Information furnished in this manual is believed to be accurate and reliable. However, QLogic Corporation assumes no
responsibility for its use, nor for any infringements of patents or other rights of third parties which may result from its
use. QLogic Corporation reserves the right to change product specifications at any time without notice. Applications
described in this document for any of these products are for illustrative purposes only. QLogic Corporation makes no
representation nor warranty that such applications are suitable for the specified use without further testing or
modification. QLogic Corporation assumes no responsibility for any errors that may appear in this document.
This product is covered by one or more of the following patents: 6697359; other patents pending.
QLogic, SANbox, SANsurfer, SANblade, SANsurfer Switch Manager, and SANsurfer Management Suite are
trademarks or registered trademarks of QLogic Corporation.
Java and Solaris are registered trademarks of Sun Microsystems, Inc.
Gnome is a trademark of the GNOME Foundation Corporation.
Linux is a registered trademark of Linus Torvalds.
Mac OS X and Safari are registered trademarks of Apple Computer, Inc.
Microsoft, Windows NT, Windows 2000, Windows 2003, and Internet Explorer are trademarks of Microsoft
Corporation.
Netscape Navigator and Mozilla are registered trademarks of Netscape Communications Corporation.
Red Hat is a registered trademark of Red Hat Software Inc.
All other brand and product names are trademarks or registered trademarks of their respective owners.
S
Document Revision History
Release, Revision A, September 2005Firmware Versio n 5.0
SANsurfer Switch Manager version 5.00
Update, Revision B, December 22, 2006
Revision B ChangesDocument Sections Affected
Update logos and page formatsAll
Update Contact Information1.4.3
This manual describes the switch management tools which include the SANsurfer
Switch Manager application (version 5.00) and the Command Line Interface (CLI)
for the SANbox 5600 Series Fibre Channel switches (firmware version 5.0). The
SANbox 5600 Series switches are 20 port non-blocking Fibre Channel switches.
This manual defines the features, components, and performance characteristics
of the SANbox 5600 Series switches. The SANsurfer Switch Manager application
is the primary focus of this manual which is organized as follows:
Section 1 describes the intended audience for this manual, related
materials, and technical support.
Section 2 describes how to use SANsurfer Switch Manager, its menus, and
its displays.
Section 3 describes fabric management tasks.
Section 4 describes switch management tasks.
Section 5 describes port and device management tasks.
Appendix A describes the command line interface.
A glossary of terms and an index are also provided.
1.1
Intended Audience
This manual introduces the switch management products and explains their
installation and use. It is intended for users responsible for installing and using
switch management tools.
1.2
Related Materials
Refer to the following manuals for information about switch hardware and
installation.
SANbox 5600 Series Fibre Channel Switch Installation Guide, publication
number 59096-02.
1.3
JDOM License
This product includes software developed by the JDOM Project
(http://www.jdom.org/). Copyright (C) 2000-2002 Brett McLaughlin & Jason
Hunter. All rights reserved.
59097-02 B1-1
1 – Introduction
JDOM License
S
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1.Redistributions of source code must retain the above copyright notice, this
list of conditions, and the following disclaimer.
2.Redistributions in binary form must reproduce the above copyright notice,
this list of conditions, and the disclaimer that follows these conditions in the
documentation and/or other materials provided with the distribution.
3.The name "JDOM" must not be used to endorse or promote products
derived from this software without prior written permission. For written
permission, please contact license@jdom.org.
4.Products derived from this software may not be called "JDOM", nor may
"JDOM" appear in their name, without prior written permission from the
JDOM Project Management (pm@jdom.org).
In addition, we request (but do not require) that you include in the end-user
documentation provided with the redistribution and/or in the software itself an
acknowledgement equivalent to the following: "This product includes software
developed by the JDOM Project (http://www.jdom.org/)."
Alternatively, the acknowledgment may be graphical using the logos available at
http://www.jdom.org/images/logos.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS
OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on
behalf of the JDOM Project and was originally created by Brett McLaughlin
<brett@jdom.org> and Jason Hunter <jhunter@jdom.org>. For more information
on the JDOM Project, please see <http://www.jdom.org/>.
1-259097-02 B
A
1.4
Technical Support
Customers should contact their authorized maintenance provider for technical
support of their QLogic switch products. QLogic-direct customers may contact
QLogic Technical Support; others will be redirected to their authorized
maintenance provider.
Visit the QLogic support Web site listed in Contact Information for the latest
firmware and software updates.
1.4.1
Availability
QLogic Technical Support for products under warranty is available during local
standard working hours excluding QLogic Observed Holidays.
1.4.2
Training
QLogic offers certification training for the technical professional for both the
SANblade™ HBAs and the SANbox 5600 Series switches. From the training link
at www.qlogic.com, you may choose Electronic-Based Training or schedule an
intensive "hands-on" Certification course.
1 – Introduction
Technical Support
Technical Certification courses include installation, maintenance and
troubleshooting QLogic SAN products. Upon demonstrating knowledge using live
equipment, QLogic awards a certificate identifying the student as a Certified
Professional. The training professionals at QLogic may be reached by email at
tech.training@qlogic.com.
59097-02 B1-3
1 – Introduction
Technical Support
1.4.3
Contact Information
Support HeadquartersQLogic Corporation
QLogic Web Sitewww.qlogic.com
Technical Support Web Sitesupport.qlogic.com
Technical Support Emailsupport@qlogic.com
Technical Training Emailtech.training@qlogic.com
North American Region
Emailsupport@qlogic.com
Phone+1-952-932-4040
S
12984 Valley View Road
Eden Prairie, MN 55344-3657
USA
Fax+1 952-932-4018
Europe, Middle East, and Africa Region
Emailemeasupport@qlogic.com
Phone Numbers by Language+353 1 6924960 - English
+353 1 6924961 - Français
+353 1 6924962 - Deutsch
+353 1 6924963 - Español
+353 1 6924964 - Português
+353 1 6924965 - Italiano
Asia Pacific Region
Emailapacsupport@qlogic.com
Phone Numbers by Language+63-2-885-6712 - English
This section describes how to use the SANsurfer Switch Manager application and
its menus. The following topics are covered:
Workstation Requirements
Installing the Management Application
Starting SANsurfer Switch Manager
Exiting SANsurfer Switch Manager
Uninstalling SANsurfer Switch Manager
Changing the Encryption Key for the Default Fabric View File
Saving and Opening Fabric View Files
Setting SANsurfer Switch Manager Preferences
Using Online Help
Viewing Software Version and Copyright Information
SANsurfer Switch Manager User Interface
Using the Topology Display
Using the Faceplate Display
59097-02 B2-1
2 – Using SANsurfer Switch Manager
Workstation Requiremen ts
2.1
Workst ation Requirements
The requirements for fabric management workstations running SANsurfer Switch
Manager are described in Table 2-1:
S
Table 2-1. Workstation Requirements
Operating System
Memory256 MB or more
Disk Space150 MB per installation
Processor500 MHz or faster
Hardware
Internet BrowserMicrosoft® Internet Explorer® 5.0 and later
Telnet workstations require an RJ-45 Ethernet port or an RS-232 serial port and
an operating system with a Telnet client.
2.2
Windows® 2000, 2003, and XP
Solaris™ 8, 9, and 10
Linux® Red Hat® EL 3.x
S.u.S.E® Linux 9.0 Enterprise
Mac OS X® 10.3
CD-ROM drive,
Netscape® Navigator® 4.72 and later
Mozilla™ 1.02 and later
Java 2 Run Time Envir onment to support the web applet
RJ-45 Ethernet port, RS-232 serial port (optional)
Installing the Management Application
You can manage the switch using SANsurfer Switch Manager as a standalone
application or as a part of SANsurfer Management Suite™. SANsurfer
Management Suite is QLogic’s integrated fabric management application,
managing both HBAs and switches.
If your switch was shipped with a SANsurfer Switch Manager Disk, refer to
”SANsurfer Switch Manager” on page 2-3 for instructions on how to install
SANsurfer Switch Manager.
If your switch was shipped with a SANsurfer Management Suite Disk, refer
to ”SANsurfer Management Suite” on page 2-4 for instructions on how to
install and upgrade SANsurfer Management Suite.
2-259097-02 B
A
2.2.1
SANsurfer Switch Manager
You can install SANsurfer Switch Manager on a Windows, Linux, Solaris, or Mac
OS X workstation. To install the SANsurfer Switch Manager application from the
SANsurfer Switch Manager Installation Disk, do the following:
For a Windows platform:
1.Close all programs currently running, and insert the SANsurfer Switch
Manager Installation Disk into the management workstation CD-ROM drive.
2.In the upper left corner of the product introduction screen, click
Management Software.
3.Locate your platform in the table and click Install.
If the product introduction screen does not open in step 2, open the CD with
Windows Explorer and run the installation program with the following path:
2.Mount the CD-ROM. From a shell prompt, enter the following:
mount /mnt/cdrom
3.Change directory to the location of the install program:
cd /mnt/cdrom/data/files/Management_Software/Linux
4.Execute the install program and follow the installation instructions.
Linux_5.00.xx.xx.bin
For a Solaris platform:
1.Open a terminal window. If the disk isn’t already mounted, enter the
following command:
volcheck
2.Enter following command to move to the directory on the CD that contains
the executable:
cd /cdrom/cdrom0/data/files/Management_Software/solaris
3.Execute the install program and follow the installation instructions:
Solaris_5.00.xx.xx.bin
59097-02 B2-3
2 – Using SANsurfer Switch Manager
Installing the Management Application
For a Mac OS X platform:
1.Open the CD and move to the following folder:
data/files/Management_Software/MacOSX
2.Double click the applicaton zip file (MacOSX_5.00.xx_xxxx.zip). This will
place the install program on your desktop.
3.Locate the Install program icon on your desktop, execute it, and follow the
installation instructions.
2.2.2
SANsurfer Management Suite
The following instructions describe how to install SANsurfer Management Suite
and upgrade SANsurfer Switch Manager. You can install SANsurfer Management
Suite (SMS) on a Windows, Linux, or Solaris workstation. Choose the instru ctions
for your workstation:
SMS Installation for Windows
SMS Installation for Linux
SMS Installation for Solaris
S
2.2.2.1
SMS Installation for Windows
Close all programs currently running, and insert the SANsurfer Management Suite
Installation Disk into the management workstation CD-ROM drive.
1.If the SANsurfer Management Suite start page does not o pen in your default
browser, do the following:
a.Using Windows Explorer, double-click the drive letter which contains
the SANsurfer Management Suite Disk.
b.Locate and double-click the Start_Here.htm file to open the SANsurfer
Management Suite start page in your default browser.
2.On the SANsurfer Management Suite start page, click the SANbox Switch Software button.
3.On the SANbox Switch Software page, scroll to the SANbox 5600 Series
Series area.
4.In the Operating System column, click the Win NT/2000 link.
5.Click the SANsurfer Management Software link to open the File Download
dialog.
2-459097-02 B
A
2 – Using SANsurfer Switch Manager
Installing the Management Application
6.You can run the installation file from the CD-ROM or download the
installation file to your hard drive. Choose one of the following:
Open the installation file from the CD-ROM and follow the SANsurfer
Switch Manager installation instructions.
Specify a location in which to save the sansurfer_windows_install.exe
file, and click the Save button. Double-click the saved
sansurfer_windows_install.exe file and follow the installation
instructions.
7.When the installation is complete, start SANsurfer Management Suite using
the SANsurfer file from the SANsurfer Management Suite installation
directory. You can also start SANsurfer Management Suite by clicking the
SANsurfer icon (if installed) on the desktop or from the Start menu. In SMS,
Click the Switch tab in the left pane. From the Help menu, select About ...
and make note of the version number. Close SANsurfer Management Suite.
8.To ensure you are using the most recent version of SANsurfer Switch
Manager, visit the QLogic support web page and go to Drivers, Sof tware and
Manuals.
a.Select your switch model from the pull-down menu. Locate the
description for SANsurfer Switch Manager for Windows under
"Management Software".
b.If the release version number (5.00.xx) is greater than what is currently
installed, download the new version and proceed to step 9. Otherwise,
no upgrade is needed and the SMS installation is complete.
9.To start the installer, open the zip file and run the
SANsurferSwitchMgr_Windows_5.00.xx.exe file.
10.When prompted for an installation directory, click the Choose button and
select the same folder as the SANsurfer Management Suite installation in
step 6. The default SMS installation directory is C:\Program Files\QLogic
Corporation\SANsurfer. Click the Next button.
11.When prompted for the location in which to create the program icons, click
the In an Existing Group radio button, then specify the same group that
was used for the SMS installation. The default SMS group is "QLogic
Management Suite". Click the Next button.
12.Click the Install button to the start the installation. When the installation is
complete, click the Done button.
13.In the SMS install directory, enter the following command to execute the
chglax.bat file. If prompted to overwrite an existing file, enter Y to do so.
chglax.bat
14.Restart SANsurfer Switch Manager from SANsurfer Management suite as
you did in step 7 and confirm that the new version is running.
59097-02 B2-5
2 – Using SANsurfer Switch Manager
Installing the Management Application
2.2.2.2
SMS Installation for Linux
Close all programs currently running, and insert the SANsurfer Management Suite
Installation Disk into the management workstation CD-ROM drive.
1.If a file browser dialog opens showing icons for the contents of the CD-ROM,
double-click the Start_Here.htm file to open the SANsurfer Management
Suite start page. If a file browser does not open, double-click the CD-ROM
icon to open the browser. If there is no CD-ROM icon, do the following:
a.Open an xterm or other terminal window.
b.Mount the CD-ROM. From a shell prompt, enter the following
command:
mount /mnt/cdrom
c.Execute your web browser to view the Start_Here.htm document using
one of the following commands:
mozilla file:/mnt/cdrom/Start_Here.htm
or
netscape file:/mnt/cdrom/Start_Here.htm
d.The SANsurfer Management Suite start page opens in your browser.
S
2.On the SANsurfer Management Suite start page, click the SANbox Switch
Software button.
3.On the SANbox Switch Software page, scroll to the SANbox 5600 Series
Series area.
4.In the Operating System column, click the Linux link.
5.Click the SANsurfer Management Software link to open the File Download
dialog.
6.Enter a path name to save the sansurfer_linux_install.bin file, and click the
Save button.
7.Open a terminal window for the directory in which the
sansurfer_linux_install.bin file was saved, and make the file executable.
chmod +x sansurfer_linux_install.bin
8.Execute the install program and follow the installation instructions
./sansurfer_linux_install.bin
9.When the installation is complete, start SANsurfer Management Suite using
the SANsurfer file in the installation directory. Click the Switch tab from the
left pane to open SANsurfer Switch Manager. From the Help menu, select
About ... and make note of the release version number. Close SANsurfer
Management Suite.
2-659097-02 B
A
2 – Using SANsurfer Switch Manager
Installing the Management Application
10.To ensure that you are using the most recent version of SANsurfer Switch
Manager, visit the QLogic support web page and go to Drivers, Sof tware and
Manuals.
a.Select your switch model from the pull-down menu. Locate the
description for SANsurfer Switch Manager for Linux under
"Management Software".
b.If the release version number (5.00.xx) is greater than what is currently
installed on your workstation, down load the new version and proceed
to step 11. Otherwise, no upgrade is needed and the SMS installation
is complete.
11.From the tar.gz file, extract the SANsurferSwitchMgr_Linux_5.00.xx.bin file
and make the file executable.
chmod +x sansurferswitchmgr_linux_5.02.xx.bin
12.Execute the install program and follow the installation instructions.
./sansurferswitchmgr_linux_5.02.xx.bin
13.When prompted for an installation directory, click the Choose button and
select the same folder as the SANsurfer Management Suite installation in
step 9. The default SMS installation directory is
/opt/QLogic_Corporation/SANsurfer.
14.Enter the following script command from the installation directory:
./chglax
15.Start SANsurfer Switch Manager from SANsurfer Management suite as you
did in step 9 and confirm that the new version is running.
2.2.2.3
SMS Installation for Solaris
To install the SANsurfer Switch Manager application on Solaris from the
SANsurfer Management Suite CD-ROM, do the following:
1.Insert the SANsurfer Management Suite Disk into the management
workstation CD-ROM drive. If the SANsurfer Management Suite start page
does not open in your default browser, do the following:
a.Right-click the Workspace Menu.
b.Select File, then select File Manager.
c.In File Manager, double-click the CD-ROM folder, and then
double-click the Sansurfer folder.
d.In the Sansurfer folder, double -click the S ta rt_Here.htm file to open the
SANsurfer Management Suite start page in your default browser.
2.On the SANsurfer Management Suite start page, click the SANbox Switch Software button.
3.On the SANbox Switch Software page, scroll to the SANbox 5600 Series
Series area.
59097-02 B2-7
2 – Using SANsurfer Switch Manager
Installing the Management Application
4.In the Operating System column, click the Solaris SPARC link.
5.Click the SANsurfer Management Software link to open the Save As
dialog.
6.Enter a path name to save the sansurfer_solaris_install.bin file and click the
Save button.
7.Open a terminal window for the directory in which the
sansurfer_solaris_install.bin file was saved, and enter the following:
chmod +x sansurfer_solaris_install.bin
8.Execute the install program and follow the installation instructions:
./sansurfer_solaris_install.bin
9.When the installation is complete, start SANsurfer Management Suite using
the SANsurfer file in the installation directory. Click the Switch tab from the
left pane to open SANsurfer Switch Manager. From the Help menu, select
About ... and make note of the release version number. Close SANsurfer
Management Suite.
10.To ensure that you are using the most recent version of SANsurfer Switch
Manager, visit the QLogic support web page and go to Drivers, Sof tware and
Manuals.
a.Select your switch model from the pull-down menu. Locate the
description for SANsurfer Switch Manager for Linux under
"Management Software".
b.If the release version number (5.00.xx) is greater than what is currently
installed on your workstation, down load the new version. Otherwise,
no upgrade is needed.
11.Open the tar file and save the SANsurferSwitchMgr_QLGCsol_5.00.xx.bin
file in a folder and make the file executable.
# chmod +x sansurferswitchmgr_QLGCsol_5.00.xx
12.Install the new SANsurfer Switch Manager package:
# pkgadd -d sansurferswitchmgr_QLGCsol_5.00.xx
13.Change directories to the package location:
# cd /usr/opt/QLGCsol/bin
14.Locate and execute the file sbm_over_sms.sh:
# ./sbm_over_sms.sh
15.When prompted for the SMS installation directory, enter d if SMS was
installed in it’s default directory (/opt/QLogic_Corporation/SANsurfer).
Otherwise, enter the path name for the SMS installatio n directory. The script
will copy the necessary files to the specified installation directory.
S
16.Restart SANsurfer Switch Manager from SANsurfer Management suite as
you did in step 9 and confirm that the new version is running.
2-859097-02 B
A
2.3
Starting SANsurfer Switch Manager
You can start SANsurfer Switch Manager as a standalone application or from
SANsurfer Management Suite.
NOTE:After the switch is operational, you can also open the SANsurfer
Switch Manager web applet, by entering the switch IP address in an
internet browser. If your workstation does not have the Java 2 Run
Time Environment program, you will be prompted to download it.
To start SANsurfer Switch Manager as a standalone application, do the
following.
1.Start the SANsurfer Switch Manager using one of the following
methods:
For Windows, double-click the SANsurfer Switch Manager
shortcut, or select SANsurfer Switch Manager from S tart menu,
depending on how you installed the SANsurfer Switch Manager
application. From a command line, you can enter the
SANsurfer_Switch_Manager command:
<install_directory>SANsurfer_Switch_Manager.exe
For Linux, Solaris, or Mac OS X, enter the
SANsurfer_Switch_Manager command:
<install_directory>./SANsurfer_Switch_Manager
2.In the Initial S tart d ialog, click the Open Configuration Wizard button.
When you power up the switch, the Configuration Wizard will
recognize the switch and lead you through the configuration process.
2 – Using SANsurfer Switch Manager
Starting SANsurfer Switch Manager
To start SANsurfer Switch Manager from SANsurfer Management Suite, do
the following.
1.Start the SANsurfer Management Suite application using one of the
following methods:
For Windows, double-click the SANsurfer shortcut, or select
SANsurfer from St art menu, depe nding on how you inst alled the
SANsurfer application. From a command line, enter the following
command:
<install_directory>\SANsurfer.exe
For Linux or Solaris enter the SANsurfer command:
<install_directory>./SANsurfer
2.From the SANsurfer Management Suite home page, click the
SANsurfer Switch Manager button.
59097-02 B2-9
2 – Using SANsurfer Switch Manager
Starting SANsurfer Switch Manager
3.In the Initial St art dialog, click the Open Configuration Wizard button.
When you power up the switch, the Configuration Wizard will
recognize the switch and lead you through the configuration process.
The application opens with the Initial St art dialog shown in Figure 2-1. If you prefer
not to see this dialog, check the Don’t show this dialog again box. This has the
same effect as disabling the Display Initial Startup Dialog preference. Refer to
”Setting SANsurfer Switch Manager Preferences” on page 2-16 for information
about setting preferences.
S
Figure 2-1. Initial Startup Dialog
Click the Open Existing Fabric radio button to open the Add a New Fabric
dialog, which prompts you for a fabric name, IP address, account name, and
password. Refer to ”Adding a Fabric” on page 3-23.
Click the Open Existing Fabric View File radio button to open the Open
View dialog which prompts you to specify a fabric view file that you saved
earlier. Refer to ”Opening a Fabric View File” on page 3-24.
2-1059097-02 B
A
2 – Using SANsurfer Switch Manager
Starting SANsurfer Switch Manager
Click the Start Application Without Specifying a Fabric radio button to
open the SANsurfer Switch Manager window shown in Figure 2-2.
Click the Open Configuration Wizard radio button to open the Config
Wizard to configure a switch, add a new switch, replace/restore a switch, or
recover or edit an IP configuration of an existing switch.
Figure 2-2. SANsurfer Switch Manager Window
59097-02 B2-11
2 – Using SANsurfer Switch Manager
Exiting SANsurfer Switch Manager
2.4
Exiting SANsurfer Switch Manager
To exit a SANsurfer Switch Manager application session, open the File menu and
select Exit. If you have not yet defined an encryption key, the Save Default Fabric
View File dialog, shown in Figure 2-3, prompts you to save the current fabric view
as the default fabric view file. Enter an encryption key in the Default Fabric File
Encryption Key field. Re-enter the encryption key in the Re-enter Encryption Key
to Confirm field. Click the OK button to save the current set of fabrics to the
default fabric view file in the working directory.
S
Figure 2-3. Save Default Fabric View File Dialog
The encryption key is used to encrypt the sensitive data in the default fabric view
file. Refer to ”Changing the Encryption Key for the Default Fabric View File” on
page 2-15 for information about changing this encryption key. If an encryption key
has been defined and the View File Auto Save and Load preferences settings are
set to Enable, the current fabric view is automatically saved to your default fabric
view file upon exit future SANsurfer Switch Manager sessions.
To prevent SANsurfer Switch Manager from prompting you to save the default
fabric view file between SANsurfer Switch Manager sessions, set the View File
Auto Save and Load preferences setting to Enable (default). Refer to ”Setting
SANsurfer Switch Manager Preferences” on page 2-16 for more information.
2-1259097-02 B
A
In your next SANsurfer Switch Manager session, the Load Default Fabric File
dialog shown in Figure 2-4 prompts you to load the default fabric view file and to
specify its encryption key, if there is one. In the Default Fabric File Encryption Key
field, enter the encryption key and click the Load View File button. If you do not
want to load the default fabric view file, click the Continue Without Loading
button to open the SANsurfer Switch Manager with no fabric displayed.
Figure 2-4. Load Default Fabric File Dialog
2.5
Uninstalling SANsurfer Switch Manager
2 – Using SANsurfer Switch Manager
Uninstalling SANsurfer Switch Manager
The method you use to uninstall SANsurfer Switch Manager depends on how you
installed it:
If you installed SANsurfer Switch Manager as part of SANsurfer
Management Suite, you must uninstall SANsurfer Management Suite. Refer
to ”SMS Uninstall” on page 2-14.
If you installed SANsurfer Switch Manager as a standalone program, you
must uninstall SANsurfer Switch Manager directly. Refer to ”Standalone
Uninstall” on page 2-14.
59097-02 B2-13
2 – Using SANsurfer Switch Manager
Uninstalling SANsurfer Switch Manager
2.5.1
SMS Uninstall
A program to uninstall SANsurfer Management Suite was included as part of the
SANsurfer Management Suite installation process. Use this method only if you
installed SANsurfer Switch Manager as part of SANsurfer Management Suite. The
UninstallData folder in the installation directory contains the uninstall program,
SANsurferUninstaller.
To uninstall the SANsurfer Management Suite application, do the following:
For Windows, browse for the uninstall program file or the shortcut/link that
points to the uninstall program file. The uninstall program shortcut is in the
same folder as the program shortcut (Start menu, program group, on
desktop, or user specified) that is used to start the SANsurfer Management
Suite application. Double-click the uninstall program file or shortcut/link, and
follow the instructions.
For Linux, execute the link to SANsurferUninstaller.
A program to uninstall SANsurfer Switch Manager was included as part of the
SANsurfer Switch Manager installation process. Use this method only if you
installed SANsurfer Switch Manager as a standalone program. The
UninstallerData folder in the Install directory contains the uninstall program,
Uninstall SANsurfer_Switch_Manager. Also, a shortcut/link to the uninstall
program was installed in the installation directory during the SANsurfer Switch
Manager installation process.
The default installation directories are:
For Windows:
To uninstall the SANsurfer Switch Manager application, do the following:
For Windows, browse for the uninstall program file or the shortcut/link that
points to the uninstall program file. The uninstall program shortcut is in the
same folder as the program shortcut (Start menu, program group, on
desktop, or user specified) that is used to start the SANsurfer Switch
Manager application. Double-click the uninstall program file or shortcut/link,
and follow the instructions to uninstall the SANsurfer Switch Manager
application.
For Linux, Solaris, or Mac OS X, execute the link to
Uninstall_SANsurfer_Switch_Manager. If no links were created during the
installation, enter the Uninstall_SANsurfer_Switch_Manager command from
the following directory:
Changing the Encryption Key for the Default Fabric View File
Changing the Encryption Key for the Default Fabric View File
To change the encryption key for the SANsurfer Switch Manager default fabric
view file, do the following:
1.Open the File menu and select Save Default Fabric View File to open the
Save Default Fabric View File dialog. Enter an encryption key in the Default
Fabric File Encryption Key field.
2.Re-enter the same encryption key in the Re-enter Encryption Key to Confirm
field.
3.Click the OK button to save the current set of fabrics to the default fabric
view file in the working directory.
2.7
Saving and Opening Fabric View Files
A fabric view file is one or more fabrics saved to a file. In addition to the SANsurfer
Switch Manager default fabric view file, you can save and open your own fabric
view files. To save a set of fabrics to a file, do the following:
1.Open the File menu and select Save View As to open the Save View dialog.
2.Enter a name for the fabric view file or click the Browse button to select an
existing file. Files are saved in the working directory.
3.Enter a password. When you attempt to open this fabric view file, you will be
prompted for this password. If you leave the File Password field blank, no
password will be required when attempting to open this fabric view file.
1.Open the File menu and select Open View File to open the Open View
dialog.
2.Enter a name for the fabric view file or click the Browse button to select an
existing file.
3.If the fabric view file was saved with a password, enter the password and
click the OK button.
4.Click the OK button to open the view.
2.8
Setting SANsurfer Switch Manager Preferences
Using the preferences settings, you can:
Change the location of the working directory in which to save files.
Change the location of the browser used to view the online help. The
Browser Location field is not supported/displayed for Macintosh OS X.
Choose the fabric discovery interval. The fabric discovery interval is how
often the SANsurfer Switch Manager application receives information from
the fabric. Choose 30 (default), 45, or 60 seconds. The smaller the interval,
the more often the application talks to the switch and thus the greater impact
to performance.
S
Enable (default) or disable the view file auto save and load feature. Refer to
”Exiting SANsurfer Switch Manager” on page 2-12 for more information on
the default fabric view file.
Enable (default) or disable the use of the Initial S tart Dialog at the beginning
of a SANsurfer Switch Manager session. Refer to ”Starting SANsurfer
Switch Manager” on page 2-9 for information about the Initial Start Dialog.
After a default fabric view file is created, this setting has no effect.
Enable (default) or disable the Event Browser. Refer to ”Displaying the
Event Browser” on page 3-30. If the Event Browser is enabled using the
Preferences dialog as shown in Figure 2-5, the next time SANsurfer Switch
Manager is started, all events will be displayed. If the Event Browser is
disabled when SANsurfer Switch Manager is started and later enabled, only
those events from the time the Event Browser was enabled and forward will
be displayed.
Choose the default port view when opening the faceplate display. You can
set the faceplate to reflect the current port type (default), port speed, port
operational state, or port transceiver media. Regardless of the default port
view you choose, you can change the port view in the faceplate display by
opening the View menu and selecting a different port view option. Refer to
the corresponding subsection for more information:
2-1659097-02 B
A
2 – Using SANsurfer Switch Manager
Using Online Help
”Port Types” on page 5-2
”Displaying Port Operational States” on page 5-3
”Displaying Port Speeds” on page 5-3
”Displaying Transceiver Media Status” on page 5-4
To set preferences for your SANsurfer Switch Manager sessions, do the following:
1.Open the File menu, and select Preferences to open the Preferences
dialog.
2.Enter, or browse, for paths to the working directory and browser.
3.In the Application-wide Options area, choose the preferences you want.
4.Click the OK button to save the changes.
2.9
Using Online Help
Online help is available for the SANsurfer Switch Manager application and its
functions. The two ways to open the online help file are: open the Help menu and
select Help Topics, or click the Help button in the tool bar. You can also display
context-sensitive help for all SANsurfer Switch Manager dialogs by choosing the
Help button in the dialog.
2.10
Viewing Software Version and Copyright Information
To view SANsurfer Switch Manager software version and copyright information,
open the Help menu and select About....
59097-02 B2-17
2 – Using SANsurfer Switch Manager
SANsurfer Switch Manager User Interface
2.11
SANsurfer Switch Manager User Interface
The SANsurfer Switch Manager application uses two basic displays to manage
the fabric and individual switches: the topology display and the faceplate display.
The topology display shows all switches that are able to communicate and all
connections between switches. The faceplate display shows the front of a single
switch and its ports. Both displays share some common elements as shown in
Figure 2-6.
S
Topology
Display
Fabric
Tree
Faceplate
Display
Menu
Bar
Data Window Tabs
Tool Bar
Graphic
Window
Data
Window
Working Status Indicator
Figure 2-6. SANsurfer Switch Manager Display Elements
2-1859097-02 B
A
2.11.1
Menu Bars
The menus and the options offered in them vary depending on the display. For
example, the Port menu and many of the Switch menu selections are available
only in the faceplate display.
2.11.1.1
Topology Display Menu
The menu options available in the topology display are shown in Figure 2-7.
2 – Using SANsurfer Switch Manager
SANsurfer Switch Manager User Interface
Figure 2-7. Topology Display Menu
59097-02 B2-19
2 – Using SANsurfer Switch Manager
SANsurfer Switch Manager User Interface
2.11.1.2
Faceplate Display Menu
The menu options available in the faceplate display are shown in Figure 2-8.
S
Figure 2-8. Faceplate Display Menu
The keyboard shortcut keys vary by display type: topology display and faceplate
display . In addition to the menu bar, both the topology and faceplate displays have
context sensitive menus that pop up when you right-click in the graphic window.
Refer to ”Opening the Faceplate and Topology Display Popup Menus” on
page 2-26 for more information about these popup menus.
2.11.1.3
Shortcut Keys
Shortcut key combinations, available in both the topology and faceplate displays,
provide an alternative method of accessing menu options. The shortcut key
combinations are not case-sensitive. For example, to exit the application, press
Alt+F, then press X.
2-2059097-02 B
A
2.11.2
Tool Bar
2 – Using SANsurfer Switch Manager
SANsurfer Switch Manager User Interface
The tool bar consists of a row of graphical buttons that you can use to access
SANsurfer Switch Manager functions as shown in Table 2-2. The tool bar buttons
are an alternative method to using the menu bar. The tool bar can be relocated in
the display by clicking and dragging the handle at the left edge of the tool bar.
Table 2-2. Tool Bar Buttons
Tool Bar ButtonDescription
Add Fabric button - adds a new fabric to the fabric view.
Open View File button - opens an existing fabric view file.
Save View As button - saves the current fabric view to a file.
Refresh button - updates the topology or faceplate display with current information.
Event Browser button - opens the events browser.
Edit Zoning button - opens the Edit Zoning dialog ( available only in
faceplate display).
The QLogic logo opens a link to the QLogic web site.
59097-02 B2-21
2 – Using SANsurfer Switch Manager
SANsurfer Switch Manager User Interface
2.11.3
Fabric Tree
The fabric tree lists the managed fabrics and their switches as shown in
Figure 2-9. The window width can be adjusted by clicking and dragging the
moveable window border . An entry handle loca ted to the lef t of an entry in the tree
indicates that the entry can be expanded or collapsed. Click this handle or
double-click the entry to expand or collapse a fabric tree entry. A fabric entry
expands to show its member switches.
Fabric
Entry
S
Entry Handle
Switch
Entries
Moveable
Window Border
Figure 2-9. Fabric Tree
Each fabric tree entry has a small icon next to it that uses color to indicate
operational status.
A green icon indicates normal operation.
A yellow icon indicates that a switch is operational, but may require attention
to maintain maximum performance.
A red icon indicates a potential failure or non-operational state as when the
switch is offline.
A blue icon indicates that a switch is unknown, unreachable, or
unmanageable.
If the status of the fabric is not normal, the fabric icon in th e fabric tree will indicate
the reason for the abnormal status. The same message is provided when you rest
the mouse over the fabric icon in the fabric tree.
The fabric tree provides access to the topology and faceplate displays for any
fabric or switch.
To open the topology display from the fabric tree, click a fabric entry.
To open the faceplate display from the fabric tree, click a switch entry.
2-2259097-02 B
A
2.11.4
Graphic Window
The graphic window, shown in Figure 2-6, presents graphic information about
fabrics and switches such as the fabric topology and the switch faceplate. The
window height can be adjusted by clicking and dragging the window border that it
shares with the data window.
2.11.5
Data Window and Tabs
The data window presents a table of data and statistics associated with the
selected tab. Use the scroll bar to browse through the data. The window length
can be adjusted by clicking and dragging the border that it shares with the graphic
window.
Adjust the column width by moving the pointer over the column heading border
shared by two columns until a right/left arrow graphic is displayed. Click and drag
the arrow to the desired width.
2 – Using SANsurfer Switch Manager
SANsurfer Switch Manager User Interface
The data window tabs present options for the type of information to display in the
data window. These options vary depending on the display.
2.11.6
Working Status Indicator
The working status indicator, located in the lower right corner of the SANsurfer
Switch Manager window , shows when the management workst ation is exchanging
information with the fabric. As conditions change, the fabric forwards this
information to the management workstation where it is reflected in the various
displays.
59097-02 B2-23
2 – Using SANsurfer Switch Manager
Using the Topology Display
2.12
Using the Topology Display
The topology display shown in Figure 2-10 receives information from the selected
fabric and displays its topology. Switches and inter-switch links (ISLs) appear in
the graphic window and use color to indicate status. Consider the following
topology display features:
Switch and Link Status
Working with Switches and Links
Topology Data Windows
S
Figure 2-10. Topology Display
2.12.1
Switch and Link Status
Switch icon shape and color provide information about the switch and its
operational state. Lines represent links between switches. The topology display
uses green to indicate normal operation, yellow to indicate operational with errors,
red to indicate a potential failure or non-operational state, and blue to indicate
unknown, unreachable, or unmanageable. Refer to ”Fabric Status” on page 3-29
for more information about topology display icons.
2-2459097-02 B
A
2.12.2
Working with Switches and Links
Switch and link icons are selectable and moveable, and serve as access points for
other displays and menus. You select switches and links to display information
about them, modify their configuration, or delete them from the display.
Context-sensitive popup menus are displayed when you right-click on a switch or
link icon, or in the background of the topology display graphic window.
2.12.2.1
Selecting Switches and Links
Selected switch icons are highlighted in light blue. Selected ISLs a re displayed as
a heavier line. You can select switches and links in the following ways:
To select a switch or a link, click the icon or link.
To select multiple switches or links, hold down the Control key and select.
To select all switches or links, right-click anywhere in the graphic window
background. Select Select All Switches or Select All Links from the popup
menu.
2 – Using SANsurfer Switch Manager
Using the Topology Display
To cancel a selection, press and hold the Control key, and select the item again.
To cancel all selections, click in the graphic window background.
2.12.2.2
Arranging Switches in the Display
You can arrange individual switch icons in the topology display or allow SANsurfer
Switch Manager to arrange all switch icons for you:
To move an individual switch icon, click and drag the icon to another location
in the graphic window. Links stretch or contract to remain connected.
To arrange all switch icons in the topology display automatically, open the
View menu and select Layout Topology.
By default, the Toggle Auto Layout box in the View menu is checked which causes
SANsurfer Switch Manager to arrange the icons when you select Layout Topology.
You can save a custom arrangement, or layout, and restore that layout during a
SANsurfer Switch Manager session. Begin by arranging the icons, then open the
View menu and select Remember Layout. To restore the saved layout, open the
View menu, uncheck the Toggle Auto Layout box, and select Layout Topology.
59097-02 B2-25
2 – Using SANsurfer Switch Manager
Using the Topology Display
2.12.2.3
Opening the Faceplate and Topology Display Popup Menus
The topology display shows all switches that are able to communicate and all
connections between switches. The faceplate display shows the front of a single
switch and its ports. Menu options vary with each type of popup menu.
To open the fabric popup menu in the topology display , right-click the graphic
window background.
To open the switch popup menu in the topology display , right-click the switch
icon in the graphic window.
To open the link popup menu in the topology display, right-click the link.
To open the switch popup menu in the faceplate display, right-click the
faceplate in the graphic window.
2.12.3
Topology Data Windows
The topology display provides the following data windows corresponding to the
data window tabs:
S
Devices – displays information about devices (hosts and storage targets)
connected to the switch. Refer to ”Devices Data Window” on page 3-34 for
more information.
Active Zoneset – displays the active zone set for the fabric including zones
and their member ports. Refer to ”Active Zone Set Data Window” on
page 3-35 for more information about this data window. Refer to ”Zoning a
Fabric” on page 3-39 for information about zone sets and zones.
Switch – displays current network and switch configuration data for the
selected switches. Refer to ”Switch Data Window” on page 4-8 for more
information.
Link – displays information about the inter-switch links. Refer to ”Link Data
Window” on page 3-36 to for more information.
2-2659097-02 B
A
2.13
Using the Faceplate Display
The faceplate display shown in Figure 2-11 displays the switch name and
operational state, and port status. Consider the following functional elements of
the faceplate display:
Port Views and Status
Working with Ports
Faceplate Data Windows
2 – Using SANsurfer Switch Manager
Using the Faceplate Display
Figure 2-11. Faceplate Display
59097-02 B2-27
2 – Using SANsurfer Switch Manager
Using the Faceplate Display
2.13.1
Port Views and Status
Port color and text provide information about the port and its operational state.
Green indicates active; gray indicates inactive. The faceplate display provides the
following views of port status corresponding to the View menu options in the
faceplate display. Refer to ”Monitoring Port Status” on page 5-2 for more
information about these displays.
Port type
Port state
Port speed
Port media
Context-sensitive popup menus are displayed when you right-click the faceplate
image or a port icon in the faceplate display.
2.13.2
Working with Ports
S
Ports are selectable and serve as access points for other displays and menus.
You select ports to display information about them in the data window or to modify
them. Context-sensitive popup menus are displayed when you right-click the
faceplate image or on a port icon in the faceplate display.
2.13.2.1
Selecting Ports
You can select ports in the following ways. Selected ports are outlined in white.
To select a port, click the port in the faceplate display.
To select a range of consecutive ports, select a port, then press and hold the
To select several non-consecutive ports, hold the Control key while
To select all ports, right-click on the faceplate image. Select Select All Ports
To cancel a selection, press and hold the Control key and select it again.
shift key and select another port. The application selects both end ports and
all ports in between in port number sequence.
selecting.
from the popup menu.
2-2859097-02 B
A
2.13.2.2
Opening the Faceplate Popup Menu
To open the popup menu, right-click on the faceplate image to present the
following tasks.
Refresh the switch
Select all ports
Manage switch properties
Manage network properties
Manage SNMP properties
Extended credits wizard
Manage port properties
Change the port symbolic name
Run the port loopback tests
Services
2 – Using SANsurfer Switch Manager
Using the Faceplate Display
Security Consistency Checklist
If no ports are selected, the port-related tasks will be unavailable in the menu.
Right-click a port to open the Port popup menu. Hold down the Sh ift or Control key
to select more than one port. If multiple ports are selected, right-click one of the
selected ports.
2.13.3
Faceplate Data Windows
The faceplate display provides the following data windows corresponding to the
data window tabs:
Devices – displays information about devices (hosts and storage targets)
connected to the switch.
Switch – displays current switch configuration data.
Port Statistics – displays performance data for the selected ports.
Port Information – displays information for the selected ports.
Configured Zonesets – displays all zone sets, zones, and zone membership
in the zoning database.
Configured Security – displays all security definitions currently saved in the
database.
Active Security – displays the active security set.
59097-02 B2-29
2 – Using SANsurfer Switch Manager
Using the Faceplate Display
Notes
S
2-3059097-02 B
This section describes the following tasks that manage fabrics:
RADIUS Servers
Securing a Fabric
Tracking Fabric Firmware and Software Versions
Managing the Fabric Database
Displaying Fabric Information
Working with Device Information and Nicknames
Zoning a Fabric
3.1
RADIUS Servers
Remote Authentication Dial In User Service (RADIUS) provides a method to
centralize the management of authentication passwords in larger networks. It has
a client/server model, where the server is the password repository and third party
authentication point and the clients are all of the managed devices. RADIUS can
be configured for devices and/or user accounts. The RADIUS server dialogs are
available only on a secure (SSL) fabric and on the entry switch (out of band
switch). Refer to ”Connection Security” on page 3-7 and ”System Services Dialog”
on page 4-27 for more information.
Section 3
Managing Fabrics
RADIUS is designed to authenticate users and devices using a
challenge/response protocol. Basic implementations consist of a central RADIUS
server containing a database of authorized users as well as authentication
information. A RADIUS client wishing to verify the authenticity of a user issues a
challenge to the user and collects the response to the challenge. This information
is forwarded to the RADIUS server for authentication and the server responds
with the results, either an accept or reject. The RADIUS client does not need to be
configured with any user authentication information, this all resides on the
RADIUS server and can be managed centrally and separately from the clients. In
addition, no passwords are exchanged between the RADIUS server and its
clients. Authentication of requests from a RADIUS client to the server and
responses from the server to a client can also be authenticated. This requires
sharing a secret between the server and client. The accounting RADIUS supports
the auditing of the users and switch services such as Telnet, FTP, and switch
59097-02 B3-1
management applications.
3 – Managing Fabrics
RADIUS Servers
3.1.1
Adding a RADIUS Server
When you add a RADIUS server, you provide a method to centralize the
management of authentication passwords over a network.
S
Figure 3-1. Add Server
To add a RADIUS server, do the following:
1.Open the faceplate display, open the Switch menu, and select Radius
Servers....
2.In the Radius Server Information dialog, shown in Figure 3-1, click the Add Server tab.
3.Select the server type (Device, User, Account).
4.In the IP Address field, enter the remote IP address of the server.
5.In the UDP Port field, enter the remote UDP port number of the
Authentication RADIUS Server. The RADIUS Accounting Server UDP port
will always be the value of Device/User Authentication Server UDP Port + 1.
6.In the Timeout field, enter the timeout value in seconds (minimum of 1
second, maximum of 30 seconds). This is the number of seconds the
RADIUS client will wait for a response from the RADIUS server before
retrying, or giving up on a request.
3-259097-02 B
A
3 – Managing Fabrics
RADIUS Servers
7.In the Retries field, enter the the number of retries. This is the maximum
number of times the RADIUS client will retry a request sent to the primary
RADIUS server.
8.Select the Sign Packet check box to enable the switch to include a digital
signature (Message-Authenticator) in all RADIUS access request packets
sent to the RADIUS server. A valid Message-Authenticator attribute will be
required in all RADIUS server responses.
9.In the Secret field, enter the server secret. A secret is required for all
RADIUS servers. The secret is used when generating and checking the
Message-Authenticator attribute.
10.C lick the Add Server button to add the server, and click the Close button to
exit the dialog.
11.Click the Modify Authentication Order tab, and verify that Device
Authentication Order and User Authentication Order options are set to eithe r
Radius or Radius Local for RADIUS Authentication to be implemented.
59097-02 B3-3
3 – Managing Fabrics
RADIUS Servers
3.1.2
Removing a RADIUS Server
When you remove a RADIUS server, you disable the management of
authentication usernames and passwords over the network for that server.
S
Figure 3-2. Remove Server
To remove a RADIUS server, do the following:
1.Open the faceplate display, open the Switch menu, and select Radius
Servers....
2.In the Radius Server Information dialog, shown in Figure 3-2, click the
Remove Server tab.
3.In server list at the top of the dialog, select the server to be removed.
4.Click the Remove Server button to remove the server, and click the Close
3-459097-02 B
button to exit the dialog.
A
3.1.3
Editing RADIUS Server Information
Editing information of a RADIUS server involves changing the configuration of a
RADIUS server.
3 – Managing Fabrics
RADIUS Servers
Figure 3-3. Edit Server Information
To edit information of a RADIUS server, do the following:
1.Open the faceplate display, open the Switch menu, and select Radius
Servers....
2.In the Radius Server Information dialog, shown in Figure 3-3, click the Edit Server tab.
3.In server list at the top of the dialog, select the server to be edited.
4.Make changes to the IP Address, UDP Port, Timeout, Retries, and Secret
fields.
5.Select or unselect the server type (Device, User, Account) and Sign Packet
check boxes.
6.Click the Edit Server button to save the changes, and click the Close button
to exit the dialog.
59097-02 B3-5
3 – Managing Fabrics
RADIUS Servers
3.1.4
Modifying Authentication Order RADIUS Server Information
Editing information of a RADIUS server involves changing the configuration of a
RADIUS server.
S
Figure 3-4. Modify Authentication Order - RADIUS Server Information
To modify the authentication order information of a RADIUS server, do the
following:
1.Open the faceplate display, open the Switch menu, and select Radius
Servers....
2.In the Radius Server Information dialog, shown in Figure 3-4, click the
Modify Authentication Order tab.
3.In server list at the top of the dialog, select the server to be modified.
4.Make changes to the Device Authentication Order or User Authentication
Order pull-down menus. Select Local, Radius, or Radius Local.
5.Click the Modify Order button to save the changes, and click the Close
Connection security provides an encrypted data path for switch management
methods. The switch supports the Secure Shell (SSH) protocol for the command
line interface and the Secure Socket Layer (SSL) protocol for management
applications such as SANsurfer Switch Manager and Common Information
Module (CIM).
3 – Managing Fabrics
Securing a Fabric
The SSL handshake process between the workstation and the switch involves the
exchanging of certificates. These certificates contain the public and private keys
that define the encryption. The switch certificate is valid for one year beginning
with its creation date and time. The workstation validates the switch certificate by
comparing the workstation date and time to the switch certificate creation date and
time. For this reason, it is important to snychronize the workstation and switch with
the same date, time, and time zone. If a certificate has not been created by the
user, the switch will automatically create one.
Consider your requirements for connection security: for the command line
interface (SSH), management applications such as SANsurfer Switch Manager
(SSL), or both. If SSL connection security is required, also consider using the
Network Time Protocol (NTP) to synchronize workstations and switches.
59097-02 B3-7
3 – Managing Fabrics
Securing a Fabric
3.2.2
User Account Security
User account security is the process by which your user account and password
are authenticated with the list of valid user accounts and passwords. The switch
validates your account and password when you attempt to add a fabric using
SANsurfer Switch Manager or log in to a switch through Telnet. Your system
administrator defines accounts, p asswords, and authority levels that ar e stored on
the switch. Refer to ”Managing User Accounts” on page 4-2 for more information.
The Admin account possesses Admin authority which grants full access to all
tasks of the SANsurfer Switch Manager menu system. The switch validates your
user account and SANsurfer Switch Manager grants access to its menus
according to your authority level. If you do not have Admin authority, you are
limited to monitoring tasks.
NOTE:If a user is logged into a switch using SANsurfer Switch Manager or
CLI, and an administrator changes user access rights and passwords,
existing logins will not be affected by the new settings. Login access
and privileges are only checked for a new login request.
S
3.2.3
Security Consistency Checklist
The Security Consistency Checklist dialog enables you to compare
security-related features on switches to check for inconsistencies. Any changes
must be made through the appropriate dialog, such as Network Properties dialog,
Switch Properties dialog, or SNMP Properties dialog. To open the Security
Consistency Checklist dialog, open the Switch menu and select Security Consistency Checklist.
3-859097-02 B
A
3.2.4
Device Security
Device security provides for the authorization and authentication of devices that
you attach to a switch. You can configure a switch with a group of devices against
which the switch authorizes new attachments by devices, other switches, or
devices issuing management server commands. Device security is configured
through the use of security sets and groups. A group is a list of device worldwide
names that are authorized to attach to a switch. There are three types of groups:
one for other switches (ISL), another for devices (port), and a third for devices
issuing management server commands (MS). A security set is a set of up to three
groups with no more than one of each group type. The security configuration is
made up of all security sets on the switch.
In addition to authorization, the switch can be configured to require auth entication
to validate the identity of the connecting switch, device, or host. Authentication
can be performed locally using the switch security database, or remotely using a
Remote Dial-In User Service (RADIUS) server. With a RADIUS server, the
security database for the entire fabric resides on the server. In this way, the
security database can be managed centrally, rather than on each switch. You can
configure up to five RADIUS servers to provide failover.
3 – Managing Fabrics
Securing a Fabric
You can configure the RADIUS server to authenticate just the switch or both the
switch and the initiator device if the device supports authentication. When using a
RADIUS server, every switch in the fabric must have a network connection. A
RADIUS server can also be configured to authenticate user accounts.
Consider the devices, switches, and management agents and evaluate the need
for authorization and authentication. Also consider whether the security database
is to distributed on the switches or centralized on a RADIUS server and h ow many
servers to configure.
Managing device security involves the following tasks:
Creating security sets, groups, and members
Editing a security configuration on a switch
Viewing properties of a security set, group, or member
Archiving a security configuration on a switch to a file
Activating and deactivating a security set
The security database is made up of all security sets on the switch. The security
database has the following limits:
Maximum number of security sets is 4.
Maximum number of groups is 1000.
Maximum number of members in a group is 1000.
Maximum total number of group members is 1000.
59097-02 B3-9
3 – Managing Fabrics
Securing a Fabric
3.2.4.1
Edit Security Dialog
The Edit Security dialog, shown in Figure 3-5 opens after clicking the Security
button on the toolbar or selecting Edit Security from the Security menu. The
Security dialogs are available only on a secure (SSL) fabric and on the entry
switch (out of band switch). The primary use of the Edit Security dialog is to edit
the security configuration on the switch. You can also open and edit a security
configuration saved to a file. Editing security files consists of renaming and
removing security sets, groups, and members.
Use the Edit menu options or popup menu options to access Edit Security dialog
options. Select a security item in the graphic window and select an option in the
Edit menu, or right-click on a security item in the graphic window, and select an
option from the popup menus.
The orphan security set contains the security groups and members that don't
belong to a user-defined security set. Excluding the orphan security set, you can
only have 1 group type in a security set. The three types of security groups are:
ISL - default (E_Port authentication)
S
MS (Management Server CT authentication)
Port (F_Port authentication)
Figure 3-5. Edit Security Dialog
3-1059097-02 B
A
Use the File menu to:
Edit the security configuration on the switch.
Open or edit security files.
Save or rename security files
Use the Edit menu to:
Create security sets, security groups, and security group members
Rename or remove a security group from a security set or a member from a
security group
Remove a group from all security sets
Remove all security sets, groups, or members
View properties for the selected security set, group, or group
memberCreating a Security SetCreating a Security Set
3.2.4.2
Creating a Security Set
3 – Managing Fabrics
Securing a Fabric
There is a maximum of 4 security sets. To add a security set, do the following:
1.On the faceplate display, click the Security button on the toolbar, or open
the Security menu and select Edit Security to open the Edit Security dialog.
2.Choose one of the following methods to open the Create a Security Set
dialog:
Click the Security Set button in the toolbar.
Right-click in the graphic window, and select New Security Set from
the popup menu.
3.Enter a security set name. The naming conventions for security sets are:
Must start with a letter
All alphanumeric chars [aA- zZ] [0-9]
The symbols $ _ - and ^ are the only symbols allowed
4.Click the OK button to save the change.
59097-02 B3-11
3 – Managing Fabrics
Securing a Fabric
3.2.4.3
Create Security Group Dialog
Use the Create Security Group dialog, shown in Figure 3-6, to add a security
group to a security set. The Create Security Group dialog is displayed after
clicking the Security Group button on the toolbar, or after you right-click on a
security set in the graphic window and select Create a Security Group from the
popup menu.
S
Figure 3-6. Create Security Group Dialog
The naming conventions for all security groups are listed below.
Must start with a letter
All alphanumeric chars [aA- zZ] [0-9]
The symbols $ _ - and ^ are the only symbols allowed
3.2.4.4
Creating a Security Group
An empty (no members) security group in the active security set will prevent all
connections for that security group type. For example, an empty ISL security
group will cause the switch to refuse all logins from other switches. To add a
security group to a security set, do the following:
1.On the faceplate display, click the Security button on the toolbar, or open
the Security menu and select Edit Security to open the Edit Security dialog.
2.Choose one of the following methods to open the Create a Security Group
dialog:
In the graphic window, click a security set and click the Security
Group button in the toolbar.
Right-click on a security set and select Create a Security Group from
the popup menu.
3-1259097-02 B
A
3.Enter a security group name and select a security group type (ISL, Port, or
MS). Remember, only one security group type (1 ISL, 1 Port, 1 MS) in each
security set is allowed. The naming conventions for security groups are:
Must start with a letter
All alphanumeric chars [aA- zZ] [0-9]
The symbols $ _ - and ^ are the only symbols allowed
4.Click the OK button to save the change.
3.2.4.5
Create Security Group Member Dialog
Use the Create Security Group Member dialog, shown in Figure 3-7, to add a
member to a security group. Choose options from the Group Member (or
manually type in a hex value) and Authentication pull-down menus, and enter
values in the Secret and Binding (ISL groups only) fields.
3 – Managing Fabrics
Securing a Fabric
Figure 3-7. Create a Security Group Member Dialog
The conventions for ISL security group members are listed below:
You can enter member world-wide name (WWN), which must be 16 hex
characters, or 23 characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.
The authentication choices are None and Chap.
The Secret field is disabled if authentication is set to None. If authentication
is Chap, the Secret field is enabled.
The Generate button is only enabled when authentication is set to Chap.
59097-02 B3-13
Valid binding entries are between 0 to 239.
3 – Managing Fabrics
Securing a Fabric
The conventions for Port security group members are listed below:
You can enter member world-wide name (WWN), which must be 16 hex
The authentication choices are None and Chap.
The Secret field is disabled if authentication is set to None. If authentication
The Generate button is only enabled when authentication is set to Chap.
The conventions for MS security group members are listed below:
You can enter member world-wide name (WWN), which must be 16 hex
The CT (common transport) authentication choices are None, MD5, and
The Secret field is disabled if authentication is set to None, otherwise the
The Generate button is only enabled when authentication is Chap.
Secret is 16 byte length for MD5 authentication, and 20 bytes if
S
characters, or 23 characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.
is Chap, the Secret field is enabled.
characters, or 23 characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.
SHA-1.
Secret field enabled.
authentication is SHA-1.
3-1459097-02 B
A
3.2.4.6
Creating a Security Group Member
To add a member to a security group, do the following:
1.On the faceplate display, click the Security button on the toolbar, or open
the Security menu and select Edit Security to open the Edit Security dialog.
2.Choose one of the following methods to open the Create a Security Group
Member dialog:
In the graphic window, click a security group and click the Security
Member button in the toolbar.
Right-click on a security group and select Create Members from the
popup menu.
3.Open the Group Member pull-down menu and select a Node World-Wide
Name. The switch must be a member of any group in which authentication is
used. You can also type in a hex value.
4.Open the Authentication pull-down menu, and select a type of protocol to be
used for the authentication process for that member.
ISL authentication options are None (0 bytes), Chap (16 bytes)
3 – Managing Fabrics
Securing a Fabric
MS (CT - Common Transport) authentication options are None (0
bytes), MD5 (16 bytes), SHA (20 bytes)
Port authentication options are None (0 bytes), Chap (16 bytes)
5.In the Secret area, enter an authentication "password" to be assigned that
member. Or, you can click the Generate Secret button to randomly
generate a secret.
6.In the Binding field (ISL groups only), enter the domain ID (1-239) for the
switch for the ISL group member. The WWN of the switch must be at the
entered domain ID when attempting to enter the fabric, otherwise it will
become isolated.
7.Click the OK button to save the changes.
59097-02 B3-15
3 – Managing Fabrics
Securing a Fabric
3.2.4.7
Editing the Security Configuration on a Switch
To edit a security configuration on the switch, do the following:
1.On the faceplate display, click the Security button on the toolbar, or open
the Security menu and select Edit Security to open the Edit Security dialog.
By default, the security configuration on the switch is displayed in the Edit
Security dialog. To edit a security configuration saved to a file, open the File
menu and select Open File, or press Ctrl+o (letter o) to open the Open
dialog. Browse for and select the security file, and click the Open button to
display the security file in the Edit Security dialog.
2.Select the security item to edit in the graphic window , a nd choose one of the
following:
Rename a Security Set, or Group. Open the Edit menu and select a
Rename option. In the Rename dialog, enter a new name and click the
OK button to save the changes.
Edit Security Group Member. Open the Edit menu and select a Edit
Security Group Member option. In the Edit Security Group Member
dialog, enter a new Group Member (WWN), choose an option in the
Authentication pull-down menu, and click the OK button to save the
changes.
S
Remove a Security Set, Group, or Member. Select the item to
remove, open the Edit menu and select a Remove option. In the
Remove dialog, click the OK button to remove that item from the
security file and save the changes.
Clear Security . Select the Security Sets directory name, open the Edit
menu and select Clear Security. In the Remove dialog, click the OK
button to remove all security sets and save the changes. You can also
right-click on the Security Sets (top level) directory name, and select
Clear Security from the popup menu, and click the OK button to
remove all security sets.
3.Click the Apply button to save the changes and keep the Edit Security
dialog open. To save changes and close the Edit Security dialog in one step,
click the OK button.
4.Click the OK button to close the Edit Security dialog.
3-1659097-02 B
A
3.2.4.8
Viewing Properties of a Security Set, Group, or Member
To view the properties of a security set, group, or member, do the following:
1.On the faceplate display and click the Security button on the toolbar, or
open the Security menu and select Edit Security to open the Edit Security
dialog.
2.Choose one of the following:
Select a security set, group, or member, open the Edit menu and select
Properties.
In the graphic window, right-click on the security item, and select
Properties from the popup menu.
3.View the security information for the selected item in the Properties dialog.
3.2.4.9
Using the Security Config Dialog
Use the Security Config dialog, shown in Figure 3-8, to save the active security
configuration on the switch to non-volatile or to temporary memory, and to require
the domain ID of a switch be validated before attaching to the fabric.
3 – Managing Fabrics
Securing a Fabric
Figure 3-8. Security Config Dialog
To configure security on the switch, do the following:
1.On the faceplate display, open the Security menu and select Edit Security Config to open the Security Config dialog.
2.Check the Auto Save check box to enable (default) or disable Auto Save
mode. If enabled, the security configuration is saved to non-volatile memory
on the switch. If disabled, the security file is saved only to temporary
memory. The Auto Save feature is used when Fabric Binding is enabled.
When Auto Save is disabled, any updates from remote switches will not be
59097-02 B3-17
saved locally. If the local switch is reset, it may isolate.
3 – Managing Fabrics
Securing a Fabric
3.Check the Fabric Binding Enabled check box to require the expected
domain ID of a switch is verified before being allowed to attach to the fabric.
NOTE:The fabric binding feature must be enabled on all switches in the
fabric. When enabling this feature, it is best to set the switch state to
offline, enable the fabric binding feature on all switches, and then set
the switch state to online.
4.Click the Apply button to save the settings.
5.Click the OK button to close the Security Config dialog.
3.2.4.10
Archiving a Security Configuration to a File
To archive (save) a security configuration to a file, do the following:
1.On the faceplate display, click the Security button on the toolbar, or open
the Security menu and select Edit Security to open the Edit Security dialog.
S
2.Configure the security settings as desired.
3.Open the File menu and select Save As.
4.In the Save dialog, enter a name and location for the security file (.xml
extension).
5.Click the Save button to save the security file.
3.2.4.11
Activating a Security Set
Only one security set can be active at one time. To activate a security set, do the
following:
1.On the faceplate display, open the Security menu and select Activate Security Set to open the Activate Security Set dialog.
2.In the Activate Security Set dialog, select a security set from the pull-down
menu.
3.Click the Activate button to activate the security set.
3.2.4.12
Deactivating a Security Set
Only one security set can be active at one time. To deactivate an active security
set, do the following:
1.In the faceplate display, open the Security menu and select Deactivate Security Set.
2.In the Deactivate dialog, click the Yes button to confirm that you want to
deactivate the active security set.
3-1859097-02 B
A
3.2.4.13
Configured Security Data Window
The Configured Security data window displays a graphical representation of all
security sets, groups, and members in the database. To open the Configured
Security data window, click the Configured Security tab below the data window
in the faceplate display.
3.2.4.14
Active Security Data Window
The Active Security data window displays a graphical representatio n of the active
security set, its groups, and members in the database . To open the Active Security
data window , click the Active Security tab below the data window in the faceplate
display.
3.2.5
Fabric Services
Fabric services security includes SNMP and In-band management. Simple
Network Management Protocol (SNMP) is the protocol governing network
management and monitoring of network devices. SNMP security consists of a
read community string and a write community string, that are basically the
passwords that control read and write access to the switch. The read community
string ("public") and write community string ("private") are set at the factory to
these well-known defaults and should be changed if SNMP is enabled using the
System Servieces or SNMP Properties dialogs. If SNMP is enabled (default) and
the read and write community strings have not been changed from their defaults,
you risk unwanted access to the switch. Refer to ”Enabling SNMP Configuration”
on page 3-20 for more information. SNMP is enabled by default.
3 – Managing Fabrics
Securing a Fabric
In-band management is the ability to manage switches across inter-switch links
using SANsurfer Switch Manager, SNMP, management server, or the application
programming interface. The switch comes from the factory with in-band
management enabled. If you disable in-band management on a particular switch,
you can no longer communicate with that switch by means other than a direct
Ethernet or serial connection. Refer to ”Enabling In-band Management” on
59097-02 B3-19
page 3-20 for more information.
3 – Managing Fabrics
Tracking Fabric Firmware and Software Versions
3.2.5.1
Enabling SNMP Configuration
To enable SNMP configuration, do the following:
1.On the faceplate display, open the Switch menu and select SNMP Properties to open the SNMP Properties dialog.
2.In the SNMP Configuration area, place a check mark in the SNMP Enabled
check box.
3.Click the OK button to save the change to the database.
3.2.5.2
Enabling In-band Management
To enable In-band Management, do the following:
1.On the faceplate display, open the Switch menu and select Switch Properties to open the Switch Properties dialog.
2.Click the In-band Management Enable button.
S
3.Click the OK button to save the change to the database.
3.3
Tracking Fabric Firmware and Software Versions
The Fabric Tracker option enables you to generate a snapshot or baseline of
current system version information, which can be viewed, analyzed and compared
to other snapshot files, and exported to a file. Information includes date and time,
SANsurfer Switch Manager version, switch active firmware version, device
hardware, drivers, and firmware version from FDMI.
The Snapshot Analyzer option enables you to:
Compare two snapshots
Detect mismatches of firmware and driver versions
Detect devices that have been moved, added to or removed from the fabric.
3-2059097-02 B
A
3.3.1
Tracking Fabric Firmware and Software Versions
Saving a Version Snapshot
To save the current snapshot to an XML file, open the Fabric menu, select Fabric
Tracker, and select Save Snapshot. To view and analyze system version information, open the Fabric menu, select Fabric Tracker, and select Analyze
Snapshots. The Fabric Version Snapshot Analysis dialog, shown in Figure 3-9,
opens with the Summary, Differences and Reports tab pages. Click the Browse
buttons to open and view the snapshot files in the corresponding tab p ages. Click
the Close button to exit the Fabric Version Snapshot Analysis dialog. The color
key below the scrollable area defines the meanings of the colors used.
The Summary tab page shows a brief description of the changes that have
occurred between the older snapshot and the newer one. Use the Summary tab
page quickly view what has changed.
3.3.2
Viewing and Comparing Version Snapshots
The Differences tab page shows a side-by-side comp arison of two snapshot s. The
timestamp of each snapshot is displayed above the scroll area showing that
snapshot. The background color of the older snapshot is darker than the
background of the newer snapshot. The arrow icon between the snapshot
selectors always points from the older snapshot to the newer one. If the two
snapshots have the same timestamp, the arrow will not be displayed. The scroll
bars are synchronized to view the same portion of each snapshot file
simultaneously. Click and drag the separator bar between the two panes to resize
each pane. At the top of the separator bar between the two panes, click the
left/right arrows to close the corresponding pane. The left/right arrows move to
one side.
3 – Managing Fabrics
59097-02 B3-21
3 – Managing Fabrics
Tracking Fabric Firmware and Software Versions
3.3.3
Exporting Version Snapshots to a File
The Reports tab page enables you to select one of several reports to save to a
text file. The are two types of reports. The Summary report type shows the same
format displayed on the Summary tab page without the color highlighting. The
Detail report type shows a detailed breakdown of the differences. Use the Export
button to save the selected report to a text file.
S
Figure 3-9. Fabric Version Snapshot Analysis Dialog
3-2259097-02 B
A
3.4
Managing the Fabric Database
A fabric database contains the set of fabrics that you have added during a
SANsurfer Switch Manager session. Initially, if you do not open an existing fabric
or fabric view file, the SANsurfer Switch Manager application opens with an empty
fabric database.
3.4.1
Adding a Fabric
To add a fabric to the database, do the following:
1.Open the Fabric menu and select Add Fabric to open the Add a New Fabric
dialog as shown in Figure 3-10.
3 – Managing Fabrics
Managing the Fabric Database
Figure 3-10. Add a New Fabric Dialog
2.Enter a fabric name (optional) and the IP address of the switch through
which to manage the fabric.
3.Enter an account name and password. The factory account name and
password are "admin" and "password". The password is for the switch and is
stored in the switch firmware. Refer to ”Managing User Accounts” on
page 4-2 for information about creating user accounts.
4.Click the Add Fabric button.
59097-02 B3-23
3 – Managing Fabrics
Managing the Fabric Database
NOTE:A switch supports a combined maximum of 19 logins or sessions
reserved as follows:
4 logins or sessions for internal applications such as management
9 high priority Telnet sessions
6 logins or sessions for SANsurfer Switch Manager inband and
NOTE:If the entry switch has SSL (Secure Socket Layer) enabled, the switch
will generate and display a Verify Certificate dialog that you must
accept before gaining access to the fabric. Refer to ”Connection
Security” on page 3-7 and ”System Services Dialog” on page 4-27 for
more information on certificates and SSL.
S
server and SNMP
out-of-band logins, Application Programming Interface (API)
inband and out-of-band logins, and Telnet logins. Additional logins
will be refused.
3.4.2
Removing a Fabric
To delete a fabric file from the database, do the following:
1.Select a fabric in the fabric tree.
2.Open the Fabric menu and select Remove Fabric.
3.4.3
Opening a Fabric View File
A fabric view file is one or more fabrics saved to a file. To open an existing view
file, do the following:
1.Open the File menu and select Open View File, or click the Open button. If
the fabric you are currently viewing has changed, you will be prompted to
save the changes to the fabric view file with the Save View dialog before
opening a different view file.
2.In the Open View dialog, enter the name of the file to open, and enter a file
password, if a password was entered when this fabric view file was saved.
3.Click the OK button.
3-2459097-02 B
A
3.4.4
Saving a Fabric View File
To save a fabric view file, do the following:
1.Open the File menu, and select Save View As.
2.In the Save View dialog, enter a new file name.
3.Enter a file password, if necessary.
4.Click the OK button.
3.4.5
Rediscovering a Fabric
After making changes to or deleting switches from a fabric view, it may be helpful
to again view the actual fabric configuration. The rediscover fabric option clears
out the current fabric information being displayed, and rediscovers all switch
information. To rediscover a fabric, open the Fabric menu, and select Rediscover Fabric. The rediscover function is more comprehensive than the refresh function.
3.4.6
Deleting Switches and Links
3 – Managing Fabrics
Managing the Fabric Database
The SANsurfer Switch Manager application does not automatically delete
switches or links that have failed or have been physically removed from the fabric.
In these cases, you can delete switches and links to bring the display up to date. If
you delete a switch or a link that is still active, the SANsurfer Switch Manager
application will restore it automatically. You can also refresh the display. To delete
a switch from the topology display, do the following:
1.Select one or more switches in the topology display.
2.Open the Switch menu and select Delete.
To delete a link, do the following:
1.Select one or more links in the topology display.
2.Open the Switch menu and select Delete.
59097-02 B3-25
3 – Managing Fabrics
Managing the Fabric Database
3.4.7
Adding a New Switch to a Fabric
If there are no special conditions to be configured for the new switch, simply plug
in the switch and the switch becomes functional with the default fabric
configuration. The default fabric configuration settings are:
Fabric zoning is sent to the switch from the fabric.
All 1/2/4-Gbps ports will be GL_Ports; all 10-Gbps ports will be G_Ports.
The default IP address 10.0.0.1 is assigned to the switch without a gateway
or boot protocol configured (RARP, BOOTP, and DHCP).
If you are adding a new switch to a fabric and do not want to accept the default
fabric configuration, do the following:
1.If the switch is not new from the factory, reset the switch to the factory
configuration before adding the switch to the fabric by selecting Restore Factory Defaults in the Switch menu from the faceplate display.
2.If you want to manage the switch through the Ethernet port, you must first
configure the IP address using the Network Properties dialog or the
Configuration Wizard.
3.Configure any special switch settings. Consider configuring the Default
Visibility setting to None in the Zoning Config dialog to prevent devices from
finding other devices on all switches in the fabric until the new switch is
configured. To open the Zoning Config dialog, open the Zoning menu, and
select Edit Zoning Config.
4.Plug in the inter-switch links (ISL), but do not connect the devices.
5.Configure the port types for the new switch using the Port Properties dialog.
The 1/2/4-Gbps ports can be G_Port, GL_Port, F_Port, FL_Port, or Donor.
The 10-Gbps ports can be a G_Port or F_Port.
6.Connect the devices to the switch.
7.Make any necessary zoning changes using the Edit Zoning dialog. To open
the Edit Zoning dialog, open the Zoning menu, and select Edit Zoning. If
you changed the Default Visibility setting in the Zoning Config dialog from All
to None, change that setting back to All. To open the Zoning Config dialog,
open the Zoning menu, and select Edit Zoning Config.
S
3-2659097-02 B
A
3.4.8
Replacing a Failed Switch
The archive/restore works for all switches. However, the Restore menu item is not
available for the in-band switches. You can only restore a switch out-of-band (the
fabric management switch). There are certain parameters that are not archived,
and these are not restored by SANsurfer Switch Manager. Refer to ”Archiving a
Switch” on page 4-37 and ”Restoring a Switch” on page 4-38 for information about
archive and restore. Use the following procedure to replace a failed switch for
which an archive is available.
1.At the failed switch:
a.Turn off the power and disconnect the AC cords.
b.Note port locations and remove the interconnection cables and SFPs.
c.Remove the failed switch.
2.At the replacement switch:
a.Mount the switch in the location where the failed switch was removed.
b.Install the SFPs using the same ports as were used on the failed
switch.
3 – Managing Fabrics
Managing the Fabric Database
CAUTION!
c.Attach the AC cords and power up the switch.
3.Select the failed switch in the topology display. Open the Switch menu and
select Delete.
4.Restore the configuration from the failed switch to the replacement switch:
a.Open a new fabric through the replacement switch.
b.Open the faceplate display for the replacement switch. Open the
Switch menu and select Restore.
c.In the Restore dialog, enter the archive file from the failed switch or
browse for the file.
d.Click the Restore button.
5.Reset the replacement switch to activate the configuration formerly
possessed by the failed switch including the domain ID and the zoning
database. Open the Switch menu and select Reset Switch.
6.Reconnect the inter-switch links, target devices, and initiator devices to the
replacement switch using the same ports as were used on the failed switch.
Do not reconnect inter-switch links, target devices, and
initiator devices at this time. Doing so could invalidate
the fabric zoning configuration.
59097-02 B3-27
3 – Managing Fabrics
Displaying Fabric Information
3.5
Displaying Fabric Information
The topology display is your primary tool for monitoring a fabric. The graphic
window of the topology display provides status information for switches,
inter-switch links, and the Ethernet connection to the management workstation.
The data window tabs show device, switch, and active zone set information. The
Active Zoneset tab shows the zone definitions for the active zone set. Refer to
”Devices Data Window” on page 3-34 and ”Switch Data Window” on page 4-8 for
information about the Devices and Switch data windows.
S
3-2859097-02 B
A
3.5.1
Fabric Status
The fabric updates the topology and faceplate displays by forwarding changes in
status to the management workstation as they occur. You can allow the fabric to
update the display status, or you can refresh the display at any time. To refresh
the topology display, do one of the following:
Click the Refresh button.
Open the View menu and select Refresh.
Press the F5 key.
Right-click anywhere in the background of the topology display and select
The topology display uses switch and status icons to provide status information
about switches, inter-switch links, and the Ethernet connection. The switch status
icons, displayed on the left side of a switch, vary in shape and color. Switches
controlled by an Ethernet Internet Protocol have a colored Ethernet icon displayed
on the right side of the switch. A green Ethernet icon indicates normal operation,
yellow indicates a condition that may require attention to maintain maximum
performance, and red indicates a potential failure. Table 3-1 shows the different
switch icons and their meanings.
3 – Managing Fabrics
Displaying Fabric Information
Refresh Fabric from the popup menu.
Table 3-1. Topology Display Switch and Status Icons
Switch IconDescription
SANbox 5600 Series Switch
Normal operation (Green)
Warning–operational with errors (Yellow)
Critical–potential failure (Red)
Unknown–communication status unknown, unreach-
Switch is not manageable with this version of SANsurfer
Switch Manager. Use the management application that
was shipped with this switch.
59097-02 B3-29
3 – Managing Fabrics
Displaying Fabric Information
3.5.2
Displaying the Event Browser
The Event Browser displays a list of events gen erated by the switches in the fabric
and the SANsurfer Switch Manager application. Events that are generated by the
SANsurfer Switch Manager application are not saved on the switch, but can be
saved to a file during the SANsurfer Switch Manager session.
Entries in the Event Browser shown in Figure 3-11, are formatted by severity, time
stamp, source, type, and description. The maximum number of entries allowed in
the Event Browser is 10,000. The maximum number of entries allowed on a switch
is 1200. Once the maximum is reached, the event list wraps and the oldest events
are discarded and replaced with the new events. Event entries from the switch,
use the switch time stamp, while event entries generated by the application have
a workstation time stamp. You can filter , so rt, and export the co ntents of the Event
Browser to a file. The Event Browser begins recording when enabled and
SANsurfer Switch Manager is running.
If the Event Browser is enabled using the Preferences dialog, the next time
SANsurfer Switch Manager is started all events from the switch log will be
displayed. If the Event Browser is disabled when SANsurfer Switch Manager is
started and later enabled, only those events from the time the Event Browser was
enabled and forward will be displayed.
S
To display the Event Browser, open the Fabric menu and select Show Event
Browser, or click the Events button on the tool bar. If the Show Event Browser selection or the Events button is grayed-out, you must first enable the Events
Browser preference. Refer to ”Setting SANsurfer Switch Manager Preferences”
on page 2-16.
Column Sorting
Buttons
Severity
Column
Figure 3-11. Events Browser
3-3059097-02 B
A
3 – Managing Fabrics
Displaying Fabric Information
Severity is indicated in the severity column using icons as described in Table 3-2.
Table 3-2. Severity Levels
Severity
Icon
Alarm – An Alarm is a "serviceable event". T his means that attention by
the user or field service is required. Alarms are posted asynchronously
to the screen and cannot be turned off. If the alarm denotes that a system error has occurred the customer and/or field representative will
generally be directed to provide a "show support" capture of the switch .
Critical event – An event that indicates a potential failure. Critical log
messages are events that warrant notice by the user. By default, these
log messages will be posted to the screen. Critical log messages do not
have alarm status as they require no immediate attention from a user or
service representative.
Warning event – An event that indicates errors or other conditions that
may require attention to maintain maximum perfor mance. Warning messages will not be posted to the screen unless the log is configured to do
so. Warning messages are not disruptive and, therefore, do not meet
the criteria of Critical. The user need not be informed asynchronously
No iconInformative – An unclassified event that provides supporting informa-
tion.
Description
NOTE: Events (Alarms, Critical, Warning, and Informative) generated by
the application are not saved on the switch. They are permanently
discarded when you close a SANsurfer Switch Manager session,
but you can save these events to a file on the workstation before
you close SANsurfer Switch Manager and read it later with a text
editor or browser.
Events generated by the switch are stored on switch, and will be
retrieved when the application is restarted. Some alarms are
configurable. Refer to ”Configuring Port Threshold Alarms” on
page 4-14.
59097-02 B3-31
3 – Managing Fabrics
Displaying Fabric Information
3.5.2.1
Filtering the Event Browser
Filtering the Event Browser enables you to display only those events that are of
interest based on the event severity, timestamp, source, type, and description. To
filter the Event Browser, open the Filter menu and select Filter Entries. This
opens the Filter Events dialog shown in Figure 3-12. The Event Browser displays
those events that meet all of the criteria in the Filter Events dialog. If the filtering
criteria is cleared or changed, then all the events that were previously hidden that
satisfy the new criteria will be shown.
You can filter the event browser in the following ways:
Severity – Check one or more of the corresponding check boxes to display
alarm events, critical events, warning events, or informative events.
Date/Time – Check one or both of the From: and To: check boxes. Enter the
bounding timestamps (MM/dd/yy hh:mm:ss aa) to display only those events
that fall within those times. ("aa" indicates AM or PM.) The current year (yy)
can be entered as either 2 or 4 digits. For example, 12/12/03 will be
interpreted December 12, 2003.
Text – Check one or more of the corresponding check boxes and enter a text
string (case sensitive) for event source, type, and description. The Event
Browser displays only those events that satisfy all of the search
specifications for the Source, Type, and Description text.
S
Figure 3-12. Filter Events Dialog
3-3259097-02 B
A
3.5.2.2
Sorting the Event Browser
Sorting the Event Browser enables you to display the events in alphanumeric
order based on the event severity , timest amp, source, type, or description. Initially,
the Event Browser is sorted in ascending order by timestamp. To sort the Event
Browser, click the Severity, Timestamp, Source, Type, or Description column
buttons. You can also open the Sort menu and select By Severity, By Timestamp, By Source, By Type, or By Description. Successive sort
operations of the same type alternate between ascending and descending order.
3.5.2.3
Saving the Event Browser to a File
You can save the displayed Event Browser entries to a file. Filtering affects the
save operation, because only displayed events are saved. To save the Event
Browser to a file, do the following:
1.Filter and sort the Event Browser to obtain the desired display.
2.Open the File menu and select Save As.
3 – Managing Fabrics
Displaying Fabric Information
3.Select a folder and enter a file name in which to save the e vent log an d click
the Save button. The file can be saved in XML, CSV, or text format. XML
files can be opened with an internet browser or text editor. CSV files can be
opened with most spreadsheet applications.
59097-02 B3-33
3 – Managing Fabrics
Displaying Fabric Information
3.5.3
Devices Data Window
The Devices data window displays information about devices (hosts and storage
targets) connected to the switch. Click the Devices tab below the data window to
display device information for all devices that are logged into the selected fabric.
To narrow the display to devices that are logged into specific switches, select one
or more switches in the fabric tree or the topology display . Table 3-3 describes the
entries in the Devices data window. Refer to ”Exporting Device Information to a
File” on page 3-37 for exporting device information.
EntryDescription
Port WWNPort world wide name
NicknameDevice port nickname. To create a new nickname or edit an
S
Table 3-3. Devices Data Window Entries
existing nickname, double-click the cell and enter a nickname
in the Edit Nickname dialog. Refer to ”Managing Device Port
Nicknames” on page 3-37 for more information.
DetailsClick the (i) to display additional detail about the device. Refer
to ”Displaying Detailed Device Information” on page 3-36.
FC AddressFibre Channel address
SwitchSwitch name
PortSwitch port number
Target/InitiatorDevice type: target or initiator
VendorHost Bus Adapter/Device V endor
Host NameName of host
Active ZonesThe active zone to which the device belongs
Row #Number of port as displayed in the faceplate display
3-3459097-02 B
A
3.5.4
Active Zone Set Data Window
The Active Zoneset data window displays the zone membership for the active
zone set that resides on the fabric management switch. The active zone set is the
same on all switches in the fabric – you can confirm this by adding a fabric
through another switch and comparing Active Zone Set displays.
To open the Active Zoneset data window, click the Active Zoneset tab below the
data window in the topology display. Refer to ”Configured Zonesets Data
Windows” on page 4-13 for information about the zone set definitions on a
particular switch. Refer to ”Zoning a Fabric” on page 3-39 for more information
about zone sets and zones.
The Active Zoneset data window, shown in Figure 3-13, uses display conventions
for expanding and contracting entries that are similar to the fabric tree. An entry
handle located to the left of an entry in the tree indicates that the entry can be
expanded. Click this handle or double-click the following entries:
A zone set entry expands to show its member zones.
3 – Managing Fabrics
Displaying Fabric Information
A zone entry expands to show its member ports/devices.
Ports/devices that are zoned by WWN or FC address, but no longer part of
the fabric, are grayed-out.
Active Zoneset
Data Window
Figure 3-13. Active Zone Set Data Window
59097-02 B3-35
3 – Managing Fabrics
Working with Device Information and Nicknames
3.5.5
Link Data Window
The Link data window displays information about all switch links in the fabric or
selected links. This information includes the switch name, the port number at the
end of each link, and the link status icons. To open the Link data window, click the
Link tab below the data window in the topology display.
3.6
Working with Device Information and Nicknames
SANsurfer Switch Manager enables you to do the following:
Display detailed device information
Export device information to a file
Manage device port nicknames
3.6.1
Displaying Detailed Device Information
S
In addition to the information that is available in the Devices data window, you can
click the (i) in the Details column to display more information as shown in
Figure 3-14.
Figure 3-14. Detailed Devices Display Dialog
3-3659097-02 B
A
3.6.2
Exporting Device Information to a File
To save device information to a file, open the topology display and do the
following:
1.Select one or more switches. If no switches are selected, Devices
information is gathered for all switches.
2.Open the Switch menu and select Export Devices Information.
3.In the Save dialog, enter a file name.
4.Click the Save button.
3.6.3
Managing Device Port Nicknames
You can assign a nickname to a device port World Wide Name. A nickname is a
user-definable, meaningful name that can be used in place of the World Wide
Name. Assigning a nickname makes it easier to recognize device ports when
zoning your fabric or when viewing the Devices data window.
3 – Managing Fabrics
Working with Device Information and Nicknames
SANsurfer Switch Manager maintains nicknames in Nicknames.xml, which is
found in your working directory. In addition to creating, editing, and deleting
nicknames, you can also export the nicknames to a file, which can then be
imported into the Nicknames.xml file on other workstations.
3.6.3.1
Creating a Nickname
To create a device port nickname, do the following:
1.Open the File menu and select Nicknames to open the Nicknames dialog.
2.Choose one of the following methods to enter a nickname. A nickname must
start with a letter and can have up to 64 characters. Valid characters include
alphanumeric characters [aA-zZ][0-9] and special symbols [$ _ - ^ ].
Click on a device in the table. Open the Edit menu and select Create
Nickname to open the Add Nickname dialog. In the Add Nickname dialog, enter a nickname and WWN and click the OK button.
Double-click a cell in the Nicknames column, and enter a new
nickname in the text field. Click the Save button to save the changes
and exit the Nicknames dialog.
You can also create a nickname by double clicking a cell in the Nickname column
of the Devices data window. Refer to ”Devices Data Window” on page 3-34.
59097-02 B3-37
3 – Managing Fabrics
Working with Device Information and Nicknames
3.6.3.2
Editing a Nickname
A nickname must start with a letter and can have up to 64 characters. Valid
characters include alphanumeric characters [aA-zZ][0-9] and special symbols [$ _
- ^ ]. You can access the Edit Nicknames dialog two ways. Choose one of the
following methods to edit a nickname:
In the topology or faceplate display, open the File menu and select
Nicknames to open the Nicknames dialog. The device entries are listed in
table format.
Click on a device entry in the table. Open the Edit menu and select
Edit Nickname to open the Edit Nicknames dialog. Edit the nickname
in the text field. Click the OK button to save the changes.
Double-click a cell in the Nicknames or WWN columns, and edit the
nickname in the text field. Click the OK button to save the changes.
In the topology or faceplate display, click the Devices tab to display the
Devices data window. Double-click a cell in the Nickname column to open
the Edit Nickname dialog. Edit the nickname in the text field. Click the OK
button to save the changes. Refer to ”Devices Data Window” on page 3-34
for more information.
S
3.6.3.3
Deleting a Nickname
To delete a device port nickname, do the following:
1.Open the File menu and select Nicknames to open the Nicknames dialog.
2.Click a device in the table. Open the Edit menu and select Delete Nickname.
3.Click the Save button to save the changes.
3.6.3.4
Exporting Nicknames to a File
You can save nicknames to a file. This is useful for distributing nicknames to other
management workstations. To save nicknames to an XML file, do the following:
1.Open the File menu and select Nicknames to open the Nicknames dialog.
2.Open the File menu in the Nicknames dialog, and select Export.
3.Enter a name for the XML nickname file in the Save dialog and click Save.
3-3859097-02 B
A
3.6.3.5
Importing a Nicknames File
Importing a nicknames file copies its contents into and replaces the contents of
the Nicknames.xml file which is used by SANsurfer Switch Manager. To import a
nickname file, do the following:
1.Open the File menu and select Nicknames to open the Nicknames dialog.
2.Open the File menu in the Nicknames dialog, and select Import.
3.Select an XML nickname file in the Open dialog and click Open. When
prompted to overwrite existing nicknames, click Yes.
3.7
Zoning a Fabric
Zoning enables you to divide the ports and devices of the fabric into zones for
more efficient and secure communication among functiona lly grouped nodes. This
subsection addresses the following topics:
Zoning Concepts
Using the Zoning Wizard
3 – Managing Fabrics
Zoning a Fabric
Managing the Zoning Database
Managing Zone Sets
Managing Zones
Managing Aliases
Merging Fabrics and Zoning
3.7.1
Zoning Concepts
The following zoning concepts provide some context for the zoning tasks
described in this section:
Zones
Aliases
Zone Sets
Zoning Database
Configuring the Zoning Database
59097-02 B3-39
3 – Managing Fabrics
Zoning a Fabric
3.7.1.1
Zones
A zone is a named group of ports or devices that can communicate with each
other. Devices within a zone can only communicate with other devices in the same
zone. A device may participate in more than one zone.
Membership in a zone can be defined by switch domain ID and port number,
device Fibre Channel address (FCID), or device World Wide Name (WWN).
WWN entries define zone membership by the World Wide Name of the
FCID entries define zone membership by the Fibre Channel address of the
S
attached device. With this membership method, you can move WWN
member devices to different switch ports in dif fe rent zones without having to
edit the member entry as you would with a domain ID/port number member.
Furthermore, unlike FCID members, WWN zone members are not affected
by changes in the fabric that could change the Fibre Channel address of an
attached device.
attached device. With this membership method you can replace a device on
the same port without having to edit the member entry as you would with a
WWN member.
3.7.1.1.1
Soft Zones
Domain ID/Port number entries define zone membership by switch domain
ID and port number. All devices attached to the specified port become
members of the zone. The specified port must be an F_Port or an FL_Port.
Two types of zones are supported:
Soft zone
Hard zone - Access Control List (domain/port member only or it will revert
back to a soft zone when activated)
Soft zoning divides the fabric for purposes of controlling discovery. Devices within
the same soft zone automatically discover and communicate freely with all other
members of the same zone. The soft zone boundary is not secure; traffic across
soft zones can occur if addressed correctly. Soft zones that include members from
multiple switches need not include the ports of the inter-switch links. Soft zone
boundaries yield to ACL zone boundaries. Soft zones can overlap; that is, a
device can participate in more than one soft zone. Zone membership can be
defined by Fibre Channel address, domain ID and port number, World Wide
Name, or a combination. Soft zoning supports all port types.
3-4059097-02 B
A
3.7.1.1.2
Access Control List Hard Zones
Access Control List (ACL) zoning divides the fabric for purposes of controlling
discovery and inbound traffic. ACL zoning is a type of hard zoning that is
hardware enforced. This type of zoning is useful for controlling access to certain
devices without totally isolating them from the fabric. Devices can communicate
with each other and transmit outside the ACL zone, but cannot receive inbound
traffic from outside the zone. The ACL zone boundary is secure against inbound
traffic. ACL zones can overlap; that is, a port can be a member of more than one
ACL zone. ACL zones that include members from multiple switches need not
include the ports of the inter-switch links. ACL zone boundaries supersede soft
zone boundaries. Membership can be defined only by domain ID and port
number. ACL zoning supports all port types.
3.7.1.2
Aliases
To make it easier to add a group of ports or devices to one or more zones, you can
create an alias. An alias is a named set of ports or devices that are grouped
together for convenience. Unlike zones, aliases impose no communication
restrictions between its members. You can add an alias to one or more zones.
However, you cannot add a zone to an alias, nor can an alias be a member of
another alias.
3 – Managing Fabrics
Zoning a Fabric
3.7.1.3
Zone Sets
A zone set is a named group of zones. A zone can be a member of more than one
zone set. Each switch in the fabric maintains its own zoning database containing
one or more zone sets. This zoning database resides in non-volatile or permanent
memory and is therefore retained after a reset. Refer to ”Configured Zonesets
Data Windows” on page 4-13 for information about displaying the zoning
database.
The orphan zone set is created by the application automatically to hold the zones
which are not in any set. The orphan zone set cannot be removed and is not
saved on the switch.
To apply zoning to a fabric, choose a zone set and activate it. When you activate a
zone set, the switch distributes that zone set and its zones, excluding aliases, to
every switch in the fabric. This zone set is known as the active zone set. Refer to
”Active Zone Set Data Window” on p age 3-35 for information about displaying the
active zone set.
59097-02 B3-41
3 – Managing Fabrics
Zoning a Fabric
3.7.1.4
Zoning Database
Each switch has its own zoning database. The zoning database is made up of all
aliases, zones, and zone sets that have been created on the switch or received
from other switches. The switch maintains two copies of the inactive zoning
database: one copy is maintained in temporary memory for editing purposes; the
second copy is maintained in permanent memory. Zoning database edits are
made on an individual switch basis and are not propagated to other switches in
the fabric when saved.
There are two configuration parameters that affect the zoning database: Interop
Auto Save and Default Visibility. The Interop Auto Save parameter determines
whether changes to the active zone set that a switch receives from another switch
in the fabric will be saved to permanent memory on that switch. The Default
Visibility parameter permits or prohibits communication among ports/devices
when there is no active zone set. Refer to ”Configuring the Zoning Database” on
page 3-47 for information about zoning configuration.
S
3.7.1.4.1
Viewing Zoning Limits and Properties
Zoning limits vary depending on the firmware installed on the switch. To view
zoning limits and properties on a switch, do the following:
1.In the faceplate display, open the Zoning menu and select Edit Zoning to
open the Edit Zoning dialog.
2.Choose one of the following:
In the zone sets tree (left windowpane), right-click on the top zonesets
entry, a zone set, a zone, or a zone member. In the popup menu,
select Properties.
In the zone set tree (left windowpane), select the top zonesets entry, a
zone set, a zone, or a zone member. Open the Edit menu and select
Properties.
3.View the zoning limits and properties information in the Properties dialog.
4.Click the OK button to close the Properties dialog.
The zoning limits for switches with 5.02 firmware are:
MaxZoneSets is 256. The maximum number of zone sets that can be
configured on the switch. This will be enforced during the configuration of
zoning and during a zoning database merge from the fabric.
MaxZones is 2000. The maximum number of zones that can be configured
on the switch. This will be enforced during the configuration of zoning and
during a zoning database merge from the fabric.
3-4259097-02 B
A
3 – Managing Fabrics
Zoning a Fabric
MaxAliases is 2500. The maximum number of aliases that can be
configured on the switch. This will be enforced during the configuration of
zoning and during a zoning database merge from the fabric.
MaxT ot alMembers is 10,000. The maximum number of tot al zone and alias
members that can be configured on the switch. This will be enforced during
the configuration of zoning and during a zoning database merge from the
fabric. Aliases are considered zone members since they can be added to a
zone just like a normal zone member.
MaxZonesInZoneSets is 2000. The maximum number of zone linkages to
zonesets that can be configured on the switch. This will be enforced during
the configuration of zoning and during a zoning database merge from the
fabric. Every time a zone is added to a zoneset this constitutes a linkage.
MaxMembersPerZone is 2000. The maximum number of zone members
that can be added to any zone on the switch. This will be enforced during the
configuration of zoning and during a zoning database merge from th e fabric.
Aliases are considered zone members when added to a zone.
MaxMembersPerAlias is 2000. The maximum number of zone members
that can be added to any alias on the switch. This will be enforced during the
configuration of zoning and during a zoning database merge from the fabric.
3.7.2
Using the Zoning Wizard
The Zoning Wizard is a series of dialogs that leads you through the process of
zoning a fabric. To open the Zoning Wizard, open the Wizards menu in the
faceplate display, and select Zoning Wizard.
The Zoning Wizard helps you with the two most typical reasons for zoning:
Zoning Windows servers storage
Assign storage to servers.
To solve these problems, there must be at least one target and at least one
initiator in the name server. Windows servers do not share devices well, but
sometimes they must share devices, such as a tape drive. The wizard helps you
define which devices are sharable and which ones are not. Once a device is in a
Windows group, it can no longer be in any other group.
59097-02 B3-43
3 – Managing Fabrics
Zoning a Fabric
3.7.3
Managing the Zoning Database
Managing the zoning database consists of the following:
Editing the Zoning Database
Configuring the Zoning Database
Saving the Zoning Database to a File
Restoring the Zoning Database from a File
Restoring the Default Zoning Database
Removing All Zoning Definitions
3.7.3.1
Editing the Zoning Database
To edit the zoning database for a particular switch, open the Zoning menu from
the faceplate display and select Edit Zoning to open the Edit Zoning dialog
shown in Figure 3-15. Changes can only be made to inactive zone sets, which are
stored in flash (non-volatile) memory and retained after resetting a switch.
S
Port/Device
Tree
Zone Sets
Tree
Figure 3-15. Edit Zoning Dialog
To apply zoning to a fabric, choose a zone set and activate it. When you activate a
zone set, the switch distributes that zone set and its zones, excluding aliases, to
every switch in the fabric. This zone set is known as the active zone set.
3-4459097-02 B
A
3 – Managing Fabrics
Zoning a Fabric
You cannot edit an active zone set on a switch. You must configure an inactive
zone set to your needs and then activate that updated zone set to apply the
changes to the fabric. When you activate a zone set, the switch distributes that
zone set to the temporary zoning database on every switch in the fabric. However ,
in addition to the merged active zone set, each switch maintains its own original
zone set in its zoning database. Only one zone set can be active at one time.
NOTE:If the Interop Auto Save parameter is enabled on the Zoning
Configuration dialog, then every time the active zone set changes, the
switch will copy it into an inactive zone set stored on the switch. You
can edit this copy of the active zone set stored on the switch, and
activate the updated copy to conveniently apply the changes to the
active zone set. The edited copy then becomes the active zone set.
The Edit Zoning dialog has a Zone Sets tree on the left and a Port/Device (or
members) tree on the right. Both trees use display conventions similar to the
fabric tree for expanding and contracting zone sets, zones, and ports. An
expanded port shows the port Fibre Channel address; an expanded address
shows the port World Wide Name. You can select zone sets, zones, and ports in
the following ways:
Click a zone, zone set, or port icon.
Right-click to select a zone set or zone, and open the corresponding popup
menu.
Hold down the Shift key while clicking several consecutive icons.
Hold down the Control key while clicking several non-consecutive icons.
Using tool bar buttons, popup menus, or a drag-and-drop method, you can create
and manage zone sets and zones in the zoning datab ase. Table 3-4 describes the
zoning tool bar operations.
Use the Edit Zoning dialog to define zoning changes, and click the Apply button
to open the Error Check dialog. Click the Error Check button to have SANsurfer
Switch Manager check for zoning conflicts, such as empty zones, aliases, or zo ne
sets, and ACL zones with non-domain ID/port number membership. Click the
Save Zoning button to implement the changes. Click the Close button to close
the Error Check dialog. On the Edit Zoning dialog, click the Close button to close
the Edit Zoning dialog.
Table 3-4. Edit Zoning Dialog Tool Bar Buttons and Icons
Tool Bar ButtonDescription
Create Zone Set button - create a new zone set
59097-02 B3-45
3 – Managing Fabrics
Zoning a Fabric
Tool Bar ButtonDescription
S
Table 3-4. Edit Zoning Dialog Tool Bar Buttons and Icons (Continued)
Create Zone button - create a new zone
Create Alias button - create another name for a set of objects
Add Member button - adds selected port/device to a zone
Remove Member button - delete the selected zone from a zone
set, or delete the selected port/device from a zone
Switch port icon – not logged in
Switch port icon – logged in
NL_Port (loop) device icon – logged in to fabric
NL_Port (loop) device icon – not logged in to fabric
N_Port device icon – logged in to fabric
N_Port device icon – not logged in to fabric
3-4659097-02 B
A
3.7.3.2
Configuring the Zoning Database
Use the Zoning Config dialog to change the Auto Save, Default Visibility, and
Discard Inactive configuration parameters. In the faceplate display, open the
Zoning menu and select Edit Zoning Config to open the Zoning Config dialog
shown in Figure 3-16. After making changes, click the OK button to put the new
values into effect.
3 – Managing Fabrics
Zoning a Fabric
3.7.3.2.1
Interop Auto Save
The Interop Auto Save parameter determines whether changes to the active zone
set that a switch receives from other switches in the fabric will be saved to the
zoning database on that switch. Changes a re saved whe n an updated zone set is
activated. Zoning changes are always saved to temporary memory. However, if
Interop Auto Save is enabled, the switch firmware saves changes to the active
zone set in temporary memory and to the zoning database. If Interop Auto Save is
disabled, changes to the active zone set are stored only in temporary memory
which is cleared when the switch is reset.
NOTE:Disabling the Interop Auto Save parameter can be useful to prevent
Figure 3-16. Zoning Config Dialog
the propagation of zoning information when experimenting with
different zoning schemes. However, leaving the Interop Auto Save
parameter disabled can disrupt device configurations should a switch
have to be reset. For this reason, the Interop Auto Save parameter
should be enabled in a production environment.
59097-02 B3-47
3 – Managing Fabrics
Zoning a Fabric
3.7.3.2.2
Default Visibility
Default visibility determines the level of communication that is permitted among
ports/devices when there is no active zone set. The default visibility parameter
can be set differently on each switch. When default visibility is enabled (ALL) on a
switch, all ports/devices on the switch can communicate with all ports/devices on
switches that also have default visibility enabled. When Default Visibility is
disabled (NONE), none of the ports/devices on that switch can communicate with
any other port/device in the fabric.
3.7.3.2.3
Discard Inactive
The Discard Inactive parameter automatically removes inactive zones and zone
sets when a zoneset is activated or deactivated from a remote switch.
3.7.3.3
Saving the Zoning Database to a File
S
You can save the zoning database to an XML file. Y ou ca n later reload this zoning
database on the same switch or another switch. To save a zoning database to a
file, do the following:
1.In the faceplate display, open the Zoning menu, and select Edit Zoning.
2.In the Edit Zoning dialog, open the File menu and select Save As.
3.In the Save dialog, enter a file name for the database file.
4.Click the Save button to save the zoning file.
3.7.3.4
Restoring the Zoning Database from a File
CAUTION!Restoring the zoning database from a file will replace the current
zoning database on the switch.
Do the following to restore the zoning database from a file to a switch:
1.In the faceplate display, open the Zoning menu and select Edit Zoning to
open the Edit Zoning window.
2.Open the File menu and select Open File. A popup window will prompt you
to select an XML zoning database file.
3.Select a file and click Open.
3-4859097-02 B
A
3.7.3.5
Restoring the Default Zoning Database
Restoring the default zoning clears the switch of all zoning definitions.
CAUTION!This command will deactivate the active zone set.
To restore the default zoning for a switch:
1.In the faceplate display, open the Zoning menu and select Restore Default Zoning.
2.Click the OK button to confirm that you want to restore default zoning and
save changes to the zoning database.
3.7.3.6
Removing All Zoning Definitions
To clear all zone and zone set definitions from the zoning database, choose one of
the following:
3 – Managing Fabrics
Zoning a Fabric
Open the Edit menu and select Clear Zoning. In the Removes All dialog,
click the Yes button to confirm that you want to delete all zones and zone
sets.
Right-click the Zone Sets heading at the top of the Zone Sets tree, and
select Clear Zoning from the popup menu. Click the Yes button to confirm
that you want to delete all zone sets and zones.
59097-02 B3-49
3 – Managing Fabrics
Zoning a Fabric
3.7.4
Managing Zone Sets
Zoning a fabric involves creating a zone set, creating zones as zon e set members,
then adding devices as zone members. The zoning database supports multiple
zone sets to serve the different security and access needs of your storage area
network, but only one zone set can be active at one time. Managing zone sets
consists of the following tasks:
Creating a Zone Set
Activating and Deactivating a Zone Set
Copying a Zone to a Zone Set
Removing a Zone from a Zone Set or from All Zone Sets
Removing a Zone Set
NOTE:Changes that you make to the zoning database are limited to the
managed switch and do not propagate to the rest of the fabric. To
distribute changes to configured zone sets fabric wide, you must edit
the zoning databases on the individual switches.
S
3.7.4.1
Creating a Zone Set
To create a zone set, do the following:
1.Open the Zoning menu, and select Edit Zoning to open the Edit Zoning
dialog.
2.Open the Edit menu, and select Create Zone Set to open the Create Zone
Set dialog.
3.Enter a name for the zone set, and click the OK button. The new zone set
name is displayed in the Zone Sets dialog. A zone set name must begin with
a letter and be no longer than 64 characters. Valid characters are 0-9, A-Z,
a-z, _, -, ^, and $.
4.To create new zones in a zone set, do one of the following:
Right-click a zone set and select Create A Zone from the popup menu.
Copy an existing zone by dragging a zone into the new zone set. Refer
5.Click the Apply button to save changes to the zoning database.
In the Create a Zone dialog, enter a name for the new zone, and click
the OK button. The new zone name is displayed in the Zone Sets
dialog.
to ”Copying a Zone to a Zone Set” on page 3-51.
3-5059097-02 B
A
3.7.4.2
Activating and Deactivating a Zone Set
You must activate a zone set to apply its zoning definitions to the fabric. Only one
zone set can be active at one time. When you activate a zone set, the switch
distributes that zone set to the temporary zoning database on every switch in the
fabric.
The purpose of the deactivate function is to suspend all fabric zoning which
results in free communication fabric wide or no communication depending on the
default visibility setting. Refer to ”Default Visibility” on page 3-48 for more
information. It is not necessary to deactivate the active zone set before activating
a new one.
To activate a zone set, open the Zoning menu and select Activate Zone Set
to open the Activate Zone Set dialog. Select a zone set from th e Select Zone
Set pull-down menu, and click the Activate button.
To deactivate the active zone set, open the Zoning menu, select Deactivate
Zone Set. Acknowledge the warning about traffic disruption, and click the
Yes button to confirm that you want to deactivate the active zone set.
3 – Managing Fabrics
Zoning a Fabric
3.7.4.3
Copying a Zone to a Zone Set
To copy an existing zone and its membership from one zone set to another, select
the zone and drag it to the chosen zone set. Click the Apply button to save
changes to the zoning database.
3.7.4.4
Removing a Zone from a Zone Set or from All Zone Sets
You can remove a zone from a zone set or from all zone sets in the database.
1.In the faceplate display, open the Zoning menu and select Edit Zoning to
open the Edit Zoning dialog.
2.In the Zone Sets tree, select the zone(s) to be removed.
3.Open the Edit menu, and select Remove to remove the zone from the zone
set, or select Remove from All Zones to remove the zone from all zone
sets.
4.Click the Apply button to save changes to the zoning database.
Alternatively, you may use shortcut menus to remove a zone from a zone set or
from all zone sets in the database.
59097-02 B3-51
3 – Managing Fabrics
Zoning a Fabric
3.7.4.5
Removing a Zone Set
Removing a zone set from the database affects the me mber zones in the following
ways.
Member zones that are members of other zone sets are not affected.
Member zones that are not members of other zone sets become members
of the orphan zone set. The orphan zone set cannot be removed and is not
saved on the switch.
To delete a zone set from the database, do the following:
1.In the faceplate display, open the Zoning menu and select Edit Zoning to
open the Edit Zoning dialog.
2.In the Zone Sets tree, select the zone set to be removed.
3.Open the Edit menu, and select Remove to remove the zone set.
4.Click the Apply button to save changes to the zoning database.
Alternatively, you may use shortcut menus to remove a zone set from the
database.
S
3.7.5
Managing Zones
Managing zones involves the following:
Creating a Zone in a Zone Set
Adding Zone Members
Renaming a Zone or a Zone Set
Removing a Zone Member
Removing a Zone from a Zone Set
Removing a Zone from All Zone Sets
Changing Zone Types
NOTE:Changes that you make to the zoning database are limited to the
managed switch and do not propagate to the rest of the fabric. To
distribute changes to configured zone sets fabric wide, you must edit
the zoning databases on the individual switches.
3-5259097-02 B
A
3.7.5.1
Creating a Zone in a Zone Set
When a zone is created, its zone type is soft. To change the zone type to a hard
zone, refer to ”Changing Zone T ypes” on p age 3-56 for more information. Refer to
”Zones” on page 3-40 for information on zone types (soft and hard). To create a
zone in a zone set, do the following:
1.Open the Zoning menu, and select Edit Zoning to open the Edit Zoning
dialog.
2.Select a zone set.
3.Open the Edit menu and select Create a Zone.
4.In the Create a Zone dialog, enter a name for the new zone, and click the
OK button. The new zone name is displayed in the Zone Sets dialog. A zone
name must begin with a letter and be no longer than 64 characters. Valid
characters are 0-9, A-Z, a-z, _, ^, $, and -.
NOTE:If you enter the name of a zone that already exists in the
database, the SANsurfer Switch Manager application will ask if
you would like to add that zone and its membership to the zone
set.
3 – Managing Fabrics
Zoning a Fabric
5.To add switch ports or attached devices to the zone, do one of the following:
In the zone set tree, select the zone set. In the graphic window, select
the port to add to the zone. Open the Edit menu and select Add Members.
Select a port by port number, Fibre Channel address, or World Wide
Name in the Port/Device tree, and drag it into the zone.
Select a port by port number, Fibre Channel address, or World Wide
Name in the Port/Device tree. Right-click the zone and select Add Zone Members from the popup menu.
6.Click the Apply button to save changes to the zoning database.
59097-02 B3-53
3 – Managing Fabrics
Zoning a Fabric
3.7.5.2
Adding Zone Members
You can zone a port/device by switch domain ID and port number, device port
Fibre Channel address, or the device port WWN. Adding a port/device to a zone
affects every zone set in which that zone is a member. To add ports/devices to a
zone, do the following:
1.Open the Zoning menu, and select Edit Zoning to open the Edit Zoning
dialog.
2.Choose one of the following methods to add the port/device:
Select a port/device in the Port/Device tree, and drag it into the zone.
To select multiple ports/devices, press and hold the Control key while
selecting.
Select a port/device in the Port/Device tree. To select multiple
ports/devices, press the Control key while selecting. Select a zone set
in the left pane. Open the Edit menu and select Add Members.
Select a port/device in the Port/Device tree. To select multiple
ports/devices, press the Control key while selecting. Select a zone set
in the left pane. Click the Insert button.
S
If the port/device you want to add is not in the Port/Device tree, you can add
it by doing the following:
a.Right click the selected zone.
b.Open the Edit menu and select Create Members.
c.Choose the WWN, Domain/Port, or First Port Address radio button.
d.Enter the hexadecimal value for the port/device according to the radio
button selection: 16 digits for a WWN member, 4 digits for a Domain/
Port member (DDPP), or a 6-digit Fibre Channel Address for a First
Port Address member (DDPP AA) where D=domain ID, P=port number ,
and A=ALPA.
3.Click the OK button to add the member and save the change.
NOTE:Domain ID conflicts can result in automatic reassignment of switch
domain IDs. These reassignments are not reflected in zones that use
domain ID/port number pair to define their membership. Be sure to
reconfigure zones that are affected by a domain ID change.
3-5459097-02 B
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.