Home » HP Manuals » Servers » HP Brocade 8/12c » Manual Viewer

HP Brocade 8/12c Brocade Web Tools Administrator's Guide v6.1.0 (53-1000606-02 - Page 231

Configuring access control list policies, Creating an SCC, DCC, or FCS policy

Add to My Manuals
Save this manual to your list of manuals

Page 231 highlights

Configuring access control list policies 18 Configuring access control list policies Support for the Access Control List (ACL) policies is currently defined in the Switch Connection Control (SCC) and Device Connection Control (DCC) policies. SCC and DCC policy configuration in base Fabric OS is performed on a switch-local basis. FCS Policy can be created only once. While creating the FCS policy, the local switch WWN is automatically included in the list. In the FCS list, the switch in the first position becomes the primary FCS switch. If the first switch in the FCS list is not reachable, the next switch becomes the primary switch. You can also explicitly specify the primary FCS switch. If there is no FCS policy, the defined and active list is blank. FIGURE 102 Security Policies tab for SCC/DCC/FCS policy configuration Admin Domain considerations ACL management can be done on AD255 and in AD0 only if there are no other user-defined Admin Domains. Both AD0 (when no other user-defined Admin Domains exist) and AD255 provide an unfiltered view of the fabric. Creating an SCC, DCC, or FCS policy You can create the FCS policy only once. 1. Open the Switch Administration window as described on page 31. 2. Click the Security Policies tab. 3. Select a policy by clicking on the appropriate tab (SCC, DCC, or FCS). Web Tools Administrator's Guide 219 53-1000606-02

Section	Page
Contents	5
About This Document	17
In this chapter	17
How this document is organized	17
Supported hardware and software	18
What’s new in this document	19
Document conventions	19
Text formatting	19
Notes, cautions, and warnings	20
Key terms	20
Additional information	20
Brocade resources	20
Other industry resources	21
Getting technical help	21
Document feedback	22
Introducing Web Tools	23
In this chapter	23
System requirements	23
Setting Refresh Frequency for Internet Explorer	24
Deleting temporary internet files used by Java applications	25
Installing Java on the workstation	26
Installing the JRE on your Solaris or Linux client workstation	26
Installing patches on Solaris	26
Installing the Java plug-in on Windows	27
Configuring the Java plug-in	27
Configuring the Java plug-in for Windows	27
Configuring the Java plug-in for Mozilla family browsers	28
Value line licenses	29
Opening Web Tools	30
Logging in	31
Logging out	34
Administrative domains	34
Admin Domains and login	35
Admin Domains and switch WWN	35
Admin Domains and zoning	35
Role-Based Access Control	36
Session management	36
Ending a Web Tools session	37
Requirements for IPv6 support	37
Using the Web Tools Interface	38
In this chapter	38
Viewing Switch Explorer	38
Tasks	40
Fabric Tree	40
Changing the Admin Domain context	41
Switch View buttons	42
Switch View	42
Switch Events and Switch Information	44
Displaying tool tips	44
Right-click options	45
Refresh rates	46
Displaying switches in the fabric	47
Working with Web Tools: recommendations	47
Opening a Telnet or SSH client window	48
Managing Fabrics and Switches	49
In this chapter	49
Managing fabrics and switches using Web Tools	49
Opening the Switch Administration window	51
Refreshing the Switch Administration window	51
Configuring IP and netmask information	51
Configuring a syslog IP address	52
Removing a syslog IP address	53
Setting Up IP Filtering	53
Managing blades	54
Enabling or disabling a blade	54
Configuring a switch	55
Enabling and disabling a switch	56
Changing the switch name	56
Changing the switch domain ID	56
Viewing and printing a switch report	57
Rebooting the switch	57
Performing a fast boot	57
Performing a reboot	57
Changing system configuration parameters	58
Configuring fabric settings	58
Enabling insistent domain ID mode	59
Configuring virtual channel settings	59
Configuring arbitrated loop parameters	60
Configuring system services	60
Configuring signed firmware	61
Managing licensed features	61
Activating a license on a switch	62
Removing a license from a switch	63
Administering High Availability	63
Launching the High Availability Window	63
Synchronizing Services on the CP	64
Initiating a CP Failover	65
Monitoring events	66
Displaying Fabric Events	66
Displaying Switch Events	67
Filtering Fabric and Switch Events	68
Filtering events by event severity levels	69
Filtering events by message ID	70
Filtering events by service component	70
Displaying a fabric summary report	70
Displaying the Name Server entries	71
Printing the Name Server entries	72
Displaying detailed Name Server information for a particular device	73
Displaying the zone members of a particular device	73
Physically locating a switch using beaconing	73
Maintaining Configurations and Firmware	74
In this chapter	74
Maintaining configurations	74
Creating a backup of a configuration file	75
Restoring a configuration	76
Performing a firmware download	77
Interoperability	79
Configuring interoperability	80
Managing Your Ports	81
In this chapter	81
Viewing and managing ports using Web Tools	81
Opening the Port Administration window	81
Port Administration window components	83
Identifying controllable ports	84
Configuring ports	85
Configuring FC ports	85
Configuring FCIP ports	87
Configuring GbE ports	88
Assigning a name to a port	88
Enabling and disabling a port	89
Persistent enabling and disabling ports	90
Enabling and disabling NPIV ports	90
Enabling NPIV ports	90
Disabling NPIV ports	91
Activating ports	91
Enabling Ports on Demand	92
Enabling Dynamic Ports on Demand	92
Disabling Dynamic Ports on Demand	93
Reserving and releasing licenses on a port basis	93
Swapping port index	93
Swapping ports	94
Determining if a port index has been swapped with another switch port	94
Managing Administrative Domains	96
In this chapter	96
About administrative domains	96
Requirements for Admin Domains	96
User-defined Admin Domains	97
System-defined Admin Domains	97
Admin Domain membership	98
Enabling administrative domains	98
Using the Admin Domain window	98
Opening the Admin Domain window	101
Refreshing fabric information	101
Refreshing Admin Domain information	101
Saving local admin domain changes	102
Closing the Admin Domain window	102
Creating and populating domains	103
Creating an Admin Domain	103
Activating or deactivating an Admin Domain	105
Managing administrative domains	106
Adding and removing members	106
Renaming Admin Domains	107
Deleting Admin Domains	107
Administering ISL Trunking	109
In this chapter	109
About ISL trunking	109
F_port trunk groups	109
Creating and maintaining F_port trunk groups	110
Disabling or reenabling trunking mode on a port	111
Viewing trunk group information	112
Monitoring Performance	113
In this chapter	113
Monitoring performance using Web Tools	113
Predefined performance graphs	114
User-defined graphs	117
Canvas configurations	117
Opening the Performance Monitoring window	117
Creating basic performance monitor graphs	118
Customizing basic monitoring graphs	118
Creating advanced performance monitoring graphs	120
Creating SID-DID Performance Graphs	120
Creating an SCSI vs. IP Traffic Graph	121
Creating SCSI Command Graphs	122
Creating AL_PA Error Graphs	123
Managing performance graphs	123
Saving graphs to a canvas	123
Adding graphs to an existing canvas	124
Printing a single graph	124
Printing all graphs in a canvas	125
Modifying graphs	125
Administering Zoning	126
In this chapter	126
Introducing zoning	126
Basic Zones	126
Traffic Isolation zones	126
Configuring zoning	127
Opening the Zone Administration window	127
Setting the default zoning mode	127
Managing zoning with Web Tools	128
Refreshing fabric information	129
Refreshing Zone Administration window information	130
Saving local zoning changes	130
Select a zoning view	131
Creating and populating zone aliases	132
Adding and removing members of a zone alias	132
Renaming zone aliases	133
Deleting zone aliases	133
Creating and populating zones	134
Adding and removing members of a zone	134
Renaming zones	135
Cloning zones	135
Deleting zones	135
Creating and populating traffic isolation zones	136
Managing zone configurations	136
Creating zone configurations	137
Adding or removing zone configuration members	138
Renaming zone configurations	138
Cloning zone configurations	139
Deleting zone configurations	139
Enabling zone configurations	139
Disabling zone configurations	140
Displaying enabled zone configurations	140
Displaying zone configuration summaries	141
Creating configuration analysis reports	142
Displaying zones Initiator/Target accessibility	143
Managing the zoning database	144
Adding a WWN to multiple aliases and zones	144
Removing a WWN from multiple aliases and zones	144
Replacing a WWN in Multiple Aliases and Zones	145
Searching for zone members	145
Clearing the Zoning Database	145
Using Zoning Wizards	146
Best practices for zoning	148
Interoperability considerations for zoning	148
Working With Diagnostic Features	149
In this chapter	149
Managing trace dumps	149
How a trace dump is used	150
Setting up automatic trace dump transfers	150
Specifying a remote server	151
Enabling automatic transfer of trace dumps	151
Disabling automatic trace uploads	151
Displaying switch information	152
Viewing detailed fan hardware status	152
Viewing the temperature status	153
Viewing the power supply status	154
Checking the physical health of a switch	154
Interpreting port LEDs	156
Port icon colors	157
LED representations	157
Brocade 48000 Director LEDs	157
Using the FC-FC Routing Service	159
In this chapter	159
Supported switches for Fibre Channel routing	159
About Fibre Channel routing	159
Setting up FC-FC routing	160
Managing FC-FC routing with Web Tools	161
Opening the FC Routing module	161
Viewing and managing LSAN fabrics	162
Viewing and configuring EX_Ports	163
Configuring an EX_Port	164
Editing the configuration of an EX_Port	165
Configuring FCR router port cost	165
Viewing and configuring LSAN zones	165
Viewing LSAN Devices	166
Configuring the backbone fabric ID	166
Administering Fabric Watch	168
In this chapter	168
Introduction to Fabric Watch	168
Using Fabric Watch with Web Tools	169
Opening the Fabric Watch window	170
Configuring Fabric Watch thresholds	170
Configuring threshold traits	170
Configuring threshold alarms	172
Enabling or disabling threshold alarms for individual elements	172
Configuring alarms for FRUs	173
Displaying Fabric Watch alarm information	174
Viewing an alarm configuration Report	174
Displaying alarms	174
Configuring email notifications	175
Configuring the email server on a switch	175
Configuring the email alert	175
Administering Extended Fabrics	177
In this chapter	177
About extended link buffer allocation	177
Configuring a port for long distance	179
Administering the iSCSI Target Gateway	181
In this chapter	181
Supported platforms for iSCSI	181
About the iSCSI service	181
Common Functions in the iSCSI Target Gateway Admin module	182
Terminology	183
Saving Changes	184
Setting up iSCSI Target Gateway Services	184
Launching the iSCSI Target Gateway Admin Module	185
Launching the iSCSI Setup wizard	186
Activating the iSCSI Feature	186
Configuring the IP Interface	186
Managing the iSCSI Virtual Targets	189
Viewing iSCSI Initiators	192
Managing Discovery Domains	192
Configuring CHAP	197
Configuring an iSCSI Fibre Channel Zone	198
Managing and Troubleshooting Accessibility	200
Using the Access Gateway	201
In this chapter	201
Introduction to Access Gateway	201
Enabling Access Gateway mode	201
Disabling Access Gateway mode	202
Viewing the Access Gateway settings	202
Modifying the port configuration	203
Creating port groups	203
Defining custom primary and secondary mapping	204
Changing Access Gateway policies	205
Path Failover and failback policies	206
Modifying Path Failover and failback policies	206
Enabling Automatic Port Configuration (APC)	206
Routing Traffic	207
In this chapter	207
About routing	207
Viewing FSPF routing	208
Configuring dynamic load sharing	208
Specifying frame order delivery	209
Configuring the link cost for a port	210
Using the FCIP Tunneling Service	211
In this chapter	211
Understanding the FCIP Tunneling Service	211
FCIP Wizard	211
FCIP-related features	212
IKE/IPSec	212
Configuring an FCIP interswitch/interfabric link	213
Configuring an IKE or IPSEC Policy	213
Configuring Virtual Ports	214
Interfaces, Routes, and Tunnels	214
Enabling Persistently Disabled Ports	217
Managing the FCIP tunneling service	217
Managing IP Interfaces for a GbE Port	217
Managing IP Routes for a GbE Port	219
Managing FCIP Tunnels	220
Configuring Standard Security Features	223
In this chapter	223
Creating and maintaining user-defined accounts	223
Viewing account information	225
Creating user-defined accounts	225
Deleting user-defined accounts	227
Changing account parameters	227
Maintaining passwords	228
Configuring access control list policies	231
Creating an SCC, DCC, or FCS policy	231
Editing an SCC, DCC, or FCS policy	232
Deleting an SCC, DCC, or FCS policy	232
Activating an SCC, DCC, or FCS policy	233
Distributing an FCS policy	233
Moving an FCS policy switch position	233
Configuring an authentication policy	233
Configuring authentication policies for E-Ports	234
Configuring authentication policies for F-Ports	234
Distributing authentication policies	234
Re-authenticating policies	235
Setting a shared secret key pair	235
Modifying a shared secret key pair	236
Configuring SNMP	236
Setting SNMP Trap Levels	236
Changing the systemGroup configuration parameters	237
Setting SNMPv1 configuration parameters	238
Setting SNMPv3 configuration parameters	238
Changing the access control configuration	238
Managing RADIUS service	238
Enabling and Disabling RADIUS Service	240
Configuring the RADIUS Service	241
Modifying the RADIUS Server	241
Modifying the RADIUS Server Order	242
Removing a RADIUS Server	242
Managing Active Directory service	242
Enabling Active Directory service	242
Modifying Active Directory service	243
Removing Active Directory service	243
Administering FICON CUP Fabrics	244
In this chapter	244
About FICON CUP fabrics	244
Enabling port-based routing	245
Enabling or disabling FMS mode	246
Configuring FMS parameters	246
Displaying code page information	247
Viewing the control device state	248
Configuring CUP port connectivity	249
Viewing CUP Port Connectivity Configurations	249
Creating or Editing CUP Port Connectivity Configurations	250
Activating a CUP Port Connectivity Configuration	251
Copying a CUP Port Connectivity Configuration	251
Deleting a CUP Port Connectivity Configuration	252
Displaying Request Node Identification Data (RNID)	252
Limitations	254
In this chapter	254
General Web Tools limitations	254