Home » Dell Manuals » Hubs & Switches » Dell PowerConnect Brocade M6505 » Manual Viewer

Dell PowerConnect Brocade M6505 Brocade 7.1.0 Access Gateway Administrator's G - Page 27

Supported policy modes, Fabric OS Administrator's Guide, Fabric OS Command Reference

View all Dell PowerConnect Brocade M6505 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

Fabric OS features in Access Gateway mode 1 For details on installing FCAP certificates and creating DHCAP secrets on the switch in AG or native mode, refer to the Fabric OS Administrator's Guide or Fabric OS Command Reference. For general information on authentication, refer to the section on authentication policy for fabric elements in the Configuring Security Policies chapter of the Fabric OS Administrator's Guide. Supported policy modes The following switch and device policy modes are supported by Access Gateway: • On - Strict authentication will be enforced on all ports. The ports on the AG connected to the switch or device will disable if the connecting switch or device does not support authentication or the policy mode is set to off. During AG initialization, authentication initiates on all ports automatically. • Off - The AG switch does not support authentication and rejects any authentication negotiation request from the connected fabric switch or HBA. A fabric switch with the policy mode set to off should not be connected to an AG switch with policy mode set to on since the on policy is strict. This will disable the port if any switch rejects the authentication. You must configure DH-CHAP shared secrets or install FCAP certificates on the AG and connected fabric switch before switching from a policy off mode to policy on mode. Off is the default mode for both switch and device policy. • Passive - The AG does not initiate authentication when connected to a device, but participates in authentication if the connecting device initiates authentication. The AG will not initiate authentication on ports, but accepts incoming authentication requests. Authentication will not disable AG F_Ports if the connecting device does not support authentication or the policy mode is set to off. Passive mode is the safest mode to use for devices connected to an AG switch if the devices do not support authentication. To perform authentication with switch policy, the on and off policy modes are supported on the AG switch. To perform authentication with device policy, the on, off, and passive modes are supported on the AG switch. Table 2 on page 8 describes the authentication behavior between a sending AG switch and receiving fabric switch. Access Gateway Administrator's Guide 7 53-1002743-01

Section	Page
About This Document	13
How this document is organized	13
Supported hardware and software	14
What’s new in this document	14
Document conventions	15
Text formatting	15
Command syntax conventions	15
Notes, cautions, and warnings	16
Notice to the reader	16
Key terms for Access Gateway	17
Additional information	18
Brocade resources	18
Other industry resources	18
Optional Brocade features	18
Getting technical help	18
Document feedback	19
Access Gateway Basic Concepts	21
Brocade Access Gateway overview	21
Comparing Native Fabric and Access Gateway modes	21
Fabric OS features in Access Gateway mode	23
Buffer credit recovery support	25
Forward error correction support	26
Virtual Fabrics support	26
Device authentication support	26
Access Gateway port types	29
Comparison of Access Gateway ports to standard switch ports	29
Access Gateway hardware considerations	31
Configuring Ports in Access Gateway Mode	33
Enabling and disabling Access Gateway mode	33
Port state description	34
Access Gateway mapping	35
Port mapping	36
F_Port Static Mapping	40
Device mapping	42
Considerations for Access Gateway mapping	48
N_Port configurations	50
Displaying N_Port configurations	51
Unlocking N_Ports	51
Persisting port online state	51
D_Port support	52
Limitations and considerations	52
Saving port mappings	53
Managing Policies and Features in Access Gateway Mode	55
Access Gateway policies overview	55
Displaying current policies	55
Access Gateway policy enforcement matrix	56
Advanced Device Security policy	56
How the ADS policy works	56
Enabling and disabling the ADS policy	57
Allow lists	57
ADS policy considerations	59
Upgrade and downgrade considerations for the ADS policy	59
Automatic Port Configuration policy	59
How the APC policy works	59
Enabling and disabling the APC policy	60
APC policy considerations	60
Upgrade and downgrade considerations for the APC policy	60
Port Grouping policy	61
How port groups work	61
Adding an N_Port to a port group	62
Deleting an N_Port from a port group	62
Removing a port group	62
Renaming a port group	63
Disabling the Port Grouping policy	63
Port Grouping policy modes	63
Creating a port group and enabling Automatic Login Balancing mode	64
Enabling MFNM mode	65
Disabling MFNM mode	65
Displaying the current MFNM mode timeout value	66
Setting the current MFNM mode timeout value	66
Port Grouping policy considerations	66
Upgrade and downgrade considerations for the Port Grouping policy	67
Device Load Balancing policy	67
Enabling the Device Load Balancing policy	67
Disabling the Device Load Balancing policy	67
Device Load Balancing policy considerations	68
Persistent ALPA policy	68
Enabling the Persistent ALPA policy	68
Disabling the Persistent ALPA policy	69
Persistent ALPA device data	69
Clearing ALPA values	69
Persistent ALPA policy considerations	70
Failover policy	70
Failover with port mapping	70
Failover with device mapping	73
Enabling and disabling the Failover policy on an N_Port	74
Enabling and disabling the Failover policy for a port group	74
Upgrade and downgrade considerations for the Failover policy	75
Failback policy	75
Failback policy configurations in Access Gateway	75
Enabling and disabling the Failback policy on an N_Port	76
Enabling and disabling the Failback policy for a port group	77
Upgrade and downgrade considerations for the Failback policy	77
Failback policy disabled on unreliable links (N_Port monitoring)	77
Trunking in Access Gateway mode	78
How trunking works	78
Configuring trunking on the Edge switch	78
Configuration management for trunk areas	79
Enabling trunking	81
Disabling F_Port trunking	81
Monitoring trunking	81
AG trunking considerations for the Edge switch	82
Trunking considerations for Access Gateway mode	85
Upgrade and downgrade considerations for trunking in Access Gateway mode	85
Adaptive Networking on Access Gateway	85
QoS: Ingress rate limiting	86
QoS: SID/DID traffic prioritization	86
Upgrade and downgrade considerations for Adaptive Networking in AG mode	86
Adaptive Networking on Access Gateway considerations	87
Per-Port NPIV login limit	87
Setting the login limit	87
Advanced Performance Monitoring	88
End-to-end monitors	88
Frame monitors	89
Limitations for using APM	90
Considerations for the Brocade 8000	90
Port mapping	90
Policy and feature support	90
Fabric OS command support	91
Considerations for the Brocade 6505 and 6510	92
SAN Configuration with Access Gateway	93
Connectivity of multiple devices overview	93
Considerations for connecting multiple devices	93
Direct target attachment	94
Considerations for direct target attachment	94
Target aggregation	95
Access Gateway cascading	96
Access Gateway cascading considerations	96
Fabric and Edge switch configuration	97
Verifying the switch mode	97
Enabling NPIV on M-EOS switches	98
Connectivity to Cisco fabrics	98
Enabling NPIV on a Cisco switch	98
Rejoining Fabric OS switches to a fabric	99
Reverting to a previous configuration	99
Troubleshooting	101

Match case Limit results 1 per page

Access Gateway Administrator’s Guide

53-1002743-01

Fabric OS features in Access Gateway mode

For details on installing FCAP certificates and creating DHCAP secrets on the switch in AG or native

mode, refer to the

Fabric OS Administrator’s Guide

Fabric OS Command Reference

For general information on authentication, refer to the section on authentication policy for fabric

elements in the Configuring Security Policies chapter of the

Fabric OS Administrator’s Guide

Supported policy modes

The following switch and device policy modes are supported by Access Gateway:

•

On - Strict authentication will be enforced on all ports. The ports on the AG connected to the

switch or device will disable if the connecting switch or device does not support authentication

or the policy mode is set to off. During AG initialization, authentication initiates on all ports

automatically.

•

Off - The AG switch does not support authentication and rejects any authentication negotiation

request from the connected fabric switch or HBA. A fabric switch with the policy mode set to off

should not be connected to an AG switch with policy mode set to on since the on policy is strict.

This will disable the port if any switch rejects the authentication. You must configure DH-CHAP

shared secrets or install FCAP certificates on the AG and connected fabric switch before

switching from a policy

off

mode to policy

mode. Off is the default mode for both switch and

device policy.

•

Passive - The AG does not initiate authentication when connected to a device, but participates

in authentication if the connecting device initiates authentication. The AG will not initiate

authentication on ports, but accepts incoming authentication requests. Authentication will not

disable AG F_Ports if the connecting device does not support authentication or the policy mode

is set to off. Passive mode is the safest mode to use for devices connected to an AG switch if

the devices do not support authentication.

To perform authentication with switch policy, the on and off policy modes are supported on the AG

switch. To perform authentication with device policy, the on, off, and passive modes are supported

on the AG switch.

Table 2

on page 8 describes the authentication behavior between a sending AG switch and

receiving fabric switch.