Home » HP Manuals » Storage Devices » HP StorageWorks 8/20q » Manual Viewer

HP StorageWorks 8/20q HP StorageWorks 8/20q Fibre Channel Switch command line - Page 77

Device security configuration, Displaying security database information

View all HP StorageWorks 8/20q manuals

Add to My Manuals
Save this manual to your list of manuals

Page 77 highlights

8 Device security configuration This section describes the following tasks: • Displaying security database information, page 77 • Configuring the security database, page 81 • Modifying the security database, page 82 • Resetting the security database, page 82 • Managing security sets, page 82 • Managing groups, page 83 Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands. Device security is defined through the use of security sets and groups. A group is a list of device WWNs that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (port), and a third for devices that issue management server commands (MS). A security set is a set of up to three groups with no more than one of each group type. The security database is made up of all security sets on the switch. In addition to providing authorization, the switch can be configured to require authentication to validate the identity of the connecting switch, device, or host. Authentication can be performed locally using the switch's security database, or remotely using a RADIUS server such as Microsoft RADIUS. Displaying security database information You can display the following information about the security database: • Configured security set information, page 77 • Active security set information, page 78 • Security set membership information, page 79 • Group membership information, page 79 • Security database modification history, page 80 • Security database limits, page 80 Configured security set information The securityset list and the security list commands display information about all security sets in the security database. To display a list of the security sets, enter the securityset list command, as shown in the following example: 8/20q FC Switch #> securityset list Current list of SecuritySets alpha beta 8/20q Fibre Channel Switch command line interface guide 77

Section	Page
Contents	3
About this guide	11
Intended audience	11
Related documentation	11
Document conventions and symbols	12
Table 1 Document conventions	12
HP technical support	13
Product warranties	13
Subscription service	13
HP web sites	13
Documentation feedback	13
Command line interface usage	15
Logging in to the switch through Telnet	15
Opening and closing an admin session	16
Entering commands	16
Table 2 Command-line completion	16
Getting help	16
Setting page breaks	17
Creating a support file	17
Downloading and uploading files	18
User account configuration	21
Table 3 Factory user accounts	21
Displaying user account information	21
Creating user accounts	22
Modifying user accounts and passwords	22
Network and fabric configuration	25
Displaying name server information	26
Displaying the Ethernet network configuration	26
Configuring the Ethernet port	27
Verifying a switch in the network	27
Switch configuration	29
Displaying switch information	29
Switch operational information	30
System process information	31
Elapsed time between resets	31
Configuration information	31
Switch configuration parameters	32
Zoning configuration parameters	32
Security configuration parameters	33
Hardware information	34
Table 4 Heartbeat LED activity	34
Firmware information	34
Managing switch services	35
Managing switch configurations	37
Displaying a list of switch configurations	37
Activating a switch configuration	37
Copying a switch configuration	37
Deleting a switch configuration	37
Modifying a switch configuration	38
Backing up and restoring a switch configuration	39
Creating the backup file	39
Downloading the configuration file	39
Restoring the configuration file	39
Paging a switch	40
Managing the date and time	40
Displaying the date and time	40
Setting the date and time explicitly	41
Setting the time through an NTP server	42
Resetting a switch	42
Table 5 Switch reset methods	42
Installing firmware	43
Non-disruptive activation	43
One-step firmware installation	44
Custom firmware installation	45
Testing a switch	45
Online tests for switches	46
Offline tests for switches	46
Connectivity tests for switches	46
Displaying switch test status	47
Canceling a switch test	47
Managing switch feature upgrades	48
Displaying feature licenses	48
Installing a feature license key	48
Port configuration	49
Displaying port information	49
Port configuration parameters	49
Port operational information	50
Port threshold alarm configuration parameters	51
Port performance	52
Modifying port operating characteristics	53
Port binding	54
Resetting a port	55
Configuring port threshold alarms	55
Testing a port	57
Online tests for ports	57
Offline tests for ports	58
Displaying port test results	58
Canceling a port test	58
Zoning configuration	59
Displaying zoning database information	59
Configured zone set information	60
Active zone set information	61
Merged zone set information	62
Edited zone set information	62
Zone set membership information	62
Zone membership information	63
Orphan zone information	63
Alias and alias membership information	64
Zoning modification history	64
Zoning database limits	65
Configuring the zoning database	65
Modifying the zoning database	67
Saving the active and merged zone sets	67
Resetting the zoning database	68
Deleting inactive zone sets, zones, and aliases	68
Managing zone sets	68
Creating a zone set	68
Deleting a zone set	68
Renaming a zone set	69
Copying a zone set	69
Adding zones to a zone set	69
Removing zones from a zone set	69
Activating a zone set	69
Deactivating a zone set	69
Managing zones	69
Creating a zone	70
Deleting a zone	70
Renaming a zone	70
Copying a zone	70
Adding members to a zone	70
Removing members from a zone	70
Managing aliases	71
Creating an alias	71
Deleting an alias	71
Renaming an alias	71
Copying an alias	71
Adding members to an alias	71
Removing members from an alias	72
Connection security configuration	73
Managing SSL and SSH services	73
Displaying SSL and SSH services	74
Creating an SSL security certificate	75
Device security configuration	77
Displaying security database information	77
Configured security set information	77
Active security set information	78
Security set membership information	79
Group membership information	79
Security database modification history	80
Security database limits	80
Configuring the security database	81
Modifying the security database	82
Resetting the security database	82
Managing security sets	82
Creating a security set	82
Deleting a security set	83
Renaming a security set	83
Copying a security set	83
Adding groups to a security set	83
Removing groups from a security set	83
Activating a security set	83
Deactivating a security set	83
Managing groups	83
Creating a group	84
Deleting a group	84
Renaming a group	84
Copying a group	84
Adding members to a group	84
Modifying a group member	85
Removing members from a group	85
RADIUS server configuration	87
Displaying RADIUS server information	87
Configuring a RADIUS server on the switch	88
Event log configuration	89
Starting and stopping event logging	89
Displaying the event log	90
Table 6 Event log message format	90
Filtering the event log display	91
Controlling messages in the output stream	91
Managing the event log configuration	91
Configuring the event log	91
Displaying the event log configuration	92
Restoring the event log configuration	92
Clearing the event log	92
Logging to a remote host	92
Creating and downloading a log file	93
Call Home configuration	95
Call Home concepts	95
Call Home requirements	95
Call Home messages	96
Configuring the Call Home service	98
Managing the Call Home database	99
Displaying Call Home database information	100
Creating a profile	102
Deleting a profile	102
Modifying a profile	103
Renaming a profile	103
Copying a profile	103
Testing a Call Home profile	104
Changing Simple Mail Transfer Protocol servers	104
Clearing the Call Home message queue	104
Resetting the Call Home database	104
Simple Network Management Protocol configuration	105
Managing the SNMP service	105
Displaying SNMP information	106
Modifying the SNMP configuration	107
Resetting the SNMP configuration	107
Command reference	109
Access authority	109
Syntax and operands	109
Notes and examples	109
admin	110
alias	111
callhome	113
Table 7 Call Home queue statistics parameters	114
config	116
create	119
date	121
exit	122
feature	123
firmware install	124
group	126
Table 8 ISL group member attributes	126
Table 9 Port group member attributes	127
Table 10 MS group member attributes	127
Table 11 Group type parameters	128
Table 12 Group member attributes	128
hardreset	132
help	133
history	134
hotreset	135
image	136
lip	138
logout	139
passwd	140
ping	141
profile	142
Table 13 Profile configuration parameters	142
ps	145
quit	146
reset	147
Table 14 Call Home service configuration defaults	149
Table 15 Switch configuration defaults	149
Table 16 Port configuration defaults	149
Table 17 Port threshold alarm configuration defaults	150
Table 18 Zoning configuration defaults	151
Table 19 SNMP configuration defaults	151
Table 20 RADIUS configuration defaults	151
Table 21 Switch services configuration defaults	152
Table 22 System configuration defaults	152
Table 23 Security configuration defaults	153
security	154
securityset	157
set alarm	159
Table 24 Output stream alarm parameters	159
set beacon	160
Table 25 Beacon state parameters	160
set config port	161
Table 26 Port configuration parameters	161
set config security	164
Table 27 Security configuration parameters	164
set config security portbinding	165
Table 28 Port binding configuration parameters	165
set config switch	166
Table 29 Switch configuration parameters	166
set config threshold	168
Table 30 Port alarm threshold parameters	168
set config zoning	170
Table 31 Zoning configuration parameters	170
set log	171
Table 32 Component event monitoring filter parameters	171
Table 33 Event display filter parameters	172
Table 34 Severity level monitoring parameters	172
Table 35 Port monitoring parameters	172
set pagebreak	174
Table 36 Pagebreak state parameters	174
set port	175
Table 37 Transmission speed parameters	175
Table 38 Port administrative state parameters	175
set setup callhome	176
Table 39 Call Home service configuration attributes	176
set setup radius	178
Table 40 RADIUS service attributes	178
set setup services	180
Table 41 Switch services settings (Continued)	180
set setup snmp	183
Table 42 SNMP configuration settings	183
set setup system	185
Table 43 System configuration settings	185
set switch state	187
Table 44 Switch administrative state parameters	187
set timezone	188
show about	189
Table 45 Show about display entries	189
show alarm	190
show broadcast	191
show chassis	192
show config port	193
show config security	194
show config security portbinding	195
show config switch	196
show config threshold	197
show config zoning	198
show domains	199
show donor	200
show fabric	201
show fdmi	202
show interface	203
show log	204
Table 46 Log monitoring components	204
Table 47 Event log display filter parameters	205
show lsdb	207
show mem	208
show ns	209
Table 48 Name server display parameters	209
show pagebreak	210
show perf	211
show port	213
Table 49 Show Port parameters	213
show postlog	217
show setup callhome	218
show setup mfg	219
show setup radius	220
show setup services	221
show setup snmp	222
show setup system	223
show steering	224
show switch	225
Table 50 Switch operational parameters	225
show testlog	227
show timezone	228
show topology	229
show users	230
show version	231
Table 51 Show version display entries	231
shutdown	232
test cancel	233
test port	234
Table 52 Offline port loopback types	234
Table 53 Port test parameters	234
test status	236
test switch	238
Table 54 Connectivity loopback types	238
Table 55 Offline loopback types	238
Table 56 Switch test parameters	238
uptime	240
user	241
whoami	243
zone	244
zoneset	247
zoning active	249
zoning cancel	250
zoning clear	251
zoning configured	252
zoning delete orphans	253
zoning edit	254
Table 57 Zoning database parameters	254
zoning edited	255
zoning history	256
zoning limits	257
Table 58 Zoning database limits	257
zoning list	258
zoning merged	259
zoning restore	260
zoning save	261

Match case Limit results 1 per page

8/20q Fibre Channel Switch command line interface guide

Device security configuration

This section describes the following tasks:

•

Displaying security database information

, page 77

•

Configuring the security database

, page 81

•

Modifying the security database

, page 82

•

Resetting the security database

, page 82

•

Managing security sets

, page 82

•

Managing groups

, page 83

Device security provides for the authorization and authentication of devices that you attach to a switch. You

can configure a switch with a group of devices against which the switch authorizes new attachments by

devices, other switches, or devices issuing management server commands.

Device security is defined through the use of security sets and groups. A group is a list of device WWNs

that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL),

another for devices (port), and a third for devices that issue management server commands (MS). A

security set is a set of up to three groups with no more than one of each group type. The security database

is made up of all security sets on the switch.

In addition to providing authorization, the switch can be configured to require authentication to validate

the identity of the connecting switch, device, or host. Authentication can be performed locally using the

switch’s security database, or remotely using a RADIUS server such as Microsoft RADIUS.

Displaying security database information

You can display the following information about the security database:

•

Configured security set information

, page 77

•

Active security set information

, page 78

•

Security set membership information

, page 79

•

Group membership information

, page 79

•

Security database modification history

, page 80

•

Security database limits

, page 80

Configured security set information

The

securityset list

and the

security list

commands display information about all security

sets in the security database.

To display a list of the security sets, enter the

securityset list

command, as shown in the following

example:

8/20q FC Switch #> securityset list

Current list of SecuritySets

----------------------------

alpha

beta