Home » HP Manuals » Storage Devices » HP StorageWorks 8/20q » Manual Viewer

HP StorageWorks 8/20q HP StorageWorks 8/20q Fibre Channel Switch command line - Page 98

Creating a group, Adding members to a group, Table 9

View all HP StorageWorks 8/20q manuals

Add to My Manuals
Save this manual to your list of manuals

Page 98 highlights

Creating a group Creating a group involves specifying a group name and a group type. There are three types of groups: • ISL group-secures connected switches • Port group-secures connected devices • MS group-secures management server commands To create a new port group, enter the group create command, as shown in the following example: 8/20q FC Switch (admin-security) #> group create group_port port Deleting a group To delete group_port from the security database, enter the group delete command, as shown in the following example: 8/20q FC Switch (admin-security) #> group delete group_port Renaming a group To rename group_port to port_1, enter the group rename command, as shown in the following example: 8/20q FC Switch (admin-security) #> group rename group_port port_1 Copying a group To copy the contents of an existing group (group_port) to a new group (port_1), enter the group copy command, as shown in the following example: 8/20q FC Switch (admin-security) #> group copy group_port port_1 Adding members to a group Adding a member to a group involves specifying a group, the member worldwide name, and the member attributes. The member attributes define the authentication method, encryption method, secrets, and fabric binding, depending on the group type. • For ISL member attributes, see Table 9. • For Port member attributes, see Table 10. • For MS member attributes, see Table 11. To add a member to a group, enter the group add command, as shown in the following example: 8/20q FC Switch #> admin start 8/20q FC Switch (admin) #> security edit 8/20q FC Switch (admin-security) #> group add Group_1 A list of attributes with formatting and default values will follow Enter a new value or simply press the ENTER key to accept the current value with exception of the Group Member WWN field which is mandatory. If you wish to terminate this process before reaching the end of the list press 'q' or 'Q' and the ENTER key to do so. Group Name Group_1 Group Type ISL Member (WWN) 10:00:00:c0:dd:00:90:a3 [00:00:00:00:00:00:00:00] Authentication (None / Chap) [None ] chap PrimaryHash (MD5 / SHA-1) [MD5 ] PrimarySecret (32 hex or 16 ASCII char value) [ ] 0123456789abcdef SecondaryHash (MD5 / SHA-1 / None) [None ] SecondarySecret (40 hex or 20 ASCII char value) [ ] Binding (domain ID 1-239, 0=None) [0 ] Finished configuring attributes. To discard this configuration use the security cancel command. 98 Device security configuration

Section	Page
Contents	3
About this guide	11
Intended audience	11
Related documentation	11
Document conventions and symbols	12
Table 1 Document conventions	12
HP technical support	13
Product warranties	13
Subscription service	13
HP web sites	13
Documentation feedback	13
Command line interface usage	15
Logging in to the switch through Telnet	15
Opening and closing an admin session	16
Entering commands	16
Table 2 Command-line completion	16
Getting help	17
Setting page breaks	17
Creating a support file	17
Downloading and uploading files	19
User account configuration	21
Table 3 Factory user accounts	21
Displaying user account information	21
Creating user accounts	22
Modifying user accounts and passwords	22
Network configuration	25
Displaying the network configuration	25
Configuring the Ethernet port	26
IPv4 configuration	26
IPv6 configuration	27
DNS server configuration	28
Verifying a switch in the network	28
Managing IP security	29
IP security concepts	29
Uses of security policies	29
Applying IP security	30
Displaying IP security information	30
Policy and association information	30
IP security configuration history	31
IP security configuration limits	31
Managing the security policy database	31
Creating a policy	32
Deleting a policy	32
Modifying a user-defined policy	33
Renaming a user-defined policy	34
Copying a policy	34
Managing the security association database	34
Creating an association	35
Deleting an association	35
Modifying a user-defined association	36
Renaming a user-defined association	37
Copying an association	37
Resetting the IP security configuration	37
Switch configuration	39
Displaying switch information	39
Name server information	40
Switch operational information	41
System process information	42
Elapsed time between resets	42
Configuration information	42
Switch configuration parameters	43
Zoning configuration parameters	43
Security configuration parameters	44
Hardware information	45
Table 4 Heartbeat LED activity	45
Firmware information	45
Managing switch services	46
Managing switch configurations	48
Displaying a list of switch configurations	48
Activating a switch configuration	48
Copying a switch configuration	48
Deleting a switch configuration	48
Modifying a switch configuration	49
Backing up and restoring a switch configuration	50
Creating the backup file	50
Downloading the configuration file	50
Restoring the configuration file	50
Paging a switch	51
Managing the date and time	51
Displaying the date and time	51
Setting the date and time explicitly	52
Setting the time through an NTP server	53
Resetting a switch	53
Table 5 Switch reset methods	53
Installing firmware	54
Non-disruptive activation	54
One-step firmware installation	55
Custom firmware installation	56
Testing a switch	56
Online tests for switches	57
Offline tests for switches	57
Connectivity tests for switches	57
Displaying switch test status	58
Canceling a switch test	58
Verifying and tracing Fibre Channel connections	59
Managing switch feature upgrades	59
Displaying feature licenses	59
Installing a feature license key	59
Managing idle session timers	60
Port configuration	61
Displaying port information	61
Port configuration parameters	61
Port operational information	62
Port threshold alarm configuration parameters	63
Port performance	64
Transceiver information	64
Modifying port operating characteristics	65
Configuring transparent routing	66
Port binding	68
Resetting a port	69
Configuring port threshold alarms	69
Testing a port	71
Online tests for ports	71
Offline tests for ports	72
Displaying port test results	72
Canceling a port test	72
Zoning configuration	73
Displaying zoning database information	73
Configured zone set information	74
Active zone set information	75
Merged zone set information	76
Edited zone set information	76
Zone set membership information	76
Zone membership information	77
Orphan zone information	77
Alias and alias membership information	78
Zoning modification history	78
Zoning database limits	79
Configuring the zoning database	79
Modifying the zoning database	81
Saving the active and merged zone sets	81
Resetting the zoning database	82
Deleting inactive zone sets, zones, and aliases	82
Managing zone sets	82
Creating a zone set	82
Deleting a zone set	82
Renaming a zone set	83
Copying a zone set	83
Adding zones to a zone set	83
Removing zones from a zone set	83
Activating a zone set	83
Deactivating a zone set	83
Managing zones	83
Creating a zone	84
Deleting a zone	84
Renaming a zone	84
Copying a zone	84
Adding members to a zone	84
Removing members from a zone	84
Managing aliases	85
Creating an alias	85
Deleting an alias	85
Renaming an alias	85
Copying an alias	85
Adding members to an alias	85
Removing members from an alias	86
Connection security configuration	87
Managing SSL and SSH services	87
Displaying SSL and SSH services	88
Creating an SSL security certificate	89
Device security configuration	91
Displaying security database information	91
Configured security set information	91
Active security set information	92
Security set membership information	93
Group membership information	93
Security database modification history	94
Security database limits	94
Configuring the security database	95
Modifying the security database	96
Resetting the security database	96
Managing security sets	96
Creating a security set	96
Deleting a security set	97
Renaming a security set	97
Copying a security set	97
Adding groups to a security set	97
Removing groups from a security set	97
Activating a security set	97
Deactivating a security set	97
Managing groups	97
Creating a group	98
Deleting a group	98
Renaming a group	98
Copying a group	98
Adding members to a group	98
Modifying a group member	99
Removing members from a group	99
RADIUS server configuration	101
Displaying RADIUS server information	101
Configuring a RADIUS server on the switch	102
Event log configuration	105
Starting and stopping event logging	105
Displaying the event log	106
Table 6 Event log message format	106
Filtering the event log display	107
Controlling messages in the output stream	107
Managing the event log configuration	107
Configuring the event log	107
Displaying the event log configuration	108
Restoring the event log configuration	108
Clearing the event log	108
Logging to a remote host	108
Creating and downloading a log file	109
Call Home configuration	111
Call Home concepts	111
Call Home requirements	111
Call Home messages	112
Technical support interface	113
Configuring the Call Home service	114
Managing the Call Home database	115
Displaying Call Home database information	116
Creating a profile	118
Deleting a profile	118
Modifying a profile	119
Renaming a profile	119
Copying a profile	119
Adding a data capture configuration	120
Modifying a data capture configuration	120
Deleting a data capture configuration	121
Testing a Call Home profile	121
Changing Simple Mail Transfer Protocol servers	121
Clearing the Call Home message queue	121
Resetting the Call Home database	122
Simple Network Management Protocol configuration	123
Managing the SNMP service	123
Displaying SNMP information	124
Modifying the SNMP configuration	125
Resetting the SNMP configuration	126
Managing the SNMP version 3 configuration	127
Creating an SNMP version 3 user account	128
Displaying SNMP version 3 user accounts	128
Modifying an SNMP version 3 user account	129
Command reference	131
Access authority	131
Syntax and operands	131
Notes and examples	131
admin	132
alias	133
callhome	135
Table 7 Call Home queue statistics parameters	136
capture	138
Table 8 Data capture configuration parameters	138
clone config port	141
config	142
create	145
date	147
exit	148
fcping	149
fctrace	150
feature	151
firmware install	152
group	154
Table 9 ISL group member attributes	154
Table 10 Port group member attributes	155
Table 11 MS group member attributes	155
Table 12 Group type parameters	156
Table 13 Group member attributes	156
hardreset	160
help	161
history	162
hotreset	163
image	164
ipsec	166
ipsec association	168
Table 14 Association configuration parameters	168
ipsec list	171
ipsec policy	174
Table 15 Policy configuration parameters	174
lip	177
logout	178
passwd	179
ping	180
profile	181
Table 16 Profile configuration parameters	181
ps	184
quit	185
reset	186
Table 17 Call Home service configuration defaults	188
Table 18 Switch configuration defaults	189
Table 19 Port configuration defaults	189
Table 20 Port threshold alarm configuration defaults	190
Table 21 Zoning configuration defaults	190
Table 22 SNMP configuration defaults	190
Table 23 RADIUS configuration defaults	191
Table 24 Switch services configuration defaults	191
Table 25 DNS host name configuration defaults	192
Table 26 IPv4 Ethernet configuration defaults	192
Table 27 IPv6 Ethernet configuration defaults	192
Table 28 Event logging configuration defaults	192
Table 29 NTP server configuration defaults	193
Table 30 Timer configuration defaults	193
Table 31 Security configuration defaults	193
security	194
securityset	197
set alarm	199
Table 32 Output stream alarm parameters	199
set beacon	200
Table 33 Beacon state parameters	200
set config port	201
Table 34 Port configuration parameters	201
set config security	204
Table 35 Security configuration parameters	204
set config security portbinding	205
Table 36 Port binding configuration parameters	205
set config switch	206
Table 37 Switch configuration parameters	206
set config threshold	208
Table 38 Port alarm threshold parameters	208
set config zoning	210
Table 39 Zoning configuration parameters	210
set log	211
Table 40 Component event monitoring filter parameters	211
Table 41 Event display filter parameters	212
Table 42 Severity level monitoring parameters	212
Table 43 Port monitoring parameters	212
set pagebreak	214
Table 44 Pagebreak state parameters	214
set port	215
Table 45 Transmission speed parameters	215
Table 46 Port administrative state parameters	215
set setup callhome	216
Table 47 Call Home service configuration attributes	216
set setup radius	218
Table 48 Common RADIUS server configuration attributes	218
Table 49 Server-specific RADIUS server configuration attributes	218
set setup services	221
Table 50 Switch services settings	221
set setup snmp	224
Table 51 Common SNMP configuration parameters	224
Table 52 SNMP trap configuration parameters	225
set setup system	227
Table 53 DNS host name configuration parameters	227
Table 54 IPv4 Ethernet configuration parameters	228
Table 55 IPv6 Ethernet configuration parameters	228
Table 56 Event logging configuration parameters	229
Table 57 NTP server configuration parameters	229
Table 58 Timer configuration parameters	230
set switch state	234
Table 59 Switch administrative state parameters	234
set timezone	235
show about	236
Table 60 Show about display entries	236
show alarm	238
show broadcast	239
show chassis	240
show config port	241
show config security	242
show config security portbinding	243
show config switch	244
show config threshold	245
show config zoning	246
show domains	247
show donor	248
show env	249
show fabric	250
show fdmi	251
show interface	252
show log	253
Table 61 Log monitoring components	253
Table 62 Event log display filter parameters	254
show lsdb	256
show media	257
Table 63 Transceiver information	258
show mem	260
show ns	261
Table 64 Name server display parameters	261
show pagebreak	262
show perf	263
show port	265
Table 65 Show port display entries	265
show postlog	269
show setup callhome	270
show setup mfg	271
show setup radius	272
show setup services	273
show setup snmp	274
show setup system	275
show steering	277
show switch	278
Table 66 Switch operational parameters	278
show system	280
show temp	281
show testlog	282
show timezone	283
show topology	284
show users	285
show version	286
Table 67 Show version display entries	286
show voltage	288
shutdown	289
snmpv3user	290
Table 68 SNMP version 3 user account parameters	290
test cancel	293
test port	294
Table 69 Offline port loopback types	294
Table 70 Port test parameters	294
test status	296
test switch	298
Table 71 Connectivity loopback types	298
Table 72 Offline loopback types	298
Table 73 Switch test parameters	298
uptime	300
user	301
whoami	303
zone	304
zoneset	307
zoning active	309
zoning cancel	310
zoning clear	311
zoning configured	312
zoning delete orphans	313
zoning edit	314
Table 74 Zoning database parameters	314
zoning edited	315
zoning history	316
zoning limits	317
Table 75 Zoning database limits	317
zoning list	318
zoning merged	319
zoning restore	320
zoning save	321

Match case Limit results 1 per page

Device security configuration

Creating a group

Creating a group involves specifying a group name and a group type. There are three types of groups:

•

ISL group—secures connected switches

•

Port group—secures connected devices

•

MS group—secures management server commands

To create a new port group, enter the

group create

command, as shown in the following example:

8/20q FC Switch (admin-security) #> group create group_port port

Deleting a group

To delete group_port from the security database, enter the

group delete

command, as shown in the

following example:

8/20q FC Switch (admin-security) #> group delete group_port

Renaming a group

To rename group_port to port_1, enter the

group rename

command, as shown in the following example:

8/20q FC Switch (admin-security) #> group rename group_port port_1

Copying a group

To copy the contents of an existing group (group_port) to a new group (port_1), enter the

group copy

command, as shown in the following example:

8/20q FC Switch (admin-security) #> group copy group_port port_1

Adding members to a group

Adding a member to a group involves specifying a group, the member worldwide name, and the member

attributes. The member attributes define the authentication method, encryption method, secrets, and fabric

binding, depending on the group type.

•

For ISL member attributes, see

Table 9

•

For Port member attributes, see

Table 10

•

For MS member attributes, see

Table 11

To add a member to a group, enter the

group add

command, as shown in the following example:

8/20q FC Switch #> admin start

8/20q FC Switch (admin) #> security edit

8/20q FC Switch (admin-security) #> group add Group_1

A list of attributes with formatting and default values will follow

Enter a new value or simply press the ENTER key to accept the current value

with exception of the Group Member WWN field which is mandatory.

If you wish to terminate this process before reaching the end of the list

press 'q' or 'Q' and the ENTER key to do so.

Group Name

Group_1

Group Type

ISL

Member

(WWN)

[00:00:00:00:00:00:00:00]

10:00:00:c0:dd:00:90:a3

Authentication

(None / Chap)

[None

] chap

PrimaryHash

(MD5 / SHA-1)

[MD5

]

PrimarySecret

(32 hex or 16 ASCII char value)

[

] 0123456789abcdef

SecondaryHash

(MD5 / SHA-1 / None)

[None

]

SecondarySecret (40 hex or 20 ASCII char value)

[

]

Binding

(domain ID 1-239, 0=None)

]

Finished configuring attributes.

To discard this configuration use the security cancel command.