: Enter peer WWN, Domain, or switch name (Leave blank when done): Are you done? (yes, y, no, n): [no] y Saving data to key store enable OFF NPIV capability ON Fabric OS Administrator's Guide 413 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 414
Compression: ON Encryption: ON FEC: ON myswitch:admin> Example Setting the secret key for the front phantom wwn projected by the FCR on the 'edge' switch Use portCfgExPort EX_Port# on the remote FCR to learn the front phantom - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 415
Principal Switch: : enabled OK core(N) Brocade Native 20 160 50: switch to use DH-CHAP protocol for authentication, setting the DH group to group 4, and activating switch Switch GROUP TYPE dhchap md5 4 Switch Authentication Policy: ON Device switch. Use portCfgExPort EX_Port# on that switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 416
The local secret that authenticates peer. Press enter to start setting up secrets > Enter peer WWN, Domain, or switch name (Leave blank when done): 50:00:53:31:37:43:ee:14 Enter peer secret: Re-enter peer Buffers OFF Fault Delay: 0(R_A_TOV) 416 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 417
is enabled with encryption and compression, you can verify using either the fcrEdgeShow or portCfgExPort commands. See the following section for details. Fabric OS Administrator's Guide 417 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 418
EX_Port, and displaying the port configuration parameters switch:admin> portcfgexport 47 Port 47 info Admin: enabled State: OK Pid format: core(N) Operate mode: Brocade Native Edge Fabric ID: 17 Preferred /Compression feature enabled. 418 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 419
is therefore capable of registering with all services of the fabric. This chapter does feature, refer to the Access Gateway Administrator's Guide. Each NPIV device has a unique device PID a non-existent virtual PID is not blocked by the switch; rather, it is delivered to the device attached to - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 420
all platforms that do not have Virtual Fabrics enabled. When Virtual Fabrics is enabled on the Brocade DCX and DCX-4S, fixed addressing mode is used only on the default logical switch. The number of NPIV devices supported on shared area ports (48-port blades) is reduced to 64 from 128 when Virtual - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 421
NPIV 15 TABLE 64 Platform Number of supported NPIV devices (Continued) Virtual Fabrics Logical switch type NPIV support DCX-4S Enabled Logical switch Yes, 255 virtual device limit.3 DCX-4S Enabled Base switch No. 1. Maximum limit support takes precedence if user-configured maximum - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 422
Enabling and disabling NPIV On the Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, and 8000 switches, the Brocade 5410, 5424, 5430, 5450, 5460, 5470, and 5480 embedded switches, Brocade DCX and DCX 8510 Backbone families NPIV feature was enabled. 422 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 423
The following example is sample output from the switchShow command: switch:admin> switchshow switchName:switch switchType:66.1 switchState:Online switchMode:Native switchRole:Principal switchDomain:1 switchId sample output for the portShow command: Fabric OS Administrator's Guide 423 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 424
for the virtual PIDs of a port. The following example is sample output from the portLoginShow command: switch:admin> portloginshow 2 Type PID World Wide Name credit df_sz cos fe 630240 c0:50:76:ff:fb =3 scr=3 scr=3 d_id=FFFFFC d_id=FFFFFC 424 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 425
425 •User- and auto-assigned FA-PWWN behavior 426 •Configuring FA-PWWNs 426 •Supported switches and configurations for FA-PWWN 429 •Configuration upload and download considerations for FA-PWWN LUN, thus simplifying boot over SAN configuration. Fabric OS Administrator's Guide 425 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 426
must be using a Brocade HBA or adapter. Refer to the release notes for the HBA or adapter versions that support this feature. Some configuration takes precedence over the automatically assigned FA-PWWN. This means the switch will bind the user-assigned FA-PWWN to the port if both Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 427
and some are to be executed on the server. 1. Log in to the edge switch to which the Access Gateway is directly connected. 2. Assign the FA-PWWN. • If you are manually assigning a WWN, enter the following command: fapwwn --assign -ag AG_WWN -port AG_port -v Virtual_PWWN • If you want the WWN to - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 428
c. Enter the following command: bcu port -faa port_id --query Once the Brocade HBA has been assigned the FA-PWWN, the HBA retains the FA-PWWN until . 1. Log in to the edge switch to which the device is connected. 2. Assign the FA-PWWN. • If you are manually assigning a WWN, enter the following - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 429
is supported on the following platforms: • Switch platforms running Fabric OS v7.0.0 or later: - Brocade DCX, DCX-4S, and DCX 8510 family - Brocade 300 - Brocade 5100 - Brocade 5300 - Brocade 6505 - Brocade 6510 - Brocade 6520 - Brocade 7800 - Brocade VA-40FC Fabric OS Administrator's Guide 429 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 430
later: - Brocade 300 - Brocade 5100 - Brocade 6505 - Brocade 6510 • Brocade HBAs with driver version 3.0.0.0: - Brocade 415 - Brocade 425 - Brocade 815 - Brocade 825 Configuration upload physical server can connect to a specific switch port. 430 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 431
the portswap command) - Cascaded Access Gateway topologies - FICON/FMS mode - With F_Port trunking on directly attached Brocade HBAs/adapters NOTE FA-PWWN is supported with F_Port trunking on the supported Access Gateway platforms. Access Gateway N_Port failover with FA-PWWN If an FA-PWWN F_Port on - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 432
16 Access Gateway N_Port failover with FA-PWWN 432 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 433
those resources. Admin Domains and Virtual Fabrics are mutually exclusive and are not supported at the same time on a switch. Do not confuse Admin Domains with zones: • Zones define which devices and degradation and unpredictable system behavior. Fabric OS Administrator's Guide 433 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 434
Admin Domain and has a range from 0 through 255. The domain ID identifies a switch in the fabric and has a range from 1 through 239. Figure 52 shows a 53, users can see all switches and E_Ports in the fabric, regardless of their Admin Domain; however, the switch ports and end devices are filtered - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 435
and devices within a switch or a fabric. • are not supported on the Brocade 8000. The Brocade 8000 can instructions). • Gigabit Ethernet (GbE) ports cannot be members of an Admin Domain. • Traffic Isolation Zoning is supported the FC-FC Routing Service and LSAN zones. Admin Guide 435 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 436
have only an explicit membership list. • The implicit membership list contains all devices, switch ports, and switches that have not been assigned to any other Admin Domain. Initially, the AD0 implicit not deleted unless you explicitly remove them. 436 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 437
Admin Domain. AD0 is useful when you create Admin Domains because you can see which devices, switch ports, and switches are not yet assigned to any Admin Domains. AD0 owns the root zone database (legacy zone encompasses the entire physical fabric. Fabric OS Administrator's Guide 437 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 438
one Admin Domain at a time. You can later switch to a different Admin Domain (refer to "Switching to a different Admin Domain context" on page 456 for instructions). • For default accounts such as admin and user, default user account is AD0 only. 438 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 439
switch:admin> switch:AD1:admin> switch , switch ports, or switches. Defining Switch port members Switch port members are defined by switch domain,index and have the following properties: • A switch port member grants port control rights and zoning rights for that switch port. • A switch A switch port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 440
list. NOTE If the switch domain ID changes, the Switch members Switch members are defined by the switch WWN or domain ID, and have the following properties: • A switch member grants administrative control to the switch. • A switch unconverted switch WWNs. The switch WWN has the following format: - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 441
56 shows the filtered view of the fabric as seen from AD3 and AD4. The switch WWNs are converted to the NAA=5 syntax; the device WWNs and domain IDs remain the 10:00:00:00:c8:3a:fe:a2 FIGURE 56 Filtered fabric views showing converted switch WWNs Fabric OS Administrator's Guide 441 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 442
service for Fabric OS features and operate in mixed-release Fabric OS environments. High availability is supported with some backward compatibility. When an E_Port comes online, the adjacent switches merge their AD databases. The receiving switch . 442 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 443
1. Log in to the switch with the appropriate RBAC role. current Admin Domain. If necessary, switch to the AD0 context by entering specify at least one member (switch, switch port, or device). You to the switch as the instructions. 4. Switch to the AD255 context, if you are not already in - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 444
instructions. Example of creating Admin Domains The following example creates Admin Domain AD1, consisting of two switches, which are designated by domain ID and switch WWN. switch two switches (designated by domain ID and switch WWN). switch:AD255:admin> ad --create blue_ad -d "100,5; 1,3; 21:00: - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 445
it. This example also assigns blue_ad1 as the user's home Admin Domain. switch:admin> userconfig --add ad1admin -r admin -h blue_ad1 -a "blue_ad1" The fabric administrator. switch:admin> userconfig --add pfa_admin1 -r admin -h 255 -a "0-255" Fabric OS Administrator's Guide 445 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 446
Connect to the switch and log in using green_ad2 from the user account adm1 switch:admin> userconfig --deletead adm1 -a to the switch and log in using an account with admin permissions. 2. Switch to the AD255 following example activates Admin Domain AD_B5. switch:AD255:admin> ad --activate AD_B5 You - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 447
switch and log in cfgdisable 3. Switch to the switch switch:AD255:admin> Adding members to an existing Admin Domain 1. Connect to the switch and log in using an account with admin permissions. 2. Switch switch port members and the -s option to specify switch list of switch WWNs or - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 448
and log in using an account with admin permissions. 2. Switch to the AD255 context, if you are not already in that context. ad --select 255 3. Enter the ad --rename command with the present name and the new name. ad --rename present_name new_name 448 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 449
Admin Domain Eng_AD to Eng_AD2 switch:AD255:admin> ad --rename to the switch and log in using an account with admin permissions. 2. Switch to the nonvolatile memory, enter cfgsave. 4. Switch to the AD255 context. ad . Example of deleting Admin Domain AD_B3 switch:AD255:admin> ad --delete AD_B3 You - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 450
fabric resources (switches, ports, and instructions. 2. Connect to the switch and log in using an account with admin permissions. 3. Switch definitions to the fabric. Example switch:AD255:admin> ad --clear no, n): [no] y switch:AD255:admin> Deleting all user 1. Connect to the switch and log in using - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 451
cfgadd "cfgName", "member[;member]" 5. Enable the configuration to complete the transaction. cfgenable cfgName 6. Switch to the AD255 context. ad --select 255 7. Explicitly add devices that are present in the device WWN2 is in both AD0 and AD1. Fabric OS Administrator's Guide 451 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 452
:02:00:00:00 Zone CFG Info for AD_ID: 1 (AD Name: AD1, State: Active) : Defined configuration: cfg: AD1_cfg AD1_BlueZone zone: AD1_BlueZone 452 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 453
about to enforce the saved AD configuration. This action will trigger AD apply to all switches in the fabric Do you want to apply all admin domains (yes, y, no, . This action will trigger AD apply to all switches in the fabric Do you want to apply all admin domains (yes, y, no, n): [ - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 454
switch switches and their devices. 1. Connect to the switch and log in using an account with admin permissions. 2. Switch transaction buffer switch:AD255:admin> Name: ad2 State: Active Switch port members: 1,1; 1,3; looks like a virtual switch or fabric to a Any devices and switch ports that are not - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 455
to the switch and log in. 2. Enter the ad --exec command, specifying the Admin Domain and the command you want to execute. ad --exec ad_id "command" Example of executing the switchShow command in the AD7 context switch:AD255:admin> ad --exec 7 "switchshow" Fabric OS Administrator's Guide 455 53 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 456
and switch list members are categorized into implicit and explicit member lists. 1. Connect to the switch and AD1 switch:AD1:admin :be:99:01; Switching to a different Admin Domain context You can switch between different Admin Domain fails. 1. Connect to the switch and log in as any user type. - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 457
switching to a different Admin Domain context The following example switches switch:admin> ad --select 12 switch:AD12:admin> logout switch switches. A user logged in to a switch can control only the local switch switch switch is part of the current Admin Domain. FC-FC Routing Service To support legacy - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 458
hosts. Virtual Fabrics Virtual Fabrics and Admin Domains are mutually exclusive and are not supported at the same time on a switch. To use Admin Domains, you must first disable Virtual Fabrics; to use Virtual are present in that Admin Domain. 458 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 459
no zone database linked to the physical fabric (AD255) and no support for zone database updates. In the physical fabric context (AD255), Admin Domain. Refer to "Validating a zone" on page 323 for instructions on using the zone --validate command. NOTE AD zone databases do not Guide 459 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 460
Domains. Device discovery problems might occur if LSAN whether the switch is a member switch is a member of the Admin Domain, all switch Switch headers Switch configuration switch membership No No Yes3 No Yes Without switch switch is a member of the current Admin Domain. 460 Fabric - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 461
II This section describes optionally licensed Brocade Fabric OS features and includes the following chapters: • Chapter 18, "Administering Licensing" • Chapter 19, "Inter-chassis Links" • Chapter 20, "Monitoring Fabric Performance" • Chapter 21, "Optimizing Fabric Behavior" • Chapter 22, "Managing - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 462
462 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 463
In this chapter •Licensing overview 463 •Brocade 7800 Upgrade license 470 •ICL licensing downgrade Fabric OS. Fabric OS includes basic switch and fabric support software, and support for optionally licensed software that is enabled a switch. Fabric OS Administrator's Guide 463 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 464
Brocade 6510 or 6520 switch. • Enables full hardware capabilities on the Brocade 7800 base switch, increasing the number of Fibre Channel ports from four to sixteen and the number of GbE ports from two to six. • Supports The Brocade 6520 does tunnel and failover resiliency. - Support for up to 4 of - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 465
on those products that support Access Gateway deployment. Brocade Ports on Demand Allows you to instantly scale the fabric by provisioning additional ports using license key upgrades. NOTE: Applies to the Brocade 300, 5100, 5300, 6505, 6510, 6520, and VA-40FC switches. DataFort Compatibility - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 466
Enables host-control of switches in mainframe environments. (Also known as Control Unit Port or "CUP") High Performance Extension over FCIP/FC Includes the IPsec capabilities. (formerly known as "FC-IP Services") ICL 8-Link Activates all eight links on ICL ports on a Brocade DCX-4S chassis or - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 467
(Continued) Description Integrated Routing • Allows any ports in Brocade 5100, 5300, 6510, 6520, and VA-40FC switches, the Brocade Encryption Switch, or the Brocade DCX, DCX-4S, and DCX 8510 family platforms to be configured as an EX_Port supporting FC-FC routing. • Eliminates the need to use - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 468
FICON XRC • High Performance Extension over FCIP/FC or Advanced FICON Acceleration license on Brocade 7800 Local switch. Local and attached switches. Local and attached switches. No license required. N/A No license required. N/A NOTE: The firmwareDownload command is provided automatically with - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 469
8 FC ports are allowed. Local switch. Local switch. QoS Adaptive Networking with QoS Local switch and attached switches. (Brocade 6520 does not require this license.) QoS policies all included. SNMP No license required. N/A Fabric OS Administrator's Guide 469 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 470
10Gb FC ports on FC16-32 blades, FC16-48 blades, and the Brocade 6510 and 6520, as well as to support the 10Gb Ethernet ports on FX8-24 blades. (See the Ports feature above for more information.) Local switch SSH public key No license required. N/A TACACS+ No license required. N/A Top - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 471
between a Brocade DCX 8510-8 and a DCX 8510-4, as the latter supports half the Brocade DCX 8510-8 platform must have the ICL 2nd POD license installed to enable the full number of ICL connections possible. This license is available for the Brocade DCX 8510-8 only. Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 472
a Brocade DCX and a DCX-4S, as the latter cannot support more than eight links on an ICL port. This license is available on the Brocade DCX- ICLs depends only on the physical chassis and not on the logical switches. • If the maximum number of ICL-connected chassis exceeds the Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 473
of supported Brocade 300, 5100, 5300, and VA-40FC switches and the 8 Gbps embedded switches; this license does not apply to the Brocade 6505, 6510, or 6520 switch is rebooted. The switch ports return to their pre-licensed state maximum speed of 4 Gbps. Fabric OS Administrator's Guide 473 53- - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 474
Brocade DCX and DCX 8510 Backbone families to support the FX8-24 blade, and on the Brocade DCX 8510 Backbone family to support Gbps FC feature on a Brocade 6510 or 6520 switch as a chassis-based license. or manually assigned, the assignment will remain until you manually reassign Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 475
access on the 16 Gbps FC ports on Brocade 6510 or 6520 switches, and FC16-32 and FC16-48 port blades manually, as for any slot-based license. Automatic assignment is done sequentially by slot number, beginning with the lowest numbered slot with an enabled blade that supports Guide 475 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 476
licensed and configured to operate at 10 Gbps on a Brocade 6510 or 6520 switch or 16 Gbps FC port blade cannot interoperate with 10 the combination speed for the first port octet to a setting that supports 10 Gbps operations. Valid settings for 10 Gbps operations include: • Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 477
a Brocade 6510 switch and enables 10 Gbps operation on port 2. 6510-switch:admin> licenseadd aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 6510-switch:admin> > licenseadd aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 8510-4switch:admin> licenseshow Fabric OS Administrator's Guide 477 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 478
on a per-switch basis. • A universal temporary license can be installed on a switch, but can be applied to multiple switches. The following licenses based) • Adaptive Networking with QoS license (not required for Brocade 6520) • Advanced Performance Monitoring license • Enterprise ICL license • - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 479
Date change restriction Once the temporary license is installed, you cannot change the time of the switch until the temporary license is removed. To change the time, you must remove the license, , consumed capacities, and temporary licenses. Fabric OS Administrator's Guide 479 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 480
point it is expired. Because of this, universal temporary licenses should not be installed on a switch until you are ready to use or test the feature, so as not to unnecessarily consume a licensed feature can no longer be used on the switch. 480 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 481
instructions. Adding a licensed feature To enable a feature, go to the feature's appropriate section in this manual. Enabling a feature on a switch may be a separate task from adding the license. For the Brocade license keys) onto that standby CP. Fabric OS Administrator's Guide 481 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 482
license 2 Domain Fabric license Integrated Routing license Storage Application Services license FICON Tape license FICON XRC license Adaptive Networking is disabled when the switch is rebooted or when a switch disable and enable is performed. 482 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 483
80 licensed ports. A maximum of 80 ports is allowed. • Brocade 6505-Can be purchased with 12 or 24 licensed ports. A maximum of 24 ports is allowed. • Brocade 6510-Can be purchased with 24, 36, or 48 licensed ports. A maximum of 48 ports is allowed. • Brocade 6520-Can be purchased with 48, 72, or 96 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 484
5100 Brocade 5300 Brocade 5410 Brocade 5424 Brocade 5450 Brocade 5480 Brocade 6505 Brocade 6510 Brocade 6520 Brocade 8000 Brocade VA-40FC 0-7 0-23 0-47 0-11 1-8 and 17-20 1-10 and 19-22 1-8 and 17-20 0-11 0-23 0-47 24 GbE 0-23 0-15 0-23 0-31 0-39 0-63 0-79 N/A N/A POD1: 0, 9-16, and 21-23 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 485
or switch installation. The following platforms support Dynamic POD: • Switches: - Brocade 6505 - Brocade 6510 - Brocade 6520 • Embedded switch modules for bladed servers: - Brocade 5410 - Brocade 5424 - Brocade 5450 - Brocade 5460 - Brocade 5470 - Brocade 5480 Fabric OS Administrator's Guide 485 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 486
blade switches, If the switch detects more manually assigned POD licenses switch:admin> licenseport --show 24 ports are available in this switch switch: 12 port assignments are provisioned by the base switch 15, 16, 21, 22, 23 Enabling Dynamic Ports on Demand If the switch is in the static switch switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 487
switch license 0 ports are assigned to the full POD license Ports assigned to the base switch license: 1, 2, 5, 6, 8*, 21, switch license 12 ports are assigned to the full POD license Ports assigned to the base switch license: 1, 2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 488
0, 9, 10, 11, 12, 13, 14, 15, 16, 21, 22, 23 Reserving a port license You can allocate licenses by port. switch:admin> licenseport -reserve 0 • If all port reservations are assigned, select a port to release its POD license. Follow the instructions in " OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 489
until it is manually removed from the switch license 0 ports are assigned to the full POD license Ports assigned to the base switch license: 1*, 2*, 3*, 4*, 5*, 6*, 8*, 21 switch back online. 7. Enter the switchShow command to verify the switch state is now online. Fabric OS Administrator's Guide 489 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 490
18 Ports on Demand 490 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 491
Brocade DCX 8510 Backbone family supports optical ICL QSFPs. • The Brocade DCX Backbone family supports proprietary copper ICL connectors. When two Brocade Backbones are interconnected by ICLs, each chassis requires a unique domain and is managed as a separate switch commands on the switch for the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 492
. Refer to the specific hardware reference manuals for additional information about LED status meanings and ICL connections, including instructions on how to cable ICLs. ICLs for the Brocade DCX 8510 Backbone family Each ICL connects the core blades of two Brocade DCX 8510 chassis and provides up to - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 493
switch are not supported. This is a topology restriction with 16 Gbps ICLs and any ISLs that are E_Ports or VE_Ports. ICL trunking on the Brocade manuals for information about port numbering and connecting the ICL cables. ICLs for the Brocade DCX Backbone family The Brocade Guide 493 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 494
XISLs. The "Allow XISL Use" attribute for the switch must be off. • All of the user ports in an ICL cable must be in the same logical switch. Distributing the user ports within the same cable across multiple logical switches is not supported. 494 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 495
form is the full nine-mesh topology shown in Figure 62. This topology is supported by DCX 8510-8 Backbones only. (You can use DCX 8510-4 Backbones for a five-mesh topology.) FIGURE 61 ICL triangular topology with Brocade DCX 8510-8 chassis Fabric OS Administrator's Guide 495 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 496
19 Supported topologies for ICL connections FIGURE 62 Full nine-mesh topology During of the ISL path being lesser or greater than the ICL path between the two switches. Core-edge topology You can also connect the Brocade DCX 8510 Backbones in a core-edge topology. For example, Figure 63 shows six - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 497
Supported topologies for ICL connections 19 FIGURE 63 64 Gbps ICL core-edge topology Fabric OS Administrator's Guide 497 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 498
19 Supported topologies for ICL connections 498 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 499
Web Tools and Brocade Network Advisor. Refer to the Web Tools Administrator's Guide and Brocade Network Advisor User Manual for information about this chapter use the slot/port syntax required by Backbones. For fixed-port switches, use only the port number where needed in the commands. Types of - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 500
Maximum number of logical switches supported Maximum number of logical switches on which monitors are supported Brocade DCX 8 4 Brocade DCX-4S Brocade 8510 family Brocade 6510 4 4 Brocade 6520 4 4 Brocade 5100 3 3 Brocade VA-40FC Brocade 5300 4 3 Each logical switch can have its - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 501
supported on these switches. EE monitors must be installed on F_Ports. Frame monitors can be installed on F_Ports or N_Ports. Refer to the Access Gateway Administrator's Guide to-end monitors supported varies depending on the switch model: • The Brocade DCX 8510, 6505, 6510, and 6520 models allow up - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 502
on the switch model, on E_Ports. The following platforms support EE monitors on E_Ports: • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade DCX 8510 monitor to the F_Port, as follows: switch:admin> perfaddeemonitor 2/2 "0x011200" "0x021e00" 502 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 503
to the F_Port as follows: switch:admin> perfaddeemonitor 2/14 "0x021e00 switch:admin> perfaddeemonitor 2/3 "0x021e00" "0x011200" For Monitor 3: switch supported only on the Brocade 8000 and the Brocade Encryption Switch. 1. Connect to the switch the following example: switch:admin> perfsetporteemask - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 504
to-end monitors Deleting EE monitors 1. Connect to the switch and log in using an account with admin permissions. and deletes monitor number 2 on port 0: switch:admin> perfmonitorshow --class EE 0 There are .7.179 switch:admin> 1. Connect to the switch and log in using an account with - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 505
4.5m 53m 4.5m 53m 4.5m 53m 4.5m 53m 0 Example of displaying EE monitors on a port switch:admin> perfMonitorShow --class EE 4/5 There are 7 end-to-end monitor(s) defined on port 53. KEY command description in the Fabric OS Command Reference. Fabric OS Administrator's Guide 505 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 506
Watch Administrator's Guide for more information Brocade 300, 5300, 5410, 5424, 5450, 8 131 5460, 5470, 5480, and 7800 Brocade 5100, 6505, 6510, 6520, 8000, 12 252 VA-40FC, DCX, DCX-4S, DCX 8510, and Brocade Encryption Switch 1. For switches supported on logical ISLs (LISLs), but are supported - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 507
the custom values, use the thconfig --apply command. Refer to the Fabric Watch Administrator's Guide for more information about using this command. Example of creating a user-defined frame type switch:admin> fmmonitor --create myframemonitor -pat "17,0xFF,0x07;7,0x4F,0x01;" -action email Example of - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 508
to the switch and log in switch:admin> fmmonitor --addmonitor SCSI -port 3-12 Removing frame monitors from a port 1. Connect to the switch switch switch switch:admin> fmmonitor --addmonitor SCSI -port 3-12 -nosave switch:admin> fmmonitor --save SCSI Displaying frame monitors 1. Connect to the switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 509
5, every 5 seconds. switch:admin> fmmonitor --show scsi -port 5 -timeinterval 5 Port|Count | 2011-03-21 00:59:50 000005| 48.3k 2011-03-21 00:59:55 000005| monitor from ports 7 through 10. switch:admin> fmmonitor --clear ABTS -port 7-10 Fabric OS Administrator's Guide 509 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 510
them with certain Quality of Service (QoS) attributes so they get proper priority. Refer to Chapter 21, "Optimizing Fabric Behavior," switch model, on E_Ports. The following platforms support Top Talker monitors on E_Ports: - Brocade 6505 - Brocade 6510 - Brocade 6520 - Brocade Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 511
on a platform that is configured to be an FC router. Top Talker monitors and FC routers are concurrently supported on the following platforms: • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade DCX 8510 Backbone family, with the following blades only: FC16-32, FC16-48. On all other platforms - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 512
port. • Top Talker monitors can monitor only 10,000 flows at a time. • Top Talker monitors are not supported on VE_Ports, EX_Ports, and VEX_Ports. • The maximum number of all port mode Top Talker monitors on an ASIC is egress port, but not both. 512 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 513
switch all switches in to the switch and log switch switches, the command succeeds; however, on the remote switches, fabric mode fails and a raslog message is displayed on those switches. If a new switch switch. Displaying the top n bandwidth-using flows on a port (port mode) 1. Connect to the switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 514
6.872 Displaying top talking flows for a given domain ID (fabric mode) 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfTTmon --show dom command. on slot 2, port 4 on a Backbone: perfttmon --delete 2/4 514 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 515
switch supported for ISLs only on the Brocade 6505, 6510, 6520 support 12 frame monitors for trunks, except for the Brocade 300, which supports 8 frame monitors for trunks. • For the Brocade 8000, trunk monitoring is supported switch switch exceeds 512. If the total number of monitors per port or switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 516
use the perfCfgSave command. switch:admin> perfcfgsave This will switch is rebooted. Using the Brocade Network Advisor Enterprise Edition, you can store performance data persistently. For details on this feature, refer to the Brocade Network Advisor User Manual. 516 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 517
Chapter Optimizing Fabric Behavior 21 In this chapter •Adaptive Networking overview 517 •Ingress Rate Limiting 518 •QoS: SID/DID traffic a license. See Chapter 12, "Traffic Isolation Zoning," for more information about this feature. Fabric OS Administrator's Guide 517 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 518
switch port. Ingress Rate Limiting requires an Adaptive Networking license. See "Ingress Rate Limiting" on page 518 for more information about this feature. • Quality of Service more information about this feature. NOTE The Brocade 6520 does not require licenses for the Ingress Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 519
prioritization 21 Virtual Fabrics considerations If Virtual Fabrics is enabled, the rate limit configuration on a port is on a per-logical switch basis. having a high, medium, or low priority. Fabric OS supports two types of prioritization: • Class Specific Control (CS_CTL Guide 519 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 520
21 Networking license. Must be manually enabled after you install switch that is in the path between a configured device pair. NOTE The Brocade 6520 long-distance E_Ports, you must manually enable QoS zone-based traffic the Adaptive Networking license you must manually disable QoS on the 8-Gbps - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 521
21 CS_CTL selected end devices (storage or hosts) and then honored by the switch, which assigns the frame, based on the value in the Supported configurations for CS_CTL-based frame prioritization • CS_CTL-based frame prioritization is supported on all 8-Gbps and 16-Gbps platforms. • All switches - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 522
21 CS_CTL-based frame prioritization NOTE If a switch is running a firmware version earlier than Fabric OS v6.0.0, the outgoing frames from that switch lose their (yes, y, no, n): [no] y CSCTL QoS Mode (0 = default; 1 = auto mode): (0..1) [1] 522 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 523
prioritization 21 Set In either case, ensure that the switch port connected to the initiator host and the switch port connected to the target host have is automatically enabled on all ports for which you have not manually disabled QoS, as the ports in the trunk group are Guide 523 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 524
Connect to the switch and log in using an account with admin permissions. 2. Display the ISL information by using the following command: islshow 3. Identify E_Ports on which QoS should be manually disabled. In the B5300 sp: 8.000G bw: 16.000G TRUNK 524 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 525
21 QoS zones switch:admin> portcfgshow (output truncated) Ports of Slot 0 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Speed AN AN AN For example, the following are valid QoS zone names: QOSH3_HighPriorityTraffic QOSL1_LowPriorityZone Fabric OS Administrator's Guide 525 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 526
21 QoS zones The switch automatically sets the priority for the "host,target" pairs specified in the zones according to the priority level (H or L) in the by QoS priorities. For example, in Figure 69 QoS should be enabled on the encircled E_Ports. 526 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 527
21 QoS zones NOTE By Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. To establish QoS over FC routers, you must do the following: • page 532 for detailed instructions. Fabric OS Administrator's Guide 527 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 528
supported on all platforms. - Backbone-to-edge fabric configuration: supported on 16-Gbps-capable platforms only (Brocade 6510, 6520, and Brocade routers is supported on both EX_Ports and VEX_Ports. • The EX_Ports (or VEX_Ports) in the path between the QoS devices must be on switches running Fabric - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 529
switch Domain 9 17 Chassis 2 Supported switches must be running Fabric OS v6.0.0 or later and must be one of the following platforms: Brocade 300, 4100, 4900, 5000, 5100, 5300, 5410, 5424, 5450, 5480, 6510, 6520, 7500, 7500E, 7600, 7800, 8000, VA-40FC, 48000, Brocade Guide 529 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 530
OS Encryption Administrator's Guide for information about redirection zones. • Traffic prioritization is not supported in McDATA Fabric Mode with QoS disabled. Setting QoS zone-based traffic prioritization 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 531
-based traffic prioritization 21 The portCfgQos command enabled. Until the Effective configuration is re-enabled, merging new switches into the fabric is not recommended and may cause unpredictable results ... sw0:admin> portcfgqos --enable 3 Fabric OS Administrator's Guide 531 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 532
Connect to the switch in the edge fabric and log in using an account with admin permissions. 2. Create QoS zones in the edge fabric. The QoS zones must have WWN members only, and not D,I members. See "Setting QoS zone-based traffic prioritization" on page 530 for instructions. 3. Create LSAN zones - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 533
Supported configurations for trunking 535 •Supported platforms for trunking 536 •Requirements for trunk groups 536 •Recommendations for trunk groups 537 •Configuring trunk groups 538 •Enabling trunking on a port or switch and must be installed on each switch that participates in trunking. For - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 534
switch). For more information, see "Configuring F_Port trunking for a Brocade adapter" on page 545, the Access Gateway Administrator's Guide, and the Brocade Adapters Administrators Guide and then come back online. Masterless trunking is supported for most platforms and trunking types: • All F_Port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 535
the hardware reference manual for your switch for information about which ports can be used in the same port group for trunking. FIGURE 71 Trunk group configuration for the Brocade 5100 Supported configurations for trunking front of the product. Fabric OS Administrator's Guide 535 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 536
performed according to the Quality of Service (QoS) configuration on the Brocade switches (or Brocade adapters, in the case of F_Port trunking). Brocade trunking is proprietary and is not supported on M-EOS or third-party switches. • There must be a direct connection between participating switches - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 537
group to form. • Determine the optimal number of trunk groups between each set of linked switches, depending on traffic patterns and port availability. The goal is to avoid traffic congestion without failures do not disrupt business operations. Fabric OS Administrator's Guide 537 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 538
F_Port trunking for a Brocade adapter" on page 545 for information. Enabling trunking on a port or switch You can enable trunking for a single port or for an entire switch. Because trunking is to remove the TA before disabling trunking. 538 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 539
in a switch. Use the portPerfShow command to monitor problem areas where there are congested paths or dropped links, to determine whether you need to adjust the fabric design by adding, removing, or reconfiguring ISLs and trunking groups. For additional information on using the Brocade - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 540
setting it to autonegotiate. In addition to the criteria listed in "Supported configurations for trunking" on page 535, observe the following criteria for trunking over extended fabrics: • It is supported only on switches running Fabric OS v6.1.0 and later. • Extended Fabrics and Trunking licenses - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 541
8-port trunks) LD 200 km 4 (one 2-port trunk per switch) 0 LD 250 km 4 (one 2-port trunk per switch) 0 LD 500 km 0 0 LS Static See note below NOTE The L0 mode supports up to 5 km at 2 Gbps, up to 2 km about EX_Ports and the FC router. Fabric OS Administrator's Guide 541 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 542
and all previously supported Brocade switches in the backbone fabric or Brocade edge fabric. Configuring EX_Port trunking With EX_Port trunking, you use the same CLI commands as you do for E_Port trunking. See "Configuring trunk groups" on page 538 for instructions. Displaying EX_Port trunking - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 543
id = 2 )(Trunk master) 19 2 3 ee1300 id N4 No_Light 20 2 4 ee1400 id N4 Online EX_Port 21 2 5 ee1500 id N4 Online EX_Port 22 2 6 ee1600 id N4 Online EX_Port 23 2 7 ee1700 id N4 on the switch. See the Access Gateway Administrator's Guide and the Brocade Adapters Administrator's Guide for information - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 544
73 Switch in Access Gateway mode with F_Port masterless trunking NOTE You do not need to map the host to the master port manually, because the Access Gateway will perform a cold failover to the master port. See "Configuring F_Port trunking for an Access Gateway" on page 544 for instructions on - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 545
HBAs. This section describes the configuration steps you do on the switch. See the Brocade Adapters Administrator's Guide for a detailed description and requirements of N_Port trunking on the adapters. 1. On the switch side, perform the following steps: a. Configure both ports for trunking by - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 546
3/41. 2. On the host side, enable trunking as described in the Brocade Adapters Administrator's Guide. 3. On the switch side, enable the ports by using the portEnable command. switch:admin> portenable 3/40 switch:admin> portenable 3/41 F_Port trunking considerations Table 80 describes the F_Port - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 547
supported on F_Port trunk ports. However, FICON can still run on ports that are not F_Port trunked within the same switch Area is present on the switch, the CP blades will mirroring is not supported on the Brocade Encryption Switch. Port Swap 548. QoS Supported. Routing Routing will route - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 548
for assigning to NPIV/Loop ports to support 112 (448/4) NPIV/Loop ports in a logical switch with 256 devices each. The following are 21:c2: 00:05:1e:39:fa:f3. • F_Port trunks are not allowed on the base switch, because you cannot have F_Ports on the base switch. 548 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 549
39 F-port Slave 36 37 39 • Enter the porttrunkarea --show trunk command to display the trunking information. switch:admin> porttrunkarea --show trunk Trunk Index 37: 39->0 sp: 8.000G bw: 16.000G deskew 15 MASTER are specified to be unassigned. Fabric OS Administrator's Guide 549 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 550
22 Enabling the DCC policy on a trunk area switch:admin> portdisable 0-2 switch:admin> porttrunkarea --disable 0-2 Trunk index 2 disabled a DCC security policy violation. You can configure authentication on all Brocade trunking configurations. For more information on authentication, see Chapter 7, - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 551
switch handles local interconnectivity and multiplexes traffic across long-distance dark fiber or wave division multiplexing (WDM) links, while the Brocade Extended Fabrics software enables SAN management over long distances. Brocade . Fabric OS Administrator's Guide 551 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 552
Note the limitations regarding the following platforms: • Brocade 8000 FCoE switch Extended Fabrics is not supported on this platform. • FC8-64 port blade Brocade recommends that you do not use the FC8- Gbps - 80 buffer credits per port at 16 Gbps 552 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 553
Managing Trunking Connections". • Only qualified Brocade SFPs are used. Only Brocade-branded or certain Brocade-qualified SFPs are supported. 1. Connect to the switch and log in using an account set to 1. 5. Enter the portCfgLongDistance command. Fabric OS Administrator's Guide 553 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 554
example configures slot 1, port 2 to support a 100-km link in LS mode and an 8-Gbps platform. switch:admin> portcfgfillword 1/2 3 switch:admin> portcfglongdistance 1/2 LS on port speed. switch:admin> portshow 1/2 portName devices and your Brocade switch has QoS and buffer credit recovery enabled - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 555
to perform a link reset. switch:admin> portcfgcreditrecovery --disable [slot/]port 4. Configure the port to support long-distance links. switch:admin> portcfglongdistance [slot/]port,LS , each side may have a different number of buffer credits. Fabric OS Administrator's Guide 555 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 556
buffer credits are used by Class 2 and Class 3 services and rely on the Fibre Channel Receiver-Ready (R_RDY) at the other end. As the distance between switches and the link speed increases, additional buffer credits available to a group of ports on a switch. The buffer credit can be changed for specific - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 557
follow for calculating how many ports can be configured for long distance on all Fabric OS v7.x-capable switch modules: • Each port is part of a port group that includes a pool of buffer credits . Table 82 describes Fibre Channel data frames. Fabric OS Administrator's Guide 557 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 558
Table 84 on page 564 to get the total ports in a switch or blade, the number of user ports in a port group, The values reflect an estimate, and may differ from the supported values in Table 84. Calculating the number of buffers required 6 + 14 558 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 559
(50 km * 16 Gbps / 2) + 6 = 406 buffers Example Consider the Brocade 300, which has a single 24-port port group and a total of 676 buffer distance supported: Maximum Distance X (in km) = (BufferCredits + 6) * 2 / LinkSpeed 498 km = (492 + 6 buffers for Fabric Services) * Guide 559 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 560
a distance of 50 km at 1 Gbps, then 484 / (31 - 8) = 21 ports Allocating buffer credits based on average-size frames In cases where the frame size is of the distance. If buffer credit recovery is enabled, Fabric OS supports a BB_SC_N range of 1 to 15; therefore, it is impossible Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 561
size of 2048. The -frameSize option value is persistent across reboots and HA failover. Example switch:admin> portcfglongdistance 2/35 LS 1 -distance 100 -framesize 1024 Calculating the number of buffers when using the portCfgLongDistance command. Fabric OS Administrator's Guide 561 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 562
to the switch and log size of 512 bytes. switch:admin> portbuffercalc 9/4 - switch and log in using an account assigned to the admin role. 2. Enter the portCfgFPortBuffers command. switch option switch:admin> feature does not support EX_Port, Port port. 1. Connect to the switch and log in using an - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 563
buffer credits per port group Switch/blade model Total FC ports (per switch/blade) User port group size 6505 24 24 7952 6510 48 48 7760 6520 96 48 4256 7800 16 16 408 8000 *** Extended Fabrics is not supported on this switch *** VA-40FC 40 40 1692 Brocade Encryption Switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 564
243 121.5 N/A N/A 6505 7426 3713 1856 1485 928 6510 6754 3377 1688 1350 844 6520 4064 2032 1016 812 508 7800 410 205 102 N/A N/A 8000 *** Extended Fabrics is not supported on this switch *** VA-40FC 1694 847 423 N/A N/A Brocade Encryption Switch 1392 696 348 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 565
that QoS is enabled. If QoS is disabled the maximum supported distances are higher, because QoS requires an additional 20 buffer maximum distance of the switch at speed X by n. For example, for three ports running at 2 Gbps on a Brocade 300 switch, the maximum equally Guide 565 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 566
or EX_Port buffer credit recovery mechanism is supported. For 16-Gbps FC devices and blades (Brocade 6505, 6510, 6520, CR16-4, CR16-8, FC8-32E, recovery for F_Ports is supported for F_Port-to-N_Port links between a Brocade switch and Access Gateway, between a Brocade switch and an adapter, and - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 567
Brocade switch or Access Gateway must run Fabric OS v7.1 or later. • Fabric OS must support support 16 Gbps and 8 Gbps. Buffer credit recovery over an EX_Port Buffer credit recovery is supported is not supported for EX_Ports when and blades that support 16 Gbps and the switch switch the switch and log - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 568
switch:admin> portcfgcreditrecovery 1/20 -enable Forward error correction on long-distance links Forward error correction (FEC) on user ports is supported Connect to the switch and log in . Example switch:admin> speed. switch:admin> to the switch and log . Example switch:admin> . switch:admin - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 569
problems, such as change management, network management, scalability, reliability, availability, and serviceability, supports connectivity between the following types of fabrics: • Fabric OS and Fabric OS • Fabric OS and Brocade Network OS • Fabric OS and M-EOS Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 570
Blade • Brocade 5100 switch • Brocade 5300 switch • Brocade 6510 switch • Brocade 6520 switch • Brocade VA-40FC switch • Brocade 7800 Extension Switch • Brocade Encryption Switch For the Brocade Backbone families, the following restrictions apply: • EX_Ports and VEX_Ports are supported only on - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 571
platforms for FC-FC routing" on page 570 support FC-FC routing to a Brocade Network OS fabric, except for the Brocade Encryption Switch. • VEX_Ports do not support Network OS connectivity. • FCoE devices connected to a Brocade 8000 switch or FCOE10-24 blade cannot communicate with FCoE devices - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 572
: • Fibre Channel router (FC router) A switch running the FC-FC routing service. Refer to "Supported platforms for FC-FC routing" on page 570 for a Brocade DCX with inter-fabric links. Host Edge fabric 1 E_Port Target Edge fabric 2 E_Port Target Edge fabric 3 E_Port Fibre Channel switch IFL IFL - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 573
is assigned a valid port ID. The port ID is relevant only on the fabric in which the proxy device has been created. Fabric OS Administrator's Guide 573 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 574
shows a metaSAN consisting of a host in Edge SAN 1 connected to storage in Edge SAN 2 through a backbone fabric connecting two FC routers. 574 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 575
to which they are attached and, correspondingly, imported into the edge SAN reached through Fibre Channel routing. Figure 77 illustrates this concept. Fabric OS Administrator's Guide 575 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 576
to contact the shared physical devices in the edge. The FC-FC routing service receives the frames from the backbone switches destined to the proxy devices, and redirects the frames to the actual physical " on page 590 for more information. 576 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 577
Fabric 4 because there are no LSAN devices in Fabric 4. • Target 1', Target 2', and Target 3' are proxy devices for Target 1, Target 2, and Target 3, respectively. Fabric OS Administrator's Guide 577 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 578
edge fabric use the same xlate domain ID for an imported edge fabric; this value persists across switch reboots and fabric reconfigurations. If you lose connectivity to the edge fabric because of link failures for more details about this command. 578 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 579
del stalexd 12 2 Xlate domain 2 is deleted FCR authentication A Brocade Fabric OS router (FCR) is capable of forming a secure link Router while the Active or On policy is required on the edge switch. Setting up FC-FC routing To set up FC-FC routing, Administrator's Guide 579 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 580
details about configuration options for Brocade Backbones. Verifying the setup FC router. 1. Log in to the switch or Backbone as admin and enter the version switch:admin> version Kernel: 2.6.14.2 Fabric OS: v7.0.1 Made on: Fri Nov 18 01:15:34 2011 Flash: Mon Nov 21 installed. switch:admin> - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 581
instructions. FC-FC routing and fabric mode Top Talker monitors are not concurrently supported on 8-Gbps platforms. FC-FC routing and fabric mode Top Talker monitors are concurrently supported only on the Brocade 6510 and 6520 switches, and on the Brocade OS Administrator's Guide 581 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 582
7. Enter the switchEnable command. Example switch:admin> switchdisable switch:admin> fosconfig --disable fcr FC Router service is disabled switch:admin> fcrconfigure FC Router parameter set and does not apply to Brocade Network OS or M-EOS fabrics. 582 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 583
to the Fibre Channel over IP Administrator's Guide for instructions on how to configure FCIP tunnels. Inter-fabric switch:admin> portcfgexport 7/10 -a 1 -f 30 switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT OK Pid format: Not Applicable Operate mode: Brocade - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 584
Enter the portCfgShow command to view ports that are persistently disabled. FC ports on the Brocade 7800 switches and FX8-24 blades are configured as persistently disabled by default, to avoid inadvertent fabric Mirror Port ON FC Fastwrite ON 584 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 585
is configured correctly. switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT OK Pid format: Not Applicable Operate mode: Brocade Native Edge Fabric ID Authentication Type: None Hash Algorithm: N/A DH Group: N/A Fabric OS Administrator's Guide 585 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 586
command displays the static IPv6 addresses for each FC router and each edge fabric switch connected to the EX_Ports. switch:admin> fcrfabricshow FCR WWN: 10:00:00:05:1e:13:59:00, 64 "fcr_5300" EX_Port FID Neighbor Switch Info (WWN, enet IP, name) 586 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 587
Info: 10.32.156.50, "fcr_Brocade 5300" EX_Port FID Neighbor Switch Info (WWN, enet IP, name 4 95 10:00:00:05:1e:37:00:45 10.32.156.31 "Brocade 5300" 5 95 10:00:00:05:1e:37:00:45 10 lsDbShow command from the edge fabric to display these link costs. Fabric OS Administrator's Guide 587 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 588
EX_Port or VEX_Port mode with the portCfgEXPort or portCfgVEXPort command. switch:admin> portcfgexport 7/10 -a 1 3. Enter the fcrRouterPortCost command to display the router port cost for each EX_Port. switch:admin> fcrrouterportcost Port Cost 588 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 589
in step 1. switch:admin> portenable 7/10 EX_Port frame trunking configuration You can configure EX_Ports to use frame-based trunking just as you do regular E_Ports. EX_Port frame trunking support is designed router port cost of the master port. Fabric OS Administrator's Guide 589 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 590
switch management interfaces. You can define and manage LSANs using Brocade Advanced Zoning. NOTE For performance reasons, Brocade zones and both devices are online, FCR triggers a device import. To support legacy applications, WWNs are reported based on the Admin Domain context. Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 591
zone status of a device, the port WWN, and the node WWN; the port WWN must be used for LSANs. switch:admin> nsshow { Type Pid COS PortName NodeName TTL(sec) N 060f00; 2,3; 10:00:00:00:c9:2b:c9: LSAN: Yes The Local Name Server has 1 entry } Fabric OS Administrator's Guide 591 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 592
switch: switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric75" switch :61:00:49:20:b4). switch:admin> nsshow { Type Pid Target A, and Target B. switch:admin> zonecreate "lsan_zone_fabric2", " zones are correct. switch:admin> cfgshow Defined switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric2" switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 593
62:ed 0100e8 Total devices displayed: 3 • fcrProxyDevShow shows the proxy devices in the LSAN. switch:admin> fcrproxydevshow Proxy WWN Proxy Device Physical State Created PID Exists PID in Fabric in Fabric 75 the backbone fabric. Fabric OS Administrator's Guide 593 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 594
to 3000. You can increase the maximum LSAN count to 5000 without disabling the switch. The maximum number of LSAN devices supported is 10,000 (this includes both physical and proxy devices). If you have 3000 LSAN zone to be treated differently. 594 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 595
to be imported or exported faster than other LSANs. The LSAN tags are persistently saved and support configupload and configdownload. Enforce tag The Enforce tag reduces the resources used in an FC ". 2. In Edge fabric 2, configure two LSANs: Fabric OS Administrator's Guide 595 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 596
configure the tags on the FC router, and not on the edge switches. If Virtual Fabrics is enabled, you configure the tags on the base switch on which the EX_Ports and VEX_Ports are located. You then must ensure to trigger the fast import process. 596 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 597
tags (Enforce and Speed) on an FC router is eight. • Up to 500 Speed LSAN tags are supported. Configuring an Enforce LSAN tag 1. Log in to the FC router as admin. 2. Enter the following LSAN zones. You must disable the switch before removing an Enforce LSAN tag. You do not need to disable the - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 598
tag. If you remove an Enforce LSAN tag, you must disable the switch first. Example of removing an Enforce LSAN tag sw0:admin> switchdisable sw0: LSAN zone binding is supported only on FC routers with Fabric OS v5.3.0 and later. The FC router matrix feature is supported only on FC Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 599
zone entries of the remote edge fabrics that can access its local edge fabrics. The LSAN zone limit supported in the backbone fabric is not limited by the capability of one FC router. In addition, due to and after LSAN zone binding is in effect. Fabric OS Administrator's Guide 599 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 600
metaSAN can import more than 10,000 devices and the backbone fabric can support more FC routers. • With LSAN zone binding, CPU consumption by an from this FC router to other FC routers. • You must manually configure the LSAN fabric matrix on these FC routers to match the Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 601
fabric matrix are used together to determine which fabrics can access each other, with the LSAN fabric matrix providing more specific binding. Fabric OS Administrator's Guide 601 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 602
:60:69:c3:12:b3 (unknown) FCR:Admin> fcrlsanmatrix --fabricview -lsan LSAN MATRIX is activated Fabric ID Fabric ID 4 5 4 7 10 19 602 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 603
parameters without user intervention. You can optionally configure these parameters manually. • To change the fabric parameters on a switch in the edge fabric, use the configure command. Note that such as ones using long-distance FCIP links). Fabric OS Administrator's Guide 603 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 604
from the FC router to the edge fabrics. NOTE Broadcast frame forwarding is not supported in an FCR fabric with a Brocade 8000. By default, broadcast frame forwarding is disabled on an FC router. If are described in the Fabric OS Message Reference. 604 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 605
command to display physical port (EX_Port) resources. switch:admin> fcrresourceshow Daemon Limits: Max Allowed Currently Used 11 | 6 34 12 | 6 34 13 | 6 34 14 | 6 34 15 | 6 34 16 | 8 34 17 | 8 34 18 | 8 34 19 | 8 34 Fabric OS Administrator's Guide 605 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 606
switch in the edge fabric allows XISL use, then the EX_Port or VEX_Port is disabled. Refer to "Configuring a logical switch to use XISLs" on page 299 for instructions however, this configuration is not supported. • Backbone-to-edge routing is not supported in the base switch. Refer to "Backbone-to- - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 607
24 • Although the Brocade 6510 and 6520 supports up to four logical switches, if you are using FC-FC routing, they can have a maximum of three logical switches. Logical switch configuration for FC with any of the devices in the other fabrics. Fabric OS Administrator's Guide 607 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 608
not supported in the base switch, unless you use a legacy FC router. A legacy FC router is an FC router configured on a Brocade 7500 switch. Base switches can device C, however, because the base switches do not support backbone-to-edge routing. 608 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 609
operations on the switch. Brocade recommends that you save your FC-FC routing configuration (using the configUpload command) before performing any downgrades. For further instructions on downgrading, refer to connect to 127 remote xlate domains. Fabric OS Administrator's Guide 609 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 610
range of output ports connected to xlate domains 1. Log in to a switch in the edge fabric. 2. Enter the lsDbShow command on the edge cost = 10000, costCnt = 0, type = 1 LinkId = 1, out port = 32, rem port = 2, cost = 10000, costCnt = 0, type = 1 610 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 611
the 24-bit port ID (PID) on any Brocade Backbone. Enter the switchShow command without parameters to show Use: OFF LS Attributes: [FID: 128, Base Switch: No, Default Switch: Yes, Address Mode 0] Index Slot Port QSFP Address -- 16G No_Module FC Fabric OS Administrator's Guide 611 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 612
Port Indexing 740 3 20 5 ------ -- 16G No_Module 741 3 21 5 ------ -- 16G No_Module 742 3 22 5 ------ -- 16G in slot 1 of a Brocade DCX 8510-8 Backbone. The Address column shows the PID. switch:FID128:admin> switchshow -slot 612 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 613
There are no shared areas on the Brocade DCX-4S. The following example switchShow output is from a Brocade DCX-4S. It shows the index depending on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 10 switchName: my8510-8 (output 's Guide 613 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 614
output for an FS8-18 encryption blade on the Brocade DCX 8510-8 Backbone. The assignment of port index numbers to PIDs depending on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 2 switchName: myswitch (output truncated Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 615
FIPS Support Appendix B In this appendix •FIPS overview 615 •Zeroization functions 615 •FIPS mode configuration 617 •Preparing a switch for FIPS 621 FIPS overview Federal information removes all FCAP certificates and FCAP private keys. Fabric OS Administrator's Guide 615 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 616
secCertUtil genkey command creates the keys. Only RSA keys of size 1024 or 2048 are allowed. Automatically zeroized on session termination. 616 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 617
return the switch to your switch service provider. For information about how to prepare a service provider case, refer to the Fabric OS Troubleshooting and Diagnostics Guide. When the switch successfully reboots in FIPS mode, only FIPS-compliant algorithms are run. NOTE RPC is not supported in FIPS - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 618
supported HTTPS supported Only SSH No restrictions CA certificate is optional. Supported 1024 bit keys Supported Telnet and SSH LDAP switch to configure TLS ciphers for on the switch and on the switch. the switch. Configure The switch uses switch. switch is in non-FIPS mode, switch then user authentication - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 619
CONFIGURATIONS RADIUS configuration does not exist. adldap.local LDAP CONFIGURATIONS Position Server Port Domain Timeout(s) : 1 : GEOFF5.ADLDAP.LOCAL : 389 : adldap.local : 3 Primary AAA Service: LDAP Secondary AAA Service: Switch database Fabric OS Administrator's Guide 619 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 620
instructions in "LDAP configuration and Microsoft Active Directory" on page 162, and then perform the following additional Microsoft Active Directory settings a. To support FIPS mode To utilize the LDAP services for FIPS between the switch and the host, you must generate 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 621
. Once these ports are blocked, you cannot use them to read or write data from and to the switch. • The configDownload and firmwareDownload commands using an FTP server are blocked. See Table 88 on page 618 admin permissions to enable FIPS mode. Fabric OS Administrator's Guide 621 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 622
switch the switch switch supported in FIPS mode. You must remove these keys to remain FIPS compliant. NOTE Support supported, only Windows 2000-, Windows 2003, and Windows 2008-based RADIUS servers may be used in a FIPS-compliant configuration. • If the switch is set for LDAP, refer to the instructions - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 623
group) to set the DH group to 1, 2, 3, or 4. 5. Install the LDAP CA certificate on the switch and Microsoft Active Directory server. Refer to "LDAP certificates for FIPS mode" on page 620. 6. Enter the following prompts to enable signed firmware: Fabric OS Administrator's Guide 623 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 624
:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] ... cfgload attributes (yes, y, no, n): [no] yes Enforce secure config Upload/Download (yes, y, no, n): [no] Enforce - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 625
admin and user) should be changed after every zeroization operation to maintain FIPS 140-2 compliance. 3. Power-cycle the switch. Displaying FIPS configuration 1. Log in to the switch using an account with admin or securityadmin permissions, or a user account with OM permissions for the FCIPCfg RBAC - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 626
B Preparing a switch for FIPS 626 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 627
of the hexadecimal triplet Ox616000 Notice the PID (610600 - bolded) in the nsShow output is in hexadecimal. switch:admin> nsshow { Type Pid COS PortName NodeName TTL(sec) N 610600; 2,3;10:00:00:00:c9:29 610600 = decimal triplet 97,06,00 Fabric OS Administrator's Guide 627 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 628
12 13 14 15 16 17 18 19 20 Hex 0b 0c 0d 0e 0f 10 11 12 13 14 Decimal 21 22 23 24 25 26 27 28 29 30 Hex 15 16 17 18 19 1a 1b 1c 1d 1e Decimal a9 aa Decimal 171 172 173 174 175 176 177 178 179 180 628 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 629
f1 f2 f3 f4 f5 f6 f7 f8 f9 fa Decimal 251 252 253 254 255 Hex fb fc fd fe ff Fabric OS Administrator's Guide 629 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 630
C Hexadecimal Conversion 630 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 631
API, 192 browser security support, 182 changing account parameters, , 192 SNMP access control list, 188 switch defaults, 192 telnet, 192 blocking, 190 OS Administrator's Guide 53-1002745- 144 lockouts and denial of service implications, 145 managing passwords stored, 195 manually distributing policy - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 632
for trunking, 523 overview, 517-518 Quality of Service, 518 SID/DID traffic prioritization, 518 Top Talkers, switches, 295 public key to switch, 180 rules to an IP Filter policy, 223 switch or fabric to a zone, 336 switches to a zone, 336 Top Talker monitors on all switches Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 633
switch members, 440 switch port members, 439 switch WWN, 440 switching context, 456 system-defined, 436 TACACS+ service, 173 TI zone considerations, 360 transaction model, 442 trunk area, 540 user authUtil command, 209, 210, 211, 212, 217, 403, 623 Fabric OS Administrator's Guide 633 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 634
fabric, described, 572 port blades, described, 84 port configurations supported, 287 port restrictions, 287 shutdown, 77 upgrading firmware, 146 Backbone without recovery string, 148 switch with recovery string, 145 switch without recovery string, 147 bottleneck, Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 635
exceptions, 97 Brocade fixed-port switches, upgrading firmware, 261 Brocade FX8-24 compatibility, 96 enabling 10-GbE ports, 477 XISL use and VE_Ports, 287 Brocade Network Advisor, 55 Brocade Vendor-Specific Attribute. See: VSA. browser 128-bit encryption, 182 displaying encryption support, 182 root - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 636
CIDR block notation, 64 class 2 and 3 traffic support, 111 classConfig command, 135 classless inter-domain routing. 56 command history, 59 commands to display switch configuration, 247 commands to modify switch configuration, 247 Fabric OS, 56-59 636 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 637
, 516 perfCfgSave, 516 perfMonitorClear, 505 perfMonitorShow, 504 perfSetPortEEMask, 503 perfTTmon, 513, 514, 515 portBufferCalc, 399 Fabric OS Administrator's Guide 53-1002745-02 portBufferShow, 402, 562, 399 portCfg, 624 portCfgCompress, 397, 404, 405 portCfgEncrypt, 397, 404, 405, 624 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 638
, 247 restoring, 248 saving for frame monitors, 508 security considerations, 250 setup form, 253 supported for FA-PWWN, 429 without disabling a switch, 248 zones, 336 configuration file backing up, 244 backup, 244 chassis section, 243 configDownload command, in Admin Domain context, 460 display - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 639
, 211 device-switch connection, 88 remote authentication on switch, 174 root certificates , 183-187 TACACS+ service, 171 zone, rules supporting dual port, 86 dual port configuration, 85 creating Admin Domains, 443 alias, 313 base switches be monitored, 506 logical switches, 292 SCC policies, supported - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 640
zoning mode, setting, 326 default logical switch base switch restriction, 287 XISL restriction, 287 defZone 621 logical switches, 294 private key from switch, 182 public key from switch, 182 85 CP8 blade dual port support, 86 limiting traffic from, See: D_Port. dictionary.brocade, 154 Diffie Hellman - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 641
ISL trunking, 538 local switch protection, 226 NPIV, 422 port, 90 QoS manually on trunked ports, on other logical switches, 127 Fabric OS Administrator's Guide 53-1002745-02 overview 460 DPS described, 119 device-based routing, 120 support on Virtual Fabrics, 120 dropped frames, discovering why, - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 642
setting a mask for, 503 supported port configurations for, 502 effective local switch protection, 226 NPIV, 422 port, 89 remote authentication, 175 switches, 76 ethernet address, static, 64 ethernet interface on switch, 62 Virtual Fabrics, 63 ethernet IP address, 411 supported trunking configurations - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 643
on an Access Gateway, 544 F_Port trunking, 543-550 Fabric OS Administrator's Guide 53-1002745-02 and Virtual Fabrics, 548 configuring for Brocade adapters, 545 considerations, 546 for access gateways, 543 for Brocade adapters, 545 fabric access, 192 adding Top Talker monitors, 513 addresses. See - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 644
supported, 571 edge-to-edge, 576 fabric mode Top Talker monitors, 581 license requirements, 570 platforms supported, 570 routing service, support, 287 FC-NAT, defined, 113 fcoe command, 422 FCoE, NPIV required, 422 FCR and traffic isolation, 352 authentication, 579 Brocade 7800 logical switches - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 645
: FCR and FC-FC routing. Fibre Channel services, 43-54 overview, 43 FICON CUP environment considerations verification, 187 SSL support, 182 firmware, 255 switch version testing, 268 upgrading, 257 upgrading for Brocade fixed-port switches switches Fabric OS Administrator's Guide 645 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 646
port configurations supported, 286 also: RADIUS and Linux. FSPF described, 112 number of routes supported, 112 path calculation, 113 traffic isolation routing rules, 349 FSPF- QoS zone-based traffic prioritization considerations, 528 support for trunking, 536 synchronization, 257 verifying features - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 647
sec, 235 policies, null encryption support, 240 implementing Admin Domains, 443 Fabric OS Administrator's Guide 53-1002745-02 indexing ports, inter-fabric link See: IFL. Internet Explorer and SSL support, 182 Internet Explorer. See: IE. inter-switch link. See: ISL. iodReset command, 123 iodSet - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 648
service names, 220 saving policy, 218 supported actions, 221 supported protocols, 221 supported services manual key entry, 236 null encryption support , 180 manual key entry and IP sec, 236 PKI key pair generation on switch, 181 pre Active Directory LDAP versions supported, 163 authentication, non- - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 649
support, 162 non-FIPS mode restrictions, 162 role mapping and OpenLDAP, 168 role mapping, and Microsoft Active Directory, 163 secure service, 150 LDAP server adding, 175 deleting, 175 reordering, 175 LDAP service features, 481 Brocade 7800 upgrade 471 Fabric OS Administrator's Guide 53-1002745-02 ICL - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 650
about, 276 allowing XISL use, 299 650 basic configuration values, 291 changing to a base switch, 297 commanding in a different context, 293 connected devices and, 279 creating, 292 deleting management interface IP sec configuration, 231 security, 231-240 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 651
in a fabric, 333 manually distributing ACL policy database, service configuring for LDAP, 162 groups, creating, 164 role, assigning, 164 users, adding, 164 vendor attributes, adding to schema, 165 mirror port. See also: M_Port. modifying FCS policy, 199 FCS switch Guide 651 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 652
installed licenses, 484 dynamic, 485 enabling dynamic, 486 supported devices, 483 Open LDAP See also: LDAP. 146 Backbone without recovery string, 148 switch with recovery string, 145 switch without recovery string, 147 local user accounts services, 44-45 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 653
tunneling IMCP traffic, 240 manually distributing ACL policy database, 219 saving IP Filter, 218 using service names in IP Filter rules, 220 supported for Backbones, 287 configurations supported for fixed-port switches, 286 configuring E_Port authentication, 209 Fabric OS Administrator's Guide - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 654
316 logical in ISL, 285 lossless dynamic load sharing, 125-128 manually disabling QoS on trunked ports, 524 moving, 279 naming, 86 port process, 52 port types, 84 ports and applications used by switches, 192 re-authenticating an E_Port, 210 releasing from a POD Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 655
command, 102 power-on self tests for FIPS, 617 preparing a switch for FIPS, 621 preserving licenses, 463 pre-shared key, and deploy secure, 178 secure, 178 security, 177 setting for authentication, 212 supported for IP Filter, 221 proxy device, 575-576 described, 573 proxy Guide 655 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 656
supported chassis, 492 Quality of Service. See: QoS. support with Linux, 156 configuring support with Windows 2000, 158 deleting, 175 High Availability failover on, 156 reordering, 175 RSA setup, 160 setup, 156-162 RADIUS service switch from logical switches, 295 zone switch -port switch ports, - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 657
route selection for routing, 112 route selection, defined, 112 routes, number supported using FSPF, 112 routing AP policies, 120 AP route policies, 120 in FIPS mode, 617 RSA key pair generation, 180 Fabric OS Administrator's Guide 53-1002745-02 RSA RADIUS server, 160 RSA RADIUS server, setup, - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 658
Layer protocol. See: SSL. security AUTH policy, 207 Brocade MIB, 188 browser support, 182 certificates, 178 encryption and SSL, 182 FibreAlliance MIB routers, 532 security level, 190 static ethernet IP address, 65 switch date and time, 69 time, 69 time zone, 70 time zone 's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 659
values, setting, 106 status policy threshold values, viewing, 105 Fabric OS Administrator's Guide 53-1002745-02 supported browsers, 182 supportSave command, 39 swapping blades, 97-100 SW-EXTTRAP, 189 switch access, 192 access methods, Web Tools, 55 ACL policy distribution, 227 activation and - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 660
76, 110, 121, 489 switchEnable command, 76, 110, 301 switches supported for FA-PWWN, 429 switchName command, 74 switchShow command, 611 171 supported protocols, 171 timeout, 171 TACACS+ service ADList, 173 Admin Domains, configuring, 173 authentication service, Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 661
on all switches in support, 111 traffic, limiting from a device, 519 Fabric OS Administrator's Guide manually disabling QoS on, 524 trunking Adaptive Networking license considerations, 523 configuring F_Port for Brocade Brocade adapters, 545 F_Ports and Virtual Fabrics, 548 High Availability support - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 662
, 332 zones, 322 virtual channels, 115 priority groups, 115 Virtual Fabrics account management, 286 ACL policy considerations, 196 AUTH module considerations, 208 base switch about, 283 creating, 292 changing logical switch to base switch, 297 662 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 663
DPS support, 120 switch services supported platforms, 286 TACACS+ service, 173 TI zone considerations, 361, 364 with traffic isolation over FCR, 363 XISL, allowing on logical switches (NPS) support, 160 Windows logical ports, 285 switch WWNs in Admin Brocade 7800 restriction, 286 default logical switch - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 664
for FIPS, 624 zone access mode, viewing current, 327 accessing, 192 adding a new switch or fabric, 336 adding members, 317 administering security, 336 alias adding members, 313 deleting zoneObjectRename command, 335 zoneObjectReplace command, 319 664 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 665
zoneRemove command, 318 zoneShow command, 322 zoning advanced, 303-342 advanced commands, 304 defined, 304 enforcement, 308 on logical ports, 316 overview, 304 Fabric OS Administrator's Guide 665 53-1002745-02 - Dell Brocade 6520 | Administrator's Guide Supporting Fabric OS 7.1.0 - Page 666
666 Fabric OS Administrator's Guide 53-1002745-02
53-1002745-02
25 March 2013
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS 7.1.0