Dell Brocade 6520 Fabric OS Troubleshooting and Diagnostics Guide v7.1.0 - Page 79

Protocol and certificate management 6 Symptom Switch is unable to form an F_Port. Probable cause and recommended action Regardless of the device authentication policy mode on the switch, the F_Port is disabled if the DH-CHAP protocol fails to authenticate. If the HBA sets the FC-SP bit during FLOGI and the switch sends a FLOGI accept with FC-SP bit set, then the switch expects the HBA to start the AUTH_NEGOTIATE. From this point on until the AUTH_NEGOTIATE is completed, all ELS and CT frames, except the AUTH_NEGOTIATE ELS frame, are blocked by the switch. During this time, the Fibre Channel driver rejects all other ELS frames. The F_Port does not form until the AUTH_NEGOTIATE is completed. It is the HBA's responsibility to send an Authentication Negotiation ELS frame after receiving the FLOGI accept frame with the FC-SP bit set. Protocol and certificate management This section provides information and procedures for troubleshooting standard Fabric OS security features such as protocol and certificate management. Symptom Troubleshooting certificates Probable cause and recommended action If you receive messages in the browser or in a pop-up window when logging in to the target switch using HTTPS, refer to Table 13 for recommended actions you can take to correct the problem. TABLE 13 SSL messages and actions Message Action The page cannot be displayed The SSL certificate is not installed correctly or HTTPS is not enabled correctly. Make sure that the certificate has not expired, that HTTPS is enabled, and that certificate file names are configured correctly. The security certificate was issued by a company you have not chosen to trust. The certificate is not installed in the browser. Install it as described in the Fabric OS Administrator's Guide. The security certificate has expired or is not yet Either the certificate file is corrupted or it needs to be updated. valid Click View Certificate to verify the certificate content. If it is corrupted or out of date, obtain and install a new certificate. The name on the security certificate is invalid The certificate is not installed correctly in the Java Plug-in. Install or does not match the name of the site file it as described in the Fabric OS Administrator's Guide. This page contains both secure and nonsecure Click No in this pop-up window. The session opens with a closed items. Do you want to display the nonsecure lock icon on the lower-right corner of the browser, indicating an items? encrypted connection. Gathering additional information For security-related issues, use the following guidelines to gather additional data for your switch support provider. • Perform a supportSave -n command. • If not sure about the problem area, collect a supportSave -n from all switches in the fabric. • If you think it may be related to E_Port authentication then collect a supportSave -n from both switches of the affected E_Port. Fabric OS Troubleshooting and Diagnostics Guide 63 53-1002751-01