Home » HP Manuals » Hubs & Switches » HP AE370A » Manual Viewer

HP AE370A Brocade Web Tools Administrator's Guide v6.0.0 (53-1000606-01, April - Page 229

Configuring Standard Security Features, In

UPC - 882780362611

Add to My Manuals
Save this manual to your list of manuals

Page 229 highlights

Chapter Configuring Standard Security Features 18 In this chapter This chapter contains the following information: •Creating and maintaining user-defined accounts 209 •Configuring access control list policies 217 •Configuring an authentication policy 219 •Configuring SNMP 222 •Managing RADIUS service 224 Creating and maintaining user-defined accounts In addition to the default accounts-root, factory, admin, and user-Fabric OS supports up to 256 user-defined accounts in each logical switch (domain). These accounts expand your ability to track account access and audit administrative activities. Each user-defined account is associated with the following: • Admin Domain list-Specifies what Admin Domains a user account is allowed to log in to. • Home Admin Domain-Specified the Admin Domain that the user is logged in to by default. The home Admin Domain must be a member of the user's Admin Domain list. • Role-Determines functional access levels within the bounds of the user's current Admin Domain. Access rights for any user session are determined both by the user's role-based access rights and by the contents of the currently selected Admin Domain. See Chapter 1, "Introducing Web Tools" for additional information about Admin Domains and Role-Based Access Control (RBAC). The User tab of the Switch Administration window (see Figure 99 on page 211) displays account information. You can create and manage accounts depending on your role: TABLE 14 User role and permissions Role Permissions admin operator securityadmin switchadmin zoneadmin Create and manage all predefined and user-defined accounts Change your own password and cannot create, modify, or view predefined or user-defined accounts Create and manage all security roles. Change your own password and cannot create, modify, or view predefined or user-defined accounts Change your own password and cannot create, modify, or view predefined or user-defined accounts Web Tools Administrator's Guide 209 53-1000606-01

Section	Page
Contents	5
About This Document	15
In this chapter	15
How this document is organized	15
Supported hardware and software	16
What’s new in this document	17
Document conventions	17
Text formatting	17
Notes, cautions, and warnings	17
Key terms	18
Additional information	18
Brocade resources	18
Other industry resources	19
Getting technical help	19
Document feedback	20
Introducing Web Tools	21
In this chapter	21
System requirements	21
Setting Refresh Frequency for Internet Explorer	22
Deleting temporary internet files used by Java applications	23
Installing Java on the workstation	24
Installing the JRE on your Solaris or Linux client workstation	24
Installing patches on Solaris	24
Installing the Java plug-in on Windows	25
Configuring the Java plug-in	25
Configuring the Java plug-in for Windows	25
Configuring the Java plug-in for Mozilla family browsers	26
Installing a Web Tools license	27
Installing a Web Tools license through telnet	27
Installing a Web Tools license through a Web site	28
Installing other licenses through the Web	28
Value line licenses	29
Opening Web Tools	29
Logging in	30
Logging out	33
Administrative domains	33
Admin Domains and login	34
Admin Domains and switch WWN	34
Admin Domains and zoning	34
Role-Based Access Control	35
Session management	35
Ending a Web Tools session	36
Requirements for IPv6 support	36
Using the Web Tools Interface	37
In this chapter	37
Viewing Switch Explorer	37
Tasks	39
Fabric Tree	39
Changing the Admin Domain context	40
Switch View buttons	41
Switch View	41
Switch Events and Switch Information	42
Displaying tool tips	42
Refresh rates	44
Displaying switches in the fabric	45
Working with Web Tools: recommendations	45
Managing Fabrics and Switches	47
In this chapter	47
Managing fabrics and switches using Web Tools	47
Opening the Switch Administration window	49
Refreshing the Switch Administration window	49
Opening the telnet window	49
Configuring IP and netmask information	50
Configuring a syslog IP address	51
Removing a syslog IP address	51
Setting Up IP Filtering	51
Managing blades	52
Enabling or disabling a blade	52
Configuring a switch	54
Enabling and disabling a switch	54
Changing the switch name	54
Changing the switch domain ID	55
Viewing and printing a switch report	55
Rebooting the switch	56
Performing a fast boot	56
Performing a reboot	56
Changing system configuration parameters	56
Configuring fabric settings	56
Enabling insistent domain ID mode	58
Configuring virtual channel settings	58
Configuring arbitrated loop parameters	59
Configuring system services	59
Configuring signed firmware	59
Managing licensed features	60
Activating a license on a switch	61
Removing a license from a switch	61
Administering High Availability	61
Launching the High Availability Window	62
Synchronizing Services on the CP	63
Initiating a CP Failover	63
Monitoring events	64
Displaying Fabric Events	64
Displaying Switch Events	65
Filtering Fabric and Switch Events	66
Filtering events by event severity levels	67
Filtering events by message ID	68
Filtering events by service component	68
Displaying a fabric summary report	68
Displaying the Name Server entries	69
Printing the Name Server entries	70
Displaying detailed Name Server information for a particular device	70
Displaying the zone members of a particular device	71
Physically locating a switch using beaconing	71
Maintaining Configurations and Firmware	73
In this chapter	73
Maintaining configurations	73
Creating a backup of a configuration file	74
Restoring a configuration	75
Performing a firmware download	76
Interoperability	78
Configuring interoperability	79
Managing Your Ports	81
In this chapter	81
Viewing and managing ports using Web Tools	81
Opening the Port Administration window	81
Port Administration window components	83
Identifying controllable ports	84
Configuring ports	85
Configuring FC ports	85
Configuring FCIP ports	87
Configuring GbE ports	88
Assigning a name to a port	88
Enabling and disabling a port	89
Persistent enabling and disabling ports	90
Enabling and disabling NPIV ports	90
Enabling NPIV ports	90
Disabling NPIV ports	91
Enabling and disabling QoS ports	91
Enabling QoS	91
Disabling QoS	91
Activating ports	91
Enabling Ports on Demand	92
Enabling Dynamic Ports on Demand	93
Disabling Dynamic Ports on Demand	93
Reserving and releasing licenses on a port basis	93
Swapping port index	94
Swapping ports	94
Determining if a port index has been swapped with another switch port	94
Administering ISL Trunking	97
In this chapter	97
About Interswitch Link Trunking	97
Viewing trunk group information	98
Disabling or reenabling trunking mode on a port	98
Managing Administrative Domains	101
In this chapter	101
About administrative domains	101
Requirements for Admin Domains	101
User-defined Admin Domains	102
System-defined Admin Domains	102
Admin Domain membership	103
Enabling administrative domains	103
Using the Admin Domain window	103
Opening the Admin Domain window	106
Refreshing fabric information	106
Refreshing Admin Domain information	106
Saving local admin domain changes	107
Closing the Admin Domain window	107
Creating and populating domains	108
Creating an Admin Domain	108
Activating or deactivating an Admin Domain	110
Managing administrative domains	111
Adding and removing members	111
Renaming Admin Domains	112
Deleting Admin Domains	112
Administering Zoning	115
In this chapter	115
Introducing zoning	115
Configuring zoning	116
Opening the Zone Administration window	116
Setting the default zoning mode	116
Managing zoning with Web Tools	117
Refreshing fabric information	118
Refreshing Zone Administration window information	119
Saving local zoning changes	119
Closing the Zone Administration window	120
Select a zoning view	120
Managing zone aliases	121
Creating and populating zone aliases	121
Adding and removing members of a zone alias	122
Renaming zone aliases	122
Deleting zone aliases	122
Managing zones	123
Creating and populating zones	123
Adding and removing members of a zone	124
Renaming zones	124
Copying zones	124
Deleting zones	125
Managing zone configurations	125
Creating zone configurations	126
Adding or removing zone configuration members	127
Renaming zone configurations	127
Copying zone configurations	128
Deleting zone configurations	128
Enabling zone configurations	128
Disabling zone configurations	129
Displaying enabled zone configurations	129
Displaying zone configuration summaries	130
Creating configuration analysis reports	131
Displaying zones Initiator/Target accessibility	132
Managing the zoning database	133
Adding a WWN to multiple aliases and zones	133
Removing a WWN from multiple aliases and zones	133
Replacing a WWN in Multiple Aliases and Zones	134
Searching for zone members	134
Clearing the Zoning Database	134
Using Zoning Wizards	135
Best practices for zoning	137
Interoperability considerations for zoning	137
Monitoring Performance	139
In this chapter	139
Monitoring performance using Web Tools	139
Predefined performance graphs	140
User-defined graphs	143
Canvas configurations	143
Opening the Performance Monitoring window	143
Creating basic performance monitor graphs	144
Customizing basic monitoring graphs	144
Creating advanced performance monitoring graphs	146
Creating SID-DID Performance Graphs	146
Creating an SCSI vs. IP Traffic Graph	147
Creating SCSI Command Graphs	148
Creating AL_PA Error Graphs	149
Managing performance graphs	149
Saving graphs to a canvas	149
Adding graphs to an existing canvas	150
Printing a single graph	150
Printing all graphs in a canvas	150
Modifying graphs	151
Using the FC-FC Routing Service	153
In this chapter	153
Supported switches for fibre channel routing	153
About fibre channel routing	153
Setting up FC-FC routing	154
Managing FC-FC routing with Web Tools	155
Opening the FC Routing module	155
Viewing and managing LSAN fabrics	156
Viewing and configuring EX_Ports	157
Configuring an EX_Port	158
Editing the configuration of an EX_Port	159
Configuring FCR router port cost	159
Viewing and configuring LSAN zones	159
Viewing LSAN Devices	160
Configuring the backbone fabric ID	160
Working With Diagnostic Features	163
In this chapter	163
Managing trace dumps	163
How a trace dump is used	164
Setting up automatic trace dump transfers	164
Specifying a remote server	165
Enabling automatic transfer of trace dumps	165
Disabling automatic trace uploads	165
Displaying switch information	166
Viewing detailed fan hardware status	166
Viewing the temperature status	167
Viewing the power supply status	168
Checking the physical health of a switch	168
Interpreting port LEDs	170
Port icon colors	171
LED representations	171
Brocade 48000 Director LEDs	171
Administering Fabric Watch	173
In this chapter	173
Introduction to Fabric Watch	173
Using Fabric Watch with Web Tools	174
Opening the Fabric Watch window	175
Configuring Fabric Watch thresholds	175
Configuring threshold traits	175
Configuring threshold alarms	177
Enabling or disabling threshold alarms for individual elements	177
Configuring alarms for FRUs	178
Displaying Fabric Watch alarm information	179
Viewing an alarm configuration Report	179
Displaying alarms	179
Configuring email notifications	180
Configuring the email server on a switch	180
Configuring the email alert	180
Administering Extended Fabrics	183
In this chapter	183
About extended link buffer allocation	183
Configuring a port for long distance	185
Administering the iSCSI Target Gateway	187
In this chapter	187
Supported platforms for iSCSI	187
About the iSCSI service	187
Common Functions in the iSCSI Target Gateway Admin module	188
Terminology	189
Saving Changes	190
Setting up iSCSI Target Gateway Services	190
Launching the iSCSI Target Gateway Admin Module	191
Launching the iSCSI Setup wizard	192
Activating the iSCSI Feature	192
Configuring the IP Interface	192
Managing the iSCSI Virtual Targets	195
Viewing iSCSI Initiators	198
Managing Discovery Domains	198
Configuring CHAP	203
Configuring an iSCSI Fibre Channel Zone	204
Managing and Troubleshooting Accessibility	206
Using the Access Gateway	207
In this chapter	207
Introduction to Access Gateway	207
Enabling Access Gateway mode	207
Disabling Access Gateway mode	208
Viewing the Access Gateway settings	208
Modifying the port configuration	209
Creating port groups	209
Defining custom primary and secondary mapping	210
Changing Access Gateway policies	211
Path Failover and failback policies	212
Modifying Path Failover and failback policies	212
Enabling Automatic Port Configuration (APC)	212
Routing Traffic	213
In this chapter	213
About routing	213
Viewing FSPF routing	214
Configuring dynamic load sharing	214
Specifying frame order delivery	215
Configuring the link cost for a port	215
Using the FCIP Tunneling Service	217
In this chapter	217
Understanding the FCIP Tunneling Service	217
FCIP Wizard	217
FCIP-related features	218
IKE/IPSec	218
Configuring an FCIP interswitch/interfabric link	219
Configuring an IKE or IPSEC Policy	219
Configuring Virtual Ports	220
Interfaces, Routes, and Tunnels	221
Enabling Persistently Disabled Ports	223
Managing the FCIP tunneling service	223
Managing IP Interfaces for a GbE Port	223
Managing IP Routes for a GbE Port	225
Managing FCIP Tunnels	226
Configuring Standard Security Features	229
In this chapter	229
Creating and maintaining user-defined accounts	229
Viewing account information	231
Creating user-defined accounts	231
Deleting user-defined accounts	233
Changing account parameters	233
Maintaining passwords	234
Configuring access control list policies	237
Creating an SCC, DCC, or FCS policy	237
Editing an SCC, DCC, or FCS policy	238
Deleting an SCC, DCC, or FCS policy	238
Activating an SCC, DCC, or FCS policy	239
Distributing an FCS policy	239
Moving an FCS policy switch position	239
Configuring an authentication policy	239
Configuring authentication policies for E-Ports	240
Configuring authentication policies for F-Ports	240
Distributing authentication policies	240
Re-authenticating policies	241
Setting a shared secret key pair	241
Modifying a shared secret key pair	242
Configuring SNMP	242
Setting SNMP Trap Levels	242
Configuring SNMP Information	243
Managing RADIUS service	244
Enabling and Disabling RADIUS Service	246
Configuring the RADIUS Service	247
Modifying the RADIUS Server	247
Modifying the RADIUS Server Order	248
Removing a RADIUS Server	248
Managing Active Directory service	248
Enabling Active Directory service	248
Modifying Active Directory service	249
Removing Active Directory service	249
Administering FICON CUP Fabrics	251
In this chapter	251
About FICON CUP fabrics	251
Enabling port-based routing on the Brocade 4100, 5000, and 48000	252
Enabling or disabling FMS mode	253
Configuring FMS parameters	253
Displaying code page information	254
Viewing the control device state	255
Configuring CUP port connectivity	256
Viewing CUP Port Connectivity Configurations	256
Creating or Editing CUP Port Connectivity Configurations	257
Activating a CUP Port Connectivity Configuration	258
Copying a CUP Port Connectivity Configuration	258
Deleting a CUP Port Connectivity Configuration	259
Limitations	261
In this chapter	261
General Web Tools limitations	261

Match case Limit results 1 per page

Web Tools Administrator’s Guide

209

53-1000606-01

Chapter

Configuring Standard Security Features

In this chapter

This chapter contains the following information:

•

Creating and maintaining user-defined accounts. . . . . . . . . . . . . . . . . . . . 209

•

Configuring access control list policies . . . . . . . . . . . . . . . . . . . . . . . . . . . .

217

•

Configuring an authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

•

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

•

Managing RADIUS service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Creating and maintaining user-defined accounts

In addition to the default accounts—root, factory, admin, and user—Fabric OS supports up to 256

user-defined accounts in each logical switch (domain). These accounts expand your ability to track

account access and audit administrative activities.

Each user-defined account is associated with the following:

•

Admin Domain list—Specifies what Admin Domains a user account is allowed to log in to.

•

Home Admin Domain—Specified the Admin Domain that the user is logged in to by default. The

home Admin Domain must be a member of the user’s Admin Domain list.

•

Role—Determines functional access levels within the bounds of the user’s current Admin

Domain.

Access rights for any user session are determined both by the user’s role-based access rights and

by the contents of the currently selected Admin Domain. See

Chapter 1, “Introducing Web Tools”

for

additional information about Admin Domains and Role-Based Access Control (RBAC).

The

User

tab of the Switch Administration window (see

Figure 99

on page 211) displays account

information. You can create and manage accounts depending on your role:

TABLE 14

User role and permissions

Role

Permissions

admin

Create and manage all predefined and user-defined accounts

operator

Change your own password and cannot create, modify, or view predefined or

user-defined accounts

securityadmin

Create and manage all security roles.

switchadmin

Change your own password and cannot create, modify, or view predefined or

user-defined accounts

zoneadmin

Change your own password and cannot create, modify, or view predefined or

user-defined accounts