Dell PowerEdge M710HD Fabric OS Administrator’s Guide
Dell PowerEdge M710HD Manual
View all Dell PowerEdge M710HD manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerEdge M710HD manual content summary:
- Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 1
53-1001763-02 ® 13 September 2010 Fabric OS Administrator's Guide Supporting Fabric OS v6.4.0 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 2
service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners. Notice: This document data contained in this document may require an export license from visit http://www.brocade.com/support/oscd. Brocade Communications Systems, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 3
" to the 48000. 22 January 2008 Added Fabric OS v6.1.0 features. Added support for new hardware platforms: Brocade 5300, 5100, and 300. 12 March 2008 Updated document to streamline 18 July 2008 content. No new hardware or Fabric OS features. Added Fabric OS v 6.2.0 software 24 November 2008 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 4
iv Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 5
xxxvii Getting technical help xxxviii Document feedback xxxix Section I Standard Features Chapter 1 Understanding Fibre Channel Services In this chapter 3 Fibre Channel services overview 3 The Management Server 4 Platform services 4 Platform services in a Virtual Fabric 5 Enabling - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 6
processes 12 Performing Basic Configuration Tasks In this chapter 15 Fabric OS overview 15 Fabric OS command line interface 16 Console sessions using the serial port 16 Telnet or SSH sessions 17 Getting help on a command 18 Password modification 18 Default account passwords 19 The Ethernet - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 7
blades 46 Port and application blade compatibility 46 FX8-24 compatibility notes 48 Enabling and disabling blades 48 Enabling blades 48 Disabling blades 50 Blade swapping 50 Swapping blades 51 Swapping blades 52 Power management 53 Powering off a port blade 53 Powering on a port blade - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 8
Virtual Channels 67 Gateway links 69 Configuring a link through a gateway 70 Inter-chassis links 71 Supported topologies 72 Routing policies 73 Displaying Based Access Control (RBAC 84 The management channel 87 Local database user accounts 88 Default accounts 88 Local account passwords 89 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 9
key authentication 120 Secure Sockets Layer protocol 122 Browser and Java support 122 SSL configuration overview 123 Certificate authorities 123 The browser 125 Root certificates for the Java Plug-in 126 Simple Network Management Protocol 127 SNMP and Virtual Fabrics 128 The security level - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 10
Chapter 7 Configuring Security Policies In this chapter 133 ACL policies overview 133 How the ACL policies are stored 133 Policy members 134 ACL policy management 134 Displaying ACL Filter transaction 157 IP Filter policy distribution 158 x Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 11
184 Configuration management for Virtual Fabrics 184 Uploading a configuration file from a switch with Virtual Fabrics enabled 185 Restoring logical switch configuration using configDownload 185 Restrictions 186 Brocade configuration form 187 Installing and Maintaining Firmware In - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 12
Support 201 Public and Private Key Management 201 The firmwareDownload Command 201 Power-on Firmware Checksum Test 202 Test and restore firmware on switches 203 Testing a different firmware Virtual Fabrics mode 224 Configuring logical switches to use basic configuration values. . .225 Creating - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 13
240 Zone aliases 241 Zone configurations 242 Zoning enforcement 242 Considerations for zoning architecture 243 Best practices for in the defined configuration 251 Validating a zone 251 Default zoning mode 252 Setting the default zoning mode 252 Viewing the current default zone access mode - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 14
object 259 Renaming a zone object 260 Zoning configuration management 261 New switch or fabric additions 261 Fabric rules for TI zones 276 Supported configurations for Traffic Isolation Zoning 277 Additional configuration rules for enhanced TI Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 15
McDATA Open Fabric mode configuration restrictions 302 Interoperability support for logical switches 302 Switch configurations for interoperability 303 Enabling McDATA Open Fabric mode 303 Enabling McDATA Fabric mode 304 Enabling Brocade Native mode 305 Zone management in interoperable fabrics - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 16
ID behavior 322 Configuring the preferred domain ID and the insistent domain ID322 FICON implementation in a mixed Supported hardware in an interoperable environment 329 Supported features in an interoperable environment 331 Unsupported features in an interoperable environment 334 Managing - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 17
16 Fabric OS Administrator's Guide 53-1001763-02 Admin Domain management for physical fabric administrators . .344 Setting the default zoning mode for Admin Domains, zones, and zone databases 360 Admin Domains and LSAN zones 362 Configuration upload and download in an AD context . . . . . .362 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 18
Chapter 17 Viewing installed licenses 375 Activating a license 375 Adding a licensed feature 376 Displaying end-to-end and ISL monitor counters 397 Clearing end-to-end and ISL monitor counters 398 Saving and restoring monitor configurations 399 xviii Fabric OS Administrator's Guide 53 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 19
configuration details 420 Changing bottleneck alert parameters 420 Displaying bottleneck statistics 422 Disabling bottleneck detection on a switch 423 Managing Trunking Connections In this chapter 425 Trunking overview 425 Criteria for managing trunking connections 426 Supported hardware - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 20
Fabrics . . . . .452 Buffer credit recovery 453 Using the FC-FC Routing Service In this chapter 455 FC-FC routing service overview 455 Supported platforms for Fibre Channel routing 456 Supported configurations 456 Integrated Routing 457 xx Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 21
cost configuration 471 Port cost considerations 472 Setting router port cost for an EX_Port 473 EX_Port frame trunking configuration 474 Masterless EX_Port trunking 474 Supported configurations and platforms 475 Configuring .495 How replacing port blades affects EX_Port configuration. . . .495 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 22
the CP 507 Deleting an Inband Management route 508 Viewing Inband Management IP addresses and routes . . . . .508 FIPS 509 Examples of supported configurations 509 Configuring a Management Station on the same subnet . . . .509 Configuring a Management Station on different subnets. . . . 510 Port - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 23
E Index Preparing the switch for FIPS 527 Overview of steps 527 Enabling FIPS mode 528 Disabling FIPS mode 529 Zeroizing for FIPS 530 Displaying FIPS configuration 530 Hexadecimal Hexadecimal overview 531 Example conversion of the hexadecimal triplet Ox616000 . .531 Fabric OS Administrator - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 24
xxiv Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 25
3 Identifying the blades 51 Blade swap with Virtual Fabrics during the swap 52 Blade swap with Virtual Fabrics chassis and XISLs 234 Zoning example 239 Broadcast zones and Admin Domains 245 Traffic Isolation zone creating a dedicated path through the fabric 268 Fabric incorrectly configured - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 26
end-to-end performance monitors 387 Mask positions for end-to-end monitors 388 QoS traffic prioritization 407 QoS with E_Ports enabled 408 Traffic prioritization in a logical fabric 409 Distribution of traffic over ISL Trunking groups 426 Trunk group configuration 's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 27
Figure 79 Figure 80 Figure 81 Inband Management process 506 Management Station on same subnet 509 Management Station on a different subnet 511 Fabric OS Administrator's Guide xxvii 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 28
xxviii Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 29
account names and passwords 19 Table 3 Port numbering schemes for the Brocade 48000, Brocade DCX and DCX-4S enterprise-class platforms 40 Table 4 Brocade enterprise-class platform terminology and abbreviations 44 Table 5 Port blades supported by each platform 46 Table 6 Blade compatibility within - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 30
information 181 Brocade configuration and connection 187 Enterprise-class platform HA sync states 191 Blade and port types supported on logical switches 221 Virtual Fabrics interaction with Fabric OS features 222 Maximum number of logical switches per chassis 222 Types of zoning 239 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 31
104 Table 105 Table 106 Configuration upload and download scenarios in an AD context 362 Available Brocade licenses 366 License requirements 368 Base to Upgrade License Comparison 371 List of available ports when implementing PODs 378 Types of monitors supported on Brocade switch models 384 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 32
xxxii Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 33
," provides procedures for maintaining and backing up your switch configurations. • Chapter 9, "Installing and Maintaining Firmware," provides preparations and procedures for performing firmware downloads. • Chapter 10, "Managing Virtual Fabrics," describes the concepts and provides procedures for - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 34
which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 35
that was deleted: - "Managing iSCSI Gateway Service," which provides procedures for creating and maintaining iSCSI gateway services was removed from this manual and can be found in the iSCSI Administrator's Guide. For further information about documentation updates for this release, refer to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 36
guide are presented in mixed lettercase: for example, switchShow. In actual examples, command lettercase is often all lowercase. Otherwise, this manual . ATTENTION An Attention statement indicates potential damage to hardware or data. xxxvi Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 37
hazardous to you or cause damage to hardware, firmware, software, or data. DANGER A documentation that you might find helpful. Brocade resources To get up-to-the-minute information, go to http://my.brocade.com and register at no cost for a user ID and password. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 38
storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web site: http://www.fibrechannel.org Getting technical help Contact your switch support supplier for hardware, firmware, and software support - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 39
side of the switch. • Brocade 7600, 7800, and 8000 - On the bottom of the chassis. • Brocade 48000 - Inside the chassis next to the power supply bays. • Brocade DCX Backbone - On the bottom right on the port side of the chassis. • Brocade DCX-4S Backbone - On the bottom right on the port side of the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 40
xl Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 41
4, "Routing Traffic" •Chapter 5, "Managing User Accounts" •Chapter 6, "Configuring Protocols" •Chapter 7, "Configuring Security Policies" •Chapter 8, "Maintaining the Switch Configuration File" •Chapter 9, "Installing and Maintaining Firmware" •Chapter 10, "Managing Virtual Fabrics" •Chapter 11 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 42
2 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 43
login 10 •High availability of daemon processes 12 Fibre Channel services overview Fibre Channel services define service functions such as the Name Server, Management Server, Security Key Distribution Server, and Time Server. Every Brocade switch has reserved three-byte addresses referred to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 44
Management Server Management Server - The Management Server provides a single point for managing the fabric. The only service that is user-configurable is the Management Server. Alias Server - The Alias Server keeps a group of nodes registered as one name to handle multicast groups. Broadcast Server - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 45
configuration information as well as database in the entire fabric. Would you like to continue this operation? (yes, y, no, n): [no] y Request to deactivate MS Platform Service in progress...... *Completed deactivating MS Platform Service in the fabric! Management server database You can control - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 46
WWN was added correctly, enter 0 at the prompt to end the session. 7. At the "Update the FLASH?" prompt, enter y. 8. Press Enter to update the nonvolatile memory and end the session. Example of adding a member to the management server ACL switch:admin> msconfigure 0 Done 1 Display the access - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 47
, enter y. 8. Press Enter to update the nonvolatile memory and end the session. Example of deleting a member from the management server ACL switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN Fabric OS Administrator's Guide 7 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 48
: 1 Associated Node Names: 10:00:00:60:69:20:15:75 Clearing the management server database NOTE The command msPlClearDB is allowed only in AD0 and AD255. 1. Connect to y to confirm the deletion. The management server platform database is cleared. 8 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 49
default management server topology might erase all node ID entries. Example of disabling discovery switch:admin> mstddisable This may erase all NID entries. Are you sure? (yes, y, no, n): [no] y Request to disable MS Topology Discovery Service in progress.... Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 50
Fabric Controller to access the fabric. Once storage and host devices are powered on and connected, the following logins occur: 1. FLOGI-Fabric Login command establishes a 24-bit address for the device logging in, and establishes buffer-to-buffer credits and the class of service supported. 2. PLOGI - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 51
it exchanges service parameters with the fabric controller. A successful supported between F_Ports. • VE_Port - A virtual E_Port is a gigabit Ethernet switch port configured for an FCIP tunnel. However, with a VEX_Port at the other end, it does not propagate fabric services Guide 11 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 52
Server before querying for a device list. The embedded port still performs a PLOGI and attempts a PRLI with these devices. If a port decides to end zoning or powering on or configure the startup process. The following sequence of events occurs when a non-critical daemon fails fails, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 53
. Reliability, Availability, and Supportability daemon logs error detection, reporting, handling, and presentation of data into a format readable by you and management tools. Remote Procedure Call daemon, used by the API (Fabric Access API and SMI-S). Simple Network Management Protocol daemon. Trace - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 54
1 High availability of daemon processes 14 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 55
following methods to configure a SAN: • Web Tools For Web Tools procedures, see the Web Tools Administrator's Guide. • Data Center Fabric Manager (DCFM) For DCFM procedures, see the Data Center Fabric Manager Professional User Manual or Data Center Fabric Manager Enterprise User Manual depending on - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 56
OS command line interface Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc., documenting all possible configurations and scenarios is beyond the scope of this document. In some cases, earlier releases are highlighted to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 57
configure the network interface on a DHCP-enabled switch, plug the switch into the network and power do, your next attempt to log in fails. To recover, gain access to the switch instructions on performing a fast boot with Web Tools, see the Web Tools Administrator's Guide.) - If you have the required - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 58
connection finds the switch in the network. 5. Enter the account ID at the login prompt. See "Password modification" on page 18 for instructions on how to log in for the first time. 6. Enter the password. If you have not changed the system passwords from the default, you are prompted to change them - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 59
2 to log in to the switch for the first time and to perform the basic configuration tasks. There is only one set of default accounts for the entire chassis. The root and factory default accounts are reserved for development and manufacturing. The user account is primarily used for system monitoring - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 60
network interface configuration. On Brocade enterprise-class platforms you must set IP addresses for the following components: • Both CPs (CP0 and CP1) • Chassis management IP On the Brocade switches, you must set the Ethernet and chassis management IP interfaces. Setting the chassis management - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 61
IP address, subnet mask, and gateway address are displayed, then the network interface is configured. Verify the information on your switch is correct. If DHCP is enabled, the network interface information was acquired from the DHCP server. NOTE You can use either IPv4 or IPv6 with a classless inter - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 62
an application blade, configure the two external Ethernet interfaces to two different subnets. If two subnets are not present, configure one of the for a Virtual Fabric, refer to Chapter 10, "Managing Virtual Fabrics". 3. Enter the network information in dotted-decimal notation for the Ethernet IPv4 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 63
the same subnet as the switch. Do not enable DHCP if the DHCP server is not on the same subnet as the switch. Enabling DHCP after the Ethernet information has been configured releases the current Ethernet network interface settings, including Ethernet IP Address, Ethernet Subnetmask, and Gateway IP - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 64
default gateway address. Otherwise, the Ethernet settings may conflict with other addresses assigned by the DHCP server on the network network interface. Each interface is configured network. To provide for wider accessibility, interfaces are typically configured support autoconfiguration, the enabled - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 65
are used for logging, error detection, and troubleshooting, you should set them correctly. In a Virtual Fabric, there can be a maximum of eight logical switches per director or enterprise-class platform. Only the default switch in the chassis will update the hardware clock. When the date command - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 66
Display all of the time zones supported in the firmware. • Set the time zone at the default setting. • System services that have Updating the time zone on any switch updates the entire director. • The time zone of the entire director is the time zone of switch 0. 26 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 67
time protocol You can synchronize the local time of the principal or primary fabric configuration server (FCS) switch to a maximum of eight external network time protocol (NTP) servers. To keep the time in your SAN current, it is recommended that the principal or primary-FCS switch has its time - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 68
Clock Server configuration...done. Updated with the NTP servers Changes to the clock server value on the principal or primary FCS switch are propagated to all switches in the fabric. Domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can change them manually so - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 69
them will need to have its domain ID changed to a domain ID not used within the fabric. The default domain ID for Brocade switches is 1. ATTENTION Do not use domain ID 0. The use of this domain ID format of the embedded port D_ID. The switch's WWN. Fabric OS Administrator's Guide 29 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 70
Enter the switchDisable command to disable the switch. 3. Enter the configure command. 4. Enter y after the Fabric Parameters prompt: Fabric parameters ID value from 1 through 239 for normal operating mode (FCSW-compatible). Domain: (1..239) [1] 3 6. Respond to the remaining Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 71
are more useful. All chassis names have a limit of chassis name for future reference. Switch activation and deactivation By default, the switch is enabled after power instructions below, also known as a graceful shutdown. Cold boot refers to shutting down the appliance by suddenly shutting down power - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 72
systems on your switch. You are required to power-cycle the switch in order to restore operation. Are you sure you want to shutdown the switch [y/n]?y HA is disabled Stopping blade 10 Shutting down the blade.... Stopping blade 12 Shutting down the blade.... Broadcast message from root (pts/0) Fri - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 73
, and then use the portEnable command to enable the port. Switch connection See the hardware user's guide of your specific switch for interswitch link (ISL) connection and cable management information. The standard or default ISL mode is L0. ISL Mode L0 is a static mode, with the following maximum - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 74
2 Basic connections 34 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 75
•PIDs and PID binding overview 35 •Ports 39 •Blade terminology and compatibility 44 •Enabling and disabling blades 48 •Blade swapping 50 •Power management 53 •Equipment status 54 •Track and control switch changes 56 •Audit log configuration 59 PIDs and PID binding overview Port identifiers - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 76
supports addresses from 0x00 to 0x8F. NOTE The default switch in the Brocade DCX and DCX-4S enterprise-class platform still uses the fixed addressing mode in order to support 4 Gbps blades. • Shared area limitations are removed on 48-port blades. 36 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 77
blade). • Any port on a 48-port blade can support loop devices. • Any port on a 48-port blade can support hard port zoning. • Port index is not guaranteed to be equal to the port area_ID. 256-area addressing mode This configurable a 48-port blade; but this mode may not be compatible with domain,index - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 78
number of ports in the default switch must be 256 or less. When the WWN-base PID assignment feature is enabled and a new blade is plugged into the chassis, the ports for which the area is not available are disabled. NPIV If any NPIV devices have static PIDs configured and the acquired area is - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 79
, and the Brocade DCX-4S Data Center Backbone Hardware Reference Manual, respectively. The different blades that can be inserted into a chassis are described as follows: • Control processor blades (CPs) contain communication ports for system management, and are used for low-level, platform-wide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 80
control processor, core, port, and AP blades: • Slot numbers 4 and 5 contain CPs. • Slot numbers 3 and 6 contain core blades. • Slot numbers 1 and 2, and 7 and 8 contain port and AP blades. NOTE The Core blades are for Storage Application manageability purposes; you cannot Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 81
number where the blade is installed. 1. Connect to . On 48-port blades, port swapping is supported only on ports 0-15 blades, indexing was introduced. Unique area IDs are possible for up to 255 areas, but beyond that there needed to be some way to ensure uniqueness. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 82
supported supported for ports above 256. Swapping port area IDs If a device that uses port binding is connected to a port that fails , you can use port swapping to make another physical port use the same PID as the failed across reboots, power cycles, and FC8-48 port blades. You cannot By default, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 83
after a power cycle or a switch reboot. To ensure the port remains enabled, use the portCfgPersistentEnable command as instructed below. slotnumber/portnumber. If you change port configurations during a switch failover, the ports 2/3 0 done. Fabric OS Administrator's Guide 43 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 84
to autonegotiate: switch:admin> switchcfgspeed 0 Committing configuration...done. Blade terminology and compatibility Before configuring a chassis, familiarize yourself with the platform CP blade and port blade nomenclature, as well as the port blade compatibilities. Often in procedures, only the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 85
. This blade is currently compatible with the Brocade 48000 CP blades (using chassis configuration option 5). An application blade that has 16 (1-, 2-, and 4-Gbps) ports supporting Fibre Channel Application Services and two 10/100/1000 BaseT Ethernet copper interfaces supporting blade management. An - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 86
correct this issue by upgrading the firmware on the CP blade in a Brocade DCX or DCX-4S chassis. Mixed CP blades are not supported on a single chassis, except during specific upgrade procedures detailed in the Brocade 48000 Hardware Reference Manual. CP4 and CP8 blades cannot be mixed in the same - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 87
and compatibility 3 TABLE 5 Port blades supported by each platform (Continued) Port blades Brocade 48000 (CP4) Brocade DCX and DCX-4S FS8-18 Unsupported Supported FX8-24 Unsupported Supported 1. During power up when an FCOE10-24 is detected first before any other AP blade in a chassis - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 88
detect the above configuration. Enabling and disabling blades Port blades are enabled by default. In some cases, you will need to disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the port blade to be disabled - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 89
. NOTE The FC4-16IP blade is not supported in either the Brocade DCX or DCX-4S enterprise-class platform. • You have turned on the power to the chassis and the FR4-18i blade in that slot was not active prior to the power-on you must persistently enable the ports manually. For instructions on how to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 90
are retained. NOTE This is not true for the 8-Gbps port blades. Because FC8- type blades support EX_Ports, they are still retained in the configuration, but the ports are persistently disabled. The FC10-6 blade does not support EX_Ports. Disabling blades 1. Connect to the switch and log in as admin - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 91
compatibility between the blades selected for the swap operation: • Blade technology. Both blades must be of compatible technology types (for example, Fibre Channel to Fibre Channel, Ethernet to Ethernet, application to application, etc). • Port Count. Both blades must support failed. blade has - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 92
assigned to the admin role. 2. Enter the bladeSwap command. If no errors are encountered, the blade swap will complete successfully. If errors are encountered, the command is interrupted and the ports are set back to their original configuration. 52 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 93
move the cables from the source blade to the destination blade. 4. Enter the bladeEnable command on the destination blade to enable all user ports. Power management All blades are powered on by default when the switch chassis is powered on. Blades cannot be powered off when POST or AP initialization - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 94
management of key hardware blades. 4. Enter the fanShow to display the current status and speed of each fan in the system. Refer to the hardware reference manual of your system to determine the appropriate values. 5. Enter the psShow to display the current status of the switch power supplies - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 95
system error logs for more information. INITIALIZING: The blade is present, powered on, and initializing hardware components. INSERTED, NOT POWERED ON: The blade is present in the slot but is turned off. LOADING: The blade is present, powered on, and loading the initial configuration. POWERING UP - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 96
control devices that are connected. Track and control switch changes The track changes feature allows Successful login • Unsuccessful login • Logout • Configuration file change from task • Track changes is on: switch:admin> trackchangesset 1 Committing configuration...done. 3. View the log using the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 97
control the track changes feature is configured to send SNMP traps. of the switch will change if three ports fail. Only one policy parameter needs to pass the Fabric Watch Administrator's Guide. 1. Connect to the a switch change, an error message is logged and 1 CP 0 1 Blade 0 1 CoreBlade 0 1 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 98
status: (0..8) [0] Down Blade contributing to MARGINAL status: (0..8) [1] Down CoreBlade contributing to DOWN status: (0..2) [0] Down CoreBlade contributing to MARGINAL status: (0..2) [1] Out of range Flash contributing to DOWN status: (0..1) [0] 58 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 99
, the command output includes parameters related to CP blades. Audit log configuration When managing SANs you may want to audit certain classes of event log configuration has no control over these facilities, audit events can be lost if the system message log and IP network facilities fail. • - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 100
Reference for details on message formats. For more information on setting up the system error log daemon, refer to the Fabric OS Troubleshooting and Diagnostics Guide. Verifying host syslog prior to configuring the audit log Audit logging assumes that your syslog is operational and running. Before - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 101
the network is configured with a network connection between the switch and the remote host. 4. Check the host SYSLOG configuration. If all error levels are not configured, you 128, , Event: login, Status: failed, Info: Failed login attempt via REMOTE, IP Addr: 10.3.220.13. Fabric OS Administrator - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 102
3 Audit log configuration 62 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 103
This limit is not required or enforced by FSPF. Its purpose is to ensure that a frame is not delivered to a destination after R_A_TOV has expired. Unicast, multicast, and broadcast traffic are supported. Both Unicast Class 2 and 3 traffic are supported. Broadcast and multicast are supported in Class - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 104
by the path, and chooses the path that minimizes the costs. This collection of the link states, including costs, of all the switches in the fabric constitutes the topology database or link state database. Once established, FSPF programs the hardware routing tables for all active ports on the switch - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 105
require network address translation (FC-NAT). Using FC-NAT, the proxy devices in a fabric can have PIDs that are different from the real devices they represent, allowing the proxy devices to have appropriate PIDs for the address space of their corresponding fabric. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 106
refer to Chapter 1, "Understanding Fibre Channel Services". FIGURE 6 New switch added to existing fabric following parameters are different: • Domain ID • Switch name • Chassis name You must also verify the following fabric parameters are identical Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 107
. Some fabric services, such as Management Server must match. If it is enabled in the fabric, then the switch you are introducing into the fabric must also have it enabled. If you experience a segmented fabric, refer to the Fabric OS Troubleshooting and Diagnostics Guide to fix the problem. Buffer - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 108
4 Inter-switch links FIGURE 7 Virtual Channels on a 1/2/4 Gbps ISL Quality of Service (QoS) is a licensed traffic shaping feature available in Fabric OS. QoS allows the prioritization on QoS zones refer to Chapter 18, "Optimizing Fabric Behavior". 68 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 109
point-to-point E_Port connectivity between two Fibre Channel switches that are separated by a network with a protocol such as IP or SONET. Except for link initialization, gateways are separate SANs, A-1 and A-2, merged together using a gateway. Fabric OS Administrator's Guide 69 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 110
9 Gateway link merges SAN By default, switch ports initialize links using feature) are not supported through gateway links. Configuring a link through a gateway 1. Connect to the switch at one end of the gateway and the other end of the gateway. 70 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 111
Backbones are interconnected by ICLs, each chassis still requires a unique domain and is managed as a separate switch. On the Brocade DCX there are two ICL connectors at ports ICL0 and ICL1 on each core blade, each aggregating a set of 16 ports. Thus, each core blade provides 32 ICL ports and there - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 112
ATTENTION LED is blinking yellow. For additional information about the LED status for blades and ports, see the Brocade DCX Hardware Installation manual. When you connect two Brocade Backbones, the following features are supported: • 8 Gbps speed • Trunking • Buffer-to-buffer credit sharing • QoS - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 113
Backbone Hardware Reference Manual for instructions on how to cable ICLs. Chassis 1 Chassis 3 ICL 3 ICL 1 ICL 2 Chassis 2 FIGURE 11 ICL triangular topology Virtual Fabrics considerations: In Virtual Fabrics, the ICL ports can be split across the logical switch, base switch and default switch - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 114
configurations, the default configuration or application requires it. Displaying the current routing policy 1. Connect to the switch and log in as admin. 2. Enter the aptPolicy command with no parameters. The current policy is displayed, followed by the supported the network (which Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 115
to the Fibre Channel over IP Administrator's Guide. AP route policy On the Brocade 7500 switch and FR4-18i blade, eight internal physical links are used by router. Two additional AP policies are supported under exchange-based routing: • AP Shared Link policy (default) • AP Dedicated Link policy The - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 116
Take the appropriate following action based on the route policy you choose to implement: • If AP Shared Link policy (default) is required, enter the aptPolicy -ap 0 command. • If AP Dedicated Link policy is required, enter the aptPolicy -ap 1 command. Route selection Selection of specific routes can - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 117
with current routing policy. DLS is set with Lossless enabled." Indicates that the current routing policy (exchange-based) requires DLS to be enabled by default. In addition, the lossless option is enabled. Frame loss is prevented during a load sharing re-computation. If you get this message, you - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 118
are delivered to the target out-of-order, regardless of the policy configured on other switches in the fabric. NOTE Some devices do not tolerate devices tolerate out-of-order delivery, but some do not. By default, out-of-order frame-based delivery is allowed to minimize the Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 119
(I/O) failures. For devices where In-Order Delivery (IOD) of frames is required, you can set IOD separately. You can use this feature with the Brocade300 and the FX8-24 application blade, Lossless DLS is supported only on FC to FC port flows. ATTENTION When you implement Lossless DLS, the switches - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 120
or vice-versa, will experience I/O disruption because the FC10-6, FA4-18, and FR4-18i blades do not support this feature. Configuring Lossless Dynamic Load Sharing You configure Lossless DLS switch- or chassis-wide by using the dlsSet command to specify that no frames are dropped while rebalancing - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 121
logical switches that require Lossless DLS at the blade boundary. • Define logical switches that require Lossless DLS only using supported blades. For example, do not use blades that support IOD, but do not support Lossless DLS. For more information on Virtual Fabrics and chassis-level permissions - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 122
time this command is run the following zone objects are created by default: • The base zone object, "red_______base". • The RD zone configuration, "r_e_d_i_r_c__fg". 1. Connect to the switch and log in using an role. 2. Enter the cfgShow command. 82 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 123
Password policies 91 •The boot PROM password 95 •The authentication model using RADIUS and LDAP 99 User accounts overview In addition to the default accounts-root, factory, admin, and user-Fabric OS supports in to by default. The home in to by default. The home Managing Administrative Domains". For more information about - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 124
users-remote RADIUS services, remote LDAP service, and the local switch user database. All options allow users to be centrally managed using the following methods: • Remote RADIUS server: Users are managed in a remote RADIUS server. All switches in the fabric can be configured to authenticate - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 125
. For user-defined accounts, the default home domain is the Admin Domain in Blade OM O OM OM Converged Enhanced Ethernet (FCoE) OM O Chassis Configuration1 OM O Chassis Management2 OM O OM O OM OM OM OM Configure OM O O O Configuration Management OM O O O Data Migration Manager - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 126
Configuration Firmware Key Management Firmware Management FRU Management HA (High Availability) IPsec Management iSCSI License LDAP Local User Environment Logging Management Access Configuration Management Server Name Server Nx_Port Management O N 86 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 127
Configuration OM OM OM OM O Switch Port Management OM OM OM OM O Topology OM O OM O N USB Management OM N N N OM User Management OM N N N OM WWN Card OM N OM OM N Zoning OM O OM O O 1. Only with the chassis 4 Fabric OS Administrator's Guide 87 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 128
user database. The password for all default accounts should be changed during the initial installation and configuration for each switch. TABLE 14 Default local user accounts Account name Role Admin Domain Logical Fabric Description admin factory root user Admin Factory Root User AD0-255 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 129
command. NOTE You cannot delete the default accounts. An account cannot delete itself. account, refer to Chapter 15, "Managing Administrative Domains". 1. Connect to the password is being changed. 3. Enter the requested information at the prompts. Fabric OS Administrator's Guide 89 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 130
enabled and there are logical switches defined other than the default logical switch, then distributing the password database to switches is not supported. If the distribute command is issued from a pre- Enter the fddCfg --localreject PWD command. 90 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 131
changes are not permitted on the standby CP. Password authentication policies configured using the passwdCfg command are not enforced during initial prompts to change default passwords. Password strength policy The password strength policy is enforced across all user accounts, and enforces a set - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 132
exceeding two characters. The range of allowed values is 1 - 40. The default value is 1. Example of a password strength policy The following example shows a password strength policy that requires passwords to contain at least 3 uppercase characters, 4 lowercase characters and 2 numeric digits - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 133
of failed login attempts, and is enforced across all user accounts. You can configure this reset to zero when the account is unlocked after a lockout duration period expires. The admin account can also have the lockout policy enabled on it. The admin account lockout policy is disabled by default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 134
password before the account is locked. The number of failed login attempts is counted from the last successful login. LockoutThreshold values range from 0 to 999, and the default to 99999, and the default value is 30. Setting the value to 0 disables lockout duration, and would require a user to seek - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 135
PROM password requires accessing please contact your switch support provider for instructions. 1. Connect to the Support for password recovery: afHTpyLsDo1Pz0Pk5GzhIw== Enter the supplied recovery password. Recovery Password: 5. Enter the recovery password (string). Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 136
• If a password was previously set, the following messages display: Send the following string to Customer Support for password recovery: afHTpyLsDo1Pz0Pk5GzhIw== Enter the supplied recovery password. Recovery Password: 6. Enter the recovery password (string). 96 Fabric OS Administrator's Guide 53 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 137
for future use. The new password is automatically saved (the saveEnv command is not required). 8. Connect to the active CP blade using serial or Telnet and enter the haEnable command to restore high availability; then fail over the active CP blade by entering the haFailover command. Traffic flow - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 138
Off, and then back to On. This causes the blade to reset. 5. Press ESC within four seconds after the message Press escape within 4 seconds... displays. The following options are available: Option Description 1 Start system. 2 Recovery password. 3 Enter command shell. Continues the system boot - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 139
high availability. NOTE To recover lost passwords refer to the Fabric OS Troubleshooting and Diagnostics Guide. The authentication model using RADIUS and LDAP Fabric OS supports the use of either the local user database and the remote authentication dial-in user service (RADIUS) at the same time; or - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 140
at least two RADIUS servers so that if one fails, the other will assume service. You can set the configuration with both RADIUS or LDAP service and local authentication enabled so that if the RADIUS or LDAP servers do not respond due to power failure or network problems, the switch uses local - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 141
map an LDAP server role to one of the default roles available on a switch. RADIUS and LDAP support all the defined RBAC roles described in Table 10 on page 84. Users must enter their assigned RADIUS or LDAP account name and password when logging in to a switch that has been configured with RADIUS or - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 142
of the assigned role and other supported attribute values such as Admin Domain member list. Fabric OS users on the RADIUS server All existing Fabric OS mechanisms for managing local switch user accounts and passwords remain functional when the switch is configured to use RADIUS. Changes made to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 143
The authentication model using RADIUS and LDAP 5 Windows 2000 IAS To configure a Windows 2000 internet authentication service (IAS) server to use VSA to pass the Admin role to the switch in the dial-in profile, the configuration specifies the Vendor code (1588), Vendor-assigned attribute number - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 144
list is corrected; an error message is displayed. For example, on a Linux FreeRadius Server, the user (user-za Password == "password" Brocade-Auth-Role = "operator", Brocade-AVPairs1 = "ADList=1,2;HomeAD=2", Brocade-AVPairs2 = "ADList=-4-8,20;ADList=7,9,12" 104 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 145
any of the files used in this configuration, you must stop the server and restart it for the changes to take effect. FreeRADIUS installation places the configuration files in $PREFIX/etc/raddb. By default, the PREFIX is /usr/local. Configuring RADIUS service on Linux consists of the following tasks - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 146
RADIUS configuration directory and loaded for use by the RADIUS server. network information service (NIS) for authentication, the only way to enable authentication with the password file is to force the Brocade switch to authenticate using password authentication protocol (PAP); this requires - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 147
internet authentication service (IAS) For more information and instructions on installing IAS, refer to the Microsoft Web site. 2. Enabling the Challenge Handshake Authentication Protocol (CHAP) If CHAP authentication is required, then Windows must be configured to store passwords with reversible - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 148
. For example, you should configure a user group for root, admin, factory, switchAdmin, and user, and then add any users whose logins you want to associate to the appropriate group. 4. Configuring the server For more information and instructions on configuring the server, refer to the Microsoft Web - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 149
server For more information on how to install and configure the RSA Authentication Manager and the RSA RADIUS server, refer to your documentation C:\Program Files\RSA Security\RSA RADIUS\Service Figure 14 on page 110 shows files for RSA RADIUS Server must remain in the installation directory. Do not - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 150
Dictionary FIGURE 14 Example of a Brocade DCT file dictiona.dcm # Generic Radius @radius.dct # # Specific Implementations (vendor specific) # @3comsw.dct @aat.dct @acc.dct @accessbd.dct @agere.dct @agns.dct will equal the role on the switch. 110 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 151
on RBAC roles, see "Role-Based Access Control (RBAC)" on page 84. NOTE All instructions involving Microsoft Active Directory can be obtained from www.microsoft.com or your Microsoft documentation. Confer with your system or network administrator prior to configuration for any special needs your - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 152
server role to one of the default roles available on the switch. 4. Associate the user to the group by adding the user to the group. For instructions on how to create a user refer to www.microsoft.com or Microsoft documentation the format of "user@domain", is required to login. Assigning the group ( - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 153
installed to proceed with the rest of the setup. For Windows 2003, this utility comes with Service the homeAD '0' will be the default administrative domain for the user. • logged into by default is 10. If also have the chassis role permission of Microsoft documentation or Microsoft documentation. You - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 154
the aaaConfig --add command. At least one RADIUS or LDAP server must be configured before you can enable the RADIUS or LDAP service. If no RADIUS or LDAP configuration exists, turning on the RADIUS authentication mode triggers an error message. When the command succeeds, the event log indicates that - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 155
authentication being used on servers. Configuring local authentication as backup It is useful to enable local authentication so that the switch can take over authentication locally if the RADIUS or LDAP servers fail to respond because of power outage or network problems. Example of enabling local - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 156
5 The authentication model using RADIUS and LDAP 116 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 157
Shell (SSH) protocol. Configuration upload and download support the use of SCP. SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. Supports SNMPv1, v2, and v3. Fabric OS Administrator's Guide 117 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 158
may be used. An SSL switch certificate must be installed if HTTPS is used. Switches running earlier Fabric OS versions can be part of the secure fabric, but they do not support secure management. Secure management protocols must be configured for each participating switch. Nonsecure protocols may be - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 159
switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] n ssl attributes (yes server's login and password. Some example commands of this limitation are: supportSave -k, configUpload, configDownload, and firmwareDownload. Commands that require - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 160
manually type in a password. RSA and DSA asynchronous algorithms are FIPS-compliant. Allowed-user The default admin user must set up the allowed-user with the admin role. By default, the admin is the configured that SSH v2 is installed and working (refer to your host's documentation as necessary) by - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 161
pub suffix):id_dsa.pub Enter login name:auser Password: Public key is imported successfully. 6. Generate directory:~auser/.ssh Enter login name:auser Password: public key out_going.pub is exported successfully may need to refer to the host's documentation to locate where the authorized keys are stored - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 162
management tools like Web Tools. SSL support is a standard Fabric OS feature. Switches configured for SSL grant access to management tools example, Internet Explorer 7.0 and later supports 128-bit encryption by default. You can display the encryption support (called "cipher strength") using the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 163
Secure Sockets Layer protocol 6 SSL configuration overview You configure for SSL by obtaining, installing, and activating digital certificates for SSL support. Certificates are required on all switches that are to be accessed through SSL. Also, you must install a certificate in the Java Plug-in - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 164
CA support for the requires that the Common Name be specified as an FQDN, make sure that the fully qualified domain name is set on the domain name server. The IP address or FQDN will be the server Password: your password Success: exported CSR. 124 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 165
name and password on the server. Obtaining certificates Check the instructions on the CA Web site; then, perform this procedure for each switch. 1. Generate and store the CSR as described in "Generating and storing a CSR" on page 124. 2. Open a Web browser window on the management workstation and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 166
and Java support" on page 122. This procedure is a guide for installing a root certificate to the Java Plug-in on the management workstation. If the root certificate is not already installed to the plug-in, you should install it. For more detailed instructions, refer to the documentation that came - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 167
Simple Network Management Protocol 6 3. Enter the keytool command and respond to the prompts. Example of installing a root certificate C:\Program Files\Java\j2re1.6.0\bin> keytool -import -alias RootCert -file RootCert.crt -keystore ..\lib\security\RootCerts Enter keystore password: changeit Owner - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 168
for the specified home Virtual Fabric, this request fails with an error code of noAccess. For an SNMPv3 user to default RBAC role of admin with the SNMPv3 user access control of read/write. Their SNMPv3 user logs in with an access control of read-only. Both user types will have the default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 169
access control, MIB capability, and system group. For details on Brocade MIB files, naming conventions, loading instructions, and information about using the Brocade SNMP agent, see the Fabric OS MIB Reference. Telnet protocol Telnet is enabled by default. To prevent passing clear text passwords - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 170
6 Telnet protocol ATTENTION The rule number assigned has to precede the default rule number for this protocol. For example, in the defined policy, the Telnet rule number is policy" on page 157 for more information on deleting IP filter rules. 130 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 171
implement supported FS8-18, and FX8-24 blades chargen echo daytime discard ftp Service, be aware that the secModeEnable command is not supported in Fabric OS v6.1.0 and later. Table 23 lists the defaults for accessing hosts, devices, switches, and zones. TABLE 23 Access defaults Access default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 172
default Devices Switch access Zoning All devices can access the management server. Any device can connect to any FC port in the fabric. Any switch can join the fabric. All switches in the fabric can be accessed through a serial port. No zoning is enabled. Port configuration the SNMP service on the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 173
•Policy database distribution 158 •Management interface security 164 ACL policies overview Each supported Access Control List (ACL) policy listed Fabric configuration server (FCS) policy - Used to restrict which switches can change the configuration of the fabric. • Device connection control (DCC - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 174
not been activated. Admin Domain considerations: ACL management can be done on AD255 and in AD0 such as DCC, SCC, and FCS can be configured on each logical switch. The limit for security Each logical switch will have its own access control list. The FCS, SCC and DCC policies Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 175
ACL policy management 7 Displaying ACL policies role. 2. Enter the secPolicySave command. Activating policy changes You can implement changes to the ACL policies using the secPolicyActivate command. This saves the Finance_Policy has been deleted. Fabric OS Administrator's Guide 135 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 176
of the fabric managed by that policy is enforced. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the secPolicyAdd command. 3. To implement the change secPolicyActivate commands were entered are aborted. 136 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 177
Configuration Server (FCS) policy in base Fabric OS may be performed on a local switch basis and may be performed on any switch in the fabric. The FCS policy is not present by default is supported and you can either configure the switches in your fabric to accept the FCS policy or manually - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 178
command that does not affect fabric-wide configuration Ensuring fabric domains share policies Whether your intention is to create new FCS policies or manage your current FCS policies, you must follow been activated you can distribute the policy. 138 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 179
manually distributed to the switches using the distribute -p command. Each switch that receives the FCS policy must be configured to receive the policy. To configure configuration and management is performed using the command line or a manageability interface. Fabric OS Administrator's Guide 139 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 180
is to support FCS policy configuration parameters are needed to control default, all device ports are allowed to connect to all switch ports; no DCC policies exist until they are created. For information regarding DCC policies and F_Port trunking, refer to the Access Gateway Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 181
from the switch and are not enforced by the DCC policy. This does not create a security problem because these HBAs cannot contact any device outside of their immediate loop. • DCC policies cannot manage or restrict iSCSI connections, that is, an FC Initiator connection from an iSCSI gateway. • You - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 182
deleting stale DCC policies switch:admin> secpolicydelete ALL_STALE_DCC_POLICY About to clear all STALE DCC policies ARE YOU SURE (yes, y, no, n): [no] y 142 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 183
control created. By default, any supports an SCC policy. You can configure and distribute an SCC policy on a logical switch. • SCC enforcement is performed on a ISL based on the SCC policy present on the logical switch. For more information on Virtual Fabrics, refer to Chapter 10, "Managing - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 184
defaults to FCAP if both switches are configured to accept FCAP protocol in authentication. To use FCAP on both switches, PKI certificates have to be installed. NOTE The fabric authentication feature is available in base Fabric OS. No license is required. FCAP requires configured. When configured, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 185
set on each switch prior to authentication. On logical switch creation, authentication takes default values for policies and other parameters. FCAP certificates are installed on a chassis, but are configured on each logical switch. E_Port authentication The authentication (AUTH) policy allows you to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 186
active Warning: Activating the authentication policy requires either DH-CHAP secrets or PKI previously authenticated. If the authentication fails because shared secrets do not match E_Ports if the DH-CHAP shared secrets are not installed correctly. 1. Log in to the switch using an Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 187
requires manual interaction in setting the HBA shared secrets and switch shared secrets, and most of the HBAs do not support the defined DH groups for use in the DH-CHAP protocol. By default based on each logical switch's policy settings. Configuring device authentication 1. Connect to the switch and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 188
Configupload and download will not be supported for the following AUTH attributes: auth type, hash type, group type. Supported HBAs The following HBAs support authentication: • Emulex LP11000 (Tested set -a dhchap Authentication is set to dhchap. 148 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 189
then switch authentication fails. Secret key pairs for DH-CHAP When you configure the switches at both ends of a link to is not set up for a link, authentication fails. The "Authentication Failed" (reason code 05h) error will be reported and logged. • The minimum length Guide 149 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 190
DH-CHAP authentication. If switch is configured to do DH-CHAP, it is performed configuration overview You can configure the switch to use either Brocade or a third-party certificates for authentication with the peer switch. By default server. 4. Obtain the certificates from the CA. - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 191
supported fails. The switch certificate. 5. On each switch, install the CA certificate before installing switch certificate. 6. After the CA certificate is installed, install the switch certificate on each switch. 7. Update outlined in "FCAP configuration overview" on page Guide 151 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 192
password: Success: imported certificate [CACert.pem]. Importing the FCAP switch certificate ATTENTION The CA certificates must be installed prior to installing password: Success: imported certificate [01.pem]. Updating thirdparty command to update the switch database default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 193
policy can be manually distributed to the fabric by command; there is no support for automatic distribution. To distribute the AUTH policy, see "Distributing the local ACL policies" on page 160 for instructions. Local Switch configuration parameters are needed to control whether a switch accepts - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 194
are saved. Only the CLI session that owns the updated temporary buffer may run this command. Modification to an configuration. The policy to be activated replaces the existing active policy of the same type. Activating the default IP Filter policies returns the IP management interface to its default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 195
port number range, between 0 and 49151, inclusive. This means that you have the ability to control how to expose the management services hosted on a switch, but not the ability to affect the management traffic that is initiated from a switch. A valid port number range is represented by a dash, for - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 196
7 IP Filter policy TABLE 32 Supported services (Continued) Service name Port number snmp 161 ssh 22 sunrpc 111 telnet 23 www 80 TCP and UDP protocols are valid selections. Fabric OS v6.2.0 and later does not support configuration to filter other protocols. Implicitly, ICMP type 0 and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 197
, the active IP Filter policies automatically become enforced on the management IP interface with the changed IP address. NOTE If a switch is part of a LAN behind a Network Address Translation (NAT) server, depending on the NAT server configuration, the source address in an IP Filter rule may have - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 198
that database when a policy change is activated. If a fabric-wide consistency policy is not set, then the policies are managed on a per switch basis. For configuration instructions, see "Fabric-wide enforcement" on page 160. Virtual Fabric considerations: Fabric-wide consistency policies are - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 199
settings control whether a switch accepts or rejects distributions of databases from other switches and whether the switch may initiate a distribution. Configure the distribution setting to reject when maintaining the database on a per-switch basis. Table 36 lists the databases supported in - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 200
fddCfg --localaccept command. ACL policy distribution to other switches This section explains how to manually distribute local ACL policy databases. The distribute command has the following dependencies: • All other switches in the fabric. 160 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 201
policy. FC routers do not support the fabric-wide consistency policies. Fabric v6.2.0 and later switches in the fabric. All updated and new policies of the type specified (SCC, DCC admin> fddcfg --showall Local Switch Configuration for all Databases:- DATABASE - Accept Guide 161 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 202
fddcfg --showall Local Switch Configuration for all Databases:- can join the fabric, but an error message flags the mismatch. If the can join the fabric, but an error message flags the mismatch. Under both configured with a fabric-wide consistency policy, there are no ACL merge checks required. - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 203
/DCC Different SCC/DCC Fails policies policies Ports are disabled. 1. To resolve the policy conflict, manually distribute the database you and the merge fails and the ports are disabled. Table 39 on page 164 shows merges that are not supported. Fabric OS Administrator's Guide 163 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 204
blades in a chassis, nor does it support protection of traffic flows on FCIP interfaces. Internet Protocol security (IPsec) is a framework of open standards that ensures private and secure communications over Internet Protocol (IP) networks through the use of cryptographic security services - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 205
select and configure the key management protocol using an automatic or manual key. For more information on IPv4 and IPv6 addressing, refer to Chapter 2, "Performing Basic Configuration Tasks". Configuration examples Below are several examples of various configurations you can use to implement an - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 206
Management interface security Gateway-to-Gateway Tunnel In this scenario, neither endpoint of the IP connection implements IPsec, but the network nodes RoadWarrior configuration where a host on the internet requires access to a network through a security gateway that is protecting the network. IPsec - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 207
Management To protect against denial of service attacks, the IPsec protocols use to-peer or client-to-server, two SAs must be present Use the ipsecConfig --flush manual-sa command to remove all the supported configuring the authentication algorithm. Fabric OS Administrator's Guide 167 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 208
IPsec policy determines the security services afforded to a packet and the treatment of a packet in the network. An IPsec policy allows action to be performed on the IP packet. It specifies the key management policy that is needed for the IPsec connection and the encryption and Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 209
management The IPsec key management supports Internet Key Exchange or Manual key/SA entry. The Internet Key Exchange (IKE) protocol handles key management automatically. SAs require and is one of the available methods IKE can be configured to use for primary authentication. You can specify the pre - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 210
information on creating tunnels for those application blades, refer to the Fibre Channel over IP Administrator's Guide Each side of the tunnel must be configured in order for the tunnel to come up. Once you are logged into the switch, do not log off as each step requires that you are logged in to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 211
Management IPsec protection and use IKE01 as key management policy. switch:admin> ipsecconfig --add for above traffic flow • Use the ipSecConfig --show manual-sa -a command with the operands specified to display policies. • Use the ipSecConfig --flush manual-sa command with the specified operands to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 212
Management interface security Example of an End-to-End Transport Tunnel mode This example illustrates securing traffic between two systems using AH protection with MD5 and configure key file, refer to "Installing a switch certificate" on page 125. 7. Configure an IKE policy for Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 213
manual-sa -a command. 11. Perform the equivalent steps on the remote peer to complete the IPsec configuration. Refer to your server administration guide for instructions manual-sa command with the specified operands to flush the created SAs in the kernel SADB. CAUTION Flushing SAs requires IPsec - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 214
7 Management interface security 174 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 215
computer server for emergency reference. NOTE For information about AD-enabled switches, refer to Chapter 15, "Managing Administrative Domains". For more information about troubleshooting configuration file uploads and downloads, refer to the Fabric OS Troubleshooting and Diagnostics Guide. There - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 216
If you upgrade the firmware on any existing switches from pre-Fabric OS v6.2.0 to v6.2.0, then you must perform the configUpload command to upload both chassis and switch information. CAUTION If you have Virtual Fabrics enabled, you must follow the procedure in "Configuration management for Virtual - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 217
ID = 1 [Boot Parameters] [Configuration] [Bottleneck Configuration] [Zoning] [Defined Security policies] [Active Security policies] [iSCSI] [cryptoDev] [FICU SAVED FILES] [Banner] [End] [Switch Configuration End : 1] Fabric OS Administrator's Guide 53-1001763-02 Configuration settings 8 177 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 218
are defined in the chassis area: • FC Routing • Chassis configuration • FCoE chassis configuration • Licenses DB • Bottleneck configuration • DMM_WWN • Licenses • GE blade mode • Fabric Watch chassis configuration Switch section There is always at least one switch section for the default switch or - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 219
role permission are allowed to upload other FIDs or the chassis configuration. The following information is not saved in a backup: • dnsConfig information • Passwords Before beginning, verify that you can reach the FTP server from the switch. Using a Telnet connection, save a backup copy of the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 220
. This is harmless to the switch and can be ignored. Configuration management supports configDownload with Fabric OS v6.1.x or v6.2.0 configuration files. Configuration files from a system running Fabric OS v6.2.0 are not backward-compatible, and cannot be downloaded to a Fabric OS v6.1.0 or earlier - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 221
IQN prefix. The configuration state of the iSNS client operation. The license keys you have installed and provides better detail than the license information from the configShow command. EX_Port configuration parameters. VEX_Port configuration parameters. Fabric OS Administrator's Guide 181 53 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 222
you want to save. 1. Verify that the FTP service is running on the server where the backup configuration file is located. 2. Connect to the switch and log in using an account assigned to the admin role, and if necessary with the chassis-role permission. 3. If there are any changed parameters - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 223
configuration file, which was uploaded from a different type of switch, may cause this switch to fail. A switch reboot might be required for some parameter changes to take effect. configDownload operation may take several minutes to complete for large files. Do you want to continue [y/n]: y Password - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 224
configuration file from one switch to another switch that is a different model or firmware version, because it can cause the switch to fail. If you need to reset information on security, refer to Chapter 6, "Configuring Protocols". Configuration management for Virtual Fabrics You can use the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 225
get overwritten Section (all|chassis|FID# [all]): Password: configUpload complete: All selected config parameters are uploaded Example of configUpload of a logical switch configuration DCX_80:FID128:admin> configupload -vf Protocol (scp, ftp, local) [ftp]: Server Name or IP Address [host - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 226
of the other three will fail the configuration upload or download operation. • You are not allowed to modify the Virtual Fabric configuration file after it has been uploaded. Only minimal verification is done by the configDownload command to ensure it is compatible, much like the normal downloaded - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 227
, there is a guide for FC port setting tables. The tables can be used to record configuration information for the various blades. TABLE 43 Brocade configuration and connection Brocade configuration settings IP address Gateway address Chassis configuration option Management connections Serial cable - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 228
8 Brocade configuration form 188 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 229
Brocade DCX. CR4S-8 blades can be inserted only into slots 3 and 6 on the Brocade DCX-4S. NOTE For more information on troubleshooting a firmware download, refer to the Fabric OS Troubleshooting and Diagnostics Guide. You can download Fabric OS to a director, which is a chassis; and to a nonchassis - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 230
: The Fabric OS automatically detects mismatches between the active CP firmware and the blade's firmware and triggers the auto-leveling process. This auto-leveling process automatically updates the blade firmware to match the active CP. At the end of the auto-leveling process, the active CP and the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 231
may require installing an older version; that is, downgrading the firmware. The procedures in this section assume that you are upgrading firmware, but they work for downgrading as well, provided the old and new firmware versions are compatible. Always reference the latest release notes for updates - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 232
tasks enable you to provide your switch support provider the information required to perform advanced troubleshooting. It is recommended that you perform a configUpload to back up the current configuration before you download firmware to a switch. See "Configuration file backup" on page 178 for - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 233
Brocade Connect, log in, and follow the instructions to register and download firmware. Partners with authorized accounts can use the Brocade Partner Network. You must decompress the firmware before you can use the firmwareDownload command to update the firmware on your equipment. Use the UNIX tar - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 234
for the time-out (30 minutes for network problems) before issuing the firmwareDownload command again. Disrupting the process can render the switch inoperable and require you to seek help from your switch service provider. Do not disconnect the switch from power during the process because the switch - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 235
what service you are using: • If you are using FTP or SCP, verify that the FTP or SSH server is running on the host server and that you have a valid user ID and password on that server. • If your platform supports a USB memory device, verify that it is connected and running. 2. Obtain the firmware - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 236
are not in sync, run the haSyncStart command. If the problem persists, refer to the Fabric OS Troubleshooting and Diagnostics Guide. If the troubleshooting information fails to help resolve the issue, contact your switch service provider. NOTE This section only applies when upgrading from Fabric OS - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 237
seek help from your switch service provider. Do not disconnect the switch from power during the process because the switch could become inoperable when rebooted. Upgrading firmware on enterprise-class platforms (including blades) There is only one chassis management IP address for the Brocade 48000 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 238
Firmware (FOS, SAS, or any application) [FOS]: Server Name or IP Address: 10.1.2.3 User Name: userfoo File Name: /home/userfoo/v6.4.0 Network Protocol (1-auto-select, 2-FTP, 3-SCP) [1]: Password: Checking version compatibility... Version compatibility check passed. The following AP blades - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 239
2010 Slot 7 (CP1, active): Relocating an internal firmware image on the CP blade. [3]: Mon Mar 22 04:35:29 2010 Slot 7 (CP1, active): The internal firmware image is relocated successfully. [4]: Mon Mar 22 04 .3.0 DMM v3.3.0 v3.3.0 * Local CP Fabric OS Administrator's Guide 199 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 240
7800, 8000, and VA-40FC switches and the Brocade DCX and DCX-4S Backbones support a firmware download from a Brocade branded USB device attached to the switch or active CP. . ecp:admin>firmwaredownload -U /usb/usbstorage/brocade/firmware/v6.4.0 200 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 241
download process proceeds normally. If the firmware is not signed or if the signature validation fails, firmwareDownload fails. To enable or disable FIPS, refer to Chapter 7, "Configuring Security Policies". Public and Private Key Management For signed firmware, Brocade uses RSA with 1024-bit - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 242
select default setting. Power-on Firmware Checksum Test FIPS requires the checksums of the executables and libraries on the filesystem to be validated before Fabric OS modules are launched. This is to make sure these files have not been changed after they are installed. When firmware RPM packages - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 243
view the current firmware. 6. Enter the firmwareDownload -s command to update the firmware and respond to Firmware (FOS, SAS, or any application) [FOS]: Server Name or IP Address: 10.1.2.3 Network Protocol (1-auto-select, 2-FTP, 3-SCP) [1]: User Name: userfoo File Name: /home/userfoo/v6.4.0 Password - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 244
to step 9; otherwise, continue to step 8 to commit the firmware on the switch, which completes the firmware download operations. 8. Commit the firmware. a. Enter the firmwareCommit command to update the secondary partition with new firmware. Note that it takes several minutes to complete the commit - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 245
firmware on both partitions on both CPs is listed as expected. 5. Exit the session. 6. Update the firmware disruptive firmware download. firmware blade is present: At the point of the failover an autoleveling process is activated. See, "Enterprise-class platform firmware If the CPs fail to synchronize, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 246
the standby CP, enter the firmwareCommit command to update the secondary partition with new firmware. It takes several minutes to complete the commit end. Both partitions will have the same Fabric OS after several minutes. 13. Perform haFailover on the active CP. 206 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 247
firmware (the blade firmware is basically restored). Your system is now restored to the original partitions on both CPs. Make sure that servers troubleshooting is necessary. firmwareShow Displays the current firmware level on the switch. For Brocade directors, this command displays the firmware - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 248
timestamp associated with each event. When downloading SAS or SA in systems with two control processor (CP) cards, you can only run this command on the active CP that have logged into the name server. Make sure the number of attached devices after the firmware download is exactly the same as the number - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 249
231 •Configuring a logical switch to use XISLs 232 •Changing the context to a different logical fabric 233 •Creating a logical fabric using XISLs 234 Virtual Fabrics overview Virtual Fabrics is an architecture to virtualize hardware boundaries. Traditionally, SAN design and management is done - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 250
supported only in Native mode For additional information about supported switches and port types, see "Supported mutually exclusive and are not supported at the same time you to divide a physical chassis into multiple fabric elements. Each chassis can have multiple logical switches. Default logical - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 251
After enabling Virtual Fabrics Physical chassis Default logical switch P0 P3 P6 chassis appears as a single switch (default logical switch). After you create logical switches, the chassis Physical chassis Default logical switch P0 P3 P6 P9 P1 P4 P7 P2 P5 P8 Logical switch 1 (Default logical - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 252
one FID. The FID identifies the logical fabric to which the logical switch belongs. Physical chassis Logical switch 1 (Default logical switch) (FID = 128) Logical switch 2 (FID = 1) Logical switch so remain assigned to the default logical switch. 212 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 253
one logical switch to another. If you want to configure a different type of port, such as a VE_Port or EX_Port, you must configure them after you move them. Some types of ports cannot be moved from the default logical switch. See "Supported platforms for Virtual Fabrics" on page 220 for detailed - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 254
Virtual Fabrics switch and D2, because the other logical switches are in different fabrics. Physical chassis Logical switch 1 P1 (Default logical switch) Fabric ID 128 H1 Logical switch 2 P2 Fabric ID 1 P3 D1 ISL, as shown in Figure 24. 214 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 255
Figure 26 shows two physical chassis divided into logical switches. ID 8. Physical chassis 1 Logical switch 1 P1 (Default logical switch) ID 15 P5 Physical chassis 2 P1 Logical switch 5 (Default logical switch) Fabric of the configuration in Figure two switches (the default logical switches), but - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 256
address space for communication between different logical fabrics. • A base switch can be configured for the preferred domain ID just like a non-Virtual Fabrics switch. • You can have only one base switch in a physical chassis. A base switch can be connected to other base switches through a special - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 257
switch connections that are allowed by the XISL. Physical chassis 1 Logical switch 1 P1 (Default logical switch) Fabric ID 128 P2 Logical switch the logical switches must be configured to allow XISL use. By default, they are configured to do so; you can change this Guide 217 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 258
and XISLs By default, the physical ISL path is favored over the logical path (over the XISL) because the physical path has a lower cost. This behavior can be changed by configuring the cost of the dedicated physical ISL to match the cost of the LISL. Base switch ports on different chassis can be - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 259
Chassis management operations These are operations that span logical switch boundaries, such as: - Logical switch configuration (creating, deleting, modifying logical switches) - Account management (determining which accounts can access which logical switches) - FRU management (slotShow) - Firmware - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 260
mode only • Brocade DCX • Brocade DCX-4S Some restrictions apply to the ports, depending on the port type and blade type. The following sections explain these restrictions. Supported port configurations in the Brocade 5100, 5300, and VA-40FC There are no restrictions on the ports in the Brocade 5100 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 261
Supported port configurations in the Brocade DCX and DCX-4S Some of the ports in the Brocade DCX and DCX-4S are not supported on all types of logical switches. Table 45 on page 221 lists the blades and ports that are supported FC8-64 blade are not supported as E_Ports on the default logical switch. - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 262
EX_Ports, with the exception of VEX_Ports on the FR4-18i blade. See Chapter 21, "Using the FC-FC Routing Service," for more information about Virtual Fabrics and FC-FC routing. Up to two logical switches per chassis can run FICON Management Server (CUP), but the FICON logical switch must use ISLs - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 263
ports (VE_Ports). • The logical switch is the default logical switch in the Brocade DCX or DCX-4S. remove the VE_Port tunnel configuration. • VE_Ports on the FX8-24 blade can be moved to default on switches that you upgrade to Fabric OS 6.2.0 or later. VF mode is enabled by default on a new chassis - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 264
service: iSNS client service: Virtual Fabric: Ethernet Switch Service: disabled Service not supported on this Platform Service not supported on this Platform disabled Service not supported on this Platform switch:admin> fosconfig --enable vf WARNING: This is a disruptive operation that requires - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 265
on this Platform iSNS client service: Service not supported on this Platform Virtual Fabric: enabled switch:admin> fosconfig --disable vf WARNING: This is a disruptive operation that requires a reboot to take effect. Would you like to continue [Y/N] y Configuring logical switches to use basic - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 266
be a base switch. Each chassis can have only one base default configurations. Please configure the Logical Switch with appropriate switch and protocol settings before activating the Logical Switch. sw0:FID128:admin> setcontext 4 Please change passwords for switch default accounts now. Use Control - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 267
which you do not have permission. 1. Connect to the physical chassis and log in using an account assigned to the admin role Allow XISL Use: ON LS Attributes: [FID: 4, Base Switch: No, Default Switch: No, Address Mode 0] Index Port Address Media Speed State Proto 22 Guide 227 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 268
from the logical switch before deleting it. You cannot delete the default logical switch. NOTE If you are in the context of the logical switch from the one you are deleting. 1. Connect to the physical chassis and log in using an account assigned to the admin role. 2. Remove 's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 269
installed on the port are deleted. If monitors are required in the new logical switch, you must manually in the default logical switch. 1. Connect to the physical chassis and on which they are currently configured. If the -port option -64 blade to the base switch. These ports are not supported on - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 270
configuration Displaying logical switch configuration 1. Connect to the physical chassis and log in using an account assigned to the admin role with the chassis to another. Changing the fabric ID requires permission for chassis management operations. You cannot change the FID Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 271
7 Changing of a switch fid requires that the switch be disabled. assigned to the admin role with the chassis-role permission. 2. Set the context to 3. Configure the switch to not allow XISL use, as described in "Configuring a 7, Base Switch: No, Default Switch: No, Address Mode 0] Index - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 272
"switchDisable" command. Configure... Fabric parameters (yes services (yes, y, no, n): [no] switch_25:FID7:admin> lscfg --change 7 -base Creation of a base switch requires supported the network Configuring a logical switch to use XISLs When you create a logical switch, by default it is configured - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 273
10 XISL use is not supported for the following cases: configured for McDATA Fabric mode (InteropMode 2) or McDATA Open Fabric mode (InteropMode 3) 1. Connect to the physical chassis and log in using an account assigned to the admin role. 2. Set the context to the logical switch you want to manage - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 274
using XISLs This procedure describes how to create a logical fabric using multiple chassis and XISLs and refers to the configuration shown in Figure 31 as an example. Physical chassis 1 D1 Logical switch 1 P1 (Default logical switch) Fabric ID 128 P3 Logical switch 2 P2 Fabric ID 1 H2 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 275
See "Configuring a logical switch to use XISLs" on page 232 for instructions. By default, newly created logical switches are configured to allow XISL use. f. Repeat step a through step e in all chassis that are user port number for the slot port. Fabric OS Administrator's Guide 235 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 276
10 Creating a logical fabric using XISLs 236 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 277
Default zoning mode 252 •Zoning database size 253 •Zoning configurations 253 •Zone object maintenance 259 •Zoning configuration management zones. • Broadcast zones Control which devices receive broadcast configuration" on page 477 for more information. Fabric OS Administrator's Guide 237 53 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 278
Merged SANs". Zoning enables you to partition your storage area network (SAN) into logical groups of devices that can access configured zones, Red, Green, and Blue. • Server 1 can communicate only with the Loop 1 devices. • Server 2 can communicate only with the RAID and Blue zone devices. • Server - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 279
port are not made available to the server. Host-based Host-based zoning can implement WWN or LUN masking. Fabric-based Fabric switches implement fabric-based zoning, in which the zone you can take when implementing zoning in a fabric. Fabric OS Administrator's Guide 239 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 280
requires server (such as a Web server disrupting a data warehouse server). Zoning by application can also result in a zone with a large number of members, meaning that more notifications, such as registered state change notifications (RSCNs), or errors ports, and control of the fan Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 281
clearly identifies the server host bus adapter (HBA) associated with the zone. Zone configuration naming is flexible. One configuration should be PROD configuration is to easily identify the configuration that can be implemented and provide the most generic services. If other configurations are - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 282
with all other devices (unless you previously set up a default zone, as described in "Default zoning mode" on page 252). This does not mean that the zoning database is deleted, however, only that there is no configuration active in the fabric. On power-up, the switch automatically reloads the saved - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 283
relation to the RSCN. Testing Before implementing a new zone, you should run the Zone Analyzer from Web Tools to isolate any possible problems. This is especially useful as fabrics increase in size. Confirming operation After changing or enabling a zone configuration, you should confirm that the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 284
compatible but not forwards compatible implementations. Broadcast zones Fibre Channel allows sending broadcast frames to all Nx_Ports if the frame is sent to a broadcast well-known address (FFFFFF); however, many target devices and HBAs cannot handle broadcast frames. To control and manage broadcast - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 285
The actual delivery of broadcast packets is also controlled by the Admin Domain and zone enforcement "Validating a zone" on page 251 for complete instructions. Broadcast zones and FC-FC routing If you create Service," for information about proxy devices and the FC router. Fabric OS Administrator - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 286
, then add the FL_Port to the broadcast zone. Broadcast zones and default zoning The default zoning mode defines the device accessibility behavior if zoning is not implemented or if there is no effective zone configuration. The default zoning mode has two options: • All Access-All devices within the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 287
member...]" 3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to nonvolatile memory. If a transaction indicate that the transaction was aborted. Fabric OS Administrator's Guide 247 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 288
to the defined configuration. The cfgSave command ends and commits the configuration. This action will only save the changes on the Defined configuration. Any changes made on the Effective configuration database (both the defined and effective configuration) is displayed. Example The following - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 289
3. Enter the cfgSave command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to nonvolatile memory. If You are about to save the Defined zoning configuration. This Fabric OS Administrator's Guide 249 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 290
to the defined configuration. The cfgSave command ends and commits the configuration. Any changes made on the Effective configuration will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y 250 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 291
zone members that are not part of the current zone enforcement table. Note that zone configuration names are case-sensitive; blank spaces are ignored. switch:admin> zone --validate " 05:1e:35:81:88* Invalid configuration * - Member does not exist Fabric OS Administrator's Guide 251 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 292
Default zoning mode The default zoning mode controls device access if zoning is not implemented or if there is no effective zone configuration. The default default setting is All Access. Typically, when you disable the zoning configuration in a large fabric with thousands of devices, the name server - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 293
. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Updating flash ... Viewing the current default zone access mode 1. Connect to the switch and log in as admin. 2. Enter the defZone --show command. NOTE If you perform a firmware download of an older release, then the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 294
bytes, even if the zoning database is empty. For important considerations for managing zoning in a fabric, and more details about the maximum zone database size command to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 295
to save the change to the defined configuration. The cfgSave command ends and commits the current zoning transaction buffer configuration. This action will replace the old zoning configuration with the current configuration selected. If the update includes changes Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 296
mode to No Access prior to disabling the zone configuration. See "Default zoning mode" on page 252 for information about setting this mode to No Access. The following procedure ends and commits the current zoning transaction buffer to nonvolatile memory. If a transaction is open on a different - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 297
that the removal of a member from zone1 was done in error: switch:admin> zoneremove "zone1","3,5" switch:admin> cfgtransabort Viewing all zone configuration information If you do not specify an operand when executing 76:85 21:00:00:20:37:0c:71:df Fabric OS Administrator's Guide 257 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 298
• If no effective zoning configuration exists, enter the cfgSave command. • If an effective zoning configuration exists, enter the cfgDisable command to disable and clear the zone configuration in nonvolatile memory for all switches in the fabric. 258 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 299
a zone, or a zone configuration. Copying a zone object When configuration objects you want to copy. cfgshow "pattern"[, mode] For example, to display all zone configuration zone configuration names are configuration configuration objects you want to delete. switch:admin> cfgShow Defined configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 300
0c:71:df Effective configuration: cfg: USA_cfg zone the zone object. Zone configuration names are case-sensitive the appropriate zone configuration to make the configuration objects you want to rename. switch:admin> cfgShow Defined configuration configuration objects. Note that zone configuration names - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 301
See "Clearing all zone configurations" on page 258 for instructions. Adding a new fabric that has no zone configuration information to an existing be configured with the same default zone mode as the existing switches. • Merging and segmentation The fabric is checked for segmentation during power-up - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 302
configuration management The database is the zone configuration database. (This is the data displayed as the "defined configuration" configuration, the switch where the changes were made must close its transaction for the change to be propagated throughout the fabric. If you have implemented default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 303
configuration, then the fabrics might segment. Security and zoning Zones provide controlled is configured on the primary Fabric Configuration Server (FCS Guide for information about security policies). You must perform zone management operations from the primary FCS switch using a zone management - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 304
active between two switches, the name of the FCS server and a zoning policy set version identifier are exchanged between architecture, you must determine which of the two basic zoning architectures (hard or soft) works best for your fabric. With time and planning, the basic hard zone configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 305
configurations. Switch B has an enabled configuration. defined: cfg2 zone2: ali3; ali4 effective: none Effective configuration ; ali2 Configuration content mismatch configuration will be a composite of the two, with cfg1 as the effective configuration different TI zone configurations. Clean merge. - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 306
zone access mode settings. defzone: noaccess defzone: allaccess Same default zone access mode settings. Same default zone access mode settings. Effective zone configuration. Effective zone configuration. defzone: allaccess defzone: allaccess defzone: noaccess defzone: noaccess No effective - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 307
TI zones 276 •Supported configurations for Traffic Isolation Zoning Traffic Isolation Zoning feature allows you to control the flow of interswitch traffic by creating Traffic Isolation Zoning does not require a license. Traffic isolation is implemented using a special zone, Guide 267 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 308
Domain 1 would not use E_Port 1, but would use E_Port 2 instead. Use the zone command to create and manage TI zones. Refer to the Fabric OS Command Reference for details about the zone command. TI zone failover A failover is enabled and disabled. 268 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 309
be aware of the following considerations: • This feature is intended for use in simple linear fabric configurations, such as that shown in Figure 34 on page 268. • Ensure that there are non- TI zone definitions and regular zone definitions match. Fabric OS Administrator's Guide 269 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 310
. For example, in Figure 35, if failover is disabled, Domain 2 cannot send domain controller frames to Domain 3 and 4. Domain controller frames include zone updates and Name Server queries. To avoid this problem, add a second, non-dedicated ISL between Domain 1 and 3. • Disabling failover does not - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 311
cannot use the dedicated ISL, which is the lowest cost path. For example, in Figure 36, there is disabled, the TI zone traffic stops until the dedicated path is configured to be the shortest path. Domain 1 8 1 9 3 setting or displaying the FSPF cost of a path, see the linkCost and topologyShow - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 312
TI zones are especially useful in FICON fabrics. See the FICON Administrator's Guide for example topologies using enhanced TI zones. When you create TI zones, configured incorrectly. If the TI zones are configured with failover disabled, some traffic will be dropped. If the TI zones are configured - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 313
Host 2 2 1 Domain 2 FIGURE 39 Illegal ETIZ configuration = ETIZ 1 = ETIZ 2 The Fabric OS routing implementation does not support separate routes to separate ports on a destination domain. Configurations such as this should be avoided. See "Additional configuration rules for enhanced TI zones" on - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 314
2 E_Ports EX_Ports -1 = Dedicated Path = Ports in the TI zone FIGURE 41 TI zone in an edge fabric Xlate Domain 4 Proxy Target 274 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 315
(E_Port for the front phantom domain) 4,-1 (E_Port for the xlate phantom domain) Note that in this configuration the traffic between the front and xlate domains can go through any path between these two domains. The be used in other TI zones. Fabric OS Administrator's Guide 275 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 316
end route from initiator to target. • When an E_Port is a member of a TI zone that E_Port cannot have its indexed swapped with another port. • A given E_Port used in a TI zone should not be a member of more than one TI zone. If multiple E_Ports are configured that are on the lowest cost required for - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 317
is not supported in fabrics with switches running firmware versions earlier than Fabric OS v6.0.0. However, the existence of a TI zone in such a fabric is backward-compatible and does not disrupt fabric operation in switches running earlier firmware versions. Fabric OS Administrator's Guide 277 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 318
compatible with Fabric OS v6.0.x or earlier. The -1 in the domain,index entries causes issues to legacy switches in a zone merge. Firmware downgrade is prevented if TI over FCR zones exist. Additional configuration of the supported platforms, as if you implement trunking and TI Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 319
configurations are not prevented, but their behavior is unpredictable. Admin Domain considerations for Traffic Isolation Zoning Note the following if you implement Chapter 10, "Managing Virtual Fabrics," for failover disabled, this is not a supported configuration. Base switches do not allow the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 320
15 XISL XISL 8 7 LS1, FID1 Domain 5 LS2, FID3 16 Domain 6 Base switch Domain 2 17 Chassis 2 FIGURE 44 = Dedicated Path = Ports in the TI zones Dedicated path with Virtual Fabrics Figure 45 shows zone in a base fabric Domain 2 17 7 8 16 280 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 321
shows two physical chassis configured into logical switches configuration in Figure 47. This SAN is similar to that shown in Figure 40 on page 274 and you would set up the TI zones in the same way as described in "Traffic Isolation Zoning over FC routers" on page 273. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 322
manage TI zones. When you create a TI zone, you can set the state of the zone to activated or deactivated. By default end devices, they normally do not have an effective zone configuration. To activate a TI zone in a base fabric, you should create a "dummy" configuration 's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 323
activated (default settings): update may result in localized disruption to traffic on ports associated with the traffic isolation zone changes Do you want to enable 'USA_cfg' configuration (yes, y, no, n): [no] y zone config "USA_cfg" is in effect Updating flash ... Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 324
portlist" The disable failover option is not supported in base fabrics. 4. Enter the cfgEnable command to reactivate your current effective configuration and enforce the TI zones. cfgenable " existing TI zone. zone --remove name -p "portlist" 284 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 325
deactivate the zone. After you change the state of the TI zone, you must enable the current effective configuration to enforce the change. The TI zone must exist before you can change its state. 1. Connect to until you enter the cfgEnable command. Fabric OS Administrator's Guide 285 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 326
zone from the defined configuration. This command deletes effective configuration and • N_Port members • configured status (the latest zone configuration only and do not appear in the effective zone configuration. configuration: TI Zone Name: redzone: Port List: 1,2; 1,3; 3,3; 4,5 Configured - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 327
/ Failover-Enabled TI Zone Name: purplezone: Port List: 1,2; 1,3; 3,3; 4,5; Configured Status: Activated / Failover-Enabled Enabled Status: Deactivated / Failover-Enabled Setting up TI backbone fabric TI over FCR example Edge fabric 2 Fabric OS Administrator's Guide 287 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 328
required Routing Service," update may result in localized disruption to traffic on ports associated with the traffic isolation zone changes Do you want to enable 'cfg_TI' configuration (yes, y, no, n): [no] y zone config "cfg_TI" is in effect Updating flash ... 288 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 329
configuration configuration. This action will replace the old zoning configuration with the current configuration selected. If the update includes changes to one or more traffic isolation zones, the update configuration (yes, y, no, n): [no] y zone config "cfg_TI" is in effect Updating configuration: - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 330
zones, the update may result in localized disruption to traffic on ports associated with the traffic isolation zone changes Do you want to enable 'cfg_TI' configuration (yes, y, no, n): [no] y zone config "cfg_TI" is in effect Updating flash ... 290 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 331
•NPIV overview 291 •Configuring NPIV 293 •Enabling and disabling NPIV 294 •Viewing NPIV port configuration information 294 NPIV overview existing hardware implementation. The virtual port has the same properties as an N_Port, and is therefore capable of registering with all services of - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 332
from Fabric OS pre-v6.4.0, the configured maximum is carried forward and may exceed only on the default partition. The number of NPIV devices supported on shared area ports (48-port blades) is reduced Default switch Yes, 255 virtual device limit. 292 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 333
support takes precedence if user-configured maximum limit is greater. This applies to shared areas on the FC4-48, FC8-48, and FC8-64 port blades third-party (non-Brocade) NPIV HBAs. Configuring NPIV The NPIV feature is enabled by default. You can set the number of virtual Guide 293 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 334
the FA4-18 blade, NPIV is enabled for every port. NOTE CEE/FCoE ports on the Brocade 8000 have NPIV enabled by default, but NPIV cannot port). Otherwise, the firmware considers that port as an F_Port even though the NPIV feature was enabled. Viewing NPIV port configuration information 1. Connect - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 335
Viewing NPIV port configuration information 13 Ports of Slot 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Speed AN AN AN AN AN : 0x1 portFlags: 0x24b03 PRESENT ACTIVE F_PORT G_PORT NPIV LOGICAL_ONLINE LOGIN NOELP LED ACCEPT portType: 10.0 Fabric OS Administrator's Guide 295 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 336
13 Viewing NPIV port configuration information portState: 1Online portPhys: 6In_Sync portScn: 32F_Port port generation number: 148 portId: 630200 portIfId: 43020005 portWwn: 20: :ff:fb:00:16:80 192 2048 c scr=3 scr=3 scr=3 d_id=FFFFFC d_id=FFFFFC 296 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 337
302 •Interoperability support for logical switches 302 •Switch configurations for interoperability 303 •Zone management in interoperable fabrics 306 •Frame Redirection in interoperable fabrics 310 •Traffic Isolation zones in interoperable fabrics 310 •Brocade SANtegrity implementation in mixed - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 338
supported. M-EOS products must operate with the most recent version of M-EOS supported for interoperability. M-EOS v9.7.2 is the minimum version of firmware Supported hardware requirements for either temporary or permanent fabric interoperability, you can implement FR4-18i blade can connect Service". - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 339
IM3 to work in all of the domain ID ranges currently supported by Fabric OS. By default, Fabric OS switches operate in the legacy domain ID mode offset but the configured values behave differently. In an IM2 fabric in legacy offset mode, the device offset is 0x60 but the domain controller offset is - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 340
". When changing from IM3 with a 239 Domain ID configuration to IM2, you must first reconfigure the domain ID offset to a value supported in IM2 or IM3 or the operation fails. Following are the configurable domain ID offset modes: • Domain ID default mode (McDATA Legacy domain ID mode) - In this - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 341
Domain ID is always in the range of 1-31 plus the configured Domain ID Offset. For example, if the configured Domain ID Offset is 0x80 (128), the Domain ID of 5 must be configured as 133 (133 - 128 = 5). • 239 Domain_ID mode - Supports the full range of domain ID s and is available for interopmode - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 342
31; devices see the domains as 97-127. • Domain,index zoning, or default zoning, or Safezoning, are not supported. • McDATA SANtegrity feature is not supported for FICON. • Zone activations and zoning management are not supported except when using DFCM 10.3 or later. Using DCFM 10.3 or later a zone - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 343
the fabric. For more information on Virtual Fabrics, see "Managing Virtual Fabrics" on page 209. NOTE A dedicated ISL is a connection between two logical switches or other Layer 2 switches using E_Port connections. Switch configurations for interoperability You can enter the interopMode command with - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 344
command defaults to 97. (For detailed instructions, see Chapter 2, "Performing Basic Configuration Tasks".) switch:admin> configure Configure... Fabric Parameters (yes, y, no, n): [no] y Domain (1...239): [1] 97 5. Enter the interopMode 3 command to enable interoperability. This command resets - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 345
3. Enter the interopMode 0 command to disable interoperability. This command resets a number of parameters and disables McDATA Open Fabric mode or the McDATA Fabric mode. switch:admin> interopmode 0 The switch effective and defined configuration will be lost if interop Mode is changed. Interop Mode - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 346
of the device, such as 10:00:00:00:c9:28:c7:c6. • Zone members specified by node WWN are ignored. • Zone database is managed on the DCFM management server. • Fabric OS switches connected to M-EOS switches receive the effective configuration when a zone merge occurs. (M-EOS only has an effective zone - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 347
connected to the switch are unable to communicate. Default zoning mode The default zoning mode controls device access if zoning is not implemented or if there is no effective zone configuration. It adds devices not explicitly zoned to a default "catch-all" zone in M-EOS fabrics. When a device - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 348
Safe zoning mode is only available in fabrics with their interoperable mode set to 2. With safe zoning enabled, the effective configurations must match exactly. Also, it does not allow the default zone to be enabled. To allow a Fabric OS switch into an M-EOS native fabric, safe zoning mode must be - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 349
. In Fabric OS v6.4.0, the cfgDownload and cfgUpload commands support the zone database if the fabric mode does not change. The effective configuration must be copied to the Defined Database. When the Defined Database is updated, the changes are pushed to all switches in the fabric as a cfgSave - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 350
support of Frame Redirection in For support of supports the special Frame Redirect zones. Frame Redirection supports the following: • Allows you to create Frame Redirection zones and send redirection zone updates fabric configurations other control supports network control. You must perform this configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 351
not turn off Insistent Domain ID. The firmware supports a Fabric OS switch sending the Exchange Fabric Control policy (SCC) Access Control List (ACL). McDATA Fabric mode supports the EFMD, which supports FICON cascading security requirements fail. Fabric OS Administrator's Guide 311 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 352
supports the DH-CHAP authentication, not all Fabric OS authentication configurations work when connected to an M-EOS switch. With DH-CHAP authentication, you must configure EOS switch does not support authentication, for example, if the authentication feature key is not installed on the M-EOS - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 353
device authentication mode. TABLE 59 Device authentication mode Fabric OS authentication M-EOS support mode Off N/A Passive N/A M-EOS switch explanation Not used for E_Port Connected without any authentication (Fabric builds normally). Fabric OS Administrator's Guide 313 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 354
does connect (one-way authentication) because the M-EOS will not perform authentication. The fact that the secret is wrong is insignificant. 314 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 355
2 feature keys). A Fabric OS switch becomes a dumb switch when the authentication is configured to Off (See previous section for a description of Fabric OS switch authentication Off conditions). OS switch is connected to a dumb M-EOS switch. Fabric OS Administrator's Guide 315 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 356
to install the shared secret on the E_Port side. M-EOS switches do not support VE_Port or VEX_Port connections; any configurations with these port types are Fabric OS-only configurations. However, both VE and VEX_Ports support running in McDATA interop mode. 316 Fabric OS Administrator's Guide 53 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 357
the reject, it disables the Fabric OS port. When the M-EOS switch generates the reject, it goes to an invalid attachment state. Fabric OS Administrator's Guide 317 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 358
, When the M-EOS it goes to an invalid switch generates attachment state. the reject, it goes to an invalid attachment state. 318 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 359
the reject, it disables the Fabric OS port. When the M-EOS switch generates the reject, it goes to an invalid attachment state Fabric OS Administrator's Guide 319 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 360
OS switch is on both sides of the connection. Table 66 shows the switch authentication policy for a VEX_Port connected to a VE_Port. 320 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 361
the switches can connect. If the binding check fails, the McDATA port goes to an invalid attachment state and the EX_Port disables itself. NOTE After a Fabric Binding check failure between a McDATA E_Port and an EX_Port, the current M-EOS implementation requires you to disable the M-EOS port and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 362
that does not support SANtegrity interoperability without configure a preferred domain ID outside of the range allowed for an M-EOS switch. The preferred domain ID must be configured in the range of 97-127 in Open Fabric mode or Fabric Binding fails to activate. 322 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 363
interopMode command. FICON implementation in a mixed fabric can be configured for FICON CUP on the 48-port blades in the firmware to a switch set to interopmode 2 or 3: • Downgrading from Fabric OS v6.3.0 is allowed only when a switch is in the default Domain_ID mode because this is only supported - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 364
switch service is not available, the M-EOS switches in the fabric may send point-to-point frames and domain controller frames firmware upgrades. Using the firmwareDownload with the -o allows the firmware download to continue even if Coordinated HCL is not supported in the fabric or the protocol fails - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 365
on switches firmware downloads If not support Coordinated HCL, the firmware download ASIC Brocade management interfaces such as configuring stand-alone and fabric-wide tasks such as basic switch and port operations. Supported in McDATA Open Fabric mode and McDATA Fabric mode. Displays the firmware - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 366
as password authentication) Admin Domains Fabric-wide diagnostics (FC-Ping, PathInfo) Not supported. Supported. Not supported. Not supported. Table 70 describes a comprehensive matrix of feature support. TABLE 70 Feature Complete feature compatibility matrix Support Notes Access Control List - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 367
compatibility matrix (Continued) Support Notes DHCP Yes Environmental monitor Yes Error event management Yes Fabric Device Yes Management of broadcast frames to E_Ports. The configure command displays the number of buffer credits. FICON Management Server supported in McDATA Fabric mode. The - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 368
feature compatibility matrix (Continued) Support Notes Speed configuration. Allows fabric-wide activation of zone configurations in McDATA Fabric mode and McDATA Open Fabric mode. No zoning management also available in the ESS ILS. • NPIV NPIV management on the Fabric OS switch is the same as in - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 369
to implementing this feature using the CLI, you can also use DCFM, Web Tools, or any other user interface, but the domain ID offset must be consistent among all the user interfaces. For instructions to convert decimal numbers to hexadecimal, refer to Appendix E, "Hexadecimal". Supported hardware in - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 370
14 Supported hardware in an interoperable environment TABLE 71 Fabric OS interoperability with M-EOS Fabric OS v6.2.0 Fabric OS v6.3.0 Fabric OS v6.4.0 Chassis Type Blade Type Brocade 48000 director 16/32/48 port -4G 10G Yes Yes Yes No Yes 330 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 371
Supported features in an interoperable environment 14 TABLE 71 Fabric OS interoperability with M-EOS (Continued) Fabric OS v6.2.0 Fabric OS v6.3.0 Fabric OS v6.4.0 Chassis Type Blade Type Brocade VA-40FC Embedded Server Switches 3016 5410 5424 5450 5480 M-EOS Hardware Mi10K M6140 M6064 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 372
routing Yes Supported outbound from Supported outbound from Fabric OS-based switches. M-EOS can provide reciprocal load balancing using OpenTrunking. Yes Supported OpenTrunking. Yes Supported outbound from fabric with Fabric binding) FICON Management Server (Cascading) FICON MIHPTO Frame - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 373
policies such as DCC, SCC and FCS can be configured on per logical switch basis. Yes Only supported in conjunction with Layer 2 Fabric Binding. Yes configured on per logical switch basis. Yes Yes Yes Only allowed between Fabric OS-based switches. Yes Fabric OS Administrator's Guide 333 53- - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 374
features are not supported in McDATA Fabric and McDATA Open Fabric modes and cannot be installed on any Fabric OS switch in the fabric: • Administrative Domains • Quickloop and QuickLoop Zoning • Timer Server function • Open E_Port • Broadcast Zoning • Management Server service and FDMI • Alias - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 375
not implement Admin Domains, the feature has no impact on users and you can ignore this chapter. Admin Domains permit access to a configured set the remote site administrator to manage those resources. Admin Domains and Virtual Fabrics are mutually exclusive and are not supported at the same time on - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 376
. As shown in Figure 52, users can see all switches and E_Ports in the fabric, regardless of their Admin Domain; however, the switch ports and end devices are filtered based on Admin Domain membership. FIGURE 52 Filtered fabric views when using Admin Domains 336 Fabric OS Administrator - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 377
performance degradation and unpredictable system behavior. Requirements for Admin Domains Implementing Admin Domains in a fabric has the following requirements: • Admin Domains are not supported on the Brocade 8000. The Brocade 8000 can be in AD0 only. • The default zone mode setting must be set to - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 378
Domains (AD0 through AD255). Only a physical fabric administrator can perform Admin Domain configuration and management. Other administrative access is determined by your defined RBAC role and AD membership. assigned to any other Admin Domain. 338 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 379
be used to force device and switch sharing between AD0 and other Admin Domains. AD0 can be managed like any user-defined Admin Domain. The only difference between AD0 and user-defined Admin Domains is AD255 encompasses the entire physical fabric. Fabric OS Administrator's Guide 339 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 380
like the Admin Domain list, is a configurable property of a non-default user account. Here is some additional instructions). • For default accounts such as admin and user, the home Admin Domain defaults to AD0 and cannot be changed. • The Admin Domain list for the default Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 381
not require or have a new domain ID or management IP control are done by the physical fabric administrator. Port control is provided only through switch port membership and is not provided for device members. When you create an Admin Domain, the end the zone configuration. If Guide 341 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 382
A switch member grants port control for all ports in that switch. • A switch member allows switch administrative operations such as disabling and enabling a switch, rebooting, and firmware downloads. • A switch member domain ID and switch WWNs. 342 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 383
:63:46:e9:04 WWN = 10:00:00:00:c8:3a:fe:a2 FIGURE 55 Filtered fabric views showing converted switch WWNs Fabric OS Administrator's Guide 343 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 384
or if the new AD database exactly matches both the defined and effective configurations of the local AD database. If the AD database merge fails, the E_Port is segmented with an "AD conflict" error code. Admin Domain management for physical fabric administrators This section is for physical fabric - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 385
management default zoning mode to No Access, as described in "Setting the default the default access mode configuration or make it the effective Admin Domain configuration default zone mode to No Access, if you have not already done so. See "Setting the default zoning mode" on page 252 for instructions - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 386
management . See Chapter 11, "Administering Advanced Zoning," for instructions. Example 1 The following example creates Admin Domain AD1 as the home Admin Domain, which is the default Admin Domain context after login. • If you do configurations. 346 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 387
for physical fabric administrators 15 Creating a new user account for managing Admin Domains 1. Connect to the switch and log in as admin. 2. Enter the administrator. switch:admin> userconfig --add pfa_admin1 -r admin -h 255 -a "0-255" Fabric OS Administrator's Guide 347 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 388
management Wed Jan 27 20:57:14 2010... Security Policy, Password or Account Attribute Change: adm1 will be logged out The activate option prompts for confirmation. ad --activate ad_id By default, after the Admin Domain is activated, the devices specified under OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 389
Admin Domain management for physical fabric ad --deactivate AD_B4 You are about to deactivate an AD. This operation will fail if an effective zone configuration exists in the AD Do you want to deactivate 'AD_B5' admin domain (yes or domain IDs. Fabric OS Administrator's Guide 349 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 390
15 Admin Domain management for physical fabric administrators 4. Enter the appropriate command based operation does not take effect if the Admin Domain you want to rename is part of the effective configuration and thus enforced. 1. Connect to the switch and log in as admin. 2. Switch to the AD255 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 391
Domain management for delete. • To remove the effective configuration, enter cfgdisable. • To remove the defined configuration, enter cfgclear. • To save the delete AD_B3 You are about to delete an AD. This operation will fail if zone configuration exists in the AD Do you want to delete 'AD_B3' admin - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 392
management for physical fabric administrators Deleting all user-defined Admin Domains When you clear the Admin Domain configuration configuration if zone configurations configurations" on page 258 for instructions operations will fail if zone configurations exists the zone configurations for all - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 393
management for physical fabric administrators 15 where: source_AD source_name dest_name Name of the user-defined AD from which you are copying the zone. Name of the zone to be copied. Name to give the zone after it is copied to AD0. 4. Copy the newly added zones in AD0 to the zone configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 394
management for physical fabric administrators FIGURE 56 AD0 and two user-defined Admin Domains, AD1 and AD2 FIGURE 57 AD0 with three zones sw0:admin> ad --exec 255 "cfgshow" Zone CFG Info for AD_ID: 0 (AD Name: AD0, State: Active) : Defined configuration configuration : Defined configuration: cfg: - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 395
in localized disruption to traffic on ports associated with the traffic isolation zone changes Do you want to enable 'AD0_cfg' configuration (yes, y, no, n): [no] y zone config "AD0_cfg" is in effect Updating flash ... sw0:admin> ad --select 255 sw0:AD255:admin> ad --add AD0 -d "10:00:00:00:03:00:00 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 396
AD255 Transaction buffer configuration: AD Number: 2 AD Name: ad2 State: Active Switch port members: 1,1; 1,3; 2,5+; 3,6; * - Member does not exist + - Member is AD Unaware SAN management with Admin Domains to that AD user. 356 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 397
SAN management with Admin Domains 15 Each Admin Domain can also have its own zone configurations (defined and effective) with zones and aliases under them. CLI commands in command in the AD7 context. switch:AD255:admin> ad --exec 7 "switchshow" Fabric OS Administrator's Guide 357 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 398
15 SAN management with Admin Domains Displaying an Admin Domain configuration You can display the membership information and zone database information of a Domain context. If the corresponding Admin Domain is not activated, the operation fails. 358 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 399
third-party applications. You can manage Admin Domains with Web Tools as control only the local switch ports as specified in the Admin Domain. When the fabric is in secure mode, the following applies: • There is no support for ACL configuration under each Administrative Domain. • ACL configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 400
AD. Device Connection Control (DCC) and Switch Connection Control (SCC) policies are supported only in AD0 and AD255, because ACL configurations are supported only in AD0 and AD255. iSCSI iSCSI operations are supported only in AD0. Management applications Management interfaces that access the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 401
configured and no explicit members are added to AD0), AD0 supports both allaccess and noaccess default support, zoning updates are supported selectively at each AD level. For example, a zone change in AD1 results in an update request only for the AD1 zone database. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 402
management compatibility Service," for information about LSAN zones. Configuration configuration of the current Admin Domain. If the switch is a member of the Admin Domain, all switch configuration Configuration upload and download scenarios in an AD context Configuration No Switch configuration and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 403
Licensing" • Chapter 17, "Monitoring Fabric Performance" • Chapter 18, "Optimizing Fabric Behavior" • Chapter 19, "Managing Trunking Connections" • Chapter 20, "Managing Long Distance Fabrics" • Chapter 21, "Using the FC-FC Routing Service" Fabric OS Administrator's Guide 363 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 404
364 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 405
373 •Universal Time-based licenses 374 •Viewing installed licenses 375 •Activating a license 375 •Adding may be part of the licensed paperpack supplied with your switch software; if not, OS includes basic switch and fabric support software, and support for optionally licensed software that is - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 406
Networking switch configuration and hardware supports advanced capabilities like tape read/write pipelining. The Brocade 7800 switch must have the Upgrade License to add FICON Management Server (CUP) or Advanced Accelerator for FICON. Adaptive Networking circuit supports four network management networked - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 407
full bandwidth on all FS8-18 blades installed in the chassis. Enhanced Group Management Enables full management of the 8 Gbps platforms in a datacenter fabric with deeper element management functionality and greater management task aggregation throughout the environment. FCoE License Enables - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 408
No license required. n/a Configuration up/download No license required. n/a Configupload or configdownload is a command and comes with the OS on the switch. Converged Enhanced Ethernet Requires FCoE base license and POD1 license. NOTE: These licenses are installed by default and you - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 409
) and E_Port Upgrade license. Local switch. May be required on attached switches. Inband Management No license required. n/a Ingress rate limiting Adaptive Networking Local switch. Integrated routing Integrated Routing Local switch. Inter-chassis link (ICL) ICL 8-link on the Brocade DCX - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 410
FCS, IP Filter, and authentication policies. SNMP No license required. n/a Speed 8 Gbps license needed to support 8 Gbps on the Brocade 300, 5100, 5300, and VA-40FC switches and embedded switches only. NOTE: This license is installed by default and you should not remove it. Local switch SSH - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 411
by default. The blades on the DCX and DCX-4S enterprise-class platforms. Typically, if both Core blades are installed only support ICL chassis, without consuming valuable front-end eight Gbps ports. Each Brocade DCX chassis must have the ICL 16-link license installed support more than eight - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 412
switch is required. When support the FX8-24 blade blades that are detected in the chassis. If you have more applicable blades than available licenses you can manually installed on the platform with sufficient slot count for the number of slots you plan to activate the feature on. 2. You must configure - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 413
, firmware downgrade Slot-based license from a blade slot and move the license feature on the blade slot. 3. The . Once you have installed the license, you Networking Time-base license is installed you cannot change the date, and then re-install the license on the your network devices, including switches or - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 414
same way as the Time-based temporary licenses supported in prior FOS versions. Prior to FOS generating warning messages until the switch is either reset or a CP failover occurs, at which time is based on the system time at the installation of the license plus the number of days Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 415
Web site at http://www.brocade.com. 2. Select Products > Software License Keys. The Software License Keys instruction page appears. 3. Enter the requested information in the required fields and click Next. A verification screen appears. 4. Verify the information appears correctly. Click Submit if - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 416
Storage Application Services license FICON Tape license FICON XRC license Adaptive Networking license Inter Chassis Link license Enhanced Group Management license 8 Gig FC license DataFort Compatibility license Server Application Optimization license 376 Fabric OS Administrator's Guide 53-1001763 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 417
unlicensed ports up to a particular maximum by purchasing and installing the optional Ports on Demand licensed product: Brocade 300-Can 80 licensed ports. A maximum of 80 ports is allowed. Brocade 8000-Must have license installed to enable the 8 FC ports. A maximum of 8 ports are allowed. Brocade VA - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 418
default and the ports that can be enabled after you install the first and second Ports on Demand licenses for each switch type. TABLE 80 Platform List of available ports when implementing in the switch firmware. Its license key may be part of the licensed paperpack supplied with switch software, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 419
servers. These switches support the Dynamic Ports on Demand (POD) feature. The Dynamic POD feature automatically assigns POD licenses from a pool of available licenses based on the server blade installation. The Dynamic POD feature detects and assigns ports to a POD license only if the server blade - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 420
you can customize the POD license associations. The Dynamic POD feature is supported on the Brocade 4016, 4018, 4020, and 4024 switch modules only 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 421
. switch:admin> licenseport --show 24 ports are available in this switch Full POD license is installed Dynamic POD method is in use 24 port assignments are provisioned for use in this switch: 12 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 Fabric OS Administrator's Guide 381 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 422
a port to release its POD license. Follow the instructions in "Releasing a port from a POD set" the POD set, the port is licensed until it is manually removed from the POD port set. When a port available in this switch Full POD license is installed Dynamic POD method is in use 24 Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 423
tool for monitoring the performance of networked storage resources. Additional performance monitoring features, such as CRC error reports, are provided through Web Tools and DCFM. See the Web Tools Administrator's Guide and DCFM User's Manual for information about monitoring performance using - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 424
logical switch can have its own set of performance monitors. The installation of monitors is restricted to the ports that are present in the respective logical switch. • Top Talker and end-to-end monitors are supported on the default logical switch, the base switch, and user-defined logical switches - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 425
same ASIC chip. The number of interswitch links configured on the switch affects the amount of resources available for end-to-end monitors. The Brocade FC4-48 blade allows end-to-end monitors on all 48 ports. For the FC4-16IP blade, end-to-end monitors are supported on the FC ports (ports 0 through - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 426
DID is the same as "DestID". The RX_COUNT updated accordingly. • For frames transmitted from the port with the end-to-end monitor installed, the frame DID is the same as "SourceID" 2/14, "0x111eef" "0x051200" End-to-End monitor number 1 added. 386 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 427
default EE mask value is ff:ff:ff. NOTE Only one mask per port can be set. When you set a mask, all existing end-to-end monitors are deleted. End-to-end masks are not supported be masked separately for any ports on FC4-48 port blades. 1. Connect to the switch and log in as Guide 387 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 428
0x000123 0x000789 WEB_TOOLS 0x0000000000000000 0x0000000000000000 10.106.7.179 3 0x001212 0x003434 WEB_TOOLS 0x0000000000000000 0x0000000000000000 10.106.7.179 switch:admin> perfdeleemonitor 0, 2 End-to-End monitor number 2 deleted switch:admin> 388 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 429
required to use the fmConfig command. The monitoring functionality, however, also requires the Fabric Watch license. When you configure 20 DCX-4S, and Brocade Encryption Switch Brocade 4800 (all blades except FC4-48) 12 16 Brocade 48000 (FC4-48 blade): • Lower 16 ports (0 through 15) 12 16 • - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 430
with the new fmConfig command. Once you use the fmConfig interface to configure and manage filter-based monitors, you can no longer use the old commands. Creating 17,0xFF,0x007;7,0x4F,0x01;" -port 3-5 Starting port :3 End port :5 Create Success :0 390 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 431
entire configuration, including configured thresholds be monitored is automatically saved to the persistent configuration unless you specify the -nosave option on is automatically saved to the persistent configuration unless you specify the -nosave Saving frame monitor configuration If you assign - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 432
that in the last entry, the "-" in the Count column indicates that the monitor is configured, but is not installed on the port. switch:admin> fmconfig --show SCSI Port|Frame Type |Count |HIGH Thres on which the specified frame type is monitored. 392 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 433
if the total traffic on the port exceeds the acceptable bandwidth consumption. You can use Top Talkers to identify the SID/DID pairs that consume the most bandwidth and can then configure them with certain Quality of Service (QoS) attributes so they get proper priority. See Chapter 18, "Optimizing - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 434
install Top Talker monitors either in port mode or fabric mode, but not both. NOTE A fabric mode Top Talker monitor and an end-to-end monitor cannot be configured on the same fabric. You must delete the end-to-end monitor before you configure the hardware resources, existing end-to-end monitors fail - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 435
installed on F_Ports are automatically uninstalled. If end-to-end monitors are present on the local switch, the command fails with the message: Cannot install less. For example, to display the top 5 flows on port 7 in WWN (default) format: perfttmon --show 7 5 To display the top flows on slot 2, port - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 436
display a maximum of 32 flows. For example, to display the top 5 flows on for domain 1 in WWN (default) format: perfttmon --show dom 1 5 To display the top flows on domain 2 in PID format: perfttmon --show All Top Talker monitors are deleted. 396 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 437
install a Top Talker monitor on a mirrored port. • Top Talker can monitor only 10,000 flows at a time. • Top Talker is not supported a monitor is installed on a port End-to-end monitors are not supported for ISLs. • For F_Port trunks, end-to-end • Brocade 300 platforms support eight frame monitors for - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 438
110379 Domain 98: Domain 99: 1337982 13965 Clearing end-to-end and ISL monitor counters You can use this procedure to clear statistics counters for end-to-end and ISL monitors. 1. Connect to the switch 1, continue? (yes, y, no, n): [no] y 398 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 439
an error message indicating the count has been exceeded and that some monitors have been discarded. 1. Connect to the switch and log in as admin. 2. Type one of the following commands, depending on the action you want to perform: • To save the current end-to-end and frame monitor configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 440
17 Performance data collection 400 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 441
Networking detection configuration details 423 Adaptive Networking overview Adaptive Networking is , the Adaptive Networking features can maximize The Adaptive Networking suite Bottleneck detection does not require a license. See port in the network. Top Talkers requires an Advanced Performance - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 442
services based on requirements. • To enable more important devices to use the network bandwidth during specific services, such as network ingress rate limiting is not enforced. The ingress rate limiting configuration is persistent across reboots. Note the following considerations about ingress - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 443
considerations: If Virtual Fabrics is enabled, the rate limit configuration on a port is on a per-logical switch basis. That is, if a port is configured to have a certain rate limit value, and the port 2 10, 11, 12, 13, 14 2, 3, 4, 5 8, 9 Fabric OS Administrator's Guide 403 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 444
because of a QoS mismatch. To preserve existing trunk groups, before you install the Adaptive Networking license, manually disable QoS on these 8 Gbps ports. Manually disabling QoS on 8 Gbps ports NOTE QoS is disabled by default on 4 Gbps ports and long-distance 8 Gbps ports. The following procedure - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 445
value of QOS E_Port is AE if QoS is automatically enabled by default, ON if QoS is enabled manually, and OFF or ".." if QoS is disabled. 5. Manually disable QoS on all of the ports identified in step 3 for Locked E_Port ISL R_RDY Mode Fabric OS Administrator's Guide 405 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 446
the priority level (H or L) in the zone name. The flow id allows you to have control over the VC assignment and control over balancing the flows throughout the fabric. The id is from 1-5 for high priority traffic, pairs in different edge fabrics. 406 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 447
is low priority. • All other traffic is medium priority, which is the default. H1 Domain 1 Domain 3 S1 1 9 H2 14 3 13 12 H1, H2, S3 QoS on E_Ports In addition to configuring the hosts and targets in a zone, you must also By default, QoS is enabled on 8 Gbps ports, except for long-distance - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 448
3, but would switch to the default (medium) priority from Domain 3 instructions. Following are requirements for establishing QoS over FCR: • QoS over FC routers is supported in Brocade native mode only. It is not supported in interopmode 2 or interopmode 3. 408 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 449
notation is not supported for QoS over FCR. • An Adaptive Networking license must be installed on every switch that is in the path between a given configured device pair, including Domain 5 LS2, FID3 16 Domain 6 Base switch Domain 9 17 Chassis 2 Fabric OS Administrator's Guide 409 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 450
active CP, the synchronization fails if the standby CP is running a Fabric OS version earlier than 6.3.0. Synchronization can succeed only if the QoS D,I zones are removed. Supported configurations for traffic prioritization Note the following configuration rules for traffic prioritization: • All - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 451
firmware versions earlier than Fabric OS 6.3.0, QoS is enabled by default on these ports. When you upgrade to Fabric OS 6.3.0, the QoS configuration the QoS setting is reset to the default setting (QoS disabled). on which QoS should be manually enabled. In the islshow output Guide 411 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 452
for ports 2 and 19 and ON for port 8. This means that QoS is enabled by default on ports 2 and 19 and enabled manually on port 8. Port 19 is an 8 Gbps port, so you do not need to Fill Word 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AL_PA Offset 13 412 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 453
the lowest priority takes precedence. For example, if an effective zone configuration has QOSH_z1 (H,T) and QOSL_z2 (H,T), the traffic flow between H and OS Encryption Administrator's Guide for information about redirection zones. • Traffic prioritization is not supported in McDATA Fabric Mode - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 454
port for 8-Gbps ports in LE mode. See Chapter 20, "Managing Long Distance Fabrics," for information about buffer credit allocation in extended enabled by default on all ports. If you use the portCfgQos command to enable QoS on a specific port, the port is toggled to apply this configuration, even - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 455
want to enable 'cfg1' configuration (yes, y, no, n): [no] y zone config "cfg1" is in effect Updating flash ... sw0:admin> portcfgqos for instructions. 3. Create LSAN zones in the edge fabric. See "Controlling device communication with the LSAN" on page 478 for instructions. Guide 415 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 456
configuration. 3. Enter the portCfgQos command to disable QoS on the E_Ports. Bottleneck detection Bottleneck detection does not require the rate at which the other end of the link can continuously accept traffic • Reduce the time it takes to troubleshoot network problems. If you notice one or more - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 457
detection is disabled by default. Best practice is to enable bottleneck detection on all switches in the fabric, and leave it on to continuously gather statistics. Supported configurations for bottleneck detection Note the following configuration rules for bottleneck detection: • Bottleneck - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 458
and downgrade considerations for bottleneck detection The bottleneck detection configuration is persistent across firmware upgrades and downgrades. If you downgrade to Fabric OS 6.3.x, bottleneck detection is supported; however, the bottleneck configuration is not applied. You must re-apply the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 459
the bottleneckmon --enable command to enable bottleneck detection on all eligible ports on the switch. By default, alerts are not sent unless you specify the alert parameter; however, you can view a history a trunk master or leaves the trunk. Fabric OS Administrator's Guide 419 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 460
==== 12 13 14 Changing bottleneck alert parameters When you enable bottleneck detection, you can configure alert parameters that apply to every port on the switch. After you enable bottleneck detection, been excluded from bottleneck detection. 420 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 461
for the entire logical switch. switch:admin> bottleneckmon --config -alert -lthresh .97 -cthresh .8 -time 5000 switch:admin> bottleneckmon --status Bottleneck detection - Enabled Fabric OS Administrator's Guide 421 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 462
statistics for all ports on the switch, or a list of ports affected by bottleneck conditions. • Continuously update the displayed data with fresh data. 1. Connect to the switch and log in as admin. 2. Enter Jan 13 18:54:15 Jan 13 18:54:20 1 422 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 463
:54:35 0 Disabling bottleneck detection on a switch When you disable bottleneck detection on a switch, all bottleneck configuration details are discarded, including the list of excluded ports and non-default values of alerting parameters. 1. Connect to the switch and log in as admin. 2. Enter the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 464
18 Disabling bottleneck detection on a switch 424 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 465
Managing Trunking Connections 19 In this chapter •Trunking overview 425 •Supported hardware 427 •Recommendations for trunking groups 427 •Basic trunk group configuration implemented for any eligible ISLs after you install the Brocade ISL Trunking license. The license must be installed - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 466
required after you install managing trunking connections Following is the criteria for managing later, you can configure EX_Ports to use EX_Port frame trunking configuration" on page 474 supports all stand-alone Brocade switches, but provides no interoperability support compatible with both - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 467
Supported hardware 19 Supported hardware Trunking is supported on the FC ports of all Brocade platforms and blades supported ISLs, ensure that all trunking requirements are met to allow a trunking to be rerouted, because the link cost remains constant. - The addition of Guide 427 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 468
configuration Basic trunk group configuration Re-initializing ports for trunking is required after you install update the trunking configuration, the ports to which the configuration applies are disabled and re-enabled with the new trunk configuration command to monitor problem areas where there are - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 469
Basic trunk group configuration 19 Displaying trunking information 1. Connect to the switch and log in using an account assigned to the Rx: Bandwidth 4.00Gbps, Throughput 1.67Gbps (48.48%) Tx+Rx: Bandwidth 8.00Gbps, Throughput 3.33Gbps (48.46%) Fabric OS Administrator's Guide 429 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 470
for trunking over extended fabrics: • It is supported only on switches running Fabric OS v6.1.0 and later. • Extended Fabrics and ISL Trunking licenses are required on all participating switches. • When configuring long distance, the portCfgLongDistance --vc_translation_link_init parameter must be - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 471
Static See note below NOTE The L0 mode supports up to 5 km at 2 Gbps, up Configuration Tasks" on page 35. F_Port trunking F_Port trunking is enabled between two separate Fabric OS switches that support and VA-40FC platforms support a trunk group with configuration for configuration using the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 472
support shared area ports on the FC8-48 and FC4-48 blades in the Brocade 48000. F_Port trunking is supported model, which is the default mode for all dynamically configurations are removed from a port in a logical switch, that port returns to the default 10-bit area address model, which supports - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 473
supports the configuration before you can move is configured using the portAddress command, then the port cannot be configured as on some ports in the default switch, and you disable Virtual . The ISL trunking feature supports N_Port connections for edge switches requirements. The following - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 474
. FIGURE 66 Switch in Access Gateway mode without F_Port trunking FIGURE 67 Switch in Access Gateway mode with F_Port masterless trunking 434 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 475
F_Port masterless trunking 19 NOTE You do not need to manually map the host to the master port because Access Gateway will perform a cold failover to the master port. To implement F_Port masterless trunking, you must first configure an F_Port trunk group and statically assign an Area_ID within the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 476
its Default blade, F_Port masterless trunking is supported only on ports 0 - 15. FICON is not supported firmware version earlier than Fabric OS v6.2.0 and a Trunk Area is present on the switch, the CP blades will become out of sync. F_Port trunks are not allowed on Inter-Chassis Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 477
Description Management Server NPIV supported on the F_Port trunk masters. Bandwidth information will be modified accordingly as the F_Port trunk forms. The switchCfgTrunk 0 command will fail if the standby CP is running a firmware version earlier than Fabric OS v6.2.0. No Guide 437 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 478
you remove a TA from a port, the port immediately acquires the default area as its PID. F_Port trunking prevents reassignments of the Port ID --show enabled command to display the TA-enabled port configuration. switch:admin> porttrunkarea --show enabled Port Type State Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 479
becoming disabled in the case where there is a DCC security policy violation. You can configure authentication on all three Brocade trunking configurations. For more information on authentication, see Chapter 7, "Configuring Security Policies". Fabric OS Administrator's Guide 439 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 480
19 F_Port masterless trunking 440 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 481
Configuring an extended ISL 443 •Buffer credit management 445 •Buffer credit recovery 453 Long distance fabrics overview The most effective configuration for implementing is installed on gateway switches (E_Port connectivity from one switch to another), the ISLs (E_Ports) are configured with - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 482
blade - The FC4-16IP blade has eight Gigabit Ethernet ports and eight FC ports. It is used to implement the iSCSI Gateway Service power cycles. This command supports the following long-distance link modes: • Static Mode (LO) - L0 is the normal (default) mode for a port. It configures credits required - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 483
are nearly equal. For information on trunking concepts and configurations, refer to Chapter 19, "Managing Trunking Connections". • Only qualified Brocade SFPs are used. Only Brocade-branded or certain Brocade-qualified SFPs are supported on the 8 Gbps platforms. 1. Connect to the switch and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 484
credit recovery; credit recovery is not compatible with the IDLE mode. If you do not disable the credit recovery, it continues to perform a link reset. switch:admin> portcfgcreditrecovery --disable [slot/]port 4. Configure the port to support long-distance links. switch:admin> portcfglongdistance - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 485
is used to manage Buffer-to-Buffer flow control. Buffer-to-Buffer flow control works by a sending port using its available credit supply and waiting to have the credits replenished by the port on the opposite end of the link. These BB credits are used by Class 2 and Class 3 service and rely on - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 486
hardware at the other end must acknowledge that the frame has been received before a successful transmission occurs. This requires enough capacity in the hardware managed for extended ISLs. Buffer credits are managed required configured and blades have a switches and blades do not have this - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 487
size is 24 bytes. If applications require extensive control information, up to 64 additional bytes bytes 0 - 16,896 bits CRC 4 bytes 32 bits End of frame 4 bytes 32 bits Total (Nbr bits/frame) parameter, which is required when a port is configured as an LD or Guide 447 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 488
allocate the buffers required for the port in a switch or blade, number of user differ from the supported values in Table buffer credits reserved for Fabric Services, Multicast, and Broadcast are variables that can change based on how your network is set up: • If you have a Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 489
Buffer credit management 20 24 = the number supported: [Maximum Distance X in km] = (BufferCredits + 6) * 2 / LinkSpeed 498 km = (492 + 6 buffers for Fabric Services) * 2 / 2 Gbps How many 50 km ports can you configure? * 8.5) / 2.125] = 828 Fabric OS Administrator's Guide 449 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 490
management default buffer allocation: switch:admin> portcfgfportbuffers --disable 2/44 NOTE The configured number of buffers for the given port is stored in the configuration database and is persistent across reboots. The F_Port buffer feature does not support OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 491
1324 number designates the number in a Brocade 48000 director. Additional buffers are available with the Brocade 48000 director because of fewer buffers allocated for back-end port connections. Implementing extended fabrics between Brocade 2xxx switches and switches running any Fabric OS v6.x is not - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 492
20 Buffer credit management Maximum configurable distances for Extended Fabrics Table 93 shows the maximum supported extended distances (in kilometers) that can be configured for one port on a specific switch or blade at different speeds. TABLE 93 Configurable distances for Extended Fabrics - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 493
Buffer credit recovery does not require configuration. This feature allows links reset, the frame and credit loss counters are reset without performance degradation. This feature is only supported on E_Ports that are configured for long distance and are connected between the following switch or blade - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 494
20 Buffer credit recovery 454 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 495
example, using FCR you can share tape drives across multiple fabrics without the administrative problems, such as change management, network management, scalability, reliability, availability, and serviceability, that might result from merging the fabrics. You can set up QoS traffic prioritization - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 496
7800, Brocade Encryption Switch, and on the 8-Gbps port blades of the Brocade DCX and DCX-4S require an Integrated Routing license. See "Integrated Routing" on page 457 for additional information about the Integrated Routing feature. Supported configurations In an edge fabric that contains a mix of - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 497
in the same chassis. Integrated Routing is not supported on 8-Gbps blades in the Brocade 48000. Fibre Channel routing concepts Fibre Channel routing introduces the following concepts: • Fibre Channel router (FC router) A switch running the FC-FC routing service. See "Supported platforms for Fibre - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 498
supported platforms by using an EX_Port or VEX_Port. • Backbone fabric A backbone fabric is an intermediate network an inter-fabric link (IFL). You can configure multiple IFLs from an FC router to an the fabrics while maintaining the access controls of zones. An LSAN device can Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 499
fabric. It has a name server entry and is assigned a proxy device is required for inter-fabric Channel device, has a name server entry, and is assigned a fabric at the opposite end of the inter-fabric configured with the same FID. - If configured same. If you configure the same fabric ID - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 500
phantom domains: front phantom domains and translate phantom domains. For detailed information about phantom domains, see "Phantom domains" on page 462. 460 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 501
2 E_Port IFL FC router FIGURE 71 MetaSAN with imported devices Routing types The FC-FC routing service provides two types of routing: • Edge-to-Edge Occurs when devices in one edge fabric communicate be presented to each other's native fabric. Fabric OS Administrator's Guide 461 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 502
edge fabrics using LSANs. See "LSAN zone configuration" on page 477 for more information. NOTE Management Server Platform services and interopmode are not supported in the backbone fabric. Phantom domains A fabrics connected to the FC routers. 462 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 503
domain 1 (FC router 1) Xlate domain 1 (Fabric 2) Front domain 2 (FC router 2) Xlate domain 2 (Fabric 3) Target 1' Target 2' Target 3' FIGURE 73 EX_Port phantom switch topology Fabric OS Administrator's Guide 463 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 504
routing service To set up the FC-FC Routing Service, perform networks. (See "FCIP tunnel configuration" on page 467.) • Configure IFLs for edge and backbone fabric connection. (See "Inter-fabric link configuration" on page 468.) • Modify port cost for EX_Ports, if you want to change from the default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 505
2. Perform the following appropriate action based on the hardware model you are configuring: • If you are configuring the Brocade 48000 director, enter the slotShow command to verify that the FR4-18i blade is present. Proceed to step 3. • If you are configuring the Brocade DCX or DCX-4S, enter the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 506
mode on If InteropMode is on, FC routing is not supported. To turn off interoperability mode, disable the switch and configuration has only one backbone fabric, then this task is not required because the backbone fabric ID in this situation defaults to a value of 128. The default Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 507
it defaults to a disabled state. Then configure the VE_Port or VEX_Port. After the appropriate ports are configured, enable the tunnel. NOTE This section is applicable only to Fabric OS fabrics and does not apply to M-EOS fabrics. See the Fibre Channel over IP Administrator's Guide for instructions - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 508
fabric ID (avoid using fabric IDs 1 and 128, which are the default IDs for backbone connections). The following example configures the EX_Port (or VEX_Port) and assigns a Fabric ID of 30 to port primary wwn: N/A Edge fabric's version stamp: N/A 468 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 509
Configure FC router port cost, if you want to change the default values. For information about using FC router port cost operations, see "FC Router port cost configuration and FX8-24 blades are configured as persistently disabled by default, to avoid inadvertent fabric merges when installing a new FC - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 510
ON 9. Enter either the portCfgEXPort or portShow command to verify that each port is configured correctly: switch:admin> portcfgexport 7/10 Port 7/10 info Admin: enabled State: NOT device(s) connected: Distance: normal portSpeed: N4Gbps 470 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 511
"Brocade 7500" FC Router port cost configuration The router port cost is set automatically. This section provides information about the router port cost and describes how you can modify the cost for a port if you want to change the default value. Fabric OS Administrator's Guide 471 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 512
cost settings are 0, 1000, or 10,000. If the cost is set to 0, the default cost will be used for that IFL. The FC router port cost is persistent and is saved in the existing port configuration file. Router port cost two FR4-18i blades. • The router port cost does not help compatible, ways: • Failing - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 513
the cost for that port. You can configure the EX_ cost of the EX_Port back to the default, enter a cost value of 0: switch:admin> fcrrouterportcost 7/10 0 6. Enter the portEnable command to enable the ports that you disabled in step 1. switch:admin> portenable 7/10 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 514
configure EX_Ports to use frame-based trunking just as you do regular E_Ports. EX_Port frame trunking support cost of the master port. For information about setting up E_Port trunking on an edge fabric, see Chapter 19, "Managing Trunking Connections," in this guide the FR4-18i blade, or for EX_Ports - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 515
enabled or disabled enabled or disabled enabled or disabled enabled or disabled n/a n/a n/a Supported configurations and platforms The EX_Port trunking is an FCR software feature and requires that you have a trunking license installed on the FC router and on the edge fabric connected to the other - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 516
compatibility support For backward compatibility, an FC router that supports EX_Port trunking can continue to interoperate with older FC routers and all previously supported Brocade switches in the backbone fabric or Brocade edge fabric. Configuring Chapter 19, "Managing Trunking Connections," and - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 517
LSAN zone configuration An LSAN consists of zones in two or more edge or backbone fabrics that contain the same devices. LSANs essentially provide selective device connectivity between fabrics without forcing you to merge those fabrics. FC routers provide multiple mechanisms to manage inter-fabric - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 518
configuration LSAN zones and fabric-to-fabric communications Zoning is enforced by all involved fabrics; any communication from one fabric to another must be allowed by the zoning setup on both fabrics. If the SANs are under separate administrative control :0c The Local Name Server has 1 entry } - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 519
:20:b4 The Local Name Server has 2 entries } 8. configuration. This action will replace the old zoning configuration with the current configuration selected. Do you want to enable 'zone_cfg' configuration (yes, y, no, n): [no] y zone config "zone_cfg" is in effect Updating Guide 479 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 520
zones, or LSAN count, that can be configured on the edge fabrics. By default, the maximum LSAN count is set to 3000. You can increase the maximum LSAN count to 5000 without disabling the switch. The maximum number of LSAN devices supported Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 521
support this feature. Verify the configured maximum limit against the LSANs configured using the fcrResourceShow command. Configuring HA synchronization to fail. • If the feature is enabled, before downgrading to an earlier Fabric OS version, you will be asked to go back to the default mode. • - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 522
the proxy devices might cause some sensitive hosts to time out or fail. The Speed tag allows you to speed up the discovery process by out. You set the Speed tag on the FC router, and then configure the LSANs in the target edge fabrics with the tag. For example, Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 523
before you configure the Enforce tag. Configuring the Speed tag does not require that the FC router be disabled; however, after configuring the an FC router is 8. • Up to 500 Speed LSANs are supported. Configuring an Enforce LSAN tag 1. Log in to the FC router as admin. Guide 483 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 524
zone configuration 4. > fcrlsan --add -enforce enftag1 LSAN tag set successfully sw0:admin> switchenable Configuring a Speed LSAN tag 1. Log in to the FC router as admin. -speed fasttag2 LSAN tag removed successfully Displaying the LSAN tag configuration 1. Log in to the FC router as admin. 2. - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 525
access its local edge fabrics. The LSAN zone limit supported in the backbone fabric is not limited by the capability of one FC router. In addition, due to the lower LSAN count, the CPU consumption by the FC router is lower. If you configure the metaSAN such that the backbone fabric has two - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 526
21 LSAN zone configuration LSAN zone 1 LSAN zone 2 Fabric 1 Fabric 2 Fabric 3 FC router 1 Backbone fabric FC router 3 FC router 10,000 devices and the backbone fabric can support more FC routers. • With LSAN zone binding, CPU consumption by an FC router is lower. 486 Fabric OS Administrator - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 527
option is for creating and updating the FC router matrix, and the -lsan option is used for creating and updating the LSAN fabric matrix. NOTE this FC router to other FC routers. • You must manually configure the LSAN fabric matrix on these FC routers to match the 's Guide 487 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 528
LSAN zone configuration LSAN fabric 4 5 fcrlsanmatrix --add -lsan 5 6 Fabrics that are not specified are part of the default binding and can access other edge fabrics that are not specified. So Fabrics 7, 8, and :Admin> fcrlsanmatrix --apply -all 488 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 529
domain ID to a translate domain. Fabric parameter considerations By default, EX_Ports and VEX_Ports detect, autonegotiate, and configure the fabric parameters without user intervention. You can optionally configure these parameters manually. Fabric OS Administrator's Guide 489 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 530
, E_D_TOV (error-detect timeout value), R_A_TOV (resource-allocation timeout value), and PID format, must be the same on EX_Ports or VEX_Ports and on the fabrics to which they are connected. You can set the PID format on an EX_Port when you configure an inter-fabric link. The default values for - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 531
Whenever a resource is exhausted, Fabric OS generates an error message. The messages are described in the Fabric OS one. One device imported into multiple edge fabrics counts multiple times. The default maximum number of LSAN zones is 3000. See "Setting the maximum LSAN 's Guide 491 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 532
Fabrics, the chassis is automatically rebooted. When the switch comes up, only one default logical switch is present, with the default fabric ID (FID) of 128. All previously configured EX_Ports and VEX_Ports is allowed only on the base switch. 492 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 533
chassis or a different chassis Configuring a logical switch to use XISLs" on page 232 for instructions on disallowing XISL use. Since XISL use is disallowed, dedicated links must be configured configuration is not supported. • Backbone-to-edge routing is not supported 1 are configured to allow XISL - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 534
15 E EX Logical switch 4 EX (Base switch) Fabric ID 8 E ISL IFL XISL Physical chassis 2 E Logical switch 5 F (Default logical switch) Fabric ID 128 Logical switch 6 F Fabric ID 1 Allows XISL use E Logical switch connected to the base switch. 494 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 535
any downgrades. For further instructions on downgrading, refer to Chapter 9, "Installing and Maintaining Firmware". How replacing port blades affects EX_Port configuration If you replace an FR4-18i blade with an 8-Gbps port blade or FX8-24 blade, the EX_Port configuration remains the same for the - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 536
remains the same for the first 12 FC ports on the FX8-24 blade. If you replace an 8-Gbps port blade or FX8-24 blade with another 8-Gbps port blade, the EX_Port configuration remains the same. Displaying the range of output ports connected to xlate domains The edge fabric detects only one - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 537
the ability to configure any EX_Port to connect to an M-EOS fabric by using an E_Port without disrupting the existing services. All the Mode and supports backbone-to-edge and edge-to-edge routing. Table 96 outlines which releases of Fabric OS are compatible with which 's Guide 497 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 538
blade. The Fibre Channel routing feature for M-EOS interoperability is not a licensed feature. TABLE 97 Fabric OS and M-EOSn interoperability compatibility backup solutions across Fabric OS and M-EOS fabrics. • Manageable large-scale storage network-Uses the Fabric OS v6.0 or later FC router - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 539
documentation The default supported on EX_Ports connected to the M-EOS fabric. Connectivity modes You can connect to M-EOS fabrics in both McDATA Open mode or McDATA Fabric mode. If the mode is not configured correctly, the port is disabled because of incompatibility. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 540
configured in Fabric mode. NOTE For additional information on configuring the FC router, refer to Chapter 21, "Using the FC-FC Routing Service". 1. To verify the Native McDATA firmware Ports are persistently disabled by default. 5. Enter the portCfgExPort command to configure the port as an EX_Port - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 541
Fabric OS fabric. The nsAllShow displays the global name server information and fabricShow displays the fabric membership information. The for the M-EOS fabric. See the EFC Manager Software User Manual for information using DCFM. When you have configured the FC router to connect to a fabric, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 542
details about LSAN zoning, see "LSAN zone configuration" on page 477. The FC router can support up to 2048 zones when connected to an M-EOS v9.6 switch. NOTE For detailed instructions for the steps in the following procedure, refer to the Zoning User Manual. http://www.brocade.com/data-center-best - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 543
troubleshoot the problem, using the command output. If an EX_Port connecting an FC router and an edge fabric is disabled due to an error, the error appear green. Tab to Zone and verify that the zone set configuration is correct: a blue icon beside each entry indicates that Guide 503 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 544
A Fabric configurations for interconnectivity state rev owner known v520 0xfffc02 Device list: count 1 Type Pid COS PortName NodeName N 010e00; 3;10:00:00:00: the lsanZoneShow -s command to verify FIDs and devices to be shared among LSANs. 504 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 545
of supported configurations 509 Inband Management overview Inband Management on the Brocade 7500 Extension Switch allows a management station to communicate to the CP through the GE ports for tasks such as downloading firmware, SNMP polling, SNMP traps, troubleshooting, and configuration. To - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 546
for the source address NAT for the new Inband Management interfaces, so no additional configuration is required. IP address and routing management The CP and GE port processor Ethernet interfaces must have IP addresses associated with them. By default, there will be no IP addresses associated with - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 547
Management interface The portCfg inbandmgmt command stores the IP address of the CP Inband Management interface and routes in the configuration database and updates the current configuration portCfg inbandmgmt command to configure an IP address to the Adding an Inband Management route on the CP 1. - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 548
Management option appears at the end of the line. This indicates that the route is using one of the internal interfaces. The portCfgShow inbandmgmt command displays the addresses that are currently configured 7500 management destination path. Viewing Inband Management IP routes 1. Management - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 549
to enter FIPS mode, an error will occur. You must delete the configuration of these devices prior to entering FIPS mode. Examples of supported configurations The following examples demonstrate how to set up your Brocade 7500 Extension Switches using two different network scenarios. These are only - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 550
to the 7500 R1. linux> route ge0 -host 10.1.2.20 gw 192.186.3.20 Configuring a Management Station on different subnets For a configuration with multiple subnets, the routes must be added to all intermediate hops in the network as seen in Figure 81 on page 511. To minimize the effect on IP traffic - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 551
Examples of supported configurations B FIGURE 81 Management Station on a different subnet 1. Configure the IP address for each of the 7500s (L1 and R1): a. On the 255.2 255.255.255.0 b. Add the route on the switch going to the Management Station. Fabric OS Administrator's Guide 511 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 552
B Examples of supported configurations switch:admin> portcfg inbandmgmt ge0 routeadd 192.168.3.0 255.255.255.0 192.168.2.250 4. Configure the routes on Router A. a. Configure the route going to the 7500 L1 management address. linux> route add -host 10.1.1.10 gw 192.168.1.10 b. Configure the route - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 553
64 is not supported on the Brocade 48000 director. If your blade does not have the maximum number of ports, use the lower sections of the table to determine the area_ID and index. TABLE 99 Default index/area_ID core /201 337/217 353/233 369/249 Fabric OS Administrator's Guide 513 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 554
C Port indexing on the Brocade 48000 director TABLE 99 Default index/area_ID core PID assignment with no port swap for the Brocade 48000 director (Continued) Port on blade Slot 1 Slot 2 Idx/area Idx/area Slot 3 Idx/area 80/80 96/96 112/112 514 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 555
maximum number of ports (used by the FC8-64 blade). If your blade does not have the maximum number of ports, use -- N4 No_Module 18 2 2 0a1240 -- N4 No_Module (output truncated) TABLE 100 Default index/16-bit PID assignment with no port swap on a Brocade DCX backbone Port Guide 515 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 556
C Port indexing on the Brocade DCX backbone TABLE 100 Default index/16-bit PID assignment with no port swap on a Brocade DCX backbone (Continued) Port (DCX) Slot 1 Index/PID /0x1d40 45/0x2d40 61/0x3d40 77/0x4d40 93/0x5d40 109/0x6d40 125/0x7d40 516 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 557
Brocade DCX-4S backbone C TABLE 100 Default index/16-bit PID assignment with no port 0 all the way through slot 8 port 255 for the FC8-64 blade. There are no shared areas on the Brocade DCX-4S. Table 101 shows -- N4 No_Module (output truncated) Fabric OS Administrator's Guide 517 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 558
C Port indexing on the Brocade DCX-4S backbone TABLE 101 Default index/16-bit PID assignment with no port swap for the Brocade DCX-4S Port on blade Slot 1 Index/PID Slot 2 Index/PID Slot 7 Index/PID Slot 8 0x1d00 93/0x5d00 157/0x9d00 221/0xdd00 518 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 559
indexing on the Brocade DCX-4S backbone C TABLE 101 Default index/16-bit PID assignment with no port swap for the Brocade DCX-4S (Continued) Port on blade Slot 1 Index/PID Slot 2 Index/PID Slot 7 0 0/0x0000 64/0x4000 128/0x8000 192/0xc000 Fabric OS Administrator's Guide 519 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 560
C Port indexing on the Brocade DCX-4S backbone 520 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 561
FIPS 140-2 level 2 compliance passwords, shared secrets, and the private keys used in SSL, TLS, and system login need to be cleared out or zeroized. Power-up self tests are executed when the switch is powered on to check for the consistency of the algorithms implemented in the switch. Known-answer - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 562
roles need to use fipsCfg --zeroize, which in addition to removing user accounts and resetting passwords, also does the complete zerioization of the system. The aaaConfig --remove zeroizes the secret and deletes a configured server. /dev/urandom is used as the initial source of seed for RNG. RNG - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 563
console. This includes logging both passing and failing results. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for instructions on how to recover if your system cannot get out of the conditional test mode. FIPS mode configuration By default, the switch comes up in non-FIPS mode - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 564
RADIUS CONFIGURATIONS RADIUS configuration does not exist. adldap.local LDAP CONFIGURATIONS Position Server Port Domain Timeout(s) : 1 : GEOFF5.ADLDAP.LOCAL : 389 : adldap.local : 3 Primary AAA Service: LDAP Secondary AAA Service: Switch database 524 Fabric OS Administrator's Guide 53 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 565
identity as mentioned in the common name of the server certificate. 3. Set up LDAP according to the instructions in "LDAP configuration and Microsoft Active Directory" on page 111 in Chapter 5, "Managing User Accounts". • Additional Microsoft Active Directory settings a. Set the following SCHANNEL - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 566
D FIPS mode configuration LDAP certificates for FIPS mode To utilize the LDAP services for FIPS between the switch and the host, you must generate a CSR on the Active Directory server and import and export the CA certificates. To support server certificate validation, it is essential to have the CA - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 567
on Microsoft Active Directory server and CA certificate on the switch for using LDAP authentication. 4. Block Telnet, HTTP, and RPC. 5. Disable BootProm access. 6. Configure the switch for signed firmware. 7. Disable root access. 8. Enable FIPS. Fabric OS Administrator's Guide 527 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 568
. 4. Install the LDAP CA certificate on the switch and Microsoft Active Directory server. Refer to the instructions "LDAP firmware by typing the configure command and respond to the prompts as follows: System services No cfgload attributes Yes 528 Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 569
Installing and Maintaining Firmware". 7. Disable selftests by typing the following command: fipscfg --disable selftests 8. Disable IPFilter policies that were created to enable FIPS. 9. Optional: Configure RADIUS server authentication protocol. 10. Reboot the switch. Fabric OS Administrator's Guide - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 570
the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg --zeroize. 3. Reboot the switch. Displaying FIPS configuration 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg --showall. 530 Fabric OS - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 571
6 Share Area: No Device Shared in Other AD: No Redirect: No The Local Name Server has 1 entry } 1. Separate the triplets: 61 06 00 2. Convert each hexadecimal value in loop, shared areas in PID assignments on blades, NPIV, and Access Gateway devices) Result: hexadecimal triplet 610600 = decimal triplet - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 572
171 172 173 174 175 176 177 178 179 180 Hex ab ac ad ae af b0 b1 b2 b3 b4 532 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 573
f1 f2 f3 f4 f5 f6 f7 f8 f9 fa Decimal 251 252 253 254 255 Hex fb fc fd fe ff Fabric OS Administrator's Guide 533 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 574
E Hexadecimal overview 534 Fabric OS Administrator's Guide 53-1001763-02 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 575
Index Numerics 239 domain ID mode, 301 A AAA service requests, 99 access browser support, 122 changing account parameters, 89 CP blade, 105 creating accounts, 88 deleting accounts, 89 IP address changes, 17 log in fails, 17 NTP, 28 password, changing, 19 remote access policies, 108 secure, HTTPS, - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 576
on, 53 types of, 39 boot PROM password, 95 bottleneck detection, 416 Broadcast server, 4 broadcast zones, 244 Brocade Vendor-Specific Attribute, 101 browser and Java support, 122 browser, configuration for certificates, 125 buffer credit management, 445 buffer credit recovery, 453 buffer-to-buffer - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 577
changing an account password, 91 FID of logical switch, 230 logical switch to base switch, 231 RADIUS configuration, 115 RADIUS servers, 115 clearing performance monitor counters, 398 clearing zone configurations, 258 command line interface, 16 configuration file backing up, 178 chassis section, 178 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 578
(Data Center Fabric Manager), 15 deactivating Admin Domains, 349 TI zones, 285 default IP Policy Rules, 156 logical switch, 210 zone mode, 252, 344 defined AD configuration, 344 zone configuration, 242 deleting accounts, 89 Admin Domains, 351, 352 alias, 248 end-to-end monitors, 388 frame monitors - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 579
auto discovery process, 12 Fibre Channel routing, 457 Fibre Channel services, 3 FICON-MIB, 128 FIPS certificates, installing, 526 firmwareDownload, 201 Inband Management, 509 LDAP certificates, displaying and deleting, 526 firmware download, 190 auto-leveling, 205 connected switches, 192 enterprise - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 580
(ISL), 66 IP Filter supported services, 155 IP-NAT, 65 IPsec algorithms, 167 Authentication Header protocol, 166 configuration on the management interface, 164 Encapsulating Security Payload protocol, 166 flushing SAs, 173 IKE policies, 169 key management, 169 manual key entry, 170 policies, 168 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 581
server, 4 managing accounts, 89 zoning configurations in a fabric, 259 mask for end-to-end monitors setting, 387 matching fabric parameters, 464 McDATA, 501 members policy, 134 M-EOS SANs, connecting with Fabric OS SANs, 497 merging zones, 253 MIB, 127 Fabric OS Administrator's Guide 53-1001763 - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 582
104 homeAD, 104 Virtual Fabrics HomeContext, 104 RADIUS client Windows configuration, 107 RADIUS clients switch configuration, 107 RADIUS server, 102 configuration, 105 LINUX configuration, 105 RADIUS service Windows configuration, 107 RBAC, 84 Registered State Change Notification, 12 remote access - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 583
passwords, 19 default zone mode, 344 mask for end-to-end monitors, 387 password, boot PROM, 95 security level, 129 switch date and time, 25 the IP address, 22 time zone, 27 time zones, 26, 27 traffic prioritization, 414 traffic prioritization over FC routers, 415 setting chassis configurations - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 584
tracking and controlling switch changes model managing Admin settings, 25 default logical switch services, 5 ports, moving, 229 restrictions, 222 supported platforms, 220 with traffic isolation over FCR, 281 XISL, allowing on logical switches, 232 VSA, 101 W Web Tools access methods, configuration - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 585
OS Administrator's Guide 53-1001763- configurations, 242 configurations, adding members, 254 configurations, creating and maintaining, 253 configurations, managing, 259 configuring rules, 243 creating, 249 creating a configuration, 254 database configurations, viewing, 258 database size, 253 default - Dell PowerEdge M710HD | Fabric OS Administrator’s Guide - Page 586
zone configurations creating, 254 deleting, 256 disabling, 256 enabling, 255 removing, 255 zone database and Admin Domains, 360 zone, broadcast, 244 zones QoS zones, 406 TI zones, 267 546 Fabric OS Administrator's Guide 53-1001763-02
53-1001763-02
13 September 2010
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS v6.4.0