Home » HP Manuals » Hubs & Switches » HP AE370A » Manual Viewer

HP AE370A Brocade Web Tools Administrator's Guide v6.0.0 (53-1000606-01, April - Page 218

FCIP-related features, IKE/IPSec, Understanding the FCIP Tunneling Service

UPC - 882780362611

Add to My Manuals
Save this manual to your list of manuals

Page 218 highlights

17 Understanding the FCIP Tunneling Service FCIP-related features Web Tools provides or supports these related features: • A per-tunnel compression feature that allows the Fibre Channel data frames to be compressed before they are sent over the tunnel as FCIP frames. • Fastwrite, which is a feature that reduces the number of round-trip times required to complete a SCSI write I/O and increases performance. • Tape pipelining which reduces the number of round trip times required to complete a SCSI write I/O and eliminates the sequential nature of the SCSI I/O. • IKE/IPSec Policy, which is a framework of open standards to ensure private, secure communications over IP networks through the use of cryptographic security services. IKE (Internet Key Exchange) is the protocol used to set up a Security Association in the IPSec protocol suite. NOTE You need an IPSec license to enable and use this feature. IKE/IPSec IKE/IPSec is not supported with the following protocols: • IPv6 • ESP in transport mode • NAT Traversal Table 12 explains the fields and related choices to create an IKE/IPSec policy. TABLE 12 IKE/IPSec Configuration Choices Field Description Choices Policy Type Policy Number Encryption Algorithm Authentication Algorithm Perfect Forward Secrecy (PFS) You can create either an IKE policy or an IPSec policy IKE IPSec This parameter helps you keep track of the number of policies you have created on your switch. You can choose any number from 1 through 32. You can define up to 32 IKE and 32 IPSec policies per switch. 1 through 32 A mathematical procedure for performing encryption on data. Through the use of an algorithm, information is made into meaningless cipher text and requires the use of a key to transform the data back into its original form. 3DES AES-128 AES-256 An encryption process or tool in which the results of text SHA-1 encryption depend on all relevant authentication MD5 elements. AES-XCBC In an authenticated key agreement protocol that uses public key cryptography, PFS is the property of disclosure of the long-term secret keying material that is used to derive an agreed ephemeral key that does not compromise the secrecy of the agreed keys from earlier runs. IKE on/off IPSec disabled 198 Web Tools Administrator's Guide 53-1000606-01

Section	Page
Contents	5
About This Document	15
In this chapter	15
How this document is organized	15
Supported hardware and software	16
What’s new in this document	17
Document conventions	17
Text formatting	17
Notes, cautions, and warnings	17
Key terms	18
Additional information	18
Brocade resources	18
Other industry resources	19
Getting technical help	19
Document feedback	20
Introducing Web Tools	21
In this chapter	21
System requirements	21
Setting Refresh Frequency for Internet Explorer	22
Deleting temporary internet files used by Java applications	23
Installing Java on the workstation	24
Installing the JRE on your Solaris or Linux client workstation	24
Installing patches on Solaris	24
Installing the Java plug-in on Windows	25
Configuring the Java plug-in	25
Configuring the Java plug-in for Windows	25
Configuring the Java plug-in for Mozilla family browsers	26
Installing a Web Tools license	27
Installing a Web Tools license through telnet	27
Installing a Web Tools license through a Web site	28
Installing other licenses through the Web	28
Value line licenses	29
Opening Web Tools	29
Logging in	30
Logging out	33
Administrative domains	33
Admin Domains and login	34
Admin Domains and switch WWN	34
Admin Domains and zoning	34
Role-Based Access Control	35
Session management	35
Ending a Web Tools session	36
Requirements for IPv6 support	36
Using the Web Tools Interface	37
In this chapter	37
Viewing Switch Explorer	37
Tasks	39
Fabric Tree	39
Changing the Admin Domain context	40
Switch View buttons	41
Switch View	41
Switch Events and Switch Information	42
Displaying tool tips	42
Refresh rates	44
Displaying switches in the fabric	45
Working with Web Tools: recommendations	45
Managing Fabrics and Switches	47
In this chapter	47
Managing fabrics and switches using Web Tools	47
Opening the Switch Administration window	49
Refreshing the Switch Administration window	49
Opening the telnet window	49
Configuring IP and netmask information	50
Configuring a syslog IP address	51
Removing a syslog IP address	51
Setting Up IP Filtering	51
Managing blades	52
Enabling or disabling a blade	52
Configuring a switch	54
Enabling and disabling a switch	54
Changing the switch name	54
Changing the switch domain ID	55
Viewing and printing a switch report	55
Rebooting the switch	56
Performing a fast boot	56
Performing a reboot	56
Changing system configuration parameters	56
Configuring fabric settings	56
Enabling insistent domain ID mode	58
Configuring virtual channel settings	58
Configuring arbitrated loop parameters	59
Configuring system services	59
Configuring signed firmware	59
Managing licensed features	60
Activating a license on a switch	61
Removing a license from a switch	61
Administering High Availability	61
Launching the High Availability Window	62
Synchronizing Services on the CP	63
Initiating a CP Failover	63
Monitoring events	64
Displaying Fabric Events	64
Displaying Switch Events	65
Filtering Fabric and Switch Events	66
Filtering events by event severity levels	67
Filtering events by message ID	68
Filtering events by service component	68
Displaying a fabric summary report	68
Displaying the Name Server entries	69
Printing the Name Server entries	70
Displaying detailed Name Server information for a particular device	70
Displaying the zone members of a particular device	71
Physically locating a switch using beaconing	71
Maintaining Configurations and Firmware	73
In this chapter	73
Maintaining configurations	73
Creating a backup of a configuration file	74
Restoring a configuration	75
Performing a firmware download	76
Interoperability	78
Configuring interoperability	79
Managing Your Ports	81
In this chapter	81
Viewing and managing ports using Web Tools	81
Opening the Port Administration window	81
Port Administration window components	83
Identifying controllable ports	84
Configuring ports	85
Configuring FC ports	85
Configuring FCIP ports	87
Configuring GbE ports	88
Assigning a name to a port	88
Enabling and disabling a port	89
Persistent enabling and disabling ports	90
Enabling and disabling NPIV ports	90
Enabling NPIV ports	90
Disabling NPIV ports	91
Enabling and disabling QoS ports	91
Enabling QoS	91
Disabling QoS	91
Activating ports	91
Enabling Ports on Demand	92
Enabling Dynamic Ports on Demand	93
Disabling Dynamic Ports on Demand	93
Reserving and releasing licenses on a port basis	93
Swapping port index	94
Swapping ports	94
Determining if a port index has been swapped with another switch port	94
Administering ISL Trunking	97
In this chapter	97
About Interswitch Link Trunking	97
Viewing trunk group information	98
Disabling or reenabling trunking mode on a port	98
Managing Administrative Domains	101
In this chapter	101
About administrative domains	101
Requirements for Admin Domains	101
User-defined Admin Domains	102
System-defined Admin Domains	102
Admin Domain membership	103
Enabling administrative domains	103
Using the Admin Domain window	103
Opening the Admin Domain window	106
Refreshing fabric information	106
Refreshing Admin Domain information	106
Saving local admin domain changes	107
Closing the Admin Domain window	107
Creating and populating domains	108
Creating an Admin Domain	108
Activating or deactivating an Admin Domain	110
Managing administrative domains	111
Adding and removing members	111
Renaming Admin Domains	112
Deleting Admin Domains	112
Administering Zoning	115
In this chapter	115
Introducing zoning	115
Configuring zoning	116
Opening the Zone Administration window	116
Setting the default zoning mode	116
Managing zoning with Web Tools	117
Refreshing fabric information	118
Refreshing Zone Administration window information	119
Saving local zoning changes	119
Closing the Zone Administration window	120
Select a zoning view	120
Managing zone aliases	121
Creating and populating zone aliases	121
Adding and removing members of a zone alias	122
Renaming zone aliases	122
Deleting zone aliases	122
Managing zones	123
Creating and populating zones	123
Adding and removing members of a zone	124
Renaming zones	124
Copying zones	124
Deleting zones	125
Managing zone configurations	125
Creating zone configurations	126
Adding or removing zone configuration members	127
Renaming zone configurations	127
Copying zone configurations	128
Deleting zone configurations	128
Enabling zone configurations	128
Disabling zone configurations	129
Displaying enabled zone configurations	129
Displaying zone configuration summaries	130
Creating configuration analysis reports	131
Displaying zones Initiator/Target accessibility	132
Managing the zoning database	133
Adding a WWN to multiple aliases and zones	133
Removing a WWN from multiple aliases and zones	133
Replacing a WWN in Multiple Aliases and Zones	134
Searching for zone members	134
Clearing the Zoning Database	134
Using Zoning Wizards	135
Best practices for zoning	137
Interoperability considerations for zoning	137
Monitoring Performance	139
In this chapter	139
Monitoring performance using Web Tools	139
Predefined performance graphs	140
User-defined graphs	143
Canvas configurations	143
Opening the Performance Monitoring window	143
Creating basic performance monitor graphs	144
Customizing basic monitoring graphs	144
Creating advanced performance monitoring graphs	146
Creating SID-DID Performance Graphs	146
Creating an SCSI vs. IP Traffic Graph	147
Creating SCSI Command Graphs	148
Creating AL_PA Error Graphs	149
Managing performance graphs	149
Saving graphs to a canvas	149
Adding graphs to an existing canvas	150
Printing a single graph	150
Printing all graphs in a canvas	150
Modifying graphs	151
Using the FC-FC Routing Service	153
In this chapter	153
Supported switches for fibre channel routing	153
About fibre channel routing	153
Setting up FC-FC routing	154
Managing FC-FC routing with Web Tools	155
Opening the FC Routing module	155
Viewing and managing LSAN fabrics	156
Viewing and configuring EX_Ports	157
Configuring an EX_Port	158
Editing the configuration of an EX_Port	159
Configuring FCR router port cost	159
Viewing and configuring LSAN zones	159
Viewing LSAN Devices	160
Configuring the backbone fabric ID	160
Working With Diagnostic Features	163
In this chapter	163
Managing trace dumps	163
How a trace dump is used	164
Setting up automatic trace dump transfers	164
Specifying a remote server	165
Enabling automatic transfer of trace dumps	165
Disabling automatic trace uploads	165
Displaying switch information	166
Viewing detailed fan hardware status	166
Viewing the temperature status	167
Viewing the power supply status	168
Checking the physical health of a switch	168
Interpreting port LEDs	170
Port icon colors	171
LED representations	171
Brocade 48000 Director LEDs	171
Administering Fabric Watch	173
In this chapter	173
Introduction to Fabric Watch	173
Using Fabric Watch with Web Tools	174
Opening the Fabric Watch window	175
Configuring Fabric Watch thresholds	175
Configuring threshold traits	175
Configuring threshold alarms	177
Enabling or disabling threshold alarms for individual elements	177
Configuring alarms for FRUs	178
Displaying Fabric Watch alarm information	179
Viewing an alarm configuration Report	179
Displaying alarms	179
Configuring email notifications	180
Configuring the email server on a switch	180
Configuring the email alert	180
Administering Extended Fabrics	183
In this chapter	183
About extended link buffer allocation	183
Configuring a port for long distance	185
Administering the iSCSI Target Gateway	187
In this chapter	187
Supported platforms for iSCSI	187
About the iSCSI service	187
Common Functions in the iSCSI Target Gateway Admin module	188
Terminology	189
Saving Changes	190
Setting up iSCSI Target Gateway Services	190
Launching the iSCSI Target Gateway Admin Module	191
Launching the iSCSI Setup wizard	192
Activating the iSCSI Feature	192
Configuring the IP Interface	192
Managing the iSCSI Virtual Targets	195
Viewing iSCSI Initiators	198
Managing Discovery Domains	198
Configuring CHAP	203
Configuring an iSCSI Fibre Channel Zone	204
Managing and Troubleshooting Accessibility	206
Using the Access Gateway	207
In this chapter	207
Introduction to Access Gateway	207
Enabling Access Gateway mode	207
Disabling Access Gateway mode	208
Viewing the Access Gateway settings	208
Modifying the port configuration	209
Creating port groups	209
Defining custom primary and secondary mapping	210
Changing Access Gateway policies	211
Path Failover and failback policies	212
Modifying Path Failover and failback policies	212
Enabling Automatic Port Configuration (APC)	212
Routing Traffic	213
In this chapter	213
About routing	213
Viewing FSPF routing	214
Configuring dynamic load sharing	214
Specifying frame order delivery	215
Configuring the link cost for a port	215
Using the FCIP Tunneling Service	217
In this chapter	217
Understanding the FCIP Tunneling Service	217
FCIP Wizard	217
FCIP-related features	218
IKE/IPSec	218
Configuring an FCIP interswitch/interfabric link	219
Configuring an IKE or IPSEC Policy	219
Configuring Virtual Ports	220
Interfaces, Routes, and Tunnels	221
Enabling Persistently Disabled Ports	223
Managing the FCIP tunneling service	223
Managing IP Interfaces for a GbE Port	223
Managing IP Routes for a GbE Port	225
Managing FCIP Tunnels	226
Configuring Standard Security Features	229
In this chapter	229
Creating and maintaining user-defined accounts	229
Viewing account information	231
Creating user-defined accounts	231
Deleting user-defined accounts	233
Changing account parameters	233
Maintaining passwords	234
Configuring access control list policies	237
Creating an SCC, DCC, or FCS policy	237
Editing an SCC, DCC, or FCS policy	238
Deleting an SCC, DCC, or FCS policy	238
Activating an SCC, DCC, or FCS policy	239
Distributing an FCS policy	239
Moving an FCS policy switch position	239
Configuring an authentication policy	239
Configuring authentication policies for E-Ports	240
Configuring authentication policies for F-Ports	240
Distributing authentication policies	240
Re-authenticating policies	241
Setting a shared secret key pair	241
Modifying a shared secret key pair	242
Configuring SNMP	242
Setting SNMP Trap Levels	242
Configuring SNMP Information	243
Managing RADIUS service	244
Enabling and Disabling RADIUS Service	246
Configuring the RADIUS Service	247
Modifying the RADIUS Server	247
Modifying the RADIUS Server Order	248
Removing a RADIUS Server	248
Managing Active Directory service	248
Enabling Active Directory service	248
Modifying Active Directory service	249
Removing Active Directory service	249
Administering FICON CUP Fabrics	251
In this chapter	251
About FICON CUP fabrics	251
Enabling port-based routing on the Brocade 4100, 5000, and 48000	252
Enabling or disabling FMS mode	253
Configuring FMS parameters	253
Displaying code page information	254
Viewing the control device state	255
Configuring CUP port connectivity	256
Viewing CUP Port Connectivity Configurations	256
Creating or Editing CUP Port Connectivity Configurations	257
Activating a CUP Port Connectivity Configuration	258
Copying a CUP Port Connectivity Configuration	258
Deleting a CUP Port Connectivity Configuration	259
Limitations	261
In this chapter	261
General Web Tools limitations	261

Match case Limit results 1 per page

198

Web Tools Administrator’s Guide

53-1000606-01

Understanding the FCIP Tunneling Service

FCIP-related features

Web Tools provides or supports these related features:

•

A per-tunnel compression feature that allows the Fibre Channel data frames to be compressed

before they are sent over the tunnel as FCIP frames.

•

Fastwrite, which is a feature that reduces the number of round-trip times required to complete

a SCSI write I/O and increases performance.

•

Tape pipelining which reduces the number of round trip times required to complete a SCSI

write I/O and eliminates the sequential nature of the SCSI I/O.

•

IKE/IPSec Policy, which is a framework of open standards to ensure private, secure

communications over IP networks through the use of cryptographic security services. IKE

(Internet Key Exchange) is the protocol used to set up a Security Association in the IPSec

protocol suite.

NOTE

You need an IPSec license to enable and use this feature.

IKE/IPSec

IKE/IPSec is not supported with the following protocols:

•

IPv6

•

ESP in transport mode

•

NAT Traversal

Table 12

explains the fields and related choices to create an IKE/IPSec policy.

TABLE 12

IKE/IPSec Configuration Choices

Field

Description

Choices

Policy Type

You can create either an IKE policy or an IPSec policy

IKE

IPSec

Policy Number

This parameter helps you keep track of the number of

policies you have created on your switch. You can

choose any number from 1 through 32. You can define

up to 32 IKE and 32 IPSec policies per switch.

1 through 32

Encryption Algorithm

A mathematical procedure for performing encryption on

data. Through the use of an algorithm, information is

made into meaningless cipher text and requires the use

of a key to transform the data back into its original form.

3DES

AES-128

AES-256

Authentication Algorithm

An encryption process or tool in which the results of text

encryption depend on all relevant authentication

elements.

SHA-1

MD5

AES-XCBC

Perfect Forward Secrecy

(PFS)

In an authenticated key agreement protocol that uses

public key cryptography, PFS is the property of

disclosure of the long-term secret keying material that is

used to derive an agreed ephemeral key that does not

compromise the secrecy of the agreed keys from earlier

runs.

IKE on/off

IPSec disabled