How it Works
Brocade Communications Systems
Loading...
M5424
Administrator's Manual
82 pgs770.34 Kb0
Hardware Reference Manual
48 pgs2.45 Mb0

Brocade Communications Systems AM866A - StorageWorks 8/8 Base SAN Switch, 8/24, 8/40, 8/8, 300 Administrator's Manual

...
Download
Page 1
53-1001345-01 28 July 2009
Access Gateway
Administrator’s Guide
Supporting Fabric OS 6.3.0
Page 2
Copyright © 2007-2009 Brocade Communications Systems, Inc. All Rights Reserved.
Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Corporate and Latin American Headquarters Brocade Communications Systems, Inc. 1745 Technology Drive San Jose, CA 95110 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: info@brocade.com
European Headquarters Brocade Communications Switzerland Sàrl Centre Swissair Tour B - 4ème étage 29, Route de l'Aéroport Case Postale 105 CH-1215 Genève 15 Switzerland Tel: +41 22 799 5640 Fax: +41 22 799 5641 E-mail: emea-info@brocade.com
Asia-Pacific Headquarters Brocade Communications Systems China HK, Ltd. No. 1 Guanghua Road Chao Yang District Units 2718 and 2818 Beijing 100020, China Tel: +8610 6588 8888 Fax: +8610 6588 9999 E-mail: china-info@brocade.com
Asia-Pacific Headquarters Brocade Communications Systems Co., Ltd. (Shenzhen WFOE) Citic Plaza No. 233 Tian He Road North Unit 1308 – 13th Floor Guangzhou, China Tel: +8620 3891 2000 Fax: +8620 3891 2111 E-mail: china-info@brocade.com
Page 3
Document History
The following table lists all versions of the Access Gateway Administrator’s Guide.
Document Title Publication Number Summary of Changes Publication Date
Access Gateway Administrator’s Guide 53-1000430-01 First version January 2007
Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E June 2007
Access Gateway Administrator’s Guide 53-1000605-01 Added support for new policies
and changes to N_Port mappings.
Access Gateway Administrator’s Guide 53-1000605-02 Added support for new
platforms: 300 and the 4424. Added support for new features:
- Masterless Trunking
- Direct Target Connectivity
- Advance Device Security policy
- 16- bit routing
Access Gateway Administrator’s Guide 53-1000605-03 Added support for:
- Cascading Access Gateway.
Access Gateway Administrator’s Guide 53-1000605-04 Updated to fix the table of
contents
Access Gateway Administrator’s Guide 53-1001189-01 Updated for Fabric OS 6.2.0 November 2008
Access Gateway Administrator’s Guide 53-1001345-01 Updated for Fabric OS 6.3.0 July 2009
October 2007
March 2008
July 2008
July 2008
Access Gateway Administrator’s Guide iii 53-1001345-01
Page 4
iv Access Gateway Administrator’s Guide
53-1001345-01
Page 5
Contents
About This Document
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Key terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii
Brocade resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Other industry resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Optional Brocade features . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Getting technical help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Chapter 1 Access Gateway Basic Concepts
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Brocade Access Gateway overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Comparing Native Fabric and Access Gateway modes . . . . . . . . 1
Fabric OS features in Access Gateway mode . . . . . . . . . . . . . . . . . . . 3
Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Comparison of Access Gateway ports to standard switch ports. 4
Access Gateway limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2 Configuring Ports in Access Gateway mode
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Enabling and disabling Access Gateway mode . . . . . . . . . . . . . . . . . . 7
Port state description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Default port mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Adding F_Ports to an N_Port. . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Removing F_Ports from N_Ports. . . . . . . . . . . . . . . . . . . . . . . . . 14
Access Gateway Administrator’s Guide v 53-1001345-01
Page 6
N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Displaying N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . 16
Unlocking N_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 3 Managing Policies and Features in Access Gateway Mode
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Access Gateway policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Displaying current policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Access Gateway policy enforcement matrix . . . . . . . . . . . . . . . .18
Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
How the ADS policy works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Enabling and disabling the Advanced Device Security policy. . 19
Setting the list of devices allowed to log in . . . . . . . . . . . . . . . . 19
Setting the list of devices not allowed to log in . . . . . . . . . . . . .20
Removing devices from the list of allowed devices . . . . . . . . .20
Adding new devices to the list of allowed devices . . . . . . . . . . . 20
Displaying the list of allowed devices on the switch . . . . . . . . . 21
ADS policy considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Upgrade and downgrade considerations for the ADS policy . . . 21
Automatic Port Configuration policy. . . . . . . . . . . . . . . . . . . . . . . . . .21
How the APC policy works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Enabling and disabling the APC policy . . . . . . . . . . . . . . . . . . . .22
Automatic Port Configuration policy considerations . . . . . . . . .23
Upgrade and downgrade considerations for the APC policy . . .23
Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
How port groups work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Adding an N_Port to a port group . . . . . . . . . . . . . . . . . . . . . . . . 24
Deleting an N_Port from a port group . . . . . . . . . . . . . . . . . . . . 25
Removing a port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Renaming a port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Disabling the Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . .25
Port Grouping policy modes . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Creating a port group and enabling login balancing mode. . . . 26
Rebalancing F_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Enabling Managed Fabric Name Monitoring mode. . . . . . . . . .28
Disabling Managed Fabric Name Monitoring mode . . . . . . . . .28
Displaying the current fabric name monitoring timeout value .28
Setting the current fabric name monitoring timeout value. . . . 28
Port Grouping policy considerations. . . . . . . . . . . . . . . . . . . . . .28
Upgrade and downgrade considerations for the
Port Grouping policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
vi Access Gateway Administrator’s Guide
53-1001345-01
Page 7
Persistent ALPA Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Enabling Persistent ALPA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Disabling Persistent ALPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Persistent ALPA device data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Removing device data from the database . . . . . . . . . . . . . . . . .30
Displaying device data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Clearing ALPA values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Persistent ALPA policy considerations . . . . . . . . . . . . . . . . . . . .31
Upgrade and downgrade considerations for Persistent ALPA. . 31
Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Failover configurations in Access Gateway . . . . . . . . . . . . . . . .32
Enabling and disabling Failover on a N_Port . . . . . . . . . . . . . . . 33
Enabling and disabling Failover for a port group . . . . . . . . . . . .34
Upgrade and downgrade considerations for Failover . . . . . . . .34
Adding a preferred secondary N_Port . . . . . . . . . . . . . . . . . . . .34
Deleting F_Ports from a preferred secondary N_Port . . . . . . . .34
Failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Failback configurations in Access Gateway . . . . . . . . . . . . . . . .35
Enabling and disabling Failback on an N_Port . . . . . . . . . . . . .36
Enabling and disabling Failback for a port group . . . . . . . . . . . 37
Upgrade and downgrade considerations for Failback. . . . . . . . 37
Trunking in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . 37
How Trunking works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Trunking on the Edge switch in Access Gateway mode. . . . . . . 38
Configuration management for trunk areas . . . . . . . . . . . . . . . 39
Enabling Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . .40
Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
F_Port Trunking monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Trunking considerations for the Edge switch . . . . . . . . . . . . . . .42
Trunking considerations for Access Gateway mode . . . . . . . . .46
Upgrade and downgrade considerations for Trunking in Access
Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Adaptive Networking on Access Gateway . . . . . . . . . . . . . . . . . . . . .46
Upgrade and downgrade considerations with
Adaptive Networking in AG mode enabled . . . . . . . . . . . . . . . . . 47
Adaptive Networking on Access Gateway considerations . . . . . 47
Chapter 4 SAN Configuration with Access Gateway
Access Gateway Administrator’s Guide vii 53-1001345-01
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . .49
Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Fabric and Edge switch configuration . . . . . . . . . . . . . . . . . . . . . . . .50
Verifying the switch mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Enabling NPIV on M-EOS switches . . . . . . . . . . . . . . . . . . . . . . .52
Page 8
Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Enabling NPIV on a Cisco switch. . . . . . . . . . . . . . . . . . . . . . . . .53
Workaround for certain 4 Gbps QLogic-based devices . . . . . . .53
Editing Company ID List if no FC target devices on switch . . . .53
Adding or deleting an OUI from the Company ID List . . . . . . . . 54
Enabling Flat FCID mode if no FC target devices on switch . . . 54
Editing Company ID list if target devices on switch. . . . . . . . . .55
Rejoining Fabric OS switches to a fabric . . . . . . . . . . . . . . . . . . . . . .55
Reverting to a previous configuration. . . . . . . . . . . . . . . . . . . . .56
Appendix A Troubleshooting
Index
viii Access Gateway Administrator’s Guide
53-1001345-01
Page 9
Figures
Figure 1 Switch function in Native mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Figure 2 Switch function in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Figure 3 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 4 Example F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 5 Example of adding an external F_Port (F9) on an embedded switch . . . . . . . . . 15
Figure 6 Port grouping behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 7 Port group 1 (pg1) setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 8 Example 1 and 2 Failover behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Figure 9 Failback behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Figure 10 Starting point for QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Figure 11 Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Access Gateway Administrator’s Guide ix 53-1001345-01
Page 10
x Access Gateway Administrator’s Guide
53-1001345-01
Page 11
Tables
Tab l e 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3
Tab l e 2 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Tab l e 3 Port state description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Tab l e 4 Description of F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Tab l e 5 Access Gateway default F_Port-to-N_Port mapping. . . . . . . . . . . . . . . . . . . . . . . 11
Tab l e 6 Policy enforcement matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Tab l e 7 Address identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Tab l e 8 Access Gateway trunking considerations for the Edge switch . . . . . . . . . . . . . . 42
Tab l e 9 PWWN format for F_Port and N_Port trunk ports. . . . . . . . . . . . . . . . . . . . . . . . . 45
Tab l e 10 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Access Gateway Administrator’s Guide xi 53-1001345-01
Page 12
xii Access Gateway Administrator’s Guide
53-1001345-01
Page 13
About This Document
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
How this document is organized
This document is a procedural guide to help SAN administrators configure and manage Brocade Access Gateway.
This preface contains the following components:
Chapter 1, “Access Gateway Basic Concepts” describes the Brocade Access Gateway and
provides an overview of its key features.
Chapter 2, “Configuring Ports in Access Gateway mode” describes how to configure ports in
Access Gateway mode.
Chapter 3, “Managing Policies and Features in Access Gateway Mode” describes how to
enable policies on a switch in Access Gateway mode. It also provides information on how to set up Failover and Failback, and discusses how Trunking and Adaptive Networking works in AG.
Chapter 4, “SAN Configuration with Access Gateway” describes how to connect multiple
devices using Access Gateway.
Appendix A, “Troubleshooting” provides symptoms and troubleshooting tips to resolve issues.
Supported hardware and software
In those instances in which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not.
Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. For 6.3.0, documenting all possible configurations and scenarios is beyond the scope of this document.
Access Gateway Administrator’s Guide xiii 53-1001345-01
Page 14
All Fabric OS switches must be running v6.1.0 or later; all M-EOS switches must be running M-EOSc
9.1 or later, M-EOSn must be running 9.6.2 or later, and Cisco switches with SAN OS must be running 3.0 (1) and 3.1 (1) or later. Access Gateway supports 4 and 8 Gbit bladed servers and blades.
Fabric OS v6.3.0 supports the following Brocade hardware platforms for Access Gateway:
Brocade 300
Brocade 5100
Brocade M5424
Brocade 5450
Brocade 5480
What’s new in this document
The following changes have been made since this document was last released:
Information that was added:
Adaptive Networking is supported in AG
- You can configure QoS for ingress rate limiting and SID/DID traffic prioritization for the
following configurations:
Brocade HBA to AG to switchNon-Brocade HBA to AG to switchHBA (Brocade or Non-Brocade) to Edge AG to Core AG to switch
Support for Persistent ALPA
- For servers that cannot handle changing addresses for the hosts and want the same PID
across login sessions
- Only supported when Access Gateway connects to a Brocade fabric.
Manual rebalance of F_Ports to distribute them among available N_Ports.
PG policy support for the following:
- Login balancing within port groups.
- Port group modes to allow F_Ports to connect to a specific port group
For further information, refer to the release notes.
xiv Access Gateway Administrator’s Guide
53-1001345-01
Page 15
Document conventions
This section describes text formatting conventions and important notices formats.
Text formatting
The narrative-text formatting conventions that are used in this document are as follows:
bold text Identifies command names
italic text Provides emphasis
code text Identifies CLI output
For readability, command names in the narrative portions of this guide are presented in mixed lettercase: for example, switchShow. In actual examples, command lettercase is often all lowercase. Otherwise, this manual specifically notes those cases in which a command is case sensitive. The ficonCupSet and ficonCupShow commands are an exception to this convention.
Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI
Identifies variables Identifies paths and Internet addresses Identifies document titles
Identifies syntax examples
Command syntax conventions
Command syntax in this manual follows these conventions:
command Commands are printed in bold.
--option, option Command options are printed in bold.
-argument, arg Arguments.
[ ] Optional element.
variable Variables are printed in italics. In the help pages, values are underlined
enclosed in angled brackets < >.
... Repeat the previous element, for example “member[;member...]”
value Fixed values following arguments are printed in plain font. For example,
--show WWN
| Boolean. Elements are exclusive. Example:
--show -mode egress | ingress
Notes, cautions, and warnings
The following notices appear in this document.
NOTE
A note provides a tip, emphasizes important information, or provides a reference to related information.
or
Access Gateway Administrator’s Guide xv 53-1001345-01
Page 16
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.
Notice to the reader
This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations.
These references are made for informational purposes only.
Key terms
Corporation Referenced Trademarks and Products
Cisco Systems, Inc. Cisco
Sun Microsystems, Inc. Sun, Solaris
Netscape Communications Corporation Netscape
Red Hat, Inc. Red Hat, Red Hat Network, Maximum RPM, Linux Undercover
Emulex Corporation Emulex
QLogic Corporation QLogic
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary.
For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary.
The following terms are used in this manual to describe Access Gateway mode and its components.
Access Gateway (AG)
Fabric OS mode for switches that reduces SAN (storage area network) deployment complexity by leveraging NPIV (N_Port ID Virtualization).
xvi Access Gateway Administrator’s Guide
53-1001345-01
Page 17
E_Port An ISL (Interswitch link) port. A switch port that connects switches together to
form a fabric.
Edge switch A fabric switch that connects host, storage, or other devices, such as Brocade
Access Gateway, to the fabric.
F_Port A fabric port. A switch port that connects a host, HBA (host bus adaptor), or
storage device to the SAN. On Brocade Access Gateway, the F_Port connects to a host or a target.
Mapping On Brocade Access Gateway, the configuration of F_Port to N_Port routes.
N_Port A node port. A Fibre Channel host or storage port in a fabric or point-to-point
connection. On Brocade Access Gateway, the N_Port connects to the Edge switch.
NPIV N_Port ID Virtualization. Allows a single Fibre Channel port to appear as
multiple, distinct ports providing separate port identification and security zoning within the fabric for each operating system image as if each operating system image had its own unique physical port.
Preferred Secondary N_Port
On the Brocade Access Gateway, the preferred secondary N_Port refers to the secondary path to which an F_Port fails over if the primary N_Port goes offline.
Additional information
This section lists additional Brocade and industry-specific documentation that you might find helpful.
Brocade resources
To get up-to-the-minute information, go to http://my.brocade.com and register at no cost for a user ID and password.
For practical discussions about SAN design, implementation, and maintenance, you can obtain
Building SANs with Brocade Fabric Switches through:
http://www.amazon.com
For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource Library location:
http://www.brocade.com
Release notes are available on the My Brocade Web site (http://my.brocade.com) and are also bundled with the Fabric OS firmware.
Other industry resources
White papers, online demos, and data sheets are available through the Brocade Web site at
http://www.brocade.com/products/software.jhtml.
Access Gateway Administrator’s Guide xvii 53-1001345-01
Page 18
Best practice guides, white papers, data sheets, and other documentation is available through
the Brocade Partner Web site.
For additional resource information, visit the Technical Committee T11 Web site. This Web site provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications:
http://www.t11.org
For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web site:
http://www.fibrechannel.org
Optional Brocade features
For a list of optional Brocade features and descriptions, see the Fabric OS Administrator’s Guide.
Getting technical help
Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available:
1. General Information
Technical Support contract number, if applicable
Switch model
Switch operating system version
Error numbers and messages received
supportSave command output
Detailed description of the problem, including the switch or fabric behavior immediately
following the problem, and specific questions
Description of any troubleshooting steps already performed and the results
Serial console and Telnet session logs
Syslog message logs
2. Switch Serial Number
The switch serial number and corresponding bar code are provided on the serial number label, as shown here.
:
*FT00X0054E9*
FT00X0054E9
The serial number label is located as follows:
Brocade 300, 4100, 4900, 5100, 5300, 7500, 7800, 8000, and Brocade Encryption Switch—
On the switch ID pull-out tab located inside the chassis on the port side on the left
Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the
switch
xviii Access Gateway Administrator’s Guide
53-1001345-01
Page 19
Brocade 7600—On the bottom of the chassis
Brocade 48000—Inside the chassis next to the power supply bays
Brocade DCX—On the bottom right on the port side of the chassis
Brocade DCX-4S—On the bottom right on the port side of the chassis, directly above the cable
management comb.
3. World Wide Name (WWN)
Use the licenseIdShow command to display the WWN of the chassis.
If you cannot use the licenseIdShow command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX. For the Brocade DCX, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis.
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to:
documentation@brocade.com
Provide the title and version number of the document and as much detail as possible about your comment, including the topic heading and page number and your suggestions for improvement.
Access Gateway Administrator’s Guide xix 53-1001345-01
Page 20
xx Access Gateway Administrator’s Guide
53-1001345-01
Page 21
Chapter
Access Gateway Basic Concepts
In this chapter
Brocade Access Gateway overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . 3
Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Access Gateway limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Brocade Access Gateway overview
Brocade Access Gateway (AG) is a Fabric OS feature that lets you configure your Enterprise fabric to handle additional N_Ports instead of domains. You do this by configuring F_Ports to connect to the fabric as N_Ports, which increases the number of device ports you can connect to a single fabric. Multiple AGs can connect to the DCX enterprise-class platform, directors, and switches.
Access Gateway is compatible with Fabric OS, M-EOS v9.1 or v9.6 and later, and Cisco-based fabrics v3.0 (1) or later and v3.1 (1) and later. Enabling and disabling AG mode on a switch can be performed from the command line interface (CLI), Web Tools, or Fabric Manager. This document describes configurations using the CLI commands. Please see the Web Tools Administrator’s Guide, the Fabric Manager Administrator’s Guide, or the Data Center Fabric Manager User Guide for more information about AG support in those tools.
1
After you set a Fabric OS switch to AG mode, the F_Ports connect to the Enterprise fabric as N_Ports rather than as E_Ports. Figure 1 shows a comparison of a configuration that connects eight hosts to a fabric using AG to the same configuration with Fabric OS switches in Native mode.
Switches in AG mode are logically transparent to the host and the fabric. You can increase the number of hosts that have access to the fabric without increasing the number of switches. This simplifies configuration and management in a large fabric by reducing the number of domain IDs and ports.
Comparing Native Fabric and Access Gateway modes
The following points summarize the differences between a Fabric OS switch functioning in Native operating mode and a Fabric OS switch functioning in AG operating mode:
The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as
many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.
A switch in AG mode is outside of the fabric; it reduces the number of switches in the fabric
and the number of required physical ports. You can connect an AG switch to either a Fabric OS, M-EOS, or Cisco-based fabric.
For comparison, Figure 1 illustrates switch function in Native mode and Figure 2 illustrates switch function in AG mode.
Access Gateway Administrator’s Guide 1 53-1001345-01
Page 22
Brocade Access Gateway overview
1
FIGURE 1 Switch function in Native mode
FIGURE 2 Switch function in Access Gateway mode
2 Access Gateway Administrator’s Guide
53-1001345-01
Page 23
Fabric OS features in Access Gateway mode
Fabric OS features in Access Gateway mode
Tab le 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. “No”
indicates that the feature is not provided in AG mode. “NA” indicates this feature is not applicable in Access Gateway mode of operation. A single asterisk (*) indicates the feature is transparent to AG, that is AG forwards the request to the Enterprise fabric. Two asterisks (**) indicates that if the Enterprise fabric is not a Brocade fabric, the feature may not be available.
TABLE 1 Fabric OS components supported on Access Gateway
Feature Support
Access Control Yes (limited roles)
Adaptive Networking Yes
Audit Yes
Beaconing Yes
Config Download/Upload Yes
DHCP Yes
Environmental Monitor Yes
Error Event Management Yes
Extended Fabrics No
Fabric Device Management Interface (FDMI) Yes*
Fabric Manager Yes**
Fabric Watch Yes (limited)
FICON (includes CUP) No
High Availability Hot Code Load
Native Interoperability Mode NA
License Yes**
Log Tracking Yes
Management Server NA
Manufacturing Diagnostics Yes
N_Port ID Virtualization Yes
Name Server NA
Network Time Protocol (NTP) No (no relevance from fabric perspective)
Open E_Port NA
Performance Monitor Yes (Basic PM only, no APM support)
Persistent ALPA Yes
Port Mirroring No
QuickLoop, QuickLoop Fabric Assist No
Security Yes (ADS and DCC policies)
SNMP Yes
Speed Negotiation Yes
1
1
2
Access Gateway Administrator’s Guide 3 53-1001345-01
Page 24
Access Gateway port types
1
TABLE 1 Fabric OS components supported on Access Gateway
Feature Support
Syslog Daemon Yes
Tru nkin g Yes* *
ValueLineOptions (Static POD, DPOD) Yes
Web Tools Yes
1. When a switch is behaving as an AG, RBAC features in Fabric OS are available, but there are some limitations. For more information on the limitations, refer to “Access Gateway
limitations” on page 5.
2. In embedded switches, time should be updated by the server management utility.
Access Gateway port types
Access Gateway differs from a typical fabric switch because it is not a switch; instead, it is a mode that you enable on a switch using the ag command. After a switch is set in ag mode, it can connect to the fabric using node ports (N_Ports). Typically fabric switches connect to the Enterprise fabric using ISL (InterSwitch Link) ports, such as E_Ports.
Following are the Fibre Channel (FC) ports that AG uses:
F_Port - fabric port that connects a host, HBA, or storage device to a switch in AG mode.
N_Port - node port that connects a switch in AG mode to the F_Port of the fabric switch.
Comparison of Access Gateway ports to standard switch ports
Access Gateway multiplexes host connections to the fabric. It presents an F_Port to the host and an N_Port to an Edge fabric switch. Using N_Port ID Virtualization (NPIV), AG allows multiple FC initiators to access the SAN on the same physical port. This reduces the hardware requirements and management overhead of hosts to the SAN connections.
A fabric switch presents F_Ports (or FL_Ports) and storage devices to the host and presents E_Ports, VE_Ports, or EX_Ports to other switches in the fabric. A fabric switch consumes SAN resources, such as domain IDs, and participates in fabric management and zoning distribution. A fabric switch requires more physical ports than AG to connect the same number of hosts.
Figure 3 on page 5 shows a comparison of the types of ports a switch in AG mode uses to the type
of ports that a switch uses in standard mode.
4 Access Gateway Administrator’s Guide
53-1001345-01
Page 25
Hosts
Access Gateway Ports
Switch in AG mode
Access Gateway limitations
Fabric
1
N_Port
N_Port
F_Port
N_Port
F_Port
Edge Switch F_Port
NPIV enabled
Fabric Switch Ports
Fabric
Hosts
N_Port
N_Port
Switch in Native
Fabric mode
F_Port
F_Port
E_Port
E_Port
Fabric Switch
E_Port
E_Port
FIGURE 3 Port usage comparison
Tab le 2 shows a comparison of port configurations with AG to a standard fabric switch.
TABLE 2 Port configurations
Port Type Access Gateway Fabric switch
F_Port Yes Connects hosts and targets to
Access Gateway.
N_Port Yes Connects Access Gateway to a fabric
switch.
E_Port NA ISL is not supported.
1. The switch is logically transparent to the fabric, therefore it does not participate in the SAN as a fabric switch.
Access Gateway limitations
The limitations of Access Gateway are as follows:
Only the switch platforms and embedded switch platforms listed in “Supported hardware and
software” on page xiii.
The maximum number of devices that can be connected to a Fabric OS switch through AG
depends on the maximum number of local devices supported by Fabric OS.
Loop devices are not supported.
Port groups cannot be overlapped. This means that an N_Port cannot belong to two different
groups.
Yes Connects devices, such as hosts, HBAs,
and storage to the fabric.
NA N_Ports are not supported.
1
Yes Connects the switch to other switches to
form a fabric.
Access Gateway Administrator’s Guide 5 53-1001345-01
Page 26
Access Gateway limitations
1
Direct connections to SAN target devices are not supported.
Admin Domains is not supported.
FICON is not supported.
Extended Fabrics is not supported.
Management Platform Services is not supported.
Name Services is not supported.
Port Mirroring is not supported.
SMI-S is not supported.
Zoning is not supported; security enforcement is done using the ADS policy.
6 Access Gateway Administrator’s Guide
53-1001345-01
Page 27
Chapter
Configuring Ports in Access Gateway mode
In this chapter
Enabling and disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . 7
Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Enabling and disabling Access Gateway mode
Use the following steps to enable and disable Access Gateway mode. After you enable AG mode, some fabric information is erased, such as the zone and security databases. Enabling AG mode is disruptive because the switch is disabled and rebooted. For more information on the ag commands used in these steps, refer to the Fabric OS Command Reference.
1. Before enabling or disabling a switch to AG mode, save the current configuration file using the configupload command in case you might need this configuration again.
2
2. Ensure that no zoning or Admin Domain (AD) transaction buffers are active. If any transaction buffer is active, enabling AG mode will fail with the error, “Failed to clear Zoning/Admin Domain configuration”.
3. Verify that the switch is set to Native mode or interopmode 0.
a. Issue the switchshow command to verify the switch mode.
b. If the switch mode is anything other than 0, issue the interopmode 0 command to set the
switch to Native mode.
For more information on setting switches to Native mode, refer to the Fabric OS Administrator’s Guide.
4. Enter the ag
switch:admin> ag --modeenable
The switch automatically reboots and comes back online in AG mode using a factory default F_Port-to-N_Port mapping. For more information on AG default F_Port-to-N_Port mapping, see
Tab le 5 on page 11.
5. Enter the ag
switch:admin> ag --modeshow Access Gateway mode is enabled.
You can display the port mappings and status of the host connections to the fabric on Access Gateway.
--modeenable command.
--modeshow command to verify that AG mode is enabled.
6. Enter the ag
Access Gateway Administrator’s Guide 7 53-1001345-01
--mapshow command to display all the mapped ports.
Page 28
Enabling and disabling Access Gateway mode
2
The ag --mapshow command shows all the N_Ports (with the portcfgnport value of 1) even if those N_Ports are not connected.
switch:admin> ag --mapshow N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name
----------------------------------------------------------------------------­ 0 4;5;6 4;5;6 1 0 2 SecondFabric 1 7;8;9 7;8;9 0 1 0 pg0 2 10;11 10;11 1 0 2 SecondFabric 3 12;13 12;13 0 1 0 pg0
-----------------------------------------------------------------------------
7. E n t e r t he switchShow command to display the status of all ports.
switch:admin> switchshow switchName: switch switchType: 43.2 switchState: Online
switchMode: Access Gateway Mode
switchWwn: 10:00:00:05:1e:03:4b:e7
switchBeacon: OFF
Area Port Media Speed State Proto ===================================== 0 0 -- N4 No_Module 1 1 cu N4 Online F-Port 50:06:0b:00:00:3c:b7:32 0x5a0101 2 2 cu N4 Online F-Port 10:00:00:00:c9:35:43:f5 0x5a0003 3 3 cu N4 Online F-Port 50:06:0b:00:00:3c:b6:1e 0x5a0102 4 4 cu N4 Online F-Port 10:00:00:00:c9:35:43:9b 0x5a0002 5 5 cu N4 Online F-Port 50:06:0b:00:00:3c:b4:3e 0x5a0201 6 6 cu N4 Online F-Port 10:00:00:00:c9:35:43:f3 0x5a0202 7 7 cu AN No_Sync Disabled (Persistent) 8 8 cu N4 Online F-Port 10:00:00:00:c9:35:43:a1 0x5a0001 9 9 cu AN No_Sync Disabled (Persistent) 10 10 cu AN No_Sync Disabled (Persistent) 11 11 cu AN No_Sync Disabled (Persistent) 12 12 cu AN No_Sync Disabled (Persistent) 13 13 cu AN No_Sync Disabled (Persistent) 14 14 cu AN No_Sync Disabled (Persistent) 15 15 cu AN No_Sync Disabled (Persistent) 16 16 cu AN No_Sync Disabled (Persistent) 17 17 -- N4 No_Module 18 18 -- N4 No_Module 19 19 id N4 No_Light 20 20 -- N4 No_Module 21 21 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0200 22 22 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0100 23 23 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0000
For a description of the port state, see Table 3 on page 9.
When you disable AG mode, The switch automatically reboots and comes back online using the fabric switch configuration; the AG parameters, such as F_Port-to-N_Port mapping, and Failover and Failback are automatically removed. When the switch reboots, it starts in Fabric OS Native mode. To re-join the switch to the core fabric, refer to “Rejoining Fabric OS switches
to a fabric” on page 55.
8 Access Gateway Administrator’s Guide
53-1001345-01
Page 29
Enabling and disabling Access Gateway mode
8. Enter the switchDisable command to disable the switch.
switch:admin> switchdisable
9. Enter the ag command with the --modedisable operand to disable AG mode.
switch:admin> ag --modedisable
10. Enter the ag --modeshow command to verify that AG mode is disabled.
switch:admin> ag --modeshow Access Gateway mode is NOT enabled
Port state description
The following table describes the possible port states.
TABLE 3 Port state description
State Description
No _Card No interface card present
No _Module No module (GBIC or other) present
Mod_Val Module validation in process
Mod_Inv Invalid module
No_Light The module is not receiving light
No_Sync Receiving light but out of sync
In_Sync Receiving light and in sync
Laser_Flt Module is signaling a laser fault
Port_Flt Port marked faulty
Diag_Flt Port failed diagnostics
Lock_Ref Locking to the reference signal
Testing Running diagnostics
Offline Connection not established (only for virtual ports)
Online The port is up and running
2
Access Gateway Administrator’s Guide 9 53-1001345-01
Page 30
Access Gateway mapping
2
Access Gateway mapping
Access Gateway uses mapping—that is, pre-provisioned routes—to direct traffic from the hosts to the fabric. When you first enable a switch to AG mode, by default, the F_Ports are mapped to a set of predefined N_Ports. For the default F_Port-to-N_Port mapping, see Table 4. See the sections on
Adding F_Ports to an N_Port if you want to change the default mapping. Figure 4 shows a mapping
with eight F_Ports evenly mapped to four N_Ports on a switch in AG mode. The N_Ports connect to the same fabric through different Edge switches.
Hosts
Host_1
Host_2
Host_3
Host_4
Host_5
Host_6
Host_7
Host_8
Access Gateway
F_1
F_2
F_3
F_4
F_5
F_6
F_7
F_8
FIGURE 4 Example F_Port-to-N_Port mapping
N_1
N_2
N_3
N_4
Edge Switch
(Switch_A)
F_A1
NPIV enabled
F_A2
NPIV enabled
Edge Switch
(Switch_B)
F_B1
NPIV enabled
F_B2
NPIV enabled
Fabric
Tab le 4 provides a description of the F_Port-to-N_Port mapping in Figure 4.
TABLE 4 Description of F_Port-to-N_Port mapping
Access Gateway Fabric
F_Port N_Port Edge switch F_Port
F_1, F_2 N_1 Switch_A F_A1
F_3, F_4 N_2 Switch_A F_A2
F_5, F_6 N_3 Switch_B F_B1
F_7, F_8 N_4 Switch_B F_B2
10 Access Gateway Administrator’s Guide
53-1001345-01
Page 31
Access Gateway mapping
2
Default port mapping
Tab le 5 shows the default F_Port-to-N_Port mapping. By default, Failover and Failback policy are
enabled on all N_ports.
NOTE
All POD licenses must be present to use Access Gateway on the Brocade 5100, 300, and 200E.
.Changing the default F_Port-to N_Port mapping
TABLE 5 Access Gateway default F_Port-to-N_Port mapping
Brocade Model
300 24 0-15 16 -23 0, 1 mapped to 16
200E 16 0-11 12-15 0, 1, 2 mapped to 12
4012 12 0–7 8–11 0, 1 mapped to 8
4016 16 0–9 10–15 0, 1 mapped to 10
4018 18 4-11 0-3 4, 5, 12 mapped to 0
4020 20 1–14 0, 15–19 1, 2 mapped to 0
Total Ports F_Ports N_Ports Default F_ to N_Port Mapping
2, 3 mapped to 17 4, 5 mapped to 18 6, 7 mapped to 19 8, 9 mapped to 20 10, 11 mapped to 21 12, 13 mapped to 22 14, 15mapped to 23
3, 4, 5 mapped to 13 6, 7, 8 mapped to 14 9, 10, 11 mapped to 15
2, 3 mapped to 9 4, 5 mapped to 10 6, 7 mapped to 11
2, 3 mapped to 11 4, 5 mapped to 12 6, 7 mapped to 13 8 mapped to 14 9 mapped to 15
6, 7, 13 mapped to 1 8, 9, 14, 16 mapped to 2 10, 11, 15, 17 mapped to 3
3, 4 mapped to 15 5, 6, 7 mapped to 16 8, 9 mapped to port 17 10, 11 mapped to 18 12, 13, 14 mapped to 19
Access Gateway Administrator’s Guide 11 53-1001345-01
Page 32
Access Gateway mapping
2
TABLE 5 Access Gateway default F_Port-to-N_Port mapping
Brocade Model
4024 24 1–16 0, 17–23 1, 2 mapped to 17
4424 24 1-16 0, 17-23 0, 17-23
5100 40 0-31 32-39 0, 1, 2, 3 mapped to 32
5424 24 1-16 0, 17-23 0, 17-23
5450 26 6-25
Total Ports F_Ports N_Ports Default F_ to N_Port Mapping
9, 10 mapped to 18 3, 4 mapped to 19 11, 12 mapped to 20 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23 15, 16 mapped to 0
1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0
4, 5, 6, 7 mapped to 33 8, 9, 10, 11 mapped to 34 12, 13, 14, 15 mapped to 35 16, 17, 18, 19 mapped to 36 20, 21, 22, 23 mapped to 37 24, 25, 26, 27 mapped to 28 28, 29, 30, 31 mapped to 39
1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0
0, 19-25 1, 2, 17 mapped to 19
Not all ports may be accessible.
3, 4, 18 mapped to 20 5, 6 mapped to 21 7, 8 mapped to 22 9, 10 mapped to 23 11, 12 mapped to 24 13, 14 mapped to 25 15, 16 mapped to 0
12 Access Gateway Administrator’s Guide
53-1001345-01
Page 33
Access Gateway mapping
TABLE 5 Access Gateway default F_Port-to-N_Port mapping
Brocade Model
5470 20 1-14 0, 15-19 0, 15-19 are N_ports with failover
5480 24 1-16 0, 17-23 0, 17-23 are N_ports with failover
Total Ports F_Ports N_Ports Default F_ to N_Port Mapping
enabled, failback enabled and PG policy
1, 2 mapped to 0 3, 4 mapped to 15 5, 6, 7 mapped to 16 8, 9 mapped to 17 10, 11 mapped to 18 12, 13, 14 mapped to 19
enabled, failback enabled and PG policy
1, 2 mapped to 17 9, 10 mapped to 18 3, 4 mapped to 19 11, 12 mapped to 20 15, 16 mapped to 0 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23
2
Adding F_Ports to an N_Port
You can modify the default port mapping by adding F_Ports to an N_Port. Adding an F_Port to an N_Port routes that traffic to and from the fabric through the specified N_Port.
You can assign an F_Port to only one primary N_Port at a time. If the F_Port is already assigned to an N_Port, you must remove it from the N_Port before you can add it to a different port.
Use the following steps to add an F_Port to an N_Port.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag command with the the list of F_Ports to the N_Port.
The f_portlist can contain multiple F_Port numbers separated by semicolons, for example “17;18”.
switch:admin> ag --mapadd 13 "6;7" F-Port to N-Port mapping has been updated successfully
--mapadd n_portnumber “f_port1;f_port2;... “operand to add
Access Gateway Administrator’s Guide 13 53-1001345-01
Page 34
Access Gateway mapping
2
3. Enter the ag --mapshow command and specify the port number to display the list of mapped F_Ports. Verify that the added F_Ports appear in the list.
switch:admin> ag --mapshow 13
N_Port : 13 Failover(1=enabled/0=disabled) : 1 Failback(1=enabled/0=disabled) : 1 Current F_Ports : None Configured F_Ports : 6;7
PG_ID : 0 PG_Name : pg0
Removing F_Ports from N_Ports
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
--mapdel command to remove the F_Port from the N_Port.
The f_portlist can contain multiple F_Port numbers separated by semicolons, for example “17;18”.
switch:admin> ag --mapdel 17;18 F-Port to N-Port mapping has been updated successfully
3. Enter the switchshow command to verify that the F_Port is free (unassigned).
Unassigned F_Port status is Disabled (No mapping for F_Port). See port 6 in the following example.
switch:admin> switchshow switchName: fsw534_4016 switchType: 45.0 switchState: Online switchMode: Access Gateway Mode switchWwn: 10:00:00:05:1e:02:1d:b0 switchBeacon: OFF
Area Port Media Speed State Proto ===================================== 0 0 cu AN No_Sync 1 1 cu AN No_Sync Disabled (N-Port Offline for F-Port) 2 2 cu AN No_Sync Disabled (N-Port Offline for F-Port) 3 3 cu AN No_Sync Disabled (N-Port Offline for F-Port) 4 4 cu AN No_Sync Disabled (N-Port Offline for F-Port) 5 5 cu AN No_Sync Disabled (N-Port Offline for F-Port) 6 6 cu AN No_Sync Disabled (No mapping for F-Port) 7 7 cu AN No_Sync 8 8 cu AN No_Sync 9 9 cu AN No_Sync 10 10 -- N4 No_Module 11 11 -- N4 No_Module 12 12 -- N4 No_Module 13 13 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0a00 14 14 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0900 15 15 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0800
14 Access Gateway Administrator’s Guide
53-1001345-01
Page 35
N_Port configurations
You must have the role of securityadmin, admin, or user to configure ports in Access Gateway (AG) mode, The AG port connected to the Enterprise fabric must be configured as an N_Port.
By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_ports and the rest of the ports operate as standard F_ports. Although some ports are locked as N_ports, these ports can be converted to F_ports. For example, Figure 5 shows a host connected to external ports of an Embedded Switch with the switch in AG mode. To convert a N_port to an F_port the port must first be unlocked and then mapped to an available N_port. It is highly recommended that all F_ports mapped to the N_port first be remapped to other N_ports before that port is converted into F_port. Also note that if APC mode is enabled, the port conversion is done automatically and no user intervention is required. For more information on which ports are mapped by default, see Table 5 on page 11.
N_Port configurations
2
FIGURE 5 Example of adding an external F_Port (F9) on an embedded switch
NOTE
A switch in Access Gateway mode must have at least one port configured as an N_Port. Therefore, the maximum number of F_Ports that can be mapped to an N_Port is the number of ports on the switch minus one.
Access Gateway Administrator’s Guide 15 53-1001345-01
Page 36
N_Port configurations
2
Displaying N_Port configurations
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the portcfgnport command.
switch:admin> portcfgnport
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
Unlocking N_Ports
By default, on embedded switches all external ports are configured in N_Port lock mode when you enable Access Gateway. Access Gateway connects only FCP initiators and targets to the fabric. It does not support other types of ports, such as ISL (inter switch link) ports.
By default, on fabric switches the port types are not locked. Fabric OS Native mode dynamically assigns the port type based on the connected device: F_Ports and FL_Ports for hosts, HBAs, and storage devices; and E_Ports, EX_Ports, and VE_Ports for connections to other switches.
Unlocking the N_Port configuration automatically changes the port to an F_Port. When you unlock an N_Port, the F_Ports are automatically unmapped and disabled.
Following are procedures for unlocking N_Ports that are in locked mode.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the portcfgnport command.
NOTE
The portcfgnport command only works when the Port Grouping policy is enabled.
switch:admin> portcfgnport
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
3. Enter the portcfgnport command and specify the port number and 0 (zero) to unlock N_Port mode.
switch:admin> portcfgnport 10 0
Alternatively, to lock a port in N_Port mode, enter the portcfgnport and specify the port number and 1.
switch:admin> portcfgnport 10 1
16 Access Gateway Administrator’s Guide
53-1001345-01
Page 37
Chapter
Managing Policies and Features in Access Gateway Mode
In this chapter
Access Gateway policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Persistent ALPA Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Trunking in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Adaptive Networking on Access Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Access Gateway policies overview
3
This chapter provides detailed information on the following Access Gateway policies. Access
Advance Device Security policy (ADS)
Automatic Port Configuration policy (APC)
Port Grouping policy (PG)
Persistent ALPA policy
These policies can be used to control various advanced features, such as Failover, Failback, and Trunking when used in Access Gateway.
Displaying current policies
You can run the following command to display policies that are currently enabled or disabled on a switch.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --policyshow Policy_Description Policy_Name State
-------------------------------------------------­Port Grouping pg Enabled Auto Port Configuration auto Disabled Advanced Device Security ads Enabled
--policyshow command.
Access Gateway Administrator’s Guide 17 53-1001345-01
Page 38
Advanced Device Security policy
3
Access Gateway policy enforcement matrix
The following table shows which combinations of policies can co-exist with each other.
TABLE 6 Policy enforcement matrix
Policies Auto Port Configuration Port Grouping N_Port Trunking ADS Policy
Auto Port Configuration
N_Port Grouping
N_Port Trunking
ADS Policy
N/A Cannot co-exist Can co-exist Can co-exist
Mutually exclusive N/A Can co-exist Can co-exist
Can co-exist Can co-exist N/A Can co-exist
Can co-exist Can co-exist Can co-exist N/A
Advanced Device Security policy
The Advanced Device Security (ADS) is disabled by default for Access Gateway. ADS is a security policy that restricts access to the fabric at the AG level to a set of authorized devices. Unauthorized access is rejected and the system logs a RASLOG message. You can configure the list of allowed devices for each F_Port by specifying their Port WWN (PWWN). The ADS policy secures virtual and physical connections to the SAN.
How the ADS policy works
When you enable this policy, it applies to all F_ports on the AG-enabled module. By default, all devices have access to the fabric on all ports. You can restrict the fabric connectivity to a particular set of devices where AG maintains a per-port allow list for the set of devices whose PWWN you define to log in through an F_Port. You can view the devices with active connections to an F_Port using the ag --show command.
NOTE
The ag --show command only displays the Core AGs, such as the AGs that are directly connected to fabric. The agshow --name name command displays the F_Ports of both the Core and Edge AGs.
Alternatively, the security policy can be established in the Enterprise fabric using the DCC policy. For information on configuring the DCC policy, see “Enabling the DCC policy on trunk” on page 40. The DCC policy in the Enterprise fabric takes precedence over the ADS policy. It is generally recommended to implement the security policy in the AG module rather than in the main fabric, especially if Failover and Failback policies are enabled.
18 Access Gateway Administrator’s Guide
53-1001345-01
Page 39
Advanced Device Security policy
3
Enabling and disabling the Advanced Device Security policy
By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configupload command in case you need this configuration again.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --policyenable ads The policy ADS is enabled
3. Enter the ag --policydisable ads command to disable the ADS policy.
switch:admin> ag --policydisable ads The policy ADS is disabled
--policyenable ads command to enable the ADS policy.
NOTE
Use the ag --policyshow command to determine the current status of the ADS policy.
Setting the list of devices allowed to log in
You can determine which devices are allowed to log in on a per F_Port basis by specifying the device’s port WWN (PWWN). Lists must be enclosed in double quotation marks. List members must be separated by semicolons. The maximum number of entries in the allowed device list is twice the per port maximum log in count. Replace the WWN list with an asterisk (*) to indicate all access on the specified F_Port list. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the F_Ports' allow lists. A blank WWN list (““) indicates no access. The ADS policy must be enabled for this command to succeed.
NOTE
Use an asterisk enclosed in quotation marks,“*”, to set the Allow list to “All Access” to all F_Ports; use a pair of double quotation marks (“”) to set the Allow list to “No Access”.
Note the following characteristics of the Allow List:
The maximum device entries allowed in the Allow List is twice the per port max login count.
Each port can be configured to “not allow any device” or “to allow all the devices” to log in.
If the ADS policy is enabled, by default, every port is configured to allow all devices to log
in.
The same Allow List can be specified for more than one F_Port.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --adsset command with the appropriate operands to set the list of devices allowed to log into specific ports. In the following example, ports 1, 10, and, 13 are set to “all access.”
switch:admin> ag–-adsset“1;10;13”“*” WWN list set successfully as the Allow Lists of the F_Port[s]
Access Gateway Administrator’s Guide 19 53-1001345-01
Page 40
Advanced Device Security policy
3
Setting the list of devices not allowed to log in
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --adsset command with the appropriate operands to set the list of devices not allowed to log into specific ports. In the following example, ports 11 and 12 are set to “no access.”
switch:admin > ag –-adsset “11;12” “” WWN list set successfully as the Allow Lists of the F_Port[s]
Removing devices from the list of allowed devices
Use the ag --adsdel command to delete the specified WWNs from the list of devices allowed to log in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to remove the specified WWNs from all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --adsdel command to remove one or more devices from the list of allowed devices.
Use the following syntax:
ag--adsdel "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"
In the following example, two devices are removed from the list of allowed devices (for ports 3 and 9).
switch:admin> ag --adsdel "3;9" "22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b" WWNs removed successfully from Allow Lists of the F_Port[s]Viewing F_Ports allowed to login
Adding new devices to the list of allowed devices
You can add the specified WWNs to the list of devices allowed to log in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --adsadd command with appropriate operands to add one or more new devices to the list of allowed devices.
Use the following syntax:
ag--adsadd "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"
In the following example, two devices are added to the list of allowed devices (for ports 3 and
9).
switch:admin> ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" WWNs added successfully to Allow Lists of the F_Port[s]
20 Access Gateway Administrator’s Guide
53-1001345-01
Page 41
Automatic Port Configuration policy
Displaying the list of allowed devices on the switch
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --adsshow command.
switch:admin> ag --adsshow F_Port WWNs Allowed
-------------------------------------------------------------------------­ 1 ALL ACCESS 3 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b 9 20:03:08:00:88:35:a0:12
21:00:00:e0:8b:88:01:8b 10 ALL ACCESS 11 NO ACCESS 12 NO ACCESS 13 ALL ACCESS
--------------------------------------------------------------------------
ADS policy considerations
The following are considerations for setting the ADS policy:
3
In cascading configurations, you should set the ADS policy on the AG module that directly
connects to the servers.
ADS policy can be enabled or disabled independent of status of other AG policies.
Upgrade and downgrade considerations for the ADS policy
Downgrading to Fabric OS v6.2.0 or earlier is supported.
Upgrading from 6.2.0 to 6.3.0 or downgrading from 6.3.0 to 6.2.0 will not change the APC policy settings.
Automatic Port Configuration policy
The automatic Port Configuration (APC) policy is disabled by default in Access Gateway. ACP provides the ability to automatically discover port types (host vs. fabric) and dynamically update the routing maps when a new connection is detected. This policy is intended for a fully hands-off operation of Access Gateway. APC dynamically maps F_ports across available N_ports so they are evenly distributed. For example, when a port on AG is connected to a Fabric switch, AG configures the port as an N_Port. If a host is connected to a port on AG, then AG determines that it is connected and configures the port as an F_Port and automatically maps it to an existing N_Port with the least number of F_Ports mapped to it.
Access Gateway Administrator’s Guide 21 53-1001345-01
Page 42
Automatic Port Configuration policy
3
How the APC policy works
When the APC policy is enabled, it applies to all ports on the switch. Enabling the APC policy is disruptive and erases all existing F_Port-to-N_Port mappings. Therefore, before enabling the APC policy, you must disable the AG module. When you disable the APC policy, the N_Port configuration and the F_Port-to-N_Port mapping revert back to the default factory configurations for that platform. It is recommended that you save the current configuration file using the configupload command in case you might need this configuration again.
Enabling and disabling the APC policy
Use the following steps to enable and disable Automatic Port Configuration policy.
Enabling APC policy
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the switchdisable command to ensure that the switch is disabled.
3. Enter the configupload command to save the switch’s current configuration.
4. Enter the ag --policyenable auto command to enable the APC policy.
switch:admin> ag --policyenable auto All Port related Access Gateway configurations will be lost. Please save the current configuration using configupload. Do you want to continue? (yes, y, no, n): [no] y
5. At the command prompt, type Y to enable the policy.
The switch is ready; a reboot is not required.
Disabling APC policy
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the switchdisable command to ensure that the switch is disabled.
3. Enter the configupload command to save the switch’s current configuration.
4. Enter the command ag --policydisable auto to disable the APC policy.
5. At the command prompt, type Y to disable the policy.
switch:admin> ag --policydisable auto Default factory settings will be restored. Default mappings will come into effect. Please save the current configuration using configupload. Do you want to continue? (yes, y, no, n): [no] y Access Gateway configuration has been restored to factory default
6. Enter the switchenable command to enable the switch.
22 Access Gateway Administrator’s Guide
53-1001345-01
Page 43
Automatic Port Configuration policy considerations
Following are the considerations for the Automatic Port Configuration policy:
The APC and the PG policies cannot be enabled at the same time.
You cannot manually configure F_Port-to-N_Port mapping with this policy enabled.
Upgrade and downgrade considerations for the APC policy
The following are supported:
Downgrading to Fabric OS v6.2.0 or earlier.
Upgrading from Fabric OS v6.2.0 to Fabric OS v6.3.0.
Upgrading from Fabric OS v6.2.0 to Fabric OS v6.3.0 will maintain the policy that was enabled
in Fabric OS 6.2.0.
Port Grouping policy
The Port Grouping (PG) policy is enabled by default for Access Gateway. Use the PG policy to partition the fabric and host ports within an AG-enabled module into independently operated groups. Use the PG policy in the following situations:
Port Grouping policy
3
When connecting the AG module to multiple physical or virtual fabrics.
When you want to isolate specific hosts to specific fabric ports for performance, security, or
other reasons.
How port groups work
Create port groups using the ag --pgcreate command. This command groups N_ports together as “port groups.” Any F_ports mapped to the N_ports belonging to a port group will become members of that port group. Port grouping fundamentally restricts failover of F_ports to the N_ports that belong to that group. For this reason an N_port cannot be member of two port groups. The default PG0 group contains all N_ports that do not belong to any other port groups.
Figure 6 on page 24 shows that.if you have created port groups and then an N_Port goes offline,
the F_Ports being routed through that port will fail over to any of the N_Ports that are part of that port group and are currently active. For example, if N_Port 4 goes offline then F_Ports 7 and 8 are routed through to N_Port 3 as long as N_Port3 is online because both N_Ports 3 and 4 belong to the same port group, PG2. If no active N_Ports are available, the F_Ports are disabled. The F_Ports belonging to a port group do not fail over to N_Ports belonging to another port group.
Access Gateway Administrator’s Guide 23 53-1001345-01
Page 44
Port Grouping policy
F_Port1
F_Port2
F_Port3
N_Port2
N_Port1
N_Port4
N_Port3
F_Port4
PG1
PG2
F_Port5
AG
Fabric-1
Fabric-2
Storage
Array-1
Storage
Array-2
F_Port6
F_Port7
F_Port8
F_Port1
N_Port1
F_Port2
F_Port3
N_Port2
F_Port4
PG1
AG
Fabric-1
Fabric-2
Storage
Array
3
FIGURE 6 Port grouping behavior
When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can access the same target devices from both of the fabrics. In this case, you must group the N_Ports connected to the redundant fabric into a single port group. It is recommended to have paths fail over to the redundant fabric when the primary fabric goes down. Refer to Figure 7.
FIGURE 7 Port group 1 (pg1) setup
Adding an N_Port to a port group
24 Access Gateway Administrator’s Guide
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgadd command with the appropriate operands to add an N_Port to a specific
port group. In the following example N_Port 14 is added to port group 3.
Note that if you add more than one N_Ports, you must separate them with a semicolon.
switch:admin> ag --pgadd 3 14 N_Port[s] are added to the port group 3
53-1001345-01
Page 45
Port Grouping policy
3
Deleting an N_Port from a port group
Before deleting an N_Port, all F_Ports mapped to that N_Port must be remapped before that N_Port is deleted from a port group.
If an N-port is deleted from a port group enabled for Login Balancing, the F-ports mapped to that N-port stay with the port group as long as there are other N-ports in the group. Only the N-port is removed from the port group. This is because the F_Ports are logically associated with the port groups that are enabled for Login Balancing. This is not the case for port groups not enabled for Login Balancing. When you delete an N-port from one of these port groups, the F-ports that are mapped to the N-port move to PG0 along with the N-port. This is because the F-ports are logically associated with the N-ports in port groups not enabled for Login Balancing.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgdel command with the appropriate operands to delete an N_Port from a
specific port group. In the following example, N_Port 13 is removed from port group 3.
switch:admin> ag --pgdel 3 13 N_Port[s] are deleted from port group 3
3. Enter the command ag --pgshow to verify the N_Port was deleted from the specified port
group.
switch:admin> ag --pgshow PG_ID PG_Name PG_Mode N_Ports F_Ports
----------------------------------------------­0 pg0 lb,mfnm 1;3 10;11 2 SecondFabric - 0;2 4;5;6
-----------------------------------------------
Removing a port group
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgremove command with appropriate operands to remove a port group. In the
following example, port group 3 us removed.
switch:admin> ag --pgremove 3 Port Group 3 has been removed successfully
Renaming a port group
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgrename command with appropriate operands to rename port group. In the
following example, port group pgid 2 is renamed to MyEvenFabric.
switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully
Disabling the Port Grouping policy
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --policydisable command.
switch:admin> ag --policydisable pg
Access Gateway Administrator’s Guide 25 53-1001345-01
Page 46
Port Grouping policy
3
.
Port Grouping policy modes
You can modify certain default behavior such as the following within a port group:
Login Balancing (LB)
If login balancing mode is enabled for a port group and an F_Port goes offline, logins in the port group are redistributed among the remaining F_Ports. Similarly, if an N_Port comes online, port logins in the PG are redistributed to maintain a balanced N_Port-to-F_Port ratio. Please note the following facts about LB mode:
- LB is disruptive. However, you can minimize disruption by disabling or enabling
rebalancing of F_Ports on F_Port offline or N_Port online events.
- You must be explicitly enable LB on a port group.
- F_ports can be directly added to port groups that have Login Balancing mode enabled.
Managed Fabric Name Monitoring (MFNM)
Fabric Name Monitoring mode automatically detects whether all the N_ports within a port group are physically connected to the same physical or virtual fabric. Once a misconnection is detected there are two methods to handle it, depending on the operating mode. For “default” mode a message is logged into RASLOG. For “managed” mode (MFNM), automatic failover disables on all N_ports within the N_port group.
In both default and managed mode, the system queries the fabric name once every 120 seconds to detect inconsistencies such as a port group being connected to multiple fabrics. You can configure the monitoring timeout value to something other than 120 seconds using the ag --pgfnmtov command. Refer to “Setting the current fabric name monitoring timeout
value” on page 28.
Creating a port group and enabling login balancing mode
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgcreate command with appropriate operands to create a port group. In the
following example, a port group named “FirstFabric” is created that includes N_Ports 1 and 3 and has login balancing enabled.
switch:admin> ag --pgcreate 3 “1;3” -n FirstFabric1 -m “lb” Port Group 3 created successfully
3. Enter the ag --pgshow command to verify the port group was created.
switch:admin> ag --pgshow PG_ID PG_Name PG_Mode N_Ports F_Ports
----------------------------------------------­0 pg0 lb,mfnm none none 2 SecondFabric - 0;2 4;5;6 3 FirstFabric lb 1;3 10;11
26 Access Gateway Administrator’s Guide
53-1001345-01
Page 47
Port Grouping policy
3
Rebalancing F_Ports
To minimize disruption that could occur once F_ports go offline or when additional N_ports are brought online you can modify the default behavior of the automatic login balancing feature by disabling or enabling rebalancing of F_Ports when F_Port offline or N_Port online events occur.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the agautomapbalance --enable command with appropriate operands to enable
automatic login redistribution of F_Ports. In the following example, rebalancing of F_Ports in port group 1 in Access Gateway is enabled when an F_Port online event occurs.
switch:admin> agautomapbalance --enable -fport -pg 1
3. Enter the agautomapbalance --disable - all command with appropriate operands to disable
automatic login distribution of N_ports for all PGs in the Access Gateway when an N_Port online event occurs.
switch:admin> agautomapbalance --disable -nport -all
4. Enter the agautomapbalance --disable - all command with appropriate operands to disable
automatic login distribution of F_ports for all port groups in the Access Gateway when an F_Port online event occurs.
switch:admin> agautomapbalance --disable -fport -all
5. Enter the agautomapbalance --show command to display the automatic login redistribution
settings for port groups. In the following example, there are two port groups, 0 and 1.
switch:admin> agautomapbalance --show
AG Policy: pg
-------------------------------------------­PG_ID LB mode nport fport
-------------------------------------------­0 Enabled Enabled Disabled 1 Disabled - -
---------------------------------------------
This command also displays the automatic login redistribution settings for N_Ports and F_Ports as shown in the following example.
switch:admin> agautomapbalance --show
------------------------------------------------­AG Policy: Auto
------------------------------------------------­automapbalance on N_Port Online Event: Disabled automapbalance on F_Port Offline Event: Enabled
-------------------------------------------------
Access Gateway Administrator’s Guide 27 53-1001345-01
Page 48
Port Grouping policy
3
Enabling Managed Fabric Name Monitoring mode
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgsetmodes command with appropriate operands to enable MFNM mode. In
the following example, MFNM mode is enabled for port group 3.
switch:admin> ag --pgsetmodes 3 "mfnm" Managed Fabric Name Monitoring mode has been enabled for Port Group 3
Disabling Managed Fabric Name Monitoring mode
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgdelmodes command with appropriate operands to disable MFNM mode. In
the following example, MFNM mode is disabled for port group 3.
switch:admin> ag --pgdelmodes 3 "mfnm" Managed Fabric Name Monitoring mode has been disabled for Port Group 3 switch:admin> ag --pgshow PG_ID PG_Name PG_Mode N_Ports F_Ports
----------------------------------------------­0 pg0 lb,mfnm 0;2 4;5;6 3 FirstFabric lb 1;3 10;11
-----------------------------------------------
Displaying the current fabric name monitoring timeout value
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgfnmtov command.
switch:admin> ag --pgfnmtov
Fabric Name Monitoring TOV: 120 seconds
Setting the current fabric name monitoring timeout value
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --pgfnmtov command, followed by a value.
switch:admin> ag --pgfnmtov 100
This sets the timeout value to 100 seconds.
Port Grouping policy considerations
Following are the considerations for the Port Grouping policy:
A port cannot be a member of more than one port group.
The PG policy is enabled by default in Fabric OS 6.0 and higher. A default port group “0” (PG0)
is created, which contains all ports on the AG.
APC policy and PG policy are mutually exclusive. You cannot enable these policies at the same
time.
28 Access Gateway Administrator’s Guide
53-1001345-01
Page 49
Persistent ALPA Policy
3
If an N_Port is added to a port group or deleted from a port group and login balancing is
enabled or disabled for the port group, the N_Port maintains its original failover or failback setting. If an N_Port is deleted from a port group, it automatically gets added to port group 0.
When specifying a preferred secondary N_Port for a port group, the N_Port must be from the
same group. If you specify an N_Port as a preferred secondary N_Port and it already belongs to another port group, the operation fails. Therefore, it is recommended to form groups before defining the preferred secondary path.
If the PG policy is disabled while a switch in AG mode is online, all the defined port groups are
deleted, but the F_Port-to-N_Port mapping remains unchanged. Before disabling the PG policy, you should save the configuration using the configupload command in case you might need this configuration again.
If N_Ports connected to unrelated fabrics are grouped together, N_Port failover within a port
group can cause the F_Ports to connect to a different fabric and the F_Ports may lose connectivity to the targets they were connected to before the failover, thus causing I/O disruption as shown in Figure 7 on page 24. Ensure that the port group mode is set to
Managed Fabric Name Monitoring (MFNM) mode. This monitors the port group to detect
connection to multiple fabrics and disables failover of the N-ports in the port group. For more information on MFNM, refer to “Enabling Managed Fabric Name Monitoring mode” on page 28.
Upgrade and downgrade considerations for the Port Grouping policy
Downgrading to Fabric OS v6.2.0 or earlier is supported. Note the following considerations when upgrading and downgrading from Fabric OS v6.3.0 to Fabric OS v6.2.0 and earlier:
When upgrading to Fabric OS v6.3.0, the PG policy that was enforced in Fabric OS v6.2.0
continues to be enforced in Fabric OS v6.3.0 and the port groups are retained. You should save the configuration file using the configupload command in case you might need this configuration again.
If you upgrade from Fabric OS 5.3.0 to 6.0 or higher, you will not see any change in device
behavior where the Port Grouping policy is enabled by default.
Persistent ALPA Policy
This policy is meant for host systems with proprietary operating systems that cannot handle different ALPA addresses across login sessions. The persistent ALPA policy for switches in Access Gateway mode lets you configure the AG module so that the host gets the same ALPA when the host logs out and logs in from the same F_Port.
The benefit of this feature is that it will ensure a host has the same ALPA on the F_ports though the host power cycle. You can also achieve the same behavior and benefit by setting the same policy in the main (core) fabric. When this feature is enabled, AG will request the same ALPA from the core fabric. However, depending on the Fabric, this request may be denied or a different ALPA may be generated. In this case two options are available.
In “Flexible” mode the AG will only log an event that it did not receive the same ALPA from the
core fabric and continues the operation.
Access Gateway Administrator’s Guide 29 53-1001345-01
Page 50
Persistent ALPA Policy
3
In the “Stringed” mode if the requested ALPA is not available the server login will be rejected
and the server port will not be able to log in into the fabric.
Enabling Persistent ALPA
By default, Persistent ALPA is disabled. You can enable Persistent ALPA using the ag
--persistentalpaenable command with the following syntax and with one of the following value
types:
ag -persistentalpaenable 1/0[On/Off] -s/-f[Stringent/Flexible]
Flexible ALPA assigns an unassigned ALPA value when the ALPA assigned to the device is taken
by another host.
Stringent ALPA causes the host login request to be rejected by AG if assignment of the same
ALPA is not possible.
To enable Persistent ALPA, use the following steps.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag stringent mode.
switch:admin> ag --persistentalpaenable 1 -s/-f
To ensure consistency among the different devices, after Persistent ALPA is enabled, all the ALPAs become persistent whether they were logged in before the Persistent ALPA feature was enabled or not.
--persistentalpaenable command to enable persistent ALPA in flexible or
Disabling Persistent ALPA
When you disable this feature, do not specify the value type, for example flexible ALPA or stringent ALPA. Use the following steps.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --persistentalpadisable
--persistentalpadisable command.
Persistent ALPA device data
Access Gateway uses a table to maintain a list of available and used ALPAs. When the number of entries in this table is exhausted, the host receives an error message. You can remove some of the entries to make space using instructions under “Removing device data from the database” next.
Removing device data from the database
Use the following steps to remove device data from the database.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --deletepwwnfromdb PWWN
30 Access Gateway Administrator’s Guide
--deletepwwnfromdb command.
53-1001345-01
Page 51
Persistent ALPA Policy
3
Displaying device data
You can view the device data and the PWWN mapping with the ALPA of the host related to any ports you delete from the database.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag entry for a specific F_Port. The following example will display an entry for F_Port 2.
switch:admin> ag --printalpamap 2
--printalpamap command with the appropriate operand to display a database
Clearing ALPA values
You can clear the ALPA values for a specific port. Clearing ALPA values removes the PWWN mapping with the ALPA value. The work online data is the only online device data kept intact.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag PWW-to-ALPA mapping for a specific port. In the following example, the mapping for port 2 is cleared from the database.
switch:admin> ag --clearalpamap 2
NOTE
All the data must be persistent in case of a reboot. During a reboot, the tables will be dumped to the persistent_NPIV_config file.
--clearalpamap command with the appropriate operand to remove the
Persistent ALPA policy considerations
The Persistent ALPA feature is not supported in the following:
Shared ports of 48-port blades
CISCO fabrics
Enable Persistent FCID mode on the Cisco switch to achieve the same functionality.
Upgrade and downgrade considerations for Persistent ALPA
Downgrading to Fabric OS v6.2.0 or earlier is supported. When downgrading to Fabric OS v6.2.0 or earlier, if the Persistent ALPA feature is enabled, clear all the data from the database, and then disable this feature before downgrading. For information on how to clear data from the database, see “Removing device data from the database” on page 30.
Access Gateway Administrator’s Guide 31 53-1001345-01
Page 52
Failover
3
Failover
Access Gateway Failover ensures maximum uptime for the servers. When a port is configured as an N_Port, failover is enabled by default and is enforced during power-up. Failover allows F_Ports to automatically remap to an online N_Port if the primary N_Port goes offline. If multiple N_Ports are available for failover, failover evenly distributes the F_Ports to available N_Ports belonging to the same N_Port group. If no other N_Port is available, failover does not occur.
AG provides an option to specify a secondary failover N_Port for an F_Port. This N_Port is called the preferred secondary N_Port for failover. If you specify a preferred secondary N_Port for any of the F_Ports, and if the primary mapped N_Port goes offline, the F_Ports will fail over to the preferred secondary N_Port (if it is online), then re-enable.
The preferred secondary N_Port that you specify must be online; otherwise, the F_Ports will become disabled. The preferred secondary N_Port is defined per F_Port. For example, if two F_Ports are mapped to a primary N_Port 1, you can define a secondary N_Port for one of those F_Ports and not define a secondary N_Port for the other F_Port. Refer to “Adding a preferred
secondary N_Port” on page 34 for more information.
Failover configurations in Access Gateway
The following sequence describes how a failover event occurs:
An N_Port goes offline.
All F_Ports mapped to that N_Port are disabled.
If the N_Port Failover configuration is enabled and a preferred secondary N_Port is specified
for the F_Port (and that N_Port is online), the F_Port fails over to the secondary N_Port, then re-enables. If the preferred port is not set, then the F_Port fails over to any available N_port in the port group. Otherwise the F_ports will be evenly distributed among available online N_ports that are part of the same port group.
Example: Failover configuration
This example shows the failover behavior in a scenario where two fabric ports go offline, one after the other. Note that this example assumes that no preferred secondary N_Port is set for any of the F_Ports.
First the Edge switch F_A1 port goes offline, as shown in Figure 8 on page 33 Example 1 (left),
causing the corresponding Access Gateway N_1 port to be disabled.
The ports mapped to N_1 fail over; F_1 fails over to N_2 and F_2 fails over to N_3.
Next the F_A2 port goes offline, as shown in Figure 8 on page 33 Example 2 (right), causing
the corresponding Access Gateway N_2 port to be disabled.
The ports mapped to N_2 (F_1, F_3, and F_4) fail over to N_3 and N_4. Note that the F_Ports are evenly distributed to the remaining online N_Ports and that the F_2 port did not participate in the failover event.
32 Access Gateway Administrator’s Guide
53-1001345-01
Page 53
Failover
3
Example 1
Hosts
Host_1
Host_2
Host_3
Host_4
Host_5
Host_6
Host_7
Host_8
Access Gateway
F_1
F_2
F_3
F_4
F_5
F_6
F_7
F_8
N_1
N_2
N_3
N_4
Fabric
Edge Switch
(Switch_A)
F_A1
NPIV enabled
F_A2
NPIV enabled
Edge Switch
(Switch_B)
F_B1
NPIV enabled
F_B2
NPIV enabled
Example 2
Hosts
Host_1
Host_2
Host_3
Host_4
Host_5
Host_6
Host_7
Host_8
Access Gateway
F_1
F_2
F_3
F_4
F_5
F_6
F_7
F_8
N_1
N_2
N_3
N_4
Edge Switch
F_A1
NPIV enabled
F_A2
NPIV enabled
Edge Switch
F_B1
NPIV enabled
F_B2
NPIV enabled
Legend
Physical connection Mapped online Failover route online Original mapped route
(offline)
Fabric
(Switch_A)
(Switch_B)
FIGURE 8 Example 1 and 2 Failover behavior
Enabling and disabling Failover on a N_Port
Use the following steps to enable or disable failover policy on an N_port.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --failovershow 13 Failover on N_Port 13 is not supported
3. Enter the ag --failoverenable n_portnumber command to enable failover.
switch:admin> ag --failoverenable 13 Failover policy is enabled for port 13
4. Enter the ag --failoverdisable n_portnumber command to disable failover.
switch:admin> ag --failoverdisable 13 Failover policy is disabled for port 13
--failovershow n_portnumber command to display the failover setting.
Access Gateway Administrator’s Guide 33 53-1001345-01
Page 54
3
Failover
Enabling and disabling Failover for a port group
Failover policy can be enabled on a port group. To enable or disable use the following steps to enable or disable failover on all the N_ports belonging to the same port group.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --failoverenable -pg 3 Failover policy is enabled for port group 3
3. Enter the ag --failoverdisable -pg pgid command to disable failover.
switch:admin> ag --failoverdisable -pg 3 Failover policy is disabled for port group 3
--failoverenable -pg pgid command to enable failover.
Upgrade and downgrade considerations for Failover
Consider the following when upgrading or downgrading Fabric OS versions.
Downgrading to Fabric OS v6.2.0 or earlier is supported.
Upgrading from 6.2.0 to 6.3.0 or downgrading from 6.3.0 to 6.2.0 will not change Failover
settings.
Adding a preferred secondary N_Port
F_ports automatically fail over to any available N_port. Alternatively, you can specify a preferred secondary N_Port for mapping in case the primary N_port has failed. The F_Ports must have a primary N_Port mapping before a secondary N_Port can be configured.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --prefset command with the “F_Port1;F_Port2; ...” N_Port operands to add the preferred secondary F_Ports to the specified N_Port.
The F_Ports must be enclosed in quotation marks and the port numbers must be separated by a semicolon, for example:
switch:admin> ag --prefset "3;9" 4 Preferred N_Port is set successfully for the F_Port[s]
NOTE
Preferred mapping is not allowed when login balancing mode is enabled for a port group, so there is no preferred secondary N_Port. All N_Ports are the same when login balancing is enabled.
Deleting F_Ports from a preferred secondary N_Port
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag --prefdel command with the "F_Port1;F_Port2;..." N_Port operands to delete F_Ports from an N_Port.
34 Access Gateway Administrator’s Guide
53-1001345-01
Page 55
Failback
Failback
The list of F_Ports must be enclosed in quotation marks. Port numbers must be separated by a semicolon. In the following example, F_Ports 3 and 9 are deleted from preferred secondary N_Port 4.
switch:admin> ag --prefdel "3;9" 4 Preferred N_Port is deleted successfully for the F_Port[s]
Failback policy provides a means for hosts that have failed over to move back to their intended N_ports when these N_ports come back online. When Failback is enabled, all F_Ports automatically reroute back to these primary-mapped N_Ports. Failback is an N_Port parameter and is enabled by default.
Only the originally mapped F_Ports fail back. In the case of multiple N_Port failures, only F_Ports that were mapped to the recovered N_Port experience failback. The remaining F_Ports are not redistributed among the online N_Ports during the failback.
3
Failback configurations in Access Gateway
The following sequence describes how a failback event occurs:
When an N_Port comes back online, with Failback enabled, the F_Ports that were originally
mapped to it are disabled.
The F_Port is rerouted to the primary mapped N_Port, and then re-enabled.
The host establishes a new connection with the fabric.
Example: Failback configuration
In Example 3, described in Figure 9 on page 36, the Access Gateway N_1 remains disabled because the corresponding F_A1 port is offline. However, N_2 comes back online. See Figure 8 on page 33 for the original fail over scenario.
The ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
Access Gateway Administrator’s Guide 35 53-1001345-01
Page 56
3
Failback
Example 3
Hosts
Host_1
Host_2
Host_3
Host_4
Host_5
Host_6
Host_7
Host_8
F_1
F_2
F_3
F_4
F_5
F_6
F_7
F_8
FIGURE 9 Failback behavior
Access Gateway
N_1
N_2
N_3
N_4
Edge Switch
(Switch_A)
F_A1
NPIV enabled
F_A2
NPIV enabled
Edge Switch
(Switch_B)
F_B1
NPIV enabled
F_B2
NPIV enabled
Fabric
Legend
Physical connection Mapped online Failover route online Original mapped route (offline)
Enabling and disabling Failback on an N_Port
Use the following steps to enable or disable Failback on N_Ports.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the ag
switch:admin> ag --failbackshow 13 Failback on N_Port 13 is not supported
3. Use the following commands to enable or disable Failback:
Enter the ag --failbackenable n_portnumber command to enable failback.
switch:admin> ag --failbackenable 13 Failback policy is enabled for port 13
Enter the ag --failbackdisable n_portnumber command to disable failback.
switch:admin> ag --failbackdisable 13 Failback policy is disabled for port 13
--failbackshow n_portnumber command to display the failover setting.
36 Access Gateway Administrator’s Guide
53-1001345-01
Page 57
Trunking in Access Gateway mode
Enabling and disabling Failback for a port group
Use the following steps to enable or disable Failback policy on all the N_ports belonging to the same port group.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Use the following commands to enable or disable Failback for a port group:
Enter the ag --failbackenable pg pgid command to enable failback on a port group.
switch:admin> ag --failbackenable -pg 3 Failback policy is enabled for port group 3
Enter the ag --failbackdisable pg pgid command to disable failback on a port group.
switch:admin> ag --failbackdisable -pg 3 Failback policy is disabled for port group 3
Upgrade and downgrade considerations for Failback
Downgrading to Fabric OS v6.2.0 or earlier is supported.
Upgrading from Fabric OS v6.2.0 is supported.
3
Trunking in Access Gateway mode
Brocade’s hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_ports when they are connected to Brocade fabrics. Port Trunking combines multiple links between the switch and AG module to form a single, logical port. This enables fewer individual links, thereby simplifying management. This also improves system reliability by maintaining in-order delivery of data and avoiding I/O retries if one link within the trunk fails. Equally important is that framed-based trunking provides maximum utilization of links between the AG module and the core fabric.
Trunking allows transparent failover and failback within the trunk group. Trunked links are more efficient because of the trunking algorithm implemented in the switching ASICs that distributes the I/O more evenly across all the links in the trunk group.
Trunking in Access Gateway is configured on the Access Gateway and the Edge switch. To enable this feature, you must install the Brocade ISL license on both the Edge switch and the module running in AG mode and ensure that both modules are running the same Fabric OS version. If a switch already has an ISL Trunking license, no new license is required. After the trunking license is installed on a switch in AG mode and you change the switch to standard mode, you can keep the same license.
How Trunking works
Trunking in Access Gateway mode provides a trunk group between N_Ports on the AG module and F_Ports on the Edge switch module. With trunking, any link within a trunk group can go offline or become disabled, but the trunk remains fully functional and no re-configuration is required. Trunking prevents reassignments of the Port ID when N_Ports go offline.
Access Gateway Administrator’s Guide 37 53-1001345-01
Page 58
Trunking in Access Gateway mode
3
Trunking on the Edge switch in Access Gateway mode
As all AG Trunking configuration is done on the Edge switch, information in this section is applicable to the Edge switch module and not the AG module. On the AG module you only need to ensure that the trunking license is applied and enabled. On the Edge switch, you must first configure an F_Port Trunk group and statically assign an Area_ID within the trunk group. Assigning a Trunk Area (TA) to a port or trunk group enables F_Port masterless trunking on that port or trunk group. On switches running in Access Gateway mode, the masterless trunking feature trunks N_Ports because these are the only ports that connect to the Enterprise fabric. When a TA is assigned to a port or trunk group, the ports will immediately acquire the TA as the area of its process IDs (PID). When a TA is removed from a port or trunk group, the port reverts to the default area as its PID.
NOTE
By default, Trunking is enabled on all N_Ports of the AG; ensure that this feature is enabled on N_Ports that are part of port trunk group.
Trunk group creation
Por t trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports, for example ports 0-3. The Brocade 300 switch supports a trunk group with up to eight ports. The trunking groups are based on the user port number, with contiguous eight ports as one group, such as 0-7, 8-15, 16-23 and up to the number of ports on the switch.
Setting up F_Port trunking
F_Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports, for example ports 0-3 in the figure shown below. The Brocade 300 platform supports a trunk group with up to eight ports. The trunking groups are based on the user port number, with contiguous eight ports as one group, such as 0-7, 8-15, 16-23 and up to the number of ports on the switch.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Ensure that both modules (Edge switch and the switch running in AG mode) have the trunking licenses enabled.
3. Ensure that the ports have trunking enabled by issuing the portcfgshow command. If Trunking is not enabled, issue the portcfgttrunkport port 1 command.
4. Ensure that ports will become the same speed within the trunk.
5. Ensure that Edge switch F_Port trunk ports are connected within the asic supported trunk group on AG switch.
6. Ensure that both modules are running the same Fabric OS versions.
38 Access Gateway Administrator’s Guide
53-1001345-01
Page 59
Trunking in Access Gateway mode
3
Configuration management for trunk areas
Ports from different ADs are not allowed to join the same Trunk Area group. The porttrunkarea command prevents the different AD's from joining the TA group.
When you assign a TA, the ports within the TA group will have the same Index. The Index that was assigned to the ports is no longer part of the switch. Any Domain,Index (D,I) AD that was assumed to be part of the domain may no longer exist for that domain because it was removed from the switch.
Example: How Trunk Area assignment affects the port Domain,Index
If you have AD1: 3,7; 3,8; 4,13; 4,14 and AD2: 3,9; 3,10, and then create a TA with Index 8 with ports that have index 7, 8, 9, and 10. Then index 7, 9, and 10 are no longer with domain 3. This means that AD2 does not have access to any ports because index 9 and 10 no longer exist on domain 3. This also means that AD1 no longer has 3,7 in effect because Index 7 no longer exists for domain 3. AD1's 3,8, which is the TA group, can still be seen by AD1 along with 4,13 and 4,14.
A port within a TA can be removed, but this adds the Index back to the switch. For example, the same AD1 and AD2 with TA 8 holds true. If you remove port 7 from the TA, it adds Index 7 back to the switch. That means AD1's 3,7 can be seen by AD1 along with 3,8; 4,13 and 4,14.
Assigning a Trunk Area
You must enable trunking on all ports to be included in a Trunk Area before you can create a Trunk Area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all ports of a switch.
Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a TA from a port or group of ports in a trunk, and to display masterless trunking information.
You can remove specified ports from a TA using the porttrunkarea --disable command; however this command does not unassign a TA if its previously assigned Area_ID is the same address identifier (Area_ID) of the TA unless all the ports in the trunk group are specified to be unassigned. For more information on the porttrunkarea command, enter help porttrunkarea or see the Fabric OS Command Reference. F_Port trunking will not support shared area ports 16-47 on the Brocade FC8-48 blades.
The following table shows an example of the Address Identifier.
TABLE 7 Address identifier
23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Domain ID Area_ID Port ID
Address Identifier
1. Connect to the switch and log in using an account assigned to the admin role.
2. Disable the ports to be included in the TA.
3. Enable TA for the appropriate ports. In the following example, TA is enabled for ports 13 and 14 on slot 10 with port index of 125.
switch:admin> porttrunkarea --enable 10/13-14 -index 125 Trunk index 125 enabled for ports 10/13 and 10/14
4. Show the TA port configuration (ports still disabled).
switch:admin> porttrunkarea --show enabled
Access Gateway Administrator’s Guide 39 53-1001345-01
Page 60
Trunking in Access Gateway mode
3
Slot Port Type State Master TI DI
------------------------------------------­10 13 -- -- -- 125 125 10 14 -- -- -- 125 126
-------------------------------------------
5. Enable ports specified in step 3. Continuing with the example shown in step 3, this would mean enabling ports 13 and 14.
switch:admin> portenable 10/13 switch:admin> portenable 10/14
6. Show the TA port configuration after enabling the ports:
switch:admin> porttrunkarea --show enabled Slot Port Type State Master TI DI
------------------------------------------­10 13 F-port Master 10/13 125 125 10 14 F-port Slave 10/13 125 126
Enabling the DCC policy on trunk
1. After you assign a Trunk Area, the porttrunkarea command checks whether there are any active DCC policies on the port with the index TA, and then issues a warning to add all the device WWNs to the existing DCC policy with index as TA.
All DCC policies that refer to an Index that no longer exist will not be in effect.
2. Add the WWN of all the devices to the DCC policy against the TA.
3. Enter the secpolicyactivate command to activate the DCC policy.
You must enable the TA before issuing the secpolicyactivate command in order for security to enforce the DCC policy on the trunk ports.
4. Turn on the trunk ports.
Trunk ports should be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in the case where there is a DCC security policy violation.
Enabling Access Gateway trunking
Ports 16-47 on the FC8-48 blade may not be used for AG F_Port Trunking connections.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Disable the desired ports by entering the portdisable port command for each port to be included in the TA.
3. Enter the porttrunkarea for the desired ports. For example, if ports 36-39 were disabled in step 2, then the example command shown below forms a trunk group for ports 36-39 with index 37. These will be connected to N_Ports on an AG module.
switch:admin> porttrunkarea --enable 36-39 -index 37 Trunk area 37 enabled for ports 36, 37, 38 and 39.
--enable 3 command with appropriate operands to form a trunk group
4. Enter the portenable port command for each port in the TA to re-enable the desired ports, such as ports 36-39.
40 Access Gateway Administrator’s Guide
53-1001345-01
Page 61
Trunking in Access Gateway mode
5. Enter the switchshow command to display the switch or port information:
switch:admin> switchshow switchName: SPIRIT_B4_01 switchType: 66.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 2 switchId: fffc02 switchWwn: 10:00:00:05:1e:41:22:80 zoning: OFF switchBeacon: OFF FC Router: ON FC Router BB Fabric ID: 100 Area Port Media Speed State Proto
=====================================
0 0 -- N8 No_Module 1 1 -- N8 No_Module 2 2 -- N8 No_Module 3 3 -- N8 No_Module 4 4 -- N8 No_Module 5 5 -- N8 No_Module 6 6 -- N8 No_Module 7 7 -- N8 No_Module 8 8 id N4 Online F-Port 10:00:00:00:00:01:00:00 9 9 -- N8 No_Module 10 10 -- N8 No_Module 11 11 -- N8 No_Module 12 12 -- N8 No_Module 13 13 -- N8 No_Module 14 14 -- N8 No_Module 15 15 -- N8 No_Module 16 16 -- N8 No_Module 17 17 -- N8 No_Module 18 18 -- N8 No_Module 19 19 -- N8 No_Module 20 20 -- N8 No_Module 21 21 -- N8 No_Module 22 22 -- N8 No_Module 23 23 -- N8 No_Module 24 24 -- N8 No_Module 25 25 -- N8 No_Module 26 26 -- N8 No_Module 27 27 -- N8 No_Module 28 28 -- N8 No_Module 29 29 -- N8 No_Module 30 30 -- N8 No_Module 31 31 -- N8 No_Module 32 32 id N4 No_Light 33 33 id N4 No_Light 34 34 id N4 No_Light 35 35 id N4 No_Light 36 36 id N4 Online F-Port 20:14:00:05:1e:41:4b:4d 37 37 id N4 Online F-Port 20:15:00:05:1e:41:4b:4d 38 38 id N4 Online F-Port 20:16:00:05:1e:41:4b:4d 39 39 id N4 Online F-Port 2 NPIV public
3
Access Gateway Administrator’s Guide 41 53-1001345-01
Page 62
Trunking in Access Gateway mode
3
6. Display TA-enabled port configuration:
switch:admin> porttrunkarea --show enabled
Port Type State Master TA DA
------------------------------------­36 -- -- -- 37 36 37 -- -- -- 37 37 38 -- -- -- 37 38 39 -- -- -- 37 39
Disabling F_Port trunking
Use the following steps to disable F_Port Trunking.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the porttrunkarea --disable
switch:admin> porttrunkarea --disable 36-39 ERROR: port 36 has to be disabled
command.
Disable each port prior to removing ports from the TA. Then reissue the command:
switch:admin> porttrunkarea --disable 36-39 Trunk area 37 disabled for ports 36, 37, 38 and 39.
F_Port Trunking monitoring
For F_Port masterless trunking, you must install Filter, EE or TT monitors on the F_Port trunk port. Whenever the master port changes, it is required to move the monitor to the new master port. For example, if a master port goes down, a new master is selected from the remaining slave ports. APM must delete the monitor from the old master and install the monitor on new master port. If you attempt to add a monitor to a slave port, it is automatically added to the master port.
Trunking considerations for the Edge switch
Tab le 8 describes the Access Gateway trunking considerations for the Edge switch.
TABLE 8 Access Gateway trunking considerations for the Edge switch
Category Description
Area assignment You statically assign the area within the trunk group on the Edge
switch. That group is the F_Port masterless trunk.
42 Access Gateway Administrator’s Guide
The static trunk area you assign must fall within the F_Port trunk group starting from port 0 on a Edge switch or blade.
The static trunk area you assign must be one of the port’s default areas of the trunk group.
53-1001345-01
Page 63
Trunking in Access Gateway mode
TABLE 8 Access Gateway trunking considerations for the Edge switch
Category Description
Authentication Authentication occurs only on the F_Port trunk master port and
only once per the entire trunk. This behavior is same as E_Port trunk master authentication. Because only one port in the trunk does FLOGI to the switch, and authentication follows FLOGI on that port, only that port displays the authentication details when you issue the portshow command.
Note: Switches in Access Gateway mode do not perform authentication.
Management Server Registered Node ID (RNID), Link Incident Record Registration
(LIRR), and (QSA) Query Security Attributes ELSs are not supported on F_Port trunks.
Trunk area The port must be disabled before assigning a Trunk Area on the
Edge switch to the port or removing a Trunk Area from a trunk group.
You cannot assign a Trunk Area to ports if the standby CP is running a firmware version earlier than Fabric OS V6.2.0.
PWWN The entire Trunk Area trunk group share the same Port WWN
within the trunk group. The PWWN is the same across the F_Port trunk that will have 0x2f or 0x25 as the first byte of the PWWN. The TA is part of the PWWN in the format listed in Table 9 on page 45.
Downgrade You can have trunking on, but you must disable the trunk ports
before performing a firmware downgrade.
3
Note: Removing a Trunk Area on ports running traffic is disruptive. Use caution before assigning a Trunk Area if you need to downgrade to a firmware earlier than Fabric OS v6.1.0.
Upgrade No limitations on upgrade to Fabric OS v6.3.0 if the F_Port is
present on the switch. Upgrading is not disruptive.
HA Sync If you plug in a standby-CP with a firmware version earlier than
Fabric OS v6.1.0 and a Trunk Area is present on the switch, the CP blades will become out of sync.
Port Types Only F_Port trunk ports are allowed on a Trunk Area port. All other
port types that include F/FL/E/EX are persistently disabled.
Default Area Port X is a port that has its Default Area the same as its Trunk
Area. The only time you can remove port X from the trunk group is if the entire trunk group has the Trunk Area disabled.
portCfgTrunkPort port, 0 portCfgTrunkPort port, 0 will fail if a Trunk Area is enabled on a
port. The port must be Trunk Area-disabled first.
switchCfgTrunk 0 switchCfgTrunk 0 will fail if a port has TA enabled. All ports on a
switch must be TA disabled first.
Port Swap When you assign a Trunk Area to a trunk group, the Trunk Area
cannot be port swapped; if a port is swapped, then you cannot assign a Trunk Area to that port.
Trunk Master No more than one trunk master in a trunk group. The second
trunk master will be persistently disabled with reason “Area has been acquired”.
Access Gateway Administrator’s Guide 43 53-1001345-01
Page 64
Trunking in Access Gateway mode
3
TABLE 8 Access Gateway trunking considerations for the Edge switch
Category Description
Fast Write When you assign a Trunk Area to a trunk group, the trunk group
FICON FICON is not supported on F_port trunk ports. However, FICON
FC8-48 blades F_Port Trunking does not support shared area ports on the
FC4-32 blade If an FC4-32 blade has the Trunk Area enabled on ports 16 - 31
Trunking You must first enable Trunking on the port before the port can
PID format F_Port masterless trunking is only supported in CORE PID format.
Long Distance Long distance is not allowed when AG is enabled on a switch. This
Port mirroring Port mirroring is not supported on Trunk Area ports or on the PID
configdownload and configupload If you issue the configdownload command for a port configuration
cannot have fast write enabled on those ports; if a port is fast write enabled, the port cannot be assigned a Trunk Area.
can still run on ports that are not F_Port trunked within the same switch.
Brocade FC8-48 blades in a 48000. F_Port Trunking is supported on all ports on the Brocade FC8-48 in the DCX and DCX-4S.
and the blade is swapped with a FC8-48 ports will be persistently disabled. You can run the porttrunkarea command to assign a Trunk Area on those ports.
have a Trunk Area assigned to it.
means you cannot enable long distance on ports that have a Trunk Area assigned to them.
of an F_Port trunk port.
that is not compatible with F_Port trunking, and the port is Trunk Area enabled, then the port will be persistently disabled.
blade, the Trunk Area
Note: Configurations that are not compatible with F_Port trunking are long distance, port mirroring, non-CORE_PID, and Fastwrite.
If you issue the configupload command, consider the following:
A configuration file uploaded when AG mode is disabled
cannot be downloaded when AG mode is enabled.
A configuration file uploaded when AG mode is enabled
cannot be downloaded when AG mode is disabled.
A configuration file uploaded when the PG policy is
enabled cannot be downloaded when the APC policy is enabled.
A configuration file uploaded when the APC policy is
enabled cannot be downloaded when the PG policy is enabled.
ICL port F_Port trunks are not allowed on ICL ports. The porttrunkarea
command does not allow it.
AD You cannot create a Trunk Area on ports with different Admin
Domains. You cannot create a Trunk Area in AD255.
44 Access Gateway Administrator’s Guide
53-1001345-01
Page 65
Trunking in Access Gateway mode
TABLE 8 Access Gateway trunking considerations for the Edge switch
Category Description
DCC Policy DCC policy enforcement for the F_Port trunk is based on the Trunk
Area; the FDISC requests to a trunk port is accepted only if the WWN of the attached device is part of the DCC policy against the TA. The PWWN of the FLOGI sent from the AG will be dynamic for the F_Port trunk master. Because you do not know ahead of time what PWWN AG will use, the PWWN of the FLOGI will not go through DCC policy check on an F_Port trunk master. However, the PWWN of the FDISC will continue to go through DCC policy check.
D.I. Zoning (D,I) AD (D, I) DCC and (PWWN, I) DCC
Creating a Trunk Area may remove the Index (“I”) from the switch to be grouped to the Trunk Area. All ports in a Trunk Area share the same “I”. This means that Domain,Index (D,I), which refer to an “I”, that might have been removed, will no longer be part of the switch.
Note: Ensure to include AD, zoning and DCC when creating a Tru n k Area.
You can remove the port from the Trunk Area to have the “I” back into effect. D,I will behave as normal, but you may see the effects of grouping ports into a single “I”.
3
Also, D,I continues to work for Trunk Area groups. The “I” can be used in D,I if the “I” was the “I” for the Trunk Area group.
Note: “I” refers to Index and D,I refers to Domain,Index.
Two masters Two masters is not supported in the same F_Port trunk group.
QoS Supported.
The following table describes the PWWN format for F_Port and N_Port trunk ports.
TABLE 9 PWWN format for F_Port and N_Port trunk ports
NAA = 2 2f:xx:nn:nn:nn:nn:nn:nn
(1)
NAA = 2 25:xx:nn:nn:nn:nn:nn:nn
(1)
Port WWNs for: switch’s FX_Ports.
Port WWNs for: switch's FX_Ports
The valid range of xx is [0 - FF], for maximum of 256.
The valid range of xx is [0 - FF], for maximum of 256.
3. Configure the trunk on the Edge switch by assigning the Trunk Area (TA) using procedures under “Assigning a Trunk Area” on page 39.
4. Enable F_Port trunking.
Access Gateway Administrator’s Guide 45 53-1001345-01
Page 66
Adaptive Networking on Access Gateway
3
Trunking considerations for Access Gateway mode
Consider the following for Trunking in Access Gateway mode:
Access Gateway trunking is not supported on M-EOS or third-party switches.
Trunk groups cannot span across multiple N_Port groups within an AG module in AG mode.
Multiple trunk groups are allowed within the same N_Port group. All ports within a trunk group must be part of the same port group; ports outside of a port group cannot form a trunk group
Upgrade and downgrade considerations for Trunking in Access Gateway mode
Upgrading and downgrading from Fabric OS v6.3.0 to Fabric OS v6.2.0 and earlier is supported.
Adaptive Networking on Access Gateway
Adaptive Networking (AN) ensures bandwidth for critical servers, virtual servers, or applications in addition to reducing latency and minimizing congestion. Adaptive Networking works in conjunction with the Quality of Service (QoS) feature on Brocade switches. Fabric OS provides a mechanism to assign traffic priority, (high, medium, or low) for a given source and destination traffic flow. By default, all flows are marked as medium.
The following must be appropriately installed:
The Adaptive Networking (AN) license must be installed on all switches and AGs to take
advantage of the QoS and Ingress Rate Limiting features.
The Server Application Optimization (SAO) license must be installed to extend QoS features to
Brocade HBAs.
To determine if these licenses are installed on the connected switch, issue the Fabric OS licenseshow command. Refer to the Fabric OS Administrator's Guide for detailed information about QoS.
You can configure the ingress rate limiting and SID/DID traffic prioritization levels of QoS for the following configurations:
Brocade HBA to AG to switch
Non-Brocade HBA to AG to switch
HBA (Brocade or non-Brocade) to Edge AG to Core AG to switch
For additional information on the Brocades adapters, refer to the Brocade Adapters Administrator's Guide (53-1001256-01).
QoS: Ingress Rate Limiting on AG
Ingress rate limiting restricts the speed of traffic from a particular device to the switch port. On switches in AG mode, you must configure ingress rate limiting on F_Ports.
For more information and procedures for configuring this feature, refer to “QoS: Ingress Limiting” in the Fabric OS Administrator’s Guide.
46 Access Gateway Administrator’s Guide
53-1001345-01
Page 67
Adaptive Networking on Access Gateway
3
QoS: SID/DID traffic prioritization
SID/DID traffic prioritization allows you to categorize the traffic flow between a given host and target as having a high or low priority; the default is medium. For example, you can assign online transaction processing (OLTP) to a high priority and the backup traffic to a low priority.
For detailed information on this feature, refer to “QoS: SID/DID traffic prioritization” in the Fabric
OS Administrator’s Guide.
Figure 10 on page 47 shows the starting point for QoS in various Brocade and Non-Brocade
configurations.
FIGURE 10 Starting point for QoS
Upgrade and downgrade considerations with Adaptive Networking in AG mode enabled
Downgrading to Fabric OS v6.2.0 or earlier is supported. Note the following considerations when upgrading and downgrading from Fabric OS v6.3.0 to Fabric OS v6.2.0 and earlier:
If any of the AG QoS enabled ports are active and you attempt a firmware downgrade, the
downgrade is prevented. You must disable the QoS-enabled ports before performing a firmware downgrade.
Upgrades from earlier versions to Fabric OS v6.3.0 are allowed, but AG QoS-enabled ports do
not become effective until the ports are disabled or enabled so that QoS mode can be negotiated on the ISL links.
Adaptive Networking on Access Gateway considerations
QoS is configured in the fabric, as normal, and not in the AG module. To extend QoS benefits to
AG and devices behind it you only need to ensure that the AN and/or SAO licenses are applied and enabled on the AG module.
QoS on Access Gateway is only supported on Fabric OS 6.3.
You should disable HBA QoS if connected to a 6.2 version AG.
Access Gateway Administrator’s Guide 47 53-1001345-01
Page 68
Adaptive Networking on Access Gateway
3
Disable QoS on an AG port if it connects with a switch running Fabric OS 6.2. Otherwise, the
port will automatically disable with an error. To recover, disable QoS on the port, then enable the port.
Disabling QoS on online N_Ports in the same trunk can cause the slave NPIV F_Port on the
edge switch to become persistently disabled with “Area has been acquired.” This is expected behavior because after QOS is disabled, the slave NPIV F_Port on the edge switch also tries to come up as a master. To avoid this issue, simply persistently enable the slave F_Port on the switch.
QoS takes precedence over ingress rate limiting
Ingress rate limiting is not enforced on trunked ports.
48 Access Gateway Administrator’s Guide
53-1001345-01
Page 69
Chapter
SAN Configuration with Access Gateway
In this chapter
Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Fabric and Edge switch configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Rejoining Fabric OS switches to a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Connectivity of multiple devices overview
This chapter describes how to connect multiple devices to a switch in Access Gateway (AG) mode, discusses Edge switch compatibility, port requirements, NPIV HBA, and interoperability. AG does not support daisy chaining when two AG devices are connected to each other in a loop configuration. Switches in AG mode can connect to third-party fabrics with the following firmware versions:
4
M-EOSc v9.6.2 or later and M-EOSn v9.6 or later.
Cisco MDS Switches with SAN OS v3.0(1).
Loop devices and FICON channels/control unit connectivity are not supported.
When a switch is in AG mode, it can be connected to NPIV-enabled HBAs, or F_Ports that are
NPIV-aware. Access Gateway supports NPIV industry standards per FC-LS-2 v1.4.
Access Gateway cascading
Cascading is an advanced configuration supported in Access Gateway mode. You can use cascading to further increase the ratio of hosts to fabric ports beyond what a single switch model in AG mode can support.
Access Gateway cascading lets you connect two Access Gateway (AG) switches linking them back to back. The AG switch that is directly connected to the fabric is referred to as the Core AG. In this document, the AG switch connected to the device is referred to as the Edge AG. Figure 11 on page 50 illustrates Access Gateway cascading.
.
Access Gateway Administrator’s Guide 49 53-1001345-01
Page 70
Fabric and Edge switch configuration
4
F_Port
F_ Port
F_Port
F_ Port
FIGURE 11 Access Gateway cascading
AG cascading provides higher over-subscription because it allows you to consolidate the number of ports going to the main fabric. There is no license requirement to use this feature.
Note the following configuration considerations when cascading Access Gateways:
Edge
AG
N_Port
N_Port
F_Port
F_ Port
N_Port
Core
AG
Fabric
Only one level of cascading is supported. Note that several Edge AGs can connect into a single
Core AG to support even a higher consolidation ratio.
AG trunking between the Edge and Core AG switches is not supported. Trunking between the
Core AG switch and the fabric is supported.
It is recommended that you enable Advanced Security Policy (ADS) on all AG F_Ports that are
directly connected to devices.
APC policy is not supported when cascading.
Loopbacks (Core AG N_Port to Edge AG F_Port) are not allowed.
The agshow command issued on the fabric will discover only the Core AG switches. If issued as
agshow --name AG name, then the F_Ports of both the Core and Edge AG switches will be shown for the Core AG switch.
Due to high subscription ratios that could occur when cascading AGs, ensure there is enough
bandwidth for all servers when creating such configurations. The subscription ratio becomes more acute in a virtual environment.
Fabric and Edge switch configuration
To connect devices to the fabric using Access Gateway, configure the fabric and Edge switches within the fabric that will connect to the AG module using the following parameters. These parameters apply to Fabric OS, M-EOS, and Cisco-based fabrics:
Install and configure the switch as described in the switch’s Hardware Reference manual
before performing these procedures.
Verify that the interop mode parameter is set to Brocade Native mode.
Configure the F_Ports on the Edge switch to which Access Gateway is connected as follows:
Enable NPIV.
50 Access Gateway Administrator’s Guide
53-1001345-01
Page 71
Fabric and Edge switch configuration
4
Disable long distance mode.
Allow multiple logins for M-EOS switches. The recommended fabric login setting is the
maximum allowed per port and per switch.
Use only WWN zoning for devices behind AG.
If DCC security is being used on Edge switches that directly connect to AG, make sure to
include the Access Gateway WWN or the port WWN of the N_Ports. Also include the HBA WWNs that will be connected to AG F_Ports to the ACL list in the ACL policy. It is recommended to use AG ADS policy instead of the DCC policy on the Edge switch.
Allow inband queries for forwarded fabric management requests from the hosts. Add the
Access Gateway switch WWN to the access list if inband queries are restricted.
Before connecting Access Gateway to classic Brocade switches, disable the Fabric OS Management Server Platform Service to get accurate statistical and configuration fabric data,
Verifying the switch mode
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the switchShow command to display the current switch configuration.
The following example shows a switch in the Fabric OS Native mode where switchMode displays as Native.
switch:admin> switchshow switchName: switch switchType: 43.2 switchState: Online
switchMode: Native
switchRole: Principal switchDomain: 1 switchId: fffc01 switchWwn: 10:00:00:05:1e:03:4b:e7 zoning: OFF switchBeacon: OFF
Area Port Media Speed State Proto ===================================== 0 0 -- N4 No_Module 1 1 cu N4 Online F-Port 50:06:0b:00:00:3c:b7:32 2 2 cu N4 Online F-Port 10:00:00:00:c9:35:43:f5 3 3 cu AN No_Sync 4 4 cu AN No_Sync Disabled (Persistent) 5 5 cu N4 Online F-Port 50:06:0b:00:00:3c:b4:3e 6 6 cu N4 Online F-Port 10:00:00:00:c9:35:43:f3 7 7 cu AN No_Sync Disabled (Persistent) 8 8 cu AN No_Sync 9 9 cu AN No_Sync Disabled (Persistent) 10 10 cu AN No_Sync Disabled (Persistent) 11 11 cu AN No_Sync Disabled (Persistent) 12 12 cu AN No_Sync Disabled (Persistent) 13 13 cu AN No_Sync Disabled (Persistent) 14 14 cu AN No_Sync Disabled (Persistent) 15 15 cu AN No_Sync Disabled (Persistent) 16 16 cu AN No_Sync Disabled (Persistent) 17 17 -- N4 No_Module 18 18 -- N4 No_Module 19 19 -- N4 No_Module
Access Gateway Administrator’s Guide 51 53-1001345-01
Page 72
Connectivity to Cisco Fabrics
4
See Tab le 3 on page 9 for a description of the port state.
If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch.
Enabling NPIV on M-EOS switches
1. Connect to the switch and log in as admin on the M-EOS switch.
2. Enable the MS services by entering the following command:
20 20 -- N4 No_Module 21 21 id N4 Online E-Port segmented,(zone conflict)(Trunk master) 22 22 id N4 Online E-Port (Trunk port, master is Port 21 ) 23 23 id N4 Online E-Port (Trunk port, master is Port 21 )
config OpenSysMs setState <osmsState>
where
osmsState Can be enable or 1 for the enabled state or disable or 0 for the disabled
state.
3. Enable NPIV functionality on the Edge fabric ports so that multiple logins are allowed for each port. Enter the following command on the M-EOS switch to enable NPIV on the specified ports.
config NPIV
Your M-EOS switch is now ready to connect.
NOTE
You c an run the agshow command to display Access Gateway information registered with the fabric. When an Access Gateway is exclusively connected to Non-FOS based switches, it will not show up in the agshow output on other Brocade Switches in the fabric.
Connectivity to Cisco Fabrics
When connecting a switch in Access Gateway mode to a Cisco fabric where certain QLogic-based devices are present behind the switch in AG mode, some QLogic 4 Gbps FC ASIC-based Host Bus Adapters (HBA)s are not compatible with the routing mechanism used by 4 Gbps switches in AG mode.
In this case, you must configure the Cisco switch using the Cisco provided procedures to ensure interoperability with Access Gateway.
If you are using Emulex HBAs, 8 Gbs Qlogic HBAs, or any other HBAs that are not based on certain QLogic 4 Gbps FC ASIC technology, ensure that N_Port ID Virtualization (NPIV) is enabled on the Cisco switch and that the switch is running SAN-OS 3.0 (1), SAN-OS 3.1 (1), or later. By default, NPIV is enabled per switch and not per port.
For details on connecting Brocade switches in Access Gateway (AG) mode to Cisco fabrics, refer to Brocade Tech Note GA-TN-083-00: Brocade Access Gateway Connectivity to Cisco MDS Fabrics.
52 Access Gateway Administrator’s Guide
53-1001345-01
Page 73
Connectivity to Cisco Fabrics
4
Enabling NPIV on a Cisco switch
1. Log in as admin on the Cisco MDS switch.
2. Enter the show version command to determine that you are using the correct SAN-OS version and to see if NPIV is enabled on the switch.
3. Enter the following commands to enable NPIV:
conf t enable npiv
4. Press Ctrl-Z to exit.
5. Enter the following commands to save the MDS switch connection:
copy run start
Your Cisco switch is now ready to connect to a switch in Access Gateway mode.
Workaround for certain 4 Gbps QLogic-based devices
Refer to Brocade Tech Note GA-TN-083-00: Brocade Access Gateway Connectivity to Cisco MDS Fabrics for details on connectivity to Cisco fabrics when there are 4 Gbps QLogic-based devices
behind a 4 Gbps Fabric OS switch in AG mode.
Editing Company ID List if no FC target devices on switch
You can connect a Cisco MDS switch to a switch in AG mode if there are no FC target devices, such as storage arrays on the Cisco switch. You can do this by editing the Company ID List or by placing the Cisco switch FCID allocation mode into FLAT mode.
1. Connect to the switch and log in as admin on the Cisco MDS switch.
2. From the Company ID List, delete the OUI IDs of all the HBAs that are connected through the switch in AG mode.
3. Delete the OUI IDs if and only if they are in the Company ID List.
4. Enter the following commands to determine the OUIs in the Company ID List:
switch# show fcid-allocation area FCID area allocation company id info: 00:50:2E 00:50:8B 00:60:B0 00:E0:79 00:0D:60 + 00:09:6B + <- User added entry 00:E0:8B * <- Explicitly deleted entry (from the original default list) Total company ids 6 + - Additional user configured company ids * -Explicitly deleted company ids from default list.
<- Default entry
<- User added entry
Access Gateway Administrator’s Guide 53 53-1001345-01
Page 74
Connectivity to Cisco Fabrics
4
Adding or deleting an OUI from the Company ID List
The following example shows how to add or delete an OUI (0x112233) from the Company ID List.
1. Enter the following command:
2. Enter the following command to add the OUI ID 0x112233 to list:
3. Enter the following command to delete the OUI ID 0x445566 from list:
4. Enter the following command to display the list:
5. Press Ctrl-Z to exit.
6. Issue the following command to save the MDS switch configuration.
config t
fcid-allocation area company-id 0x112233
no fcid-allocation area company-id 0x445566
do show fcid-allocation area
copy run start
Ensure that the OUI IDs of the attached target devices are listed in the updated Company ID List. After you update the list, you are ready to connect the Access Gateway device. If any of the AG server ports (F_Ports) report that the port is disabled with reason code “Duplicate ALPA Detected,” then use the follow considerations:
Ensure that the debug FLOGI mode is not enabled; Cisco does not support NPIV when FLOGI
debug is set. Run the show debug flogi command to verify that the FLOGI mode is not enabled. If the FLOGI mode is enabled, you must disable it using the following FLOGI debug commands:
config t no flogi debug Press Ctrl-Z to exit copy run start Saves MDS switch configuration
By default, if this is a new or an existing VSAN to use with the switch in Access Gateway mode,
the default policy for access is “deny.” Either set it to “permit” or zone the devices for access.
Access Gateway is compatible with Cisco VSAN, Dynamic Port VSAN (DVPM), and Inter-VSAN
Routing (IVR) features; however, you may need to use the AG Port Grouping policy to take full advantage of these MDS features. For more information on the Port Grouping policy, see the
“Adaptive Networking on Access Gateway” on page 46.
Enabling Flat FCID mode if no FC target devices on switch
Alternatively, you can place the Cisco switch FCID allocation mode into FLAT mode using the following procedure.
1. Enter the following command.
config t fcinterop fcid-allocation flat
2. Enter the following command to enable VSAN mode:
vsan database
54 Access Gateway Administrator’s Guide
53-1001345-01
Page 75
Rejoining Fabric OS switches to a fabric
3. Enter the following commands to enable the Flat FCID mode:
vsan vsan# suspend no vsan vsan# suspend
4. Press Ctrl-Z to exit.
5. Enter the following command to save the MDS switch configuration:
copy run start
4
NOTE
If there are any device(s) in the VSAN that you suspend, it takes that device offline until you unsuspend that VSAN.
Editing Company ID list if target devices on switch
If there are target devices on the switch, you must add the OUI of all the target devices present on the switch to the Company ID list, and then delete the OUI IDs of all the HBAs that are connected through the switch in Access Gateway mode from the Company ID list. You must remove the OUI IDs if and only if they are in the Company ID list. Use the following commands to determine if the OUIs in the Company ID list:
switch#_show fcid-allocation area FCID area allocation company id info: 00:50:2E 00:50:8B 00:60:B0 00:E0:79 00:0D:60 + 00:09:6B + <- User -added entry 00:E0:8B * <- Explicitly deleted entry (from the original default list) Total company ids 6 + - Additional user configured company ids * -Explicitly deleted company ids from default list.
<- Default entry
<- User -added entry
NOTE
You can also use the Persistent FCID field in the Cisco GUI tool to manually assign the FCIDs to QLogic-based devices behind the Access Gateway module. If you use the method, ensure that proper FCIDs are assigned, which have a different Area field from the target devices connected to the same MDS switch.
Rejoining Fabric OS switches to a fabric
When a switch reboots after AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected. Use one of the following methods to re-join a switch to the fabric:
If you saved a Fabric OS configuration before enabling AG mode, download the configuration
using the configDownload command.
If you want to re-join the switch to the fabric using the fabric configuration, use the following
procedure.
Access Gateway Administrator’s Guide 55 53-1001345-01
Page 76
Rejoining Fabric OS switches to a fabric
4
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the switchDisable command to disable the switch.
3. Enter the defZone
4. Enter the cfgSave command to commit the defzone changes.
5. Enter the switchEnable command to enable the switch and allow it to merge with the fabric.
The switch automatically re-joins the fabric.
--allAccess command to allow the switch to merge with the fabric.
Reverting to a previous configuration
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the switchDisable command to disable the switch.
3. Enter the configDownload command to revert to the previous configuration.
4. Enter the switchEnable command to bring the switch back online.
The switch automatically joins the fabric.
56 Access Gateway Administrator’s Guide
53-1001345-01
Page 77
Appendix
Troubleshooting
This appendix provides troubleshooting instructions.
TABLE 10 Tro ubleshooting
Problem Cause Solution
Switch is not in Access Gateway mode
NPIV disabled on Edge switch ports
Need to reconfigure N_Port and F_Ports
LUNs are not visible Zoning on fabric switch is incorrect.
Switch is in Native switch mode Disable switch using the switchDisable command.
Enable Access Gateway mode using the ag
Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify
that the field switchMode displays Access Gateway mode.
Inadvertently turned off On the Edge switch, enter the portCfgShow command.
Verify that NPIV status for the port to which Access Gateway is connected is ON.
If the status displays as “--” NPIV is disabled. Enter the portCfgNpivPort port_number command with the 1 operand to enable NPIV. Repeat this step for each port as required.
Default port setting not adequate for customer environment
Port mapping on Access Gateway mode switch is incorrect.
Cabling not properly connected.
Enter the portCfgShow command. For each port that is to be activated as an N_Port, enter the
portCfgNport port_number command with the 1 operand. All other ports remain as F_Ports. To reset the port to an F_Port, enter the portCfgNpivPort port_number
command with the 0 operand.
Verify zoning on the Edge switch. Verify that F_Ports are mapped to an online N_Port. See “Access
Gateway default F_Port-to-N_Port mapping” on page 11.
Perform a visual inspection of the cabling, check for issues such as wrong ports, twisted cable, or bent cable. Replace the cable and try again. Ensure the F_port on AG module is enabled and active.
A
--modeenable command.
Access Gateway Administrator’s Guide 57 53-1001345-01
Page 78
Troubleshooting
A
TABLE 10 Troubleshooting (Continued)
Problem Cause Solution
Failover is not working Failover disabled on N_Port. Verify that the failover and failback policies are enabled, as follows:
Access Gateway is mode not wanted
Enter the ag operand.
Enter the ag operand.
Command returns “Failback (or Failover) on N_Port port_number is supported.” If it returns, “Failback (or Failover) on N_Port port_number is not supported.” See “Adding a preferred secondary N_Port” on page 34.
Access Gateway must be disabled. Disable switch using the switchDisable command.
Disable Access Gateway mode using the ag
Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Fabric OS Native mode.
--failoverShow command with the port_number
--failbackShow command with the port_number
--modeDisable command.
NOTE
If a Fabric OS switch is in AG mode and is also set to McDATA Fabric mode, when that switch is connected to an M-EOS switch, the Fabric OS switch does not display in the output when you run the agshow command.
58 Access Gateway Administrator’s Guide
53-1001345-01
Page 79
Index
A
Access Gateway
cascading comparison to standard switches compatible fabrics connecting devices connecting two AGs description displaying information features limitations mapping description port mapping port types
Access Gateway mode
comparison disabling port types supported firmware versions terms verifying
ACL policies, settings adding devices to fabric Address Identifier Admin domain ADS Policy
adding devices displaying devices enabling removing devices
APC Policy
disabling rebalancing F_Ports support for port groups
area assignment authentication, limitations
, 49
, 1
, 49
, 49
, 1
, 52
, 3
, 5
, 10
, 10
, 4
, 2
, 9
, 4
, xvi
, 7
, 51
, 20
, 39
, 44
, 20
, 20, 21
, 19
, 20
, 23
, 27
, 26
, 42
, 43
B
behavior, failover policy, 36
, 49
, 4
C
Cisco fabric
connectivity deleting OUIs from Cisco switch displaying FCID on Cisco switch editing Company ID list on Cisco switch editing target devices on Cisco switch enabling Flat FCID mode enabling Flat FCID mode on Cisco switch enabling NPIV on Cisco switch enabling VSAN mode QLogic-based devices, workaround saving the MDS switch configuration using the Cisco GUI
Cisco fabric adding OUIs to Cisco switch Cisco fabric deleting OUIs on Cisco switch Cisco switch
FLOGI support interoperability with AG
code
, xv
commands
ag --failbackEnable ag --failbackShow ag --failoverDisable ag --failoverEnable ag --failoverShow ag --mapAdd ag --mapDel ag --mapShow ag --modeDisable ag --modeEnable ag --modeShow cfgSave configDownload defZone --allAccess portCfgNpivPort portCfgNport portCfgShow switchDisable switchEnable switchMode switchShow
compatibility, fabric
, 52
, 54 , 54
, 55
, 53
, 54
, 53
, 55
, 54
, 52
, 36, 37
, 36, 58
, 33
, 33, 34
, 33, 58
, 13
, 14
, 7, 14
, 9, 58
, 7, 57
, 7
, 56
, 55, 56
, 56
, 57 , 16, 57 , 57
, 9, 56, 57, 58
, 56 , 57, 58 , 8, 14, 51, 57, 58
, 50
, 53
, 55
, 54
, 55
, 54
, 53
Access Gateway Administrator’s Guide 59 53-1001345-01
Page 80
configurations
enabling switch limitations with configdownload command merging switch with fabric re-joining switch to fabric saving
, 56
using configdownload command
, 56
, 56
, 55
, 56
D
daisy chaining, 49 DCC policy
adding WWN enabling
limitation creating TA default area, removing ports devices
attaching multiple devices disabling switch
switchDisable Domain,Index downgrading
downgrading considerations
, 40
, 40
, 45
, 43
, 49
, 56
, 39
, 43
, 21, 23, 29, 31, 37
, 44
fabric
compatibility inband queries join
, 55
logins Management Server Platform zoning scheme
Fabric OS Management Server Platform Service settings
51
failback policy example failover policy
enabling example
failover policy, behavior fast write limitation FICON, F_Port trunk ports
, 50
, 51
, 51
, 51
, 51
, 32, 35
, 34 , 33, 36
, 33
, 44
, 44
H
HA sync, TA present, 43
I
,
E
Edge switch
FLOGI
, 51
long distance mode setting
NPIV
, 50
settings
, 50
, 51
F
F_Port
adding external port on embedded switch
description
disabling trunking
mapping, example
maximum number mapped to N_Port
remove
settings, Edge switch
shared area ports
trunking setup
, 4
, 42
, 10
, 34
, 50
, 39
, 38
, 15
, 15
ICL ports, limitations, 44 inband queries
, 51
J
join fabric, 55
L
limitations
Admin Domains direct connections to target devices FICON
, 6
loop devices not supported Management Platform Services Name Services port group overlapping port mirroring SMI-S
, 6
zoning
, 6
long distance mode, Edge switch
, 6
, 5
, 6
, 5
, 6
, 6
, 6
, 51
60 Access Gateway Administrator’s Guide
53-1001345-01
Page 81
M
P
management server, 43 mapping
example
ports masterless trunking
M-EOS switch, enabling NPIV
, 10
, 10
, 44
N
N_Port
AG configurations
description
displaying configurations
F_Port, remove
failover in a PG
mapping example
masterless trunking
maximum number supported
multiple trunk groups
trunk groups
trunking
trunking considerations
unlock
unlocking native switchMode non disruptive
NPIV
Edge switch
enabling on Cisco switch
enabling on M-EOS switch
support
, 37
, 16
, 16
, 49
, 15
, 4
, 34
, 29
, 10
, 38
, 46
, 46
, 51
, 43
, 50
O
optional features, xviii
, 52
, 16
, 42
, 53
, 52
, 15
Persistent ALPA
clearing ALPA values deleting hash table data disabling enabling flexible ALPA value reboot stringent ALPA value support tables value types
Policies
Advance Device Security enabling DCC policy enforcement matrix Port Grouping showing current policies using policyshow command
port
comparison mapping requirements types
port group
add N_Port create delete N_Port disabling login balancing mode managed fabric name monitoring mode remove port group rename
Port Grouping policy, using portcfgnport command port mapping
adding ports default F_Port-to-N_Port
maximum number of F_Ports Port mirroring, not supported port state, description
port swap, not swapping TA port types, limitations preferred secondary N_Port
definition
deleting F_Ports
failover policy
login balancing mode
online
, 30
, 30
, 31
, 29
, 30
, 30
, 4
, 10
, 4
, 24, 26
, 26
, 25
, 25
, 13
, xvii
, 32
, 31
, 30
, 30
, 30
, 18
, 40
, 18
, 23
, 17
, 17
, 49
, 25
, 26
, 26
, 25
, 11
, 15
, 44
, 9
, 43
, 43
, 34
, 32
, 34
, 16
Access Gateway Administrator’s Guide 61 53-1001345-01
Page 82
PWWN
format
, 45
sharing TA trunk group
Q
, 43
U
unlock N_Port, 16 upgrading
, 43
QoS
firmware downgrade ingress rate limiting SID/DID traffic prioritization
, 47
, 46
, xiv, 46
R
removing devices from switch, 20 removing trunk ports requirements, ports
, 43
, 49
S
settings
ACL policies FLOGI inband queries Management Server Platform zone, no access
supported hardware and software switch mode, verify
, 51
, 51
, 51
, 55
, 51
, 51
, xiii
Z
zoning
schemes
setting
, 51
, 55
T
terms, xvi trunk area
assign
, 39
configuration management disabling remove ports standby CP using the porttrunkarea command
trunk groups, create trunk master, limitation trunking
enabling license monitoring
62 Access Gateway Administrator’s Guide
, 43
, 39
, 43
, 38
, 40, 44
, 37
, 42
, 39
, 43
, 44
53-1001345-01
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use