Home » Dell Manuals » Hubs & Switches » Dell Brocade G620 » Manual Viewer

Dell Brocade G620 Brocade 8.0.1 Fabric OS Troubleshooting and Diagnostics Guid - Page 64

Device authentication, Protocol and certificate management, Password recovery options continued

Add to My Manuals
Save this manual to your list of manuals

Page 64 highlights

Security TABLE 11 Password recovery options (continued) Topic If a user has only the root password, what is the password recovery mechanism? How to recover boot PROM password? How to recover a user, or admin password? Solution Use the passwd command to set other passwords. Use the passwdDefault command to set all passwords to default. Contact your switch service provider and provide the recovery string. Refer to Passwords on page 63 for more information on recovering these passwords. Symptom Probable cause and recommended action Device authentication Symptom Probable cause and recommended action User is unable to modify switch settings. The most common error when managing user accounts is not setting up Role-Based Access Control (RBAC). Errors such as a user not being able to run a command or modify switch settings are usually related to what role the user has been assigned. Switch is unable to authenticate device. When the device authentication policy is set to ON, the switch expects a FLOGI with the FC-SP bit set. If this bit is not set, the switch rejects the FLOGI with reason LS_LOGICAL_ERROR (0x03), in the switch log with the explanation of "Authentication Required"(0x48), and disables the port. Set the device authentication policy mode on the switch to ON. Symptom Probable cause and recommended action Switch is unable to form an F_Port. Regardless of the device authentication policy mode on the switch, the F_Port is disabled if the DH-CHAP protocol fails to authenticate. If the HBA sets the FC-SP bit during FLOGI and the switch sends a FLOGI accept with FC-SP bit set, then the switch expects the HBA to start the AUTH_NEGOTIATE. From this point on until the AUTH_NEGOTIATE is completed, all ELS and CT frames, except the AUTH_NEGOTIATE ELS frame, are blocked by the switch. During this time, the Fibre Channel driver rejects all other ELS frames. The F_Port does not form until the AUTH_NEGOTIATE is completed. It is the HBA's responsibility to send an Authentication Negotiation ELS frame after receiving the FLOGI accept frame with the FC-SP bit set. Protocol and certificate management This section provides information and procedures for troubleshooting standard Fabric OS security features such as protocol and certificate management. Symptom Probable cause and recommended action Troubleshooting certificates. If you receive messages in the browser or in a pop-up window when logging in to the target switch using HTTPS, refer to Table 12 for recommended actions you can take to correct the problem Brocade Fabric OS Troubleshooting and Diagnostics Guide 64 53-1004126-01

Section	Page
Brocade Fabric OS Troubleshooting and Diagnostics Guide	1
Preface	7
Document conventions	7
Text formatting conventions	7
Command syntax conventions	7
Notes, cautions, and warnings	8
Brocade resources	8
Contacting Brocade Technical Support	8
Brocade customers	8
Brocade OEM customers	9
Document feedback	9
About This Document	11
Supported hardware and software	11
Brocade Gen 5 (16-Gbps) fixed-port switches	11
Brocade Gen 5 (16-Gbps) DCX 8510 Directors	11
Brocade Gen 6 fixed-port switches	11
Brocade Gen 6 Directors	12
What's new in this document	12
Introduction	13
Troubleshooting overview	13
Network Time Protocol	13
Most common problem areas	13
Questions for common symptoms	14
Gathering information for your switch support provider	17
Setting up your switch for FTP	17
Using the supportSave command	17
Changing the supportSave timeout value	18
Capturing output from a console	18
Capturing command output	19
Building a case for your switch support provider	19
Basic information	19
Detailed problem information	20
Gathering additional information	21
General Troubleshooting	23
Licenses	23
Time	23
Frame Viewer	23
Switch message logs	24
Switch boot	25
Rolling Reboot Detection	25
Reboot classification	25
Restrictions	26
Collecting limited supportSave output on the Rolling Reboot Detection	27
FC-FC routing connectivity	27
Generating and routing an ECHO	27
Superping	29
Restrictions	31
Routing and statistical information	32
Performance issues	33
Connectivity	35
Port initialization and FCP auto-discovery process	35
Link issues	36
Connection problems	37
Checking the physical connection	37
Checking the logical connection	37
Checking the Name Server	38
Link failures	39
Determining a successful speed negotiation	39
Checking for a loop initialization failure	40
Checking for a point-to-point initialization failure	40
Correcting a port that has come up in the wrong mode	41
Marginal links	41
Troubleshooting a marginal link	42
Device login issues on Fabric switch	43
Pinpointing problems with device logins	44
Device login issues on Access Gateway	45
Media-related issues	46
Testing the external transmit and receive path of a port	46
Testing the internal components of a switch	46
Testing components to and from the HBA	47
Segmented fabrics	47
Reconciling fabric parameters individually	48
Downloading a correct configuration	48
Reconciling a domain ID conflict	48
Reconciling incompatible software features	50
Configuration	51
Configuration upload and download issues	51
Gathering additional information	53
Messages captured in the logs	54
Brocade configuration form	54
Firmware Download Errors	55
Blade troubleshooting tips	55
Firmware download issues	56
Troubleshooting with the firmwareDownload command	58
Gathering additional information	59
USB error handling	59
Considerations for downgrading firmware	59
Preinstallation messages	60
Blade types	61
Firmware versions	61
Platform	62
Routing	62
Security	63
Passwords	63
Password recovery options	63
Device authentication	64
Protocol and certificate management	64
Gathering additional information	65
SNMP	65
Gathering additional information	66
FIPS	66
Virtual Fabrics	67
General Virtual Fabrics troubleshooting	67
Fabric identification issues	68
Logical Fabric issues	68
Base switch issues	68
Logical switch issues	69
Switch configuration blade compatibility	71
Gathering additional information	71
ISL Trunking	73
Link issues	73
Buffer credit issues	74
Getting out of buffer-limited mode	74
Zoning	75
Overview of corrective action	75
Verifying a fabric merge problem	75
Verifying a TI zone problem	75
Segmented fabrics	76
Zone conflicts	77
Resolving zoning conflicts	78
Correcting a fabric merge problem quickly	78
Changing the default zone access	79
Editing zone configuration members	79
Reordering the zone member list	79
Checking for Fibre Channel connectivity problems	80
Checking for zoning problems	81
Gathering additional information	81
Diagnostic Features	83
Fabric OS diagnostics	83
Diagnostic information	83
Power-on self-test	84
Disabling POST	85
Enabling POST	85
Switch status	85
Viewing the overall status of the switch	86
Displaying switch information	86
Displaying the uptime for a switch	87
Using the spinFab and portTest commands	88
Debugging spinFab errors	88
Link errors	89
Tx/Rx errors	89
Clearing the error counters	90
Enabling a port	90
Disabling a port	90
Port information	90
Viewing the status of a port	90
Displaying the port statistics	91
Displaying a summary of port errors for a switch	92
Equipment status	93
Checking the temperature, fan, and power supply	93
Checking the status of the fans	94
Checking the status of a power supply	94
Checking temperature status	94
System message log	95
Displaying the system message log with no page breaks	95
Displaying the system message log one message at a time	95
Clearing the system message log	96
Port log	96
Viewing the port log	96
Syslogd configuration	97
Configuring the host	97
Configuring the switch	98
Specifying syslogd hosts	98
Setting the facility level	98
Removing a syslogd host from the list	99
Automatic trace dump transfers	99
Specifying a remote server	99
Enabling the automatic transfer of trace dumps	99
Setting up periodic checking of the remote server	99
Saving comprehensive diagnostic files to the server	100
Multiple trace dump files support	100
Auto FTP support	100
Trace dump support	101
Switch Type and Blade ID	103
Hexadecimal Conversion	105
Hexadecimal overview	105
Example conversion of the hexadecimal triplet Ox616000	105

Match case Limit results 1 per page

TABLE 11

Password recovery options (continued)

Topic

Solution

If a user has only the root password, what is the password recovery

mechanism?

Use the

passwd

command to set other passwords.

Use the

passwdDefault

command to set all passwords to default.

How to recover boot PROM password?

Contact your switch service provider and provide the recovery string.

How to recover a user, or admin password?

Refer to

Passwords

on page 63 for more information on recovering these

passwords.

Symptom

User is unable to modify switch settings.

Probable cause and recommended action

The most common error when managing user accounts is not setting up

Role-Based Access Control (RBAC).

Errors such as a user not being able to run a command or modify switch

settings are usually related to what role the user has been assigned.

Device authentication

Symptom

Switch is unable to authenticate device.

Probable cause and recommended action

When the device authentication policy is set to ON, the switch expects a

FLOGI with the FC-SP bit set. If this bit is not set, the switch rejects the

FLOGI with reason LS_LOGICAL_ERROR (0x03), in the switch log with

the explanation of "Authentication Required"(0x48), and disables the port.

Set the device authentication policy mode on the switch to ON.

Symptom

Switch is unable to form an F_Port.

Probable cause and recommended action

Regardless of the device authentication policy mode on the switch, the

F_Port is disabled if the DH-CHAP protocol fails to authenticate. If the

HBA sets the FC-SP bit during FLOGI and the switch sends a FLOGI

accept with FC-SP bit set, then the switch expects the HBA to start the

AUTH_NEGOTIATE. From this point on until the AUTH_NEGOTIATE is

completed, all ELS and CT frames, except the AUTH_NEGOTIATE ELS

frame, are blocked by the switch. During this time, the Fibre Channel

driver rejects all other ELS frames. The F_Port does not form until the

AUTH_NEGOTIATE is completed. It is the HBA's responsibility to send

an Authentication Negotiation ELS frame after receiving the FLOGI

accept frame with the FC-SP bit set.

Protocol and certificate management

This section provides information and procedures for troubleshooting standard Fabric OS security features such as protocol and

certificate management.

Symptom

Troubleshooting certificates.

Probable cause and recommended action

If you receive messages in the browser or in a pop-up window when

logging in to the target switch using HTTPS, refer to

Table 12

for

recommended actions you can take to correct the problem

Security

Brocade Fabric OS Troubleshooting and Diagnostics Guide

53-1004126-01