Brocade Communications Systems 53-1001763-02 User Manual
53-1001763-02
®
13 September 2010
Fabric OS
Administrator’s Guide
Supporting Fabric OS v6.4.0
Copyright © 2005-2010 Brocade Communications Systems, Inc. All Rights Reserved.
Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron,
SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health
are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their
respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with
respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that
accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other
open source license agreements. To find out which open source software is included in Brocade products, view the licensing
terms applicable to the open source software, and obtain a copy of the programming source code, please visit
http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Corporate and Latin American Headquarters
Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
Tel: 1-408-333-8000
Fax: 1-408-333-8101
E-mail: info@brocade.com
European Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour B - 4ème étage
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: emea-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
E-mail: china-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 – 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
E-mail: china-info@brocade.com
Document History
Title Publication number Summary of changes Date
Fabric OS Procedures Guide 53-0000518-02 First released edition. April 2003
Fabric OS Procedures Guide 53-0000518-03 Revised for Fabric OS v4.2.0. December 2003
Fabric OS Procedures Guide 53-0000518-04 Revised to include switch-specific
information.
Fabric OS Procedures Guide 53-0000518-05 Revised for Fabric OS v4.4.0. September 2004
Fabric OS Procedures Guide 53-0000518-06 Revised to add RADIUS and SSL
procedures.
Fabric OS Administrator’s Guide 53-0000518-07 Revised book title. Added information
about 200E, 4012, and 48000
switches.
Fabric OS Administrator’s Guide 53-1000043-01 Revised for Fabric OS v5.1.0. January 2006
March 2004
October 2004
April 2005
Title Publication number Summary of changes Date
Fabric OS Administrator’s Guide 53-1000043-02 Removed SilkWorm 4016 and 4020
from supported switches; FCIP chapter
updates.
Fabric OS Administrator’s Guide 53-1000239-01 Revised for Fabric OS v5.2.0 features.
Added new hardware platforms:
Brocade FC4-48 and FC4-16IP.
Fabric OS Administrator’s Guide 53-1000448-01 Added Fabric OS v5.3.0 features.
Added support for new hardware
platforms: Brocade 7600, FA4-18, and
FC10-6.
Fabric OS Administrator’s Guide 53-1000598-01 Added Fabric OS v6.0.0 features.
Added support for new hardware
platforms: Brocade DCX Backbone,
FC8-16, FC8-32, and FC8-48.
Fabric OS Administrator’s Guide 53-1000598-02 Changed “DCX” and “DCX director” to
the correct name: Brocade DCX
Backbone. Also, added the word
“director” to the 48000.
Fabric OS Administrator’s Guide 53-1000598-03 Added Fabric OS v6.1.0 features.
Added support for new hardware
platforms: Brocade 5300, 5100, and
300.
Fabric OS Administrator’s Guide 53-1000598-04 Updated document to streamline
content. No new hardware or Fabric OS
features.
Fabric OS Administrator’s Guide 53-1001185-01 Added Fabric OS v 6.2.0 software
features and support for new hardware
platforms: Brocade DCX-4S.
Fabric OS Administrator’s Guide 53-1001336-01 Added Fabric OS v6.3.0 software
features and support for new hardware
platforms.
Fabric OS Administrator’s Guide 53-1001336-02 Incorporate release notes from Fabric
OS v6.3.0 and v6.3.0a.
Fabric OS Administrator’s Guide 53-1001763-01 Added enhancements and new
features for Fabric OS v6.4.0. Added
support for the Brocade VA-40FC
hardware.
Fabric OS Administrator’s Guide 53-1001763-02 Corrected minor errors. Added
additional clarification in some places.
June 2006
September 2006
15 June 2007
19 October 2007
22 January 2008
12 March 2008
18 July 2008
24 November 2008
July 2009
November 2009
March 2010
September 2010
Fabric OS Administrator’s Guide iii
53-1001763-02
iv Fabric OS Administrator’s Guide
53-1001763-02
Contents
About This Document
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . xxxiv
What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Getting technical help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Section I Standard Features
Chapter 1 Understanding Fibre Channel Services
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
The Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Platform services in a Virtual Fabric. . . . . . . . . . . . . . . . . . . . . . . 5
Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Displaying the management server ACL. . . . . . . . . . . . . . . . . . . . 6
Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . . . 7
Viewing the contents of the management server database . . . . 8
Clearing the management server database . . . . . . . . . . . . . . . . 8
Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . . 9
Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Disabling topology discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Fabric OS Administrator’s Guide v
53-1001763-02
Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
E_Port login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Fabric login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
RSCN causes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2 Performing Basic Configuration Tasks
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . .16
Console sessions using the serial port. . . . . . . . . . . . . . . . . . . . 16
Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
The Ethernet interface on your switch. . . . . . . . . . . . . . . . . . . . . . . .20
Virtual Fabrics and the Ethernet interface. . . . . . . . . . . . . . . . .20
Displaying the network interface settings . . . . . . . . . . . . . . . . .21
Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Time zone settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . .31
Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Switch and enterprise-class platform shutdown. . . . . . . . . . . . . . . .31
Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Powering off a Brocade enterprise-class platform. . . . . . . . . . .32
Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
vi Fabric OS Administrator’s Guide
53-1001763-02
Chapter 3 Performing Advanced Configuration Tasks
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
PIDs and PID binding overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Port identification by slot and port number . . . . . . . . . . . . . . . . 41
Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . . 41
Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Port activation and deactivation. . . . . . . . . . . . . . . . . . . . . . . . . 42
Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Setting the same speed for all ports on the switch. . . . . . . . . . 44
Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .44
CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Port and application blade compatibility . . . . . . . . . . . . . . . . . .46
FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Blade swapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Verifying High Availability features (directors and enterprise-class
platforms only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Track and control switch changes . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Enabling the track changes feature . . . . . . . . . . . . . . . . . . . . . .56
Displaying the status of the track changes feature. . . . . . . . . .57
Viewing the switch status policy threshold values. . . . . . . . . . . 57
Setting the switch status policy threshold values . . . . . . . . . . .57
Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Auditable event classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Verifying host syslog prior to configuring the audit log . . . . . . . 60
Configuring an audit log for specific event classes . . . . . . . . . . 61
Fabric OS Administrator’s Guide vii
53-1001763-02
Chapter 4 Routing Traffic
About this chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Routing overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Path versus route selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Virtual Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . . .70
Inter-chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Supported topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Routing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Displaying the current routing policy . . . . . . . . . . . . . . . . . . . . . 74
Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
AP route policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Routing in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Static route assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Forcing in-order frame delivery across topology changes. . . . . 78
Restoring out-of-order frame delivery across topology changes78
Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . . .79
Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Configuring Lossless Dynamic Load Sharing. . . . . . . . . . . . . . .80
Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . . .80
Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . . .82
Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . . .82
Viewing redirect zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Chapter 5 Managing User Accounts
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Role-Based Access Control (RBAC) . . . . . . . . . . . . . . . . . . . . . . .84
The management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Local account database distribution . . . . . . . . . . . . . . . . . . . . . . . . .90
Distributing the local user database . . . . . . . . . . . . . . . . . . . . .90
Accepting distribution of user databases on the local switch .90
Rejecting distributed user databases on the local switch . . . . 90
viii Fabric OS Administrator’s Guide
53-1001763-02
Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Account lockout policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Setting the boot PROM password for a switch with a recovery string
95
Setting the boot PROM password for a director with a recovery string
96
Setting the boot PROM password for a switch without a recovery
string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Setting the boot PROM password for a director without a recovery
string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
The authentication model using RADIUS and LDAP . . . . . . . . . . . . .99
Setting the switch authentication mode . . . . . . . . . . . . . . . . .101
Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Fabric OS users on the RADIUS server. . . . . . . . . . . . . . . . . . .102
The RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
LDAP configuration and Microsoft Active Directory. . . . . . . . .111
Authentication servers on the switch . . . . . . . . . . . . . . . . . . . .114
Configuring local authentication as backup. . . . . . . . . . . . . . .115
Chapter 6 Configuring Protocols
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Setting up SCP for configUploads and downloads . . . . . . . . .119
Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .120
Secure Sockets Layer protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Browser and Java support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
SSL configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Certificate authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Root certificates for the Java Plug-in . . . . . . . . . . . . . . . . . . . .126
Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .127
SNMP and Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
The security level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
The snmpConfig command . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Telnet protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Blocking Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .131
Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Fabric OS Administrator’s Guide ix
53-1001763-02
Chapter 7 Configuring Security Policies
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .133
Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Saving changes without activating the policies . . . . . . . . . . . .135
Activating policy changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Adding a member to an existing ACL policy . . . . . . . . . . . . . . .136
Removing a member from an ACL policy . . . . . . . . . . . . . . . . .136
Aborting unsaved policy changes . . . . . . . . . . . . . . . . . . . . . . .136
FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .138
Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .139
FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
DCC policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
SCC policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .144
E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .147
AUTH policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148
Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .149
FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .150
Fabric-wide distribution of the Auth policy . . . . . . . . . . . . . . . .153
IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Deleting an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .157
Deleting a rule to an IP Filter policy . . . . . . . . . . . . . . . . . . . . .157
Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .157
IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
x Fabric OS Administrator’s Guide
53-1001763-02
Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .159
ACL policy distribution to other switches . . . . . . . . . . . . . . . . .160
Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .162
Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
IPsec protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Authentication and encryption algorithms . . . . . . . . . . . . . . . .167
IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
IKE policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Example of an End-to-End Transport Tunnel mode . . . . . . . . .172
Chapter 8 Maintaining the Switch Configuration File
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Uploading a configuration file in interactive mode . . . . . . . . .179
Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Configuration download without disabling a switch . . . . . . . .182
Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Downloading a configuration file from one switch to another same
model switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Configuration management for Virtual Fabrics. . . . . . . . . . . . . . . .184
Uploading a configuration file from a switch with Virtual Fabrics
enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
Restoring logical switch configuration using configDownload 185
Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Chapter 9 Installing and Maintaining Firmware
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .189
Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .190
Considerations for FICON CUP environments . . . . . . . . . . . . .191
HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .192
Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Finding the switch firmware version. . . . . . . . . . . . . . . . . . . . .193
Obtain and decompress firmware . . . . . . . . . . . . . . . . . . . . . .193
Fabric OS Administrator’s Guide xi
53-1001763-02
Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Switch firmware download process overview. . . . . . . . . . . . . .194
Firmware download on an enterprise-class platform . . . . . . . . . . .196
Enterprise-class platform firmware download process overview196
Firmware download from a USB device. . . . . . . . . . . . . . . . . . . . . .200
Enabling USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Downloading from USB using the relative path. . . . . . . . . . . .200
Downloading from USB using the absolute path. . . . . . . . . . .200
FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Public and Private Key Management . . . . . . . . . . . . . . . . . . . .201
The firmwareDownload Command . . . . . . . . . . . . . . . . . . . . . .201
Power-on Firmware Checksum Test . . . . . . . . . . . . . . . . . . . . .202
Test and restore firmware on switches . . . . . . . . . . . . . . . . . . . . . .203
Testing a different firmware version on a switch. . . . . . . . . . .203
Test and restore firmware on enterprise-class platforms. . . . . . . .204
Testing different firmware versions on enterprise-class platforms205
Validating a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Chapter 10 Managing Virtual Fabrics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .212
Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .212
Logical switches and connected devices . . . . . . . . . . . . . . . . .213
Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
Logical fabric and ISL sharing. . . . . . . . . . . . . . . . . . . . . . . . . .216
Management model for logical switches. . . . . . . . . . . . . . . . . . . . .219
Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .220
Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .220
Supported port configurations in the Brocade 5100, 5300, and VA-
40FC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220
Supported port configurations in the Brocade DCX and DCX-4S221
Virtual Fabrics interaction with other Fabric OS features . . . .221
Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .222
Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .223
Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Configuring logical switches to use basic configuration values. . .225
Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .225
Executing a command in a different logical fabric context . . . . . .227
xii Fabric OS Administrator’s Guide
53-1001763-02
Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Adding and removing ports on a logical switch. . . . . . . . . . . . . . . .229
Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .230
Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .230
Changing a logical switch to a base switch. . . . . . . . . . . . . . . . . . .231
Setting up IP addresses for a Virtual Fabric . . . . . . . . . . . . . . . . . .232
Removing an IP address for a Virtual Fabric . . . . . . . . . . . . . . . . . .232
Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .232
Changing the context to a different logical fabric . . . . . . . . . . . . . .233
Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .234
Chapter 11 Administering Advanced Zoning
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Special zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Zone configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Considerations for zoning architecture . . . . . . . . . . . . . . . . . .243
Best practices for zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .244
Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .245
High availability considerations with broadcast zones . . . . . .246
Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .246
Broadcast zones and default zoning . . . . . . . . . . . . . . . . . . . .246
Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . .247
Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .247
Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
Viewing an alias in the defined configuration . . . . . . . . . . . . .248
Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .249
Removing devices (members) from a zone . . . . . . . . . . . . . . .250
Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250
Viewing a zone in the defined configuration . . . . . . . . . . . . . .251
Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
Default zoning mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .252
Viewing the current default zone access mode. . . . . . . . . . . .253
Zoning database size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Fabric OS Administrator’s Guide xiii
53-1001763-02
Zoning configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Creating a zoning configuration . . . . . . . . . . . . . . . . . . . . . . . .254
Adding zones (members) to a zoning configuration . . . . . . . .254
Removing zones (members) from a zone configuration . . . . .255
Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .255
Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .256
Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .256
Clearing changes to a configuration. . . . . . . . . . . . . . . . . . . . .257
Viewing all zone configuration information . . . . . . . . . . . . . . .257
Viewing selected zone configuration information . . . . . . . . . .258
Viewing the configuration in the effective zone database . . .258
Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .258
Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Zoning configuration management . . . . . . . . . . . . . . . . . . . . . . . . .261
New switch or fabric additions . . . . . . . . . . . . . . . . . . . . . . . . .261
Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .263
Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264
Chapter 12 Traffic Isolation Zoning
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267
Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .267
TI zone failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .270
Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272
Traffic Isolation Zoning over FC routers. . . . . . . . . . . . . . . . . . . . . .273
TI within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
TI within a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .276
General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276
Supported configurations for Traffic Isolation Zoning . . . . . . . . . . 277
Additional configuration rules for enhanced TI zones. . . . . . .278
Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .278
Admin Domain considerations for Traffic Isolation Zoning . . . . . .279
Virtual Fabric considerations for Traffic Isolation Zoning. . . . . . . .279
Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .281
Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .284
Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
xiv Fabric OS Administrator’s Guide
53-1001763-02
Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Setting up TI over FCR (sample procedure). . . . . . . . . . . . . . . . . . .287
Chapter 13 Administering NPIV
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
Viewing NPIV port configuration information . . . . . . . . . . . . . . . . .294
Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .296
Chapter 14 Interoperability for Merged SANs
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Interoperability overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Connectivity solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298
Domain ID offset modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
Configuring the Domain_ID offset . . . . . . . . . . . . . . . . . . . . . .301
McDATA Fabric mode configuration restrictions . . . . . . . . . . . . . . .301
McDATA Open Fabric mode configuration restrictions . . . . . . . . . .302
Interoperability support for logical switches . . . . . . . . . . . . . . . . . .302
Switch configurations for interoperability . . . . . . . . . . . . . . . . . . . .303
Enabling McDATA Open Fabric mode . . . . . . . . . . . . . . . . . . . .303
Enabling McDATA Fabric mode . . . . . . . . . . . . . . . . . . . . . . . . .304
Enabling Brocade Native mode. . . . . . . . . . . . . . . . . . . . . . . . .305
Zone management in interoperable fabrics . . . . . . . . . . . . . . . . . .306
Zoning restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Zone name restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Zoning modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Setting the safe zone mode on a stand-alone switch . . . . . . .308
Setting the safe zone mode fabric-wide. . . . . . . . . . . . . . . . . .308
Disabling safe zone mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .308
Effective zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Saving the effective zone configuration to the Defined Database309
Frame Redirection in interoperable fabrics. . . . . . . . . . . . . . . . . . .310
Traffic Isolation zones in interoperable fabrics . . . . . . . . . . . . . . . . 310
Brocade SANtegrity implementation in mixed fabric SANS . . . . . .311
Fabric OS Layer 2 Fabric Binding . . . . . . . . . . . . . . . . . . . . . . .311
Fabric OS Administrator’s Guide xv
53-1001763-02
E_Port authentication between Fabric OS and M-EOS switches . . 311
Switch authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .313
Dumb switch authentication . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Authentication of EX_Port, VE_Port, and VEX_Port connections316
Authentication of VE_Port-to-VE_Port connections . . . . . . . . .317
Authentication of VEX_Port-to-VE_Port connections . . . . . . . .320
Authentication of VEX_Port-to-VEX_Port connections . . . . . . .321
FCR SANtegrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Fabric Binding behavior in a mixed fabric . . . . . . . . . . . . . . . .322
Translate domains do not have Preferred or Insistent Domain ID
behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Configuring the preferred domain ID and the insistent domain ID322
FICON implementation in a mixed fabric. . . . . . . . . . . . . . . . . . . . .323
Fabric OS version change restrictions in an interoperable environment
323
Coordinated Hot Code Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324
Bypassing the Coordinated HCL check on firmware download324
Coordinated HCL on switches firmware downloads . . . . . . . .325
Upgrade and downgrade considerations for HCL for interoperability
325
McDATA-aware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
McDATA-unaware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326
M-EOS feature limitations in mixed fabrics . . . . . . . . . . . . . . .328
Supported hardware in an interoperable environment . . . . . . . . .329
Supported features in an interoperable environment . . . . . . . . . .331
Unsupported features in an interoperable environment . . . . . . . .334
Chapter 15 Managing Administrative Domains
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .335
Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .337
Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .338
User-defined Administrative Domains . . . . . . . . . . . . . . . . . . .338
System-defined Administrative Domains . . . . . . . . . . . . . . . . .338
Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .341
Admin Domains and switch WWN. . . . . . . . . . . . . . . . . . . . . . .342
Admin Domain compatibility, availability, and merging . . . . . .344
xvi Fabric OS Administrator’s Guide
53-1001763-02
Admin Domain management for physical fabric administrators . .344
Setting the default zoning mode for Admin Domains . . . . . . .344
Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .345
User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .346
Removing an Admin Domain from a user account . . . . . . . . .348
Activating an Admin Domain. . . . . . . . . . . . . . . . . . . . . . . . . . .348
Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .349
Adding members to an existing Admin Domain . . . . . . . . . . . .349
Removing members from an Admin Domain . . . . . . . . . . . . . .350
Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .350
Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .351
Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .352
Deleting all user-defined Admin Domains non-disruptively . .352
Validating an Admin Domain member list . . . . . . . . . . . . . . . .356
SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .356
CLI commands in an AD context. . . . . . . . . . . . . . . . . . . . . . . .357
Executing a command in a different AD context . . . . . . . . . . .357
Displaying an Admin Domain configuration . . . . . . . . . . . . . . .358
Switching to a different Admin Domain context. . . . . . . . . . . .358
Admin Domain interactions with other Fabric OS features. . .359
Admin Domains, zones, and zone databases . . . . . . . . . . . . .360
Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .362
Configuration upload and download in an AD context . . . . . .362
Section II Licensed Features
Chapter 16 Administering Licensing
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
The Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . 371
ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371
ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Upgrade/downgrade considerations . . . . . . . . . . . . . . . . . . . .373
Adding a license to a slot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Removing a license from a slot . . . . . . . . . . . . . . . . . . . . . . . . .373
Time-based licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Configupload and download considerations . . . . . . . . . . . . . .374
Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Universal Time-based licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Universal Time-based license expiration date . . . . . . . . . . . . .374
Extending a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Deleting a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Date change restriction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Universal Time-based license shelf life . . . . . . . . . . . . . . . . . .375
Fabric OS Administrator’s Guide xvii
53-1001763-02
Viewing installed licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Activating a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Adding a licensed feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Removing a licensed feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377
Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377
Activating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Displaying the port license assignments . . . . . . . . . . . . . . . . .379
Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . .380
Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . .380
Reserving a port license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381
Releasing a port from a POD set. . . . . . . . . . . . . . . . . . . . . . . .382
Chapter 17 Monitoring Fabric Performance
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Advanced Performance Monitoring overview . . . . . . . . . . . . . . . . .383
Types of monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Virtual Fabrics considerations for Advanced Performance Monitoring
384
End-to-end performance monitoring . . . . . . . . . . . . . . . . . . . . . . . .385
End-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
Adding end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . .386
Setting a mask for an end-to-end monitor . . . . . . . . . . . . . . . .387
Deleting end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . .388
Frame monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389
Creating frame types to be monitored . . . . . . . . . . . . . . . . . . .390
Deleting frame types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
Adding frame monitors to a port. . . . . . . . . . . . . . . . . . . . . . . .391
Removing frame monitors from a port . . . . . . . . . . . . . . . . . . .391
Saving frame monitor configuration. . . . . . . . . . . . . . . . . . . . .391
Displaying frame monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
Clearing frame monitor counters . . . . . . . . . . . . . . . . . . . . . . .392
ISL performance monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393
Top Talker monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393
Adding a Top Talker monitor on an F_Port . . . . . . . . . . . . . . . .394
Adding Top Talker monitors on all switches in the fabric (fabric mode)
394
Displaying the top n bandwidth-using flows on an F_Port . . .395
Displaying top talking flows for a given domain ID (fabric mode)396
Deleting a Top Talker monitor on an F_Port . . . . . . . . . . . . . . .396
Deleting the fabric mode Top Talker monitors . . . . . . . . . . . . .396
Limitations of Top Talker monitors . . . . . . . . . . . . . . . . . . . . . .397
Trunk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397
Displaying end-to-end and ISL monitor counters . . . . . . . . . . . . . .397
Clearing end-to-end and ISL monitor counters . . . . . . . . . . . . . . . .398
Saving and restoring monitor configurations . . . . . . . . . . . . . . . . .399
xviii Fabric OS Administrator’s Guide
53-1001763-02
Performance data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Chapter 18 Optimizing Fabric Behavior
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401
Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401
Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402
Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .403
Disabling ingress rate limiting. . . . . . . . . . . . . . . . . . . . . . . . . .403
QoS: SID/DID traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . .403
License requirements for traffic prioritization . . . . . . . . . . . . .404
QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406
QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407
QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408
Virtual Fabric considerations for traffic prioritization . . . . . . .409
High availability considerations for traffic prioritization . . . . . 410
Supported configurations for traffic prioritization . . . . . . . . . . 410
Upgrade considerations for traffic prioritization . . . . . . . . . . .410
Limitations and restrictions for traffic prioritization . . . . . . . .413
Setting traffic prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414
Setting traffic prioritization over FC routers . . . . . . . . . . . . . . . . . .415
Disabling QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416
Bottleneck detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Supported configurations for bottleneck detection. . . . . . . . . 417
How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . . 417
Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . . 417
High availability considerations for bottleneck detection . . . . 417
Upgrade and downgrade considerations for bottleneck detection418
Trunking considerations for bottleneck detection . . . . . . . . . .418
Virtual Fabrics considerations for bottleneck detection . . . . .418
Access Gateway considerations for bottleneck detection. . . .418
Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . .419
Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .419
Displaying bottleneck detection configuration details . . . . . . . . . .420
Changing bottleneck alert parameters . . . . . . . . . . . . . . . . . . . . . .420
Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .422
Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .423
Chapter 19 Managing Trunking Connections
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
Criteria for managing trunking connections. . . . . . . . . . . . . . .426
Supported hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
Recommendations for trunking groups . . . . . . . . . . . . . . . . . . . . . .427
Fabric OS Administrator’s Guide xix
53-1001763-02
Basic trunk group configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Re-initializing ports for trunking . . . . . . . . . . . . . . . . . . . . . . . .428
Enabling Trunking on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Enabling Trunking on a switch . . . . . . . . . . . . . . . . . . . . . . . . .428
Displaying trunking information . . . . . . . . . . . . . . . . . . . . . . . .429
Trunking over long distance fabrics . . . . . . . . . . . . . . . . . . . . . . . . .430
F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431
Prerequisites for F_Port trunking . . . . . . . . . . . . . . . . . . . . . . .431
Enabling F_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
F_Port trunking in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . .432
F_Port trunking considerations for Virtual Fabrics . . . . . . . . .433
F_Port masterless trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433
F_Port masterless trunking considerations . . . . . . . . . . . . . . .435
Assigning a Trunk Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
Enabling the DCC policy on a Trunk Area . . . . . . . . . . . . . . . . .439
Chapter 20 Managing Long Distance Fabrics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .441
Long distance fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .441
Extended Fabrics device limitations . . . . . . . . . . . . . . . . . . . . . . . .442
Long distance link modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
Configuring an extended ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Enabling long distance when connecting to TDM devices . . .444
Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445
Buffer-to-Buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .445
Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .446
Fibre Channel gigabit values reference definition. . . . . . . . . .447
Allocating buffer credits based on full-size frames . . . . . . . . .447
Allocating buffer credits based on average-size frames . . . . .449
Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .450
Displaying the remaining buffers in a port group . . . . . . . . . .450
Buffer credits for each switch model . . . . . . . . . . . . . . . . . . . .451
Maximum configurable distances for Extended Fabrics . . . . .452
Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453
Chapter 21 Using the FC-FC Routing Service
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455
FC-FC routing service overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .455
Supported platforms for Fibre Channel routing. . . . . . . . . . . .456
Supported configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456
Integrated Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457
xx Fabric OS Administrator’s Guide
53-1001763-02
Fibre Channel routing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . .457
Proxy devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461
Routing types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461
Phantom domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462
Setting up the FC-FC routing service . . . . . . . . . . . . . . . . . . . . . . . .464
Verifying the setup for FC-FC routing . . . . . . . . . . . . . . . . . . . .464
Backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466
Assigning backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . .467
FCIP tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467
Inter-fabric link configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468
Configuring an IFL for both edge and backbone connections468
FC Router port cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Port cost considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .472
Setting router port cost for an EX_Port. . . . . . . . . . . . . . . . . . .473
EX_Port frame trunking configuration . . . . . . . . . . . . . . . . . . . . . . . 474
Masterless EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Supported configurations and platforms . . . . . . . . . . . . . . . . .475
Configuring EX_Port frame trunking . . . . . . . . . . . . . . . . . . . . . 476
Displaying EX_Port trunking information . . . . . . . . . . . . . . . . . 476
LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477
Use of Admin Domains with LSAN zones and FCR . . . . . . . . . 477
Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .477
LSAN zones and fabric-to-fabric communications. . . . . . . . . .478
Controlling device communication with the LSAN . . . . . . . . . .478
Setting the maximum LSAN count . . . . . . . . . . . . . . . . . . . . . .480
Configuring backbone fabrics for interconnectivity . . . . . . . . .481
HA and downgrade considerations for LSAN zones . . . . . . . .481
LSAN zone policies using LSAN tagging . . . . . . . . . . . . . . . . . .481
LSAN zone binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485
Proxy PID configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489
Fabric parameter considerations. . . . . . . . . . . . . . . . . . . . . . . . . . .489
Inter-fabric broadcast frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490
Displaying the current broadcast configuration. . . . . . . . . . . .490
Enabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .491
Disabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .491
Resource monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491
FC-FC Routing and Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . .492
Logical switch configuration for FC routing . . . . . . . . . . . . . . .493
Backbone-to-edge routing with Virtual Fabrics . . . . . . . . . . . .494
Upgrade and downgrade considerations for FC-FC routing . . . . . .495
How replacing port blades affects EX_Port configuration. . . .495
Displaying the range of output ports connected to xlate domains496
Appendix A M-EOS Migration Path to Fabric OS
In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497
Fabric OS Administrator’s Guide xxi
53-1001763-02
M-EOS fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497
McDATA Mi10K interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . .499
Fabric configurations for interconnectivity . . . . . . . . . . . . . . . . . . .499
Connectivity modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499
Configuring the FC router . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500
Configuring LSAN zones in the M-EOS fabric. . . . . . . . . . . . . .502
Correcting errors if LSAN devices appear in only one of the fabrics
502
Completing the configuration . . . . . . . . . . . . . . . . . . . . . . . . . .503
Appendix B Inband Management
In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505
Inband Management overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . .505
Internal Ethernet devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506
IP address and routing management . . . . . . . . . . . . . . . . . . . . . . .506
Setting the IP address for the 7500s. . . . . . . . . . . . . . . . . . . .507
Setting the IP address for the CP Inband Management interface507
Setting the IP address for the GE Inband Management interface507
Adding an Inband Management route on the CP . . . . . . . . . .507
Deleting an Inband Management route . . . . . . . . . . . . . . . . . .508
Viewing Inband Management IP addresses and routes . . . . .508
FIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509
Examples of supported configurations . . . . . . . . . . . . . . . . . . . . . .509
Configuring a Management Station on the same subnet . . . .509
Configuring a Management Station on different subnets. . . . 510
Appendix C Port Indexing
In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513
Port indexing on the Brocade 48000 director . . . . . . . . . . . . . . . .513
Port indexing on the Brocade DCX backbone . . . . . . . . . . . . . . . . .515
Port indexing on the Brocade DCX-4S backbone . . . . . . . . . . . . . . 517
Appendix D FIPS Support
In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521
FIPS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521
Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521
Power-up self tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522
Conditional tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522
FIPS mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523
LDAP in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524
LDAP certificates for FIPS mode . . . . . . . . . . . . . . . . . . . . . . . .526
xxii Fabric OS Administrator’s Guide
53-1001763-02
Preparing the switch for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527
Overview of steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527
Enabling FIPS mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528
Disabling FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529
Zeroizing for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530
Displaying FIPS configuration . . . . . . . . . . . . . . . . . . . . . . . . . .530
Appendix E Hexadecimal
Hexadecimal overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531
Example conversion of the hexadecimal triplet Ox616000 . . 531
Index
Fabric OS Administrator’s Guide xxiii
53-1001763-02
xxiv Fabric OS Administrator’s Guide
53-1001763-02
Figures
Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 3 Blade swap with Virtual Fabrics during the swap. . . . . . . . . . . . . . . . . . . . . . . . . 52
Figure 4 Blade swap with Virtual Fabrics after the swap . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Figure 5 Principal ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Figure 6 New switch added to existing fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Figure 7 Virtual Channels on a 1/2/4 Gbps ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Figure 8 Virtual Channels on an 8 Gbps ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Figure 9 Gateway link merges SAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Figure 10 DCX-4S allowed ICL connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Figure 11 ICL triangular topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Figure 12 Single Host and Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Figure 13 Windows 2000 VSA configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Figure 14 Example of a Brocade DCT file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Figure 15 Example of the dictiona.dcm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Figure 16 DH-CHAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Figure 17 Protected endpoints configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Figure 18 Gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Figure 19 Endpoint to gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Figure 20 Switch before and after enabling Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . 211
Figure 21 Switch before and after creating logical switches . . . . . . . . . . . . . . . . . . . . . . . 211
Figure 22 Fabric IDs assigned to logical switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Figure 23 Assigning ports to logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Figure 24 Logical switches connected to devices and non-Virtual Fabric switch . . . . . . . 214
Figure 25 Logical switches in a single chassis belong to separate fabrics . . . . . . . . . . . . 214
Figure 26 Logical switches connected to other logical switches through physical ISLs. . 215
Figure 27 Logical switches connected to form logical fabrics . . . . . . . . . . . . . . . . . . . . . . 215
Figure 28 Base switches connected by an XISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Figure 29 Logical ISLs connecting logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Figure 30 Logical fabric using ISLs and XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Figure 31 Example of logical fabrics in multiple chassis and XISLs . . . . . . . . . . . . . . . . . 234
Figure 32 Zoning example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Figure 33 Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Figure 34 Traffic Isolation zone creating a dedicated path through the fabric. . . . . . . . . 268
Figure 35 Fabric incorrectly configured for TI zone with failover disabled . . . . . . . . . . . . 270
Figure 36 Dedicated path is the only shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Fabric OS Administrator’s Guide xxv
53-1001763-02
Figure 37 Dedicated path is not the shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Figure 38 Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Figure 39 Illegal ETIZ configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Figure 40 Traffic Isolation Zoning over FCR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Figure 41 TI zone in an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Figure 42 TI zone in a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Figure 43 TI zone misconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Figure 44 Dedicated path with Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Figure 45 Creating a TI zone in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Figure 46 Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Figure 47 Example configuration for TI zones over FC routers in logical fabrics . . . . . . . 281
Figure 48 Logical representation of TI zones over FC routers in logical fabrics . . . . . . . . 282
Figure 49 TI over FCR example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Figure 50 Typical direct E_Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Figure 51 Fabric with two Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Figure 52 Filtered fabric views when using Admin Domains . . . . . . . . . . . . . . . . . . . . . . . 336
Figure 53 Fabric with AD0 and AD255. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Figure 54 Fabric showing switch and device WWNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Figure 55 Filtered fabric views showing converted switch WWNs . . . . . . . . . . . . . . . . . . . 343
Figure 56 AD0 and two user-defined Admin Domains, AD1 and AD2 . . . . . . . . . . . . . . . . 354
Figure 57 AD0 with three zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Figure 58 Setting end-to-end monitors on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Figure 59 Proper placement of end-to-end performance monitors . . . . . . . . . . . . . . . . . . 387
Figure 60 Mask positions for end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Figure 61 QoS traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Figure 62 QoS with E_Ports enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Figure 63 Traffic prioritization in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Figure 64 Distribution of traffic over ISL Trunking groups . . . . . . . . . . . . . . . . . . . . . . . . . 426
Figure 65 Trunk group configuration for the Brocade 5100 . . . . . . . . . . . . . . . . . . . . . . . 431
Figure 66 Switch in Access Gateway mode without F_Port trunking . . . . . . . . . . . . . . . . . 434
Figure 67 Switch in Access Gateway mode with F_Port masterless trunking. . . . . . . . . . 434
Figure 68 A metaSAN with inter-fabric links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Figure 69 A metaSAN with edge-to-edge and backbone fabrics and LSAN zones . . . . . . 459
Figure 70 Edge SANs connected through a backbone fabric. . . . . . . . . . . . . . . . . . . . . . . 460
Figure 71 MetaSAN with imported devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Figure 72 Sample topology (physical topology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Figure 73 EX_Port phantom switch topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Figure 74 Example of setting up Speed LSAN tag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Figure 75 LSAN zone binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Figure 76 EX_Ports in a base switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Figure 77 Logical representation of EX_Ports in a base switch . . . . . . . . . . . . . . . . . . . . . 494
Figure 78 Backbone-to-edge routing across base switch using FC router in legacy mode 495
xxvi Fabric OS Administrator’s Guide
53-1001763-02
Figure 79 Inband Management process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Figure 80 Management Station on same subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Figure 81 Management Station on a different subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Fabric OS Administrator’s Guide xxvii
53-1001763-02
xxviii Fabric OS Administrator’s Guide
53-1001763-02
Tables
Tab l e 1 Daemons that are automatically restarted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Tab l e 2 Default administrative account names and passwords . . . . . . . . . . . . . . . . . . . 19
Tab l e 3 Port numbering schemes for the Brocade 48000, Brocade DCX and DCX-4S
enterprise-class platforms 40
Tab l e 4 Brocade enterprise-class platform terminology and abbreviations . . . . . . . . . . 44
Tab l e 5 Port blades supported by each platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Tab l e 6 Blade compatibility within a Brocade DCX and DCX-4S backbone . . . . . . . . . . . 47
Tab l e 7 AuditCfg event class operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Tab l e 8 LED behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Tab l e 9 Combinations of routing policy and IOD with Lossless DLS enabled . . . . . . . . . 79
Tab l e 10 Fabric OS roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Tab l e 11 Permission types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Tab l e 1 2 RBAC permissions matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Tab l e 13 Maximum number of simultaneous sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Tab l e 14 Default local user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Tab l e 15 Authentication configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Tab l e 16 Syntax for VSA-based account roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Table 17 dictionary.brocade file entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Tab l e 1 8 Secure protocol support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Tab l e 19 Items needed to deploy secure protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Tab l e 2 0 Main security scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Tab l e 21 SSL certificate files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Tab l e 2 2 Blocked listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Tab l e 2 3 Access defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Tab l e 24 Port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Tab l e 2 5 Valid methods for specifying policy members . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Tab l e 2 6 FCS policy states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Tab l e 27 FCS switch operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Tab l e 2 8 Distribution policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Tab l e 2 9 DCC policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Tab l e 3 0 SCC policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Tab l e 31 FCAP certificate files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Tab l e 3 2 Supported services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Tab l e 3 3 Implicit IP Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Tab l e 3 4 Default IP policy rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Tab l e 3 5 Interaction between fabric-wide consistency policy and distribution settings . 159
Fabric OS Administrator’s Guide xxix
53-1001763-02
Tab l e 3 6 Supported policy databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Tab l e 37 Fabric-wide consistency policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Tab l e 3 8 Merging fabrics with matching fabric-wide consistency policies. . . . . . . . . . . . 163
Tab l e 3 9 Examples of strict fabric merges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Tab l e 4 0 Fabric merges with tolerant/absent combinations . . . . . . . . . . . . . . . . . . . . . . 164
Tab l e 41 Algorithms and associated authentication policies . . . . . . . . . . . . . . . . . . . . . . 168
Tab l e 4 2 CLI commands to display or modify switch configuration information . . . . . . . 181
Tab l e 4 3 Brocade configuration and connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Tab l e 4 4 Enterprise-class platform HA sync states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Tab l e 4 5 Blade and port types supported on logical switches . . . . . . . . . . . . . . . . . . . . . 221
Tab l e 4 6 Virtual Fabrics interaction with Fabric OS features . . . . . . . . . . . . . . . . . . . . . . 222
Tab l e 47 Maximum number of logical switches per chassis. . . . . . . . . . . . . . . . . . . . . . . 222
Tab l e 4 8 Types of zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Tab l e 4 9 Approaches to fabric-based zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Tab l e 5 0 Considerations for zoning architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Tab l e 51 Zone merging scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Tab l e 5 2 Comparison of traffic behavior when failover is enabled or disabled in TI zones 269
Tab l e 5 3 Number of supported NPIV devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Tab l e 5 4 Internal representations of ID domain offsets in IM2.. . . . . . . . . . . . . . . . . . . . 300
Tab l e 5 5 Internal representations of ID domain offsets in IM3.. . . . . . . . . . . . . . . . . . . . 300
Tab l e 5 6 Fabric OS switch authentication types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Tab l e 57 Fabric OS mode descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Tab l e 5 8 DH group types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Tab l e 5 9 Device authentication mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Tab l e 6 0 Switch authentication policy when all secrets are correct. . . . . . . . . . . . . . . . . 313
Tab l e 61 Switch authentication policy - Fabric OS switch with incorrect peer secret for M-EOS
switch 314
Tab l e 6 2 Switch authentication policy-M-EOS switch with the incorrect peer secret for Fabric OS
switch 315
Tab l e 6 3 Switch authentication policy when connected to an M-EOS dumb switch . . . . 316
Tab l e 6 4 VE_Port-to-VE_Port authentication policy with correct switch secret . . . . . . . . 317
Tab l e 6 5 VE_Port-to-VE_Port authentication policy with unknown switch secret . . . . . . 319
Tab l e 6 6 VEX_Port-to-VE_Port authentication policy with correct secrets . . . . . . . . . . . . 321
Tab l e 6 7 VEX_ Port-to-VE_Port authentication policy when secrets are not correct . . . . 321
Tab l e 6 8 McDATA-aware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Tab l e 6 9 McDATA-unaware features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Tab l e 7 0 Complete feature compatibility matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Tab l e 71 Fabric OS interoperability with M-EOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Tab l e 7 2 Supported Fabric OS features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Tab l e 7 3 AD user types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Tab l e 74 Ports and devices in CLI output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Tab l e 7 5 Admin Domain interaction with Fabric OS features . . . . . . . . . . . . . . . . . . . . . . 359
xxx Fabric OS Administrator’s Guide
53-1001763-02
Loading...