| Section |
Page |
| Brocade Fabric OS Administration Guide, 8.0.1 |
1 |
| Preface |
19 |
| Document conventions |
19 |
| Text formatting conventions |
19 |
| Command syntax conventions |
19 |
| Notes, cautions, and warnings |
20 |
| Brocade resources |
20 |
| Contacting Brocade Technical Support |
20 |
| Brocade customers |
20 |
| Brocade OEM customers |
21 |
| Document feedback |
21 |
| About This Document |
23 |
| Supported hardware and software |
23 |
| Brocade Gen 5 (16-Gbps) fixed-port Switches |
23 |
| Brocade Gen 5 (16-Gbps) DCX 8510 Directors |
23 |
| Brocade Gen 6 fixed-port Switches |
23 |
| Brocade Gen 6 Directors |
24 |
| What's new in this document for 8.0.1 |
24 |
| Understanding Fibre Channel Services |
25 |
| Fibre Channel services overview |
25 |
| Management server |
26 |
| Platform services |
26 |
| Platform services and Virtual Fabrics |
26 |
| Enabling platform services |
27 |
| Disabling platform services |
27 |
| Management server database |
27 |
| Displaying the management server ACL |
27 |
| Adding a member to the ACL |
28 |
| Deleting a member from the ACL |
29 |
| Viewing the contents of the management server database |
30 |
| Clearing the management server database |
30 |
| Topology discovery |
31 |
| Displaying topology discovery status |
31 |
| Enabling topology discovery |
31 |
| Disabling topology discovery |
31 |
| Device login |
32 |
| Principal switch |
32 |
| E_Port login process |
33 |
| Fabric login process |
33 |
| Port login process |
33 |
| RSCNs |
33 |
| Duplicate Port World Wide Name |
34 |
| Device recovery |
34 |
| High availability of daemon processes |
34 |
| FL_Port and arbitrated loop support |
35 |
| Performing Basic Configuration Tasks |
37 |
| Fabric OS overview |
37 |
| Fabric OS command line interface |
37 |
| Console sessions using the serial port |
38 |
| Connecting to Fabric OS through the serial port |
38 |
| Telnet or SSH sessions |
38 |
| Rules for Telnet connections |
39 |
| Connecting to Fabric OS using Telnet |
39 |
| Getting help on a command |
40 |
| Viewing a history of command line entries |
41 |
| cliHistory |
41 |
| cliHistory --show |
42 |
| cliHistory --showuser username |
42 |
| cliHistory --showall |
42 |
| cliHistory --help |
42 |
| Notes |
43 |
| Using fosexec to run commands on remote switches or domains |
43 |
| Password modification |
45 |
| Default account passwords |
46 |
| Changing the default account passwords at login |
46 |
| The switch Ethernet interface |
46 |
| Brocade Directors |
46 |
| Brocade switches |
47 |
| Virtual Fabrics and the Ethernet interface |
47 |
| Management Ethernet port bonding |
47 |
| Supported Brocade Backbones and Directors |
48 |
| Setting up the second Ethernet port on a CP8 blade |
48 |
| Displaying the network interface settings |
48 |
| Resetting the management network interface error counters |
49 |
| Static Ethernet addresses |
49 |
| Setting the static addresses for the Ethernet network interface |
50 |
| Setting the static addresses for the chassis management IP interface |
50 |
| DHCP activation |
51 |
| Notes on DHCP |
51 |
| Enabling DHCP for IPv4 in fixed-port devices |
51 |
| Disabling DHCP for IPv4 in fixed-port devices |
52 |
| Enabling DHCP for IPv4 in Directors |
52 |
| Configuring DHCPv6 for IPv6 |
53 |
| Configuring Stateless DHCPv6 |
54 |
| IPv6 autoconfiguration |
55 |
| Setting IPv6 autoconfiguration |
55 |
| Setting the Ethernet interface mode and speed |
56 |
| Date and time settings |
56 |
| Setting the date and time |
57 |
| Time zone settings |
57 |
| Setting the time zone |
58 |
| Setting the time zone interactively |
58 |
| Network Time Protocol |
59 |
| Synchronizing the local time with an external source |
60 |
| NTP configuration distribution to Access Gateways |
60 |
| Domain IDs |
61 |
| Domain ID issues |
61 |
| Displaying the domain IDs |
62 |
| Setting the domain ID |
62 |
| Switch names |
63 |
| Customizing the switch name |
63 |
| Chassis names |
63 |
| Customizing chassis names |
63 |
| Fabric name |
64 |
| Configuring the fabric name |
64 |
| High availability considerations for fabric names |
64 |
| Upgrade and downgrade considerations for fabric names |
64 |
| Switch activation and deactivation |
64 |
| Disabling a switch |
65 |
| Enabling a switch |
65 |
| Disabling a chassis |
65 |
| Enabling a chassis |
66 |
| Device shutdown |
66 |
| Powering off a Brocade switch |
66 |
| Powering off a Brocade Director |
66 |
| Basic connections |
67 |
| Device connection |
67 |
| Switch connection |
67 |
| Performing Advanced Configuration Tasks |
69 |
| Port identifiers (PIDs) and PID binding overview |
69 |
| Core PID addressing mode |
69 |
| Fixed addressing mode |
70 |
| 10-bit addressing (mode 0) |
70 |
| 256-area addressing (mode 1 and mode 2) |
70 |
| Zero-based addressing (mode 1) |
71 |
| Port-based addressing (mode 2) |
71 |
| WWN-based PID assignment |
71 |
| Virtual Fabrics considerations for WWN-based PID assignment |
71 |
| NPIV |
72 |
| Enabling automatic PID assignment |
72 |
| Assigning a static PID |
72 |
| Clearing PID binding |
72 |
| Showing PID assignments |
73 |
| Ports |
73 |
| Port Types |
73 |
| Director port blades |
73 |
| Setting port names |
74 |
| Port identification by slot and port number |
75 |
| Port identification by port area ID |
75 |
| Port identification by index |
75 |
| Dynamic Portname |
75 |
| Dynamic port name format |
79 |
| Configuring a device-switch connection |
81 |
| Swapping port area IDs |
81 |
| Enabling a port |
82 |
| Disabling a port |
82 |
| Port decommissioning |
83 |
| Setting port speeds |
83 |
| Setting all ports on a switch to the same speed |
84 |
| Setting port speed for a port octet |
84 |
| Setting maximum auto-negotiated port speed |
86 |
| Decoding fdmiShow command output |
86 |
| Blade terminology and compatibility |
87 |
| CP blades |
88 |
| Core blades |
89 |
| Port and application blade compatibility |
89 |
| Enabling and disabling blades |
89 |
| Enabling blades |
89 |
| Exceptions in enabling 48-port and 64-port blades |
90 |
| Disabling blades |
90 |
| Blade swapping |
90 |
| How blades are swapped |
91 |
| Swapping blades |
94 |
| Disabling switches |
95 |
| Power management |
95 |
| Powering off a port blade or core blade |
95 |
| Powering on a port blade or core blade |
96 |
| Equipment status |
96 |
| Checking switch operation |
96 |
| Verifying High Availability features (Backbones and Directors only) |
96 |
| Verifying fabric connectivity |
97 |
| Verifying device connectivity |
97 |
| Audit log configuration |
97 |
| Verifying host syslog prior to configuring the audit log |
98 |
| Configuring an audit log for specific event classes |
99 |
| Configuring remote syslog servers |
99 |
| Using secure syslog CA certificates |
100 |
| Hostname support for syslogAdmin command |
100 |
| Duplicate PWWN handling during device login |
101 |
| Setting 0, First login precedence |
101 |
| Setting 1, Second login precedence |
101 |
| Setting 2, Mixed precedence |
102 |
| Setting the behavior for handling duplicate PWWNs |
102 |
| Forward error correction |
103 |
| FEC limitations |
103 |
| Enabling forward error correction |
103 |
| Disabling forward error correction |
104 |
| Enabling or disabling FEC for long-distance ports |
105 |
| Displaying and clearing the FEC counters |
105 |
| FEC-via-TTS |
105 |
| Routing Traffic |
107 |
| Routing overview |
107 |
| Paths and route selection |
107 |
| FSPF |
107 |
| Fibre Channel NAT |
109 |
| Inter-switch links |
109 |
| Buffer credits |
111 |
| Congestion versus over-subscription |
111 |
| Virtual channels |
111 |
| Gateway links |
112 |
| Configuring a link through a gateway |
113 |
| Routing policies |
114 |
| Notes |
114 |
| Displaying the current routing policy |
114 |
| Port-based routing |
114 |
| Exchange-based routing |
115 |
| Device-based routing |
115 |
| Dynamic Path Selection |
115 |
| Displaying a dynamic path selection group for reachable domains |
115 |
| Route selection |
116 |
| Dynamic Load Sharing |
116 |
| Setting DLS |
117 |
| Frame order delivery |
117 |
| Forcing in-order frame delivery across topology changes |
118 |
| Restoring out-of-order frame delivery across topology changes |
118 |
| Enabling Frame Viewer |
118 |
| Using Frame Viewer to understand why frames are dropped |
119 |
| Displaying discarded frames by back-end port in Frame Viewer |
119 |
| Lossless Dynamic Load Sharing on ports |
120 |
| Lossless core |
121 |
| ICL limitations |
121 |
| Configuring Lossless Dynamic Load Sharing |
121 |
| Lossless Dynamic Load Sharing in Virtual Fabrics |
122 |
| How DLS affects other logical switches in the fabric |
122 |
| Two-hop Lossless DLS route update |
122 |
| Configuring Two-hop Lossless DLS |
123 |
| Frame Redirection |
123 |
| Creating a frame redirect zone |
124 |
| Deleting a frame redirect zone |
125 |
| Viewing frame redirect zones |
125 |
| Buffer-to-Buffer Credits and Credit Recovery |
127 |
| Buffer credit management |
127 |
| Buffer-to-buffer flow control |
127 |
| Optimal buffer credit allocation |
128 |
| Considerations for calculating buffer credits |
128 |
| Fibre Channel gigabit values reference definition |
128 |
| Buffer credit allocation based on full-size frames |
129 |
| Fibre Channel data frames |
129 |
| Allocating buffer credits based on full-sized frames |
129 |
| Calculating the number of buffers required based on full-size frames |
130 |
| Allocating buffer credits based on average-size frames |
131 |
| Configuring buffers for a single port directly |
132 |
| Configuring buffers using frame size |
132 |
| Calculating the number of buffers required given the distance, speed, and frame size |
132 |
| Allocating buffer credits for F_Ports |
133 |
| Monitoring buffers in a port group |
134 |
| Buffer credits per switch or blade model |
135 |
| Formula for Gen-6 32-Gbps devices |
135 |
| Formula for Gen-5 16-Gbps and older devices |
135 |
| Maximum configurable distances for Extended Fabrics |
136 |
| Formula for Gen-6 32-Gbps devices |
136 |
| Formula for Gen-5 16-Gbps and older devices |
137 |
| Downgrade considerations |
137 |
| When a port is configured with -framesize and -distance options |
138 |
| When a port is configured with the -buffers option |
138 |
| Configuring credits for a single VC |
138 |
| Increasing credits for normal distance E_Ports |
138 |
| Buffer credit recovery |
139 |
| Buffer credit recovery over an E_Port |
139 |
| Buffer credit recovery over an F_Port |
139 |
| Buffer credit recovery over an EX_Port |
140 |
| Enabling and disabling buffer credit recovery |
140 |
| Credit loss detection |
141 |
| Back-end credit loss detection and recovery support on Brocade 6520 switches |
141 |
| Enabling back-end credit loss detection and recovery for link reset thresholds |
141 |
| Performing link reset for loss of sync from peer ports |
142 |
| Back-end credit loss detection and recovery for link faults |
143 |
| Managing User Accounts |
145 |
| User accounts overview |
145 |
| Role-Based Access Control |
145 |
| Role permissions |
146 |
| Management channel |
147 |
| Managing user-defined roles |
147 |
| Creating a user-defined role |
147 |
| Assigning a user-defined role to a user |
148 |
| Configuring time-based access |
148 |
| Local database user accounts |
149 |
| Default accounts |
149 |
| Displaying account information |
150 |
| Creating an account |
150 |
| Deleting an account |
150 |
| Changing account parameters |
150 |
| Local account passwords |
151 |
| Changing the password for the current login account |
151 |
| Changing the password for a different account |
151 |
| Local user account database distribution |
151 |
| Distributing the local user database |
151 |
| Accepting distributed user databases on the local switch |
152 |
| Rejecting distributed user databases on the local switch |
152 |
| Password policies |
152 |
| Password strength policy |
152 |
| Password history policy |
153 |
| Password expiration policy |
154 |
| Account lockout policy |
155 |
| Enabling the admin lockout policy |
155 |
| Unlocking an account |
155 |
| Disabling the admin lockout policy |
155 |
| Denial of service implications |
155 |
| Changing the root password without the old password |
156 |
| Configuring the password hash type |
156 |
| The boot PROM password |
157 |
| Setting the boot PROM password for a switch with a recovery string |
157 |
| Setting the boot PROM password for a Backbones and Directors with a recovery string |
158 |
| Setting the boot PROM password for a switch without a recovery string |
159 |
| Setting the boot PROM password for a Backbone or Director without a recovery string |
159 |
| Remote authentication |
160 |
| Remote authentication configuration |
160 |
| Client/server model |
160 |
| Authentication server data |
161 |
| Switch configuration |
161 |
| Supported LDAP options |
161 |
| Command options |
162 |
| Setting the switch authentication mode |
163 |
| Fabric OS user accounts |
163 |
| Fabric OS users on the RADIUS server |
164 |
| Windows 2012 IAS |
164 |
| Linux FreeRADIUS server |
165 |
| RADIUS configuration with Virtual Fabrics |
166 |
| Setting up a RADIUS server |
166 |
| Configuring RADIUS server support with Linux |
167 |
| Adding the Brocade attributes to the server |
167 |
| Creating the user |
167 |
| Enabling clients |
168 |
| Configuring RADIUS server support with Windows 2012 |
168 |
| RSA RADIUS server |
171 |
| Setting up the RSA RADIUS server |
172 |
| Obfuscation of RADIUS shared secret |
173 |
| LDAP configuration and Microsoft Active Directory |
174 |
| Configuring Microsoft Active Directory LDAP service |
174 |
| Creating a user |
175 |
| Creating a group |
175 |
| Assigning the group (role) to the user |
175 |
| Adding a Virtual Fabric list |
175 |
| Adding attributes to the Active Directory schema |
176 |
| LDAP configuration and OpenLDAP |
176 |
| OpenLDAP server configuration overview |
176 |
| Enabling group membership |
177 |
| Adding entries to the directory |
177 |
| Assigning a user to a group |
178 |
| Assigning the LDAP role to a switch role |
178 |
| Modifying an entry |
178 |
| Adding a Virtual Fabric list |
178 |
| TACACS+ service |
180 |
| TACACS+ configuration overview |
180 |
| Configuring the TACACS+ server on Linux |
180 |
| The tac_plus.cfg file |
180 |
| Adding a user and assigning a role |
181 |
| Configuring Virtual Fabric lists |
181 |
| Configuring the password expiration date |
181 |
| Configuring a Windows TACACS+ server |
182 |
| Remote authentication configuration on the switch |
182 |
| Adding an authentication server to the switch configuration |
182 |
| Enabling and disabling remote authentication |
182 |
| Deleting an authentication server from the configuration |
183 |
| Changing an authentication server configuration |
183 |
| Changing the order in which authentication servers are contacted for service |
183 |
| Displaying the current authentication configuration |
183 |
| Configuring local authentication as backup |
184 |
| Configuring Protocols |
185 |
| Security protocols |
185 |
| Secure Copy |
186 |
| Setting up SCP for configuration uploads and downloads |
187 |
| Secure Shell protocol |
187 |
| SSH public key authentication |
187 |
| Allowed-user |
188 |
| Configuring incoming SSH authentication |
188 |
| Configuring outgoing SSH authentication |
189 |
| Deleting public keys on the switch |
189 |
| Deleting private keys on the switch |
190 |
| Generate and install hostkey on a switch |
190 |
| Managing SecCryptoCfg templates |
190 |
| Format and rule of the template |
190 |
| Default secCryptoCfg templates |
191 |
| Default_generic |
191 |
| Default_strong |
192 |
| Default_fips |
193 |
| Default_cc |
194 |
| Configuring the ciphers, KEX, and MAC algorithms |
194 |
| Secure Sockets Layer protocol |
195 |
| Browser and Java support |
195 |
| SSL configuration overview |
195 |
| Certificate authorities |
196 |
| Generating a public/private key pair |
196 |
| Generating and storing a Certificate Signing Request |
196 |
| Obtaining certificates |
197 |
| Installing a switch certificate |
198 |
| Generating self-signed certificates |
199 |
| The browser |
199 |
| Checking and installing root certificates on Internet Explorer |
199 |
| Checking and installing root certificates on Mozilla Firefox |
199 |
| Root certificates for the Java plugin |
200 |
| Installing a root certificate to the Java plugin |
200 |
| Simple Network Management Protocol |
200 |
| SNMP Manager |
201 |
| SNMP Agent |
201 |
| Management Information Base |
201 |
| Basic SNMP operation |
201 |
| Configuring SNMP using CLI |
202 |
| Configuring SNMP security level |
202 |
| Supported protocol configurations for SNMPv3 users |
203 |
| Configuring SNMPv3 user/traps |
203 |
| Telnet protocol |
211 |
| Blocking Telnet |
211 |
| Unblocking Telnet |
212 |
| Listener applications |
213 |
| Ports and applications used by switches |
213 |
| Port configuration |
214 |
| Configuring Security Policies |
215 |
| ACL policies overview |
215 |
| How the ACL policies are stored |
215 |
| Virtual Fabric considerations for ACL policies |
215 |
| Policy members |
216 |
| ACL policy management |
216 |
| Displaying ACL policies |
216 |
| Saving changes without activating the policies |
216 |
| Activating ACL policy changes |
217 |
| Deleting an ACL policy |
217 |
| Adding a member to an existing ACL policy |
217 |
| Removing a member from an ACL policy |
218 |
| Abandoning unsaved ACL policy changes |
218 |
| FCS policies |
218 |
| FCS policy restrictions |
219 |
| Ensuring fabric domains share policies |
220 |
| Creating an FCS policy |
220 |
| Modifying the order of FCS switches |
220 |
| FCS policy distribution |
221 |
| Device Connection Control policies |
222 |
| Virtual Fabrics considerations |
222 |
| DCC policy restrictions |
222 |
| Creating a DCC policy |
223 |
| Deleting a DCC policy |
224 |
| DCC policy behavior with Fabric-Assigned PWWNs |
224 |
| SCC Policies |
226 |
| Virtual Fabrics considerations for SCC policies |
226 |
| Creating an SCC policy |
226 |
| Authentication policy for fabric elements |
227 |
| Virtual Fabrics considerations |
228 |
| E_Port authentication |
228 |
| Virtual Fabrics considerations |
228 |
| Configuring E_Port authentication |
228 |
| Re-authenticating E_Ports |
229 |
| Device authentication policy |
230 |
| Virtual Fabrics considerations |
230 |
| Configuring device authentication |
230 |
| AUTH policy restrictions |
230 |
| Authentication protocols |
231 |
| Viewing the current authentication parameter settings for a switch |
231 |
| Setting the authentication protocol |
231 |
| Secret key pairs for DH-CHAP |
232 |
| Characteristics of a secret key pair |
232 |
| Viewing the list of secret key pairs in the current switch database |
232 |
| Note about Access Gateway switches |
233 |
| Setting a secret key pair |
233 |
| FCAP configuration overview |
233 |
| Generating the key and CSR for FCAP |
234 |
| Exporting the CSR for FCAP |
234 |
| Importing CA for FCAP |
235 |
| Importing the FCAP switch certificate |
235 |
| Starting FCAP authentication |
235 |
| Fabric-wide distribution of the authorization policy |
236 |
| IP Filter policy |
236 |
| Virtual Fabrics considerations for IP Filter policy |
236 |
| Creating an IP Filter policy |
236 |
| Cloning an IP Filter policy |
236 |
| Displaying an IP Filter policy |
237 |
| Saving an IP Filter policy |
237 |
| Activating an IP Filter policy |
237 |
| Deleting an IP Filter policy |
237 |
| IP Filter policy rules |
238 |
| Source address |
238 |
| Destination port |
238 |
| Protocol |
239 |
| Action |
239 |
| Traffic type and destination IP |
239 |
| Implicit filter rules |
240 |
| Default policy rules |
240 |
| IP Filter policy enforcement |
240 |
| Adding a rule to an IP Filter policy |
241 |
| Deleting a rule from an IP Filter policy |
241 |
| Aborting an IP Filter transaction |
241 |
| IP Filter policy distribution |
241 |
| Policy database distribution |
242 |
| Database distribution settings |
243 |
| Displaying the database distribution settings |
243 |
| Enabling local switch protection |
243 |
| Disabling local switch protection |
244 |
| ACL policy distribution to other switches |
244 |
| Distributing the local ACL policies |
244 |
| Fabric-wide enforcement |
244 |
| Displaying the fabric-wide consistency policy |
245 |
| Setting the fabric-wide consistency policy |
245 |
| Notes on joining a switch to the fabric |
245 |
| Matching fabric-wide consistency policies |
246 |
| Non-matching fabric-wide consistency policies |
246 |
| Management interface security |
247 |
| Configuration examples |
248 |
| Endpoint-to-endpoint transport or tunnel |
248 |
| Gateway-to-gateway tunnel |
248 |
| Endpoint-to-gateway tunnel |
249 |
| RoadWarrior configuration |
249 |
| IPsec protocols |
249 |
| Security associations |
250 |
| IPsec proposal |
250 |
| Authentication and encryption algorithms |
250 |
| IPsec policies |
251 |
| IPsec traffic selector |
251 |
| IPsec transform |
251 |
| IKE policies |
251 |
| Key management |
252 |
| Pre-shared keys |
252 |
| Security certificates |
252 |
| Static Security Associations |
252 |
| Creating the tunnel |
252 |
| Example of an end-to-end transport tunnel mode |
254 |
| Notes |
255 |
| Maintaining the Switch Configuration File |
257 |
| Configuration settings |
257 |
| Configuration file format |
258 |
| Chassis section |
258 |
| Switch section |
258 |
| Configuration file backup |
259 |
| Considerations for FTP server credentials with special characters |
259 |
| Examples to verify the use of special characters |
260 |
| Uploading a configuration file in interactive mode |
261 |
| Configuration file restoration |
261 |
| Restrictions |
261 |
| Configuration download without disabling a switch |
263 |
| Restoring a configuration |
263 |
| Configurations across a fabric |
264 |
| Downloading a configuration file from one switch to another switch of the same model |
264 |
| Security considerations |
264 |
| Configuration management for Virtual Fabrics |
264 |
| Uploading a configuration file from a switch with Virtual Fabrics enabled |
264 |
| Restoring a logical switch configuration using configDownload |
265 |
| Restrictions |
266 |
| Brocade configuration form |
266 |
| Managing Virtual Fabrics |
267 |
| Virtual Fabrics overview |
267 |
| Logical switch overview |
268 |
| Default logical switch |
268 |
| Logical switches and fabric IDs |
269 |
| Port assignment in logical switches |
270 |
| Logical switches and connected devices |
272 |
| Management model for logical switches |
273 |
| Logical fabric overview |
274 |
| Logical fabric and ISLs |
274 |
| Base switch and extended ISLs |
275 |
| Base fabric |
278 |
| Logical ports |
278 |
| Logical fabric formation |
279 |
| Account management and Virtual Fabrics |
279 |
| Setting up IP addresses for a logical switch |
279 |
| Logical switch login context |
280 |
| Supported platforms for Virtual Fabrics |
281 |
| Supported port configurations in the fixed-port switches |
281 |
| Supported port configurations in Brocade Backbones and Directors |
282 |
| Restrictions on Brocade Backbones |
282 |
| Virtual Fabrics interaction with other Fabric OS features |
282 |
| Limitations and restrictions of Virtual Fabrics |
283 |
| Restrictions on XISLs |
284 |
| Restrictions on moving ports |
284 |
| Enabling Virtual Fabrics mode |
284 |
| Disabling Virtual Fabrics mode |
285 |
| Configuring logical switches to use basic configuration values |
286 |
| Creating a logical switch or base switch |
286 |
| Executing a command in a different logical switch context |
288 |
| Deleting a logical switch |
288 |
| Adding and moving ports on a logical switch |
289 |
| Displaying logical switch configuration |
290 |
| Changing the fabric ID of a logical switch |
290 |
| Changing a logical switch to a base switch |
291 |
| Configuring a logical switch for XISL use |
292 |
| Changing the context to a different logical fabric |
293 |
| Creating a logical fabric using XISLs |
293 |
| Administering Advanced Zoning |
297 |
| Zone types |
297 |
| Zoning overview |
298 |
| Approaches to zoning |
299 |
| Zone objects |
300 |
| Zoning schemes |
300 |
| Zone configurations |
301 |
| Zoning enforcement |
301 |
| Identifying the enforced zone type |
302 |
| Considerations for zoning architecture |
302 |
| Best practices for zoning |
302 |
| Broadcast zones |
303 |
| Broadcast zones and FC-FC routing |
304 |
| High availability considerations with broadcast zones |
304 |
| Loop devices and broadcast zones |
304 |
| Broadcast zones and default zoning mode |
304 |
| Zone aliases |
304 |
| Creating an alias |
305 |
| Adding members to an alias |
305 |
| Removing members from an alias |
306 |
| Deleting an alias |
306 |
| Viewing an alias in the defined configuration |
307 |
| Zone creation and maintenance |
307 |
| Displaying existing zones |
307 |
| Creating a zone |
308 |
| Adding devices (members) to a zone |
309 |
| Removing devices (members) from a zone |
310 |
| Replacing zone members |
311 |
| Notes and restrictions |
311 |
| Deleting a zone |
312 |
| Viewing a zone |
313 |
| Viewing zone configuration names without case distinction |
314 |
| Examining changes in the zone database |
314 |
| Validating a zone |
315 |
| Inconsistencies between the defined and effective configurations |
317 |
| Default zoning mode |
318 |
| Setting the default zoning mode |
319 |
| Viewing the current default zone access mode |
319 |
| Zone database size |
320 |
| Zone configurations |
320 |
| Creating a zone configuration |
321 |
| Adding zones to a zone configuration |
321 |
| Removing members from a zone configuration |
322 |
| Enabling a zone configuration |
322 |
| Disabling a zone configuration |
322 |
| Validating zone members in the zone configuration |
323 |
| Deleting a zone configuration |
325 |
| Deleting invalid zones |
325 |
| Abandoning zone configuration changes |
326 |
| Viewing all zone configuration information |
326 |
| Viewing selected zone configuration information |
326 |
| Viewing the zone aliases in the zone configuration |
327 |
| Viewing the configuration in the effective zone database |
328 |
| Clearing all zone configurations |
328 |
| Zone object maintenance |
329 |
| Copying a zone object |
329 |
| Deleting a zone object |
330 |
| Renaming a zone object |
330 |
| Zone configuration management |
331 |
| Security and zoning |
331 |
| Zone merging |
332 |
| Fabric segmentation and zoning |
333 |
| Zone merging scenarios |
333 |
| Concurrent zone transactions |
339 |
| Viewing zone database transactions |
340 |
| Peer Zoning |
340 |
| Peer Zoning compared to other zoning types |
341 |
| Advantages of Peer Zoning |
344 |
| Peer Zone connectivity rules |
344 |
| Firmware upgrade and downgrade considerations for Peer Zoning |
345 |
| LSAN and QoS Peer Zoning considerations |
345 |
| Peer Zone configuration |
345 |
| Creating Peer Zones |
345 |
| Adding devices to a Peer Zone |
346 |
| Replacing a device in a Peer Zone |
346 |
| Removing devices from a Peer Zone |
346 |
| Deleting Peer Zones |
346 |
| Viewing Peer Zones |
346 |
| Target Driven Zoning |
347 |
| Limitations and considerations for Target Driven Zoning |
348 |
| Target Driven Zoning configuration |
348 |
| Enabling Target Driven Zoning |
348 |
| Disabling Target Driven Zoning |
349 |
| Viewing Target Driven Zoning |
350 |
| Supported commands for Peer Zones and Target Driven Peer Zones |
351 |
| Boot LUN zoning |
352 |
| Setting up boot LUN zoning |
354 |
| Configuring the server and HBA for BLUN zone |
354 |
| Configuring the Brocade switch for BLUN zone |
354 |
| Traffic Isolation Zoning |
357 |
| Traffic Isolation Zoning overview |
357 |
| TI zone failover |
358 |
| Additional considerations when disabling failover |
359 |
| FSPF routing rules and traffic isolation |
359 |
| Enhanced TI zones |
361 |
| Invalid configurations with enhanced TI zones |
362 |
| Invalid ETIZ configuration: separate paths from a port to devices on same domain |
362 |
| Invalid ETIZ configuration: separate paths from a single port to the same domain |
363 |
| General rules for TI zones |
364 |
| Additional configuration rules for enhanced TI zones |
365 |
| Limitations and restrictions of Traffic Isolation Zoning |
366 |
| Creating a TI zone |
366 |
| Modifying TI zones |
367 |
| Changing the state of a TI zone |
368 |
| Deleting a TI zone |
368 |
| Displaying TI zones |
368 |
| Enforcing Local TI Filtering |
369 |
| Traffic Isolation Zoning over FC routers |
370 |
| TI zones within an edge fabric |
371 |
| TI zones within a backbone fabric |
372 |
| Limitations of TI zones over FC routers |
373 |
| Fabric-Level Traffic Isolation in a backbone fabric |
374 |
| Fabric-Level TI zones |
375 |
| Failover behavior for Fabric-Level TI zones |
376 |
| Creating a separate TI zone for each path |
376 |
| Creating a single TI zone for all paths |
377 |
| Setting up TI zones over FCR (sample procedure) |
378 |
| Virtual Fabrics considerations for Traffic Isolation Zoning |
381 |
| Traffic Isolation Zoning over FC routers with Virtual Fabrics |
383 |
| Troubleshooting TI zone routing problems |
385 |
| Traffic Isolation Zone violation handling for trunk ports |
386 |
| Optimizing Fabric Behavior |
387 |
| Adaptive Networking overview |
387 |
| Ingress Rate Limiting |
387 |
| Virtual Fabrics considerations |
388 |
| Limiting traffic from a particular device |
388 |
| Disabling Ingress Rate Limiting |
388 |
| QoS |
388 |
| License requirements for QoS |
389 |
| QoS on E_Ports |
389 |
| QoS over FC routers |
390 |
| vTap and QoS High Priority Zoning Compatibility mode |
391 |
| QoSH5 zones |
391 |
| Virtual Fabrics considerations for QoS zone-based traffic prioritization |
392 |
| Traffic prioritization based on QoS zones |
393 |
| Notes on QoS zoning |
395 |
| Setting QoS zone-based traffic prioritization |
395 |
| Setting QoS zone-based traffic prioritization over FC routers |
396 |
| Disabling QoS zone-based traffic prioritization |
397 |
| Supported configurations for QoS zone-based traffic prioritization |
397 |
| Limitations and restrictions for QoS zone-based traffic prioritization |
397 |
| CS_CTL-based frame prioritization |
398 |
| Supported configurations for CS_CTL-based frame prioritization |
398 |
| High availability considerations for CS_CTL-based frame prioritization |
399 |
| Enabling CS_CTL-based frame prioritization on ports |
399 |
| Disabling CS_CTL-based frame prioritization on ports |
399 |
| Using CS_CTL auto mode at the chassis level |
399 |
| Considerations for using CS_CTL-based frame prioritization |
400 |
| In-flight Encryption and Compression |
401 |
| In-flight encryption and compression overview |
401 |
| Supported ports for in-flight encryption and compression |
402 |
| In-flight encryption and compression restrictions |
403 |
| Bandwidth and port limits for in-flight encryption and compression |
403 |
| Port speed on encryption- or compression-enabled ports |
404 |
| How in-flight encryption and compression are enabled |
404 |
| Authentication and key generation for encryption and compression |
405 |
| Availability considerations for encryption and compression |
406 |
| Virtual Fabrics considerations for encryption and compression |
406 |
| In-flight compression on long-distance ports |
407 |
| Compression ratios for compression-enabled ports |
407 |
| Configuring in-flight encryption and compression on an EX_Port |
407 |
| Configuring in-flight encryption and compression on an E_Port |
408 |
| Viewing the encryption and compression configuration |
409 |
| Configuring and enabling authentication for in-flight encryption |
409 |
| Enabling in-flight encryption |
412 |
| Enabling in-flight compression |
412 |
| Disabling in-flight encryption |
413 |
| Disabling in-flight compression |
414 |
| Diagnostic Port |
415 |
| Supported platforms for D_Port |
415 |
| Licensing requirements for D_Port |
416 |
| Understanding D_Port |
416 |
| D_Port configuration modes and testing |
417 |
| General limitations and considerations for D_Port tests |
419 |
| Access Gateway limitations and considerations for D_Ports |
420 |
| High Availability limitations and considerations for D_Ports |
420 |
| 8-Gbps LWL and ELWL SFP transceiver limitations for D_Ports |
421 |
| Topology 1: ISLs |
421 |
| Topology 2: ICLs |
422 |
| Topology 3: Access Gateways |
422 |
| Saving port mappings on an Access Gateway |
424 |
| Topology 4: HBA to switch |
424 |
| Using D_Port in static-static mode between switches |
425 |
| Enabling D_Port in static mode |
425 |
| Disabling D_Port in static mode |
427 |
| Disabling D_Port globally |
427 |
| Using D_Port in dynamic mode |
427 |
| Preprovisioning D_Ports |
427 |
| Using D_Port between switches and HBAs |
429 |
| Enabling D_Port in static mode between a switch and an HBA |
429 |
| Using non-Brocade HBAs for D_Port testing |
429 |
| Enabling D_Port testing with an Emulex HBA |
429 |
| Enabling D_Port testing with a QLogic HBA |
430 |
| BCU D_Port commands |
430 |
| Host Bus Adapter limitations and considerations for D_Ports |
431 |
| Confirming SFP and link status with an HBA |
432 |
| Using D_Port in on-demand mode |
433 |
| Using D_Port show commands |
433 |
| NPIV |
437 |
| NPIV overview |
437 |
| Upgrade considerations |
438 |
| Fixed addressing mode |
438 |
| 10-bit addressing mode |
438 |
| Configuring NPIV |
438 |
| Enabling and disabling NPIV |
439 |
| Base device logout |
440 |
| Difference in the device logout behaviors |
440 |
| Enabling base device logout |
441 |
| Use cases and dependencies |
441 |
| Viewing base device logout setting |
442 |
| Viewing NPIV port configuration information |
443 |
| Viewing virtual PID login information |
444 |
| Fabric-Assigned PWWN |
445 |
| Fabric-Assigned PWWN overview |
445 |
| User- and auto-assigned FA-PWWN behavior |
446 |
| Configuring an FA-PWWN for an HBA connected to an Access Gateway |
447 |
| Configuring an FA-PWWN for an HBA connected to an edge switch |
447 |
| Supported switches and configurations for FA-PWWN |
448 |
| Configuration upload and download considerations for FA-PWWN |
449 |
| Security considerations for FA-PWWN |
449 |
| Restrictions of FA-PWWN |
449 |
| Access Gateway N_Port failover with FA-PWWN |
450 |
| Inter-chassis Links |
451 |
| Inter-chassis links |
451 |
| License requirements for ICLs |
451 |
| Using the QSFPs that support 2 km on ICL ports |
452 |
| ICLs between DCX 8510 Backbones |
452 |
| ICL trunking between Brocade DCX 8510 Backbones |
454 |
| ICLs between X6 Directors |
455 |
| ICL trunking between Brocade X6 Directors |
458 |
| ICLs between DCX 8510 Backbones and X6 Directors |
459 |
| ICL trunking between DCX 8510 Backbones and X6 Directors |
461 |
| Virtual Fabrics considerations for ICLs |
462 |
| Supported topologies for ICL connections |
463 |
| Mesh topology |
463 |
| Core-edge topology |
465 |
| Managing Trunking Connections |
467 |
| Trunking overview |
467 |
| Types of trunking |
467 |
| Masterless trunking |
468 |
| License requirements for trunking |
468 |
| Port groups for trunking |
468 |
| Supported platforms for trunking |
469 |
| Supported configurations for trunking |
469 |
| High Availability support for trunking |
469 |
| Requirements for trunk groups |
469 |
| Recommendations for trunk groups |
470 |
| Configuring trunk groups |
471 |
| Enabling trunking |
471 |
| Disabling trunking |
471 |
| Displaying trunking information |
472 |
| ISL trunking over long-distance fabrics |
473 |
| EX_Port trunking |
474 |
| Masterless EX_Port trunking |
474 |
| Supported configurations and platforms for EX_Port trunking |
474 |
| Backward compatibility support |
475 |
| Configuring EX_Port trunking |
475 |
| Displaying EX_Port trunking information |
475 |
| F_Port trunking |
475 |
| F_Port trunking for Access Gateway |
476 |
| Requirements for F_Port trunking on an Access Gateway |
477 |
| Configuring F_Port trunking for an Access Gateway |
477 |
| F_Port trunking for Brocade adapters |
478 |
| Configuring F_Port trunking for a Brocade adapter |
478 |
| F_Port trunking considerations |
479 |
| PWWN formats for F_Port trunk ports |
480 |
| F_Port trunking in Virtual Fabrics |
480 |
| Displaying F_Port trunking information |
481 |
| Disabling F_Port trunking |
481 |
| Enabling the DCC policy on a trunk area |
482 |
| Managing Long-Distance Fabrics |
483 |
| Long-distance fabrics overview |
483 |
| Extended Fabrics device limitations |
483 |
| Long-distance link modes |
484 |
| Configuring an extended ISL |
484 |
| Enabling long distance when connecting to TDM devices |
486 |
| Forward error correction on long-distance links |
486 |
| Enabling FEC on a long-distance link |
486 |
| Disabling FEC on a long-distance link |
486 |
| Using FC-FC Routing to Connect Fabrics |
489 |
| FC-FC routing overview |
489 |
| License requirements for FC-FC routing |
489 |
| Supported platforms for FC-FC routing |
490 |
| Supported configurations for FC-FC routing |
491 |
| Network OS connectivity limitations |
491 |
| Fibre Channel routing concepts |
491 |
| Proxy devices |
496 |
| FC-FC routing topologies |
497 |
| Phantom domains |
497 |
| Identifying and deleting stale xlate domains |
501 |
| Domain ID range for front and translate phantom domains |
501 |
| FC router authentication |
502 |
| Setting up FC-FC routing |
503 |
| Verifying the setup for FC-FC routing |
503 |
| Backbone fabric IDs |
504 |
| Assigning backbone fabric IDs |
505 |
| Assigning alias names to fabric IDs |
505 |
| FCIP tunnel configuration |
506 |
| Inter-fabric link configuration |
506 |
| Configuring an IFL for both edge and backbone connections |
506 |
| Configuring EX_Ports on an ICL |
510 |
| FC router port cost configuration |
511 |
| Port cost considerations |
512 |
| Setting router port cost for an EX_Port |
512 |
| Shortest IFL cost configuration |
513 |
| Configuring shortest IFL cost |
517 |
| EX_Port frame trunking configuration |
518 |
| LSAN zone configuration |
519 |
| Zone definition and naming |
519 |
| LSAN zones and fabric-to-fabric communications |
519 |
| Controlling device communication with the LSAN |
520 |
| Configuring interconnectivity between backbone and edge fabrics |
522 |
| Setting the maximum LSAN count |
522 |
| HA and downgrade considerations for LSAN zones |
523 |
| LSAN zone policies using LSAN tagging |
523 |
| Enforce tag |
523 |
| How the Enforce tag works |
524 |
| Speed tag |
525 |
| Rules for LSAN tagging |
526 |
| Configuring an Enforce LSAN tag |
527 |
| Configuring a Speed LSAN tag |
527 |
| Removing an LSAN tag |
527 |
| Displaying the LSAN tag configuration |
528 |
| LSAN zone binding |
528 |
| LSAN zone binding considerations |
530 |
| How LSAN zone binding works |
530 |
| FC router matrix definition |
531 |
| LSAN fabric matrix definition |
531 |
| Setting up LSAN zone binding |
531 |
| Viewing the LSAN zone binding matrixes |
532 |
| Location embedded LSAN zones |
532 |
| Creating location embedded LSAN zones |
533 |
| Migrating LSAN zones to location embedded LSAN zones in the edge fabric |
535 |
| Limitations of location embedded LSAN zones |
535 |
| Peer LSAN zone support |
536 |
| Proxy PID configuration |
536 |
| Fabric parameter considerations |
537 |
| Inter-fabric broadcast frames |
537 |
| Displaying the current broadcast configuration |
537 |
| Enabling broadcast frame forwarding |
537 |
| Disabling broadcast frame forwarding |
538 |
| Resource monitoring |
538 |
| FC-FC routing and Virtual Fabrics |
539 |
| Logical switch configuration for FC routing |
540 |
| Backbone-to-edge routing with Virtual Fabrics |
541 |
| Upgrade and downgrade considerations for FC-FC routing |
542 |
| How replacing port blades affects EX_Port configuration |
542 |
| Displaying the range of output ports connected to xlate domains |
543 |
| Port Indexing |
545 |
| Switch and blade sensors |
547 |
| Brocade switch sensors |
547 |
| Brocade blade temperature sensors |
547 |
| System temperature monitoring |
548 |
| Hexadecimal Conversion |
549 |
| Hexadecimal overview |
549 |
| Example conversion of the hexadecimal triplet Ox616000 |
549 |
1
167
168
169
170
171
172
173
174
175
176
177
