Brocade Communications Systems 53-1001763-02 User Manual

Download

Page 1

53-1001763-02

13 September 2010

Fabric OS

Administrator’s Guide

Supporting Fabric OS v6.4.0

Page 2

Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.

The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Corporate and Latin American Headquarters Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: info@brocade.com

European Headquarters Brocade Communications Switzerland Sàrl Centre Swissair Tour B - 4ème étage 29, Route de l'Aéroport Case Postale 105 CH-1215 Genève 15 Switzerland Tel: +41 22 799 5640 Fax: +41 22 799 5641 E-mail: emea-info@brocade.com

Asia-Pacific Headquarters Brocade Communications Systems China HK, Ltd. No. 1 Guanghua Road Chao Yang District Units 2718 and 2818 Beijing 100020, China Tel: +8610 6588 8888 Fax: +8610 6588 9999 E-mail: china-info@brocade.com

Asia-Pacific Headquarters Brocade Communications Systems Co., Ltd. (Shenzhen WFOE) Citic Plaza No. 233 Tian He Road North Unit 1308 – 13th Floor Guangzhou, China Tel: +8620 3891 2000 Fax: +8620 3891 2111 E-mail: china-info@brocade.com

Document History

Title Publication number Summary of changes Date

Fabric OS Procedures Guide 53-0000518-02 First released edition. April 2003

Fabric OS Procedures Guide 53-0000518-03 Revised for Fabric OS v4.2.0. December 2003

Fabric OS Procedures Guide 53-0000518-04 Revised to include switch-specific

information.

Fabric OS Procedures Guide 53-0000518-05 Revised for Fabric OS v4.4.0. September 2004

Fabric OS Procedures Guide 53-0000518-06 Revised to add RADIUS and SSL

procedures.

Fabric OS Administrator’s Guide 53-0000518-07 Revised book title. Added information

about 200E, 4012, and 48000 switches.

Fabric OS Administrator’s Guide 53-1000043-01 Revised for Fabric OS v5.1.0. January 2006

March 2004

October 2004

April 2005

Page 3

Title Publication number Summary of changes Date

Fabric OS Administrator’s Guide 53-1000043-02 Removed SilkWorm 4016 and 4020

from supported switches; FCIP chapter updates.

Fabric OS Administrator’s Guide 53-1000239-01 Revised for Fabric OS v5.2.0 features.

Added new hardware platforms: Brocade FC4-48 and FC4-16IP.

Fabric OS Administrator’s Guide 53-1000448-01 Added Fabric OS v5.3.0 features.

Added support for new hardware platforms: Brocade 7600, FA4-18, and FC10-6.

Fabric OS Administrator’s Guide 53-1000598-01 Added Fabric OS v6.0.0 features.

Added support for new hardware platforms: Brocade DCX Backbone, FC8-16, FC8-32, and FC8-48.

Fabric OS Administrator’s Guide 53-1000598-02 Changed “DCX” and “DCX director” to

the correct name: Brocade DCX Backbone. Also, added the word “director” to the 48000.

Fabric OS Administrator’s Guide 53-1000598-03 Added Fabric OS v6.1.0 features.

Added support for new hardware platforms: Brocade 5300, 5100, and

300.

Fabric OS Administrator’s Guide 53-1000598-04 Updated document to streamline

content. No new hardware or Fabric OS features.

Fabric OS Administrator’s Guide 53-1001185-01 Added Fabric OS v 6.2.0 software

features and support for new hardware platforms: Brocade DCX-4S.

Fabric OS Administrator’s Guide 53-1001336-01 Added Fabric OS v6.3.0 software

features and support for new hardware platforms.

Fabric OS Administrator’s Guide 53-1001336-02 Incorporate release notes from Fabric

OS v6.3.0 and v6.3.0a.

Fabric OS Administrator’s Guide 53-1001763-01 Added enhancements and new

features for Fabric OS v6.4.0. Added support for the Brocade VA-40FC hardware.

Fabric OS Administrator’s Guide 53-1001763-02 Corrected minor errors. Added

additional clarification in some places.

June 2006

September 2006

15 June 2007

19 October 2007

22 January 2008

12 March 2008

18 July 2008

24 November 2008

July 2009

November 2009

March 2010

September 2010

Fabric OS Administrator’s Guide iii 53-1001763-02

Page 4

iv Fabric OS Administrator’s Guide

53-1001763-02

Page 5

About This Document

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . xxxiv

What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii

Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii

Getting technical help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii

Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix

Section I Standard Features

Chapter 1 Understanding Fibre Channel Services

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

The Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Platform services in a Virtual Fabric. . . . . . . . . . . . . . . . . . . . . . . 5

Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Displaying the management server ACL. . . . . . . . . . . . . . . . . . . . 6

Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . . . 7

Viewing the contents of the management server database . . . . 8

Clearing the management server database . . . . . . . . . . . . . . . . 8

Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . . 9

Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Disabling topology discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Fabric OS Administrator’s Guide v 53-1001763-02

Page 6

Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

E_Port login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Fabric login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

RSCN causes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 2 Performing Basic Configuration Tasks

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . .16

Console sessions using the serial port. . . . . . . . . . . . . . . . . . . . 16

Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

The Ethernet interface on your switch. . . . . . . . . . . . . . . . . . . . . . . .20

Virtual Fabrics and the Ethernet interface. . . . . . . . . . . . . . . . .20

Displaying the network interface settings . . . . . . . . . . . . . . . . .21

Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Time zone settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . .31

Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Switch and enterprise-class platform shutdown. . . . . . . . . . . . . . . .31

Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Powering off a Brocade enterprise-class platform. . . . . . . . . . .32

Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

vi Fabric OS Administrator’s Guide

53-1001763-02

Page 7

Chapter 3 Performing Advanced Configuration Tasks

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

PIDs and PID binding overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Port identification by slot and port number . . . . . . . . . . . . . . . . 41

Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . . 41

Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Port activation and deactivation. . . . . . . . . . . . . . . . . . . . . . . . . 42

Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

Setting the same speed for all ports on the switch. . . . . . . . . . 44

Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .44

CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Port and application blade compatibility . . . . . . . . . . . . . . . . . .46

FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Blade swapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Verifying High Availability features (directors and enterprise-class

platforms only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

Track and control switch changes . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Enabling the track changes feature . . . . . . . . . . . . . . . . . . . . . .56

Displaying the status of the track changes feature. . . . . . . . . .57

Viewing the switch status policy threshold values. . . . . . . . . . . 57

Setting the switch status policy threshold values . . . . . . . . . . .57

Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Auditable event classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Verifying host syslog prior to configuring the audit log . . . . . . . 60

Configuring an audit log for specific event classes . . . . . . . . . . 61

Fabric OS Administrator’s Guide vii 53-1001763-02

Page 8

Chapter 4 Routing Traffic

About this chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Routing overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Path versus route selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Virtual Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . . .70

Inter-chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Supported topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Routing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

Displaying the current routing policy . . . . . . . . . . . . . . . . . . . . . 74

Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

AP route policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Routing in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Static route assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Forcing in-order frame delivery across topology changes. . . . . 78

Restoring out-of-order frame delivery across topology changes78

Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . . .79

Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Configuring Lossless Dynamic Load Sharing. . . . . . . . . . . . . . .80

Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . . .80

Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81

Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . . .82

Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . . .82

Viewing redirect zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Chapter 5 Managing User Accounts

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Role-Based Access Control (RBAC) . . . . . . . . . . . . . . . . . . . . . . .84

The management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Local account database distribution . . . . . . . . . . . . . . . . . . . . . . . . .90

Distributing the local user database . . . . . . . . . . . . . . . . . . . . .90

Accepting distribution of user databases on the local switch .90

Rejecting distributed user databases on the local switch . . . . 90

viii Fabric OS Administrator’s Guide

53-1001763-02

Page 9

Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Account lockout policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95

Setting the boot PROM password for a switch with a recovery string 95 Setting the boot PROM password for a director with a recovery string 96 Setting the boot PROM password for a switch without a recovery

string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Setting the boot PROM password for a director without a recovery

string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

The authentication model using RADIUS and LDAP . . . . . . . . . . . . .99

Setting the switch authentication mode . . . . . . . . . . . . . . . . .101

Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

Fabric OS users on the RADIUS server. . . . . . . . . . . . . . . . . . .102

The RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

LDAP configuration and Microsoft Active Directory. . . . . . . . .111

Authentication servers on the switch . . . . . . . . . . . . . . . . . . . .114

Configuring local authentication as backup. . . . . . . . . . . . . . .115

Chapter 6 Configuring Protocols

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Setting up SCP for configUploads and downloads . . . . . . . . .119

Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .120

Secure Sockets Layer protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Browser and Java support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

SSL configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Certificate authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Root certificates for the Java Plug-in . . . . . . . . . . . . . . . . . . . .126

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .127

SNMP and Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

The security level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

The snmpConfig command . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Telnet protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Blocking Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130

Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131

Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .131

Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Fabric OS Administrator’s Guide ix 53-1001763-02

Page 10

Chapter 7 Configuring Security Policies

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .133

Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134

ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134

Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Saving changes without activating the policies . . . . . . . . . . . .135

Activating policy changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Adding a member to an existing ACL policy . . . . . . . . . . . . . . .136

Removing a member from an ACL policy . . . . . . . . . . . . . . . . .136

Aborting unsaved policy changes . . . . . . . . . . . . . . . . . . . . . . .136

FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137

FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137

Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .138

Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138

Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .139

FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

DCC policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141

Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142

SCC policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .144

E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145

Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .147

AUTH policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148

Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .149

FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .150

Fabric-wide distribution of the Auth policy . . . . . . . . . . . . . . . .153

IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Deleting an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .157

Deleting a rule to an IP Filter policy . . . . . . . . . . . . . . . . . . . . .157

Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .157

IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158

x Fabric OS Administrator’s Guide

53-1001763-02

Page 11

Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158

Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .159

ACL policy distribution to other switches . . . . . . . . . . . . . . . . .160

Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .162

Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

IPsec protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Authentication and encryption algorithms . . . . . . . . . . . . . . . .167

IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168

IKE policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169

Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170

Example of an End-to-End Transport Tunnel mode . . . . . . . . .172

Chapter 8 Maintaining the Switch Configuration File

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175

Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175

Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176

Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Uploading a configuration file in interactive mode . . . . . . . . .179

Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Configuration download without disabling a switch . . . . . . . .182

Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184

Downloading a configuration file from one switch to another same

model switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184

Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184

Configuration management for Virtual Fabrics. . . . . . . . . . . . . . . .184

Uploading a configuration file from a switch with Virtual Fabrics

enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185

Restoring logical switch configuration using configDownload 185

Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186

Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187

Chapter 9 Installing and Maintaining Firmware

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189

Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .189

Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .190

Considerations for FICON CUP environments . . . . . . . . . . . . .191

HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .192

Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192

Finding the switch firmware version. . . . . . . . . . . . . . . . . . . . .193

Obtain and decompress firmware . . . . . . . . . . . . . . . . . . . . . .193

Fabric OS Administrator’s Guide xi 53-1001763-02

Page 12

Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Switch firmware download process overview. . . . . . . . . . . . . .194

Firmware download on an enterprise-class platform . . . . . . . . . . .196

Enterprise-class platform firmware download process overview196

Firmware download from a USB device. . . . . . . . . . . . . . . . . . . . . .200

Enabling USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .200

Downloading from USB using the relative path. . . . . . . . . . . .200

Downloading from USB using the absolute path. . . . . . . . . . .200

FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

Public and Private Key Management . . . . . . . . . . . . . . . . . . . .201

The firmwareDownload Command . . . . . . . . . . . . . . . . . . . . . .201

Power-on Firmware Checksum Test . . . . . . . . . . . . . . . . . . . . .202

Test and restore firmware on switches . . . . . . . . . . . . . . . . . . . . . .203

Testing a different firmware version on a switch. . . . . . . . . . .203

Test and restore firmware on enterprise-class platforms. . . . . . . .204

Testing different firmware versions on enterprise-class platforms205

Validating a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Chapter 10 Managing Virtual Fabrics

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210

Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .212

Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .212

Logical switches and connected devices . . . . . . . . . . . . . . . . .213

Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214

Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215

Logical fabric and ISL sharing. . . . . . . . . . . . . . . . . . . . . . . . . .216

Management model for logical switches. . . . . . . . . . . . . . . . . . . . .219

Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .220

Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .220

Supported port configurations in the Brocade 5100, 5300, and VA-

40FC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220

Supported port configurations in the Brocade DCX and DCX-4S221

Virtual Fabrics interaction with other Fabric OS features . . . .221

Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .222

Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .223

Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223

Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .224

Configuring logical switches to use basic configuration values. . .225

Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .225

Executing a command in a different logical fabric context . . . . . .227

xii Fabric OS Administrator’s Guide

53-1001763-02

Page 13

Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Adding and removing ports on a logical switch. . . . . . . . . . . . . . . .229

Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .230

Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .230

Changing a logical switch to a base switch. . . . . . . . . . . . . . . . . . .231

Setting up IP addresses for a Virtual Fabric . . . . . . . . . . . . . . . . . .232

Removing an IP address for a Virtual Fabric . . . . . . . . . . . . . . . . . .232

Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .232

Changing the context to a different logical fabric . . . . . . . . . . . . . .233

Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .234

Chapter 11 Administering Advanced Zoning

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237

Special zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237

Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240

Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

Zone configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242

Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242

Considerations for zoning architecture . . . . . . . . . . . . . . . . . .243

Best practices for zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244

Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244

Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .244

Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .245

High availability considerations with broadcast zones . . . . . .246

Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .246

Broadcast zones and default zoning . . . . . . . . . . . . . . . . . . . .246

Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246

Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246

Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . .247

Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .247

Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248

Viewing an alias in the defined configuration . . . . . . . . . . . . .248

Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .249

Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249

Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .249

Removing devices (members) from a zone . . . . . . . . . . . . . . .250

Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250

Viewing a zone in the defined configuration . . . . . . . . . . . . . .251

Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

Default zoning mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252

Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .252

Viewing the current default zone access mode. . . . . . . . . . . .253

Zoning database size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Fabric OS Administrator’s Guide xiii 53-1001763-02

Page 14

Zoning configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Creating a zoning configuration . . . . . . . . . . . . . . . . . . . . . . . .254

Adding zones (members) to a zoning configuration . . . . . . . .254

Removing zones (members) from a zone configuration . . . . .255

Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .255

Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .256

Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .256

Clearing changes to a configuration. . . . . . . . . . . . . . . . . . . . .257

Viewing all zone configuration information . . . . . . . . . . . . . . .257

Viewing selected zone configuration information . . . . . . . . . .258

Viewing the configuration in the effective zone database . . .258

Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .258

Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259

Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259

Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259

Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

Zoning configuration management . . . . . . . . . . . . . . . . . . . . . . . . .261

New switch or fabric additions . . . . . . . . . . . . . . . . . . . . . . . . .261

Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .263

Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263

Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264

Chapter 12 Traffic Isolation Zoning

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .267

TI zone failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268

FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .270

Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272

Traffic Isolation Zoning over FC routers. . . . . . . . . . . . . . . . . . . . . .273

TI within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

TI within a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . .275

Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .276

General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276

Supported configurations for Traffic Isolation Zoning . . . . . . . . . . 277

Additional configuration rules for enhanced TI zones. . . . . . .278

Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .278

Admin Domain considerations for Traffic Isolation Zoning . . . . . .279

Virtual Fabric considerations for Traffic Isolation Zoning. . . . . . . .279

Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .281

Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282

Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .284

Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

xiv Fabric OS Administrator’s Guide

53-1001763-02

Page 15

Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Setting up TI over FCR (sample procedure). . . . . . . . . . . . . . . . . . .287

Chapter 13 Administering NPIV

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292

Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292

10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292

Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293

Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294

Viewing NPIV port configuration information . . . . . . . . . . . . . . . . .294

Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .296

Chapter 14 Interoperability for Merged SANs

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297

Interoperability overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297

Connectivity solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298

Domain ID offset modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Configuring the Domain_ID offset . . . . . . . . . . . . . . . . . . . . . .301

McDATA Fabric mode configuration restrictions . . . . . . . . . . . . . . .301

McDATA Open Fabric mode configuration restrictions . . . . . . . . . .302

Interoperability support for logical switches . . . . . . . . . . . . . . . . . .302

Switch configurations for interoperability . . . . . . . . . . . . . . . . . . . .303

Enabling McDATA Open Fabric mode . . . . . . . . . . . . . . . . . . . .303

Enabling McDATA Fabric mode . . . . . . . . . . . . . . . . . . . . . . . . .304

Enabling Brocade Native mode. . . . . . . . . . . . . . . . . . . . . . . . .305

Zone management in interoperable fabrics . . . . . . . . . . . . . . . . . .306

Zoning restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306

Zone name restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307

Zoning modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307

Setting the safe zone mode on a stand-alone switch . . . . . . .308

Setting the safe zone mode fabric-wide. . . . . . . . . . . . . . . . . .308

Disabling safe zone mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .308

Effective zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Saving the effective zone configuration to the Defined Database309

Frame Redirection in interoperable fabrics. . . . . . . . . . . . . . . . . . .310

Traffic Isolation zones in interoperable fabrics . . . . . . . . . . . . . . . . 310

Brocade SANtegrity implementation in mixed fabric SANS . . . . . .311

Fabric OS Layer 2 Fabric Binding . . . . . . . . . . . . . . . . . . . . . . .311

Fabric OS Administrator’s Guide xv 53-1001763-02

Page 16

E_Port authentication between Fabric OS and M-EOS switches . . 311

Switch authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .313

Dumb switch authentication . . . . . . . . . . . . . . . . . . . . . . . . . . .315

Authentication of EX_Port, VE_Port, and VEX_Port connections316

Authentication of VE_Port-to-VE_Port connections . . . . . . . . .317

Authentication of VEX_Port-to-VE_Port connections . . . . . . . .320

Authentication of VEX_Port-to-VEX_Port connections . . . . . . .321

FCR SANtegrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321

Fabric Binding behavior in a mixed fabric . . . . . . . . . . . . . . . .322

Translate domains do not have Preferred or Insistent Domain ID

behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322

Configuring the preferred domain ID and the insistent domain ID322

FICON implementation in a mixed fabric. . . . . . . . . . . . . . . . . . . . .323

Fabric OS version change restrictions in an interoperable environment 323

Coordinated Hot Code Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324

Bypassing the Coordinated HCL check on firmware download324

Coordinated HCL on switches firmware downloads . . . . . . . .325

Upgrade and downgrade considerations for HCL for interoperability 325

McDATA-aware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325

McDATA-unaware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326

M-EOS feature limitations in mixed fabrics . . . . . . . . . . . . . . .328

Supported hardware in an interoperable environment . . . . . . . . .329

Supported features in an interoperable environment . . . . . . . . . .331

Unsupported features in an interoperable environment . . . . . . . .334

Chapter 15 Managing Administrative Domains

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335

Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .335

Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .337

Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .338

User-defined Administrative Domains . . . . . . . . . . . . . . . . . . .338

System-defined Administrative Domains . . . . . . . . . . . . . . . . .338

Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340

Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .341

Admin Domains and switch WWN. . . . . . . . . . . . . . . . . . . . . . .342

Admin Domain compatibility, availability, and merging . . . . . .344

xvi Fabric OS Administrator’s Guide

53-1001763-02

Page 17

Admin Domain management for physical fabric administrators . .344

Setting the default zoning mode for Admin Domains . . . . . . .344

Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .345

User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .346

Removing an Admin Domain from a user account . . . . . . . . .348

Activating an Admin Domain. . . . . . . . . . . . . . . . . . . . . . . . . . .348

Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .349

Adding members to an existing Admin Domain . . . . . . . . . . . .349

Removing members from an Admin Domain . . . . . . . . . . . . . .350

Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .350

Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .351

Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .352

Deleting all user-defined Admin Domains non-disruptively . .352

Validating an Admin Domain member list . . . . . . . . . . . . . . . .356

SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .356

CLI commands in an AD context. . . . . . . . . . . . . . . . . . . . . . . .357

Executing a command in a different AD context . . . . . . . . . . .357

Displaying an Admin Domain configuration . . . . . . . . . . . . . . .358

Switching to a different Admin Domain context. . . . . . . . . . . .358

Admin Domain interactions with other Fabric OS features. . .359

Admin Domains, zones, and zone databases . . . . . . . . . . . . .360

Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .362

Configuration upload and download in an AD context . . . . . .362

Section II Licensed Features

Chapter 16 Administering Licensing

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365

Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365

The Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . 371

ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371

ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372

Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372

Upgrade/downgrade considerations . . . . . . . . . . . . . . . . . . . .373

Adding a license to a slot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Removing a license from a slot . . . . . . . . . . . . . . . . . . . . . . . . .373

Time-based licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Configupload and download considerations . . . . . . . . . . . . . .374

Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Universal Time-based licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Universal Time-based license expiration date . . . . . . . . . . . . .374

Extending a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Deleting a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Date change restriction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Universal Time-based license shelf life . . . . . . . . . . . . . . . . . .375

Fabric OS Administrator’s Guide xvii 53-1001763-02

Page 18

Viewing installed licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Activating a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Adding a licensed feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Removing a licensed feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377

Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377

Activating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Displaying the port license assignments . . . . . . . . . . . . . . . . .379

Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . .380

Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . .380

Reserving a port license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381

Releasing a port from a POD set. . . . . . . . . . . . . . . . . . . . . . . .382

Chapter 17 Monitoring Fabric Performance

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383

Advanced Performance Monitoring overview . . . . . . . . . . . . . . . . .383

Types of monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383

Virtual Fabrics considerations for Advanced Performance Monitoring 384

End-to-end performance monitoring . . . . . . . . . . . . . . . . . . . . . . . .385

End-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385

Adding end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . .386

Setting a mask for an end-to-end monitor . . . . . . . . . . . . . . . .387

Deleting end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . .388

Frame monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389

Creating frame types to be monitored . . . . . . . . . . . . . . . . . . .390

Deleting frame types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391

Adding frame monitors to a port. . . . . . . . . . . . . . . . . . . . . . . .391

Removing frame monitors from a port . . . . . . . . . . . . . . . . . . .391

Saving frame monitor configuration. . . . . . . . . . . . . . . . . . . . .391

Displaying frame monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . .392

Clearing frame monitor counters . . . . . . . . . . . . . . . . . . . . . . .392

ISL performance monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393

Top Talker monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393

Adding a Top Talker monitor on an F_Port . . . . . . . . . . . . . . . .394

Adding Top Talker monitors on all switches in the fabric (fabric mode) 394 Displaying the top n bandwidth-using flows on an F_Port . . .395 Displaying top talking flows for a given domain ID (fabric mode)396

Deleting a Top Talker monitor on an F_Port . . . . . . . . . . . . . . .396

Deleting the fabric mode Top Talker monitors . . . . . . . . . . . . .396

Limitations of Top Talker monitors . . . . . . . . . . . . . . . . . . . . . .397

Trunk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

Displaying end-to-end and ISL monitor counters . . . . . . . . . . . . . .397

Clearing end-to-end and ISL monitor counters . . . . . . . . . . . . . . . .398

Saving and restoring monitor configurations . . . . . . . . . . . . . . . . .399

xviii Fabric OS Administrator’s Guide

53-1001763-02

Page 19

Performance data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399

Chapter 18 Optimizing Fabric Behavior

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401

Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401

Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402

Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .403

Disabling ingress rate limiting. . . . . . . . . . . . . . . . . . . . . . . . . .403

QoS: SID/DID traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . .403

License requirements for traffic prioritization . . . . . . . . . . . . .404

QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406

QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408

Virtual Fabric considerations for traffic prioritization . . . . . . .409

High availability considerations for traffic prioritization . . . . . 410

Supported configurations for traffic prioritization . . . . . . . . . . 410

Upgrade considerations for traffic prioritization . . . . . . . . . . .410

Limitations and restrictions for traffic prioritization . . . . . . . .413

Setting traffic prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414

Setting traffic prioritization over FC routers . . . . . . . . . . . . . . . . . .415

Disabling QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416

Bottleneck detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Supported configurations for bottleneck detection. . . . . . . . . 417

How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . . 417

Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . . 417

High availability considerations for bottleneck detection . . . . 417

Upgrade and downgrade considerations for bottleneck detection418

Trunking considerations for bottleneck detection . . . . . . . . . .418

Virtual Fabrics considerations for bottleneck detection . . . . .418

Access Gateway considerations for bottleneck detection. . . .418

Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . .419

Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .419

Displaying bottleneck detection configuration details . . . . . . . . . .420

Changing bottleneck alert parameters . . . . . . . . . . . . . . . . . . . . . .420

Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .422

Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .423

Chapter 19 Managing Trunking Connections

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425

Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425

Criteria for managing trunking connections. . . . . . . . . . . . . . .426

Supported hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

Recommendations for trunking groups . . . . . . . . . . . . . . . . . . . . . .427

Fabric OS Administrator’s Guide xix 53-1001763-02

Page 20

Basic trunk group configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .428

Re-initializing ports for trunking . . . . . . . . . . . . . . . . . . . . . . . .428

Enabling Trunking on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .428

Enabling Trunking on a switch . . . . . . . . . . . . . . . . . . . . . . . . .428

Displaying trunking information . . . . . . . . . . . . . . . . . . . . . . . .429

Trunking over long distance fabrics . . . . . . . . . . . . . . . . . . . . . . . . .430

F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431

Prerequisites for F_Port trunking . . . . . . . . . . . . . . . . . . . . . . .431

Enabling F_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432

Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432

F_Port trunking in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . .432

F_Port trunking considerations for Virtual Fabrics . . . . . . . . .433

F_Port masterless trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

F_Port masterless trunking considerations . . . . . . . . . . . . . . .435

Assigning a Trunk Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437

Enabling the DCC policy on a Trunk Area . . . . . . . . . . . . . . . . .439

Chapter 20 Managing Long Distance Fabrics

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .441

Long distance fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .441

Extended Fabrics device limitations . . . . . . . . . . . . . . . . . . . . . . . .442

Long distance link modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

Configuring an extended ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443

Enabling long distance when connecting to TDM devices . . .444

Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445

Buffer-to-Buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .445

Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .446

Fibre Channel gigabit values reference definition. . . . . . . . . .447

Allocating buffer credits based on full-size frames . . . . . . . . .447

Allocating buffer credits based on average-size frames . . . . .449

Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .450

Displaying the remaining buffers in a port group . . . . . . . . . .450

Buffer credits for each switch model . . . . . . . . . . . . . . . . . . . .451

Maximum configurable distances for Extended Fabrics . . . . .452

Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453

Chapter 21 Using the FC-FC Routing Service

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

FC-FC routing service overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

Supported platforms for Fibre Channel routing. . . . . . . . . . . .456

Supported configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Integrated Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457

xx Fabric OS Administrator’s Guide

53-1001763-02

Page 21

Fibre Channel routing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . .457

Proxy devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

Routing types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

Phantom domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462

Setting up the FC-FC routing service . . . . . . . . . . . . . . . . . . . . . . . .464

Verifying the setup for FC-FC routing . . . . . . . . . . . . . . . . . . . .464

Backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

Assigning backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . .467

FCIP tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467

Inter-fabric link configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468

Configuring an IFL for both edge and backbone connections468

FC Router port cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Port cost considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .472

Setting router port cost for an EX_Port. . . . . . . . . . . . . . . . . . .473

EX_Port frame trunking configuration . . . . . . . . . . . . . . . . . . . . . . . 474

Masterless EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Supported configurations and platforms . . . . . . . . . . . . . . . . .475

Configuring EX_Port frame trunking . . . . . . . . . . . . . . . . . . . . . 476

Displaying EX_Port trunking information . . . . . . . . . . . . . . . . . 476

LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477

Use of Admin Domains with LSAN zones and FCR . . . . . . . . . 477

Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .477

LSAN zones and fabric-to-fabric communications. . . . . . . . . .478

Controlling device communication with the LSAN . . . . . . . . . .478

Setting the maximum LSAN count . . . . . . . . . . . . . . . . . . . . . .480

Configuring backbone fabrics for interconnectivity . . . . . . . . .481

HA and downgrade considerations for LSAN zones . . . . . . . .481

LSAN zone policies using LSAN tagging . . . . . . . . . . . . . . . . . .481

LSAN zone binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485

Proxy PID configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489

Fabric parameter considerations. . . . . . . . . . . . . . . . . . . . . . . . . . .489

Inter-fabric broadcast frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490

Displaying the current broadcast configuration. . . . . . . . . . . .490

Enabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .491

Disabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .491

Resource monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491

FC-FC Routing and Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . .492

Logical switch configuration for FC routing . . . . . . . . . . . . . . .493

Backbone-to-edge routing with Virtual Fabrics . . . . . . . . . . . .494

Upgrade and downgrade considerations for FC-FC routing . . . . . .495

How replacing port blades affects EX_Port configuration. . . .495

Displaying the range of output ports connected to xlate domains496

Appendix A M-EOS Migration Path to Fabric OS

In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497

Fabric OS Administrator’s Guide xxi 53-1001763-02

Page 22

M-EOS fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497

McDATA Mi10K interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . .499

Fabric configurations for interconnectivity . . . . . . . . . . . . . . . . . . .499

Connectivity modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499

Configuring the FC router . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500

Configuring LSAN zones in the M-EOS fabric. . . . . . . . . . . . . .502

Correcting errors if LSAN devices appear in only one of the fabrics 502

Completing the configuration . . . . . . . . . . . . . . . . . . . . . . . . . .503

Appendix B Inband Management

In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505

Inband Management overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . .505

Internal Ethernet devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506

IP address and routing management . . . . . . . . . . . . . . . . . . . . . . .506

Setting the IP address for the 7500s. . . . . . . . . . . . . . . . . . . .507

Setting the IP address for the CP Inband Management interface507 Setting the IP address for the GE Inband Management interface507

Adding an Inband Management route on the CP . . . . . . . . . .507

Deleting an Inband Management route . . . . . . . . . . . . . . . . . .508

Viewing Inband Management IP addresses and routes . . . . .508

FIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509

Examples of supported configurations . . . . . . . . . . . . . . . . . . . . . .509

Configuring a Management Station on the same subnet . . . .509

Configuring a Management Station on different subnets. . . . 510

Appendix C Port Indexing

In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513

Port indexing on the Brocade 48000 director . . . . . . . . . . . . . . . .513

Port indexing on the Brocade DCX backbone . . . . . . . . . . . . . . . . .515

Port indexing on the Brocade DCX-4S backbone . . . . . . . . . . . . . . 517

Appendix D FIPS Support

In this appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521

FIPS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521

Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521

Power-up self tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522

Conditional tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522

FIPS mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

LDAP in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

LDAP certificates for FIPS mode . . . . . . . . . . . . . . . . . . . . . . . .526

xxii Fabric OS Administrator’s Guide

53-1001763-02

Page 23

Preparing the switch for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527

Overview of steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527

Enabling FIPS mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528

Disabling FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529

Zeroizing for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530

Displaying FIPS configuration . . . . . . . . . . . . . . . . . . . . . . . . . .530

Appendix E Hexadecimal

Hexadecimal overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531

Example conversion of the hexadecimal triplet Ox616000 . . 531

Index

Fabric OS Administrator’s Guide xxiii 53-1001763-02

Page 24

xxiv Fabric OS Administrator’s Guide

53-1001763-02

Page 25

Figures

Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Figure 3 Blade swap with Virtual Fabrics during the swap. . . . . . . . . . . . . . . . . . . . . . . . . 52

Figure 4 Blade swap with Virtual Fabrics after the swap . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Figure 5 Principal ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Figure 6 New switch added to existing fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Figure 7 Virtual Channels on a 1/2/4 Gbps ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Figure 8 Virtual Channels on an 8 Gbps ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Figure 9 Gateway link merges SAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Figure 10 DCX-4S allowed ICL connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Figure 11 ICL triangular topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Figure 12 Single Host and Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Figure 13 Windows 2000 VSA configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Figure 14 Example of a Brocade DCT file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Figure 15 Example of the dictiona.dcm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Figure 16 DH-CHAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Figure 17 Protected endpoints configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Figure 18 Gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Figure 19 Endpoint to gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Figure 20 Switch before and after enabling Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . 211

Figure 21 Switch before and after creating logical switches . . . . . . . . . . . . . . . . . . . . . . . 211

Figure 22 Fabric IDs assigned to logical switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Figure 23 Assigning ports to logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Figure 24 Logical switches connected to devices and non-Virtual Fabric switch . . . . . . . 214

Figure 25 Logical switches in a single chassis belong to separate fabrics . . . . . . . . . . . . 214

Figure 26 Logical switches connected to other logical switches through physical ISLs. . 215

Figure 27 Logical switches connected to form logical fabrics . . . . . . . . . . . . . . . . . . . . . . 215

Figure 28 Base switches connected by an XISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Figure 29 Logical ISLs connecting logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Figure 30 Logical fabric using ISLs and XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Figure 31 Example of logical fabrics in multiple chassis and XISLs . . . . . . . . . . . . . . . . . 234

Figure 32 Zoning example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Figure 33 Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Figure 34 Traffic Isolation zone creating a dedicated path through the fabric. . . . . . . . . 268

Figure 35 Fabric incorrectly configured for TI zone with failover disabled . . . . . . . . . . . . 270

Figure 36 Dedicated path is the only shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Fabric OS Administrator’s Guide xxv 53-1001763-02

Page 26

Figure 37 Dedicated path is not the shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Figure 38 Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Figure 39 Illegal ETIZ configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Figure 40 Traffic Isolation Zoning over FCR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Figure 41 TI zone in an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Figure 42 TI zone in a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Figure 43 TI zone misconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Figure 44 Dedicated path with Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Figure 45 Creating a TI zone in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Figure 46 Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Figure 47 Example configuration for TI zones over FC routers in logical fabrics . . . . . . . 281

Figure 48 Logical representation of TI zones over FC routers in logical fabrics . . . . . . . . 282

Figure 49 TI over FCR example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Figure 50 Typical direct E_Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Figure 51 Fabric with two Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Figure 52 Filtered fabric views when using Admin Domains . . . . . . . . . . . . . . . . . . . . . . . 336

Figure 53 Fabric with AD0 and AD255. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Figure 54 Fabric showing switch and device WWNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Figure 55 Filtered fabric views showing converted switch WWNs . . . . . . . . . . . . . . . . . . . 343

Figure 56 AD0 and two user-defined Admin Domains, AD1 and AD2 . . . . . . . . . . . . . . . . 354

Figure 57 AD0 with three zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Figure 58 Setting end-to-end monitors on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Figure 59 Proper placement of end-to-end performance monitors . . . . . . . . . . . . . . . . . . 387

Figure 60 Mask positions for end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Figure 61 QoS traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Figure 62 QoS with E_Ports enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Figure 63 Traffic prioritization in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Figure 64 Distribution of traffic over ISL Trunking groups . . . . . . . . . . . . . . . . . . . . . . . . . 426

Figure 65 Trunk group configuration for the Brocade 5100 . . . . . . . . . . . . . . . . . . . . . . . 431

Figure 66 Switch in Access Gateway mode without F_Port trunking . . . . . . . . . . . . . . . . . 434

Figure 67 Switch in Access Gateway mode with F_Port masterless trunking. . . . . . . . . . 434

Figure 68 A metaSAN with inter-fabric links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Figure 69 A metaSAN with edge-to-edge and backbone fabrics and LSAN zones . . . . . . 459

Figure 70 Edge SANs connected through a backbone fabric. . . . . . . . . . . . . . . . . . . . . . . 460

Figure 71 MetaSAN with imported devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

Figure 72 Sample topology (physical topology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Figure 73 EX_Port phantom switch topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Figure 74 Example of setting up Speed LSAN tag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Figure 75 LSAN zone binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Figure 76 EX_Ports in a base switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Figure 77 Logical representation of EX_Ports in a base switch . . . . . . . . . . . . . . . . . . . . . 494

Figure 78 Backbone-to-edge routing across base switch using FC router in legacy mode 495

xxvi Fabric OS Administrator’s Guide

53-1001763-02

Page 27

Figure 79 Inband Management process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

Figure 80 Management Station on same subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

Figure 81 Management Station on a different subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

Fabric OS Administrator’s Guide xxvii 53-1001763-02

Page 28

xxviii Fabric OS Administrator’s Guide

53-1001763-02

Page 29

Tables

Tab l e 1 Daemons that are automatically restarted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Tab l e 2 Default administrative account names and passwords . . . . . . . . . . . . . . . . . . . 19

Tab l e 3 Port numbering schemes for the Brocade 48000, Brocade DCX and DCX-4S enterprise-class platforms 40

Tab l e 4 Brocade enterprise-class platform terminology and abbreviations . . . . . . . . . . 44

Tab l e 5 Port blades supported by each platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Tab l e 6 Blade compatibility within a Brocade DCX and DCX-4S backbone . . . . . . . . . . . 47

Tab l e 7 AuditCfg event class operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Tab l e 8 LED behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Tab l e 9 Combinations of routing policy and IOD with Lossless DLS enabled . . . . . . . . . 79

Tab l e 10 Fabric OS roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Tab l e 11 Permission types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Tab l e 1 2 RBAC permissions matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Tab l e 13 Maximum number of simultaneous sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Tab l e 14 Default local user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Tab l e 15 Authentication configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Tab l e 16 Syntax for VSA-based account roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Table 17 dictionary.brocade file entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Tab l e 1 8 Secure protocol support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Tab l e 19 Items needed to deploy secure protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Tab l e 2 0 Main security scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Tab l e 21 SSL certificate files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Tab l e 2 2 Blocked listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Tab l e 2 3 Access defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Tab l e 24 Port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Tab l e 2 5 Valid methods for specifying policy members . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Tab l e 2 6 FCS policy states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Tab l e 27 FCS switch operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Tab l e 2 8 Distribution policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Tab l e 2 9 DCC policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Tab l e 3 0 SCC policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Tab l e 31 FCAP certificate files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Tab l e 3 2 Supported services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Tab l e 3 3 Implicit IP Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Tab l e 3 4 Default IP policy rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Tab l e 3 5 Interaction between fabric-wide consistency policy and distribution settings . 159

Fabric OS Administrator’s Guide xxix 53-1001763-02

Page 30

Tab l e 3 6 Supported policy databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Tab l e 37 Fabric-wide consistency policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Tab l e 3 8 Merging fabrics with matching fabric-wide consistency policies. . . . . . . . . . . . 163

Tab l e 3 9 Examples of strict fabric merges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Tab l e 4 0 Fabric merges with tolerant/absent combinations . . . . . . . . . . . . . . . . . . . . . . 164

Tab l e 41 Algorithms and associated authentication policies . . . . . . . . . . . . . . . . . . . . . . 168

Tab l e 4 2 CLI commands to display or modify switch configuration information . . . . . . . 181

Tab l e 4 3 Brocade configuration and connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Tab l e 4 4 Enterprise-class platform HA sync states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Tab l e 4 5 Blade and port types supported on logical switches . . . . . . . . . . . . . . . . . . . . . 221

Tab l e 4 6 Virtual Fabrics interaction with Fabric OS features . . . . . . . . . . . . . . . . . . . . . . 222

Tab l e 47 Maximum number of logical switches per chassis. . . . . . . . . . . . . . . . . . . . . . . 222

Tab l e 4 8 Types of zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Tab l e 4 9 Approaches to fabric-based zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Tab l e 5 0 Considerations for zoning architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Tab l e 51 Zone merging scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Tab l e 5 2 Comparison of traffic behavior when failover is enabled or disabled in TI zones 269

Tab l e 5 3 Number of supported NPIV devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Tab l e 5 4 Internal representations of ID domain offsets in IM2.. . . . . . . . . . . . . . . . . . . . 300

Tab l e 5 5 Internal representations of ID domain offsets in IM3.. . . . . . . . . . . . . . . . . . . . 300

Tab l e 5 6 Fabric OS switch authentication types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Tab l e 57 Fabric OS mode descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Tab l e 5 8 DH group types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Tab l e 5 9 Device authentication mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Tab l e 6 0 Switch authentication policy when all secrets are correct. . . . . . . . . . . . . . . . . 313

Tab l e 61 Switch authentication policy - Fabric OS switch with incorrect peer secret for M-EOS switch 314

Tab l e 6 2 Switch authentication policy-M-EOS switch with the incorrect peer secret for Fabric OS switch 315

Tab l e 6 3 Switch authentication policy when connected to an M-EOS dumb switch . . . . 316

Tab l e 6 4 VE_Port-to-VE_Port authentication policy with correct switch secret . . . . . . . . 317

Tab l e 6 5 VE_Port-to-VE_Port authentication policy with unknown switch secret . . . . . . 319

Tab l e 6 6 VEX_Port-to-VE_Port authentication policy with correct secrets . . . . . . . . . . . . 321

Tab l e 6 7 VEX_ Port-to-VE_Port authentication policy when secrets are not correct . . . . 321

Tab l e 6 8 McDATA-aware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Tab l e 6 9 McDATA-unaware features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Tab l e 7 0 Complete feature compatibility matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Tab l e 71 Fabric OS interoperability with M-EOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Tab l e 7 2 Supported Fabric OS features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Tab l e 7 3 AD user types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Tab l e 74 Ports and devices in CLI output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

Tab l e 7 5 Admin Domain interaction with Fabric OS features . . . . . . . . . . . . . . . . . . . . . . 359

xxx Fabric OS Administrator’s Guide

53-1001763-02

Page 31

Table 76 Configuration upload and download scenarios in an AD context . . . . . . . . . . . 362

Tab l e 77 Available Brocade licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Tab l e 7 8 License requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Tab l e 7 9 Base to Upgrade License Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Tab l e 8 0 List of available ports when implementing PODs. . . . . . . . . . . . . . . . . . . . . . . . 378

Tab l e 81 Types of monitors supported on Brocade switch models . . . . . . . . . . . . . . . . . 384

Tab l e 8 2 Number of logical switches that support performance monitors . . . . . . . . . . . 384

Tab l e 8 3 Maximum number of frame monitors and offsets per port . . . . . . . . . . . . . . . . 389

Tab l e 8 4 Predefined values at offset 0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Tab l e 8 5 Virtual channels assigned to QoS priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Tab l e 8 6 Trunking support for Brocade 4100 and 4900 . . . . . . . . . . . . . . . . . . . . . . . . . 430

Tab l e 87 Trunking over distance for the Brocade 48000, DCX Backbone, and the DCX-4S 431

Tab l e 8 8 PWWN format for F_Port and N_Port trunk ports. . . . . . . . . . . . . . . . . . . . . . . . 434

Tab l e 8 9 F_Port masterless trunking considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Tab l e 9 0 Address identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

Tab l e 91 Fibre Channel data frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Tab l e 9 2 Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Tab l e 9 3 Configurable distances for Extended Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Tab l e 9 4 Supported platforms and VF mode for masterless EX_Port trunking . . . . . . . . 475

Tab l e 9 5 LSAN information stored in each FC router with and without LSAN zone binding 486

Tab l e 9 6 Fabric OS and M-EOSc interoperability compatibility matrix . . . . . . . . . . . . . . . 497

Tab l e 97 Fabric OS and M-EOSn interoperability compatibility matrix . . . . . . . . . . . . . . . 498

Tab l e 9 8 portCfgEXPort -m values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

Tab l e 9 9 Default index/area_ID core PID assignment with no port swap for the Brocade 48000 director 513

Tab l e 100 Default index/16-bit PID assignment with no port swap on a Brocade DCX backbone 515

Table 101 Default index/16-bit PID assignment with no port swap for the Brocade DCX-4S 518

Tab l e 102 Zeroization behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

Tab l e 103 FIPS mode restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Tab l e 104 FIPS and non-FIPS modes of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

Tab l e 105 Active Directory keys to modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Tab l e 106 Decimal to hexadecimal conversion table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532

Fabric OS Administrator’s Guide xxxi 53-1001763-02

Page 32

xxxii Fabric OS Administrator’s Guide

53-1001763-02

Page 33

About This Document

In this chapter

•How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

•Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv

•What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

•Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

•Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii

•Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii

•Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix

How this document is organized

The document is divided into two sections; the first, “Standard Features,” contains the following topics:

• Chapter 1, “Understanding Fibre Channel Services,” provides information on the Fibre Channel

services on Brocade switches.

• Chapter 2, “Performing Basic Configuration Tasks,” gives a brief overview of Fabric OS,

explains the Fabric OS CLI Help feature, and provides typical connection and configuration procedures.

• Chapter 3, “Performing Advanced Configuration Tasks,” provides advanced connection and

configuration procedures.

• Chapter 4, “Routing Traffic,” provides information and procedures for using switch routing

features.

• Chapter 5, “Managing User Accounts,” provides information and procedures on managing

authentication and user accounts for the switch management channel.

• Chapter 6, “Configuring Protocols,” provides procedures for basic password and user account

management.

• Chapter 7, “Configuring Security Policies,” provides information and procedures for configuring

ACL policies for FC port and switch binding and managing the fabric-wide consistency policy.

• Chapter 8, “Maintaining the Switch Configuration File,” provides procedures for maintaining

and backing up your switch configurations.

• Chapter 9, “Installing and Maintaining Firmware,” provides preparations and procedures for

performing firmware downloads.

• Chapter 10, “Managing Virtual Fabrics,” describes the concepts and provides procedures for

using Virtual Fabrics.

Fabric OS Administrator’s Guide xxxiii 53-1001763-02

Page 34

• Chapter 11, “Administering Advanced Zoning,” provides procedures for use of the Brocade

Advanced Zoning feature.

• Chapter 12, “Traffic Isolation Zoning,” provides concepts and procedures for use of Traffic

Isolation Zones within a fabric.

• Chapter 13, “Administering NPIV,” provides procedures for enabling and configuring N-Port ID

Virtualization (NPIV).

• Chapter 14, “Interoperability for Merged SANs,” provides information about using Brocade

switches with other brands of switches.

• Chapter 15, “Managing Administrative Domains,” describes the concepts and provides

procedures for using administrative domains.

The second section, “Licensed Features,” contains the following topics:

• Chapter 16, “Administering Licensing,” provides information about Brocade licenses and their

implementation on switches and enterprise-class directors.

• Chapter 17, “Monitoring Fabric Performance,” provides procedures for use of the Brocade

Advanced Performance Monitoring licensed feature.

• Chapter 18, “Optimizing Fabric Behavior,” provides procedures for use of the Brocade Adaptive

Networking suite of tools, including Traffic Isolation, QoS Ingress Rate Limiting, and QoS SID/DID Traffic Prioritization.

• Chapter 19, “Managing Trunking Connections,” provides procedures for use of the Brocade ISL

Trunking licensed feature.

• Chapter 20, “Managing Long Distance Fabrics,” provides procedures for use of the Brocade

Extended Fabrics licensed feature.

• Chapter 21, “Using the FC-FC Routing Service,” provides information for setting up and using

the FC-FC Routing Service.

• The appendices provide special procedures or information for Fabric OS.

Supported hardware and software

In those instances in which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not.

Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for Fabric OS v6.4.0, documenting all possible configurations and scenarios is beyond the scope of this document.

The following hardware platforms are supported by this release of Fabric OS:

• Brocade 300 switch

• Brocade 4100 switch

• Brocade 4900 switch

• Brocade 5000 switch

• Brocade 5100 switch

• Brocade 5300 switch

• Brocade 5410 embedded switch

xxxiv Fabric OS Administrator’s Guide

53-1001763-02

Page 35

• Brocade 5424 embedded switch

• Brocade 5460 embedded switch

• Brocade 5470 embedded switch

• Brocade 5480 embedded switch

• Brocade 7500 extension switch

• Brocade 7500E extension switch

• Brocade 7600 application appliance

• Brocade 7800 extension switch

• Brocade 8000 application appliance

• Brocade 48000 director

• Brocade DCX Backbone data center backbone

• Brocade DCX-4S Backbone data center backbone

• Brocade VA-40FC

What’s new in this document

• Information that was added:

- Support for new hardware platforms

• Brocade VA-40FC switch

- Information on device login behavior

- 10-bit addressing mode enhancements

- WWN-based PID assignment enhancements

- NPIV enhancements

- Blade compatibility

- Loss Dynamic Load Sharing enhancements

- FCAP authentication enhancements

- Port indexing enhancements

- Bottleneck detection enhancements

• Information that was deleted:

- “Managing iSCSI Gateway Service,” which provides procedures for creating and

maintaining iSCSI gateway services was removed from this manual and can be found in the iSCSI Administrator’s Guide.

For further information about documentation updates for this release, refer to the release notes.

Document conventions

This section describes text formatting conventions and important notice formats used in this document.

Fabric OS Administrator’s Guide xxxv 53-1001763-02

Page 36

Text formatting

NOTE

ATTENTION

The narrative-text formatting conventions that are used are as follows:

bold text Identifies command names

Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI

italic text Provides emphasis

Identifies variables Identifies paths and Internet addresses Identifies document titles

code text Identifies CLI output

Identifies command syntax examples

For readability, command names in the narrative portions of this guide are presented in mixed lettercase: for example, switchShow. In actual examples, command lettercase is often all lowercase. Otherwise, this manual specifically notes those cases in which a command is case sensitive.

Command syntax conventions

Command syntax in this manual follows these conventions:

command Commands are printed in bold.

--option, option Command options are printed in bold.

-argument, arg Arguments.

[ ] Optional element.

variable Variables are printed in italics. In the help pages, values are underlined

enclosed in angled brackets < >.

... Repeat the previous element, for example “member[;member...]”

value Fixed values following arguments are printed in plain font. For example,

--show WWN

| Boolean. Elements are exclusive. Example:

--show -mode egress | ingress

Notes, cautions, and warnings

The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential hazards.

A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information.

An Attention statement indicates potential damage to hardware or data.

xxxvi Fabric OS Administrator’s Guide

53-1001763-02

Page 37

CAUTION

A Caution statement alerts you to situations that can be potentially hazardous to you or cause

DANGER

damage to hardware, firmware, software, or data.

A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.

Key terms

For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary.

For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at:

http://www.snia.org/education/dictionary

Notice to the reader

This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations.

These references are made for informational purposes only.

Corporation Referenced Trademarks and Products

Microsoft Corporation Windows, Windows NT, Internet Explorer

Mozilla Corporation Mozilla, Firefox

Netscape Communications Corporation Netscape

Red Hat, Inc. Red Hat, Red Hat Network, Maximum RPM, Linux Undercover

Sun Microsystems, Inc. Sun, Solaris

Additional information

This section lists additional Brocade and industry-specific documentation that you might find helpful.

Brocade resources

To get up-to-the-minute information, go to http://my.brocade.com and register at no cost for a user ID and password.

Fabric OS Administrator’s Guide xxxvii 53-1001763-02

Page 38

For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through:

http://www.amazon.com

For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource Library location:

http://www.brocade.com

Release notes are available on the My Brocade web site and are also bundled with the Fabric OS firmware.

Other industry resources

For additional resource information, visit the Technical Committee T11 Web site. This Web site provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications:

http://www.t11.org

For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web site:

http://www.fibrechannel.org

Getting technical help

Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available:

1. General Information

• Switch model

• Switch operating system version

• Error numbers and messages received

• supportSave command output

• Detailed description of the problem, including the switch or fabric behavior immediately

following the problem, and specific questions

• Description of any troubleshooting steps already performed and the results

• Serial console and Telnet session logs

• syslog message logs

2. Switch Serial Number

The switch serial number and corresponding bar code are provided on the serial number label, as illustrated below.:

*FT00X0054E9*

FT00X0054E9

The serial number label is located as follows:

xxxviii Fabric OS Administrator’s Guide

53-1001763-02

Page 39

• Brocade 5424 — On the bottom of the switch module.

• Brocade 4100, 4900, and 7500 — On the switch ID pull-out tab located inside the chassis

on the port side on the left.

• Brocade 5000 — On the switch ID pull-out tab located on the bottom of the port side of the

switch

• Brocade 300, 5100, and 5300 — On the switch ID pull-out tab located on the bottom of the

port side of the switch.

• Brocade 7600, 7800, and 8000 — On the bottom of the chassis.

• Brocade 48000 — Inside the chassis next to the power supply bays.

• Brocade DCX Backbone — On the bottom right on the port side of the chassis.

• Brocade DCX-4S Backbone — On the bottom right on the port side of the chassis.

3. World Wide Name (WWN)

Use the wwn command to display the switch WWN.

If you cannot use the wwn command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX enterprise class platform. For the Brocade DCX enterprise class platform, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis.

For the Brocade 5424 embedded switch: Provide the license ID. Use the licenseIdShow command to display the WWN.

Document feedback

Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to:

documentation@brocade.com

Provide the title and version number of the document and as much detail as possible about your comment, including the topic heading and page number and your suggestions for improvement.

Fabric OS Administrator’s Guide xxxix 53-1001763-02

Page 40

xl Fabric OS Administrator’s Guide

53-1001763-02

Page 41

Section

Standard Features

This section describes standard Fabric OS features, and includes the following chapters:

•Chapter 1, “Understanding Fibre Channel Services”

•Chapter 2, “Performing Basic Configuration Tasks”

•Chapter 3, “Performing Advanced Configuration Tasks”

•Chapter 4, “Routing Traffic”

•Chapter 5, “Managing User Accounts”

•Chapter 6, “Configuring Protocols”

•Chapter 7, “Configuring Security Policies”

•Chapter 8, “Maintaining the Switch Configuration File”

•Chapter 9, “Installing and Maintaining Firmware”

•Chapter 10, “Managing Virtual Fabrics”

•Chapter 11, “Administering Advanced Zoning”

•Chapter 12, “Traffic Isolation Zoning”

•Chapter 13, “Administering NPIV”

•Chapter 14, “Interoperability for Merged SANs”

•Chapter 15, “Managing Administrative Domains”

Fabric OS Administrator’s Guide 1 53-1001763-02

Page 42

2 Fabric OS Administrator’s Guide

53-1001763-02

Page 43

Chapter

Understanding Fibre Channel Services

In this chapter

•Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

•The Management Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

•Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

•Management server database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

•Topology discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

•Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

•High availability of daemon processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Fibre Channel services overview

Fibre Channel services define service functions such as the Name Server, Management Server, Security Key Distribution Server, and Time Server. Every Brocade switch has reserved three-byte addresses referred to as well-known addresses. These services provided by Brocade switches reside at these addresses and provide a service to either nodes or management applications in the fabric.

FIGURE 1 Well-known addresses

Fabric Login — The Fabric Login server assigns a fabric address. This allows a fabric node to communicate with services on the switch or other nodes in the fabric. The fabric address assigned to a nodes is a 24-bit address (0x000000) containing three - 3-byte long nodes. Reading from left to right, the first node (0x000000), represents the domain ID, the second node (0x000000) the port area number of the port where the node is attached, and the third node (0x000000) the arbitrated loop physical address (AL_PA), if applicable.

Directory Server — The Directory Server or Name Server is used to register fabric and public nodes and query to discover other devices in the fabric.

Fabric Controller — The Fabric Controller provides State Change Notifications (SCNs) to registered nodes when a change in the fabric topology occurs.

Time Server — The Time Server sends to the member switches in the fabric the time on either the principal switch or the primary Fabric Configuration Server (FCS) switch.

Fabric OS Administrator’s Guide 3 53-1001763-02

Page 44

The Management Server

NOTE

Management Server — The Management Server provides a single point for managing the fabric. The only service that is user-configurable is the Management Server.

Alias Server — The Alias Server keeps a group of nodes registered as one name to handle multicast groups.

Broadcast Server — The Broadcast Server is optional, and when frames are transmitted to this address they are broadcasted to all operational N_ and NL_Ports.

When registration and query frames are sent to a well-known address, a different protocol service, Fibre Channel Common Transport (FC-CT), is used. This protocol provides a simple, consistent format and behavior when a service provider is accessed for registration and query purposes.

The Management Server

The Brocade Fabric OS Management Server (MS) allows a SAN management application to retrieve information and administer interconnected switches, servers, and storage devices. The management server assists in the autodiscovery of switch-based fabrics and their associated topologies.

A client of the management server can find basic information about the switches in the fabric and use this information to construct topology relationships. The management server also allows you to obtain certain switch attributes and, in some cases, modify them. For example, logical names identifying switches can be registered with the management server.

The management server provides several advantages for managing a Fibre Channel fabric:

• It is accessed by an external Fibre Channel node at the well-known address FFFFFAh, so an

application can access information about the entire fabric management with minimal knowledge of the existing configuration.

• It is replicated on every Brocade switch within a fabric.

• It provides an unzoned view of the overall fabric configuration. This fabric topology view

exposes the internal configuration of a fabric for management purposes; it contains interconnect information about switches and devices connected to the fabric. Under normal circumstances, a device (typically an FCP initiator) queries the Name Server for storage devices within its member zones. Because this limited view is not always sufficient, the management server provides the application with a list of the entire Name Server database.

Platform services

By default, all management services except platform services are enabled; the MS platform service and topology discovery are disabled.

You can activate and deactivate the platform services throughout the fabric. Activating the platform services attempts to activate the MS platform service for each switch in the fabric. The change takes effect immediately and is committed to the configuration database of each affected switch. MS activation is persistent across power cycles and reboots.

The commands msplMgmtActivate and msplMgmtDeactivate are allowed only in AD0 and AD255.

4 Fabric OS Administrator’s Guide

53-1001763-02

Page 45

Management server database

Platform services in a Virtual Fabric

Each logical switch has a separate Platform Database. All platform registrations done to a logical switch are valid only in that particular logical switch’s Virtual Fabric.

Activating the platform services on a switch or enterprise-class platform will activate platform services on all logical switches in a Virtual Fabric. Similarly, deactivating the platform services will deactivate the platform service on all logical switches in a Virtual Fabric. The msPlatShow command displays all platforms registered in a Virtual Fabric.

Enabling platform services

When FCS policy is enabled, the msplMgmtActivate command can be issued only from the primary FCS switch.

The execution of the msplMgmtActivate command is subject to Admin Domain restrictions that may be in place.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msCapabilityShow command to verify that all switches in the fabric support the MS platform service; otherwise, the next step will fail.

3. Enter the msplMgmtActivate command.

switch:admin> msplmgmtactivate

Request to activate MS Platform Service in progress......

*Completed activating MS Platform Service in the fabric!

Disabling platform services

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msplMgmtDeactivate command.

3. Enter y to confirm the deactivation.

switch:admin> msplmgmtdeactivate MS Platform Service is currently enabled. This will erase MS Platform Service configuration information as well as database in the entire fabric. Would you like to continue this operation? (yes, y, no, n): [no] y

Request to deactivate MS Platform Service in progress......

*Completed deactivating MS Platform Service in the fabric!

Management server database

You can control access to the management server database.

An access control list (ACL) of WWN addresses determines which systems have access to the management server database. The ACL typically contains those WWNs of host systems that are running management applications.

If the list is empty (the default), the management server is accessible to all systems connected in-band to the fabric. For more access security, you can specify WWNs in the ACL so that access to the management server is restricted to only those WWNs listed.

Fabric OS Administrator’s Guide 5 53-1001763-02

Page 46

Management server database

NOTE

The management server is logical switch-capable. All management server features are supported within a logical switch.

Displaying the management server ACL

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msConfigure command.

3. At the “select” prompt, enter 1 to display the access list.

Example of an empty access list

The command becomes interactive.

A list of WWNs that have access to the management server is displayed.

switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 1 MS Access list is empty. 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 0 done ...

Adding a member to the ACL

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msConfigure command.

The command becomes interactive.

3. At the “select” prompt, enter 2 to add a member based on its port/node WWN.

4. At the “Port/Node WWN” prompt, enter the WWN of the host to be added to the ACL.

5. At the “select” prompt, enter 1 to display the access list so you can verify that the WWN you entered was added to the ACL.

6. After verifying that the WWN was added correctly, enter 0 at the prompt to end the session.

7. At the “Update the FLASH?” prompt, enter y.

8. Press Enter to update the nonvolatile memory and end the session.

Example of adding a member to the management server ACL

switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 2

6 Fabric OS Administrator’s Guide

53-1001763-02

Page 47

Management server database

Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 20:00:00:20:37:65:ce:aa *WWN is successfully added to the MS ACL. 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [2] 1 MS Access List consists of (14): { 20:00:00:20:37:65:ce:aa 20:00:00:20:37:65:ce:bb 20:00:00:20:37:65:ce:ff 20:00:00:20:37:65:ce:11 20:00:00:20:37:65:ce:22 20:00:00:20:37:65:ce:33 20:00:00:20:37:65:ce:44 10:00:00:60:69:04:11:24 10:00:00:60:69:04:11:23 21:00:00:e0:8b:04:70:3b 10:00:00:60:69:04:11:33 20:00:00:20:37:65:ce:55 20:00:00:20:37:65:ce:66 00:00:00:00:00:00:00:00 } 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 0 done ... Update the FLASH? (yes, y, no, n): [yes] y *Successfully saved the MS ACL to the flash.

Deleting a member from the ACL

1. Connect to the switch and log in as admin.

2. Enter the msConfigure command.

The command becomes interactive.

3. At the “select” prompt, enter 3 to delete a member based on its port/node WWN.

4. At the “Port/Node WWN” prompt, enter the WWN of the member to be deleted from the ACL.

5. At the “select” prompt, enter 1 to display the access list so you can verify that the WWN you entered was deleted from the ACL.

6. After verifying that the WWN was deleted correctly, enter 0 at the “select” prompt to end the session.

7. At the “Update the FLASH?” prompt, enter y.

8. Press Enter to update the nonvolatile memory and end the session.

Example of deleting a member from the management server ACL

switch:admin> msconfigure

0 Done 1 Display the access list 2 Add member based on its Port/Node WWN

Fabric OS Administrator’s Guide 7 53-1001763-02

Page 48

Management server database

NOTE

Viewing the contents of the management server database

1. Connect to the switch and log in using an account assigned to the admin role.

3 Delete member based on its Port/Node WWN select : (0..3) [1] 3

Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 10:00:00:00:c9:29:b3:84 *WWN is successfully deleted from the MS ACL. 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [3] 1

MS Access list is empty

0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 0

2. Enter the msPlatShow command.

Example of viewing the contents of the management server platform database

switch:admin> msplatshow

----------------------------------------------------------Platform Name: [9] "first obj" Platform Type: 5 : GATEWAY Number of Associated M.A.: 1 [35] "http://java.sun.com/products/plugin" Number of Associated Node Names: 1 Associated Node Names: 10:00:00:60:69:20:15:71

----------------------------------------------------------Platform Name: [10] "second obj" Platform Type: 7 : HOST_BUS_ADAPTER Number of Associated M.A.: 1 Associated Management Addresses: [30] "http://java.sun.com/products/1" Number of Associated Node Names: 1 Associated Node Names: 10:00:00:60:69:20:15:75

Clearing the management server database

The command msPlClearDB is allowed only in AD0 and AD255.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msplClearDb command.

3. Enter y to confirm the deletion.

The management server platform database is cleared.

8 Fabric OS Administrator’s Guide

53-1001763-02

Page 49

Topology discovery

NOTE

The topology discovery feature can be displayed, enabled, and disabled; it is disabled by default. The commands mstdEnable and mstdDisable are allowed only in AD0 and AD255.

Displaying topology discovery status

1. Connect to the switch and log in as admin.

2. Enter the mstdReadConfig command.

switch:admin> mstdreadconfig *MS Topology Discovery is Enabled.

Enabling topology discovery

1. Connect to the switch and log in as admin.

2. Enter the appropriate following command based on how you want to enable discovery:

• For the local switch, enter the mstdEnable command.

• For the entire fabric, enter the mstdEnable all command.

Example of enabling discovery

switch:admin> mstdenable

Topology discovery

Request to enable MS Topology Discovery Service in progress....

*MS Topology Discovery enabled locally.

switch:admin> mstdenable ALL

Request to enable MS Topology Discovery Service in progress....

*MS Topology Discovery enabled locally. *MS Topology Discovery Enable Operation Complete!!

Disabling topology discovery

1. Connect to the switch and log in as admin.

2. Enter the appropriate following command based on how you want to disable discovery:

• For the local switch, enter the mstdDisable command.

• For the entire fabric, enter the mstdDisable all command.

A warning displays that all NID entries might be cleared.

3. Enter y to disable the Topology Discovery feature.

Disabling discovery of management server topology might erase all node ID entries.

Example of disabling discovery

switch:admin> mstddisable This may erase all NID entries. Are you sure? (yes, y, no, n): [no] y

Request to disable MS Topology Discovery Service in progress....

Fabric OS Administrator’s Guide 9 53-1001763-02

Page 50

Device login

*MS Topology Discovery disabled locally.

switch:admin> mstddisable all This may erase all NID entries. Are you sure? (yes, y, no, n): [no] y

Request to disable MS Topology Discovery Service in progress....

*MS Topology Discovery disabled locally. *MS Topology Discovery Disable Operation Complete!!

A device can be a storage, host, or switch. When new devices are introduced into the fabric, they must be powered on and, if a host or storage device, connected to a switch. The switch must be connected to another switch. E_Ports exchange different frames than the ones listed below with the Fabric Controller to access the fabric. Once storage and host devices are powered on and connected, the following logins occur:

1. FLOGI—Fabric Login command establishes a 24-bit address for the device logging in, and establishes buffer-to-buffer credits and the class of service supported.

2. PLOGI—Port Login command logs the device into the Name Server to register its information as well as query for devices that share its zone. During the PLOGI process, information is exchanged between the new device and the fabric. A few of the following types of information exchanges occur:

• SCR—State Change Registration registers the device for State Change Notifications. If

there is a change in the fabric, such as a zoning change or a change in the state of a device to which this device has access, the device will receive a Registered State Change Notification (RSCN).

• Registration—A device exchanges registration information with the Name Server.

• Query—Devices query the Name Server for information about the device it can access.

Principal switch

In a fabric with multiple switches, and one inter-switch link (ISL) exists between any two switches, a principal switch is automatically elected. The principal switch provides the following capabilities:

• Maintains time for the entire fabric. Subordinate switches synchronize their time with the

principal switch. Changes to the clock server value on the principal switch are propagated to all switches in the fabric.

• Manages domain ID assignment within the fabric. If a switch requests a domain ID that has

been used before, the principal switch grants the same domain ID unless it is in use by another switch.

E_Port login

An E_Port does not use a FLOGI to log in to another switch. Instead, the new switch exchanges frames with the principal switch to establish that the new switch is an E_Port and that it has information to exchange. If everything is acceptable to the principal switch, it replies to the new switch with an SW_ACC (accept) frame. The initializing frame is an Exchange Link Parameters (ELP) frame that allows an exchange of parameters between two ports, such as flow control, buffer-to-buffer credits, RA_TOV, and ED_TOV. This is not a negotiation. If one or the other port’s link

10 Fabric OS Administrator’s Guide

53-1001763-02

Page 51

Device login

parameters do not match, a link will not occur. Once an SW_ACC frame is received from the principal switch, the new switch sends an Exchange Switch Capabilities (ESC) frame. The two switches exchange routing protocols and agree on a common routing protocol. An SW_ACC frame is received from the principal switch and the new switch sends an Exchange Fabric Parameters (EFP) frame to the principal switch, requesting principal switch priority and the domain ID list. Buffer-to-buffer credits for the device and switch ports are exchanged in the SW_ACC command sent to the device in response to the FLOGI.

Fabric login

A device performs a fabric login (FLOGI) to determine if a fabric is present. If a fabric is detected then it exchanges service parameters with the fabric controller. A successful FLOGI sends back the 24-bit address for the device in the fabric. The device must issue and successfully complete a FLOGI command before communicating with other devices in the fabric.

Because the device does not know its 24-bit address until after the FLOGI, the source ID (SID) in the frame header making the FLOGI request will be zeros (0x000000).

Port login process

The steps in the port initialization process represent a protocol used to discover the type of device connected and establish the port type and negotiate port speed.

The possible port types are as follows:

• U_Port — A universal FC port is the base Fibre Channel port type, and all unidentified or

uninitiated ports are listed as U_Ports.

• L_/FL_Port — A loop or fabric loop port connects loop devices. L_Ports are associated with

private loop devices and FL_Ports are associated with public loop devices.

• G_Port — A generic port acts as a transition port for non-loop fabric-capable devices.

• E_Port — An expansion port is assigned to ISL links to expand your fabric by connecting it to

other switches.

• F_Port — A fabric port is assigned to fabric-capable devices, such as SAN storage devices.

• EX_Port — A type of E_Port that connects a Fibre Channel router to an edge fabric. From the

point of view of a switch in an edge fabric, an EX_Port appears as a normal E_Port. It follows applicable Fibre Channel standards as other E_Ports. However, the router terminates EX_Ports rather than allowing different fabrics to merge as would happen on a switch with regular E_Ports.

• Mirror Port — A mirror port is a configured switch port that connects to a port to mirror a

specific source port and destination port traffic passing though any switch port. This is only supported between F_Ports.

• VE_Port — A virtual E_Port is a gigabit Ethernet switch port configured for an FCIP tunnel.

However, with a VEX_Port at the other end, it does not propagate fabric services or routing topology information from one edge fabric to another.

• VEX_Port — A virtual EX_Port connects a Fibre Channel router to an edge fabric. From the point

of view of a switch in an edge fabric, a VEX_Port appears as a normal VE_Port. It follows the same Fibre Channel protocol as other VE_Ports. However, the router terminates VEX_Ports rather than allowing different fabrics to merge as would happen on a switch with regular VE_Ports.

Fabric OS Administrator’s Guide 11 53-1001763-02

Page 52

High availability of daemon processes

NOTE

The Fibre Channel protocol (FCP) auto discovery process enables private storage devices that accept the process login (PRLI) to communicate in a fabric.

If device probing is enabled, the embedded performs a PLOGI and attempts a PRLI into the device to retrieve information to enter into the Name Server. This enables private devices that do not perform a FLOGI, but accept a PRLI, to be entered in the Name Server and receive full fabric access.

A fabric-capable device registers its information with the Name Server during a FLOGI. These devices typically register information with the Name Server before querying for a device list. The embedded port still performs a PLOGI and attempts a PRLI with these devices.

If a port decides to end the current session, it initiates a logout. A logout concludes the session and terminates any work in progress associated with that session.

To display the contents of a switch’s Name Server, use the nsShow or nsAllShow command. For more information about these Name Server commands, refer to the Fabric OS Command Reference.

RSCN causes

An Registered State Change Notification (RSCN) is a notification frame that is sent to devices that are zoned together and are registered to receive a State Change Notification (SCN). The RSCN is responsible for notifying all devices of fabric changes. The following general list of actions can cause an RSCN to be sent through your fabric:

• A new device has been added to the fabric.

• An existing device has been removed from the fabric.

• A zone has changed.

• A switch name has changed or an IP address has changed.

• Nodes leaving or joining the fabric, such as zoning or powering on or shutting down a device, or

zoning changes.

Fabric reconfigurations with no domain change will not cause an RSCN.

High availability of daemon processes

Starting non-critical daemons is automatic; you cannot configure the startup process. The following sequence of events occurs when a non-critical daemon fails:

1. A RASlog and AUDIT event message is logged.

2. The daemon is automatically started again.

3. If the restart is successful, then another message is sent to RASlog and AUDIT, reporting the successful restart status.

4. If the restart fails, another message is sent to RASlog and no further attempts are made to restart the daemon.

12 Fabric OS Administrator’s Guide

53-1001763-02

Page 53

High availability of daemon processes

Schedule downtime and reboot the switch at your convenience. Tab le 1 lists the daemons that are considered non-critical and are automatically restarted on failure.

TABLE 1 Daemons that are automatically restarted

Daemon Description

arrd Asynchronous Response Router, which is used to send management data to hosts when the switch

is accessed through the APIs (FA API or SMI-S).

cald Common Access Layer daemon, which is used by manageability applications.

raslogd Reliability, Availability, and Supportability daemon logs error detection, reporting, handling, and

presentation of data into a format readable by you and management tools.

rpcd Remote Procedure Call daemon, used by the API (Fabric Access API and SMI-S).

snmpd Simple Network Management Protocol daemon.

traced Trace daemon provides trace entry date/time translation to Trace Device at startup and when

date/time changed by command. Maintains the trace dump trigger parameters in a Trace Device. Performs the trace Background Dump, trace automatic FTP, and FTP “aliveness check” if auto-FTP is enabled.

trafd Traffic daemon implements Bottleneck detection.

webd Webserver daemon used for WebTools (includes httpd as well).

weblinkerd Weblinker daemon provides an HTTP interface to manageability applications for switch

management and fabric discovery.

Fabric OS Administrator’s Guide 13 53-1001763-02

Page 54

High availability of daemon processes

14 Fabric OS Administrator’s Guide

53-1001763-02

Page 55

Chapter

Performing Basic Configuration Tasks

In this chapter

•Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

•Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

•Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

•The Ethernet interface on your switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

•Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

•Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

•Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

•Chassis names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

•Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

•Switch and enterprise-class platform shutdown. . . . . . . . . . . . . . . . . . . . . . 31

•Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Fabric OS overview

This chapter describes how to configure your Brocade SAN using the Fabric OS command line interface (CLI). Before you can configure a storage area network (SAN), you must power up the enterprise-class platform or switch and blades, and then set the IP addresses of those devices. Although this chapter focuses on configuring a SAN using the CLI, you can also use the following methods to configure a SAN:

• Web Tools

For Web Tools procedures, see the Web Tools Administrator’s Guide.

• Data Center Fabric Manager (DCFM)

For DCFM procedures, see the Data Center Fabric Manager Professional User Manual or Data Center Fabric Manager Enterprise User Manual depending on the version you have.

• A third-party application using the API

For third-party application procedures, refer to the third-party API documentation.

Because of the differences between fixed-port and variable-port devices, procedures sometimes differ among Brocade models. As new Brocade models are introduced, new features sometimes apply only to those models.

When procedures or parts of procedures apply to some models but not others, this guide identifies the specifics for each model. For example, a number of procedures that apply only to variable-port devices are found in “Performing Advanced Configuration Tasks” on page 35.

Fabric OS Administrator’s Guide 15 53-1001763-02

Page 56

Fabric OS command line interface

NOTE

Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc., documenting all possible configurations and scenarios is beyond the scope of this document. In some cases, earlier releases are highlighted to present considerations for interoperating with them.

The hardware reference manuals for Brocade products describe how to power up devices and set their IP addresses. After the IP address is set, you can use the CLI procedures contained in this guide. For additional information about the commands used in the procedures, see online help or the Fabric OS Command Reference.

Fabric OS command line interface

Fabric OS uses Role-Based Access Control (RBAC) to control access to all Fabric OS operations. Each feature is associated with an RBAC role and you will need to know which role is allowed to run a command, make modifications to the switch, or view the output of the command. To determine which RBAC role you need to run a command, review the section “Role-Based Access Control

(RBAC)” on page 84.

When command examples in this guide show user input enclosed in quotation marks, the quotation marks are required.

Console sessions using the serial port

Note the following behaviors for serial connections:

• Some procedures require that you connect through the serial port; for example, setting the IP

address or setting the boot PROM password.

• Brocade 48000 director and Brocade DCX and DCX-4S enterprise-class platforms: You can

connect to CP0 or CP1 using either of the two serial ports.

Connecting to Fabric OS through the serial port

1. Connect the serial cable to the serial port on the switch and to an RS-232 serial port on the workstation.

If the serial port on the workstation is RJ-45 instead of RS-232, remove the adapter on the end of the serial cable and insert the exposed RJ-45 connector into the RJ-45 serial port on the workstation.

2. Open a terminal emulator application (such as HyperTerminal on a PC, TERM, TIP, or Kermit in a UNIX environment), and configure the application as follows:

• In a Windows environment enter the following parameters:

Parameter Value

Bits per second 9600

Databits 8

Parity None

Stop bits 1

Flow control None

16 Fabric OS Administrator’s Guide

53-1001763-02

Page 57

Fabric OS command line interface

NOTE

• In a UNIX environment, enter the following string at the prompt:

tip /dev/ttyb -9600

If ttyb is already in use, use ttya instead and enter the following string at the prompt:

tip /dev/ttya -9600

Telnet or SSH sessions

Connect to the Fabric OS through a Telnet or SSH connection or through a console session on the serial port. The switch must also be physically connected to the network. If the switch network interface is not configured or the switch has been disconnected from the network, use a console session on the serial port as described in “Console sessions using the serial port” on page 16.

To automatically configure the network interface on a DHCP-enabled switch, plug the switch into the network and power it on. The DHCP client automatically gets the IP and gateway addresses from the DHCP server. The DHCP server must be on the same subnet as the switch. See “DHCP activation” on page 23 for more details.

Rules for Telnet connections

The following rules should be observed when making Telnet connections to your switch:

• Never change the IP address of the switch while two Telnet sessions are active; if you do, your

next attempt to log in fails. To recover, gain access to the switch by one of these methods:

- You can use Web Tools to perform a fast boot. When the switch comes up, the Telnet quota

is cleared. (For instructions on performing a fast boot with Web Tools, see the Web Tools Administrator’s Guide.)

- If you have the required privileges, you can connect through the serial port, log in as

admin, and use the killTelnet command to identify and kill the Telnet processes without disrupting the fabric.

• For accounts with an admin role, Fabric OS limits the number of simultaneous Telnet sessions

per switch to two. For more details on session limits, refer to “Managing User Accounts” on page 83.

Connecting to Fabric OS using Telnet

1. Connect through a serial port to the switch that is appropriate for your fabric:

• If Virtual Fabrics is enabled, then log in using an admin account assigned the chassis-role

permission.

• If Virtual Fabrics is not enabled, then log in using an account assigned to the admin role.

2. Verify the switch’s network interface is configured and that it is connected to the IP network through the RJ-45 Ethernet port.

Switches in the fabric that are not connected through the Ethernet port can be managed through switches that are using IP over Fibre Channel. The embedded port must have an assigned IP address.

3. Log off the switch’s serial port.

Fabric OS Administrator’s Guide 17 53-1001763-02

Page 58

Password modification

4. From a management station, open a Telnet connection using the IP address of the switch to which you want to connect.

The login prompt is displayed when the Telnet connection finds the switch in the network.

5. Enter the account ID at the login prompt.

See “Password modification” on page 18 for instructions on how to log in for the first time.

6. Enter the password.

If you have not changed the system passwords from the default, you are prompted to change them. Enter the new system passwords, or press Ctrl+C to skip the password prompts. For more information on system passwords, refer to “Default account passwords” on page 19.

7. Verify the login was successful.

The prompt displays the switch name and user ID to which you are connected.

Getting help on a command

You can display a list of all command help topics for a given login level. For example, if you are logged in as user and enter the help command, a list of all user-level commands that can be executed is displayed. The same rule applies to the admin, securityAdmin, and the switchAdmin roles.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the help [|more] command with no specific command and all commands will be displayed.

The|more argument displays the commands one page at a time.

Or you can enter help <command> |more, where command is the name of the command for which you need specific information.

The following commands provide help files for the indicated specific topics:

diagHelp Diagnostic help information ficonHelp FICON help information fwHelp Fabric Watch help information iscsiHelp iSCSI help information licenseHelp License help information perfHelp Performance Monitoring help information routeHelp Routing help information trackChangesHelp Track Changes help information zoneHelp Zoning help information

Password modification

The switch automatically prompts you to change the default account passwords after logging in for the first time. If you do not change the passwords, the switch prompts you after each subsequent login until all the default passwords have been changed.

18 Fabric OS Administrator’s Guide

53-1001763-02

Page 59

Password modification

NOTE

The default account passwords can be changed from their original value only when prompted immediately following the login; the passwords cannot be changed using the passwd command later in the session. If you skip the prompt, and then later decide to change the passwords, log out and then back in.

The default accounts on the switch are admin, user, root, and factory. Use the default administrative account as shown in Table 2 to log in to the switch for the first time and to perform the basic configuration tasks.

There is only one set of default accounts for the entire chassis. The root and factory default accounts are reserved for development and manufacturing. The user account is primarily used for system monitoring. For more information on default accounts, see “Default accounts” on page 88.

Tab le 2 describes the default administrative accounts for switches by model number.

TABLE 2 Default administrative account names and passwords

Model Administrative account Password

Brocade 300, 4100, 4900, 5000, 5410, 5424, 5450, 5460, 5470, 5480, 5100, 5300, 5424, 7500, 7500E, 7600, 7800, 8000, and VA50-FC switches

Brocade 48000 director and Brocade DCX and DCX-4S enterprise-class platforms

admin password

Default account passwords

The change default account passwords prompt is a string that starts with Please change your

passwords now.

alphabetic character and can include numeric characters, the period (.), and the underscore ( _ ). They are case-sensitive, and they are not displayed when you enter them on the command line.

Record the passwords exactly as entered and store them in a secure place because recovering passwords requires significant effort and fabric downtime. Although the root and factory accounts are not meant for general use, change their passwords if prompted to do so and save the passwords in case they are needed for recovery purposes.

Changing the default account passwords at login

1. Connect to the switch and log in using the default administrative account.

2. At each of the “Enter new password” prompts, either enter a new password or skip the prompt.

To skip a single prompt press Enter. To skip all of the remaining prompts press Ctrl-C.

Example output of changing passwords

login: admin Password: Please change your passwords now. Use Control-C to exit or press 'Enter' key to proceed. for user - root Changing password for root Enter new password: <hidden> Password changed. Saving password to stable storage. Password saved to stable storage successfully. (output truncated)

User-defined passwords can have 8 to 40 characters. They must begin with an

Fabric OS Administrator’s Guide 19 53-1001763-02

Page 60

The Ethernet interface on your switch

NOTE

The Ethernet interface on your switch

The Ethernet (network) interface provides management access, including direct access to the Fabric OS CLI, and allows other tools, such as Web Tools, to interact with the switch. You can use either Dynamic Host Configuration Protocol (DHCP) or static IP addresses for the Ethernet network interface configuration. On Brocade enterprise-class platforms you must set IP addresses for the following components:

• Both CPs (CP0 and CP1)

• Chassis management IP

On the Brocade switches, you must set the Ethernet and chassis management IP interfaces.

Setting the chassis management IP eliminates the need to know which CP is active and connects to the currently active CP.

You can continue to use a static Ethernet addressing system or allow the DHCP client to automatically acquire Ethernet addresses. Configure the Ethernet interface IP address, subnet mask, and gateway addresses in one of the following manners:

• “Static Ethernet addresses” on page 22

• “DHCP activation” on page 23

When you change the Ethernet interface settings, open connections such as SSH or Telnet may be dropped. Reconnect using the new Ethernet IP address information or change the Ethernet settings using a console session through the serial port to maintain your session through the change. You must connect through the serial port to set the Ethernet IP address if the Ethernet network interface is not configured already. Refer “Connecting to Fabric OS through the serial port” on page 16 for details.

Virtual Fabrics and the Ethernet interface

On the Brocade 48000, DCX, and DCX-4S, the single-chassis IP address and subnet mask are assigned to the management Ethernet ports on the front panels of the CPs. These addresses allow access to the chassis, more specifically the active CP of the chassis, and not individual logical switches. The IP addresses can also be assigned to each CP individually. This allows for direct communication with a CP including the standby CP. On the Brocade DCX and DCX-4S Backbones, each CP has two management Ethernet ports on its front panel. These two physical ports are bonded together to create a single, logical Ethernet port, and it is the logical Ethernet port to which IP addresses are assigned.

IPv4 addresses assigned to individual Virtual Fabrics are assigned to IP-over-FC network interfaces. In Virtual Fabrics environment, a single chassis can be assigned to multiple fabrics, each of which is logically distinct and separate from one another. Each IP-over-FC (IPFC) point of connection to a given chassis needs a separate IPv4 address and prefix to be accessible to a management host. For more information on how to set up these IPFC addresses to your Virtual Fabric, refer to Chapter

10, “Managing Virtual Fabrics”.

20 Fabric OS Administrator’s Guide

53-1001763-02

Page 61

The Ethernet interface on your switch

NOTE

Displaying the network interface settings

If an IP address has not been assigned to the network interface (Ethernet), you must connect to the Fabric OS CLI using a console session on the serial port. For more information, see “Console

sessions using the serial port” on page 16. Otherwise, connect using SSH.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the ipAddrShow command.

Example output of an enterprise-class platform.

ecp:admin> ipaddrshow SWITCH Ethernet IP Address: 10.1.2.3 Ethernet Subnetmask: 255.255.240.0

CP0 Ethernet IP Address: 10.1.2.3 Ethernet Subnetmask: 255.255.240.0 Host Name: ecp0 Gateway IP Address: 10.1.2.1

CP1 Ethernet IP Address: 10.1.2.4 Ethernet Subnetmask: 255.255.240.0 Host Name: ecp1 Gateway IP Address: 10.1.2.3

IPFC address for virtual fabric ID 123: 11.1.2.3/24 IPFC address for virtual fabric ID 45: 13.1.2.4/20

Slot 7 eth0: 11.1.2.4/24 Gateway: 11.1.2.1

Backplane IP address of CP0 : 10.0.0.5 Backplane IP address of CP1 : 10.0.0.6

IPv6 Autoconfiguration Enabled: Yes Local IPv6 Addresses: sw 0 stateless fd00:60:69bc:70:260:69ff:fe00:2/64 preferred sw 0 stateless fec0:60:69bc:70:260:69ff:fe00:2/64 preferred cp 0 stateless fd00:60:69bc:70:260:69ff:fe00:197/64 preferred cp 0 stateless fec0:60:69bc:70:260:69ff:fe00:197/64 preferred cp 1 stateless fd00:60:69bc:70:260:69ff:fe00:196/64 preferred cp 1 stateless fec0:60:69bc:70:260:69ff:fe00:196/64 preferred IPv6 Gateways: cp 0 fe80:60:69bc:70::3 cp 0 fe80:60:69bc:70::2 cp 0 fe80:60:69bc:70::1 cp 1 fe80:60:69bc:70::3

If the Ethernet IP address, subnet mask, and gateway address are displayed, then the network interface is configured. Verify the information on your switch is correct. If DHCP is enabled, the network interface information was acquired from the DHCP server.

You can use either IPv4 or IPv6 with a classless inter-domain routing (CIDR) block notation (also known as a network prefix length) to set up your IP addresses.

Fabric OS Administrator’s Guide 21 53-1001763-02

Page 62

The Ethernet interface on your switch

Static Ethernet addresses

Use static Ethernet network interface addresses on Brocade 48000 directors and Brocade DCX and DCX-4S enterprise-class platforms, and in environments where DHCP service is not available. To use static addresses for the Ethernet interface, you must first disable DHCP. You can enter static Ethernet information and disable DHCP at the same time. Refer to “DHCP activation” on page 23 for more information.

If you choose not to use DHCP or to specify an IP address for your switch Ethernet interface, you can do so by entering none or 0.0.0.0 in the Ethernet IP address field.

On an application blade, configure the two external Ethernet interfaces to two different subnets. If two subnets are not present, configure one of the interfaces and leave the other unconfigured. Otherwise, the following message will display and blade status may go into a faulty state after a reboot.

Neighbor table overflow. print: 54 messages suppressed

Setting the static addresses for the Ethernet network interface

1. Connect to the switch and log in using an account assigned to the admin role.

2. Perform the appropriate action based on whether you have a switch or enterprise-class platform:

• If you are setting the IP address for a switch, enter the ipAddrSet command.

• If you are setting the IP address for an enterprise-class platform, enter the ipAddrSet

command specifying either CP0 or CP1. You must set the IP address for both CP0 and CP1.

Example of setting the IPv4 address

switch:admin> ipaddrset Ethernet IP Address [10.1.2.3]: Ethernet Subnetmask [255.255.255.0]: Fibre Channel IP Address [220.220.220.2]: Fibre Channel Subnetmask [255.255.0.0]: Gateway IP Address [10.1.2.1]:

DHCP [OFF]: off

Example of setting an IPv6 address on a switch

switch:admin> ipaddrset -ipv6 --add 1080::8:800:200C:417A/64 IP address is being changed...Done.

For more information on setting up an IP address for a Virtual Fabric, refer to Chapter 10,

“Managing Virtual Fabrics”.

3. Enter the network information in dotted-decimal notation for the Ethernet IPv4 address and in semicolon-separated notation for IPv6.

4. Enter the Ethernet Subnetmask at the prompt.

5. Skip Fibre Channel prompts by pressing Enter.

The Fibre Channel IP address is used for management.

6. Enter the Gateway Address at the prompt.

7. Disable DHCP by entering off.

22 Fabric OS Administrator’s Guide

53-1001763-02

Page 63

The Ethernet interface on your switch

NOTE

Setting the static addresses for the chassis IP management interface

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the ipAddrSet -chassis command.

Example of setting the chassis IPv4 address

switch:admin> ipaddrset -chassis Ethernet IP Address [192.168.166.148]: Ethernet Subnetmask [255.255.255.0]: Committing configuration...Done.

3. Enter the network information in dotted-decimal notation for the Ethernet IPv4 address and in semicolon-separated notation for IPv6.

4. Enter the Ethernet Subnetmask at the prompt.

DHCP activation

By default, some Brocade switches have DHCP enabled. The Brocade 48000 director and Brocade DCX and Brocade DCX-4S enterprise-class platforms do not support DHCP.

The Fabric OS DHCP client supports the following parameters:

• External Ethernet port IP addresses and subnet masks

• Default gateway IP address

The DHCP client uses a DHCP vendor class identifier that allows DHCP servers to determine that the Discovers and Requests are coming from a Brocade switch. The vendor class identifier is the string “BROCADE” followed by the SWBD model number of the platform. For example, the vendor class identifier for a request from a Brocade 5300 is “BROCADESWBD64.”

The client conforms to the latest IETF Draft Standard RFCs for IPv4, IPv6, and DHCP.

Enabling DHCP

Connect the DHCP-enabled switch to the network, power on the switch, and the switch automatically obtains the Ethernet IP address, Ethernet subnet mask, and default gateway address from the DHCP server. The DHCP client can only connect to a DHCP server on the same subnet as the switch. Do not enable DHCP if the DHCP server is not on the same subnet as the switch.

Enabling DHCP after the Ethernet information has been configured releases the current Ethernet network interface settings, including Ethernet IP Address, Ethernet Subnetmask, and Gateway IP Address. The Fibre Channel (FC) IP address and subnet mask are static and are not affected by DHCP; see “Static Ethernet addresses” on page 22 for instructions on setting the FC IP address.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the ipAddrSet command.

3. If already set up, skip the Ethernet IP address, Ethernet subnet mask, Fibre Channel IP address and subnet mask prompts by pressing Enter.

4. When you are prompted for DHCP[Off], enable it by entering on.

Fabric OS Administrator’s Guide 23 53-1001763-02

Page 64

The Ethernet interface on your switch

NOTE

Example of enabling DCHP

Disabling DHCP

When you disable DHCP, enter the static Ethernet IP address and subnet mask of the switch and default gateway address. Otherwise, the Ethernet settings may conflict with other addresses assigned by the DHCP server on the network.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the ipAddrSet command.

3. Enter the network information in dotted-decimal notation for the Ethernet IPv4 address and in semicolon-separated notation for IPv6.

If a static Ethernet address is not available when you disable DHCP, enter 0.0.0.0 at the Ethernet IP address prompt.

4. Skip Fibre Channel prompts by pressing Enter.

5. When you are prompted for DHCP[On], disable it by entering off.

Example of disabling DHCP

IPv6 autoconfiguration

IPv6 can assign multiple IP addresses to each network interface. Each interface is configured with a link local address in almost all cases, but this address is only accessible from other hosts on the same network. To provide for wider accessibility, interfaces are typically configured with at least one additional global scope IPv6 address. IPv6 autoconfiguration allows more IPv6 addresses, the number of which is dependent on the number of routers serving the local network and the number of prefixes they advertise.

An upgrade from Fabric OS v6.1.0 or earlier, which does not support IPv6 autoconfiguration, to a platform that d oes suppor t IPv6 au toconfig uration, such as Fabric OS v6. 2.0 or later, will cause IPv6 autoconfiguration to be enabled on the upgraded platform. In upgrades or downgrades between versions of Fabric OS that support autoconfiguration, the enabled state of IPv6 autoconfiguration will not be changed.

24 Fabric OS Administrator’s Guide

53-1001763-02

Page 65

Date and time settings

There are two methods of autoconfiguration for IPv6 addresses, stateless and stateful. Stateless allows an IPv6 host to obtain a unique address using the IEEE 802 MAC address; stateful uses a DHCPv6 server which keeps a record of the IP address and other configuration information for the host. Whether a host engages in autoconfiguration and which method it uses is dictated by the routers serving the local network, not by a configuration of the host. There can be multiple routers serving the network, each potentially advertising multiple network prefixes. Thus the host is not in full control of the number of IPv6 addresses that it configures, much less the values of those addresses, and the number and values of addresses can change as routers are added to or removed from the network.

When IPv6 autoconfiguration is enabled, the platform will engage in stateless IPv6 autoconfiguration. When IPv6 autoconfiguration is disabled, the platform will relinquish usage of any autoconfigured IPv6 addresses that it may have acquired while it was enabled. This same enable and disable state also enables or disables the usage of a link local address for each managed entity, though a link local address will continue to be generated for each nonchassis-based platform and for each CP of a chassis-based platform because those link local addresses are required for router discovery. The enabled or disabled state of autoconfiguration is independent of whether any static IPv6 addresses have been configured.

Setting IPv6 autoconfiguration

1. Connect to the switch and log in using an account assigned to the admin role.

2. Take the appropriate following action based on whether you want to enable or disable IPv6 autoconfiguration:

• Enter the ipAddrSet -ipv6 -auto command to enable IPv6 autoconfiguration for all

managed entities on the target platform.

• Enter the ipAddrSet -ipv6 -noauto command to disable IPv6 autoconfiguration for all

managed entities on the target platform.

Date and time settings

Switches maintain the current date and time inside a battery-backed real-time clock (RTC) circuit that receives the date and time from the fabric’s principal switch. Date and time are used for logging events. Switch operation does not depend on the date and time; a switch with an incorrect date and time value still functions properly. However, because the date and time are used for logging, error detection, and troubleshooting, you should set them correctly.

In a Virtual Fabric, there can be a maximum of eight logical switches per director or enterprise-class platform. Only the default switch in the chassis will update the hardware clock. When the date command is issued from a non-principal pre-Fabric OS v6.2.0 switch, the date command request is dropped by a Fabric OS v6.2.0 and later switch and the pre-Fabric OS v6.2.0 switch will not receive an error.

Authorization access to set or change the date and time for a switch is role-based. For an understanding of role-based access, refer to “Role-Based Access Control (RBAC)” on page 84.

Setting the date and time

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the date command, using the following syntax:

Fabric OS Administrator’s Guide 25 53-1001763-02

Page 66

Date and time settings

date "mmddHHMMyy"

The values represent the following:

• mm is the month; valid values are 01 through 12.

• dd is the date; valid values are 01 through 31.

• HH is the hour; valid values are 00 through 23.

• MM is minutes; valid values are 00 through 59.

• yy is the year, valid values are 00-37 and 70-99 (year values from 70-99 are interpreted as

1970-1999, year values from 00-37 are interpreted as 2000-2037).

Example of showing and setting the date

switch:admin> date Fri Sep 29 17:01:48 UTC 2007 Stealth200E:admin> date "0204101008" Mon Feb 4 10:10:00 UTC 2008

Time zone settings

You can set the time zone for a switch by name. You can specify the setting using country and city or time zone parameters. Switch operation does not depend on a date and time setting. However, having an accurate time setting is needed for accurate logging and audit tracking.

If the time zone is not set with new options, the switch retains the offset time zone settings. The tsTimeZone command includes an option to revert to the prior time zone format. For more information about the tsTimeZone command, refer to the Fabric OS Command Reference.

When you set the time zone for a switch, you can perform the following tasks:

• Display all of the time zones supported in the firmware.

• Set the time zone based on a country and city combination or based on a time zone ID,l

such as PST.

The time zone setting has the following characteristics:

• Users can view the time zone settings. However, only those with administrative

permissions can set the time zones.

• The setting automatically adjusts for Daylight Savings Time.

• Changing the time zone on a switch updates the local time zone setup and is reflected in

local time calculations.

• By default, all switches are in the GMT time zone (0,0). If all switches in a fabric are in one

time zone, it is possible for you to keep the time zone setup at the default setting.

• System services that have already started will reflect the time zone changes only after the

next reboot.

• Time zone settings persist across failover for high availability.

Setting the time zone on a dual domain director has the following characteristics:

• Updating the time zone on any switch updates the entire director.

• The time zone of the entire director is the time zone of switch 0.

26 Fabric OS Administrator’s Guide

53-1001763-02

Page 67

Date and time settings

Setting the time zone

The following procedure describes how to set the time zone for a switch. You must perform the procedure on all switches for which the time zone must be set. However, you only need to set the time zone once on each switch because the value is written to nonvolatile memory.

1. Connect to the switch and log in using an account assigned to the admin role and with the chassis-role permission.

2. Enter the tsTimeZone command.

• Use tsTimeZone with no parameters to display the current time zone setting.

• Use --interactive to list all of the time zones supported by the firmware.

• Use timeZone_fmt to set the time zone by Country/City or by time zone ID, such as PST.

Example of displaying and changing the time zone to US/Central

switch:admin> tstimezone Time Zone : US/Pacific switch:admin> tstimezone US/Central switch:admin> tstimezone Time Zone : US/Central

Setting the time zone interactively

The following procedure describes how to set the current time zone to Pacific Standard Time using interactive mode.

1. Connect to the switch and log in using an account assigned to the admin role and with the chassis-role permission.

2. Enter the tsTimeZone

You are prompted to select a general location.

Please identify a location so that time zone rules can be set correctly.

3. Enter the appropriate number or press Ctrl-D to quit.

4. At the prompt, select a country location.

5. At the prompt, enter the appropriate number to specify the time zone region or Ctrl-D to quit.

--interactive command.

Network time protocol

You can synchronize the local time of the principal or primary fabric configuration server (FCS) switch to a maximum of eight external network time protocol (NTP) servers. To keep the time in your SAN current, it is recommended that the principal or primary-FCS switch has its time synchronized with at least one external NTP server. The other switches in the fabric will automatically take their time from the principal or primary-FCS switch, as described in “Synchronizing the local time with an

external source”.

All switches in the fabric maintain the current clock server value in nonvolatile memory. By default, this value is the local clock server <LOCL> of the principal or primary FCS switch. Changes to the clock server value on the principal or primary FCS switch are propagated to all switches in the fabric.

Fabric OS Administrator’s Guide 27 53-1001763-02

Page 68

NOTE

Domain IDs

In a Virtual Fabric, all the switches in the fabric must have the same NTP clock server configured. This includes any pre-Fabric OS v6.2.0 switches in the fabric. This ensures that time does not go out of sync in the logical fabric. It is not recommended to have LOCL in the server list.

When a new switch enters the fabric, the time server daemon of the principal or primary FCS switch sends out the addresses of all existing clock servers and the time to the new switch. When a switch with Fabric OS v6.1.0 or later enters the fabric, it stores the list and the active servers.

In a Virtual Fabric, multiple logical switches can share a single chassis. Therefore, the NTP server list must be the same across all fabrics.

Synchronizing the local time with an external source

The tsClockServer command accepts multiple server addresses in IPv4, IPv6, or DNS name formats. When multiple NTP server addresses are passed, tsClockServer sets the first obtainable address as the active NTP server. The rest are stored as backup servers that can take over if the active NTP server fails. The principal or primary FCS switch synchronizes its time with the NTP server every 64 seconds.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the tsClockServer command:

switch:admin> tsclockserver "<ntp1;ntp2>"

In this syntax, ntp1 is the IP address or DNS name of the first NTP server, which the switch must be able to access. The second variable, ntp2, is the second NTP server and is optional. The operand “<ntp1;ntp2>” is optional; by default, this value is LOCL, which uses the local clock of the principal or primary switch as the clock server.

Example of setting the NTP server

switch:admin> tsclockserver LOCL switch:admin> tsclockserver "10.1.2.3"

Example of displaying the NTP server

switch:admin> tsclockserver

10.1.2.3

Example of setting up more than one NTP server using a DNS name

switch:admin> tsclockserver "10.1.2.4;10.1.2.5;ntp.localdomain.net" Updating Clock Server configuration...done. Updated with the NTP servers

Changes to the clock server value on the principal or primary FCS switch are propagated to all switches in the fabric.

Domain IDs

Although domain IDs are assigned dynamically when a switch is enabled, you can change them manually so that you can control the ID number or resolve a domain ID conflict when you merge fabrics.

28 Fabric OS Administrator’s Guide

53-1001763-02

Page 69

Domain IDs

ATTENTION

If a switch has a domain ID when it is enabled, and that domain ID conflicts with another switch in the fabric, the conflict is automatically resolved if the other switch’s domain ID is not persistently set. The process can take several seconds, during which time traffic is delayed. If both switches have their domain IDs persistently set, one of them will need to have its domain ID changed to a domain ID not used within the fabric.

The default domain ID for Brocade switches is 1.

Do not use domain ID 0. The use of this domain ID can cause the switch to reboot continuously. Avoid changing the domain ID on the FCS in secure mode. To minimize down time, change the domain IDs on the other switches in the fabric.

Displaying the domain IDs

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the fabricShow command.

Example output of fabric information, including the domain ID (D_ID)

The principal switch is determined by the arrow ( > ) next to the name of the switch. In this output, the principal switch appears in blue and boldface.

switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr Name

------------------------------------------------------------------------ 2: fffc02 10:00:00:60:69:e0:01:46 10.3.220.1 0.0.0.0 "ras001" 3: fffc03 10:00:00:60:69:e0:01:47 10.3.220.2 0.0.0.0 "ras002" 5: fffc05 10:00:00:05:1e:34:01:bd 10.3.220.5 0.0.0.0 "ras005" fec0:60:69bc:63:205:1eff:fe34:1bd 6: fffc06 10:00:00:05:1e:34:02:3e 10.3.220.6 0.0.0.0 "ras006" 7: fffc07 10:00:00:05:1e:34:02:0c 10.3.220.7 0.0.0.0 "ras007" 10: fffc0a 10:00:00:05:1e:39:e4:5a 10.3.220.10 0.0.0.0 "ras010" 15: fffc0f 10:00:00:60:69:80:47:74 10.3.220.15 0.0.0.0 "ras015" 19: fffc13 10:00:00:05:1e:34:00:ad 10.3.220.19 0.0.0.0 "ras019" fec0:60:69bc:63:219:1eff:fe34:1bd 20: fffc14 10:00:00:05:1e:40:68:78 10.3.220.20 0.0.0.0 "ras020" 25: fffc19 10:00:00:05:1e:37:23:c6 10.3.220.25 0.0.0.0 "ras025" 30: fffc1e 10:00:00:60:69:90:04:1e 10.3.220.30 0.0.0.0 "ras030" 35: fffc23 10:00:00:05:1e:07:c7:26 10.3.220.35 0.0.0.0 "ras035" 40: fffc28 10:00:00:60:69:50:06:7f 10.3.220.40 0.0.0.0 "ras040" 45: fffc2d 10:00:00:05:1e:35:10:72 10.3.220.45 0.0.0.0 "ras045" 46: fffc2e 10:00:00:05:1e:34:c5:17 10.3.220.46 0.0.0.0 "ras046" 47: fffc2f 10:00:00:05:1e:02:aa:f7 10.3.220.47 0.0.0.0 >"ras047" 50: fffc32 10:00:00:60:69:c0:06:64 10.1.220.50 0.0.0.0 "ras050" (output truncated)

The Fabric has 26 switches

The fields in the fabricShow display are:

Switch ID The switch’s domain_ID and embedded port D_ID. The numbers are broken down as

follows: Example 64: fffc40

64 is the switch domain_ID fffc40 is the hexidecimal format of the embedded port D_ID.

Worldwide Name The switch’s WWN.

Fabric OS Administrator’s Guide 29 53-1001763-02

Page 70

NOTE

Switch names

Enet IP Addr The switch’s Ethernet IP address for IPv4- and IPv6-configured switches. For IPv6

switches, only the static IP address displays. FC IP Addr The switch’s Fibre Channel IP address. Name The switch’s symbolic or user-created name in quotes. An arrow (>) indicates the

principal switch.

Setting the domain ID

1. Connect to the switch and log in on an account assigned to the admin role.

2. Enter the switchDisable command to disable the switch.

3. Enter the configure command.

4. Enter y after the Fabric Parameters prompt:

Fabric parameters (yes, y, no, n): [no] y

5. Enter a unique domain ID at the Domain prompt. Use a domain ID value from 1 through 239 for normal operating mode (FCSW-compatible).

Domain: (1..239) [1] 3

6. Respond to the remaining prompts, or press Ctrl-D to accept the other settings and exit.

7. E nt er th e switchEnable command to re-enable the switch.

Switch names

Switches can be identified by IP address, domain ID, World Wide Name (WWN), or by customized switch names that are unique and meaningful.

Switch names can be from 1 to 30 characters long. All switch names must begin with a letter, and can contain letters, numbers, or the underscore character. It is not necessary to use quotation marks.

Changing the switch name causes a domain address format RSCN to be issued and may be disruptive to the fabric.

Customizing the switch name

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchName command and enter a new name for the switch.

switch:admin> switchname newname

3. Record the new switch name for future reference.

30 Fabric OS Administrator’s Guide

53-1001763-02

Page 71

Chassis names

Brocade recommends that you customize the chassis name for each platform. Some system logs identify devices by platform names; if you assign meaningful platform names, logs are more useful. All chassis names have a limit of 15 characters, except for the Brocade 300, 5100, 5300, and VA-40FC switches, and the 5410, 5424, 5450, and 5480 embedded switches, which allow 31 characters. Chassis names must begin with a letter, and can contain letters, numbers, or the underscore character.

Customizing chassis names

1. Connect to the switch and log in as admin.

2. Enter the chassisName command.

3. Record the new chassis name for future reference.

ecp:admin> chassisname newname

Chassis names

Switch activation and deactivation

By default, the switch is enabled after power is applied and diagnostics and switch initialization routines have finished. You can disable and re-enable it as necessary.

Disabling a switch

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchDisable command.

All Fibre Channel ports on the switch are taken offline. If the switch was part of a fabric, the fabric is reconfigured.

Enabling a switch

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchEnable command.

All Fibre Channel ports that passed POST are enabled. If the switch has interswitch links (ISLs) to a fabric, it joins the fabric.

Switch and enterprise-class platform shutdown

To avoid corrupting your file system, Brocade recommends that you perform graceful shutdowns of Brocade switches and enterprise-class platforms.

Warm reboot refers to shutting down the appliance per the instructions below, also known as a graceful shutdown. Cold boot refers to shutting down the appliance by suddenly shutting down power and then turning it back on, also known as a hard boot.

Fabric OS Administrator’s Guide 31 53-1001763-02

Page 72

Switch and enterprise-class platform shutdown

NOTE

Powering off a Brocade switch

The following procedure describes how to gracefully shut down a switch.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the sysShutdown command.

3. At the prompt, enter y.

switch:admin> sysshutdown This command will shutdown the operating systems on your switch. You are required to power-cycle the switch in order to restore operation. Are you sure you want to shutdown the switch [y/n]?y

4. Wait until the following message displays:

Broadcast message from root (ttyS0) Wed Jan 25 16:12:09 2006...

The system is going down for system halt NOW !! INIT: Switching to runlevel: 0 INIT: Sending processes the TERM signal Unmounting all filesystems. The system is halted flushing ide devices: hda Power down.

5. Power off the switch.

Powering off a Brocade enterprise-class platform

1. From the active CP in a dual-CP platform, enter the sysShutdown command.

When the sysShutdown command is issued on the active CP, the active CP, the standby CP, and any AP blades are all shut down.

2. At the prompt, enter y.

3. Wait until you see the following message:

DCX:FID128:admin> sysshutdown This command will shutdown the operating systems on your switch. You are required to power-cycle the switch in order to restore operation. Are you sure you want to shutdown the switch [y/n]?y HA is disabled Stopping blade 10

Shutting down the blade....

Stopping blade 12

Shutting down the blade....

Broadcast message from root (pts/0) Fri Oct 10 08:36:48 2008...

The system is going down for system halt NOW !!

4. Power off the switch.

32 Fabric OS Administrator’s Guide

53-1001763-02

Page 73

Basic connections

Before connecting a switch to a fabric that contains switches running different firmware versions, you must first set the same PID format on all switches. The presence of different PID formats in a fabric causes fabric segmentation.

• For information on PID formats and related procedures, see Chapter 3, “Performing Advanced

Configuration Tasks”.

• For information on configuring the routing of connections, see “Routing Traffic” on page 63.

• For information on configuring extended interswitch connections, see “Managing Long

Distance Fabrics” on page 441.

Device connection

To minimize port logins, power off all devices before connecting them to the switch. When powering the devices back on, wait for each device to complete the fabric login before powering on the next one.

For devices that cannot be powered off, first use the portDisable command to disable the port on the switch, connect the device, and then use the portEnable command to enable the port.

Basic connections

Switch connection

See the hardware user’s guide of your specific switch for interswitch link (ISL) connection and cable management information. The standard or default ISL mode is L0. ISL Mode L0 is a static mode, with the following maximum ISL distances:

• 10 km at 1 Gbps

• 5 km at 2 Gbps

• 2.5 km at 4 Gbps

• 1 km at 8 Gbps

For more information on extended ISL modes, which enable long distance interswitch links, see

Chapter 20, “Managing Long Distance Fabrics”.

Fabric OS Administrator’s Guide 33 53-1001763-02

Page 74

Basic connections

34 Fabric OS Administrator’s Guide

53-1001763-02

Page 75

Chapter

Performing Advanced Configuration Tasks

In this chapter

•PIDs and PID binding overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

•Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

•Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

•Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

•Blade swapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

•Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

•Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

•Track and control switch changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

•Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

PIDs and PID binding overview

Port identifiers (PIDs, also called Fabric Addresses) are used by the routing and zoning services in Fibre Channel fabrics to identify ports in the network. All devices in a fabric must use the same PID format. When you add new equipment to the SAN, you might need to change the PID format on legacy equipment.

Many scenarios cause a device to receive a new PID; for example, unplugging the device from one port and plugging it into a different port as part of fabric maintenance, or changing the domain ID of a switch, which might be necessary when merging fabrics, or changing compatibility mode settings.

Some device drivers use the PID to map logical disk drives to physical Fibre Channel counterparts. Most drivers can either change PID mappings dynamically, also called dynamic PID binding, or use the WWN of the Fibre Channel disk for mapping, also called WWN binding.

Some older device drivers behave as if a PID uniquely identifies a device; they use static PID binding. These device drivers should be updated, if possible, to use WWN or dynamic PID binding instead, because static PID binding creates problems in many routine maintenance scenarios. Fortunately, very few device drivers still behave this way. Many current device drivers enable you to select static PID binding as well as WWN binding. You should only select static binding if there is a compelling reason, and only after you have evaluated the effect of doing so.

Fabric OS Administrator’s Guide 35 53-1001763-02

Page 76

PIDs and PID binding overview

NOTE

Core PID addressing mode

Core PID is the default PID format for Brocade platforms. It uses the entire 24-bit address space of the domain, area_ID, and AL_PA to determine an objects address within the fabric.

The Core PID is a 24-bit address built from the following three 8-bit fields:

• domain, written in hex and the numeric range is from 01-ee (1-239)

• area_ID, written in hex and the numeric range is from 01-ff (1-255)

• AL_PA

For example, if a device is assigned an address of 0f1e00, the following would apply:

• 0f is the domain ID.

• 1e is the area ID.

• 00 is the assigned AL_PA.

From this information, you can determine which switch the device resides on from the domain ID, which port the device is attached to from the area_ID, and if this device is part of a loop from the AL_PA number.

For more information on reading and converting hexadecimal, refer to Appendix E, “Hexadecimal”.

Fixed addressing mode

Fixed addressing mode is the default addressing mode used in all platforms that do not have Virtual Fabrics enabled. When Virtual Fabrics is enabled on the Brocade DCX and DCX-4S, fixed addressing mode is used only on the default partition. With fixed addressing mode enabled, each port has a fixed address assigned by the system based on the port number. This address does not change unless you choose to swap the address using the portSwap command.

10-bit addressing mode

This is the default mode for all the logical switches created in the Brocade DCX and DCX-4S enterprise-class platforms. This addressing scheme is flexible to support a large number of F_Ports. In the regular 10-bit addressing mode, the portAddress addresses from 0x00 to 0x8F.

The default switch in the Brocade DCX and DCX-4S enterprise-class platform still uses the fixed addressing mode in order to support 4 Gbps blades.

The 10-bit addressing mode utilizes the 8-bit area_ID and the borrowed upper two bits from the AL_PA portion of the PID. Areas 0x00 through 0x8F use only 8 bits for the port address and support up to 256 NPIV devices. This means a logical switch can support up to 144 ports that can each support 256 devices. Areas 0x90 through 0xFF use an additional two bits from ALPA for the port address. Hence these ports support only 64 NPIV devices per port.

--auto command supports

10-bit addressing mode allows for the following functionalities:

• PID is dynamically allocated only when the port is first moved to a logical switch and thereafter

it is persistently maintained.

• Shared area limitations are removed on 48-port blades.

36 Fabric OS Administrator’s Guide

53-1001763-02

Page 77

PIDs and PID binding overview

ATTENTION

• Any port on a 48-port blade can support up to 256 NPIV devices (in fixed addressing mode,

only 128 NPIV devices are supported in non-VF mode and 64 NPIV devices in VF mode on a 48-port blade).

• Any port on a 48-port blade can support loop devices.

• Any port on a 48-port blade can support hard port zoning.

• Port index is not guaranteed to be equal to the port area_ID.

256-area addressing mode

This configurable addressing mode is available only in a logical switch on the Brocade DCX and DCX-4S platforms. In this mode, only 256 ports are supported and each port receives a unique 8-bit area address. This mode can be used in FICON environments, which have strict requirements for 8-bit area FC addresses.

There are two types of area assignment modes in the 256-area addressing mode: zero-based and port-based. Zero-based mode, which assigns areas as ports, are added to the partition, beginning at area 0x00. This mode allows FICON customers to make use of the upper ports of a 48-port blade; but this mode may not be compatible with domain,index zoning in InteropMode 2, because M-EOS switches are not capable of handling indexes greater than 255. In both zero-based and port-based modes, you can assign from the entire range 0x00 to 0xff for the PID. Port-based mode does not support the upper 16 ports of a 48 port blade in a logical switch.

WWN-based PID assignment

WWN-based PID assignment is disabled by default. When the feature is enabled, bindings are created dynamically; as new devices log in, they automatically enter the WWN-based PID database. The bindings exist until you explicitly unbind the mappings through the CLI or change to a different addressing mode. If there are any existing devices when you enable the feature, you must manually enter the WWN-based PID assignments through the CLI.

This feature also allows you to configure a PID persistently using a device WWN. When the device logs in to the switch, the PID is bound to the device WWN. If the device is moved to another port in the same switch, or a new blade is hot plugged, the device receives the same PID (area) at its next login.

Once WWN-based PID assignment is enabled you must manually enter the WWN-based PID assignments through the CLI for any existing devices.

When WWN-base PID assignment is enabled, the area assignment is dynamic and does not guarantee any order in the presence of static wwn-area binding or when the devices are moved around.

PID assignments are supported for a maximum of 4096 devices; this includes both point-to-point and NPIV devices. The number of point-to-point devices supported depends directly on the areas available. For example, 448 areas are available on an enterprise-class platform and 256 areas are available on switches. When the number of entries in the WWN-based PID database reaches 4096 areas are used up, the oldest unused entry is purged from the database to free up the reserved area for the new FLOGI.

Fabric OS Administrator’s Guide 37 53-1001763-02

Page 78

PIDs and PID binding overview

NOTE

Virtual Fabric considerations

WWN-base PID assignment is disabled by default and is supported in the default switch on a Brocade DCX and DCX-4S. This feature is not supported on application blades such as the

FX8-24, and the FCOE10-24. The total number of ports in the default switch must be 256 or less.

When the WWN-base PID assignment feature is enabled and a new blade is plugged into the chassis, the ports for which the area is not available are disabled.

NPIV

If any NPIV devices have static PIDs configured and the acquired area is not the same as the one being requested, the FDISC coming from that device is rejected and the error is noted in the RASlog.

If the NPIV device has Dynamic Persistent PID set, the same AL_PA value in the PID is used. This guarantees NPIV devices get the same PID across reboots and AL_PAs assigned for the device do not depend on the order in which the devices come up. Refer to Chapter 13, “Administering NPIV” for more information on NPIV.

Enabling automatic PID assignment

FS8-18,

To activate the WWN-based PID assignment, you do not need to disable the switch.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the configure command.

3. At the Fabric Parameters prompt, type y

4. At the WWN Based persistent PID prompt, type y

5. Press Enter to bypass the remaining prompts without changing them.

Example of activating PID assignments

Configure...

Fabric parameters (yes, y, no, n): [no] y

WWN Based persistent PID (yes, y, no, n): [no] y System services (yes, y, no, n): [no] ssl attributes (yes, y, no, n): [no] rpcd attributes (yes, y, no, n): [no] cfgload attributes (yes, y, no, n): [no] webtools attributes (yes, y, no, n): [no] Custom attributes (yes, y, no, n): [no] system attributes (yes, y, no, n): [no]

Assigning a static PID

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the wwnAddress -bind command to assign a 16-bit PID to a given WWN.

38 Fabric OS Administrator’s Guide

53-1001763-02

Page 79

Ports

NOTE

Ports

Clearing PID binding

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the wwnAddress -unbind command to clear the PID binding for the specified WWN.

Showing PID assignments

1. Connect to the switch and log in using an account assigned to the admin role.

2. Based on what you want to display, enter the appropriate command:

• wwnAddress –show displays the assigned WWN-PID bindings.

• wwnAddress –findPID wwn displays the PID assigned to the device WWN specified.

Because enterprise-class platforms contain interchangeable port blades, their procedures differ from those for fixed-port switches. For example, fixed-port models identify ports only by the port number, while enterprise-class platforms identify ports by slot/port notation.

For detailed information about the Brocade 48000 director, and the Brocade DCX and DCX-4S enterprise-class platforms, see the Brocade 48000 Hardware Reference Manual, the Brocade DCX

Data Center Backbone Hardware Reference Manual, and the Brocade DCX-4S Data Center Backbone Hardware Reference Manual, respectively.

The different blades that can be inserted into a chassis are described as follows:

• Control processor blades (CPs) contain communication ports for system management, and are

used for low-level, platform-wide tasks. In the Brocade 48000, CPs are used for intra-platform switching.

• Core blades in the Brocade DCX (CORE8) and DCX-4S (CR4S-8) are used for intra-chassis

switching as well as interconnecting two Brocade DCX enterprise-class platforms.

• Port blades are used for host, storage, and interswitch connections.

• AP blades are used for Fibre Channel Application Services and Routing Services, iSCSI

bridging, FCIP, Converged Enhanced Ethernet, storage virtualization, and encryption support.

On each port blade, a particular port must be represented by both slot number and port number.

The Brocade 48000 has 10 slots that contain control processor, port, and application (AP) blades:

• Slot numbers 5 and 6 contain control processor blades.

• Slot numbers 1 through 4 and 7 through 10 contain port and AP blades.

The Brocade DCX has 12 slots that contain control processor, core, port, and AP blades:

• Slot numbers 6 and 7 contain CPs.

• Slot numbers 5 and 8 contain core blades.

• Slot numbers 1 through 4 and 9 through 12 contain port and AP blades.

Fabric OS Administrator’s Guide 39 53-1001763-02

Page 80

NOTE

Ports

The Brocade DCX-4S has 8 slots that contain control processor, core, port, and AP blades:

• Slot numbers 4 and 5 contain CPs.

• Slot numbers 3 and 6 contain core blades.

• Slot numbers 1 and 2, and 7 and 8 contain port and AP blades.

The Core blades for the Brocade DCX (CORE8) and the Brocade DCX-4S (CR4S-8) are not interchangeable between the two products.

When you have port blades with different port counts in the same director (for example, 16-port blades and 32-port blades, or 16-port blades and 18-port blades with 16 FC ports and 2 GbE ports, or 16-port and 48-port blades), the area IDs no longer match the port numbers. Table 3 lists the port numbering schemes for the Brocade 48000, and the Brocade DCX and DCX-4S enterprise-class platforms.

TABLE 3 Port numbering schemes for the Brocade 48000, Brocade DCX and DCX-4S enterprise-class

platforms

Port blades Numbering scheme

FC2-16 FC4-16 FC8-16

FC4-32 FC8-32

FC4-48 FC8-48

FC8-64 Ports are numbered from 0 through 32 from bottom to top on the left set of ports and 33 through

FC10-6 Ports are numbered from 0 through 5 from bottom to top.

FC4-16IP Fibre Channel ports are numbered from 0 through 7 from bottom to top. There are also 8 GbE

FA4-18 Fibre Channel ports are numbered from 0 through 15 from bottom to top. There are also 2 GbE

FR4-18i Ports are numbered from 0 through 15 from bottom to top. There are also 2 GbE ports

FS8-18 Ports are numbered from 0 through 15 from bottom to top. There are also 2 GbE ports

FCOE10-24 Ports are numbered 0 through 11 from bottom to top on the left set of ports and 12 through 24

FX8-24 In the first grouping, there are Fibre Channel ports numbered 0 through 5 from bottom to top on

Ports are numbered from 0 through 15 from bottom to top.

Ports are numbered from 0 through 15 from bottom to top on the left set of ports and 16 through 31 from bottom to top on the right set of ports.

Ports are numbered from 0 through 23 from bottom to top on the left set of ports and 24 through 47 from bottom to top on the right set of ports.

64 from bottom to top on the right set of ports.

ports (numbered ge0 – ge7, from bottom to top). Going from bottom to top, the 8 FC ports appear on the bottom, followed by the 8 GbE ports at the top.

ports (numbered A0 - A1, from top to bottom) that are for Storage Application manageability purposes; you cannot address these ports using the CLI.

(numbered ge0-ge1, from bottom to top). Going from bottom to top, the 2 GbE ports appear on the bottom of the blade followed by 16 FC ports.

(numbered ge0-ge1, from top to bottom). Going from top to bottom, the 2 GbE ports appear on the top of the blade followed by 16 FC ports.

from bottom to top on the right set of ports.

the left set of ports and 6 through 11 from bottom to top on the right set of ports. In the second grouping, there are two 10 GbE ports numbered xge0 and xge1 on the left set of ports and two GbE ports numbered ge4 and ge5 on the right side. In the third grouping, the GbE ports are numbered ge0 through ge3 on the left set of ports and ge6 through ge9 on the right set of ports.

40 Fabric OS Administrator’s Guide

53-1001763-02

Page 81

Ports

Setting port names

Perform the following steps to specify a port name. For enterprise-class directors, specify the slot number where the blade is installed.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the portName command.

Example of naming port 0

ecp:admin> portname 1/0 trunk1

Port identification by slot and port number

The port number is a number assigned to an external port to give it a unique identifier in a switch.

To select a specific port in the Brocade 48000, Brocade DCX and DCX-4S enterprise-class platforms, you must identify both the slot number and the port number using the format slot number/port number. No spaces are allowed between the slot number, the slash (/), and the port number.

Example of enabling port 4 on a blade in slot 2

ecp:admin> portenable 2/4

Port identification by port area ID

The relationship between the port number and area ID depends upon the PID format used in the fabric. When Core PID format is in effect, the area ID for port 0 is 0, for port 1 is 1, and so forth.

For 32-port blades (FC4-32, FC8-32), the numbering is contiguous up to port 15; from port 16, the numbering is still contiguous, but starts with 128. For example, port 15 in slot 1 has a port number and area ID of 15; port 16 has a port number and area ID of 128; port 17 has a port number and area ID of 129.

For 48-port blades (FC4-48, FC8-48), the numbering is the same as for 32-port blades for the first 32 ports on the blade. For ports 32 through 47, area IDs are not unique and port index should be used instead of area ID.

For the 64-port blade (FC8-64), the numbering is the same as for 32-port blades for the first 32 ports on the blade. For ports 32 through 64, area IDs are not unique and port index should be used instead of area ID.

If you perform a port swap operation, the port number and area ID no longer match. On 48-port blades, port swapping is supported only on ports 0–15.

To determine the area ID of a particular port, enter the switchShow command. This command displays all ports on the current (logical) switch and their corresponding area IDs.

Port identification by index

With the introduction of 48-port blades, indexing was introduced. Unique area IDs are possible for up to 255 areas, but beyond that there needed to be some way to ensure uniqueness.

Fabric OS Administrator’s Guide 41 53-1001763-02

Page 82

ATTENTION

NOTE

Ports

A number of fabric-wide databases supported by Fabric OS (including ZoneDB, the ACL DDC, and Admin Domain) allow a port to be designated by the use of a “D,P” (domain,port) notation. While the “P” component appears to be the port number, for up to 255 ports it is actually the area assigned to that port.

Port area schema does not apply to the Brocade DCX-4S enterprise-class platform.

If two ports are changed using the portSwap command, their respective areas and “P” values are exchanged.

For ports that are numbered above 255, the “P” value is actually a logical index. The first 256 ports continue to have an index value equal to the area_ID assigned to the port. If a switch is using Core PID format, and no port swapping has been done, the port index value for all ports is the same as the physical port numbers. Using portSwap on a pair of ports will exchange those ports’ area_ID and index values.

The portSwap command is not supported for ports above 256.

Swapping port area IDs

If a device that uses port binding is connected to a port that fails, you can use port swapping to make another physical port use the same PID as the failed port. The device can then be plugged into the new port without the need to reboot the device.

Use the following procedure to swap the port area IDs of two physical switch ports. In order to swap port area IDs, the port swap feature must be enabled, and both switch ports must be disabled. The swapped area IDs for the two ports remain persistent across reboots, power cycles, and failovers.

Brocade 48000 and Brocade DCX platforms only: You can swap only ports 0 through 15 on the FC4-48 and FC8-48 port blades. You cannot swap ports 16 through 47.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enable the portSwapEnable command to enable the feature.

3. Enter the portDisable command on each of the source and destination ports to be swapped.

switch:admin>portdisable 1 ecp:admin>portdisable 1/2

4. Enter the portSwap command.

switch:admin>portswap 1 2 ecp:admin>portswap 1/1 2/2

5. Enter the portSwapShow command to verify that the port area IDs have been swapped.

A table shows the physical port numbers and the logical area IDs for any swapped ports.

6. Enter the portSwapDisable command to disable the port swap feature.

Port activation and deactivation

By default, all licensed ports are enabled. You can disable and re-enable them as necessary. Ports that you activate with the Ports on Demand license must be enabled explicitly, as described in

“Ports on Demand” on page 377.

42 Fabric OS Administrator’s Guide

53-1001763-02

Page 83

Ports

CAUTION

If ports are persistently disabled and you use the portEnable command to enable a disabled port, the port will revert to being disabled after a power cycle or a switch reboot. To ensure the port remains enabled, use the portCfgPersistentEnable command as instructed below.

The fabric will be reconfigured if the port you are enabling or disabling is connected to another switch.

The switch with a port that has been disabled will be segmented from the fabric and all traffic flowing between it and the fabric will be lost.

Enabling a port

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the appropriate command based on the current state of the port and on whether it is necessary to specify a slot number:

• To enable a port that is disabled, enter the command portEnable portnumber or

portEnable slotnumber/portnumber.

• To enable a port that is persistently disabled, enter the command portCfgPersistentEnable

portnumber or portCfgPersistentEnable slotnumber/portnumber.

If you change port configurations during a switch failover, the ports may become disabled. To bring the ports online, re-issue the portEnable command after the failover is complete.

Disabling a port

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the appropriate command based on the current state of the port and on whether it is necessary to specify a slot number:

• To enable a port that is disabled, enter the command portDisable portnumber or

portDisable slotnumber/portnumber.

• To enable a port that is persistently disabled, enter the command

portCfgPersistentDisable portnumber or portCfgPersistentDisable

slotnumber/portnumber.

Setting port speeds

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the portCfgSpeed command.

Example of setting the port speed

The following example sets the speed for port 3 on slot 2 to 4 Gbps:

ecp:admin> portcfgspeed 2/3 4 done.

The following example sets the speed for port 3 on slot 2 to autonegotiate:

ecp:admin> portcfgspeed 2/3 0 done.

Fabric OS Administrator’s Guide 43 53-1001763-02

Page 84

Blade terminology and compatibility

Setting the same speed for all ports on the switch

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchCfgSpeed command.

Example of setting the switch speed

The following example sets the speed for all ports on the switch to 8 Gbps:

switch:admin> switchcfgspeed 8 Committing configuration...done.

The following example sets the speed for all ports on the switch to autonegotiate:

switch:admin> switchcfgspeed 0 Committing configuration...done.

Blade terminology and compatibility

Before configuring a chassis, familiarize yourself with the platform CP blade and port blade nomenclature, as well as the port blade compatibilities. Often in procedures, only the abbreviated names for CP and port blades are used (for example, the FC4-16 blade). Table 4 includes CP and port blade abbreviations and descriptions.

TABLE 4 Brocade enterprise-class platform terminology and abbreviations

Term Abbreviation Blade ID

(slotshow)

Brocade 48000 control processor blade

Brocade DCX and DCX-4S control processor blade

Brocade DCX core blade CORE8 52 A 16-port blade that provides 8 Gbps connectivity

Brocade DCX-4S core blade CR4S-8 46 A 16-port blade that provides 8 Gbps connectivity

16-port 2-Gbps port blade FC2-16 4 The second generation Brocade 16-port blade

16-port 4-Gbps port blade FC4-16 17 The third generation Brocade platform 16-port blade

16-port 8-Gbps port blade FC8-16 21 A 16-port Brocade platform port blade supporting 1, 2,

CP256 16 The third generation CP blade provided with the Brocade

CP8 50 The CP blade provided with the Brocade DCX. This CP

Definition

48000. This CP supports 1, 2, 4, 8, and 10 Gbps port speeds, as well as 16-, 32-, and 48-port blades.

supports 1, 2, 4, 8, and 10 Gbps port speeds, as well as 16-, 32-, 48-, and 64-port blades.

Note: These blades are interchangeable between the Brocade DCX and DCX-4S.

between port blades in the Brocade DCX chassis. Note: These blades are not interchangeable with the Brocade DCX-4S.

between port blades in the Brocade DCX-4S chassis. Note: These blades are not interchangeable with the

Brocade DCX.

supporting 1 and 2 Gbps port speeds. This port blade is compatible only with the Brocade 48000 CP blades.

supporting 1, 2, and 4 Gbps port speeds. This port blade is compatible only with the Brocade 48000 CP blades.

4, and 8 Gbps port speeds.

44 Fabric OS Administrator’s Guide

53-1001763-02

Page 85

Blade terminology and compatibility

TABLE 4 Brocade enterprise-class platform terminology and abbreviations (Continued)

Term Abbreviation Blade ID

(slotshow)

32-port 4-Gbps port blade FC4-32 18 A 32-port Brocade platform port blade supporting 1, 2,

32-port 8-Gbps port blade FC8-32 55 A 32-port Brocade platform port blade supporting 1, 2,

48-port 4-Gbps port blade FC4-48 36 A 48-port Brocade platform port blade supporting 1, 2,

48-port 8-Gbps port blade FC8-48 51 A 48-port Brocade platform port blade supporting 1, 2,

64-port 8-Gbps port blade FC8-64 77 A 64-port Brocade platform port blade supporting 2, 4,

6-port 10-Gbps port blade FC10-6 39 A 6-port Brocade platform port blade supporting 10

Fibre Channel Router blade FR4-18i 24 A 16-port Fibre Channel routing and FCIP blade that also

iSCSI Bridge blade FC4-16IP 31 An iSCSI bridge blade that enables bridging of iSCSI

Fibre Channel Application blade

Brocade Encryption blade FS8-18 68 An application blade that provides high performance

Converged Enhanced Ethernet blade

DCX Extension blade FX8-24 75 A 24-port Fibre Channel routing and FCIP blade that also

FA4-18 33 An application blade that has 16 (1-, 2-, and 4-Gbps)

FCOE10-24 74 An application blade that provides Converged Enhanced

Definition

and 4 Gbps port speeds. This port blade is compatible only with the Brocade 48000 CP blades.

4, and 8 Gbps port speeds.

and 4 Gbps port speeds in chassis mode 5 with port and exchange-based routing. This port blade is compatible only with the Brocade 48000 CP blades. FC4-48 blades do not support FL_Ports.

4, and 8 Gbps port speeds. The Brocade DCX and DCX-4S support loop devices on 48-port blades in a Virtual Fabric-enabled environment.

and 8 Gbps port speeds. The Brocade DCX and DCX-4S support loop devices on 64-port blades in a Virtual Fabric-enabled environment. The loop devices can only be attached to ports on a 64-port blade that is not a part of the default logical switch.

Gbps port speed. Blade provides 10-Gbps ISLs. This port blade is compatible only with the Brocade 48000 CP blades (using chassis configuration option 5) and the Brocade DCX and DCX-4S CP blades.

has 2 GbE ports and is compatible only with the Brocade 48000 (using chassis configuration option 5) and the Brocade DCX and DCX-4S CP blades.

hosts to Fibre Channel fabrics. It has 8 Fibre Channel optical SFP ports and 8 GbE copper RJ-45 ports. This blade is currently compatible with the Brocade 48000 CP blades (using chassis configuration option 5).

ports supporting Fibre Channel Application Services and two 10/100/1000 BaseT Ethernet copper interfaces supporting blade management.

32-port auto-sensing 8 Gbps Fibre Channel connectivity with data cryptographic (encryption/decryption) and data compression capabilities.

Ethernet to bridge a Fibre Channel and Ethernet SAN.

has 10 1-GbE and two 10-GbE ports and is compatible only with the Brocade DCX and DCX-4S CP blades.

Fabric OS Administrator’s Guide 45 53-1001763-02

Page 86

Blade terminology and compatibility

CP blades

The control processor (CP) blade provides redundancy and acts as the brains of the enterprise-class platform. The Brocade 48000 supports the CP256 blade. The Brocade DCX and DCX-4S support the CP8 blades.

The CP blades in the Brocade DCX and DCX-4S are hot-swappable. When the CPs from a Brocade DCX are inserted into a Brocade DCX-4S, the switch type changes. The same is true when inserting a CP blade from a Brocade DCX-4S into a Brocade DCX. When a CP blade with a Fabric OS prior to v6.2.0 is inserted into a Brocade DCX-4S, the blade becomes faulty. You can correct this issue by upgrading the firmware on the CP blade in a Brocade DCX or DCX-4S chassis.

Mixed CP blades are not supported on a single chassis, except during specific upgrade procedures detailed in the Brocade 48000 Hardware Reference Manual. CP4 and CP8 blades cannot be mixed in the same chassis under any circumstances. Brocade recommends that each Brocade platform have only one type of CP blade installed and that each CP (primary and secondary partition) maintains the same firmware version.

For more information on maintaining firmware in your enterprise-class platform, refer to Chapter 9,

“Installing and Maintaining Firmware”.

Core blades

Core blades provide intra-chassis switching and ICL connectivity between DCX platforms. The Brocade DCX supports two CORE8 core blades. The Brocade DCX-4S supports two CR4S-8 core blades. This blade is not interchangeable or hot-swappable with the Brocade DCX core blades. If you try to interchange the blades they become faulty.

The Brocade 48000 does not support core blades.

Port and application blade compatibility

Tab le 5 identifies which port and application blades are supported for each Brocade platform.

TABLE 5 Port blades supported by each platform

Port blades Brocade 48000 (CP4) Brocade DCX and DCX-4S

FA4-18 Supported Supported

FC10-6 Supported Supported

FC4-16 Supported Unsupported

FC4-16IP Supported Unsupported

FC4-32 Supported Unsupported

FC4-48 Supported Unsupported

FC8-16 Supported Supported

FC8-32 Supported Supported

FC8-48 Supported Supported

FC8-64 Unsupported Supported

FCOE10-24

FR4-18i Supported Supported

Unsupported Supported

46 Fabric OS Administrator’s Guide

53-1001763-02

Page 87

Blade terminology and compatibility

TABLE 5 Port blades supported by each platform (Continued)

Port blades Brocade 48000 (CP4) Brocade DCX and DCX-4S

FS8-18 Unsupported Supported

FX8-24 Unsupported Supported

1. During power up when an FCOE10-24 is detected first before any other AP blade

in a chassis with Fabric OS v6.3.0 and later, all other AP and FC8-64 blades will be faulted. If a non-FCOE10-24 blade is detected first, then any subsequently-detected FCOE10-24 blades will be faulted. Blades are powered up starting with slot 1.

The maximum number of application blades supported on a Brocade DCX is eight with any combination. For example, 4 FA4-18, 8 FR4-18i. There is no restriction on port blades (FC8-16, FC8-32, FC8-48, FC10-6 and FC8-64). The FC8-64 is supported, but only with Fabric OS v6.4.0.

The maximum number of application blades supported on a Brocade DCX-4S is four with any combination. There is no restriction on port blades (FC8-16, FC8-32, FC8-48, FC10-6, and FC8-64). The FC8-64 is supported, but only with Fabric OS v6.4.0.

Tab le 6 lists the maximum number of application blades you can insert in a Brocade DCX and

DCX-4S backbone chassis for a specific Fabric OS release. Software functionality is not supported across application blades.

TABLE 6 Blade compatibility within a Brocade DCX and DCX-4S backbone

Intelligent blade Fabric OS v6.2.0 Fabric OS v6.3.0 Fabric OS v6.4.0

DCX DCX-4S DCX DCX-4S DCX DCX-4S

FR4-18i

FA4-18

FS8-18 4 4 4 4 4 4

FCOE10-24

FX8-24

1. On the Brocade 48000, the blade can co-exist with an FC4-16IP, but the iSCSI devices are not exported and

imported for FC routing services. The iSCSI functionality over FCIP is not supported, but the FCIP link is the same as other FC E_Ports. This is not restricted by software.

2. The hardware limit is enforced by software. The FA4-18 blade can co-exist with the FR4-18i (and interoperable

at the Layer 2 level), but there is no multi-protocol-level interoperability support provided. Coexistence implies that both types of blades are able to reside in the same chassis. Additionally, FA4-18 blade Layer 2 functions should be compatible with FCR, FCIP, and iSCSI (iSCSI on the Brocade 48000 only). Specifically for FCR coexistence, physical devices directly connected to the FA4-18 blade can be exported to edge fabrics and physical devices directly connected to the FA4-18 blade can communicate with devices imported into the backbone fabric. Similar coexistence of physical devices connected to the FA4-18 blade applies to FCIP and iSCSI.

3. Not compatible with other application blades or with the FC8-64 in the same chassis. Refer to Table 5 on

page 46 for more information.

4. The hardware limit is enforced by software.

848484

242444

n/a n/a 2 2 2 2

n/a n/a 2 4 4 4

Fabric OS Administrator’s Guide 47 53-1001763-02

Page 88

Enabling and disabling blades

FX8-24 compatibility notes

When you have an FR4-18i and an FX8-24 blade in your chassis, the following guidelines need to be followed:

• The FR4-18i and Brocade 7500 GbE ports cannot be connected to either the FX8-24 or Brocade

• The port configuration is maintained separately for the GbE ports of the FR4 -18i and FX8-24

• When Virtual Fabrics is disabled, replacing an FR4 -18i with an FX8-24 (and vice-versa) is

• When Virtual Fabrics is enabled (regardless of whether the FR4 -18i or FX8-24 blade is in the

• The data paths in both blades are interoperable between FC ports. FR4-18i FC ports can

• The FX8-24 blade cannot co-exist with the FA4-18, FS8-18, and FCOE10-24 blades. For

7800 GbE ports. The ports may come online, but they will not communicate with each other. Running physical cables between the FR4 -18i and FX8-24 blades is not supported.

blades. The port configuration data of one blade is never applied to the other type even if an FX8-24 replaces an FR4-18i in the same slot of a chassis. However, if an FR4 -18i blade is replaced with an FX8-24 blade and then replaced back with an FR4 -18i, the FR4 -18i previous IP configuration data would be applied to the new FR4 -18i. The same behavior applies if you were to replace the FX8-24 with an FX8-24.

allowed without any pre-conditions

default switch), replacing an FR4 -18i with an FX8-24 (and vice-versa) without rebooting or power cycling the chassis will fault the blade with reason code 91. However, after blade removal, if you reboot or power cycle the chassis, inserting the other blade type is allowed.

stream data over FX8-24 GbE ports and vice versa.

example, you cannot have an encrypted over an is no software enforcement to detect the above configuration.

FS8-18 blade, and then going over an FX8-24 FCIP distance VE_Port. There

FA4-18 virtual device exported to an edge fabric, getting

Enabling and disabling blades

Port blades are enabled by default. In some cases, you will need to disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the port blade to be disabled. This ensures that diagnostic activity does not interfere with normal fabric traffic.

If you need to replace an application blade with a different application blade, there are extra steps you need to take to ensure that the previous configuration is not interfering with your new application blade.

Enabling blades

1. Connect to the switch and log in as admin.

2. Enter the bladeEnable command with the slot number of the port blade you want to enable.

ecp:admin> bladeenable 3 Slot 3 is being enabled

48 Fabric OS Administrator’s Guide

53-1001763-02

Page 89

Enabling and disabling blades

NOTE

ATTENTION

FA4-18 application blade enabling exceptions

The Brocade 48000 director supports up to two FA4-18 blades in a chassis. The Brocade DCX and DCX-4S Backbones support up to four FA4-18 blades in a chassis.

FC4-48 and FC8-48 port blade enabling exceptions

Because the area IDs are shared with different port IDs, the FC4-48 and FC8-48 blades support only F_ and E_Ports. They do not support FL_Ports.

Port swapping on an FC4-48 or FC8-48 is supported only on ports 0–15. For the FC8-32 port blade, port swapping is supported on all 32 ports. This means that if you replace a 32-port blade where a port has been swapped on ports 16–31 with a 48-port blade, the 48-port blade faults. To correct this, reinsert the 32-port blade and issue portSwap to restore the original area IDs to ports 16–31.

FR4-18i application blade enabling exceptions

Note the following exceptions to enabling the FR4-18i application blade:

• You have inserted the FR4-18i blade into a slot that was previously empty or contained an

FA4-18, FC4-16IP, FC4-48, FC8-16, FC8-32, FC8-48, FC10-6, FS8-18.

If the FR4-18i blade is operational and the platform is rebooted, then after the successful bootup of the system the blade continues operations using the previous configurations.

If a previously configured FR4-18i blade is removed and another or the same FR4-18i blade is inserted into the same slot, then the ports use the previous configuration and come up enabled. If you do not want to use the previous configuration, you must clear the configuration information, remove the blade, and then reseat the blade.

If a previously-configured FR4-18i blade is removed and an FC4-48, FC8-16, FC8-32, FC8-48, or FC10-6 blade is plugged in, then—other than the port’s EX_Port configuration—all the remaining port configurations previously applied to the FR4-18i ports can be used. The EX_Port configuration on those ports is disabled before the FC4 or FC8 port blade becomes operational. When a blade is present in the slot, then any requested port configuration is validated against the blade’s capabilities before accepting the request. Also, hot swapping causes the ports on the FR4-18i to be persistently disabled which later need to be enabled.

The FC4-16IP blade is not supported in either the Brocade DCX or DCX-4S enterprise-class platform.

• You have turned on the power to the chassis and the FR4-18i blade in that slot was not active

prior to the power-on you must persistently enable the ports manually. For instructions on how to manually persistently enable a port, refer to “Port activation and deactivation” on page 42.

The ports of an FR4-18i are persistently disabled only if an FR4-18i was not previously in that slot. You can replace an FR4-18i with another one with no change in the port states.

To sum m a r ize:

• When an FC4-16, FC4-32, FC8-16, FC8-32, FC10-6, FC4-16IP, FA4-18, FS8-18, or FX8-24 blade

is replaced by an FR4-18i blade, the current port configuration continues to be used, and all ports on the FR4-18i blade are persistently disabled.

Fabric OS Administrator’s Guide 49 53-1001763-02

Page 90

Blade swapping

NOTE

• When an FR4-18i blade is replaced by an FC4-16, FC4-32, FC8-16, FC8-32, FC8-48, or FC8-64

blade, then the EX_Port configuration is removed from any ports that were configured as EX_Ports (equivalent to disabling the EX_Port configuration using the portCfgEXPort command). All remaining port configurations are retained.

This is not true for the 8-Gbps port blades. Because FC8- type blades support EX_Ports, they are still retained in the configuration, but the ports are persistently disabled.

The FC10-6 blade does not support EX_Ports.

Disabling blades

1. Connect to the switch and log in as admin.

2. Enter the bladeDisable command with the slot number of the port blade you want to disable.

ecp:admin> bladedisable 3 Slot 3 is being disabled

Blade swapping

Blade swapping allows you to swap one blade with another of the same type; in this way, you can perform a FRU replacement with minimal traffic disruption. The entire operation is accomplished when the bladeSwap command runs on the Fabric OS. The Fabric OS then validates each command before actually implementing the command on the enterprise-class platform. If an error is encountered then blade swap quits without disrupting traffic flowing through the blades. If an unforeseen error does occur during the bladeSwap command, an entry will be made into the RASlog and all ports that have been swapped as part of the blade swap operation will be swapped back. On successful completion of the command, the source and destination blades are left in a disabled state allowing you to complete the cable move.

Blade swapping is based on port swapping and has the same restrictions:

• Shared area ports cannot be swapped.

• Ports that are part of a trunk group cannot be swapped.

• GbE ports cannot be swapped.

• Swapping ports between different logical switches is not supported. The ports on the source

and destination blades need to be in the same logical switch.

• Undetermined board types cannot be swapped. For example, a blade swap will fail if the blade

type cannot be identified.

• Blade swapping is not supported when swapping to a different model of blade or a different

port count. For example, you cannot swap an FC8-32 blade with an FC8-48 port blade.

This feature is not supported on the FX8-24 DCX Extension blade.

50 Fabric OS Administrator’s Guide

53-1001763-02

Page 91

Blade swapping

Swapping blades

The bladeSwap command performs the following operations:

1. Blade selection

The selection process includes selecting the switch and the blades to be affected by the swap operation. Figure 2 shows the source and destination blades are identified to begin the process.

FIGURE 2 Identifying the blades

2. Blade validation

The validation process includes determining the compatibility between the blades selected for the swap operation:

• Blade technology. Both blades must be of compatible technology types (for example, Fibre

Channel to Fibre Channel, Ethernet to Ethernet, application to application, etc).

• Port Count. Both blades must support the same number of front ports. For example,

16-ports to 16-ports, 32-ports to 32-ports, 48-ports to 48-ports, and so on.

• Availability. The ports on the destination blade must be available for the swap operation

and not attached to any other devices.

3. Port preparation

The process of preparing ports for a swap operation includes basic operations such as insuring the source and destination ports are offline, or verifying that none of the destination ports have failed.

The preparation process also includes any special handling of ports associated with logical switches. For example Figure 3 shows the source blade has ports in a logical switch or logical fabric, then the corresponding destination ports must be included in the associated logical switch or logical fabric of the source ports.

Fabric OS Administrator’s Guide 51 53-1001763-02

Page 92

Blade swapping

FIGURE 3 Blade swap with Virtual Fabrics during the swap

4. Port swapping

The swap ports action is effectively an iteration of the portSwap command for each port on the source blade to each corresponding port on the destination blade.

In Figure 4 shows Virtual Fabrics, where the blades can be carved up into different logical switches as long as they are carved the same way. If slot 1 and slot 2 ports 0-7 are all in the same logical switch, then blade swapping slot 1 to slot 2 will work. The entire blade does not need to be in the same partition.

FIGURE 4 Blade swap with Virtual Fabrics after the swap

Swapping blades

1. Connect to the director and log in using an account assigned to the admin role.

2. Enter the bladeSwap command.

If no errors are encountered, the blade swap will complete successfully. If errors are encountered, the command is interrupted and the ports are set back to their original configuration.

52 Fabric OS Administrator’s Guide

53-1001763-02

Page 93

3. Once the command completes successfully, move the cables from the source blade to the

NOTE

destination blade.

4. Enter the bladeEnable command on the destination blade to enable all user ports.

Power management

All blades are powered on by default when the switch chassis is powered on. Blades cannot be powered off when POST or AP initialization is in progress.

To manage power and ensure that more critical components are the least affected by a power changes, you can specify the order in which the components are powered off, using the powerOffListSet command

The power monitor compares the available power with the power required to determine if there will be enough power to operate. If it is predicted to be less power available than required, the power-off list is processed until there is enough power for operation. By default, the processing begins with slot 1 and proceeds to the last slot in the chassis. As power becomes available, slots are powered up in the reverse order. During the initial power up of a chassis, or using the slotPowerOn command, or the insertion of a blade, the available power is compared to required power before power is applied to the blade.

Power management

Some FRUs in the chassis may use significant power, yet cannot be powered off through software. For example, a missing blower FRU may change the power computation enough to affect how many slots can be powered up.

The powerOffListShow command displays the power off order.

In the Brocade DCX and DCX-4S the core blades and CPs cannot be powered off from the CLI interface. You must manually power off the blades by lowering the slider or removing power from the chassis. If there is no CP up and running then physical removal or powering off the chassis is required.

Powering off a port blade

1. Connect to the switch and log in as admin.

2. Enter the slotPowerOff command with the slot number of the port blade you want to power off.

ecp:admin> slotpoweroff 3 Slot 3 is being powered off

Powering on a port blade

1. Connect to the switch and log in as admin.

2. Enter the slotPowerOn command with the slot number of the port blade you want to power on.

ecp:admin> slotpoweron 3 Powering on slot 3

Fabric OS Administrator’s Guide 53 53-1001763-02

Page 94

Equipment status

You can check the status of switch operation, High Availability features, and fabric connectivity.

Checking switch operation

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchShow command. This command displays a switch summary and a port summary.

3. Check that the switch and ports are online.

4. Use the switchStatusShow command to further check the status of the switch.

Verifying High Availability features (directors and enterprise-class platforms only)

High Availability (HA) features provide maximum reliability and nondisruptive management of key hardware and software modules.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the chassisShow command to verify the model of the field-replaceable units (FRUs).

3. Enter the haShow command to verify HA is enabled, the heartbeat is up, and that the HA state is synchronized between the active and standby CP blades.

4. Enter the fanShow to display the current status and speed of each fan in the system. Refer to the hardware reference manual of your system to determine the appropriate values.

5. Enter the psShow to display the current status of the switch power supplies. Refer to the hardware reference manual of your system to determine the appropriate values.

6. Enter the slotShow -m command to display the inventory and the current status of each slot in the system.

Example of the slot information displayed for a DCX chassis

DCX:FID128:admin> slotshow -m

Slot Blade Type ID Model Name Status

------------------------------------------------- 1 SW BLADE 55 FC8-32 ENABLED 2 SW BLADE 51 FC8-48 ENABLED 3 SW BLADE 39 FC10-6 ENABLED 4 SW BLADE 51 FC8-48 ENABLED 5 CORE BLADE 52 CORE8 ENABLED 6 CP BLADE 50 CP8 ENABLED 7 CP BLADE 50 CP8 ENABLED 8 CORE BLADE 52 CORE8 ENABLED 9 SW BLADE 37 FC8-16 ENABLED 10 AP BLADE 43 FS8-18 ENABLED 11 SW BLADE 55 FC8-32 ENABLED 12 AP BLADE 24 FR4-18i ENABLED

54 Fabric OS Administrator’s Guide

53-1001763-02

Page 95

The possible fields and their values are outlined below.

Field Value

Slot Displays the physical slot number.

Blade Type Displays the blade type.

SW BLADE: The blade is a port blade. CP BLADE: The blade is a control processor. CORE BLADE: The blade is a core blade (Brocade DCX and DCX-4S only). AP BLADE: The blade is the FR4-18i blade. UNKNOWN: The blade is not present or its type is not recognized.

ID Displays the hardware ID of the blade type.

See Table 4 on page 44 for a list of blades and their corresponding IDs.

Model Name Displays the model name of the blade.

Status Displays the status of the blade.

DIAG RUNNING POST1: The blade is present, powered on, and running the post-initialization power-on self test (POST). DIAG RUNNING POST2: The blade is present, powered on, and running the POST.

ENABLED: The blade is on and enabled. DISABLED: The blade is powered on but disabled. FAULTY: The blade is faulty because an error was detected. The reason code numbers displayed

are used by Support personnel to assist with problem diagnosis. Review the system error logs for more information.

INITIALIZING: The blade is present, powered on, and initializing hardware components. INSERTED, NOT POWERED ON: The blade is present in the slot but is turned off. LOADING: The blade is present, powered on, and loading the initial configuration. POWERING UP: The blade is present and powering on. UNKNOWN: The blade is inserted but its state cannot be determined. VACANT: The slot is empty.

Equipment status

Verifying fabric connectivity

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the fabricShow command. This command displays a summary of all the switches in the fabric.

The output of the fabricShow command is discussed in “Domain IDs” on page 28.

Verifying device connectivity

1. Connect to the switch and log in using an account assigned to the admin role.

2. Optional: Enter the switchShow command to verify devices, hosts, and storage are connected.

3. Optional: Enter the nsShow command to verify devices, hosts, and storage have successfully registered with the name server.

Fabric OS Administrator’s Guide 55 53-1001763-02

Page 96

Track and control switch changes

4. Enter the nsAllShow command to display the 24-bit Fibre Channel addresses of all devices in the fabric.

switch:admin> nsallshow { 010e00 012fe8 012fef 030500 030b04 030b08 030b17 030b18 030b1e 030b1f 040000 050000 050200 050700 050800 050de8 050def 051700 061c00 071a00 073c00 090d00 0a0200 0a07ca 0a07cb 0a07cc 0a07cd 0a07ce 0a07d1 0a07d2 0a07d3 0a07d4 0a07d5 0a07d6 0a07d9 0a07da 0a07dc 0a07e0 0a07e1 0a0f01 0a0f02 0a0f0f 0a0f10 0a0f1b 0a0f1d 0b2700 0b2e00 0b2fe8 0b2fef 0f0000 0f0226 0f0233 0f02e4 0f02e8 0f02ef 210e00 211700 211fe8 211fef 2c0000 2c0300 611000 6114e8 6114ef 611600 620800 621026 621036 6210e4 6210e8 6210ef 621400 621500 621700 621a00 75 Nx_Ports in the Fabric }

The number of devices listed should reflect the number of devices that are connected.

Track and control switch changes

The track changes feature allows you to keep a record of specific changes that may not be considered switch events, but may provide useful information. The output from the track changes feature is dumped to the system messages log for the switch. Use the errDump or errShow command to view the log.

Items in the log created from the Track changes feature are labeled TRCK.

Trackable changes are:

• Successful login

• Unsuccessful login

• Logout

• Configuration file change from task

• Track change s o n

• Track changes off

An SNMP-TRAP mode can also be enabled (see the trackChangesHelp command in the Fabric OS Command Reference).

Enabling the track changes feature

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the trackChangesSet 1 command to enable the track changes feature.

A message displays, verifying that the track changes feature is on:

switch:admin> trackchangesset 1 Committing configuration...done.

3. View the log using the commands errDump |more to display a page at a time or errShow to view one line at a time.

2008/10/10-08:13:36, [TRCK-1001], 5, FID 128, INFO, ras007, Successful login by user admin.

56 Fabric OS Administrator’s Guide

53-1001763-02

Page 97

Track and control switch changes

Displaying the status of the track changes feature

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the trackChangesShow command.

The status of the track changes feature is displayed as either on or off. The display includes whether or not the track changes feature is configured to send SNMP traps.

switch:admin> trackchangesshow Track changes status: ON Track changes generate SNMP-TRAP: NO

Viewing the switch status policy threshold values

The policy parameter determines the number of failed or inoperable units for each contributor that triggers a status change in the switch.

Each parameter can be adjusted so that a specific threshold must be reached before that parameter changes the overall status of a switch to MARGINAL or DOWN. For example, if the FaultyPorts DOWN parameter is set to 3, the status of the switch will change if three ports fail. Only one policy parameter needs to pass the MARGINAL or DOWN threshold to change the overall status of the switch.

For more information about setting policy parameters, see the Fabric Watch Administrator’s Guide.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchStatusPolicyShow command.

Whenever there is a switch change, an error message is logged and an SNMP connUnitStatusChange trap is sent.

The output is similar to the following:

ecp:admin> switchstatuspolicyshow The current overall switch status policy parameters: Down Marginal

--------------------------------- PowerSupplies 3 0 Temperatures 2 1 Fans 2 1 WWN 0 1 CP 0 1 Blade 0 1 CoreBlade 0 1 Flash 0 1 MarginalPorts 112 44 FaultyPorts 112 44 MissingSFPs 0 0

Setting the switch status policy threshold values

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the switchStatusPolicySet command.

Fabric OS Administrator’s Guide 57 53-1001763-02

Page 98

Track and control switch changes

NOTE

The current switch status policy parameter values are displayed. You are prompted to enter values for each DOWN and MARGINAL threshold parameter.

By setting the DOWN and MARGINAL values for a parameter to 0,0 that parameter is no longer used in setting the overall status for the switch.

3. Verify the threshold settings you have configured for each parameter.

Enter the switchStatusPolicyShow command to view your current switch status policy configuration.

Example output from a switch

The following example displays what is typically seen from a Brocade 300, 4100, 4900, 5000, 5410, 5424, 5450, 5460, 5470, 5480, 5100, 5300, 5424, 7500, 7500E, 7600, 7800, 8000, and a VA-40FC switch, but the quantity and types vary by platform.

switch:admin> switchstatuspolicyset

To change the overall switch status policy parameters

The current overall switch status policy parameters: Down Marginal

--------------------------------- PowerSupplies 3 0 Temperatures 2 1 Fans 2 1 WWN 0 1 CP 0 1 Blade 0 1 CoreBlade 0 1 Flash 0 1 MarginalPorts 112 44 FaultyPorts 112 44 MissingSFPs 0 0

Note that the value, 0, for a parameter, means that it is NOT used in the calculation. ** In addition, if the range of settable values in the prompt is (0..0), ** the policy parameter is NOT applicable to the switch. ** Simply hit the Return key.

The minimum number of Bad PowerSupplies contributing to DOWN status: (0..4) [3] Bad PowerSupplies contributing to MARGINAL status: (0..4) [0] Bad Temperatures contributing to DOWN status: (0..32) [2] Bad Temperatures contributing to MARGINAL status: (0..32) [1] Bad Fans contributing to DOWN status: (0..3) [2] Bad Fans contributing to MARGINAL status: (0..3) [1] Down WWN contributing to DOWN status: (0..2) [0] Down WWN contributing to MARGINAL status: (0..2) [1] Down CP contributing to DOWN status: (0..2) [0] Down CP contributing to MARGINAL status: (0..2) [1] Down Blade contributing to DOWN status: (0..8) [0] Down Blade contributing to MARGINAL status: (0..8) [1] Down CoreBlade contributing to DOWN status: (0..2) [0] Down CoreBlade contributing to MARGINAL status: (0..2) [1] Out of range Flash contributing to DOWN status: (0..1) [0]

58 Fabric OS Administrator’s Guide

53-1001763-02

Page 99

Out of range Flash contributing to MARGINAL status: (0..1) [1] MarginalPorts contributing to DOWN status: (0..1800) [112] MarginalPorts contributing to MARGINAL status: (0..1800) [44] FaultyPorts contributing to DOWN status: (0..1800) [112] FaultyPorts contributing to MARGINAL status: (0..1800) [44] MissingSFPs contributing to DOWN status: (0..576) [0] MissingSFPs contributing to MARGINAL status: (0..576) [0] No change

On the Brocade 48000, and Brocade DCX and DCX-4S enterprise-class platforms, the command output includes parameters related to CP blades.

Audit log configuration

When managing SANs you may want to audit certain classes of events to ensure that you can view and generate an audit log for what is happening on a switch, particularly for security-related event changes. These events include login failures, zone configuration changes, firmware downloads, and other configuration changes—in other words—critical changes that have a serious effect on the operation and security of the switch.

Important information related to event classes is also tracked and made available. For example, you can track changes from an external source by the user name, IP address, or type of management interface used to access the switch.

Audit log configuration

Auditable events are generated by the switch and streamed to an external host through a configured system message log daemon (syslog). You specify a filter on the output to select the event classes that are sent through the system message log. The filtered events are streamed chronologically and sent to the system message log on an external host in the specified audit message format. This ensures that they can be easily distinguished from other system message log events that occur in the network. Then, at some regular interval of your choosing, you can review the audit events to look for unexpected changes.

Before you configure audit event logging, familiarize yourself with the following audit event log behaviors and limitations:

• By default, all event classes are configured for audit; to create an audit event log for specific

events, you must explicitly set a filter with the class operand and then enable it.

• Audited events are generated specific to a switch and have no negative impact on

performance.

• The last 256 events are persistently stored on the switch and are streamed to a system

message log.

• The audit log depends on the system message log facility and IP network to send messages

from the switch to a remote host. Because the audit event log configuration has no control over these facilities, audit events can be lost if the system message log and IP network facilities fail.

• If too many events are generated by the switch, the system message log becomes a bottleneck

and audit events are dropped by the Fabric OS.

• If the user name, IP address, or user interface is not transported, None is used instead for

each of the respective fields.

• For High Availability, the audit event logs exist independently on both active and standby CPs.

The configuration changes that occur on the active CP are propagated to the standby CP and take effect.

• Audit log configuration is also updated through a configuration download.

Fabric OS Administrator’s Guide 59 53-1001763-02

Page 100

Audit log configuration

NOTE

Auditable event classes

Before configuring an audit log, you must select the event classes you want audited. The audit log includes:

• SEC-3001 through SEC-3017

• SEC-3024 through SEC-3029

• ZONE-3001 through ZONE-3012

Tab le 7 identifies auditable event classes and the auditCfg command operands used to enable

auditing of a specific class.

TABLE 7 AuditCfg event class operands

Operand Event class Description

1 Zone Audit zone event configuration changes, but not the actual values that were

changed. For example, a message may state, “Zone configuration has changed,” but the syslog does not display the actual values that were changed.

2 Security Audit any user-initiated security events for all management interfaces. For

events that have an impact on an entire fabric, an audit is generated only for the switch from which the event was initiated.

3 Configuration Audit configuration downloads of existing SNMP configuration parameters.

Configuration uploads are not audited.

4 Firmware Audit firmware download start, firmware complete, and any other errors

encountered during a firmware download.

5 Fabric Audit administrative domain-related changes.

Only the active CP can generate audit messages because event classes being audited occur only on the active CP. Audit messages cannot originate from other blades in an enterprise-class platform.

Audit events have the following message format:

AUDIT, <Timestamp>, [<Event ID>], <Severity>, <Event Class>, <User ID>/<Role>/<IP address>/<Interface>,<Admin Domain>/<Switch name>,/<FID>, <Reserved>,<Event-specific information>

Switch names are logged for switch components and enterprise-class platform names for enterprise-class platform components. For example, an enterprise-class platform name may be FWDL or RAS and a switch component name may be zone, name server, or SNMP.

Pushed messages contain the administrative domain of the entity that generated the event. Refer to the Fabric OS Message Reference for details on message formats. For more information on setting up the system error log daemon, refer to the Fabric OS Troubleshooting and Diagnostics Guide.

Verifying host syslog prior to configuring the audit log

Audit logging assumes that your syslog is operational and running. Before configuring an audit log, you must perform the following steps to ensure that the host syslog is operational.

60 Fabric OS Administrator’s Guide

53-1001763-02

Brocade Communications Systems 53-1001763-02 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Figures

Tables

About This Document

In this chapter

How this document is organized

Supported hardware and software

What’s new in this document

Document conventions

Text formatting

Command syntax conventions

Notes, cautions, and warnings

Key terms

Notice to the reader

Additional information

Brocade resources

Other industry resources

Getting technical help

Document feedback

Understanding Fibre Channel Services

In this chapter

Fibre Channel services overview

The Management Server

Platform services

Management server database

Platform services in a Virtual Fabric

Enabling platform services

Disabling platform services

Displaying the management server ACL

Adding a member to the ACL

Deleting a member from the ACL

Viewing the contents of the management server database

Clearing the management server database

Topology discovery

Displaying topology discovery status

Enabling topology discovery

Disabling topology discovery

Device login

Principal switch

E_Port login

Fabric login

Port login process

High availability of daemon processes

RSCN causes

Performing Basic Configuration Tasks

In this chapter

Fabric OS overview

Fabric OS command line interface

Console sessions using the serial port

Telnet or SSH sessions

Password modification

Getting help on a command

Default account passwords

The Ethernet interface on your switch

Virtual Fabrics and the Ethernet interface

Displaying the network interface settings

Static Ethernet addresses

DHCP activation

IPv6 autoconfiguration

Date and time settings

Setting the date and time

Time zone settings

Network time protocol

Domain IDs

Displaying the domain IDs

Switch names

Setting the domain ID

Customizing the switch name

Chassis names

Customizing chassis names

Switch activation and deactivation

Disabling a switch

Enabling a switch

Switch and enterprise-class platform shutdown

Powering off a Brocade switch

Powering off a Brocade enterprise-class platform