Dell Brocade M5424 Brocade 7.1.0 Fabric OS Administrator's Guide
Dell Brocade M5424 Manual
View all Dell Brocade M5424 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Brocade M5424 manual content summary:
- Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 1
53-1002745-02 ® 25 March 2013 Fabric OS Administrator's Guide Supporting Fabric OS 7.1.0 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 2
trademarks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 3
Guide 53-1002745-02 Standard Features Understanding Fibre Channel Services 43 Performing Basic Configuration Tasks 55 Performing Advanced Configuration Tasks 79 Routing Traffic 111 Managing User Accounts 133 Configuring Protocols 177 Configuring Security Policies 195 Maintaining the Switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 4
Appendix A Appendix B Appendix C Port Indexing 611 FIPS Support 615 Hexadecimal Conversion 627 4 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 5
33 Supported hardware and software 34 What's new in this document 35 Document conventions 36 Notice to the reader 37 Additional information 38 Getting technical help 38 Document feedback 40 Section I Standard Features Chapter 1 Understanding Fibre Channel Services Fibre Channel services - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 6
help on a command 58 Viewing a history of command line entries 59 Password modification 61 Default account passwords 61 The switch Ethernet interface 62 Virtual Fabrics and the Ethernet interface 63 Displaying the network interface settings 63 Static Ethernet addresses 64 DHCP activation - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 7
Guide 53-1002745-02 Performing Advanced Configuration Tasks Port Identifiers (PIDs) and PID binding overview 79 Core PID addressing mode 80 Fixed addressing mode 80 10-bit addressing mode 80 256-area addressing mode 81 WWN-based PID assignment 82 Ports 84 Port Types 84 Backbone port blades - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 8
. .108 Configuring an audit log for specific event classes 108 Duplicate PWWN handling during device login 109 Setting the behavior for handling duplicate PWWNs 110 Routing Traffic Routing overview 111 Paths and route selection 112 FSPF 112 Fibre Channel NAT 113 Inter-switch links 114 Buffer - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 9
6 Fabric OS Administrator's Guide 53-1002745-02 Local database user accounts 137 Default accounts 138 Local account passwords 139 Local user account database distribution 140 Distributing the local user database 140 Accepting distributed user databases on the local switch . . .140 Rejecting - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 10
and applications used by switches 192 Port configuration 193 Configuring Security Policies ACL policies FCS policy 201 Modifying the order of FCS switches 201 FCS policy distribution 202 Device Connection Control for DH-CHAP 213 FCAP configuration overview 215 Fabric-wide distribution - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 11
-to-end transport tunnel mode 238 Maintaining the Switch Configuration File Configuration settings 241 Configuration file format 242 Configuration file backup 244 Uploading a configuration file in interactive mode 245 Configuration file restoration 246 Restrictions 246 Configuration download - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 12
255 Upgrading and downgrading firmware 257 Considerations for FICON CUP environments 257 HA sync state 257 Preparing for a firmware download 258 Obtaining and decompressing firmware 259 Connected switches 259 Finding the switch firmware version 259 Firmware download on switches 260 Switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 13
on a logical switch 295 Displaying logical switch configuration 296 Changing the fabric ID of a logical switch 296 Changing a logical switch to a base switch 297 Setting up IP addresses for a Virtual Fabric 298 Removing an IP address for a Virtual Fabric 298 Configuring a logical switch to use - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 14
320 Viewing a zone in the defined configuration 322 Validating a zone 323 Default zoning mode 326 Setting the default zoning mode 326 Viewing the current default zone access mode 327 Zone database size 327 Zone configurations 328 Creating a zone configuration 328 Adding zones (members) to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 15
on Brocade 5300 switches 379 Back-end credit loss detection and recovery support on Brocade 6520 switches 379 Enabling back-end credit loss detection and recovery . . . . . .380 Enabling bottleneck detection on a switch 380 Displaying bottleneck detection configuration details 381 Setting - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 16
412 NPIV NPIV overview 419 Upgrade considerations 420 Fixed addressing mode 420 10-bit addressing mode 420 Configuring NPIV 421 Enabling and disabling NPIV 422 Viewing NPIV port configuration information 423 Viewing virtual PID login information 424 16 Fabric OS Administrator's Guide 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 17
an FA-PWWN for an HBA connected to an Access Gateway 427 Configuring an FA-PWWN for an HBA connected to an edge switch 428 Supported switches and configurations for FA-PWWN 429 Configuration upload and download considerations for FA-PWWN430 Firmware upgrade and downgrade considerations for FA - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 18
458 Admin Domains and LSAN zones 459 Configuration upload and download in an AD context . . . . . .460 Licensed Features Administering Licensing Licensing overview 463 Brocade 7800 Upgrade license 470 ICL licensing 471 ICL 1st POD license 471 ICL 2nd POD license 471 ICL 8-link license 472 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 19
Monitoring 500 Access Gateway considerations for Advanced Performance Monitoring 501 End-to-end performance monitoring 501 Maximum number of EE monitors 501 Supported port configurations for EE monitors 502 Adding EE monitors 502 Setting a mask for an EE monitor 503 Deleting EE monitors - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 20
for QoS zone-based traffic prioritization 528 Supported configurations for QoS zone-based traffic prioritization 529 Limitations and restrictions for QoS zone-based traffic prioritization 529 Setting QoS zone-based traffic prioritization 530 Setting QoS zone-based traffic prioritization over - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 21
23 Managing Trunking Connections Trunking overview 533 Types of trunking 534 Masterless trunking 534 License requirements for trunking 535 Port groups for trunking 535 Supported configurations for trunking 535 High Availability support for trunking 536 Supported platforms for trunking - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 22
FC-FC Routing to Connect Fabrics FC-FC routing overview 569 License requirements for FC-FC routing 570 Supported platforms for FC-FC routing 570 Supported configurations for FC-FC routing 571 Network OS connectivity limitations 571 Fibre Channel routing concepts 572 Proxy devices 575 FC-FC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 23
606 Logical switch configuration for FC routing 607 Backbone-to-edge routing with Virtual Fabrics 608 Upgrade and downgrade considerations for FC-FC routing . . . . . .609 How replacing port blades affects EX_Port configuration. . . .609 Displaying the range of output ports connected to xlate - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 24
24 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 25
the swap 99 Blade swap with Virtual Fabrics after the swap 100 Principal ISLs 112 New switch added to existing fabric 114 Virtual channels on a QoS-enabled ISL 116 Gateway link merging SANs 117 Single host and target 130 Windows 2000 VSA configuration 154 Example of a Brocade DCT file 161 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 26
two user-defined Admin Domains, AD1 and AD2 452 AD0 with three zones 452 Minimum configuration for 64 Gbps ICLs 492 DCX-4S allowed ICL connections 494 ICL triangular topology with Brocade DCX 8510-8 chassis 495 Full nine-mesh topology 496 64 Gbps ICL core-edge topology 497 Setting end-to-end - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 27
topology 578 Example of setting up Speed LSAN tag 596 LSAN zone binding 599 EX_Ports in a base switch 607 Logical representation of EX_Ports in a base switch 608 Backbone-to-edge routing across base switch using FC router in legacy mode 609 Fabric OS Administrator's Guide 27 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 28
28 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 29
fields 73 Core and CP blade terminology and platform support 93 Port blade terminology, numbering, and platform support 94 Blade compatibility within Brocade Backbone families 96 Duplicate PWWN behavior: First login takes precedence over second login . . 109 Duplicate PWWN behavior: Second - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 30
457 Configuration upload and download scenarios in an AD context 460 Available Brocade licenses 464 License requirements and location name by feature 467 Base to Upgrade license comparison 470 List of available ports when implementing PODs 484 Number of logical switches that support performance - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 31
CS_CTL auto mode . . 521 Trunking over long-distance for the Backbones and blades 541 F_Port masterless trunking considerations 546 PWWN format for F_Port and N_Port trunk ports 548 Fibre Channel data frames 558 Total FC ports, ports per port group, and unreserved buffer credits per port group - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 32
32 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 33
document is organized The document is divided into two sections; the first, "Standard Features," contains the following topics: • Chapter 1, "Understanding Fibre Channel Services," provides information on the Fibre Channel services on Brocade switches. • Chapter 2, "Performing Basic Configuration - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 34
for use of the Brocade Extended Fabrics licensed feature. • Chapter 24, "Using FC-FC Routing to Connect Fabrics," provides information for setting up and using the FC-FC Routing Service. • The appendices provide special procedures or information for Fabric OS. Supported hardware and software In - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 35
type into account when determining which login to use. • Added section "Supported LDAP options" on page 151. • In "RADIUS configuration with Admin Domains or Virtual Fabrics" on page 155, added ChassisRole to the list of accepted keys. • In "Installing a switch certificate" on page 185, added an - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 36
or CLI Provides emphasis Identifies variables Identifies paths and Internet addresses Identifies document titles code text Identifies CLI output Identifies command syntax examples For readability, command names in the narrative portions of this guide are presented in mixed lettercase: for example - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 37
are used in this manual. They are listed to hardware, firmware, software, Fibre Channel, see the Brocade Glossary. For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary Notice to the reader This document - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 38
register at no cost for a user ID and password. For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through: http://www.amazon.com For additional Brocade documentation, visit the Brocade SAN Info Center and click the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 39
Error numbers and messages received • supportSave command output • Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps already performed and the results • Serial console and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 40
document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade .com Provide the title and version number of the document and as much detail - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 41
Chapter 1, "Understanding Fibre Channel Services" •Chapter 2, "Performing Basic Configuration Tasks" •Chapter 3, "Performing Advanced Configuration Tasks" •Chapter 4, "Routing Traffic" •Chapter 5, "Managing User Accounts" •Chapter 6, "Configuring Protocols" •Chapter 7, "Configuring Security Policies - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 42
42 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 43
•High availability of daemon processes 53 Fibre Channel services overview Fibre Channel services define service functions that reside at well-know addresses, as illustrated in Figure 1. A well-known address is a reserved three-byte address for each service. Services are provided to either nodes or - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 44
to a well-known address, a different protocol service, Fibre Channel Common Transport (FC-CT), is used. This protocol provides a simple, consistent format and behavior when a service provider is accessed for registration and query purposes. Management server The Brocade Fabric OS management server - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 45
is enabled, the msplMgmtActivate command can be issued only from the primary FCS switch. The execution of the msplMgmtActivate command is subject to Admin Domain restrictions that may be in place. Use the following procedure to enable platform services: 1. Connect to the switch and log in using an - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 46
are supported within a logical switch. Displaying the management server ACL Use the following procedure to display the management server ACL: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the msConfigure command. The command becomes interactive - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 47
Delete member based on its Port/Node WWN select : (0..3) [1] 0 done ... Update the FLASH? (yes, y, no, n): [yes] y *Successfully saved the MS the ACL: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the msConfigure command. The command becomes interactive. - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 48
correctly, enter 0 at the "select" prompt to end the session. 7. At the "Update the FLASH?" prompt, enter y. 8. Press Enter to update the nonvolatile memory and end the session. Example of deleting a member from the management server ACL switch:admin> msconfigure 0 Done 1 Display the access list - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 49
all command. Example of enabling discovery switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress.... Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 50
Enable Operation Complete!! Disabling topology discovery Use the following procedure to disable topology discovery: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the appropriate following command based on how you want to disable discovery: • For the local - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 51
and host devices are powered on and connected, the following logins occur: 1. FLOGI-Fabric Login command establishes a 24-bit address for the device logging in, and establishes buffer-to-buffer credits and the class of service supported. 2. PLOGI-Port Login command logs the device into the name - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 52
84 for a discussion of available port types. The Fibre Channel protocol (FCP) auto discovery process enables private storage devices that accept the process login (PRLI) to communicate in a fabric. If device probing is enabled, the embedded port performs a PLOGI and attempts a PRLI into the device - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 53
to Fibre Channel standards, the Port World Wide Name (PWWN) of a device cannot overlap with that of another device, thus having duplicate PWWNs within the same fabric is an illegal configuration. If a PWWN conflict occurs with two devices attached to the same domain, Fabric OS handles device login - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 54
automatically restarted (Continued) Description webd Webserver daemon used for WebTools (includes httpd as well). weblinkerd Weblinker daemon provides an HTTP interface to manageability applications for switch management and fabric discovery. 54 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 55
•Basic connections 78 Fabric OS overview This chapter describes how to configure your Brocade SAN using the Fabric OS command line interface (CLI). Before you can configure a storage area network (SAN), you must power up the Backbone platform or switch and blades, and then set the IP addresses of - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 56
Brocade products describe how to power up devices and set their IP addresses. After the IP address is set, you can use the CLI procedures contained in this guide. For additional information about the commands used in the procedures, refer to the Fabric OS Command Reference. Fabric OS command line - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 57
. When the switch comes up, the Telnet quota is cleared. (For instructions on performing a fast boot with Web Tools, see the Web Tools Administrator's Guide.) - If you have the required privileges, you can connect through the serial port, log in as admin, and use the killTelnet command to identify - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 58
connection using the IP address of the switch to which you want to connect. The login prompt is displayed when the Telnet connection finds the switch in the network. 5. Enter the account ID at the login prompt. 6. Enter the password. If you have not changed the system passwords from the default - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 59
last 512 commands from all users on a FIFO basis, and this log is persistent across reboots and firmware downloads. This command is also supported for standby CPs. The log records the following information whenever a command ins entered in the switch CLI: • Timestamp • Username • IP address of the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 60
> Using the "--showuser " argument displays the command line history of the named user. This argument is available only to Root, Admin, Factory and Securityadmin RBAC roles. Example cliHistory command output showing username switch:root> clihistory --showuser admin CLI history Date - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 61
back in. The default accounts on the switch are admin, user, root, and factory. Use the "admin" account to log in to the switch for the first time and to perform the basic configuration tasks. The password for all of these accounts is "password". There is only one set of default accounts for the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 62
) or static IP addresses for the Ethernet network interface configuration. Brocade Backbones On Brocade Backbones, you must set IP addresses for the following components: • Both Control Processors (CP0 and CP1) • Chassis management IP Brocade switches On Brocade switches, you must set the Ethernet - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 63
to display the network interface settings: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ipAddrShow command. ipAddrShow Example output for a Brocade Backbone ecp:admin> ipaddrshow SWITCH Ethernet IP Address: 10.1.2.3 Ethernet Subnetmask: 255.255 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 64
page 66. If you choose not to use DHCP or to specify an IP address for your switch Ethernet interface, you can do so by entering "none" or "0.0.0.0" in the Ethernet IP address field. On an application blade, configure the two external Ethernet interfaces to two different subnets. If two subnets are - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 65
static addresses: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Perform the appropriate action based on whether you have a switch or Backbone: • If you are setting the IP address for a switch, enter the ipAddrSet command. • If you are setting the IP address for - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 66
by DHCP; for instructions on setting the FC IP address, see "Static Ethernet addresses" on page 64. Use the following procedure to enable DHCP for IPv4: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ipAddrSet command. ipaddrset NOTE Alternatively - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 67
.0]: Fibre Channel IP Address [220.220.220.2]: Fibre Channel Subnetmask [255.255.0.0]: Gateway IP Address [10.1.2.1]: DHCP [Off]:on switch:admin> Example of enabling DHCP for IPv4 using a single command: switch:admin> ipaddrset -ipv4 -add -dhcp ON switch:admin> ipaddrshow SWITCH Ethernet IP Address - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 68
is independent of whether any static IPv6 addresses have been configured. Setting IPv6 autoconfiguration Use the following procedure to enable IPv6 autoconfiguration: 1. Connect to the switch and log in using an account with admin permissions. 2. Take the appropriate following action based - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 69
are used for logging, error detection, and troubleshooting, you must set them correctly. In a Virtual Fabric, there can be a maximum of eight logical switches per Backbone. Only the default switch in the chassis can update the hardware clock. When the date command is issued from a non-principal pre - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 70
a switch updates the local time zone setup and is reflected in local time calculations. • By default, all switches are set to Greenwich Mean Time (0,0). If all switches in a fabric are in one time zone, it is possible for you to keep the time zone setup at the default setting. • System services that - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 71
, tsClockServer sets the first obtainable address as the active NTP server. The rest are stored as backup servers that can take over if the active NTP server fails. The principal or primary FCS switch synchronizes its time with the NTP server every 64 seconds. Fabric OS Administrator's Guide 71 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 72
to synchronize the local time with an external source: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the tsClockServer command. switch:admin> tsclockserver "ntp1;ntp2" In this syntax, ntp1 is the IP address or DNS name of the first NTP server, which the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 73
WWN. Enet IP Addr The switch Ethernet IP address for IPv4- and IPv6-configured switches. For IPv6 switches, only the static IP address displays. FC IP Addr The switch Fibre Channel IP address. Name The switch symbolic or user-created name in quotes. Fabric OS Administrator's Guide 73 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 74
the domain ID Use the following procedure to set the domain ID: 1. Connect to the switch and log in on an account assigned to the admin role. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the Fabric Parameters prompt. Fabric parameters - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 75
of the firmware can co-exist in the fabric, but do not show the fabric name details. • You must have admin permissions to configure the fabric name. Configuring the fabric name To set and display the fabric name, use the fabricName command as shown here: switch:user> fabricname --set myfabric - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 76
switchEnable command. All Fibre Channel ports that passed Power On Self Test (POST) are enabled. If the switch has inter-switch links (ISLs) to a fabric, it joins the fabric. Switch and Backbone shutdown To avoid corrupting your file system, you must perform graceful shutdowns of Brocade switches - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 77
2 Powering off a Brocade switch Use the following procedure to gracefully shut down a Brocade switch. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the sysShutdown command. 3. Enter y at the prompt. switch:admin> sysshutdown This command will shutdown the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 78
the fabric login before powering on the next one. For devices that cannot be powered off, first use the portDisable command to disable the port on the switch, connect the device, and then use the portEnable command to enable the port. Switch connection See the hardware reference manual of your - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 79
and control switch changes 104 •Audit log configuration 107 •Duplicate PWWN handling during device login 109 Port Identifiers (PIDs) and PID binding overview Port identifiers (PIDs, also called Fabric Addresses) are used by the routing and zoning services in Fibre Channel fabrics to identify - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 80
. NOTE The default switch in the Brocade Backbones uses the fixed addressing mode. The 10-bit addressing mode utilizes the 8-bit area ID and the borrowed upper two bits from the AL_PA portion of the PID. Areas 0x00 through 0x8F use only 8 bits for the port address and support up to 256 NPIV devices - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 81
on the default switch. • 48-port cards are supported in port-based addressing mode (mode 2) on both DCX-4S and 8510-4 devices. However, the upper 16 ports of a 64-port card are not supported.The Brocade DCX does not support port-based addressing (mode 2) on the FC8-48 blade, but does support zero - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 82
Fabrics considerations for WWN-based PID assignment WWN-based PID assignment is disabled by default and is supported in the default switch on the Brocade DCX and DCX 8510 Backbone families. This feature is not supported on application blades such as the FS8-18, FX8-24, and the FCOE10-24. The total - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 83
PID assignment: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the configure command. 3. At the Fabric assignments switch: admin> configure Configure... Fabric parameters (yes, y, no, n): [no] y WWN Based persistent PID (yes, y, no, n): [no] y System services ( - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 84
is configured to duplicate (mirror) the traffic passing between a specified source port and destination port. This is only supported for pairs of F_Ports. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for more information on port mirroring. • U_Port - A universal Fibre Channel port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 85
, and interswitch connections. • AP blades are used for Fibre Channel Application Services and Routing Services, FCIP, Converged Enhanced Ethernet, and encryption support. NOTE On each port blade, a particular port must be represented by both slot number and port number. The Brocade DCX and DCX - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 86
delay in content delivery. Setting port names Perform the following steps to specify a port name. For Backbones, specify the slot number where the blade is installed. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the portName command. Example of naming port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 87
If you perform a port swap operation, the port number and area ID no longer match. On 48-port blades, port swapping is supported only on ports 0-15. To determine the area ID of a particular port, enter the switchShow command. This command displays all ports on the current (logical) switch and their - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 88
any time an 8G device logs in. Upgrades from prior releases which supported only modes 0 and 1 will not change the existing setting, but switches reset to factory defaults with Fabric OS v6.3.1 or later will be configured to Mode 0 by default. The default setting on new units may vary by vendor - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 89
. To ensure the port remains enabled, use the portCfgPersistentEnable command as shown in the following instructions. CAUTION The fabric will be reconfigured if the port you are enabling or disabling is connected to another switch. The switch with a port that has been disabled will be segmented - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 90
a port: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the appropriate command based on the switch and the remote switch on the other end of the E_Port must both be running Fabric OS 7.0.0 or later. • Port decommissioning is not supported on links configured - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 91
for details. Use the following procedure to set the mode of a port: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the ifModeSet command. Example of setting the port mode to full autonegotiate The following example sets the mode for eth3 to autonegotiate, and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 92
speed: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchCfgSpeed command. Example of setting the switch speed The following example sets the speed for all ports on the switch to 8 Gbps: switch:admin> switchcfgspeed 8 Committing configuration...done. The - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 93
switch. Use the following procedure to set the port speed for a port octet: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the portCfgOctetSpeedCombo command. Example The following example configures the ports in the first octet for combination 3 (support - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 94
10G license. Ports are numbered from 0 through 23 from bottom to top on the left set of ports and 24 through 47 from bottom to top on the right set of ports. 68 Yes Yes 16 FC Brocade Encryption blade that provides high performance 32-port 2 GbE auto-sensing 8-Gbps Fibre Channel connectivity - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 95
Firmware". Core blades Core blades provide intra-chassis switching and ICL connectivity, between DCX/DCX-4S platforms and between DCX 8510 platforms. • Brocade DCX supports two CORE8 core blades. • Brocade DCX-4S supports two CR4S-8 core blades. • Brocade DCX 8510-8 supports two CR16-8 core blades - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 96
with the FCOE10-24 blade. Enabling and disabling blades Port blades are enabled by default. In some cases, you will need to disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the port blade to be disabled - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 97
following procedure to enable a blade: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bladeEnable command with the slot number of the port blade you want to enable. ecp:admin> bladeenable 3 Slot 3 is being enabled FC8-48, FC8-48E, FC8-64, and FC16-48 port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 98
the compatibility between the blades selected for the swap operation: • Blade technology. Both blades must be of compatible technology types (for example, Fibre Channel to Fibre Channel, Ethernet to Ethernet, application to application, and so on). • Port count. Both blades must support the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 99
swap ports action is effectively an iteration of the portSwap command for each port on the source blade to each corresponding port on the destination blade. In Figure 4 shows Virtual Fabrics, where the blades can be carved up into different logical switches as long as they are carved the same way - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 100
ports are set back to their original configurations. 3. Once the command completes successfully, move the cables from the source blade to the destination blade. 4. Enter the bladeEnable command on the destination blade to enable all user ports. Enabling and disabling switches Switches are enabled - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 101
the status of the switch to 'disabled'. Example of using switchCfgPersistentDisable command output from admin login switch:admin> switchCfgPersistentDisable --setdisablestate Switch's persistent state set to 'disabled' Switch persistent disable set Using switchCfgPersistentDisable --help Using the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 102
Use the following procedure to power off a port blade: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the slotPowerOff command with the slot number of the port blade you want to power off. ecp:admin> slotpoweroff 3 Slot 3 is being powered off Powering on a port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 103
11 SW BLADE 55 FC8-32 ENABLED 12 AP BLADE 24 FS8-18 ENABLED Verifying fabric connectivity Use the following procedure to verify fabric connectivity: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the fabricShow command. This command displays a summary - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 104
and storage are connected. 3. Optional: Enter the nsShow command to verify devices, hosts, and storage have successfully registered with the name server. 4. Enter the nsAllShow command to display the 24-bit Fibre Channel addresses of all devices in the fabric. switch:admin> nsallshow { 010e00 012fe8 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 105
control switch changes 3 switch:admin> trackchangesset 1 Committing configuration...done. 3. View the log using the commands errDump |more to display a page at a time or errShow to view one line at a time. 2008/10/10-08:13:36, [TRCK-1001], 5, FID 128, INFO, ras007, Successful login by user admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 106
policy threshold values Use the following procedure to set the switch status policy threshold values: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchStatusPolicySet command. The current switch status policy parameter values are displayed. You are - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 107
NOTE On the Brocade Backbones, the command output includes parameters related to CP blades. Audit log configuration When managing SANs switch, particularly for security-related event changes. These events include login failures, zone configuration changes, firmware downloads, and other configuration - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 108
is enabled, enter the syslogdIpAdd command to add the IP address of the host machine so that it can receive the audit events. You can use IPv4, IPv6, or DNS names for the syslogdIpAdd command. 3. Ensure the network is configured with a network connection between the switch and the remote host - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 109
device login 3 4. Enter the auditCfg --show command to view the filter configuration and confirm that the correct event classes are being audited, and the correct filter state appears (enabled or disabled). switch:admin> auditcfg --show Audit filter is enabled. 2-SECURITY 4-FIRMWARE 5. Issue - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 110
to set the behavior for handling duplicate PWWNs: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the F_Port login parameters prompt. F-Port login parameters - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 111
is based on hop count. This is the number of switches that a frame passes through to get from the source switch to the destination switch. • Link state is based on a metric value based on a cost. The cost could be based on bandwidth, line speed, or round-trip time. With the link-state protocol - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 112
ISL from each switch is used as the principal ISL. Figure 5 shows the thick red lines as principal ISLs, and thin green lines as regular ISLs. FIGURE 5 Principal ISLs NOTE FSPF only supports 16 routes in a zone, including Traffic Isolation Zones. 112 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 113
domain ID of the destination address is the same as the switch (intra-switch communications), the frame buffer is copied to the destination port and a credit R_RDY message is sent to the host. The switch only needs to read word zero and word one of the Fibre Channel frame to perform what is known as - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 114
on the login process, refer to Chapter 1, "Understanding Fibre Channel Services". FIGURE 6 New switch added to existing fabric You can expand your fabric by connecting new switches to existing switches. Figure 6 shows a new switch being added into an existing fabric. The thick red line is the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 115
an end-to-end flow control is used on the switch. Flow control in Fibre Channel uses buffer-to-buffer credits, which are distributed by the switch. When traffic. This example is illustrated in Figure 7. Quality of Service (QoS) is a licensed traffic shaping feature available in Fabric OS. QoS allows - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 116
4 Inter-switch links FIGURE 7 Virtual channels on a QoS-enabled ISL 116 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 117
gateway" on page 118. • The switches connected to both sides of the gateway are included when determining switch-count maximums. • Extended links (those created using the Extended Fabrics licensed feature) are not supported through gateway links. Fabric OS Administrator's Guide 117 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 118
4 Routing policies Configuring a link through a gateway 1. Connect to the switch at one end of the gateway and log in using an account assigned to the admin role. 2. Enter the portCfgIISLMode command. 3. Repeat steps 1 and 2 for any additional ports that are connected to the gateway. 4. Repeat this - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 119
DID. When an FC router is in exchange-based routing mode, the backbone traffic is load-balanced based on SID, DID, and OXID. Whatever routing policy a switch is using applies to the VE_Ports as well. For more information on VE_Ports, refer to the Fibre Channel over IP Administrator's Guide. Exchange - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 120
(DPS). DPS assigns communication paths between end devices in a fabric to egress ports in devices on the overall switch performance. It is recommended that the default AP Shared Link policy Setting either AP route policy is a disruptive process. Routing in Virtual Fabrics Virtual Fabrics support - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 121
The AP route policy can only be set in the base switches that are using Virtual Fabrics. Use the following procedure to set the AP route policy: 1. Connect to the base switch and log in as admin. 2. Enter the switchDisable command to disable the switch. 3. Take the appropriate following action based - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 122
perform step 3, so you are done with this procedure. 3. Enter the dlsSet command to enable DLS or enter the dlsReset command to disable it. Example of setting and resetting DLS switch:admin> dlsshow DLS is not set switch:admin> dlsset switch:admin> dlsshow DLS is set switch:admin> dlsreset switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 123
are delivered to the target out of order, regardless of the policy configured on other switches in the fabric. NOTE Some devices do not tolerate out-of-order Connect to the switch and log in using an account with admin permissions. 2. Enter the iodReset command. Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 124
the frameLog command. Use the following procedure to view frames. 1. Connect to the switch and log in using an account with admin permissions. supported, this specifies that only timeout discards be shown Filtering Results by Back-End Port in Frame Viewer The Frame Viewer --show command supports - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 125
family and supported blades • Brocade FC16-32 and FC16-48 port blades • Brocade FC8-32E and FC8-48E port blades • Brocade FX8-24 application blades in the Brocade DCX and DCX-4S Backbones On the Brocade 7800 switch and the FX8-24 application blade, Lossless DLS is supported only on FC-to-FC port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 126
core works with the default configuration of the Brocade DCX 8510-8 and DCX 8510-4 hardware to prevent frame loss during a core blade removal and insertion. This feature is on by default and cannot be disabled. Lossless core has the following limitations: • Only supported with IOD disabled, which - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 127
, or vice versa, experiences I/O disruption because the FA4-18 blades do not support this feature. Configuring Lossless Dynamic Load Sharing You configure Lossless DLS switch- or chassis-wide by using the dlsSet command to specify that no frames are dropped while rebalancing or rerouting traffic - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 128
of this feature: • FEC is configurable only on 16 Gbps-capable switches (Brocade 6505, 6510, 6520, and the Brocade DCX 8510 Backbone family). • FEC is supported only on 1860 and 1867 Fabric Adapter ports operating in HBA mode connected to 16 Gbps Brocade switches running Fabric OS 7.1 and later - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 129
the configuration, enter the following commands. switch:admin> portcfgfec --enable 1 switch:admin> portcfgfec --show 1 Port: 1 FEC Capable: YES FEC Configured: current FEC settings Use portCfgFec --show to display the current FEC configuration. Fabric OS Administrator's Guide 129 53-1002745 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 130
to all other Fabric OS switches in the fabric that support Frame Redirection. Redirection zones exist only in the defined configuration and cannot be added to the effective configuration. NOTE Fabric OS v7.1.0 is not supported on the Brocade 7600 or Brocade SAS blade. However, this hardware can run - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 131
Viewing frame redirect zones Use the following procedure to view frame redirect zones: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command. Fabric OS Administrator's Guide 131 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 132
4 Frame Redirection 132 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 133
•Local user account database distribution 140 •Password policies 141 •The boot PROM password 145 •Remote authentication 149 User accounts overview In addition to the default permissions assigned to the roles of root, factory, admin, and user, Fabric OS supports up to 252 additional user accounts - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 134
assigned. For each role, a set of predefined permissions determines the jobs and tasks that can be performed on a fabric and its associated fabric elements. Fabric OS uses RBAC to determine which commands a user is allowed to access. When you log in to a switch, your user account is associated with - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 135
--show -a to show all users on a switch. M Modify The user can run commands by using options that create, change, and delete objects on the system, such as running userConfig --change username -r rolename to change a user's role. OM Observe and The user can run commands by using both observe - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 136
User accounts overview The management channel The management channel is the communication established between the management workstation and the switch. Table 14 shows the number of simultaneous login the Fabric OS default roles, any other user-defined role, or any existing user account name. The - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 137
: an admin with ADlist 0-10 or LFlist 1-10 cannot perform operations on an admin, user, or any role with ADlist 11-25 or LFlist 11-128. The user account being addition to the default administrative and user accounts, Fabric OS supports up to 252 user-defined accounts in each switch (domain). These - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 138
-switch user database. The password for all default accounts should be changed during the initial installation and configuration of each switch. TABLE 15 Default local user accounts Account name Role Admin Domain Logical Fabric Description admin factory root user Admin AD0-255 home: 0 Factory - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 139
password. • You cannot change passwords by using SNMP. Changing the password for the current login account 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the passwd command. 3. Enter the requested information at the prompts. Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 140
is enabled and there are logical switches defined other than the default logical switch, then distributing the password database to switches is not supported. Distributing the password database to switches is not allowed if there are users associated with user defined roles in either the sending - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 141
local switch 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the fddCfg --localreject PWD command. Password policies The password policies described in this section apply to the local-switch user database only. Configured password policies (and all user account - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 142
used passwords. The password history policy is not enforced when an administrator sets a password for another user; instead, the user's password history is preserved and the password set by the administrator is recorded in the user's password history. 142 Fabric OS Administrator's Guide 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 143
3 The following example configures a password expiration policy for all users. > passwdcfg --set -minpasswordage 5 -maxpasswordage 30 -warning 5 Account lockout policy The account lockout policy disables a user account when that user exceeds a specified number of failed login attempts, and is - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 144
the number of times a user can attempt to log in using an incorrect password before the account is locked. The number of failed login attempts is counted from the last successful login. LockoutThreshold values range from 0 through 999, and the default value is 0. Setting the value to 0 disables - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 145
6505, 6510, 6520, 7800, 8000, and 8510 switches, as well as the Brocade Encryption Switch and VA-40FC. If your switch is not listed, please contact your switch support provider for instructions. 1. Connect to the serial port interface as described in "Connecting to Fabric OS through the serial port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 146
the switch by typing the reset command at the prompt. Setting the boot PROM password for a Backbone with a recovery string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 Backbones. The boot PROM and recovery passwords must be set for each CP blade. 1. Connect to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 147
for the new standby CP blade (each CP blade has a separate boot PROM password). 11. Connect to the active CP blade over a serial or Telnet connection and enter the haEnable command to restore high availability. Although you can set the boot PROM password without also setting the recovery string, it - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 148
. 8. Reboot the switch by entering the reset command. Setting the boot PROM password for a Backbone without a recovery string This procedure applies to the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 Backbones. On the Brocade DCX Backbone, set the password on the standby CP blade, fail over - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 149
CP blade. 14. Connect to the active CP blade over a serial or Telnet connection and enter the haEnable command to restore high availability. NOTE To recover lost passwords refer to the Fabric OS Troubleshooting and Diagnostics Guide. Remote authentication Fabric OS supports user authentication - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 150
server. By default, the LDAP service does not require certificates. The configuration applies to all switches. On a Backbone, the configuration replicates itself on a standby CP blade if one is present. It is saved in a configuration upload and applied in a configuration download. Brocade recommends - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 151
"ldap" Default setting. Authenticates management Off On connections against the local database only. If the password does not match or the user is not defined, the login fails. Authenticates management connections On Off against any RADIUS databases only. If the RADIUS service is not - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 152
supported not supported Prevents users from being logged out when n/a n/a you change authentication. Default behavior is to log users out when you change authentication. 1. Fabric OS v5.1.0 and earlier aaaConfig --switchdb setting. Setting the switch authentication mode 1. Connect - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 153
the assigned switch role in a Brocade Vendor-Specific Attribute (VSA). If the response does not have a VSA permissions assignment, the user role is assigned. If no Administrative Domain is assigned, then the user is assigned to the default Admin Domain AD0. You can set a user password expiration - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 154
. For example, to grant the user jsmith admin permissions, you would add the following statement to the configuration file: swladmin Auth-Type := Local, User-Password == "myPassword" Brocade-Auth-Role = "admin", Brocade-AVPairs1 = "HomeLF=70", 154 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 155
Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128;ChassisRole=admin", Brocade-Passwd-ExpiryDate = "11/10/2011", Brocade-Passwd-WarnPeriod = "30" RADIUS configuration with Admin Domains or Virtual Fabrics When configuring users with Admin pair is accepted by the switch, and any additional HomeAD - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 156
user:22-25,29,31" Brocade-AVPairs3 = "ChassisRole=switchadmin" Setting up a RADIUS server NOTE To set up the RADIUS server, you must know the switch IP address, in either IPv4 or IPv6 notation, or the name to connect to switches. Use the ipAddrShow command to display a switch IP address. For Brocade - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 157
"johnPassword", Brocade-Auth-Role = "admin", Brocade-Passwd-ExpiryDate = "05/28/08", Brocade-Passwd-WarnPeriod = "30" Example of using the local system password to authenticate users The next example uses the local system password file to authenticate users. Fabric OS Administrator's Guide 157 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 158
Brocade switch to authenticate using password authentication protocol (PAP); this requires the -a pap option with the aaaConfig command. Enabling clients Clients are the switches that will use the RADIUS server; each client must be defined. By default, all IP addresses are blocked. The Brocade - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 159
IP address spoofing by unwanted clients. Keep your shared secret password in a safe place. You will need to enter this password in the switch configuration. After clicking Finish, add a new client for all switches on which RADIUS authentication will be used. b. In the Internet Authentication Service - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 160
Authentication Service window, add additional policies for all Brocade login types for which you want to use the RADIUS server. After this is done, you can configure the switch. NOTE Windows 2008 RADIUS (NPS) support is also available. RSA RADIUS server Traditional password-based authentication - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 161
=%s%] ATTRIBUTE Brocade-Auth-Role ATTRIBUTE Brocade-Passwd-ExpiryDate ATTRIBUTE Brocade-Passwd-WarnPeriod Brocade-VSA(1,string) r Brocade-VSA(6,string) r Brocade-VSA(7,integer) r brocade.dct -- Brocade Dictionary FIGURE 11 Example of a Brocade DCT file Fabric OS Administrator's Guide 161 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 162
LDAP in non-FIPS mode: • There is no password change through Active Directory. • There is no automatic migration of newly created users from the local switch database to Active Directory. This is a manual process explained later. • Only IPv4 is supported for LDAP on Windows 2000 and LDAP on Windows - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 163
in the AD server should not be set to the group corresponding to the switch role. You can choose any other group. • A user can be part of any Organizational Unit (OU). • Active Directory LDAP 2000, 2003, and 2008 are supported. When authentication is performed by User-Principal-Name, in Fabric OS - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 164
that the user has the following attributes: • Update the memberOf field with the login permissions (root, admin, switchAdmin, user, and so on) that the user must use to log in to the switch. or If you have a user-defined group, then use the ldapCfg --maprole ldap_role_name switch_role command to map - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 165
would be logged into by default is 10. If 10 is not available then the lowest FID available will be chosen. You would have permission to enter logical switch 128 and 10 in an admin role and you would also have the chassis role permission of admin. NOTE You can perform batch operations using the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 166
one of the default roles available on a switch. For more information on RBAC roles, see "Role-Based Access Control" on page 134. OpenLDAP server configuration overview For complete details about how to install and configure an OpenLDAP server, refer to the OpenLDAP user documentation at http://www - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 167
entries to the directory To add entries in the OpenLDAP directory, perform the following steps: 1. Using an editor of your choice, create objectClass: organizationalRole cn: Manager description: Directory Manager 2. Enter the ldapadd command to add the contents of the .ldif file to the Directory, - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 168
"admin," to create a group. 2. Set Users,dc=mybrocade,dc=com Assigning the LDAP role to a switch role Use the ldapCfg --maprole ldap_role_name switch_role command to map LDAP server permissions to one of the default roles available on a switch. Modifying an entry To modify a directory entry, perform - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 169
access. Use the brcdAdVfData attribute to map a role to a Virtual Fabric or Admin Domain. To perform this operation, you must modify the schema to include the definition of the brcdAdVfData attribute and the definition of a user class that can use this attribute. You can then add this attribute to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 170
115.121.1.26{256} ) objectclass ( 1.3.6.1.4.1.8412.110 NAME 'user' DESC 'Brocade switch specific person' SUP top AUXILIARY MAY ( brcdAdVfData $ description ) ) 2. Include the schema file in the slapd.conf file. The following example slapd.conf line assumes that local.schema contains the attribute - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 171
Access Servers (NAS) or clients. Once configured to use TACACS+, a Brocade switch becomes a Network Access Server (NAS). The following authentication protocols are supported by the TACACS+ server for user authentication: • Password Authentication Protocol (PAP) • Challenge Handshake Authentication - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 172
LINUX package v4.0.4 from Cisco. To install and configure this software, perform the following steps. 1. Download the TACACS+ software from http://www.cisco.com and install it. Refer to the Cisco documentation for installation instructions. 2. Configure the TACACS+ server by editing the tac_plus.cfg - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 173
pair is accepted by the switch. Additional HomeLF key-value pairs user = userVF { pap = clear "password" service = shell { set brcd-role = zoneAdmin set brcd-AV-Pair1 = "homeLF=30;LFRoleList=admin:1,3,4;securityAdmin:5,6" set brcd-AV-Pair2 = "chassisRole=admin" } } Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 174
TACACS+ servers. You must be logged in as admin or switchAdmin to configure the RADIUS service. NOTE On dual-CP Backbones (Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 devices), the switch sends its RADIUS, LDAP, or TACACS+ request using the IP address of the active CP. When adding clients, add - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 175
servers are contacted for service 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aaaConfig --move command. When the command succeeds, the event log indicates that a server configuration is changed. Fabric OS Administrator's Guide 175 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 176
authentication configuration 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aaaConfig --show command. If a configuration exists, its parameters are displayed. If the RADIUS, LDAP, or TACACS+ service is not configured, only the parameter heading line is - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 177
switch while the switch remains unauthenticated to you. This means that you can be sure with what you are communicating. The next level of security, in which both ends , using the Secure Shell (SSH) protocol. Configuration upload and download support the use of SCP. Simple Network Management Protocol - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 178
allow the remote computer to authenticate the user, if necessary. SSL Fabric OS uses Secure Socket Layer (SSL) to support HTTPS. A certificate must be generated and installed on each switch to enable SSL. Supports SSLv3, 128-bit encryption by default. Table 22 describes additional software or - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 179
yes at the Enforce secure configUpload/Download prompt. Example of setting up SCP for configUpload/download switch:admin# configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] n ssl - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 180
configDownload commands, or performing firmware download. Both password and public key authentication can coexist on the switch. Allowed-user For outgoing authentication, the default admin user must set up the allowed-user with admin permissions. By default, the admin is the configured allowed-user - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 181
6 Enter login name:auser Password: Public key is imported successfully. 4. Test the setup by logging in to the switch from a remote device, or by running a command remotely using SSH. Configuring outgoing SSH authentication After the allowed-user is configured, the remaining setup steps must - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 182
procedure to delete private keys from the switch. 1. Log in to the switch as the allowed-user. 2. Use the sshUtil delprivkey command to delete the private key. For more information on IP filter policies, refer to Chapter 7, "Configuring Security Policies". Secure Sockets Layer protocol Secure - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 183
, open the Java console and look at the first line of the window. For more details on levels of browser and Java support, refer to the Web Tools Administrator's Guide. SSL configuration overview You configure SSL access for a switch by obtaining, installing, and activating digital certificates - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 184
specified as an FQDN, make sure that the fully qualified domain name is set on the domain name switch/director. The IP address or FQDN is the switch where the certificate gets installed. 4. Enter the secCertUtil export command to store the CSR. 5. Enter the requested information. You can use either - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 185
note of the path name and make sure you have a login name and password on the server. Installing a switch certificate Use the following procedure to install a security certificate on a switch. NOTE You must perform this procedure on each switch. Fabric OS Administrator's Guide 185 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 186
Sockets Layer protocol 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the secCertUtil import command. 3. Select a protocol, enter the IP address of the host on which the switch certificate is saved, and enter your login name and password. Example of installing - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 187
and Java support" on page 182. This procedure is a guide for installing a root certificate to the Java plugin on the management workstation. If the root certificate is not already installed to the plugin, you should install it. For more detailed instructions, refer to the documentation that came - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 188
MIB elements using the Fabric OS command line interface (CLI), Web Tools, or Brocade Network Advisor. The SNMP access control list (ACL) provides a way for the administrator to restrict SNMP get, set, trap, and inform operations to certain hosts and IP addresses. This is used for enhanced management - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 189
accessible to users having the chassis-role permission. When a chassis table is queried, the context is set to chassis context, if the user has the chassis-role permission. The context is switched back to the original context after the operation is performed. Fabric OS Administrator's Guide 189 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 190
, loading instructions, and information about using the Brocade SNMP agent, refer to the Fabric OS MIB Reference. Telnet protocol Telnet is enabled by default. To prevent passing clear text passwords over the network when connecting to the switch, you can block the Telnet protocol using an IP filter - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 191
permit permit permit Name: default_ipv4, Type: ipv4, State: defined Rule Source IP Protocol Dest Port 1 any tcp 22 2 any tcp 23 3 any tcp Connect to the switch through a serial port or SSH and log in as admin. 2. Enter the ipfilter --delete command. Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 192
Ports and applications used by switches If you are using the FC-FC Routing Service, be aware that the secModeEnable command is not supported. Table 26 lists the defaults for accessing hosts, devices, switches, and zones. TABLE 26 Access defaults Access default Hosts Any host can access - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 193
Ports and applications used by switches 6 TABLE 26 Access defaults (Continued) Access default Devices Switch access Zoning All devices can access the management server. Any device can connect to any FC port in the fabric. Any switch can join the fabric. All switches in the fabric can be - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 194
6 Ports and applications used by switches 194 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 195
the configuration of the fabric. • Device connection control (DCC) policies - Used to restrict which Fibre Channel device ports can connect to which Fibre Channel switch ports. • Switch connection control (SCC) policy - Used to restrict which switches can join with a switch. NOTE Run all commands in - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 196
no other user-defined Admin Domains exist) and AD255 provide an unfiltered view of the fabric. Virtual Fabric considerations: ACL policies such as DCC, SCC, and FCS can be configured on each logical switch. The limit for security policy database size is set to 1Mb per logical switch. Policy members - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 197
policy set, policies created in the same login session also appear but these policies are automatically deleted if the you log out without saving them. 1. Connect to the switch and log in using an account with admin permissions, or an account with O permission for the Security RBAC class of commands - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 198
all ACL policy changes that have not yet been saved. 1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the Security RBAC class of commands. 2. Enter the secPolicyAbort command. 198 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 199
or non-FCS switch tries to perform these operations: Can only execute this command on the Primary FCS switch. Operations that do not affect the fabric configuration, such as show or local switch commands, are allowed on backup and non-FCS switches. FCS enforcement applies only for user-initiated - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 200
OS Command Reference, Supporting Fabric OS, v7.1.0. Ensuring fabric domains share policies Whether your intention is to create new FCS policies or manage your current FCS policies, you must follow certain steps to ensure the domains throughout your fabric have the same policy. The local-switch WWN - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 201
perform any fabric-wide configurations from the primary FCS. Modifying the order of FCS switches 1. Log in to the Primary FCS switch using an account with admin permissions, or an account with OM permissions for the Security RBAC class of commands 3 DEFINED POLICY SET FCS_POLICY Pos Primary - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 202
may be initiated from only the Primary FCS switch. FCS policy configuration and management is performed using the command line or a manageability interface. Only the Primary FCS switch is allowed to distribute the database. The FCS policy can be manually distributed across the fabric using the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 203
respond to port login from the switch and are not enforced by the DCC policy. This does not create a security problem because these HBAs cannot contact any device outside of their immediate loop. • DCC policies cannot manage or restrict iSCSI connections, that is, an FC Initiator connection from an - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 204
• deviceportWWN;switchname (port or area number) 1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the Security RBAC class of commands. 2. Enter the secPolicyCreate "DCC_POLICY_nnn" command. DCC_POLICY_nnn is the name of the DCC policy - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 205
the secPolicyDelete command. Example of deleting stale DCC policies switch:admin> secpolicydelete ALL_STALE_DCC_POLICY About to clear all STALE DCC policies ARE YOU SURE (yes, y, no, n): [no] y DCC policy behavior with Fabric-Assigned PWWNs A DCC policy check is always performed for the physical - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 206
SCC policy can be created. By default, any switch is allowed to join the fabric; the SCC policy does not exist until it is created. When connecting a Fibre Channel router to a fabric or switch that has an active SCC policy, the front domain of the Fibre Channel router must be included in the SCC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 207
"SCC_POLICY", "2;4" SCC_POLICY has been created switch:admin> secpolicysave Authentication policy for fabric elements By default, Fabric OS v6.2.0 and later use Diffie Hellman - Challenge Handshake Authentication Protocol) (DH-CHAP) or Fibre Channel Authentication Protocol (FCAP) for authentication - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 208
pair for any new connection. The switch authentication (AUTH) policy initiates switches brought online if the policy is set to activate authentication. The AUTH policy is distributed by command; automatic distribution of the AUTH policy is not supported. The default configuration directs the switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 209
class of commands. 2. Enter the authUtil command to set the switch policy mode. Example of configuring E_Port authentication The following example shows how to enable Virtual Fabrics and configure the E_Ports to perform authentication using the AUTH policies authUtil command. switch:admin> fosconfig - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 210
-CHAP protocol. NOTE Authentication is supported from Brocade fabric switches in native mode to Access Gateway switches and from Access Gateway switches to HBAs. For more information, refer to the Access Gateway Administrator's Guide, Supporting Fabric OS v7.1.0 By default the devicepolicy is in the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 211
SURE (yes, y, no, n): [no] y Device authentication is set to PASSIVE AUTH policy restrictions All fabric element authentication configurations are performed on a local switch basis. Device authentication policy supports devices that are connected to the switch in point-to-point manner and is visible - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 212
. 2. Enter the authUtil --set -a command specifying fcap, dhchap, or all. Example of setting the DH-CHAP authentication protocol switch:admin> authutil --set -a dhchap Authentication is set to dhchap. When using DH-CHAP, make sure that you configure the switches at both ends of a link. NOTE If - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 213
DH-CHAP When you configure the switches at both ends of a link to use DH-CHAP for authentication, you must also define a secret key pair-one for each end of the link. Use the secAuthSecret command to perform the following tasks: • View the WWN of switches with a secret key pair. • Set the secret key - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 214
:admin> secauthsecret --set This command is used to set up secret keys for the DH-CHAP authentication. The minimum length of a secret key is 8 characters and maximum 40 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 215
with Fabric OS release 7.0.0, you must configure the switch to use third-party certificates for authentication with the peer switch. To perform authentication with FCAP protocol with certificates issued from third party, the user has to perform following steps: 1. Choose a certificate authority (CA - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 216
PKI RBAC class of commands. 2. Enter the secCertUtil export -fcapswcsr command. switch:admin> seccertutil export -fcapswcsr Select protocol [ftp or scp]: scp Enter IP address: 10.1.2.3 Enter remote directory: /myHome/jdoe/OPENSSL Enter Login Name: jdoe [email protected]'s password: Success - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 217
policy The AUTH policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the AUTH policy, see "Distributing the local ACL policies" on page 227 for instructions. Local Switch configuration parameters are needed to control whether - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 218
, with the persistent state set to no. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the O permission for the IPfilter RBAC class of commands. 2. Enter the ipFilter --show command. Saving an IP Filter policy You can save - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 219
--save command. IP Filter policy rules An IP Filter policy consists of a set of rules. Each rule has an index number identifying the rule. There can be a maximum of 256 rules within an IP Filter policy. Each rule contains the following elements: • Source Address: A source IP address or a group - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 220
is supported to represent any IPv6 address. connections, while dynamic port numbers are used by clients. For an IP switch. A valid port number range is represented by a dash, for example 7-30. Alternatively, service names can also be used instead of port number. Table 37 lists the supported service - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 221
IP Filter policy 7 TABLE 37 Supported services (Continued) Service name Port number bootps 67 bootpc 68 tftp 69 http 80 kerberos 88 hostnames 101 sunrpc 111 sftp 115 ntp 123 snmp 161 snmp trap 162 https 443 ssmtp 465 exec 512 login 513 shell 514 uucp 540 biff - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 222
TABLE 38 Implicit IP Filter rules Source address Destination port Protocol Action Any 1024-65535 TCP Permit Any 1024-65535 UDP Permit Default policy rules A switch with Fabric OS v6.2.0 or later will have a default IP Filter policy for IPv4 and IPv6. The default IP Filter policy cannot - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 223
to the switch using an account with admin permissions, or an account associated with the chassis role and having the OM permissions for the IPfilter RBAC class of commands. 2. Enter the ipFilter --delrule command. Aborting an IP Filter transaction A transaction is associated with a command line or - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 224
transaction is aborted. The IPFilter policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the IPFilter policy, see "Distributing the local ACL policies" on page 227 for instructions. Switches with Fabric OS v6.2.0 or later have - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 225
distribute that database when a policy change is activated. If a fabric-wide consistency policy is not set, then the policies are managed on a per switch basis. For configuration instructions, see "Fabric-wide enforcement" on page 227. Virtual Fabric considerations: Fabric-wide consistency policies - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 226
IP Filter policy database Password database SCC policy database FCS IPFILTER PWD SCC Use the chassisDistribute command to distribute IP filter policies. To distribute other security policies, use the distribute command. Displaying the database distribution settings 1. Connect to the switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 227
the database changes. • The local distribution setting must be accepted. To be able to initiate the distribute command, set the local distribution to accept. Distributing the local ACL policies 1. Connect to the switch and log in using an account with admin permissions, or an account with OM - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 228
accept FCS - accept AUTH - accept IPFILTER - accept Fabric Wide Consistency Policy:- "" Setting the fabric-wide consistency policy 1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the FabricDistribution RBAC class of commands - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 229
fddCfg --fabwideset command on either this switch or the fabric to set a matching strict SCC, DCC, or FCS fabric-wide consistency policy. Use ACL policy commands to delete policies do not match, a warning displays and policy commands are disabled1. Fabric OS Administrator's Guide 229 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 230
SCC;DCC:S SCC:S;DCC SCC:S DCC:S Ports connecting switches are disabled. Table 45 has a matrix of merging fabrics with tolerant and absent policies. TABLE 45 Fabric merges with tolerant and absent combinations Fabric-wide consistency policy setting Expected behavior Fabric A Fabric B Tolerant - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 231
a Brocade switch or Backbone at each end, there may be routers, gateways, and firewalls in between the two ends. ATTENTION Enabling secure IP sec tunnels does not provide IP sec protection for traffic flows on the external management interfaces of intelligent blades in a chassis, nor does it support - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 232
the set of addresses behind it, and packets would be sent in tunnel mode where the inner IP header would contain the IP addresses of the actual endpoints. FIGURE 15 Gateway tunnel configuration Endpoint-to-gateway tunnel In this scenario, a protected endpoint (typically a portable computer) connects - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 233
configuration where a host IP sec protocols use a sliding window to assist in flow control, The IP service attack by replaying an old sequence of packets. IP IP addresses, secret keys, algorithms, and so on-is used by peers to encapsulate and decapsulate the IP sec packets An IP the IP sec - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 234
flows and specifies the actions or transformations performed on IP packets on each of the traffic flows. The main components of an IP sec policy are: IP packet filter and selector (IP address, protocol, and port information) and transform set. 234 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 235
by the algorithm selected. Linux IP sec-tools 0.7 provides tools for manual key entry (MKE) and automatic keyed connections. The LINUX setKey command can be used for manually keyed connections, which means that all parameters needed for the setup of the connection are provided by you. Based - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 236
prior to setting up your tunnels. 3. Enable IP sec. a. Connect to the switch and log in using an account with admin permissions, or an account associated with the chassis role and having OM permissions for the IP sec RBAC class of commands. b. Enter the IP secConfig --enable command to enable IP sec - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 237
. switch:admin> IP secconfig --add policy ips sa-proposal -t IP sec-AH -sa AH01 6. Import the pre-shared key file. Refer to Chapter 6, "Configuring Protocols" for information on how to set up pre-shared keys and certificates. 7. Configure the IKE policy using the IP secConfig --add command. Example - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 238
return character so you can continue the command on the next line without the return character being interpreted by the shell. 1. On the system console, log in to the switch as Admin. 2. Enable IP sec. a. Connect to the switch and log in using an account with admin permissions, or an account with OM - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 239
TRANSFORM01 10. Verify the IP sec SAs created with IKE using the IP secConfig --show manual-sa -a command. 11. Perform the equivalent steps on the remote peer to complete the IP sec configuration. Refer to your server administration guide for instructions. 12. Generate IP traffic and verify that it - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 240
the IP secConfig --flush manual-sa command with the specified operands to flush the created SAs in the kernel SADB. CAUTION Flushing SAs requires IP sec to be disabled and re-enabled. This operation is disruptive to traffic using the tunnel. Notes • As of Fabric OS 7.0.0, IP sec no longer supports - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 241
Troubleshooting and Diagnostics Guide. There are two ways to view configuration settings for a switch in a Brocade fabric: • Issue the configShow -all command. To display configuration settings, connect to the switch, log in as admin, and enter the configShow -all command. The configuration settings - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 242
1 15:53:18 2011 FOS version = v7.0.0.0 Number of LS = 2 [Chassis Configuration Begin] [fcRouting] [Chassis Configuration] [LicensesDB] [Bottleneck Configuration] [DMM_WWN] [Licenses] [Chassis Configuration End] date = Tue Mar 1 21:28:52 2011 [Switch Configuration Begin : 0] SwitchName = Sprint5100 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 243
-all command. The chassis section specifies characteristics for the following software components: • FC Routing - Fibre Channel Routing • Chassis configuration - Chassis configuration • FCOE_CH_CONF - FCoE chassis configuration • UDROLE_CONF - User-defined role configuration • LicensesDB - License - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 244
all logical switches and the chassis configuration. Only administrators with chassis permissions are allowed to upload other FIDs or the chassis configuration. The following information is not saved in a backup: • dnsConfig command information • Passwords 244 Fabric OS Administrator's Guide 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 245
the configUpload command while logged in to AD255. switch:AD5:admin> ad --select 5 switch:AD5:admin> configUpload Protocol (scp or ftp) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: /pub/configurations/config.txt Password: - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 246
command. -chassis -fid FID The number of switches defined in the downloaded configuration file must match the number of switches currently defined on the switch. The FID must be defined in both the downloaded configuration file and the current system. NOTE Brocade recommends you disable a switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 247
. Fabric OS features. IP address. Configuration state of the iSNS client operation. License keys installed with more detail than the license information from the configShow command. EX_Port configuration parameters. VEX_Port configuration parameters. Fabric OS Administrator's Guide 247 53-1002745 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 248
"Do you want to continue [y/n]" prompt, enter y. Wait for the configuration to be restored. 6. If you disabled the switch, enter the switchEnable command when the process is finished. NOTE Always perform a reboot after you download a configuration file. On dual-CP platforms, you must reboot both CPs - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 249
or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: /pub/configurations/config.txt *** CAUTION *** This command is used to download a backed-up configuration for a specific switch. If using a file from a different switch, this file's configuration settings - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 250
be changed by the configDownload command. Parameters such as the switch name and IP address (lines in the configuration file that begin with "boot") are ignored. Security parameters (lines in the configuration file that begin with "sec"), such as secure mode setting and version stamp, are ignored - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 251
[all]): Password: configUpload complete: All selected config parameters are uploaded Example of configUpload on a logical switch configuration DCX_80:FID128:admin> configupload -vf Protocol (scp, ftp, sftp, local) [ftp]: Server Name or IP Address [host]: 10.1.2.3 User Name [user]: anonymous - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 252
Server Name or IP Address [host]: 10.1.2.3 User Name [user]: UserFoo Path/Filename [/config.txt]: 5100_FID89.txt *** CAUTION *** This command is used to download the VF configuration to the switch. Afterwards, the switch will be automatically rebooted and the new VF settings will be used - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 253
In the hardware reference manuals for the Brocade DCX and DCX-4S Backbones, there is a guide for FC port-setting. TABLE 48 Brocade configuration and connection form Brocade configuration settings IP address Gateway address Chassis configuration option Management connections Serial cable tag Ethernet - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 254
8 Brocade configuration form 254 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 255
download process overview Fabric OS v7.1.0 provides nondisruptive firmware installation. This chapter refers to the following specific types of blades inserted into the Brocade DCX and DCX 8510 Backbone families: • FC blades or port blades that contain only Fibre Channel ports; the Brocade FC8 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 256
the secondary partition. ATTENTION The Brocade 8000 does not support a nondisruptive firmware download. The switch reboots once the firmware upgrade or downgrade is complete. In dual-CP systems, the firmware download process, by default, sequentially upgrades the firmware image on both CPs using HA - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 257
testing and restoring firmware, refer to "Testing and restoring firmware on Backbones" on page 270. Passwordless firmware download You can download firmware without a password using the sshutil command for public key authentication when SSH is selected. The switch must be configured to install the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 258
to find out if there are any updates related to the firmware download process. 2. Connect to the switch and log in using an account with admin permissions. Enter the firmwareShow command to verify the current version of Fabric OS. Brocade does not support upgrades from more than one previous release - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 259
for a firmware download 9 5. Connect to the switch and log in using an account with admin permissions. Enter the supportSave command to retrieve all current core files prior to executing the firmware download. This information helps to troubleshoot the firmware download process if a problem is - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 260
option. Switch firmware download process overview The following list describes the default behavior after you enter the firmwareDownload command (without options) on Brocade fixed-port switches: • The Fabric OS downloads the firmware to the secondary partition. • The system performs a high - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 261
several minutes, enter the firmwareShow command to verify the firmware level of both partitions is the same. Example of an interactive firmware download switch:root> firmwaredownload Server Name or IP Address: 10.31.2.25 User Name: releaseuser File Name: /home/SAN/fos/v7.1.0/v7.1.0 Network Protocol - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 262
sync, refer to the Fabric OS Troubleshooting and Diagnostics Guide. If the troubleshooting information fails to help resolve the issue, contact your switch service provider. During the upgrade process, the Backbone fails over to its standby CP blade and the IP address for the Backbone moves to that - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 263
Firmware download on a Backbone 9 Upgrading firmware on Backbones (including blades) There is only one chassis management IP address for the Brocade Backbones. NOTE By default, the firmwareDownload command automatically upgrades both the active and the standby CPs and all co-CPs on the CP blades - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 264
partition. If you have multiple AP blades, they are updated simultaneously; however, the downloads can occur at different rates. Autoleveling takes place in parallel with the firmware download being performed on the CPs, but does not impact performance. Fibre Channel traffic is not disrupted during - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 265
Enter the firmwareShow command to display the new firmware versions. Firmware download from a USB device The Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, 8000, and VA-40FC switches and the Brocade DCX, DCX-4S, or DCX 8510 Backbones support a firmware download from a Brocade branded USB device - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 266
:admin>firmwaredownload -U v7.1.0 Downloading from the USB device using the absolute path 1. Log in to the switch using an account assigned to the admin role. 2. Enter the firmwareDownload command with the -U operand. ecp:admin>firmwaredownload -U /usb/usbstorage/brocade/firmware/v7.1.0 FIPS support - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 267
images are not signed. Configuring a switch for signed firmware 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the configure command. 3. Respond to the prompts as follows: System Service Press Enter to select default setting; default is no. ssl attributes - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 268
command to view the current firmware. 6. Enter the firmwareDownload -s command to update the firmware, and respond to the prompts. Example of a firmware download to a single partition ecp:admin> firmwareDownload -s Type of Firmware (FOS, SAS, or any application) [FOS]: Server Name or IP Address - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 269
... The switch performs a reboot and comes up with the new firmware to be tested. Your current switch session automatically disconnects. ATTENTION Downloading firmware to a switch can be disruptive to switch traffic. 7. Connect to the switch, log in as admin, and enter the firmwareShow command to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 270
. As a standard practice, do not run mixed firmware levels on CPs. Testing different firmware versions on Backbones 1. Connect to the Brocade Backbone IP address. 2. Enter the ipAddrShow command and note the address of CP0 and CP1. 3. Enter the haShow command and note which CP is active and which CP - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 271
to step 10 to commit the firmware on both CPs, which completes the firmware download. 10. Perform a commit on the standby CP. From the current Backbone session on the standby CP, enter the firmwareCommit command to update the secondary partition with new firmware. It takes several minutes to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 272
the firmware download procedure. 12. Restore the firmware on the standby CP. In the current Backbone session for the standby CP, enter the firmwareRestore command. The standby CP reboots and the current Backbone session ends. Both partitions have the same Fabric OS after several minutes. 13. Perform - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 273
discrepancy, it is possible that a device or switch cannot connect to the fabric and further troubleshooting is necessary. firmwareShow Displays the current firmware level on the switch. For Brocade Backbones, this command displays the firmware loaded on both partitions (primary and secondary) for - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 274
9 Validating a firmware download 274 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 275
295 •Displaying logical switch configuration 296 •Changing the fabric ID of a logical switch 296 •Changing a logical switch to a base switch 297 •Setting up IP addresses for a Virtual Fabric 298 •Removing an IP address for a Virtual Fabric 298 •Configuring a logical switch to use XISLs 299 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 276
can create using the Virtual Fabrics suite of features. Logical switch overview Traditionally, each switch and all the ports in the switch act as a single Fibre Channel switch (FC switch) that participates in a single fabric. The logical switch feature allows you to divide a physical chassis into - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 277
FID 15 in the chassis. The default logical switch is initially assigned FID 128. You can change this value later. NOTE Each logical switch is assigned one and only one FID. The FID identifies the logical fabric to which the logical switch belongs. Fabric OS Administrator's Guide 277 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 278
P1 P3 P5 P7 P9 Logical switch 2 Logical switch 1 (Default logical switch) P0 P1 P7 P8 P2 Logical switch 2 P3 Logical switch 3 P4 P9 Logical switch 3 P5 Logical switch 4 P6 Logical switch 4 FIGURE 20 Assigning ports to logical switches 278 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 279
, you must configure them after you move them. Some types of ports cannot be moved from the default logical switch. Refer to "Supported platforms for Virtual Fabrics" on page 286 for detailed information about these ports. Logical switches and connected devices You can connect devices to logical - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 280
chassis Logical switch 1 P1 (Default logical switch) Fabric ID 128 H1 Logical switch 2 P2 Fabric ID 1 P3 D1 P4 Logical switch 3 Fabric ID 15 P5 D2 Logical switch 4 P6 ISL Fabric ID 8 Switch FIGURE 21 Logical switches connected to devices and non-Virtual Fabrics switch Figure 22 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 281
for each Virtual Fabric. For a management host to manage a logical switch using the Internet Protocol over Fibre Channel (IPFC) IP address, it must be physically connected to the Virtual Fabric using a host bus adapter (HBA). All user operations are classified into one of the following: • Chassis - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 282
Logical switch 5 (Default logical switch) Fabric ID 128 P2 Logical switch 6 P3 Fabric ID 1 P4 P5 P7 Logical switch 7 P6 Fabric ID 15 Logical switch 4 P6 Fabric ID 8 Switch P8 Logical switch 8 P9 Fabric ID 8 FIGURE 23 Logical switches connected to other logical switches through physical - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 283
• Base switches do not support direct device connectivity. A base switch can have only E_Ports, VE_Ports, EX_Ports, or VEX_Ports, but no F_Ports. • The base switch provides a common address space for communication between different logical fabrics. • A base switch can be configured for the preferred - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 284
XISL. FIGURE 26 Logical ISLs connecting logical switches To use the XISL, the logical switches must be configured to allow XISL use. By default, they are configured to do so; you can change this setting, however, using the procedure described in "Configuring a logical switch to use XISLs" on page - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 285
Figure 27, logical ISLs are formed to connect logical switches. A logical port represents the ports at each end of a logical ISL. A logical port is a software construct only and does not correspond to any physical port. Most port commands are not supported on logical ports. For example, you cannot - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 286
restrictions apply to the ports, depending on the port type and blade type. The following sections explain these restrictions. Supported port configurations in the fixed-port switches There are no restrictions on the ports in the Brocade 5100, 5300, 6510, 6520, and VA-40FC; however, the following - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 287
(F, E) No No FX8-24: FC ports GE ports Yes (F, E) Yes (VE) Yes (F, E,) Yes (VE) Yes (E, EX) Yes (VE, VEX) ICL ports Yes Yes Yes 1. In the Brocade DCX and DCX 8510-8, ports 56-63 of the FC8-64 blade are not supported as E_Ports on the default logical switch. The Brocade DCX-4S and DCX 8510 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 288
blade is available only on the default logical switch. FC-FC Routing Service All EX_Ports must reside in a base switch. You cannot attach EX_Ports to a logical switch that has XISL use enabled. You must use ISLs to connect the logical switches in an edge fabric. Refer to Chapter 24, "Using FC-FC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 289
to "Supported port configurations in Brocade Backbones" on page 287 for restrictions on the default logical switch. Restrictions on XISLs The Allow XISL Use option under the configure command, allows a logical switch to use XISLs in the base switch as well as any standard ISLs that are connected to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 290
it. switch:admin> fosconfig --show FC Routing service: iSCSI service: iSNS client service: Virtual Fabric: Ethernet Switch Service: disabled Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform switch:admin> fosconfig - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 291
enable Virtual Fabrics but before you create logical switches. The configuration settings are then preserved across reboots and firmware upgrades and downgrades. Use the following procedure to configure logical switches to use basic configuration values: 1. Connect to the physical chassis and log in - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 292
to be associated with the logical switch. Specify the -base option if the logical switch is to be a base switch. Specify the -force option to execute the command without any user prompts or confirmation. 3. Set the context to the new logical switch. setcontext fabricID (or switchname) The fabricID - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 293
. Logical Switch has been created with default configurations. Please configure the Logical Switch with appropriate switch and protocol settings before activating the Logical Switch. sw0:FID128:admin> setcontext 4 switch_4:FID4:admin> switchdisable switch_4:FID4:admin> configure Configure... Fabric - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 294
[FID: 4, Base Switch: No, Default Switch: No, Address Mode 0] Index Port Address Media Speed State Proto 22 22 0e1600 -- N8 No_Module FC Disabled 23 23 0e1700 -- N8 No_Module FC Disabled Example 2: Executing the fabricShow command on all logical switches sw0:FID128:admin> fosexec --fid all - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 295
are currently configured. If the -port option is omitted, all ports on the specified slot are assigned to the logical switch. NOTE On the Brocade DCX and DCX 8510-8, the lscfg command does not allow you to add ports 48- 63 of the FC8-64 blade to the base switch. These ports are not supported on the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 296
Use the following procedure to change the fabric ID of a logical switch: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the lsCfg command to change the fabric ID of a logical switch: lscfg --change fabricID -newfid newFID 3. Enter y at the prompt. 4. Enable the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 297
ON LS Attributes: [FID: 7, Base Switch: No, Default Switch: No, Address Mode 0] (output truncated) switch_25:FID7:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Fabric OS Administrator's Guide 297 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 298
IP addresses for a Virtual Fabric NOTE IPv6 is not supported when setting the IPFC interface for Virtual Fabrics. Use the following procedure to set up IP addresses for a Virtual Fabric: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the ipAddrSet -ls command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 299
restrictions on XISL use. Use the following procedure to configure a logical switch to use XISLs: 1. Connect to the physical chassis and log in using an account with the chassis-role permission. 2. Use the setContext command to set the context to the logical switch you want to manage, if you are not - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 300
XISLs: 1. Set up the base switches in each chassis: a. Connect to the physical chassis and log in using an account with the chassis-role permission. b. Enable the Virtual Fabrics feature, if it is not already enabled. See "Enabling Virtual Fabrics mode" on page 290 for instructions. Enabling Virtual - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 301
configured with the same fabric ID as the local switch and all non-Virtual Fabrics switches connected through ISLs to these logical switches. The switchShow command displays logical ports as E_Ports, with -1 for the slot and the user port number for the slot port. Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 302
10 Creating a logical fabric using XISLs 302 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 303
316 •Default zoning mode 326 •Zone database size 327 •Zone configurations 328 •Zone object maintenance 333 •Zone configuration management 336 connectivity between fabrics without merging the fabrics. See "LSAN zone configuration" on page 590 for more information. Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 304
use the switch with the highest Fabric OS level to perform zoning tasks. To list the commands associated with zoning, use the zoneHelp command. For detailed information on the zoning commands used in the procedures, see the Fabric OS Command Reference. 304 Fabric OS Administrator's Guide 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 305
affect the smallest possible number of devices, minimizing the impact of an incorrect zone change. This zoning philosophy is the preferred method. Fabric OS Administrator's Guide 305 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 306
no consequence. As long as the new device is connected to the original port, it continues to have the same access rights. The ports on the edge switches can be pre-associated to storage ports, and control , only the single port is in the zone. 306 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 307
that is connected on the switch at once, and you can quickly alternate between them. For example, you might want to have one configuration enabled during the business hours and another enabled overnight. However, only one zone configuration can be enabled at a time. Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 308
previously set up a default zone, as described in "Default zoning mode" on page 326). This does not mean that the zone database is deleted, however, only that there is no configuration active in the fabric. On power-up, the switch automatically reloads the saved configuration. If a configuration was - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 309
Connect to the switch and log in using an account with admin permissions. 2. Enter the portZoneShow command these reasons, you should perform zone changes only when problems. This is especially useful as fabrics increase in size. Confirming operation After changing or enabling a zone configuration - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 310
. • Zone using a Backbone rather than a switch. A Backbone has more resources to handle zoning changes and implementations. Broadcast zones Fibre Channel allows sending broadcast frames to all Nx_Ports if the frame is sent to a broadcast well-known address (FFFFFF); however, many target devices and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 311
controlled by the Admin Domain and zone AD2 broadcast zone. When a switch receives a broadcast packet it instructions. Broadcast zones and FC-FC routing If you create broadcast zones in a metaSAN consisting of multiple fabrics connected through an FC router, the broadcast zone must include the IP - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 312
, even if it is the only zone in the effective configuration, the default zone setting is not in effect. If the effective configuration has only a broadcast zone, then the configuration appears as a No Access configuration. To change this configuration to All Access, you must put all the available - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 313
an alias: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliAdd command, using the following syntax: aliadd "aliasname", "member[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 314
an alias: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliRemove command, using the following syntax: aliremove "aliasname", "member[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 315
, y, no, n): [no] y Viewing an alias in the defined configuration Use the following procedure to view an alias in the configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the aliShow command, using the following syntax alishow "pattern"[, mode] If no - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 316
zones Use the following procedure to display a list of existing zones: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command. Example Displaying existing zones switch:admin> cfgshow Defined configuration: zone: matt 30:06:00:07:1e:a2:10:20 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 317
NOTE This command supports partial pattern matching ("wildcards") of zone member aliases. This allows you to add multiple aliases that match the "aliasname_pattern" in the command line. 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 318
]" NOTE This command supports partial pattern matching ("wildcards") of zone member aliases. This allows you to remove multiple aliases that match the "aliasname_pattern" in the command line. 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 319
not support partial pattern matching ("wildcards") of zone member aliases. 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to nonvolatile memory. If a transaction is open on a different switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 320
a zone: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneDelete command, using the following syntax: zonedelete "zonename" 3. Enter the cfgSave command to save the change to the defined configuration. 320 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 321
it is recommended to commit the configurations using the 'cfgenable' command. Do you still want to proceed with saving the Defined zoning configuration only? (yes, y, no, n): [no] y switch:admin> switch:admin> cfgshow Defined configuration: zone: matt zeus; bond; jeff; 4,8 alias - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 322
configuration Use the following procedure to view a zone in the configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneShow command commands. The format of these commands configuration, alias or any other configuration) a zone configuration, then "+-" - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 323
1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command to view the zone configuration objects you want to validate. switch:admin> cfgShow Defined configuration: cfg :76:22; 21:00:00:20:37:0c:76:28 Fabric OS Administrator's Guide 323 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 324
names are case-sensitive; blank spaces are ignored. switch:admin> zone --validate "White_zone" 4. Enter the following command to validate all zones in the zone database in the defined configuration. switch:admin> zone --validate -m 1 Defined configuration: cfg: cfg1 zone1 cfg: cfg2 zone1; zone2 zone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 325
avoid inconsistency it is recommended to commit the configurations using the 'cfgenable' command. Do you want to proceed with saving the Defined zoning configuration only? (yes, y, no, n): [no] y Updating flash ... switch:admin> zoneShow Defined configuration: cfg: cfg1 zone1; zone2 zone: zone1 10 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 326
to the fabric. Use the following procedure to set the default zoning mode: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgActvShow command to view the current zone configuration. 3. Enter the defZone command with one of the following options: defzone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 327
no] y Updating flash ... Viewing the current default zone access mode Use the following procedure to view the current default zone access mode: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the defZone --show command. NOTE If you perform a firmware download of - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 328
configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgCreate command, using the following syntax: cfgcreate "cfgname", "member[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 329
zone configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgAdd command, using the following syntax: cfgadd "cfgname", "member[; member...]" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 330
number of requests to the switch. In this situation, set the default zoning mode to No Access prior to disabling the zone configuration. See "Default zoning mode" on page 326 for information about setting this mode to No Access. The following procedure ends and commits the current zoning transaction - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 331
delete a zone configuration: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgDelete command, using the following syntax: cfgdelete "cfgname" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 332
the configuration in the effective zone database: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgActvShow command. Example switch:admin> cfgactvshow Effective configuration: cfg 21:00:00:20:37:0c:71:df 332 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 333
all zone configurations: 1. Connect to the switch and log in using an account with admin permissions. 2. Use cfgClear to clear all zone information in the transaction buffer. ATTENTION Be careful using the cfgClear command because it deletes the defined configuration. switch:admin> cfgclear The - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 334
procedure to delete a zone object: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgShow command to view the zone configuration objects you want to delete. switch:admin> cfgShow Defined configuration: cfg: USA_cfg Purple_zone; White_zone; Blue_zone zone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 335
:0c:71:df 3. Use zoneObjectRename to rename zone configuration objects. NOTE Zone configuration names are case-sensitive, blank spaces are ignored, and the zoneObjectRename command works in any Admin Domain except AD255. switch:admin> zoneObjectRename "White_zone", "Purple_zone" 4. Enter the cfgShow - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 336
database" on page 332. If you are adding a switch that is already configured for zoning, clear the zone configuration on that switch before connecting it to the zoned fabric. See "Clearing all zone configurations" on page 333 for instructions. 336 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 337
of this database. When a change is made to the defined configuration, the switch where the changes were made must close its transaction for the change to be propagated throughout the fabric. If you have implemented default zoning you must set the switch you are adding into the fabric to the same - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 338
parameters can cause conflicts. See the Fabric OS Command Reference for detailed information about these commands. If the fabrics have different zone configuration data, the system attempts to merge the two sets of zone configuration data. If the zones cannot merge, the ISL will be segmented - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 339
59 on page 341: Default access mode • Table 60 on page 342: Mixed Fabric OS versions Zone merging scenarios: Defined and effective configurations Switch A Switch B Expected results Switch A has a defined configuration. Switch B does not have a defined configuration. defined: cfg1: zone1: ali1 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 340
Switch A Switch B Expected results Switch A and Switch B have different defined: cfg2 defined configurations. Switch B has an zone2: ali3; ali4 effective configuration. effective: none Switch A does not have a defined configuration. Switch B has a defined configuration 's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 341
scenarios: Default access mode Description Switch A Different default zone access mode settings. defzone: allaccess Same default zone access mode settings. Same default zone access mode settings. Effective zone configuration. Effective zone configuration. Effective zone configuration Effective - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 342
. NOTE When merging mixed versions of Fabric OS where both sides have default zone mode No Access set, the merge results vary depending on which switch initiates the merge. Concurrent zone transactions While working on zone sets, a special work space is provided to allow you to manipulate the zone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 343
configuration only? (yes, y, no, n): [no] n Viewing zone database transactions You can use the cfgTransShow command to list all the domains in the fabric with open transactions Syntax: cfgTransShow [ |--opentrans | --help] Sample output: switch:admin help : Help switch:admin> cfgtransshow --opentrans - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 344
11 Concurrent zone transactions 344 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 345
Zoning 361 •Traffic Isolation Zoning over FC routers with Virtual Fabrics 363 •Creating a TI zone 364 •Modifying TI zones 367 •Changing the state of a TI zone 368 •Deleting a TI zone 369 •Displaying TI zones 369 •Troubleshooting TI zone routing problems 370 •Setting up TI over FCR (sample - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 346
"1,8", "4,5", and "4,6" "1,1", "3,9", "3,12", and "4,7" The dotted line indicates the dedicated path between the initiator in Domain 1 to the target the zone command to create and manage TI zones. Refer to the Fabric OS Command Reference for details about the zone command. TI Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 347
considerations: • This feature is intended for use in simple linear fabric configurations, such as that shown in Figure 31 on page 346. • the path between devices in a TI zone is broken, no inter-switch RSCNs are generated. Each switch that is part of the TI zone generates RSCNs to locally attached - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 348
• It is recommended that the insistent Domain ID feature be enabled; if a switch changes its active domain ID, the route is broken. See the configure command in the Fabric OS Command Reference for information about setting insistent Domain ID. 348 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 349
path, even though the E_Ports are not in the TI zone. If failover is disabled, the TI zone traffic stops until the dedicated path is configured to be the shortest path. Fabric OS Administrator's Guide 349 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 350
For information about setting or displaying the FSPF cost of a path, see the linkCost and topologyShow commands in the Fabric OS Command Reference. Enhanced See the FICON Administrator's Guide for example topologies using enhanced TI zones. See "Additional configuration rules for enhanced TI zones - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 351
configuration. You can also display a report of existing and potential problems with TI zone configurations, as described in "Troubleshooting TI zone routing problems" on page 370. Illegal ETIZ configuration (2,1), (2,2), (1,4), (1,3), (3,7), (3,8) Fabric OS Administrator's Guide 351 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 352
with Fibre Channel routing (TI over FCR). See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. Some . The backbone fabric can contain one or more FC routers. 352 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 353
FC routers 12 Edge fabric 1 Backbone fabric Edge fabric 2 = Dedicated path set up by TI zone in edge fabric 1 = Dedicated path set up by TI zone in edge fabric 2 = Dedicated path set In addition to setting up TI zones, over FCR, all switches in the backbone fabric and in the edge fabrics - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 354
FC routers TI zones within an edge fabric A TI zone within an edge fabric is used to route traffic between a real device and a proxy device through a particular EX_Port. For example, in Figure 39, you can set and xlate phantom switches, you must use NOTE In this configuration the traffic between - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 355
can use the portShow command to obtain the port WWN.) Port WWNs should be used only in TI zones within a backbone fabric and should not be used in other TI zones. Using D,I and port WWN notation, the members of the TI zone in Figure 40 are: • 1,1 (EX_Port for FC router 1) • 1,4 (VE_Port for - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 356
is not supported with FC Fast Write. • For the FC8-16, FC8-32, FC8-48, FC8-64, and FX8-24 blades only: If Virtual Fabrics is disabled, two or more shared area EX_Ports connected to the same edge fabric should not be configured in different TI zones. This configuration is not supported. General rules - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 357
the TI zone was configured incorrectly and E_Port "3,9" was erroneously omitted from the zone. The domain 3 switch assumes that traffic RASlog message when --showTItrunkerrors is added to zone command switch:admin> zone --showTItrunkerrors TI Zone Name: brackets E-Port Guide 357 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 358
zones: • Ports in a TI zone must belong to switches that run Fabric OS v6.0.0 or later. For TI over FCR zones, all switches and FC routers in both edge and backbone fabrics must be running Fabric OS v6.1.0 or later. • For the FC8-64 blade in the Brocade DCX and DCX 8510-8, ports 48-63 can - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 359
command parameter displays the details of the trunk members in the TI zone, separated into present and not present, and displayed per TI Zone basis. Sample output switch:admin See "Traffic Isolation Zoning over FC routers" on page 352 for information about TI zones in a backbone fabric. - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 360
that span more than two switches connected with ICLs. If a user-defined TI zone breaks the ICL connectivity requirements, a a FSPF-1009 RASLOG entry and message is generated to notify you of this error condition. ATTENTION Removing a core blade when both ICL connections and lossless dynamic load - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 361
this is not a supported configuration. Base switches do not allow logical fabric sets the path through the base fabric for logical switches. The switches participating in the logical fabric. Figure 42 shows an initiator and target in a logical fabric (FID1). The dotted line Guide 361 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 362
In Figure 44, the XISLs highlighted (by a dotted line) in the base fabric can be reserved for FID1 switch with domain 1 does not have a port 3 in the switch. This number refers to the port in the chassis with port index 3, which actually belongs to LS3 in FID 1. 362 Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 363
with Virtual Fabrics 12 Traffic Isolation Zoning over FC routers with Virtual Fabrics This section describes how you can set up TI zones over FC routers in logical fabrics. Figure 45 shows two physical chassis configured into logical switches. The initiator in FID 1 communicates with the target - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 364
, use the procedure described in "Creating a TI zone in a base fabric" on page 366. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zone --create command: zone --create -t objtype [-o optlist] name -p "portlist" Be aware of the ramifications if you create - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 365
and the state set to activated (default settings): switch:admin> zone --create command, as shown here: switch:admin> cfgenable "USA_cfg" You are about to enable a new zoning configuration. This action will replace the old zoning configuration with the current configuration selected. If the update - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 366
Creating a TI zone in a base fabric 1. Connect to the switch and log in using an account with admin permissions. 2. Create a "dummy" zone configuration in the base fabric. For example: zone --create "z1", "1,1" cfgcreate "base_config", z1 3. Enter the zone --create command to create the TI zone in - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 367
overlapping ports from the zones, then change the failover type, and finally re-add the overlapping members. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter one of the following commands, depending on how you want to modify the TI zone. • Enter the zone --add - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 368
. The TI zone must exist before you can change its state. 1. Connect to the switch and log in using an account with admin permissions. 2. Perform one of the following actions: • To activate a TI zone, enter the zone --activate command. zone --activate name • To deactivate a TI zone, enter the zone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 369
, the TI zones appear in the defined zone configuration only and do not appear in the effective zone configuration. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zone --show command. zone --show [ name ] [-ascending] Example displaying information about - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 370
might cause a problem for devices that join the fabric later. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zone --showTIerrors command. zone --showTIerrors Here is an example report that would be generated for the illegal configuration shown in Figure - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 371
Log in to the edge fabric 1 and set up the TI zone. a. Enter the fabricShow command to display the switches in the fabric. From the output, you can determine the front and translate domains. E1switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr Name 1: fffc01 50:00:51 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 372
effect Updating flash ... 3. Log in to the edge fabric 2 and set up the TI zone. a. Enter the fabricShow command to display the switches in the fabric. From the output, you can determine the front and translate domains. E2switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 373
changes Do you want to enable 'cfg_TI' configuration (yes, y, no, n): [no] y zone config "cfg_TI" is in effect Updating flash ... 4. Log in to the backbone fabric and set up the TI zone. a. Enter the following commands to create and display a TI zone: BB_DCX_1:admin> zone --create -t ti TI_Zone1 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 374
12 Setting up TI over FCR (sample procedure) 374 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 375
Supported configurations for bottleneck detection 377 •Credit Loss 379 •Enabling bottleneck detection on a switch 380 •Displaying bottleneck detection configuration details 381 •Setting . • Reduce the time it takes to troubleshoot network problems. If you notice one or more applications - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 376
physical data rate of the line. For example, this condition can be caused by trying to transfer data at 8 Gbps over a 4 Gbps ISL. You can use the bottleneckMon command to configure separate alert thresholds for congestion and latency bottlenecks. Advanced settings allow you to refine the criterion - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 377
, consult the Fabric OS Command Reference. Supported configurations for bottleneck detection The following configuration rules apply to bottleneck detection: • Bottleneck detection is supported only on Fibre Channel ports and FCoE F_Ports. • Bottleneck detection is supported only on the following - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 378
configuration is persistent across firmware upgrades and downgrades. The sub-second latency criterion parameter settings are not preserved on downgrade to firmware versions earlier than Fabric OS 7.0.0. If you downgrade and then upgrade back to Fabric OS 7.0.0, the settings revert to their default - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 379
command is also available. See "Enabling back-end credit loss detection and recovery" below for instructions. NOTE Whenever a link reset is performed on this switch, the RASlog C2-1014 message is displayed and recorded. Back-end credit loss detection and recovery support on Brocade 6520 switches - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 380
, E_Ports, and EX_Ports. • The credit recovery commands are supported only on back-end ports of 4G, 8G, and 16G Capable FC platforms for blades in the Brocade DCX, DCX-4S, DCX 8510-8, and DCX 8510-4 chassis. Enabling bottleneck detection on a switch Enabling bottleneck detection permits both latency - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 381
to display the bottleneck detection configuration details: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bottleneckmon --status command to display the details of bottleneck detection configuration for the switch, which includes the following: • Whether - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 382
the switch level has been set switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch-wide per-port overrides, then that section is not displayed. Setting bottleneck detection alerts You can configure Fabric OS to log per-port alerts based on the 's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 383
bottleneckmon --enable -alert command enables both alerts using the default alert values. Example of setting an alert for both congestion and latency This example enables both alerts and shows their values. switch:admin> bottleneckmon --enable -alert switch:admin> bottleneckmon --status Bottleneck - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 384
setting an alert for congestion switch:admin> bottleneckmon --enable -alert=congestion switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch When you enable bottleneck detection, you can configure switch-wide or port-specific alerting parameters. The Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 385
information about --config and -alert-related settings. Use the following procedure to configure the bottleneck detection parameters: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bottleneckmon --config command to set the alerting and sub-second latency - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 386
alerts for a port This disables bottleneck detection alerts for port 46 only. switch:admin> bottleneckmon --config -noalert 46 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Switch-wide sub-second latency bottleneck criterion: Time threshold - 0.800 Severity threshold - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 387
must include -alert=latency to preserve the latency-only alerts configured in the previous example. In general, -alert must be specified (with =latency or =congestion if desired), on every --config command when alerts are desired. switch:admin> bottleneckmon --config -alert=latency -time 250 47 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 388
problematic switch or time. Example of setting quiet time This example sets a latency threshold user configuration, so if the --enable command does not include -alert, but does specify alert-related parameters, that command will fail. Advanced bottleneck detection settings under-performing application - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 389
• You want greater-than-default (sub-second) latency sensitivity on your fabric, so you set sub-second latency criterion parameters at per-port basis. You cannot change them on the entire switch, as you can with alerting parameters, unless you disable and OS Administrator's Guide 389 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 390
Connect to the switch to which the target port belongs and log in using an account with admin permissions. 2. Enter the bottleneckmon --exclude command switch:admin> bottleneckmon --include 7 switch:admin> bottleneckmon --status Bottleneck detection - Enabled 390 Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 391
update the displayed data with fresh data. Use the following procedure to display the bottleneck statistics: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the bottleneckmon --show command Jan 13 18:54:35 0 Fabric OS Administrator's Guide 391 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 392
on a switch, all bottleneck configuration details are discarded, including the list of excluded ports and non-default values of alerting parameters. Use the following procedure to disable bottleneck detection: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 393
to an end device. Both ends of the ISL must terminate in 16G-capable FC ports. Encryption and compression can be enabled at the same time for an ISL, or you can enable either encryption or compression selectively. Figure 49 shows an example of 16 Gbps links connecting three Brocade switches. One - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 394
XISL ports (in VF mode). Encryption and compression are also compatible with the following features: • E_Ports or EX_Ports with trunking, ports supported for encryption and compression. • Ports must be 16 Gbps capable, although port speed can be any configurable value. • The devices at either end - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 395
16G-capable FC platform. This limits the number of ports that can have these features enabled at any one time. Table 62 shows some examples of how port speed affects the number of supported ports for different implementations. TABLE 62 Number of ports supported per chip or per trunk Blades (FC16 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 396
secret keys should be configured on both ends of the ISL to perform authentication. Once the link has been authenticated, the port (E_Port or EX_Port) will use the IKE protocol to generate and exchange the keys, IV and Salt values. At this time expiry keys are not supported. This means that the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 397
action [slot/]port Example Enabling the encryption configuration for port 2 switch:admin> portcfgencrypt --enable 2 Example Disabling the encryption configuration for port 2 switch:admin> portcfgencrypt --disable 2 portShow The portShow command allows you to verify the port flags. Usage - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 398
trunking, it is recommended to connect each trunk group to different ASICs of the peer switch. Configuring all 4 ports of the blade with this suggested configuration will provide redundancy in the event of encryption/compression port failures. For Brocade 6510 and 6520 switches, if the two ports are - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 399
and compression 14 Virtual Fabrics considerations The E_Ports and EX_Ports in the user-created logical switch, base switch, or default switch; and EX_Ports on base switches can support encryption and compression. You can configure encryption on XISL ports, but not on LISL ports. However, frames - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 400
This command will tell you if the segmentation was due to mismatched encryption or compression configurations on the ports at either end of the ISL, if port-level authentication failed, or if a required resource was not available. The following topics provide step-by-step instructions for performing - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 401
line) has no ports configured for either encryption or compression and therefore has any two ports available for this purpose. For bladed switches, use the switchShow command to determine the slot number of a specific user port. switch:admin> portenccompshow User can support the encryption and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 402
Command Reference for more details on this command. Example Port speed change failure switch> portenccompshow User Encryption Compression Port configured Active Configured No 16G switch> portcfgspeed 1 0 Configuration for port (1) failed as it exceeds current supported capacity. Compression - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 403
text. Use a secure channel, such as SSH or the serial console, to connect to the switch on which you are setting the secrets. 3. Enter the authUtil command to set the switch policy mode to Active or On: switch:admin> authutil --policy -sw active or alternatively: switch:admin> authutil --policy -sw - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 404
15 of an FC16-32 blade in slot 9 of an enterprise class platform: switch:admin> portcfgencrypt --enable 9/15 4. Enable the port with the portEnable command. After manually enabling the port, the new configuration becomes active. Configuring compression NOTE Before performing this procedure, it is - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 405
compression on port 15 of an FC16-32 blade in slot 9 of an enterprise class platform: switch:admin> portcfgcompress --disable 9/15 4. Enable the port with the portEnable command. After enabling the port, the new configuration becomes active. Fabric OS Administrator's Guide 405 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 406
following examples show configuring and enabling encryption and compression. In this case, encryption and compression are being applied to the E_Ports at either end of an ISL connecting a port on a blade in an enterprise class platform named 'myDCX' to a port on a Brocade 6510 switch named 'myswitch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 407
:admin> secauthsecret --set This command is used to set up secret keys for the DH-CHAP authentication. The minimum length of a secret key is 8 characters and maximum 40 characters. Setting up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 408
ARE YOU SURE (yes, y, no, n): [no] y Auth Policy is set to ON myswitch:admin> authutil --show AUTH TYPE HASH TYPE GROUP TYPE dhchap md5 4 Switch Authentication Policy: ON Device Authentication Policy: OFF myswitch:admin> Enabling encryption Next, you enable encryption on port 0. Note - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 409
command shows both encryption and compression to be enabled on the port. myswitch:admin> portdisable 0 myswitch:admin> portcfgcompress --enable 0 Turning ON Compression on port(0) will cause the port to be disabled during next LOGIN myswitch:admin TOV enable OFF NPIV capability ON QOS - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 410
admin> portdisable 0 myswitch:admin> portcfgcompress --disable 0 myswitch:admin> portenable 0 Example Using the portCfgShow command to check the results: myswitch:admin OFF NPIV capability ON NPIV PP Limit: CSCTL mode: Frame Shooter Port D-Port mode: Compression: Encryption: FEC: myswitch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 411
EX_Port is a type of E_Port (expansion port) that connects a Fibre Channel router to an edge fabric. From the point of view of a switch in an edge fabric, an EX_Port appears as a normal E_Port; It follows applicable Fibre Channel standards just line an E_Port. However, a router terminates an EX_Port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 412
compression on an EX_Port. The commands in this example are shown entered on a Brocade 6510 named 'myswitch' as Fibre Channel Router (FCR) and an edge switch as 'edge'. Example Displaying port numbers on the FCR and Edge switches using the fcrEdgeShow command switch:admin> fcredgeshow FID EX-port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 413
up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed whenever a port or a switch is enabled. Warning: Please use a secure channel for setting secrets. Using an insecure channel is not safe and may compromise secrets. Following inputs - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 414
OFF LOS TOV enable OFF NPIV capability ON QOS Port AE admin> Example Setting the secret key for the front phantom wwn projected by the FCR on the 'edge' switch Use portCfgExPort EX_Port# on the remote FCR to learn the front phantom switch wwn value. 414 Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 415
a secret key NOTE For this you need the WWN of the front phantom switch. Use portCfgExPort EX_Port# on that switch to learn its wwn value. edge:admin> secauthsecret --set This command is used to set up secret keys for the DH-CHAP authentication. The minimum length of a secret key is 8 characters - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 416
up secret keys does not initiate DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed whenever a port or a switch is enabled. Warning: Please use a secure channel for setting secrets. Using an insecure channel is not safe and may compromise secrets. Following inputs should - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 417
with EX_Ports 14 NPIV PP Limit: 126 CSCTL mode: OFF D-Port mode: OFF Compression: OFF Encryption: ON FEC: ON Example Enabling compression on the same port. The portCfgShow command shows that both encryption and compression are now enabled on this port. edge:admin> portdisable 1 edge - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 418
Usage: portCfgExPort [slot/]port Example Setting port 47 to be an EX_Port, and displaying the port configuration parameters switch:admin> portcfgexport 47 Port 47 info Admin: enabled State: OK Pid format: core(N) Operate mode: Brocade Native Edge Fabric ID: 17 Preferred Domain - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 419
port ID to each Fibre Channel protocol device. NPIV is designed to enable you to allocate virtual addresses without affecting your existing hardware implementation. The virtual port has the same properties as an N_Port, and is therefore capable of registering with all services of the fabric. This - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 420
not have Virtual Fabrics enabled. When Virtual Fabrics is enabled on the Brocade DCX and DCX-4S, fixed addressing mode is used only on the default logical switch. The number of NPIV devices supported on shared area ports (48-port blades) is reduced to 64 from 128 when Virtual Fabrics mode is enabled - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 421
Enabled Base switch No. 1. Maximum limit support takes precedence if user-configured maximum limit is greater. This applies to shared areas on the FC4-48, FC8-48, and FC8-64 port blades. 2. The first 112 physical NPIV-capable devices connected to a logical switch using 10-bit addressing can log - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 422
switches, Brocade DCX and DCX 8510 Backbone families, and the FA4-18 blade, NPIV is enabled for every port. NOTE NPIV is a requirement for FCoE. The CEE/FCoE ports on the Brocade 8000 have NPIV enabled by default, but NPIV cannot be enabled or disabled on these ports. The login limit can be set - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 423
15 Viewing NPIV port configuration information 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portCfgShow command to view the switch ports information. The following example shows whether a port is configured for NPIV: switch:admin> portcfgshow - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 424
Use the portLoginShow command to display the login information for the virtual PIDs of a port. The following example is sample output from the portLoginShow command: switch:admin> portloginshow 2 Type PID World Wide Name credit df_sz cos fe 630240 c0:50:76:ff:fb:00:16:fc 101 2048 c fe - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 425
Fabric Provisioning using FA-PWWN 425 •User- and auto-assigned FA-PWWN behavior 426 •Configuring FA-PWWNs 426 •Supported switches and configurations for FA-PWWN 429 •Configuration upload and download considerations for FA-PWWN 430 •Firmware upgrade and downgrade considerations for FA-PWWN 430 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 426
server to use the FA-PWWN feature, it must be using a Brocade HBA or adapter. Refer to the release notes for the HBA or adapter versions that support this feature. Some configuration of the HBA must be performed to use the FA-PWWN. User- and auto-assigned FA-PWWN behavior An FA-PWWN can be - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 427
and some are to be executed on the server. 1. Log in to the edge switch to which the Access Gateway is directly connected. 2. Assign the FA-PWWN. • If you are manually assigning a WWN, enter the following command: fapwwn --assign -ag AG_WWN -port AG_port -v Virtual_PWWN • If you want the WWN to be - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 428
and some are to be executed on the server. 1. Log in to the edge switch to which the device is connected. 2. Assign the FA-PWWN. • If you are manually assigning a WWN, enter the following command: fapwwn --assign -port [slot/]port -v Virtual_PWWN • If you want the WWN to be automatically assigned - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 429
Supported switches and configurations for FA-PWWN 16 3. Enter the fapwwn --show -port all command: You should see output similar to the following sample. Port PPWWN VPWWN PID Enable MapType 0 52:00:10:00:00:0f:50:30 10101 Yes Port/Auto 1 11:22:33:44:33:22:11:22 -- Yes Port/User - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 430
export the FA-PWWN configuration. ATTENTION Brocade recommends you delete all FA-PWWNs from the switch with the configuration being replaced before you upload or download a modified configuration. This is to ensure no duplicate FA-PWWNs in the fabric. Firmware upgrade and downgrade considerations - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 431
on directly attached Brocade HBAs/adapters NOTE FA-PWWN is supported with F_Port trunking on the supported Access Gateway platforms. Access Gateway N_Port failover with FA-PWWN If an FA-PWWN F_Port on an Access Gateway fails over to an N_Port that is connected to a different switch, the FA-PWWN - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 432
16 Access Gateway N_Port failover with FA-PWWN 432 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 433
switches, ports, and devices you can view and modify. An Admin Domain is a filtered administrative view of the fabric. NOTE If you do not implement Admin Domains, the feature has no impact on users and you can ignore this chapter. Admin Domains permit access to a configured set of users. Using Admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 434
Figure 53, users can see all switches and E_Ports in the fabric, regardless of their Admin Domain; however, the switch ports and end devices are filtered based on Admin Domain membership. FIGURE 53 Filtered fabric views when using Admin Domains 434 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 435
requirements: • Admin Domains are not supported on the Brocade 8000. The Brocade 8000 can be in AD0 only. • The default zone mode setting must be set to No Access before you create Admin Domains (refer to "Setting the default zoning mode for Admin Domains" on page 443 for instructions). • Virtual - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 436
that you explicitly add to AD0 and can be used to force device and switch sharing between AD0 and other Admin Domains. AD0 is managed like any user-defined Admin Domain. The only difference between AD0 and user-defined Admin Domains is the implicit membership list. The implicit members of AD0 change - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 437
Admin Domain. AD0 is useful when you create Admin Domains because you can see which devices, switch ports, and switches are not yet assigned to any Admin Admin Domain management is done in the AD255 context. AD255 does not have a zone database associated with it; you cannot use AD255 to perform - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 438
a configurable property of a non-default user account. Here is some additional information about AD accounts: • You can log in to only one Admin Domain at a time. You can later switch to a different Admin Domain (refer to "Switching to a different Admin Domain context" on page 456 for instructions - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 439
by identifying members of that domain. Admin Domain members can be devices, switch ports, or switches. Defining these member types is similar to defining a traditional zone member type. An Admin Domain does not require or have a new domain ID or management IP address linked to it. Device members - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 440
ports in that switch. • A switch member allows switch administrative operations such as disabling and enabling a switch, rebooting, and firmware downloads. • A switch member does not provide zoning rights for the switch ports or devices. To allow devices to be zoned within Admin Domains, you must - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 441
switches, three devices, and two Admin Domains. The devices are labeled with device WWNs and the switches are labeled with domain IDs and switch WWNs. FIGURE 55 Fabric showing switch FIGURE 56 Filtered fabric views showing converted switch WWNs Fabric OS Administrator's Guide 441 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 442
disposition of the Admin Domain configuration in the transaction buffer. The following commands end the Admin Domain transaction: ad --save Saves the changes in the transaction buffer to the defined configuration in persistent storage and propagates the defined configuration to all switches in the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 443
in "Disabling Virtual Fabrics mode" on page 290. Admin Domains and Virtual Fabrics cannot co-exist. 3. Set the default zone mode to No Access, if you have not already done so. Refer to "Setting the default zoning mode" on page 326 for instructions. 4. Switch to the AD255 context, if you are not - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 444
Set up zones in the newly created Admin Domain. Refer to Chapter 11, "Administering Advanced Zoning," for instructions. Example of creating Admin Domains The following example creates Admin Domain AD1, consisting of two switches, which are designated by domain ID and switch WWN. switch:AD255:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 445
administrator user account 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the userConfig --add command using the -r option to set the role to admin and the -a option to provide access to Admin Domains 0 through 255. userconfig --add username -r admin -h home_AD - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 446
the currently active sessions for that account are logged out. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the userConfig --deletead command: userconfig --deletead username [-h admindomain_ID] [-a admindomain_ID_list] If the -h argument is not specified, the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 447
. 1. Connect to the switch and log in using an account with admin permissions. 2. Disable the zone configuration under the Admin Domain you want to deactivate. cfgdisable 3. Switch to the AD255 context, if you are not already in that context. ad --select 255 4. Enter the ad --deactivate command. ad - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 448
you want to rename is part of the effective configuration. 1. Connect to the switch and log in using an account with admin permissions. 2. Switch to the AD255 context, if you are not already in that context. ad --select 255 3. Enter the ad --rename command with the present name and the new name. ad - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 449
of the zones with which it was associated. 1. Connect to the switch and log in using an account with admin permissions. 2. Switch to the Admin Domain that you want to delete. ad --select ad_id 3. Enter the appropriate command to clear the zone database under the Admin Domain you want to delete. • To - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 450
Refer to "Clearing all zone configurations" on page 333 for instructions. 2. Connect to the switch and log in using an account with admin permissions. 3. Switch to the AD255 context, if you are not already in that context. ad --select 255 4. Enter the ad --clear command. This option prompts you for - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 451
]" 5. Enable the configuration to complete the transaction. cfgenable cfgName 6. Switch to the AD255 context. ad --select 255 7. Explicitly add devices that are present in the user-defined ADs to AD0. ad --add AD0 -d "dev_list" 8. Enter the ad --apply command to save the Admin Domain definition and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 452
and the user-defined Admin Domains are deleted, as shown in Figure 58. FIGURE 58 AD0 with three zones sw0:admin> ad --exec 255 "cfgshow" Zone CFG Info for AD_ID: 0 (AD Name: AD0, State: Active) : Defined configuration 00:02:00:00:00 Effective configuration: cfg: AD0_cfg zone: AD0_RedZone 10 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 453
to clear all admin domains (yes, y, no, n): [no] y sw0:AD255:admin> ad --apply You are about to enforce the saved AD configuration. This action will trigger AD apply to all switches in the fabric Do you want to apply all admin domains (yes, y, no, n): [no] y Fabric OS Administrator's Guide 453 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 454
and their devices. 1. Connect to the switch and log in using an account with admin permissions. 2. Switch to the AD255 context, if you are not already in that context. ad --select 255 3. Enter the ad --validate command. ad --validate ad_id -m mode If you do not specify any parameters, the entire - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 455
This option creates a new shell with the current User_ID, switches to the specified Admin Domain, performs the specified command, and exits the shell. 1. Connect to the switch and log in. 2. Enter the ad --exec command, specifying the Admin Domain and the command you want to execute. ad --exec ad_id - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 456
is not activated, the operation fails. 1. Connect to the switch and log in as any user type. 2. Enter the ad --select command and the Admin Domain to which you want to switch. 3. Leave the new Admin Domain context by exiting from the shell. logout 456 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 457
commands or validate ACL policy configurations against AD membership under each Admin Domain. Advanced Performance All APM-related filter setup and statistics viewing is allowed only if the local switch is part Monitoring (APM) of the current Admin Domain. Configuration upload and download - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 458
and AD255. FICON Admin Domains support FICON. However, you must perform additional steps because FICON management requires additional physical control of the ports. You must set up the switch as a physical member of the FICON AD. Device Connection Control (DCC) and Switch Connection Control (SCC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 459
and the sum of all the zone databases for each AD. Admin Domains support the default zone mode of No Access only. Before configuring any Admin Domain, you must set the default zone to No Access mode. Admin Domains without effective zone configurations are presented with No Access. Refer to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 460
24, "Using FC-FC Routing to Connect Fabrics," for information about LSAN zones. Configuration upload and download in an AD context The behavior of the configUpload and configDownload commands varies depending on the AD context and whether the switch is a member of the current Admin Domain. In the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 461
Links" • Chapter 20, "Monitoring Fabric Performance" • Chapter 21, "Optimizing Fabric Behavior" • Chapter 22, "Managing Trunking Connections" • Chapter 23, "Managing Long-Distance Fabrics" • Chapter 24, "Using FC-FC Routing to Connect Fabrics" Fabric OS Administrator's Guide 461 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 462
462 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 463
of features associated with the licenses installed on your switch, use the configUpload command before you upgrade or downgrade Fabric OS. Fabric OS includes basic switch and fabric support software, and support for optionally licensed software that is enabled using license keys. In Fabric OS v7 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 464
in Fabric OS 7.1. TABLE 69 License Available Brocade licenses Description 10 Gigabit FCIP/Fibre Channel (10G license) 7800 Upgrade • Allows 10 Gbps operation of FC ports on the Brocade 6510or 6520 switches or the FC ports of FC16-32 or FC16-48 port blades installed on a Brocade DCX 8510 Backbone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 465
platforms. For the Brocade Encryption Switch, two Encryption Performance Upgrade licenses can be installed to enable the full available bandwidth. On a Brocade enterprise platform, a single Performance License can be installed to enable full bandwidth on all FS8-18 blades installed in the chassis - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 466
switch; enables Fibre Channel over Ethernet (FCoE) functions. FICON Management Server Enables host-control of switches in mainframe environments. (Also known as Control Unit Port or "CUP") High Performance Extension over FCIP/FC Includes the IPsec capabilities. (formerly known as "FC-IP Services - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 467
performance for physical servers with virtual machines by extending virtual channels to the server infrastructure. Application-specific traffic flows can be configured, prioritized, and optimized throughout the entire data center infrastructure. This license is not supported on the Brocade - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 468
by feature (Continued) License Where license should be installed FCIP FCIP Trunking Fibre Channel Routing/EX_Ports FICON FICON-CUP FICON Tape Read and Write Emulation over an FCIP Tunnel FICON XRC Sequence Emulation over an FCIP Tunnel FIPS Firmware download Full fabric connectivity In-flight - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 469
, applicable to a select set of switches only. • 7800 Upgrade license for the 7800 switches to use all ports. • 10 Gigabit FCIP/Fibre Channel license to use 10Gb FC ports on FC16-32 blades, FC16-48 blades, and the Brocade 6510 and 6520. • 10 Gigabit FCIP/Fibre Channel license to enable 10Gb Ethernet - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 470
300, 5100, 5300, and VA-40FC switches and embedded switches only. NOTE: The 8 Gbps license is installed by default, and you should not remove it. A 10-Gb FCIP/Fibre Channel license is needed to support 10Gb FC ports on FC16-32 blades, FC16-48 blades, and the Brocade 6510 and 6520, as well as to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 471
is performed on the ICL ports only when the portDisable and portEnable commands are issued on the ports. An ICL license must be installed on the enterprise platforms at both ends of the ICL connection. ICL 1st POD license The ICL 1st POD license activates half of the ICL bandwidth on the Brocade DCX - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 472
half the bandwidth of the Brocade DCX ICL ports initially and upgrade with an additional ICL license to use the full ICL bandwidth later. This license is also useful for environments with ICL connections between a Brocade DCX and a DCX-4S, as the latter cannot support more than eight links on - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 473
installed by default and you should not remove it. Port operation may become disrupted, and ports may be prevented from operating at 8 Gbps when the license is removed. The 8 Gbps license applies to the Brocade 300, 5100, 5300, and VA-40FC switches and the 8 Gbps embedded switches; this license does - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 474
feature on the FX8-24 blade and the 10 Gbps FC feature on the 16 Gbps FC blades are both enabled by the same 10 Gigabit FCIP/Fibre Channel license (10G license). This license can also enable the 10 Gbps FC feature on a Brocade 6510 or 6520 switch as a chassis-based license. Any unassigned slot-based - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 475
the licenseSlotCfg -remove command to remove the license from the slot. 10G licensing The 10 Gbps FCIP/Fibre Channel license (10G license) enables the following features: • 10 Gbps access on the 16 Gbps FC ports on Brocade 6510 or 6520 switches, and FC16-32 and FC16-48 port blades. • The two 10 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 476
on an FC port on a Brocade 6510 or 6520 switch or an FC16-32 or FC16-48 blade: 1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the license and switchportconfiguration classes of RBAC commands. 2. Use the licenseAdd command to add - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 477
FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 6510-switch:admin> portcfgoctetspeedcombo 2 6510-switch:admin> portcfgspeed 2 10 Enabling the 10-GbE ports on an FX8-24 blade Use the following procedure to enable the 10-GbE ports on an FX8-24 blade: 1. Connect to the Brocade Backbone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 478
add FTR_10G 7 8510-4switch:admin> licenseshow aTFPNFXGLmABANMGtT4LfSBJSDLWTYD3EFrr4WGAEMBA 10 Gigabit FCIP/Fibre Channel (FTR_10G) license Capacity 1 Consumed 1 Configured Blade Slots 7 8510-4switch:admin> bladecfggemode --set 10G -slot 7 8510-4switch:admin> switchshow -slot 7 ... 158 7 30 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 479
18 • FICON Management Server (CUP) license • Extended Fabrics license • High Performance Extension over FCIP/FC license • Integrated Routing license • Server Application Optimization license • ISL Trunking license Restrictions on upgrading temporary slot-based licenses If the capacity of the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 480
reboot, failover, firmware download, or a port or switch disable or enable operation. Removing an expired license CAUTION This procedure is disruptive to the switch. Use the following procedure to remove an expired licence: 1. Connect to the switch and log in using an account with admin permissions - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 481
and installation instructions. Adding a licensed feature To enable a feature, go to the feature's appropriate section in this manual. Enabling a feature on a switch may be a separate task from adding the license. For the Brocade Backbones, licenses are effective on both control processor (CP) blades - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 482
license 8 Gig FC license DataFort Compatibility license Server Application Optimization license Removing a licensed feature Use the following procedure to remove a licenced feature: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the licenseShow command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 483
key "bQebzbRdScRfc0iK" Entering the licenseShow command after the licenseRemove command displays the remaining licenses. switch:admin> licenseshow SybbzQQ9edTzcc0X: Fabric license If there are no license keys, licenseShow displays "No licenses." Ports on Demand The Brocade models listed below can be - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 484
allowed ports will not exceed the total displayed for the "Full Ports on Demand" license. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the licenseshow command. switch:admin> licenseshow SdSSc9SyRSTuTTdz: 484 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 485
: 1. Connect to the switch and log in using an account with admin permissions. 2. Verify the current states of the ports using the portShow command. In the portShow output, the Licensed field indicates whether the port is licensed. 3. Install the Brocade Ports on Demand license. For instructions on - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 486
procedure to enable Dynamic Ports on Demand: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the licensePort --method command with the dynamic option to change the license assignment method to dynamic. 486 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 487
procedure to disable Dynamic Ports on Demand: 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the licensePort --method command with the static option to change the license assignment method to static. switch:admin> licenseport --method static The POD method has - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 488
available, then issue the licensePort --reserve command to reserve a license for the port. switch:admin> licenseport -reserve 0 • If all port reservations are assigned, select a port to release its POD license. Follow the instructions in "Releasing a port from a POD set" to release a port from its - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 489
to remove the port from the POD license. switch:admin> licenseport --release 0 5. Enter the licensePort --show command to verify the port is no longer assigned to a POD set. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 490
18 Ports on Demand 490 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 491
". After the addition or removal of a license, the license enforcement is performed on the ICL ports only when you issue the portDisable and portEnable commands on the switch for the ports or the bladeDisable and bladeEnable commands for the core blade. All ICL ports must be disabled and then - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 492
. Refer to the specific hardware reference manuals for additional information about LED status meanings and ICL connections, including instructions on how to cable ICLs. ICLs for the Brocade DCX 8510 Backbone family Each ICL connects the core blades of two Brocade DCX 8510 chassis and provides up to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 493
59. • Refer to the specific hardware reference manuals for information about port numbering and connecting the ICL cables. ICLs for the Brocade DCX Backbone family The Brocade DCX has two ICL connectors at ports ICL0 and ICL1 on each core blade, each aggregating a set of 16 ports. Thus, each core - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 494
the Brocade DCX-4S, each ICL is managed as one 8-port ISL trunk. Follow the guidelines in the specific hardware reference manuals for connecting the ICL cables. Virtual Fabrics considerations for ICLs In Virtual Fabrics, the ICL ports can be split across the logical switch, base switch, and default - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 495
about maximum topology configurations. Mesh topology You can connect the Brocade Backbones in a mesh topology, in which every chassis is connected to every other chassis. A simple form of the mesh topology is the triangular topology (shown in Figure 61). The triangular topology is supported by three - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 496
ISL path being lesser or greater than the ICL path between the two switches. Core-edge topology You can also connect the Brocade DCX 8510 Backbones in a core-edge topology. For example, Figure 63 shows six chassis connected in a core-edge topology (four edges and two cores). Although Figure 63 shows - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 497
Supported topologies for ICL connections 19 FIGURE 63 64 Gbps ICL core-edge topology Fabric OS Administrator's Guide 497 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 498
19 Supported topologies for ICL connections 498 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 499
. Refer to the Web Tools Administrator's Guide and Brocade Network Advisor User Manual for information about monitoring performance using a graphical interface. Advanced Performance Monitoring commands are available only to users with admin permissions. Use the perfhelp command to display a list of - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 500
4 Brocade 5100 3 3 Brocade VA-40FC Brocade 5300 4 3 Each logical switch can have its own set of performance monitors. The installation of monitors is restricted to the ports that are present in the respective logical switch. • Top Talker monitors and EE monitors are supported on the default - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 501
to the Access Gateway Administrator's Guide for additional information. End-to-end performance monitoring Use end-to-end (EE) monitoring when you want to monitor throughput between a pair of devices. End-to-end performance monitoring counts the number of words in Fibre Channel frames for a specified - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 502
-4S, DCX 8510 and 5300 models allow up to 256 end-to-end monitors on one logical switch. The Brocade 5100, 6510, 6520, and VA-40FC allow up to 341 end-to-end monitors on one logical switch. Supported port configurations for EE monitors You can configure EE monitors on F_Ports and, depending on the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 503
port can be set. When you set a mask, all existing end-to-end monitors are deleted. ATTENTION End-to-end masks are supported only on the Brocade 8000 and the Brocade Encryption Switch. 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfSetPortEEMask command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 504
ID mask Domain ID mask FIGURE 65 Mask positions for end-to-end monitors Deleting EE monitors 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfMonitorShow command to list the valid end-to-end monitor numbers for a port. 3. Enter the perfDelEEMonitor - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 505
0x0000000067229e98 192.168.169.40 Clearing EE monitor counters The following example clears statistics counters for an end-to-end monitor: switch:admin> perfMonitorClear --class EE 1/2 5 End-to-End monitor number 5 counters are cleared The following example clears statistics counters for all - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 506
the complexity of the frame types. For trunked ports, the frame monitor is configured on the trunk master. Static offsets are pre-set with offset/value combinations. Brocade also supports additional dynamic offsets. When a user-specified offset and value combination matches that already allocated by - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 507
frame (SOF). When the offset is set to 0, the values 0 through 7 Connect to the switch and log in using an account with admin permissions. 2. Enter the fmMonitor --delete command to delete a specific frame type. Example switch:admin> fmmonitor --delete myframemonitor Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 508
3 through 12, but does not save the port configuration. The second command saves the port configuration persistently. switch:admin> fmmonitor --addmonitor SCSI -port 3-12 -nosave switch:admin> fmmonitor --save SCSI Displaying frame monitors 1. Connect to the switch and log in using an account with - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 509
;4,0xFF,0x06;40,0xFF,0x5F;41,0xFF,0x01 ip 12,0xFF,0x05; abts 4,0xFF,0x81;40, ,0xff,00; The following example displays configuration details for the predefined SCSI frame monitor. Notice Connect to the switch and log in using an account with admin permissions. 2. Enter the fmMonitor --clear command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 510
configure them with certain Quality of Service configure Top Talker monitors on F_Ports and, depending on the switch model, on E_Ports. The following platforms support Top Talker monitors on E_Ports: - Brocade 6505 - Brocade 6510 - Brocade 6520 - Brocade n bandwidth users on a given switch. You can - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 511
the same logical switch. Admin Domain considerations: Top Talker monitors are always installed in AD255. NPIV considerations: Top Talker monitors take NPIV devices into consideration when calculating the top talking flows. Top Talker monitors are not supported on the embedded platforms: Brocade 5410 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 512
FC router do not monitor any flows E_Port Edge fabric E_Port E_Port FC router EX_Port Backbone fabric FIGURE 67 Fabric mode Top Talker monitors on FC time. • Top Talker monitors are not supported on VE_Ports, EX_Ports, and VEX_Ports. • and egress monitor ports are configured on the same ASIC, - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 513
to the new switch. Displaying the top n bandwidth-using flows on a port (port mode) 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfTTmon --show command. perfttmon --show [slotnumber/]port [n] [wwn | pid] Fabric OS Administrator's Guide 513 53-1002745 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 514
6.926 0xa90800 0xa908ef 6.872 Displaying top talking flows for a given domain ID (fabric mode) 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the perfTTmon --show dom command. perfttmon --show dom domainid [n] [wwn | pid] Fabric mode must be enabled for this - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 515
for trunks, except for the Brocade 300, which supports 8 frame monitors for trunks. • For the Brocade 8000, trunk monitoring is supported only on the FC ports and not on the CEE ports. Saving and restoring monitor configurations To prevent the switch configuration flash from running out of memory - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 516
Connect to the switch and log in using an account with admin permissions. 2. Enter one of the following commands, depending on the action you want to perform: • To save the current EE monitor and frame monitor configuration settings into nonvolatile memory, use the perfCfgSave command. switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 517
Setting QoS zone-based traffic prioritization 530 •Setting QoS zone-based traffic prioritization over FC connections not require a license. See Chapter 13 requires an Advanced Performance Monitoring license. See "Top set of source ports (F_Ports). Traffic Isolation Zoning does not require a license - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 518
519 for more information about this feature. NOTE The Brocade 6520 does not require licenses for the Ingress Rate Limiting and QoS SID/DID features. They are enabled by default. You can use the Adaptive Networking features together to optimize the performance of your fabric. For example, you can do - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 519
configuration on a port is on a per-logical switch basis. That is, if a port is configured Connect to the switch and log in using an account with admin permissions. 2. Enter the portCfgQos --setratelimit command. portcfgqos --setratelimit slot/port ratelimit Example of setting OS supports two types - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 520
the Adaptive Networking license. An Adaptive Networking license must be installed on every switch that is in the path between a configured device pair. NOTE The Brocade 6520 does not require licenses for the Ingress Rate Limiting and QoS SID/DID features. They are enabled by default. When you - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 521
fabric. This method of establishing QoS is an alternative to the switch-controlled assignment that uses zone-based QoS. ATTENTION Check with your host and storage manufacturer to determine whether they support Fibre Channel CS_CTL prioritization on their devices. High-, medium-, and low-priority - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 522
the chassis-wide default mode (see Table 77 on page 521), as in the following example. switch:admin> configurechassis Configure... cfgload attributes (yes, y, no, n): [no] y Enforce secure config Upload/Download (yes, y, no, n): [no] Enforce signature validation for firmware (yes, y, no, n): [no - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 523
default mode. 2. In either case, ensure that the switch port connected to the initiator host and the switch port connected allocated to different virtual channels (VCs). High- set of fabric resources for its exclusive use. Trunking considerations before you install the Adaptive Networking license - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 524
1. Connect to the switch and log in using an account with admin permissions. 2. Display the ISL information by using the following command: islshow 3. Identify E_Ports on which QoS should be manually disabled. 30 B5300 sp: 8.000G bw: 16.000G TRUNK 524 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 525
switch:admin enable NPIV capability ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON NPIV PP INVALID, switch:admin> portcfgqos --disable 19 QoS zones You assign high or low priority (QoS level) by configuring a specific virtual channel for the traffic flow and xxxxx is the user-defined portion - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 526
switch automatically sets optional; if it is not specified, the virtual channels are allocated by means of a round-robin scheme QoS zone. See "QoS over FC routers" on page 527 for All other traffic is medium priority, which is the default. H1 Domain 1 Domain 3 S1 1 9 H2 Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 527
QoS traffic prioritization between devices in edge fabrics over an FC router. See Chapter 24, "Using FC-FC Routing to Connect Fabrics," for information about FC routers, phantom switches, and the FC-FC Routing Service. To establish QoS over FC routers, you must do the following: • Define QoS zones - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 528
supported for QoS over FCRs. • An Adaptive Networking license must be installed on every switch that is in the path between a given configured device pair, including the switches 70 shows a logical fabric that includes H1 and S1. To set the traffic between H1 and S1 to high priority, create a QoS - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 529
switch running a firmware version earlier than Fabric OS v6.0.0, the frames are dropped. • By default, all devices are assigned medium priority. - To be assigned high or low priority, hosts and targets must be connected to a Brocade 8-Gbps or 16-Gbps switch or port blade zone configuration has - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 530
that use D,I notation are not supported for QoS over FCR. • QoS zones that use D,I notation should not be used for loop or NPIV ports. • If QoS is Setting QoS zone-based traffic prioritization 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the zoneCreate command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 531
re-enabled, merging new switches into the fabric is not recommended and may cause unpredictable results with the potential of mismatched Effective Zoning configurations. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Updating flash ... sw0:admin> cfgenable "cfg1" You - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 532
prioritization 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the cfgRemove command to remove the QoS zones from the current zone configuration. 3. Enter the portCfgQos command to disable QoS on the E_Ports. 532 Fabric OS Administrator's Guide 53-1002745 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 533
Trunking Connections 22 In this chapter •Trunking overview 533 •Supported configurations for trunking 535 •Supported platforms for trunking 536 •Requirements for trunk groups 536 •Recommendations for trunk groups 537 •Configuring trunk groups 538 •Enabling trunking on a port or switch 538 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 534
module or a Brocade adapter. It is the same as F_Port trunking. The trunk ports are N_Ports (on the Access Gateway or adapter) connected to F_Ports (on the switch). For more information, see "Configuring F_Port trunking for a Brocade adapter" on page 545, the Access Gateway Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 535
but they might not be. Refer to the hardware reference manual for your switch for information about which ports can be used in the same port group for trunking. FIGURE 71 Trunk group configuration for the Brocade 5100 Supported configurations for trunking • Trunk links can be 2 Gbps, 4 Gbps, 8 Gbps - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 536
, QoS, and FEC settings. • Trunk groups must be between Brocade switches (or Brocade adapters, in the case of F_Port trunking). Brocade trunking is proprietary and is not supported on M-EOS or third-party switches. • There must be a direct connection between participating switches. • Trunking cannot - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 537
connecting two switches with two or more ISLs, ensure that all trunking requirements are met to allow a trunk group to form. • Determine the optimal number of trunk groups between each set of linked switches, do not disrupt business operations. Fabric OS Administrator's Guide 537 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 538
the ports, you can either disable and then re-enable the switch, or disable and then re-enable the affected ports. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the islShow command to determine which ports are used for ISLs. 3. Enter the portDisable - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 539
Fabric Performance". To view detailed information about F_Port trunking, see "Displaying F_Port trunking information" on page 549. Use the following procedure to view trunking information: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the trunkShow command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 540
setting it to autonegotiate. In addition to the criteria listed in "Supported configurations for trunking" on page 535, observe the following criteria for trunking over extended fabrics: • It is supported only on switches running Fabric OS v6.1.0 and later. • Extended Fabrics and Trunking licenses - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 541
any distance greater than 10 km. The distance supported depends on the available buffers, the number of back-end ports, and the number of ports that are offline. For more information on setting port speeds, refer to Chapter 3, "Performing Advanced Configuration Tasks". EX_Port trunking You can - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 542
or Brocade edge fabric. Configuring EX_Port trunking With EX_Port trunking, you use the same CLI commands as you do for E_Port trunking. See "Configuring trunk groups" on page 538 for instructions. Displaying EX_Port trunking information 1. Log in as an admin and connect to the switch. 2. Enter - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 543
the Address Identifier) when F_Ports go offline, and it increases F_Port bandwidth. This section describes how you configure F_Port trunking on the switch. See the Access Gateway Administrator's Guide and the Brocade Adapters Administrator's Guide for information about configuring the corresponding - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 544
73 Switch in Access Gateway mode with F_Port masterless trunking NOTE You do not need to map the host to the master port manually, because the Access Gateway will perform a cold failover to the master port. See "Configuring F_Port trunking for an Access Gateway" on page 544 for instructions on - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 545
Brocade Adapters Administrator's Guide for a detailed description and requirements of N_Port trunking on the adapters. 1. On the switch side, perform the following steps: a. Configure both ports for trunking by using the portCfgTrunkPort command. switch:admin> portcfgtrunkport 3/40 1 switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 546
within the ASIC's trunk group of the switch or blade starting from port 0, and must be one of the port's default areas of the trunk group. Authentication 10-bit addressing is the default mode for all dynamically created partitions in the Brocade DCX and DCX 8510-8 platforms. Authentication occurs - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 547
trunks. NPIV Supported on F_Port master trunk. PID format F_Port trunking is supported only in the CORE PID format. Port mirroring Port mirroring is not supported on Trunk Area ports or on the PID of an F_Port trunk port. Port mirroring is not supported on the Brocade Encryption Switch. Port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 548
Fabrics F_Port trunking functionality performs the same in Virtual Fabrics as it does in non-Virtual Fabric platforms except for the Brocade DCX and DCX 8510-8. Fabric OS uses a 10-bit addressing model, which is the default mode for all dynamically created logical switches in the DCX platform - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 549
Use the following commands on the edge switch to verify the F_Port trunking configuration. • Enter the switchshow command to display the switch and port information. • Enter the porttrunkarea --show enabled command to display the TA-enabled port configuration. switch:admin> porttrunkarea --show - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 550
22 Enabling the DCC policy on a trunk area switch:admin> portdisable 0-2 switch:admin> porttrunkarea --disable 0-2 Trunk index 2 disabled for ports 0, 1, and 2. Enabling the DCC policy on a trunk area After you assign a trunk area, the portTrunkArea command checks whether there are any active DCC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 551
configuration for implementing long-distance SAN fabrics is to deploy Fibre Channel switches at each location in the SAN. Each switch handles local interconnectivity and multiplexes traffic across long-distance dark fiber or wave division multiplexing (WDM) links, while the Brocade Extended - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 552
highest possible performance on ISLs. Extended Fabrics device limitations Note the limitations regarding the following platforms: • Brocade 8000 FCoE switch Extended Fabrics is not supported on this platform. • FC8-64 port blade Brocade recommends that you do not use the FC8-64 port blade for long - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 553
used. Only Brocade-branded or certain Brocade-qualified SFPs are supported. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command. 3. Enter the configure command to set the switch fabric-wide configurations. You can set the following - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 554
the connection is initiated, the fabric will reconfigure. Example The following example configures slot 1, port 2 to support a 100-km link in LS mode and to use the extended link initialization sequence. This example is for an 8-Gbps platform. switch:admin> portcfgfillword 1/2 3 switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 555
. If you do not disable buffer credit recovery, it continues to perform a link reset. switch:admin> portcfgcreditrecovery --disable [slot/]port 4. Configure the port to support long-distance links. switch:admin> portcfglongdistance [slot/]port,LS,0,-distance 100 Buffer credit management Buffer-to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 556
end of the link. These buffer credits are used by Class 2 and Class 3 services and rely on the Fibre Channel the other end must acknowledge that end. As the distance between switches and the link speed increases, additional buffer credits are required for the ports used for long-distance connections - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 557
command uses the average frame size with the speed and link distance to determine the number of buffer credits needed. Considerations for calculating buffer credits Considerations follow for calculating how many ports can be configured for long distance on all Fabric OS v7.x-capable switch modules - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 558
Fibre Channel data frames Fibre Channel frame fields Field size Start of frame 4 bytes Standard frame header 24 bytes Data (payload) 0-2,112 bytes CRC 4 bytes End on page 564 to get the total ports in a switch or blade, the number of user ports in a port group, and the unreserved buffer - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 559
set up the Brocade 300 user port) = 492 buffers to a single port, you can calculate the maximum single-port extended distance supported: Maximum Distance X (in km) = (BufferCredits + 6) * 2 / LinkSpeed 498 km = (492 + 6 buffers for Fabric Services) * 2 / 2 Gbps How many 50-km ports can you configure - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 560
configuring the LS mode with the portCfgLongDistance command, enter a desired_distance value of 207 for an actual 100-km link connected connection. This example uses 8 Gbps. 3. Look up the data_rate value for the speed of the connection. See "Fibre Channel Fabric OS supports a BB_SC_N connections. - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 561
option or the -frameSize option. Example switch:admin> portcfglongdistance 2/35 LS 1 -buffers 400 Reserved Buffers = 420 Configuring buffers using frame size You can configure the number of buffers by using the -frameSize option of the portCfgLongDistance command along with the -distance option - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 562
23 Buffer credit management To determine the number of buffers required, perform the following steps: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portBufferCalc command and provide values for the distance, port speed, and frame size. Example The - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 563
FC ports, ports per port group, and unreserved buffer credits per port group Switch/blade model Total FC ports (per switch/blade) User not supported on this switch *** VA-40FC 40 40 1692 Brocade Encryption Switch 32 16 1392 FC8-16 16 16 1292/508 Fabric OS Administrator's Guide 563 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 564
model Total FC ports (per switch/blade) User port group size Unreserved buffer credits per port group FC8-32 FC8-32E FC8-48 FC8-48E FC8-64 FC16-32 FC16-48 FS8-18 FX8-24 32 16 1292/508 32 16 5456 48 24 1228/716 48 24 5008 *** Extended Fabrics is not supported on this blade *** 32 16 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 565
be configured (assuming a 2112-byte frame size) Switch/blade model 2 Gbps 4 Gbps 8 Gbps 10 Gbps 16 Gbps FC8-32 FC8-32E FC8-48 FC8-48E FC8-64 on a Brocade 300 switch, the maximum equally distributed distance is calculated as 486 / 3 = 164 km. Downgrade considerations When Fabric OS firmware is - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 566
across any long-distance connection for which the E_Port, F_Port, or EX_Port buffer credit recovery mechanism is supported. For 16-Gbps FC devices and blades (Brocade 6505, 6510, 6520, CR16-4, CR16-8, FC8-32E, FC8-48E, FC16-32, FC16-48), you can use the portCfgCreditRecovery command to disable or - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 567
devices and blades that support 16 Gbps and 8 Gbps. Enabling and disabling buffer credit recovery To disable buffer credit recovery on a port, perform the following steps. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portCfgCreditRecovery command and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 568
Connect to the switch and log in using an account assigned to the admin role. 2. Enter the portCfgLongDistance command and include the -fecEnable option, or issue the portCfgFec command with the --enable option. 3. Enter the portCfgFec --show command to verify the configuration. Example switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 569
604 •Resource monitoring 604 •FC-FC routing and Virtual Fabrics 606 •Upgrade and downgrade considerations for FC-FC routing 609 •Displaying the range of output ports connected to xlate domains 609 FC-FC routing overview The FC-FC routing service provides Fibre Channel routing between two or more - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 570
information about QoS and instructions for setting traffic prioritization over an FC router. ATTENTION FCR is not supported on a Brocade 7800 that has been enabled for logical switches. License requirements for FC-FC routing The Integrated Routing license is required for FC-FC routing between Fabric - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 571
support FC-FC routing to a Brocade Network OS fabric, except for the Brocade Encryption Switch. • VEX_Ports do not support Network OS connectivity. • FCoE devices connected to a Brocade 8000 switch or FCOE10-24 blade cannot communicate with FCoE devices in the Network OS fabric. • If Admin Domains - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 572
Fibre Channel routing concepts Fibre Channel routing concepts Fibre Channel routing introduces the following concepts: • Fibre Channel router (FC router) A switch running the FC-FC routing service. Refer to "Supported platforms for FC-FC routing" on page 570 for a list of platforms that can be FC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 573
Fibre Channel FC router connecting FC router VEX_Port EX_Port (2) = LSAN Backbone fabric FIGURE 75 A metaSAN with edge-to-edge and backbone fabrics and LSAN zones • Proxy device A proxy device is a virtual device imported into a fabric by a Fibre Channel Fibre Channel a real Fibre Channel device, - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 574
24 Fibre Channel routing concepts • Fabric ID (FID) Every EX_Port and VEX_Port uses the fabric ID (FID) to identify the fabric at the opposite end of the with Fibre Channel routers. A simple metaSAN can be constructed using an FC router to connect two or more separate fabrics. Additional FC routers - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 575
76 Edge SANs connected through a backbone fabric • Phantom domains A phantom domain is a domain emulated by the Fibre Channel router. The FC router can emulate two SAN reached through Fibre Channel routing. Figure 77 illustrates this concept. Fabric OS Administrator's Guide 575 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 576
24 Fibre Channel routing concepts Host Proxy host (imported device) Proxy target (imported device) Fabric 1 EX_Port Target E_Port IFL Fabric 2 E_Port IFL FC router FIGURE 77 MetaSAN with imported devices FC-FC routing topologies The FC-FC routing service provides two types of routing: • Edge- - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 577
A phantom domain is a domain created by the Fibre Channel router. The FC router creates two types of phantom domains: front phantom domains and translate phantom domains. A front phantom domain, or front domain, is a domain that is projected from the FC router to the edge fabric. There is one front - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 578
24 Fibre Channel routing concepts Host 1 Fabric 1 Front domain 1 (FC router 1) Xlate domain 1 (Fabric 2) Front domain 2 (FC router 2) Xlate domain 2 (Fabric 3) Target 1' Target 2' Target 3' FIGURE 79 EX_Port phantom switch topology All EX_Ports or VEX_Ports connected to an edge fabric use the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 579
the setup for FC-FC routing" on page 580.) 2. Assign backbone fabric IDs. (Refer to "Backbone fabric IDs" on page 581.) 3. Configure FCIP tunnels if you are connecting Fibre Channel SANs over IP-based networks. (Refer to "FCIP tunnel configuration" on page 582.) Fabric OS Administrator's Guide 579 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 580
VACANT 12 SW BLADE 51 FC8-48 ENABLED Refer to Chapter 3, "Performing Advanced Configuration Tasks," for a list of blades and their corresponding IDs. 3. Enter the licenseShow command to verify that the Integrated Routing license is installed. switch:admin> licenseshow S9bddb9SQbTAceeC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 581
Routing license is not required if you are connecting to a Brocade Network OS fabric. 4. Verify that the Fabric-Wide Consistency Policy is not in "strict" mode by issuing the fddCfg --showall command. When it is in strict mode, ACL cannot support Fibre Channel routing in the fabric. switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 582
fabric ID: (1-128)[128] switch:admin> fosconfig --enable fcr FC Router service is enabled switch:admin> switchenable FCIP tunnel configuration The optional Fibre Channel over IP (FCIP) Tunneling Service enables you to use "tunnels" to connect instances of Fibre Channel SANs over IP-based networks to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 583
mode. • Set the fabric ID (avoid using fabric IDs 1 and 128, which are the default IDs for backbone connections). • Configure an EX_Port to connect to a Brocade Network OS fabric (portCfgEXPort only). The following example configures an EX_Port and assigns a Fabric ID of 30 to port 10. switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 584
in step 1. switch:admin> portenable 7/10 6. Physically attach ISLs from the Fibre Channel router to the edge fabric. 7. Enter the portCfgShow command to view ports that are persistently disabled. FC ports on the Brocade 7800 switches and FX8-24 blades are configured as persistently disabled - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 585
ON 9. Enter either the portCfgEXPort or portShow command to verify that each port is configured correctly. switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT OK Pid format: Not Applicable Operate mode: Brocade Native Edge Fabric ID: 30 Preferred Domain ID - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 586
as expected. NOTE The fcrFabricShow command displays the static IPv6 addresses for each FC router and each edge fabric switch connected to the EX_Ports. switch:admin> fcrfabricshow FCR WWN: 10: EX_Port FID Neighbor Switch Info (WWN, enet IP, name) 586 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 587
command to display the FCR details and ensure the fabric is functioning correctly. switch:FID128:root> iflshow E-Port EX-Port FCR-WWN FCR-FID FCR-Name Speed BW 1 : 350 --> 12 10:00:08:00:88:04:93:94 39 fcr_sw 4G 8G TRUNK FC router port cost configuration The FC router port cost is set - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 588
are connected to the same port set. Therefore, if you connect IFL1 and IFL2 to the same edge fabric in port set 0-7 and then configure commands, refer to the Fabric OS Command Reference. 1. Enter the portDisable command to disable any port on which you want to set the router port cost. switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 589
Enter the appropriate form of the fcrRouterPortCost command based on the task you want to perform: • To set the router port cost for a single EX_Port, enter the command with a port and slot number and a specific cost: switch:admin> fcrrouterportcost 7/10 10000 • To set the cost of the EX_Port back - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 590
switch management interfaces. You can define and manage LSANs using Brocade Advanced Zoning. NOTE For performance reasons, Brocade recommends that you do not configure LSANs for device sharing between Fabric OS fabrics until after you activate the Integrated Routing license. Use of Admin Domains - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 591
share a common set of devices setup admin and connect to switch1. 2. Enter the nsShow command to list the WWN of the host (10:00:00:00:c9:2b:c9:0c). NOTE The nsShow output displays the LSAN zone status of a device, the port WWN, and the node WWN; the port WWN must be used for LSANs. switch:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 592
: no configuration in effect 10. Enter the cfgAdd and cfgEnable commands to create and enable the LSAN configuration. switch:admin> cfgadd "zone_cfg", "lsan_zone_fabric2" switch:admin> cfgenable "zone_cfg" You are about to enable a new zoning configuration. 592 Fabric OS Administrator's Guide 53 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 593
[no] y zone config "zone_cfg" is in effect Updating flash ... 11. Log in as an admin and connect to the FC router. 12. Enter the following commands to display information about the LSANs: • lsanZoneShow -s shows the LSAN. switch:admin> lsanzoneshow -s Fabric ID: 2 Zone Name: lsan_zone_fabric2 10 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 594
of LSAN zones, or LSAN count, that can be configured on the edge fabrics. By default, the maximum LSAN count is set to 3000. You can increase the maximum LSAN count to 5000 without disabling the switch. The maximum number of LSAN devices supported is 10,000 (this includes both physical and proxy - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 595
and support configupload and configdownload. Enforce tag The Enforce tag reduces the resources used in an FC router by set up the Speed tag as follows: 1. In FC router 1 and FC router 2, configure the Speed tag as "super". 2. In Edge fabric 2, configure two LSANs: Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 596
fabric 1 Edge fabric 2 Edge fabric 3 FC router 1 FC router 2 = LSAN FIGURE 80 Example of setting up Speed LSAN tag Rules for LSAN tagging Note the following rules for configuring LSAN tags: • You configure the tags on the FC router, and not on the edge switches. If Virtual Fabrics is enabled - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 597
is eight. • Up to 500 Speed LSAN tags are supported. Configuring an Enforce LSAN tag 1. Log in to the FC router as admin. 2. Enter the following command to disable the FC router: switchdisable 3. Enter the following command to create an Enforce LSAN tag: fcrlsan --add -enforce tagname The tagname - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 598
1. Log in to the FC router as admin. 2. Enter the fcrlsan --remove command to remove an existing LSAN tag. If you remove an Enforce LSAN tag, you must disable the switch first. Example of removing an Enforce LSAN tag sw0:admin> switchdisable sw0:admin> fcrlsan --remove -enforce enftag1 LSAN - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 599
limit supported in the backbone fabric is not limited by the capability of one FC router. 1 Fabric 2 Fabric 3 FC router 1 Backbone fabric FC router 3 FC router 2 FC router 4 Fabric 7 Fabric binding LSAN zone 4 After you set up LSAN zone binding, each FC router stores information about only - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 600
access each other. You set up LSAN zone binding using the fcrLsanMatrix command. This command has two options: -fcr and -lsan. The -fcr option is for creating and updating the FC router matrix, and the -lsan option is used for creating and updating the LSAN fabric matrix. NOTE Best practice: Use - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 601
access each other, but cannot access fabrics 1 through 6. ATTENTION The fcrLsanMatrix --add -lsan 0 0 command will erase the entire LSAN fabric matrix settings in the cache. The FC router matrix and the LSAN fabric matrix are used together to determine which fabrics can access each other, with the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 602
> fcrlsanmatrix --add -lsan 10 19 FCR:Admin> fcrlsanmatrix --apply -all Viewing the LSAN zone binding matrixes 1. Log in to the FC router as admin. 2. Enter the following command to view the FC router matrix: fcrlsanmatrix --fabricview -fcr 3. Enter the following command to view the LSAN fabric - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 603
, EX_Ports and VEX_Ports detect, autonegotiate, and configure the fabric parameters without user intervention. You can optionally configure these parameters manually. • To change the fabric parameters on a switch in the edge fabric, use the configure command. Note that to access all of the fabric - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 604
frame forwarding is not supported in an FCR fabric with a Brocade 8000. By default, broadcast frame forwarding is disabled on an FC router. If your edge fabric includes a Brocade 8000, do not enable broadcast frame forwarding on the FC router, because this can degrade FCR performance when there is - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 605
FC router resources using the fcrResourceShow command. The fcrResourceShow command default maximum number of LSAN zones is 3000. Refer to "Setting command to display physical port (EX_Port) resources. switch:admin | 8 34 18 | 8 34 19 | 8 34 Fabric OS Administrator's Guide 605 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 606
command is allowed only on the base switch. • EX_Ports can connect to a logical switch that is in the same chassis or a different chassis. However, the FID of the EX_Port must be set to a different value than the FID of the logical switch to which it connects. • EX_Ports and VEX_Ports - those in FC - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 607
and Virtual Fabrics 24 • Although the Brocade 6510 and 6520 supports up to four logical switches, if you are using FC-FC routing, they can have a maximum of three logical switches. Logical switch configuration for FC routing Figure 82 shows an example of two chassis partitioned into logical - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 608
is not supported in the base switch, unless you use a legacy FC router. A legacy FC router is an FC router configured on a Brocade 7500 switch. Base switches can participate in a backbone fabric with legacy FC routers. You cannot connect devices to the base switch because the base switch does not - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 609
operations on the switch. Brocade recommends that you save your FC-FC routing configuration (using the configUpload command) before performing any downgrades. For further instructions on downgrading, refer to Chapter 9, "Installing and Maintaining Firmware". How replacing port blades affects EX_Port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 610
Displaying the range of output ports connected to xlate domains 1. Log in to a switch in the edge fabric. 2. Enter the lsDbShow command on the edge fabric. In 0, type = 1 LinkId = 1, out port = 32, rem port = 2, cost = 10000, costCnt = 0, type = 1 610 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 611
blades. Example of port index mapping on a CR16-4 blade in a DCX 8510-4 Backbone This example shows the output of the switchShow command for a CR16-4 core blade in slot 3 of a Brocade blade, no PID exists in the Address column. switch:FID128:admin> switchshow -slot 3 -qsfp switchName: switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 612
E-Port FC E-Port FC E-Port Example of port index mapping on an FC16-32 blade of a Brocade DCX 8510-8 Backbone This example shows the truncated output of the switchShow command for an FC16-32 port blade in slot 1 of a Brocade DCX 8510-8 Backbone. The Address column shows the PID. switch:FID128:admin - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 613
type, and slot number. switch:FID128:admin> switchshow -slot 10 switchName: my8510-8 (output truncated) Slot Blade Type ID Model Name Status 10 AP BLADE 75 FX8-24 ENABLED Index Slot Port Address Media Speed State Proto 80 10 0 505000 id 4G No_Light FC 81 10 1 505100 -- 4G - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 614
on blade type, platform type, and slot number. switch:FID128:admin> switchshow -slot 2 switchName: myswitch (output truncated) Slot Blade Type ID Model Name Status 2 AP BLADE 43 FS8-18 ENABLED Index Slot Port Address Media Speed State Proto 16 2 0 501000 -- N8 No_Module FC 17 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 615
standards to be satisfied by a cryptographic module utilized in Fabric OS v6.0.0 and later to protect sensitive information in the switch. As part of FIPS 140-2 level 2, compliance passwords, shared secrets, and the private keys used in SSL, TLS, and system login need to be cleared out or zeroized - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 616
to default passwords for the root, admin, and user default accounts. However, only the root account has permissions for this command. Users with securityadmin and admin permissions must use fipsCfg --zeroize, which, in addition to removing user accounts and resetting passwords, also performs the - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 617
logging both passing and failing results. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for instructions on how to recover if your system cannot get out of the conditional test mode. FIPS mode configuration By default, the switch comes up in non-FIPS mode. You can run the fipsCfg - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 618
Signed firmware download Mandatory firmware configured by the LDAP client. If the CA certificate is not present on the for FIPS ciphers and the switch is in non-FIPS mode, switch then user authentication will fail. then user authentication will succeed. 618 Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 619
DNS on the switch. Example of setting the DNS switch:admin> dnsconfig Enter option 1 Display Domain Name Service (DNS) configuration 2 Set DNS configuration 3 Remove DNS configuration 4 Quit Select an item: (1..4) [4] 2 Enter Domain Name: [] domain.com Enter Name Server IP address in dot notation - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 620
, or an account with OM permissions for the PKI RBAC class of commands. 2. Enter the secCertUtil import -ldapcacert command. Example of importing an LDAP certificate switch:admin> seccertutil import -ldapcacert Select protocol [ftp or scp]: scp Enter IP address: 192.168.38.206 Enter remote directory - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 621
. 2. Enter the secCertUtil export -ldapcacert command. Example of exporting an LDAP CA certificate switch:admin> seccertutil export -ldapcacert Select protocol [ftp or scp]: scp Enter IP address: 192.168.38.206 Enter remote directory: /users/aUser/certs Enter Login Name: aUser Enter LDAP certificate - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 622
PEAP-MSCHAPv2. Note that among the Windows RADIUS servers supported, only Windows 2000-, Windows 2003, and Windows 2008-based RADIUS servers may be used in a FIPS-compliant configuration. • If the switch is set for LDAP, refer to the instructions in "Setting up LDAP for FIPS mode" on page 619. 622 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 623
tcp -act deny ipfilter --activate http_block_v4 7. Use the snmpConfig --set seclevel command to turn on SNMP security. When prompted to select the SNMP SET Security Level, enter 3, for no access. Example switch:FID128:admin> snmpconfig --set seclevel Select SNMP GET Security Level (0 = No security - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 624
secure config Upload/Download: Press Enter to accept the default. • Enforce firmware signature validation: Yes Example switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 625
for FIPS B NOTE Passwords of the default accounts (admin and user) should be changed after every zeroization operation to maintain FIPS 140-2 compliance. 3. Power-cycle the switch. Displaying FIPS configuration 1. Log in to the switch using an account with admin or securityadmin permissions, or - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 626
B Preparing a switch for FIPS 626 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 627
Fibre Channel uses hexadecimal notation in hex triplets to specify well-known addresses and port IDs. Example conversion of the hexadecimal triplet Ox616000 Notice the PID (610600 - bolded) in the nsShow output is in hexadecimal. switch:admin on blades, NPIV, and Access Gateway devices) Result: - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 628
a1 a2 a3 a4 a5 a6 a7 a8 a9 aa Decimal 171 172 173 174 175 176 177 178 179 180 628 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 629
245 246 247 248 249 250 Hex f1 f2 f3 f4 f5 f6 f7 f8 f9 fa Decimal 251 252 253 254 255 Hex fb fc fd fe ff Fabric OS Administrator's Guide 629 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 630
C Hexadecimal Conversion 630 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 631
ICL license, 472 A AAA service requests, 149 aaaConfig command, 151, 152, 171, 175, 176, 622 accepting distributed user databases locally, 140 access API, 192 browser security support, 182 changing account parameters, 139 creating accounts, 138 deleting accounts, 139 HTTP, 192 IP address changes - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 632
port (port mode), 513 Admin Domain members, 447 alias members, 313 end-to-end monitors, 501 frame monitors to a port, 508 licensed features, 481 members to a zone configuration, 329 ports to logical switches, 295 public key to switch, 180 rules to an IP Filter policy, 223 switch or fabric to a zone - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 633
, 120 setting route policy, 121 AP Shared Link policy, 120 applications blade compatibility, 96 listener applications blocked, 192 used by switches, 192 aptPolicy command, 119, 121 assigning user-defined roles, 137 assigning users to Admin Domains, 444 audit log configuration, 107 configuring for - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 634
IDs, 582 blade compatibility, 96 fabric ID, 581-582 fabric, described, 572 port blades, described, 84 port configurations supported, 287 port restrictions, 287 shutdown, 77 upgrading firmware, 263 Backbone fabric, and TI zones, 355 Backbone firmware, 262-265 download, 262 download process overview - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 635
-8, 466 Brocade DCX-4S, 494 Brocade FC16-48 port blade enabling exceptions, 97 Brocade FC8-48 port blade enabling exceptions, 97 Brocade FC8-48E port blade enabling exceptions, 97 Brocade FC8-64 port blade enabling exceptions, 97 Brocade fixed-port switches, upgrading firmware, 261 Brocade FX8-24 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 636
support, 111 classConfig command, 135 classless inter-domain routing. See: CIDR. clearing performance monitor counters, 505 clearing zone configurations, 333 CLI capitalization in, 56 command history, 59 commands to display switch configuration, 247 commands to modify switch configuration, 247 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 637
262, 263, 271 haSyncStart, 263 help, 58 ifModeSet, 91 iodReset, 123 iodSet, 123 iodShow, 123 IP secConfig, 231, 236, 238, 239 ipAddrSet, 65, 66, 67, 223, 298 ipAddrShow, 63, 67 513, 514, 515 portBufferCalc, 399 Fabric OS Administrator's Guide 53-1002745-02 portBufferShow, 402, 562, 399 portCfg, - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 638
, 508 security considerations, 250 setup form, 253 supported for FA-PWWN, 429 without disabling a switch, 248 zones, 336 configuration file backing up, 244 backup, 244 chassis section, 243 configDownload command, in Admin Domain context, 460 display settings, 241 downloading, 460 fabric name issues - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 639
, 537 core-edge topology, 496 CP blades, 95 accessing, 156 licensed features and, 481 standby, 156 swapping, 481 CP8 blade devices supporting dual port, 86 dual port configuration, 85 creating Admin Domains, 443 alias, 313 base switches, 292 DCC policies, 204 FCS policies, 201 frame monitors, 507 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 640
secure protocols, 178 device accessing, 192 configuring authentication, 211 connecting, 78 CP8 blade dual port configuration, 85 CP8 blade dual port support, 86 limiting traffic from, 519 login, 51-53 proxy devices, 575 recovery, 53 verifying connectivity, 104 device authentication policy, 210 and - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 641
, 514 domain ID 0, 72 setting, 74 downgrading firmware, 257 download configuration file, 460 DPS described, 119 device-based routing, 120 support on Virtual Fabrics, 120 dropped frames, discovering why, 124 DSA key pair generation, 180 duplicate F_Port login, 110 NPIV port login, 110 Port World Wide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 642
ICL license, 472 equipment status, 102 errClear command, 259 errDump command, 105 errShow command, 105 ESP, described, 234 eth0 port on CP8 blade, 86 eth3 port on CP8 blade, 86 ethernet address, static, 64 ethernet interface on switch, 62 Virtual Fabrics, 63 ethernet IP address, setting static - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 643
for access gateways, 543 for Brocade adapters, 545 fabric access, 192 adding Top Talker monitors, 513 addresses. See: PID. authentication availability, 207 authentication license, 207 authentication policies, 207-217 changing name, 75 configurations in, 250 connectivity, 103 deleting all Top Talker - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 644
See also: FCR and Fibre Channel routing FCIP and FC-FC routing, 582 tunnel configuration, 582 tunnel hop support, 287 FC-NAT, defined, 113 fcoe command, 422 FCoE, NPIV required, 422 FCR and traffic isolation, 352 authentication, 579 Brocade 7800 logical switches, 570 fcrConfigure command, 581, 582 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 645
checksum test for FIPS, 268 signed, 267 switch version testing, 268 upgrading, 257 upgrading for Brocade fixed-port switches, 261 upgrading on Backbones, 263 upgrading on blades, 263 firmware download, 256 auto-leveling, 270 Backbones, 262 connected switches, 259 FICON CUP considerations, 257 FIPS - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 646
port configurations supported, 286 port restrictions, 286 FL_Port, described, 84 FLOGI, 52 defined, 51 FC-SP bit setting, 210 process, 52 rejected, 210 request frame header value, 52 fmMonitor command, 224, 505, 507, 508, 509 Advanced Performance Monitoring license, 506 fmsmode, and XISL, 289 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 647
187 Integrated Routing license, 570 Inter-Chassis Links. See: ICL. inter-fabric link See: IFL. Internet Explorer and SSL support, 182 Internet Explorer. See: IE. inter-switch link. See: ISL. iodReset command, 123 iodSet command, 123 iodShow command, 123 IP addresses configuring for a Virtual Fabric - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 648
support for IKE policies, 240 policies, 234-240 policy described, 234 pre-shared key, 235 protocol, described, 177 protocols, 233 sa-proposal, 234 security association, 233 security certificate, 236 traffic selector, 235 transform set, 235 tunnel configurations, 231-233 IP secConfig command - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 649
580 licenseSlotCfg command, 476, 477, 479 licensing, 463-489 overview, 463-470 limiting traffic from a device, 519 link operating mode, 90 link state database, 112 link state, in routing, 111 link, configuring through a gateway, 118 Linux FreeRADIUS and Fabric OS user setup, 154 LDAP authentication - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 650
name length consideration, 460 LSAN zones, 303 in Admin Domains, 459 lsCfg command, 291, 292, 294, 295, 296, 297 M M_Port, described, 84 making basic connections, 78 management channel, 136 management interface IP sec configuration, 231 security, 231-240 Fabric OS Administrator's Guide 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 651
described, 44 managing Admin Domains, 433-460 IP Filter thresholds, 224 trunking connections, 533-550 user accounts, 133-176 user-defined roles, 136-137 zoning configurations in a fabric, 333 manually distributing ACL policy database, 225 mask for end-to-end monitors, setting, 503 masterless EX_Port - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 652
, 143 strength, 141 password strength policy, 141 652 passwordless firmware download, 257 passwords boot PROM, 145-149 Backbone with recovery string, 146 Backbone without recovery string, 148 switch with recovery string, 145 switch without recovery string, 147 local user accounts, 139 policies for - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 653
saving IP Filter, 218 using service names in IP Filter rules, 220 policy database distribution, 224 settings, 225 viewing settings, 226 Virtual Fabric considerations, 225 policy set, defined, 196 port, 84-93 activating POD, 485 activation, 89 adding frame monitors to, 508 and blade compatibility, 96 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 654
and Fibre Channel fabrics, 113 identification by index, 87 by port area ID, 87 by slot and port number, 87 logical and zoning, 316 logical in ISL, 285 lossless dynamic load sharing, 125-128 manually disabling QoS on trunked ports, 524 moving, 279 naming, 86 port login command, 51 port login process - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 655
, 101 powering down, 76 powerOffListSet command, 101 powerOffListShow command, 102 power-on self tests for FIPS, 617 preparing a switch for FIPS, 621 preserving licenses, 463 pre-shared key, and IP sec, 235 pre-shared secret, length, 399 primary FCS, 45 primary FCS modifying, 201 Principal ISLs, 112 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 656
FIPS, 622 configuration with Admin Domains or Virtual Fabrics, 155 configuring support with Linux, 156 configuring support with Windows 2000, 158 deleting, 175 High Availability failover on, 156 reordering, 175 RSA setup, 160 setup, 156-162 RADIUS service ADList, 155 configuration, displaying, 176 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 657
upgrading temporary slot-based licenses, 479 Virtual Fabrics, 288 XISLs, 289 rexec listener application, 192 rlogin listener application, 192 Role-Based Access Control. See: RBAC. roleConfig command, 136 roles Admin Domain considerations, 135 assigning user-defined, 137 creating user-defined, 136 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 658
security level, 190 static ethernet IP address, 65 switch date and time, 69 time, 69 time zone, 70 time zone interactively, 71 settings, configuration, 241-253 shared ISL. See: extended ISL. shared secrets on Access Gateway, 213 shelf life of a universal temporary license, 480 shutdown Backbone, 77 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 659
PIDs, NPIV, 82 statistics, bottleneck, 391 status of equipment, 102 status policy threshold values, setting, 106 status policy threshold values, viewing, 105 Fabric OS Administrator's Guide 53-1002745-02 supported browsers, 182 supportSave command, 39 swapping blades, 97-100 SW-EXTTRAP, 189 switch - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 660
values, 105 switch authentication mode, setting, 152 switch authentication policy, 208 See also: AUTH. Switch Connection Control. See: SCC. switch firmware, 260-261 switch WWN in Admin Domains, 440 switchCfgPersistentDisable command, 100 switchCfgSpeed command, 92 switchCfgTrunk command, 538, 539 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 661
, 540 license requirements, 535 managing, 533-550 masterless, 534 overview, 533 port groups, 535 supported configurations, 535 supported platforms, 536 types, 534 with TI zones, 359 trunkShow command, 539 tsClockServer command, 71 tsTimeZone command, 69, 70 tunnel configurations using IP sec, 231 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 662
, 480 shelf life, 480 unlocking an account, 144 unordered frame delivery, restoring, 123 upgrading firmware, 257 upgrading temporary slot-based licenses, restrictions, 479 uploading AD configuration file, 460 USB device, 265, 265-266 usbStorage command, 265 user account assigning Admin Domains to - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 663
Fabric OS features, 288 IP address removal, 298 IP address setup, 298 IP Filter policy considerations, 218 LDAP server, 164, 169 logical fabrics about, 281 context change, 299 logical ISL (LISL), 284 logical switch creating, 292 default, 276 deleting, 294 displaying configuration, 296 overview, 276 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 664
switch configuration, 329 replacing member, 319 saved zone configuration, defined, 308 schemes, 307 setting default command, 317 zoneCreate command, 316, 530 zoneDelete command, 320 zoneHelp command, 304 zoneObjectRename command, 335 zoneObjectReplace command, 319 664 Fabric OS Administrator's Guide - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 665
zoneRemove command, 318 zoneShow command, 322 zoning advanced, 303-342 advanced commands, 304 defined, 304 enforcement, 308 on logical ports, 316 overview, 304 Fabric OS Administrator's Guide 665 53-1002745-02 - Dell Brocade M5424 | Brocade 7.1.0 Fabric OS Administrator's Guide - Page 666
666 Fabric OS Administrator's Guide 53-1002745-02
53-1002745-02
25 March 2013
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS 7.1.0