Q-Logic 5600 User Manual

Download

Simplify

SANbox 5600 Series

Switch Managment User’s Guide

Firmware Version 5.0

59097-02 B Page i

SANbox 5600 Series Switch Management User’s Guide

Information furnished in this manual is believed to be accurate and reliable. However, QLogic Corporation assumes no responsibility for its use, nor for any infringements of patents or other rights of third parties which may result from its use. QLogic Corporation reserves the right to change product specifications at any time without notice. Applications described in this document for any of these products are for illustrative purposes only. QLogic Corporation makes no representation nor warranty that such applications are suitable for the specified use without further testing or modification. QLogic Corporation assumes no responsibility for any errors that may appear in this document.

This product is covered by one or more of the following patents: 6697359; other patents pending.

QLogic, SANbox, SANsurfer, SANblade, SANsurfer Switch Manager, and SANsurfer Management Suite are trademarks or registered trademarks of QLogic Corporation.

Java and Solaris are registered trademarks of Sun Microsystems, Inc. Gnome is a trademark of the GNOME Foundation Corporation. Linux is a registered trademark of Linus Torvalds. Mac OS X and Safari are registered trademarks of Apple Computer, Inc. Microsoft, Windows NT, Windows 2000, Windows 2003, and Internet Explorer are trademarks of Microsoft

Corporation. Netscape Navigator and Mozilla are registered trademarks of Netscape Communications Corporation. Red Hat is a registered trademark of Red Hat Software Inc. All other brand and product names are trademarks or registered trademarks of their respective owners.

Document Revision History

Release, Revision A, September 2005 Firmware Versio n 5.0

SANsurfer Switch Manager version 5.00

Update, Revision B, December 22, 2006

Revision B Changes Document Sections Affected

Update logos and page formats All Update Contact Information 1.4.3

QLogic Corporation, 26650 Aliso Viejo Parkway, Aliso Viejo, CA 92656, (800) 662-4471 or (949) 389-6000

Page ii 59097-02 B

First Published: August 2004

Section 1 Introduction

1.1 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

1.2 Related Materials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

1.3 JDOM License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

1.4 Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

1.4.1 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

1.4.2 Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

1.4.3 Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Section 2 Using SANsurfer Switch Manager

2.1 Workstation Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

2.2 Installing the Management Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

2.2.1 SANsurfer Switch Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

2.2.2 SANsurfer Management Suite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

2.2.2.1 SMS Installation for Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

2.2.2.2 SMS Installation for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

2.2.2.3 SMS Installation for Solaris. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

2.3 Starting SANsurfer Switch Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

2.4 Exiting SANsurfer Switch Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

2.5 Uninstalling SANsurfer Switch Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

2.5.1 SMS Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14

2.5.2 Standalone Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14

2.6 Changing the Encryption Key for the Default Fabric View File. . . . . . . . . . . 2-15

2.7 Saving and Opening Fabric View Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

2.8 Setting SANsurfer Switch Manager Preferences . . . . . . . . . . . . . . . . . . . . . 2-16

2.9 Using Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

2.10 Viewing Software Version and Copyright Information . . . . . . . . . . . . . . . . . 2-17

2.11 SANsurfer Switch Manager User Interface . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

2.11.1 Menu Bars. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

2.11.1.1 Topology Display Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

2.11.1.2 Faceplate Display Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

2.11.1.3 Shortcut Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

2.11.2 Tool Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

2.11.3 Fabric Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22

2.11.4 Graphic Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23

2.11.5 Data Window and Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23

59097-02 B Page iii

SANbox 5600 Series Switch Management User’s Guide

2.11.6 Working Status Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23

2.12 Using the Topology Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

2.12.1 Switch and Link Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

2.12.2 Working with Switches and Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-25

2.12.2.1 Selecting Switches and Links. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-25

2.12.2.2 Arranging Switches in the Display . . . . . . . . . . . . . . . . . . . . . . . 2-25

2.12.2.3 Opening the Faceplate and Topology Display Popup Menus. . . 2-26

2.12.3 Topology Data Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26

2.13 Using the Faceplate Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

2.13.1 Port Views and Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28

2.13.2 Working with Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28

2.13.2.1 Selecting Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28

2.13.2.2 Opening the Faceplate Popup Menu . . . . . . . . . . . . . . . . . . . . . 2-29

2.13.3 Faceplate Data Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29

Section 3 Managing Fabrics

3.1 RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

3.1.1 Adding a RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

3.1.2 Removing a RADIUS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

3.1.3 Editing RADIUS Server Information . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

3.1.4 Modifying Authentication Order RADIUS Server Information . . . . . . . 3-6

3.2 Securing a Fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

3.2.1 Connection Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

3.2.2 User Account Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

3.2.3 Security Consistency Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

3.2.4 Device Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

3.2.4.1 Edit Security Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

3.2.4.2 Creating a Security Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

3.2.4.3 Create Security Group Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

3.2.4.4 Creating a Security Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

3.2.4.5 Create Security Group Member Dialog. . . . . . . . . . . . . . . . . . . . 3-13

3.2.4.6 Creating a Security Group Member . . . . . . . . . . . . . . . . . . . . . . 3-15

3.2.4.7 Editing the Security Configuration on a Switch. . . . . . . . . . . . . . 3-16

3.2.4.8 Viewing Properties of a Security Set, Group, or Member. . . . . . 3-17

3.2.4.9 Using the Security Config Dialog . . . . . . . . . . . . . . . . . . . . . . . . 3-17

3.2.4.10 Archiving a Security Configuration to a File . . . . . . . . . . . . . . . . 3-18

3.2.4.11 Activating a Security Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

3.2.4.12 Deactivating a Security Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

3.2.4.13 Configured Security Data Window . . . . . . . . . . . . . . . . . . . . . . . 3-19

3.2.4.14 Active Security Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

Page iv 59097-02 B

SANbox 5600 Series

3.2.5 Fabric Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

3.2.5.1 Enabling SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

3.2.5.2 Enabling In-band Management . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

3.3 Tracking Fabric Firmware and Software Versions . . . . . . . . . . . . . . . . . . . . 3-20

3.3.1 Saving a Version Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

3.3.2 Viewing and Comparing Version Snapshots . . . . . . . . . . . . . . . . . . . . 3-21

3.3.3 Exporting Version Snapshots to a File. . . . . . . . . . . . . . . . . . . . . . . . . 3-22

3.4 Managing the Fabric Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

3.4.1 Adding a Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

3.4.2 Removing a Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

3.4.3 Opening a Fabric View File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

3.4.4 Saving a Fabric View File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

3.4.5 Rediscovering a Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

3.4.6 Deleting Switches and Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

3.4.7 Adding a New Switch to a Fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

3.4.8 Replacing a Failed Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

3.5 Displaying Fabric Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28

3.5.1 Fabric Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

3.5.2 Displaying the Event Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

3.5.2.1 Filtering the Event Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

3.5.2.2 Sorting the Event Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33

3.5.2.3 Saving the Event Browser to a File . . . . . . . . . . . . . . . . . . . . . . 3-33

3.5.3 Devices Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

3.5.4 Active Zone Set Data Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35

3.5.5 Link Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

3.6 Working with Device Information and Nicknames . . . . . . . . . . . . . . . . . . . . 3-36

3.6.1 Displaying Detailed Device Information. . . . . . . . . . . . . . . . . . . . . . . . 3-36

3.6.2 Exporting Device Information to a File. . . . . . . . . . . . . . . . . . . . . . . . . 3-37

3.6.3 Managing Device Port Nicknames . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

3.6.3.1 Creating a Nickname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

3.6.3.2 Editing a Nickname. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

3.6.3.3 Deleting a Nickname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

3.6.3.4 Exporting Nicknames to a File . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

3.6.3.5 Importing a Nicknames File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

3.7 Zoning a Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

Switch Management User’s Guide

59097-02 B Page v

SANbox 5600 Series Switch Management User’s Guide

3.7.1 Zoning Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

3.7.1.1 Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

3.7.1.2 Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

3.7.1.3 Zone Sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

3.7.1.4 Zoning Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42

3.7.2 Using the Zoning Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

3.7.3 Managing the Zoning Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44

3.7.3.1 Editing the Zoning Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44

3.7.3.2 Configuring the Zoning Database. . . . . . . . . . . . . . . . . . . . . . . . 3-47

3.7.3.3 Saving the Zoning Database to a File. . . . . . . . . . . . . . . . . . . . . 3-48

3.7.3.4 Restoring the Zoning Database from a File . . . . . . . . . . . . . . . . 3-48

3.7.3.5 Restoring the Default Zoning Database . . . . . . . . . . . . . . . . . . . 3-49

3.7.3.6 Removing All Zoning Definitions. . . . . . . . . . . . . . . . . . . . . . . . . 3-49

3.7.4 Managing Zone Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50

3.7.4.1 Creating a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50

3.7.4.2 Activating and Deactivating a Zone Set . . . . . . . . . . . . . . . . . . . 3-51

3.7.4.3 Copying a Zone to a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51

3.7.4.4 Removing a Zone from a Zone Set or from All Zone Sets . . . . . 3-51

3.7.4.5 Removing a Zone Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52

3.7.5 Managing Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52

3.7.5.1 Creating a Zone in a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53

3.7.5.2 Adding Zone Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54

3.7.5.3 Renaming a Zone or a Zone Set . . . . . . . . . . . . . . . . . . . . . . . . 3-55

3.7.5.4 Removing a Zone Member. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55

3.7.5.5 Removing a Zone from a Zone Set . . . . . . . . . . . . . . . . . . . . . . 3-55

3.7.5.6 Removing a Zone from All Zone Sets. . . . . . . . . . . . . . . . . . . . . 3-55

3.7.5.7 Changing Zone Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56

3.7.6 Managing Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56

3.7.6.1 Creating an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56

3.7.6.2 Adding a Member to an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57

3.7.6.3 Removing an Alias from All Zones . . . . . . . . . . . . . . . . . . . . . . . 3-57

3.7.7 Merging Fabrics and Zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

3.7.7.1 Zone Merge Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

3.7.7.2 Zone Merge Failure Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59

Section 4 Managing Switches

4.1 Managing User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

4.1.1 Creating User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

4.1.2 Removing a User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

4.1.3 Changing a User Account Password. . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Page vi 59097-02 B

SANbox 5600 Series

4.1.4 Modifying a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

4.2 Displaying Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

4.2.1 Devices Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

4.2.2 Switch Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

4.2.3 Port Statistics Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

4.2.4 Port Information Data Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

4.2.5 Configured Zonesets Data Windows. . . . . . . . . . . . . . . . . . . . . . . . . . 4-13

4.3 Configuring Port Threshold Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

4.4 Paging a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

4.5 Setting the Date/Time and Enabling NTP Client . . . . . . . . . . . . . . . . . . . . . 4-16

4.6 Resetting a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

4.7 Configuring a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

4.7.1 Using the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

4.7.2 Switch Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

4.7.2.1 Symbolic Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

4.7.2.2 Switch Administrative States. . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

4.7.2.3 Domain ID and Domain ID Lock. . . . . . . . . . . . . . . . . . . . . . . . . 4-21

4.7.2.4 Fabric Device Management Interface. . . . . . . . . . . . . . . . . . . . . 4-22

4.7.2.5 Broadcast Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

4.7.2.6 In-band Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23

4.7.3 Advanced Switch Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

4.7.3.1 Interop Mode for Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

4.7.3.2 Legacy Port Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

4.7.3.3 Timeout Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

4.7.4 System Services Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

4.7.5 Security Consistency Checklist Dialog . . . . . . . . . . . . . . . . . . . . . . . . 4-28

4.7.6 Network Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

4.7.6.1 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

4.7.6.2 Remote Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

4.7.6.3 NTP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

4.7.7 SNMP Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

4.7.7.1 SNMP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

4.7.7.2 SNMP Trap Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

4.8 Managing Switch Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

4.8.1 Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

4.8.2 Select Source Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

4.9 Archiving a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

4.10 Restoring a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

4.11 Restoring the Factory Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . 4-40

Switch Management User’s Guide

59097-02 B Page vii

SANbox 5600 Series Switch Management User’s Guide

4.12 Downloading a Support File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

4.13 Upgrading the Switch Using License Keys. . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

4.14 Installing Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

4.15 Displaying Hardware Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

Section 5 Managing Ports

5.1 Displaying Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

5.1.1 Monitoring Port Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

5.1.1.1 Displaying Port Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

5.1.1.2 Displaying Port Operational States. . . . . . . . . . . . . . . . . . . . . . . 5-3

5.1.1.3 Displaying Port Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

5.1.1.4 Displaying Transceiver Media Status . . . . . . . . . . . . . . . . . . . . . 5-4

5.1.2 Port Statistics Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

5.1.3 Port Information Data Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

5.2 Configuring Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10

5.2.1 Changing Port Administrative States. . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

5.2.2 Changing Port Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12

5.2.3 Changing Port Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13

5.2.4 I/O Stream Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14

5.2.5 Device Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14

5.2.6 Changing Port Symbolic Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14

5.3 Using the Extended Credits Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15

5.4 Resetting a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

5.5 Testing Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17

5.6 Graphing Port Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19

5.6.1 Starting SANsurfer Performance Viewer. . . . . . . . . . . . . . . . . . . . . . . 5-20

5.6.2 Exiting SANsurfer Performance Viewer. . . . . . . . . . . . . . . . . . . . . . . . 5-21

5.6.3 Saving and Opening Performance View Files. . . . . . . . . . . . . . . . . . . 5-22

5.6.4 Changing the Default Performance View File Encryption Key . . . . . . 5-23

5.6.5 Setting SANsurfer Performance Viewer Preferences . . . . . . . . . . . . . 5-23

5.6.6 Setting the Polling Frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

5.6.7 Displaying Graphs for a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

5.6.7.1 Displaying Graphs for a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25

5.6.7.2 Arranging Graphs in the Display. . . . . . . . . . . . . . . . . . . . . . . . . 5-25

5.6.7.3 Customizing Graphs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26

5.6.7.4 Setting Global Graph Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28

5.6.7.5 Rescaling a Selected Graph. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28

5.6.8 Printing Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28

5.6.9 Saving Graph Statistics to a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28

Page viii 59097-02 B

SANbox 5600 Series

Switch Management User’s Guide

Appendix A Command Line Interface

A.1 Logging On to a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

A.2 User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

A.3 Working with Switch Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

A.3.1 Modifying a Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

A.3.2 Backing up and Restoring Switch Configurations . . . . . . . . . . . . . . . . A-4

A.4 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6

Admin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8

Alias Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9

CIM Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-11

CIMListener Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-13

CIMSubscription Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-15

Config Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-17

Create Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-20

Date Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-23

Feature Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-24

Firmware Install Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-25

Group Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-26

Hardreset Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-34

Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-35

History Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-36

Hotreset Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-37

Image Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-38

Lip Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-41

Passwd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-42

Ping Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-43

Ps Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-44

Quit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-45

Reset Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-46

Security Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-54

Securityset Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-58

Set Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-61

Set Config Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-64

Set Log Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-76

Set Port Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-80

Set Setup Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-82

Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-92

Show Config Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-107

Show Log Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-111

59097-02 B Page ix

SANbox 5600 Series Switch Management User’s Guide

Show Perf Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-115

Show Setup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-118

Shutdown Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-122

Test Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-123

Uptime Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-126

User Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-127

Whoami Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-130

Zone Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-131

Zoneset Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-135

Zoning Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-138

Glossary Index

List of Figures

Figure Page

2-1 Initial Startup Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

2-2 SANsurfer Switch Manager Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

2-3 Save Default Fabric View File Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

2-4 Load Default Fabric File Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

2-5 Preferences Dialog – SANsurfer Switch Manager. . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

2-6 SANsurfer Switch Manager Display Elements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

2-7 Topology Display Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

2-8 Faceplate Display Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

2-9 Fabric Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22

2-10 Topology Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

2-11 Faceplate Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

3-1 Add Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

3-2 Remove Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

3-3 Edit Server Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

3-4 Modify Authentication Order - RADIUS Server Information . . . . . . . . . . . . . . . . . . . 3-6

3-5 Edit Security Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

3-6 Create Security Group Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

3-7 Create a Security Group Member Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

3-8 Security Config Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

3-9 Fabric Version Snapshot Analysis Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

3-10 Add a New Fabric Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

3-11 Events Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

3-12 Filter Events Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

3-13 Active Zone Set Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35

3-14 Detailed Devices Display Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

3-15 Edit Zoning Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44

3-16 Zoning Config Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

Page x 59097-02B

SANbox 5600 Series

4-1 User Account Administration Dialog – Add Account . . . . . . . . . . . . . . . . . . . . . . . . 4-3

4-2 User Account Administration Dialog – Remove Account. . . . . . . . . . . . . . . . . . . . . 4-4

4-3 User Account Administration Dialog – Change Password. . . . . . . . . . . . . . . . . . . . 4-5

4-4 User Account Administration Dialog - Modify Account. . . . . . . . . . . . . . . . . . . . . . . 4-6

4-5 Faceplate Display - Switch Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

4-6 Configured Zonesets Data Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13

4-7 Port Threshold Alarm Configuration Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

4-8 Port Threshold Alarm Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

4-9 Switch Properties Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

4-10 Advanced Switch Properties Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

4-11 System Services Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

4-12 Network Properties Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29

4-13 SNMP Properties Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

4-14 Switch Stacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

4-15 Syslog Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36

4-16 Restore Dialogs – Full and Selective. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38

4-17 Features License Key Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

4-18 Add License Key Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43

4-19 Hardware Status LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

5-1 Faceplate Display – Port Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

5-2 Port Properties Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10

5-3 Designate Donor Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

5-4 Port Loopback Test Dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17

5-5 Fabric View Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19

5-6 Save Default Performance View File Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21

5-7 Load Default View File Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22

5-8 Preferences – SANsurfer Performance Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23

5-9 Default Graph Options Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26

Switch Management User’s Guide

List of Tables

Table Page

2-1 Workstation Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

2-2 Tool Bar Buttons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

3-1 Topology Display Switch and Status Icons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

3-2 Severity Levels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

3-3 Devices Data Window Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

3-4 Edit Zoning Dialog Tool Bar Buttons and Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

4-1 Factory User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

4-2 Switch Data Window Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

4-3 Switch Resets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

4-4 Switch Administrative States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

4-5 Timeout Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

4-6 IP Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

4-7 SNMP Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

4-8 SNMP Trap Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

59097-02 B Page xi

SANbox 5600 Series Switch Management User’s Guide

4-9 Factory Default Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

5-1 Port Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

5-2 Port Operational States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

5-3 Port Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

5-4 Port Transceiver Media View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

5-5 Port Statistics Data Window Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

5-6 Port Information Data Window Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

5-7 Port Administrative States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

5-8 Port Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12

5-9 Port Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13

A-1 Command-Line Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6

A-2 Commands Listed by Authority Level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

A-3 CIM Listener Configuration Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-13

A-4 CIM Subscription Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-15

A-5 ISL Group Member Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-27

A-6 Port Group Member Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-28

A-7 MS Group Member Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-29

A-8 Group Member Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-30

A-9 Switch Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-48

A-10 Port Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-49

A-11 Port Threshold Alarm Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-50

A-12 Zoning Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-51

A-13 SNMP Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-51

A-14 RADIUS Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-52

A-15 Services Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-52

A-16 System Configuration Defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-53

A-17 Security Configuration Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-53

A-18 Set Config Port Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-64

A-19 Security Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-67

A-20 Set Config Switch Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-67

A-21 Set Config Threshold Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-69

A-22 Set Config Zoning Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-70

A-23 RADIUS Service Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-82

A-24 Switch Services Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-84

A-25 SNMP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-86

A-26 System Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-87

A-27 Show Port Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -95

A-28 Switch Operational Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-98

A-29 Zoning Database Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-139

Page xii 59097-02 B

Section 1

Introduction

This manual describes the switch management tools which include the SANsurfer Switch Manager application (version 5.00) and the Command Line Interface (CLI) for the SANbox 5600 Series Fibre Channel switches (firmware version 5.0). The SANbox 5600 Series switches are 20 port non-blocking Fibre Channel switches. This manual defines the features, components, and performance characteristics of the SANbox 5600 Series switches. The SANsurfer Switch Manager application is the primary focus of this manual which is organized as follows:

 Section 1 describes the intended audience for this manual, related

materials, and technical support.

 Section 2 describes how to use SANsurfer Switch Manager, its menus, and

its displays.

 Section 3 describes fabric management tasks.  Section 4 describes switch management tasks.  Section 5 describes port and device management tasks.  Appendix A describes the command line interface.

A glossary of terms and an index are also provided.

1.1

Intended Audience

This manual introduces the switch management products and explains their installation and use. It is intended for users responsible for installing and using switch management tools.

1.2

Related Materials

Refer to the following manuals for information about switch hardware and installation.

 SANbox 5600 Series Fibre Channel Switch Installation Guide, publication

number 59096-02.

1.3

JDOM License

59097-02 B 1-1

1 – Introduction JDOM License

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the disclaimer that follows these conditions in the documentation and/or other materials provided with the distribution.

3. The name "JDOM" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact license@jdom.org.

4. Products derived from this software may not be called "JDOM", nor may "JDOM" appear in their name, without prior written permission from the JDOM Project Management (pm@jdom.org).

In addition, we request (but do not require) that you include in the end-user documentation provided with the redistribution and/or in the software itself an acknowledgement equivalent to the following: "This product includes software developed by the JDOM Project (http://www.jdom.org/)."

Alternatively, the acknowledgment may be graphical using the logos available at http://www.jdom.org/images/logos.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf of the JDOM Project and was originally created by Brett McLaughlin <brett@jdom.org> and Jason Hunter <jhunter@jdom.org>. For more information on the JDOM Project, please see <http://www.jdom.org/>.

1-2 59097-02 B

1.4

Technical Support

Customers should contact their authorized maintenance provider for technical support of their QLogic switch products. QLogic-direct customers may contact QLogic Technical Support; others will be redirected to their authorized maintenance provider.

Visit the QLogic support Web site listed in Contact Information for the latest firmware and software updates.

1.4.1

Availability

QLogic Technical Support for products under warranty is available during local standard working hours excluding QLogic Observed Holidays.

1.4.2

Training

QLogic offers certification training for the technical professional for both the SANblade™ HBAs and the SANbox 5600 Series switches. From the training link at www.qlogic.com, you may choose Electronic-Based Training or schedule an intensive "hands-on" Certification course.

1 – Introduction

Technical Support

Technical Certification courses include installation, maintenance and troubleshooting QLogic SAN products. Upon demonstrating knowledge using live equipment, QLogic awards a certificate identifying the student as a Certified Professional. The training professionals at QLogic may be reached by email at tech.training@qlogic.com.

59097-02 B 1-3

1 – Introduction Technical Support

1.4.3

Contact Information

Support Headquarters QLogic Corporation

QLogic Web Site www.qlogic.com Technical Support Web Site support.qlogic.com Technical Support Email support@qlogic.com Technical Training Email tech.training@qlogic.com

North American Region

Email support@qlogic.com Phone +1-952-932-4040

12984 Valley View Road Eden Prairie, MN 55344-3657 USA

Fax +1 952-932-4018

Europe, Middle East, and Africa Region

Email emeasupport@qlogic.com Phone Numbers by Language +353 1 6924960 - English

+353 1 6924961 - Français +353 1 6924962 - Deutsch +353 1 6924963 - Español +353 1 6924964 - Português +353 1 6924965 - Italiano

Asia Pacific Region

Email apacsupport@qlogic.com Phone Numbers by Language +63-2-885-6712 - English

+63-2-885-6713 - (Mandarin) +63-2-885-6714 - (Japanese) +63-2-885-6715 - (Korean)

Latin and South America Region

Email calasupport@qlogic.com Phone Numbers by Language +52 55 5278 7016 - English

+52 55 5278 7017 - Español +52 55 5278 7015 - Português

1-4 59097-02 B

Section 2

Using SANsurfer Switch Manager

This section describes how to use the SANsurfer Switch Manager application and its menus. The following topics are covered:

 Workstation Requirements  Installing the Management Application  Starting SANsurfer Switch Manager  Exiting SANsurfer Switch Manager  Uninstalling SANsurfer Switch Manager  Changing the Encryption Key for the Default Fabric View File  Saving and Opening Fabric View Files  Setting SANsurfer Switch Manager Preferences  Using Online Help  Viewing Software Version and Copyright Information  SANsurfer Switch Manager User Interface  Using the Topology Display  Using the Faceplate Display

59097-02 B 2-1

2 – Using SANsurfer Switch Manager Workstation Requiremen ts

2.1

Workst ation Requirements

The requirements for fabric management workstations running SANsurfer Switch Manager are described in Table 2-1:

Table 2-1. Workstation Requirements

Operating System

Memory 256 MB or more Disk Space 150 MB per installation Processor 500 MHz or faster Hardware

Internet Browser Microsoft® Internet Explorer® 5.0 and later

Telnet workstations require an RJ-45 Ethernet port or an RS-232 serial port and an operating system with a Telnet client.

2.2

 Windows® 2000, 2003, and XP  Solaris™ 8, 9, and 10  Linux® Red Hat® EL 3.x  S.u.S.E® Linux 9.0 Enterprise  Mac OS X® 10.3

CD-ROM drive,

Netscape® Navigator® 4.72 and later Mozilla™ 1.02 and later

Java 2 Run Time Envir onment to support the web applet

RJ-45 Ethernet port, RS-232 serial port (optional)

Installing the Management Application

You can manage the switch using SANsurfer Switch Manager as a standalone application or as a part of SANsurfer Management Suite™. SANsurfer Management Suite is QLogic’s integrated fabric management application, managing both HBAs and switches.

 If your switch was shipped with a SANsurfer Switch Manager Disk, refer to

”SANsurfer Switch Manager” on page 2-3 for instructions on how to install

SANsurfer Switch Manager.

 If your switch was shipped with a SANsurfer Management Suite Disk, refer

to ”SANsurfer Management Suite” on page 2-4 for instructions on how to install and upgrade SANsurfer Management Suite.

2-2 59097-02 B

2.2.1

SANsurfer Switch Manager

You can install SANsurfer Switch Manager on a Windows, Linux, Solaris, or Mac OS X workstation. To install the SANsurfer Switch Manager application from the SANsurfer Switch Manager Installation Disk, do the following:

For a Windows platform:

1. Close all programs currently running, and insert the SANsurfer Switch Manager Installation Disk into the management workstation CD-ROM drive.

2. In the upper left corner of the product introduction screen, click Management Software.

3. Locate your platform in the table and click Install.

If the product introduction screen does not open in step 2, open the CD with Windows Explorer and run the installation program with the following path:

data\files\Management_Software\Windows\Windows_5.00.xx.xx.exe

For a Linux platform:

2 – Using SANsurfer Switch Manager

Installing the Management Application

Open the CD and run the installation program with the following path:

data/files/Management_Software/Linux/Linux_5.00.xx.xx.bin

If there is no CD-ROM icon, do the following:

1. Open an xterm or other terminal window.

2. Mount the CD-ROM. From a shell prompt, enter the following:

mount /mnt/cdrom

3. Change directory to the location of the install program:

cd /mnt/cdrom/data/files/Management_Software/Linux

4. Execute the install program and follow the installation instructions.

Linux_5.00.xx.xx.bin

For a Solaris platform:

1. Open a terminal window. If the disk isn’t already mounted, enter the following command:

volcheck

2. Enter following command to move to the directory on the CD that contains the executable:

cd /cdrom/cdrom0/data/files/Management_Software/solaris

3. Execute the install program and follow the installation instructions:

Solaris_5.00.xx.xx.bin

59097-02 B 2-3

2 – Using SANsurfer Switch Manager Installing the Management Application

For a Mac OS X platform:

1. Open the CD and move to the following folder:

data/files/Management_Software/MacOSX

2. Double click the applicaton zip file (MacOSX_5.00.xx_xxxx.zip). This will place the install program on your desktop.

3. Locate the Install program icon on your desktop, execute it, and follow the installation instructions.

2.2.2

SANsurfer Management Suite

The following instructions describe how to install SANsurfer Management Suite and upgrade SANsurfer Switch Manager. You can install SANsurfer Management Suite (SMS) on a Windows, Linux, or Solaris workstation. Choose the instru ctions for your workstation:

 SMS Installation for Windows  SMS Installation for Linux  SMS Installation for Solaris

2.2.2.1

SMS Installation for Windows

Close all programs currently running, and insert the SANsurfer Management Suite Installation Disk into the management workstation CD-ROM drive.

1. If the SANsurfer Management Suite start page does not o pen in your default browser, do the following:

a. Using Windows Explorer, double-click the drive letter which contains

the SANsurfer Management Suite Disk.

b. Locate and double-click the Start_Here.htm file to open the SANsurfer

Management Suite start page in your default browser.

2. On the SANsurfer Management Suite start page, click the SANbox Switch Software button.

3. On the SANbox Switch Software page, scroll to the SANbox 5600 Series Series area.

4. In the Operating System column, click the Win NT/2000 link.

5. Click the SANsurfer Management Software link to open the File Download dialog.

2-4 59097-02 B

2 – Using SANsurfer Switch Manager

Installing the Management Application

6. You can run the installation file from the CD-ROM or download the installation file to your hard drive. Choose one of the following:

 Open the installation file from the CD-ROM and follow the SANsurfer

Switch Manager installation instructions.

 Specify a location in which to save the sansurfer_windows_install.exe

file, and click the Save button. Double-click the saved sansurfer_windows_install.exe file and follow the installation instructions.

7. When the installation is complete, start SANsurfer Management Suite using the SANsurfer file from the SANsurfer Management Suite installation directory. You can also start SANsurfer Management Suite by clicking the SANsurfer icon (if installed) on the desktop or from the Start menu. In SMS, Click the Switch tab in the left pane. From the Help menu, select About ... and make note of the version number. Close SANsurfer Management Suite.

8. To ensure you are using the most recent version of SANsurfer Switch Manager, visit the QLogic support web page and go to Drivers, Sof tware and

Manuals.

a. Select your switch model from the pull-down menu. Locate the

description for SANsurfer Switch Manager for Windows under "Management Software".

b. If the release version number (5.00.xx) is greater than what is currently

installed, download the new version and proceed to step 9. Otherwise, no upgrade is needed and the SMS installation is complete.

9. To start the installer, open the zip file and run the SANsurferSwitchMgr_Windows_5.00.xx.exe file.

10. When prompted for an installation directory, click the Choose button and select the same folder as the SANsurfer Management Suite installation in

step 6. The default SMS installation directory is C:\Program Files\QLogic

Corporation\SANsurfer. Click the Next button.

11. When prompted for the location in which to create the program icons, click the In an Existing Group radio button, then specify the same group that was used for the SMS installation. The default SMS group is "QLogic Management Suite". Click the Next button.

12. Click the Install button to the start the installation. When the installation is complete, click the Done button.

13. In the SMS install directory, enter the following command to execute the chglax.bat file. If prompted to overwrite an existing file, enter Y to do so.

chglax.bat

14. Restart SANsurfer Switch Manager from SANsurfer Management suite as you did in step 7 and confirm that the new version is running.

59097-02 B 2-5

2 – Using SANsurfer Switch Manager Installing the Management Application

2.2.2.2

SMS Installation for Linux

Close all programs currently running, and insert the SANsurfer Management Suite Installation Disk into the management workstation CD-ROM drive.

1. If a file browser dialog opens showing icons for the contents of the CD-ROM, double-click the Start_Here.htm file to open the SANsurfer Management Suite start page. If a file browser does not open, double-click the CD-ROM icon to open the browser. If there is no CD-ROM icon, do the following:

a. Open an xterm or other terminal window. b. Mount the CD-ROM. From a shell prompt, enter the following

command:

mount /mnt/cdrom

c. Execute your web browser to view the Start_Here.htm document using

one of the following commands:

mozilla file:/mnt/cdrom/Start_Here.htm

netscape file:/mnt/cdrom/Start_Here.htm

d. The SANsurfer Management Suite start page opens in your browser.

2. On the SANsurfer Management Suite start page, click the SANbox Switch Software button.

3. On the SANbox Switch Software page, scroll to the SANbox 5600 Series Series area.

4. In the Operating System column, click the Linux link.

5. Click the SANsurfer Management Software link to open the File Download dialog.

6. Enter a path name to save the sansurfer_linux_install.bin file, and click the Save button.

7. Open a terminal window for the directory in which the sansurfer_linux_install.bin file was saved, and make the file executable.

chmod +x sansurfer_linux_install.bin

8. Execute the install program and follow the installation instructions

./sansurfer_linux_install.bin

9. When the installation is complete, start SANsurfer Management Suite using the SANsurfer file in the installation directory. Click the Switch tab from the left pane to open SANsurfer Switch Manager. From the Help menu, select About ... and make note of the release version number. Close SANsurfer Management Suite.

2-6 59097-02 B

2 – Using SANsurfer Switch Manager

Installing the Management Application

10. To ensure that you are using the most recent version of SANsurfer Switch Manager, visit the QLogic support web page and go to Drivers, Sof tware and

Manuals.

a. Select your switch model from the pull-down menu. Locate the

description for SANsurfer Switch Manager for Linux under "Management Software".

b. If the release version number (5.00.xx) is greater than what is currently

installed on your workstation, down load the new version and proceed to step 11. Otherwise, no upgrade is needed and the SMS installation is complete.

11. From the tar.gz file, extract the SANsurferSwitchMgr_Linux_5.00.xx.bin file and make the file executable.

chmod +x sansurferswitchmgr_linux_5.02.xx.bin

12. Execute the install program and follow the installation instructions.

./sansurferswitchmgr_linux_5.02.xx.bin

13. When prompted for an installation directory, click the Choose button and select the same folder as the SANsurfer Management Suite installation in

step 9. The default SMS installation directory is

/opt/QLogic_Corporation/SANsurfer.

14. Enter the following script command from the installation directory:

./chglax

15. Start SANsurfer Switch Manager from SANsurfer Management suite as you did in step 9 and confirm that the new version is running.

2.2.2.3

SMS Installation for Solaris

To install the SANsurfer Switch Manager application on Solaris from the SANsurfer Management Suite CD-ROM, do the following:

1. Insert the SANsurfer Management Suite Disk into the management workstation CD-ROM drive. If the SANsurfer Management Suite start page does not open in your default browser, do the following:

a. Right-click the Workspace Menu. b. Select File, then select File Manager. c. In File Manager, double-click the CD-ROM folder, and then

double-click the Sansurfer folder.

d. In the Sansurfer folder, double -click the S ta rt_Here.htm file to open the

SANsurfer Management Suite start page in your default browser.

2. On the SANsurfer Management Suite start page, click the SANbox Switch Software button.

3. On the SANbox Switch Software page, scroll to the SANbox 5600 Series Series area.

59097-02 B 2-7

2 – Using SANsurfer Switch Manager Installing the Management Application

4. In the Operating System column, click the Solaris SPARC link.

5. Click the SANsurfer Management Software link to open the Save As dialog.

6. Enter a path name to save the sansurfer_solaris_install.bin file and click the Save button.

7. Open a terminal window for the directory in which the sansurfer_solaris_install.bin file was saved, and enter the following:

chmod +x sansurfer_solaris_install.bin

8. Execute the install program and follow the installation instructions:

./sansurfer_solaris_install.bin

10. To ensure that you are using the most recent version of SANsurfer Switch Manager, visit the QLogic support web page and go to Drivers, Sof tware and

Manuals.

a. Select your switch model from the pull-down menu. Locate the

description for SANsurfer Switch Manager for Linux under "Management Software".

b. If the release version number (5.00.xx) is greater than what is currently

installed on your workstation, down load the new version. Otherwise, no upgrade is needed.

11. Open the tar file and save the SANsurferSwitchMgr_QLGCsol_5.00.xx.bin file in a folder and make the file executable.

# chmod +x sansurferswitchmgr_QLGCsol_5.00.xx

12. Install the new SANsurfer Switch Manager package:

# pkgadd -d sansurferswitchmgr_QLGCsol_5.00.xx

13. Change directories to the package location:

# cd /usr/opt/QLGCsol/bin

14. Locate and execute the file sbm_over_sms.sh:

# ./sbm_over_sms.sh

15. When prompted for the SMS installation directory, enter d if SMS was installed in it’s default directory (/opt/QLogic_Corporation/SANsurfer). Otherwise, enter the path name for the SMS installatio n directory. The script will copy the necessary files to the specified installation directory.

16. Restart SANsurfer Switch Manager from SANsurfer Management suite as you did in step 9 and confirm that the new version is running.

2-8 59097-02 B

2.3

Starting SANsurfer Switch Manager

You can start SANsurfer Switch Manager as a standalone application or from SANsurfer Management Suite.

NOTE: After the switch is operational, you can also open the SANsurfer

Switch Manager web applet, by entering the switch IP address in an internet browser. If your workstation does not have the Java 2 Run Time Environment program, you will be prompted to download it.

 To start SANsurfer Switch Manager as a standalone application, do the

following.

1. Start the SANsurfer Switch Manager using one of the following

methods:  For Windows, double-click the SANsurfer Switch Manager

shortcut, or select SANsurfer Switch Manager from S tart menu, depending on how you installed the SANsurfer Switch Manager application. From a command line, you can enter the SANsurfer_Switch_Manager command:

<install_directory>SANsurfer_Switch_Manager.exe

 For Linux, Solaris, or Mac OS X, enter the

SANsurfer_Switch_Manager command:

<install_directory>./SANsurfer_Switch_Manager

2. In the Initial S tart d ialog, click the Open Configuration Wizard button.

When you power up the switch, the Configuration Wizard will recognize the switch and lead you through the configuration process.

2 – Using SANsurfer Switch Manager

Starting SANsurfer Switch Manager

 To start SANsurfer Switch Manager from SANsurfer Management Suite, do

the following.

1. Start the SANsurfer Management Suite application using one of the

following methods:

 For Windows, double-click the SANsurfer shortcut, or select

SANsurfer from St art menu, depe nding on how you inst alled the

SANsurfer application. From a command line, enter the following command:

<install_directory>\SANsurfer.exe

 For Linux or Solaris enter the SANsurfer command:

<install_directory>./SANsurfer

2. From the SANsurfer Management Suite home page, click the

SANsurfer Switch Manager button.

59097-02 B 2-9

2 – Using SANsurfer Switch Manager Starting SANsurfer Switch Manager

3. In the Initial St art dialog, click the Open Configuration Wizard button.

When you power up the switch, the Configuration Wizard will recognize the switch and lead you through the configuration process.

The application opens with the Initial St art dialog shown in Figure 2-1. If you prefer not to see this dialog, check the Don’t show this dialog again box. This has the same effect as disabling the Display Initial Startup Dialog preference. Refer to

”Setting SANsurfer Switch Manager Preferences” on page 2-16 for information

about setting preferences.

Figure 2-1. Initial Startup Dialog

 Click the Open Existing Fabric radio button to open the Add a New Fabric

dialog, which prompts you for a fabric name, IP address, account name, and password. Refer to ”Adding a Fabric” on page 3-23.

 Click the Open Existing Fabric View File radio button to open the Open

View dialog which prompts you to specify a fabric view file that you saved earlier. Refer to ”Opening a Fabric View File” on page 3-24.

2-10 59097-02 B

2 – Using SANsurfer Switch Manager

Starting SANsurfer Switch Manager

 Click the Start Application Without Specifying a Fabric radio button to

open the SANsurfer Switch Manager window shown in Figure 2-2.

 Click the Open Configuration Wizard radio button to open the Config

Wizard to configure a switch, add a new switch, replace/restore a switch, or recover or edit an IP configuration of an existing switch.

Figure 2-2. SANsurfer Switch Manager Window

59097-02 B 2-11

2 – Using SANsurfer Switch Manager Exiting SANsurfer Switch Manager

2.4

Exiting SANsurfer Switch Manager

To exit a SANsurfer Switch Manager application session, open the File menu and select Exit. If you have not yet defined an encryption key, the Save Default Fabric View File dialog, shown in Figure 2-3, prompts you to save the current fabric view as the default fabric view file. Enter an encryption key in the Default Fabric File Encryption Key field. Re-enter the encryption key in the Re-enter Encryption Key to Confirm field. Click the OK button to save the current set of fabrics to the default fabric view file in the working directory.

Figure 2-3. Save Default Fabric View File Dialog

The encryption key is used to encrypt the sensitive data in the default fabric view file. Refer to ”Changing the Encryption Key for the Default Fabric View File” on

page 2-15 for information about changing this encryption key. If an encryption key

has been defined and the View File Auto Save and Load preferences settings are set to Enable, the current fabric view is automatically saved to your default fabric view file upon exit future SANsurfer Switch Manager sessions.

To prevent SANsurfer Switch Manager from prompting you to save the default fabric view file between SANsurfer Switch Manager sessions, set the View File Auto Save and Load preferences setting to Enable (default). Refer to ”Setting

SANsurfer Switch Manager Preferences” on page 2-16 for more information.

2-12 59097-02 B

In your next SANsurfer Switch Manager session, the Load Default Fabric File dialog shown in Figure 2-4 prompts you to load the default fabric view file and to specify its encryption key, if there is one. In the Default Fabric File Encryption Key field, enter the encryption key and click the Load View File button. If you do not want to load the default fabric view file, click the Continue Without Loading button to open the SANsurfer Switch Manager with no fabric displayed.

Figure 2-4. Load Default Fabric File Dialog

2.5

Uninstalling SANsurfer Switch Manager

2 – Using SANsurfer Switch Manager

Uninstalling SANsurfer Switch Manager

The method you use to uninstall SANsurfer Switch Manager depends on how you installed it:

 If you installed SANsurfer Switch Manager as part of SANsurfer

Management Suite, you must uninstall SANsurfer Management Suite. Refer to ”SMS Uninstall” on page 2-14.

 If you installed SANsurfer Switch Manager as a standalone program, you

must uninstall SANsurfer Switch Manager directly. Refer to ”Standalone

Uninstall” on page 2-14.

59097-02 B 2-13

2 – Using SANsurfer Switch Manager Uninstalling SANsurfer Switch Manager

2.5.1

SMS Uninstall

A program to uninstall SANsurfer Management Suite was included as part of the SANsurfer Management Suite installation process. Use this method only if you installed SANsurfer Switch Manager as part of SANsurfer Management Suite. The UninstallData folder in the installation directory contains the uninstall program, SANsurferUninstaller.

The default installation directories are:

 For Windows: C:\Program Files\QLogic_Corporation\SANsurfer  For Linux: /opt/QLogic_Corporation/SANsurfer  For Solaris: /opt/QLogic_Corporation/SANsurfer

To uninstall the SANsurfer Management Suite application, do the following:  For Windows, browse for the uninstall program file or the shortcut/link that

points to the uninstall program file. The uninstall program shortcut is in the same folder as the program shortcut (Start menu, program group, on desktop, or user specified) that is used to start the SANsurfer Management Suite application. Double-click the uninstall program file or shortcut/link, and follow the instructions.

 For Linux, execute the link to SANsurferUninstaller.

<install_directory>/UninstallerData/SANsurferUninstaller

 For Solaris, enter the following command and follow the instructions:

<install_directory>/UninstallData/SANsurferUninstaller

2.5.2

Standalone Uninstall

A program to uninstall SANsurfer Switch Manager was included as part of the SANsurfer Switch Manager installation process. Use this method only if you installed SANsurfer Switch Manager as a standalone program. The UninstallerData folder in the Install directory contains the uninstall program, Uninstall SANsurfer_Switch_Manager. Also, a shortcut/link to the uninstall program was installed in the installation directory during the SANsurfer Switch Manager installation process.

The default installation directories are:  For Windows:

C:\Program Files\QLogic_Corporation\SANsurfer_Switch_Manager

 For Linux: /opt/QLogic_Corporation/SANsurfer_Switch_Manager  For Solaris: /usr/opt/QLogic_Corporation/SANsurfer_Switch_Manager  For Mac OS X:

Users/qlogic/Applications/QLogic_Corporation/SANsurfer_Switch_Manager

2-14 59097-02 B

2 – Using SANsurfer Switch Manager

To uninstall the SANsurfer Switch Manager application, do the following:  For Windows, browse for the uninstall program file or the shortcut/link that

points to the uninstall program file. The uninstall program shortcut is in the same folder as the program shortcut (Start menu, program group, on desktop, or user specified) that is used to start the SANsurfer Switch Manager application. Double-click the uninstall program file or shortcut/link, and follow the instructions to uninstall the SANsurfer Switch Manager application.

 For Linux, Solaris, or Mac OS X, execute the link to

Uninstall_SANsurfer_Switch_Manager. If no links were created during the installation, enter the Uninstall_SANsurfer_Switch_Manager command from the following directory:

UninstallerData/Uninstall_SANsurfer_Switch_Manager

2.6

Changing the Encryption Key for the Default Fabric View File

To change the encryption key for the SANsurfer Switch Manager default fabric view file, do the following:

1. Open the File menu and select Save Default Fabric View File to open the Save Default Fabric View File dialog. Enter an encryption key in the Default Fabric File Encryption Key field.

2. Re-enter the same encryption key in the Re-enter Encryption Key to Confirm field.

3. Click the OK button to save the current set of fabrics to the default fabric view file in the working directory.

2.7

Saving and Opening Fabric View Files

A fabric view file is one or more fabrics saved to a file. In addition to the SANsurfer Switch Manager default fabric view file, you can save and open your own fabric view files. To save a set of fabrics to a file, do the following:

1. Open the File menu and select Save View As to open the Save View dialog.

2. Enter a name for the fabric view file or click the Browse button to select an existing file. Files are saved in the working directory.

3. Enter a password. When you attempt to open this fabric view file, you will be prompted for this password. If you leave the File Password field blank, no password will be required when attempting to open this fabric view file.

59097-02 B 2-15

4. Click the OK button to save the view.

2 – Using SANsurfer Switch Manager Setting SANsurfer Switch Manager Preferences

To open a fabric view file, do the following:

1. Open the File menu and select Open View File to open the Open View dialog.

2. Enter a name for the fabric view file or click the Browse button to select an existing file.

3. If the fabric view file was saved with a password, enter the password and click the OK button.

4. Click the OK button to open the view.

2.8

Setting SANsurfer Switch Manager Preferences

Using the preferences settings, you can:

 Change the location of the working directory in which to save files.  Change the location of the browser used to view the online help. The

Browser Location field is not supported/displayed for Macintosh OS X.

 Choose the fabric discovery interval. The fabric discovery interval is how

often the SANsurfer Switch Manager application receives information from the fabric. Choose 30 (default), 45, or 60 seconds. The smaller the interval, the more often the application talks to the switch and thus the greater impact to performance.

 Enable (default) or disable the view file auto save and load feature. Refer to

”Exiting SANsurfer Switch Manager” on page 2-12 for more information on

the default fabric view file.

 Enable (default) or disable the use of the Initial S tart Dialog at the beginning

of a SANsurfer Switch Manager session. Refer to ”Starting SANsurfer

Switch Manager” on page 2-9 for information about the Initial Start Dialog.

After a default fabric view file is created, this setting has no effect.

 Enable (default) or disable the Event Browser. Refer to ”Displaying the

Event Browser” on page 3-30. If the Event Browser is enabled using the

Preferences dialog as shown in Figure 2-5, the next time SANsurfer Switch Manager is started, all events will be displayed. If the Event Browser is disabled when SANsurfer Switch Manager is started and later enabled, only those events from the time the Event Browser was enabled and forward will be displayed.

 Choose the default port view when opening the faceplate display. You can

set the faceplate to reflect the current port type (default), port speed, port operational state, or port transceiver media. Regardless of the default port view you choose, you can change the port view in the faceplate display by opening the View menu and selecting a different port view option. Refer to the corresponding subsection for more information:

2-16 59097-02 B

2 – Using SANsurfer Switch Manager

Using Online Help

 ”Port Types” on page 5-2  ”Displaying Port Operational States” on page 5-3  ”Displaying Port Speeds” on page 5-3  ”Displaying Transceiver Media Status” on page 5-4

Figure 2-5. Preferences Dialog – SANsurfer Switch Manager

To set preferences for your SANsurfer Switch Manager sessions, do the following:

1. Open the File menu, and select Preferences to open the Preferences dialog.

2. Enter, or browse, for paths to the working directory and browser.

3. In the Application-wide Options area, choose the preferences you want.

4. Click the OK button to save the changes.

2.9

Using Online Help

Online help is available for the SANsurfer Switch Manager application and its functions. The two ways to open the online help file are: open the Help menu and select Help Topics, or click the Help button in the tool bar. You can also display context-sensitive help for all SANsurfer Switch Manager dialogs by choosing the Help button in the dialog.

2.10

Viewing Software Version and Copyright Information

To view SANsurfer Switch Manager software version and copyright information,

open the Help menu and select About....

59097-02 B 2-17

2 – Using SANsurfer Switch Manager SANsurfer Switch Manager User Interface

2.11

SANsurfer Switch Manager User Interface

The SANsurfer Switch Manager application uses two basic displays to manage the fabric and individual switches: the topology display and the faceplate display. The topology display shows all switches that are able to communicate and all connections between switches. The faceplate display shows the front of a single switch and its ports. Both displays share some common elements as shown in

Figure 2-6.

Topology

Display

Fabric

Tree

Faceplate

Display

Bar

Data Window Tabs

Tool Bar

Graphic Window

Data

Window

Working Status Indicator

Figure 2-6. SANsurfer Switch Manager Display Elements

2-18 59097-02 B

2.11.1

Menu Bars

The menus and the options offered in them vary depending on the display. For example, the Port menu and many of the Switch menu selections are available only in the faceplate display.

2.11.1.1

Topology Display Menu

The menu options available in the topology display are shown in Figure 2-7.

2 – Using SANsurfer Switch Manager

SANsurfer Switch Manager User Interface

Figure 2-7. Topology Display Menu

59097-02 B 2-19

2 – Using SANsurfer Switch Manager SANsurfer Switch Manager User Interface

2.11.1.2

Faceplate Display Menu

The menu options available in the faceplate display are shown in Figure 2-8.

Figure 2-8. Faceplate Display Menu

The keyboard shortcut keys vary by display type: topology display and faceplate display . In addition to the menu bar, both the topology and faceplate displays have context sensitive menus that pop up when you right-click in the graphic window. Refer to ”Opening the Faceplate and Topology Display Popup Menus” on

page 2-26 for more information about these popup menus.

2.11.1.3

Shortcut Keys

Shortcut key combinations, available in both the topology and faceplate displays, provide an alternative method of accessing menu options. The shortcut key combinations are not case-sensitive. For example, to exit the application, press Alt+F, then press X.

2-20 59097-02 B

2.11.2

Tool Bar

2 – Using SANsurfer Switch Manager

SANsurfer Switch Manager User Interface

The tool bar consists of a row of graphical buttons that you can use to access SANsurfer Switch Manager functions as shown in Table 2-2. The tool bar buttons are an alternative method to using the menu bar. The tool bar can be relocated in the display by clicking and dragging the handle at the left edge of the tool bar.

Table 2-2. Tool Bar Buttons

Tool Bar Button Description

Add Fabric button - adds a new fabric to the fabric view.

Open View File button - opens an existing fabric view file.

Save View As button - saves the current fabric view to a file.

Refresh button - updates the topology or faceplate display with current information.

Event Browser button - opens the events browser.

Edit Zoning button - opens the Edit Zoning dialog ( available only in faceplate display).

Edit Security button - opens the Edit Security dialog (faceplate display only)

Help Topics button - opens the online help file.

The QLogic logo opens a link to the QLogic web site.

59097-02 B 2-21

2 – Using SANsurfer Switch Manager SANsurfer Switch Manager User Interface

2.11.3

Fabric Tree

The fabric tree lists the managed fabrics and their switches as shown in

Figure 2-9. The window width can be adjusted by clicking and dragging the

moveable window border . An entry handle loca ted to the lef t of an entry in the tree indicates that the entry can be expanded or collapsed. Click this handle or double-click the entry to expand or collapse a fabric tree entry. A fabric entry expands to show its member switches.

Fabric

Entry

Entry Handle

Switch

Entries

Moveable

Window Border

Figure 2-9. Fabric Tree

Each fabric tree entry has a small icon next to it that uses color to indicate operational status.

 A green icon indicates normal operation.  A yellow icon indicates that a switch is operational, but may require attention

to maintain maximum performance.

 A red icon indicates a potential failure or non-operational state as when the

switch is offline.

 A blue icon indicates that a switch is unknown, unreachable, or

unmanageable.

If the status of the fabric is not normal, the fabric icon in th e fabric tree will indicate the reason for the abnormal status. The same message is provided when you rest the mouse over the fabric icon in the fabric tree.

The fabric tree provides access to the topology and faceplate displays for any fabric or switch.

 To open the topology display from the fabric tree, click a fabric entry.  To open the faceplate display from the fabric tree, click a switch entry.

2-22 59097-02 B

2.11.4

Graphic Window

The graphic window, shown in Figure 2-6, presents graphic information about fabrics and switches such as the fabric topology and the switch faceplate. The window height can be adjusted by clicking and dragging the window border that it shares with the data window.

2.11.5

Data Window and Tabs

The data window presents a table of data and statistics associated with the selected tab. Use the scroll bar to browse through the data. The window length can be adjusted by clicking and dragging the border that it shares with the graphic window.

Adjust the column width by moving the pointer over the column heading border shared by two columns until a right/left arrow graphic is displayed. Click and drag the arrow to the desired width.

2 – Using SANsurfer Switch Manager

SANsurfer Switch Manager User Interface

The data window tabs present options for the type of information to display in the data window. These options vary depending on the display.

2.11.6

Working Status Indicator

The working status indicator, located in the lower right corner of the SANsurfer Switch Manager window , shows when the management workst ation is exchanging information with the fabric. As conditions change, the fabric forwards this information to the management workstation where it is reflected in the various displays.

59097-02 B 2-23

2 – Using SANsurfer Switch Manager Using the Topology Display

2.12

Using the Topology Display

The topology display shown in Figure 2-10 receives information from the selected fabric and displays its topology. Switches and inter-switch links (ISLs) appear in the graphic window and use color to indicate status. Consider the following topology display features:

 Switch and Link Status  Working with Switches and Links  Topology Data Windows

Figure 2-10. Topology Display

2.12.1

Switch and Link Status

Switch icon shape and color provide information about the switch and its operational state. Lines represent links between switches. The topology display uses green to indicate normal operation, yellow to indicate operational with errors, red to indicate a potential failure or non-operational state, and blue to indicate unknown, unreachable, or unmanageable. Refer to ”Fabric Status” on page 3-29 for more information about topology display icons.

2-24 59097-02 B

2.12.2

Working with Switches and Links

Switch and link icons are selectable and moveable, and serve as access points for other displays and menus. You select switches and links to display information about them, modify their configuration, or delete them from the display. Context-sensitive popup menus are displayed when you right-click on a switch or link icon, or in the background of the topology display graphic window.

2.12.2.1

Selecting Switches and Links

Selected switch icons are highlighted in light blue. Selected ISLs a re displayed as a heavier line. You can select switches and links in the following ways:

 To select a switch or a link, click the icon or link.  To select multiple switches or links, hold down the Control key and select.  To select all switches or links, right-click anywhere in the graphic window

background. Select Select All Switches or Select All Links from the popup menu.

2 – Using SANsurfer Switch Manager

Using the Topology Display

To cancel a selection, press and hold the Control key, and select the item again. To cancel all selections, click in the graphic window background.

2.12.2.2

Arranging Switches in the Display

You can arrange individual switch icons in the topology display or allow SANsurfer Switch Manager to arrange all switch icons for you:

 To move an individual switch icon, click and drag the icon to another location

in the graphic window. Links stretch or contract to remain connected.

 To arrange all switch icons in the topology display automatically, open the

View menu and select Layout Topology.

By default, the Toggle Auto Layout box in the View menu is checked which causes SANsurfer Switch Manager to arrange the icons when you select Layout Topology.

You can save a custom arrangement, or layout, and restore that layout during a SANsurfer Switch Manager session. Begin by arranging the icons, then open the View menu and select Remember Layout. To restore the saved layout, open the View menu, uncheck the Toggle Auto Layout box, and select Layout Topology.

59097-02 B 2-25

2 – Using SANsurfer Switch Manager Using the Topology Display

2.12.2.3

Opening the Faceplate and Topology Display Popup Menus

The topology display shows all switches that are able to communicate and all connections between switches. The faceplate display shows the front of a single switch and its ports. Menu options vary with each type of popup menu.

 To open the fabric popup menu in the topology display , right-click the graphic

window background.

 To open the switch popup menu in the topology display , right-click the switch

icon in the graphic window.

 To open the link popup menu in the topology display, right-click the link.  To open the switch popup menu in the faceplate display, right-click the

faceplate in the graphic window.

2.12.3

Topology Data Windows

The topology display provides the following data windows corresponding to the data window tabs:

 Devices – displays information about devices (hosts and storage targets)

connected to the switch. Refer to ”Devices Data Window” on page 3-34 for more information.

 Active Zoneset – displays the active zone set for the fabric including zones

and their member ports. Refer to ”Active Zone Set Data Window” on

page 3-35 for more information about this data window. Refer to ”Zoning a Fabric” on page 3-39 for information about zone sets and zones.

 Switch – displays current network and switch configuration data for the

selected switches. Refer to ”Switch Data Window” on page 4-8 for more information.

 Link – displays information about the inter-switch links. Refer to ”Link Data

Window” on page 3-36 to for more information.

2-26 59097-02 B

2.13

Using the Faceplate Display

The faceplate display shown in Figure 2-11 displays the switch name and operational state, and port status. Consider the following functional elements of the faceplate display:

 Port Views and Status  Working with Ports  Faceplate Data Windows

2 – Using SANsurfer Switch Manager

Using the Faceplate Display

Figure 2-11. Faceplate Display

59097-02 B 2-27

2 – Using SANsurfer Switch Manager Using the Faceplate Display

2.13.1

Port Views and Status

Port color and text provide information about the port and its operational state. Green indicates active; gray indicates inactive. The faceplate display provides the following views of port status corresponding to the View menu options in the faceplate display. Refer to ”Monitoring Port Status” on page 5-2 for more information about these displays.

 Port type  Port state  Port speed  Port media

Context-sensitive popup menus are displayed when you right-click the faceplate image or a port icon in the faceplate display.

2.13.2

Working with Ports

Ports are selectable and serve as access points for other displays and menus. You select ports to display information about them in the data window or to modify them. Context-sensitive popup menus are displayed when you right-click the faceplate image or on a port icon in the faceplate display.

2.13.2.1

Selecting Ports

You can select ports in the following ways. Selected ports are outlined in white.

 To select a port, click the port in the faceplate display.  To select a range of consecutive ports, select a port, then press and hold the

 To select several non-consecutive ports, hold the Control key while

 To select all ports, right-click on the faceplate image. Select Select All Ports

To cancel a selection, press and hold the Control key and select it again.

shift key and select another port. The application selects both end ports and all ports in between in port number sequence.

selecting.

from the popup menu.

2-28 59097-02 B

2.13.2.2

Opening the Faceplate Popup Menu

To open the popup menu, right-click on the faceplate image to present the following tasks.

 Refresh the switch  Select all ports  Manage switch properties  Manage network properties  Manage SNMP properties  Extended credits wizard  Manage port properties  Change the port symbolic name  Run the port loopback tests  Services

2 – Using SANsurfer Switch Manager

Using the Faceplate Display

 Security Consistency Checklist If no ports are selected, the port-related tasks will be unavailable in the menu.

Right-click a port to open the Port popup menu. Hold down the Sh ift or Control key to select more than one port. If multiple ports are selected, right-click one of the selected ports.

2.13.3

Faceplate Data Windows

The faceplate display provides the following data windows corresponding to the data window tabs:

 Devices – displays information about devices (hosts and storage targets)

connected to the switch.

 Switch – displays current switch configuration data.  Port Statistics – displays performance data for the selected ports.  Port Information – displays information for the selected ports.  Configured Zonesets – displays all zone sets, zones, and zone membership

in the zoning database.

 Configured Security – displays all security definitions currently saved in the

database.

 Active Security – displays the active security set.

59097-02 B 2-29

2 – Using SANsurfer Switch Manager Using the Faceplate Display

Notes

2-30 59097-02 B

This section describes the following tasks that manage fabrics:

 RADIUS Servers  Securing a Fabric  Tracking Fabric Firmware and Software Versions  Managing the Fabric Database  Displaying Fabric Information  Working with Device Information and Nicknames  Zoning a Fabric

3.1

RADIUS Servers

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of authentication passwords in larger networks. It has a client/server model, where the server is the password repository and third party authentication point and the clients are all of the managed devices. RADIUS can be configured for devices and/or user accounts. The RADIUS server dialogs are available only on a secure (SSL) fabric and on the entry switch (out of band switch). Refer to ”Connection Security” on page 3-7 and ”System Services Dialog”

on page 4-27 for more information.

Section 3

Managing Fabrics

RADIUS is designed to authenticate users and devices using a challenge/response protocol. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject. The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client. The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch

59097-02 B 3-1

management applications.

3 – Managing Fabrics RADIUS Servers

3.1.1

Adding a RADIUS Server

When you add a RADIUS server, you provide a method to centralize the management of authentication passwords over a network.

Figure 3-1. Add Server

To add a RADIUS server, do the following:

1. Open the faceplate display, open the Switch menu, and select Radius

Servers....

2. In the Radius Server Information dialog, shown in Figure 3-1, click the Add Server tab.

3. Select the server type (Device, User, Account).

4. In the IP Address field, enter the remote IP address of the server.

5. In the UDP Port field, enter the remote UDP port number of the Authentication RADIUS Server. The RADIUS Accounting Server UDP port will always be the value of Device/User Authentication Server UDP Port + 1.

6. In the Timeout field, enter the timeout value in seconds (minimum of 1 second, maximum of 30 seconds). This is the number of seconds the RADIUS client will wait for a response from the RADIUS server before retrying, or giving up on a request.

3-2 59097-02 B

3 – Managing Fabrics

RADIUS Servers

7. In the Retries field, enter the the number of retries. This is the maximum number of times the RADIUS client will retry a request sent to the primary RADIUS server.

8. Select the Sign Packet check box to enable the switch to include a digital signature (Message-Authenticator) in all RADIUS access request packets sent to the RADIUS server. A valid Message-Authenticator attribute will be required in all RADIUS server responses.

9. In the Secret field, enter the server secret. A secret is required for all RADIUS servers. The secret is used when generating and checking the Message-Authenticator attribute.

10. C lick the Add Server button to add the server, and click the Close button to exit the dialog.

11. Click the Modify Authentication Order tab, and verify that Device Authentication Order and User Authentication Order options are set to eithe r Radius or Radius Local for RADIUS Authentication to be implemented.

59097-02 B 3-3

3 – Managing Fabrics RADIUS Servers

3.1.2

Removing a RADIUS Server

When you remove a RADIUS server, you disable the management of authentication usernames and passwords over the network for that server.

Figure 3-2. Remove Server

To remove a RADIUS server, do the following:

1. Open the faceplate display, open the Switch menu, and select Radius

Servers....

2. In the Radius Server Information dialog, shown in Figure 3-2, click the Remove Server tab.

3. In server list at the top of the dialog, select the server to be removed.

4. Click the Remove Server button to remove the server, and click the Close

3-4 59097-02 B

button to exit the dialog.

3.1.3

Editing RADIUS Server Information

Editing information of a RADIUS server involves changing the configuration of a RADIUS server.

3 – Managing Fabrics

RADIUS Servers

Figure 3-3. Edit Server Information

To edit information of a RADIUS server, do the following:

1. Open the faceplate display, open the Switch menu, and select Radius

Servers....

2. In the Radius Server Information dialog, shown in Figure 3-3, click the Edit Server tab.

3. In server list at the top of the dialog, select the server to be edited.

4. Make changes to the IP Address, UDP Port, Timeout, Retries, and Secret fields.

5. Select or unselect the server type (Device, User, Account) and Sign Packet check boxes.

6. Click the Edit Server button to save the changes, and click the Close button to exit the dialog.

59097-02 B 3-5

3 – Managing Fabrics RADIUS Servers

3.1.4

Modifying Authentication Order RADIUS Server Information

Editing information of a RADIUS server involves changing the configuration of a RADIUS server.

Figure 3-4. Modify Authentication Order - RADIUS Server Information

To modify the authentication order information of a RADIUS server, do the following:

1. Open the faceplate display, open the Switch menu, and select Radius

Servers....

2. In the Radius Server Information dialog, shown in Figure 3-4, click the Modify Authentication Order tab.

3. In server list at the top of the dialog, select the server to be modified.

4. Make changes to the Device Authentication Order or User Authentication Order pull-down menus. Select Local, Radius, or Radius Local.

5. Click the Modify Order button to save the changes, and click the Close

3-6 59097-02 B

button to exit the dialog.

3.2

Securing a Fabric

Fabric security consists of the following:

 Connection Security  User Account Security  Security Consistency Checklist  Device Security  Fabric Services

3.2.1

Connection Security

Connection security provides an encrypted data path for switch management methods. The switch supports the Secure Shell (SSH) protocol for the command line interface and the Secure Socket Layer (SSL) protocol for management applications such as SANsurfer Switch Manager and Common Information Module (CIM).

3 – Managing Fabrics

Securing a Fabric

The SSL handshake process between the workstation and the switch involves the exchanging of certificates. These certificates contain the public and private keys that define the encryption. The switch certificate is valid for one year beginning with its creation date and time. The workstation validates the switch certificate by comparing the workstation date and time to the switch certificate creation date and time. For this reason, it is important to snychronize the workstation and switch with the same date, time, and time zone. If a certificate has not been created by the user, the switch will automatically create one.

Consider your requirements for connection security: for the command line interface (SSH), management applications such as SANsurfer Switch Manager (SSL), or both. If SSL connection security is required, also consider using the Network Time Protocol (NTP) to synchronize workstations and switches.

59097-02 B 3-7

3 – Managing Fabrics Securing a Fabric

3.2.2

User Account Security

User account security is the process by which your user account and password are authenticated with the list of valid user accounts and passwords. The switch validates your account and password when you attempt to add a fabric using SANsurfer Switch Manager or log in to a switch through Telnet. Your system administrator defines accounts, p asswords, and authority levels that ar e stored on the switch. Refer to ”Managing User Accounts” on page 4-2 for more information.

The Admin account possesses Admin authority which grants full access to all tasks of the SANsurfer Switch Manager menu system. The switch validates your user account and SANsurfer Switch Manager grants access to its menus according to your authority level. If you do not have Admin authority, you are limited to monitoring tasks.

NOTE: If a user is logged into a switch using SANsurfer Switch Manager or

CLI, and an administrator changes user access rights and passwords, existing logins will not be affected by the new settings. Login access and privileges are only checked for a new login request.

3.2.3

Security Consistency Checklist

The Security Consistency Checklist dialog enables you to compare security-related features on switches to check for inconsistencies. Any changes must be made through the appropriate dialog, such as Network Properties dialog, Switch Properties dialog, or SNMP Properties dialog. To open the Security Consistency Checklist dialog, open the Switch menu and select Security Consistency Checklist.

3-8 59097-02 B

3.2.4

Device Security

Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands. Device security is configured through the use of security sets and groups. A group is a list of device worldwide names that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (port), and a third for devices issuing management server commands (MS). A security set is a set of up to three groups with no more than one of each group type. The security configuration is made up of all security sets on the switch.

In addition to authorization, the switch can be configured to require auth entication to validate the identity of the connecting switch, device, or host. Authentication can be performed locally using the switch security database, or remotely using a Remote Dial-In User Service (RADIUS) server. With a RADIUS server, the security database for the entire fabric resides on the server. In this way, the security database can be managed centrally, rather than on each switch. You can configure up to five RADIUS servers to provide failover.

3 – Managing Fabrics

Securing a Fabric

You can configure the RADIUS server to authenticate just the switch or both the switch and the initiator device if the device supports authentication. When using a RADIUS server, every switch in the fabric must have a network connection. A RADIUS server can also be configured to authenticate user accounts.

Consider the devices, switches, and management agents and evaluate the need for authorization and authentication. Also consider whether the security database is to distributed on the switches or centralized on a RADIUS server and h ow many servers to configure.

Managing device security involves the following tasks:

 Creating security sets, groups, and members  Editing a security configuration on a switch  Viewing properties of a security set, group, or member  Archiving a security configuration on a switch to a file  Activating and deactivating a security set

The security database is made up of all security sets on the switch. The security database has the following limits:

 Maximum number of security sets is 4.  Maximum number of groups is 1000.  Maximum number of members in a group is 1000.  Maximum total number of group members is 1000.

59097-02 B 3-9

3 – Managing Fabrics Securing a Fabric

3.2.4.1

Edit Security Dialog

The Edit Security dialog, shown in Figure 3-5 opens after clicking the Security button on the toolbar or selecting Edit Security from the Security menu. The Security dialogs are available only on a secure (SSL) fabric and on the entry switch (out of band switch). The primary use of the Edit Security dialog is to edit the security configuration on the switch. You can also open and edit a security configuration saved to a file. Editing security files consists of renaming and removing security sets, groups, and members.

Use the Edit menu options or popup menu options to access Edit Security dialog options. Select a security item in the graphic window and select an option in the Edit menu, or right-click on a security item in the graphic window, and select an option from the popup menus.

The orphan security set contains the security groups and members that don't belong to a user-defined security set. Excluding the orphan security set, you can only have 1 group type in a security set. The three types of security groups are:

 ISL - default (E_Port authentication)

 MS (Management Server CT authentication)  Port (F_Port authentication)

Figure 3-5. Edit Security Dialog

3-10 59097-02 B

Use the File menu to:

 Edit the security configuration on the switch.  Open or edit security files.  Save or rename security files

Use the Edit menu to:

 Create security sets, security groups, and security group members  Rename or remove a security group from a security set or a member from a

security group

 Remove a group from all security sets  Remove all security sets, groups, or members  View properties for the selected security set, group, or group

memberCreating a Security SetCreating a Security Set

3.2.4.2

Creating a Security Set

3 – Managing Fabrics

Securing a Fabric

There is a maximum of 4 security sets. To add a security set, do the following:

1. On the faceplate display, click the Security button on the toolbar, or open the Security menu and select Edit Security to open the Edit Security dialog.

2. Choose one of the following methods to open the Create a Security Set dialog:

 Click the Security Set button in the toolbar.  Right-click in the graphic window, and select New Security Set from

the popup menu.

3. Enter a security set name. The naming conventions for security sets are:

 Must start with a letter  All alphanumeric chars [aA- zZ] [0-9]  The symbols $ _ - and ^ are the only symbols allowed

4. Click the OK button to save the change.

59097-02 B 3-11

3 – Managing Fabrics Securing a Fabric

3.2.4.3

Create Security Group Dialog

Use the Create Security Group dialog, shown in Figure 3-6, to add a security group to a security set. The Create Security Group dialog is displayed after clicking the Security Group button on the toolbar, or after you right-click on a security set in the graphic window and select Create a Security Group from the popup menu.

Figure 3-6. Create Security Group Dialog

The naming conventions for all security groups are listed below.

 Must start with a letter  All alphanumeric chars [aA- zZ] [0-9]  The symbols $ _ - and ^ are the only symbols allowed

3.2.4.4

Creating a Security Group

An empty (no members) security group in the active security set will prevent all connections for that security group type. For example, an empty ISL security group will cause the switch to refuse all logins from other switches. To add a security group to a security set, do the following:

1. On the faceplate display, click the Security button on the toolbar, or open the Security menu and select Edit Security to open the Edit Security dialog.

2. Choose one of the following methods to open the Create a Security Group dialog:

 In the graphic window, click a security set and click the Security

Group button in the toolbar.

 Right-click on a security set and select Create a Security Group from

the popup menu.

3-12 59097-02 B

3. Enter a security group name and select a security group type (ISL, Port, or MS). Remember, only one security group type (1 ISL, 1 Port, 1 MS) in each security set is allowed. The naming conventions for security groups are:

 Must start with a letter  All alphanumeric chars [aA- zZ] [0-9]  The symbols $ _ - and ^ are the only symbols allowed

4. Click the OK button to save the change.

3.2.4.5

Create Security Group Member Dialog

Use the Create Security Group Member dialog, shown in Figure 3-7, to add a member to a security group. Choose options from the Group Member (or manually type in a hex value) and Authentication pull-down menus, and enter values in the Secret and Binding (ISL groups only) fields.

3 – Managing Fabrics

Securing a Fabric

Figure 3-7. Create a Security Group Member Dialog

The conventions for ISL security group members are listed below:  You can enter member world-wide name (WWN), which must be 16 hex

characters, or 23 characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.

 The authentication choices are None and Chap.  The Secret field is disabled if authentication is set to None. If authentication

is Chap, the Secret field is enabled.

 The Generate button is only enabled when authentication is set to Chap.

59097-02 B 3-13

 Valid binding entries are between 0 to 239.

3 – Managing Fabrics Securing a Fabric

The conventions for Port security group members are listed below:

 You can enter member world-wide name (WWN), which must be 16 hex

 The authentication choices are None and Chap.  The Secret field is disabled if authentication is set to None. If authentication

 The Generate button is only enabled when authentication is set to Chap.

The conventions for MS security group members are listed below:

 You can enter member world-wide name (WWN), which must be 16 hex

 The CT (common transport) authentication choices are None, MD5, and

 The Secret field is disabled if authentication is set to None, otherwise the

 The Generate button is only enabled when authentication is Chap.  Secret is 16 byte length for MD5 authentication, and 20 bytes if

characters, or 23 characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.

is Chap, the Secret field is enabled.

characters, or 23 characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.

SHA-1.

Secret field enabled.

authentication is SHA-1.

3-14 59097-02 B

3.2.4.6

Creating a Security Group Member

To add a member to a security group, do the following:

1. On the faceplate display, click the Security button on the toolbar, or open the Security menu and select Edit Security to open the Edit Security dialog.

2. Choose one of the following methods to open the Create a Security Group Member dialog:

 In the graphic window, click a security group and click the Security

Member button in the toolbar.

 Right-click on a security group and select Create Members from the

popup menu.

3. Open the Group Member pull-down menu and select a Node World-Wide Name. The switch must be a member of any group in which authentication is used. You can also type in a hex value.

4. Open the Authentication pull-down menu, and select a type of protocol to be used for the authentication process for that member.

 ISL authentication options are None (0 bytes), Chap (16 bytes)

3 – Managing Fabrics

Securing a Fabric

 MS (CT - Common Transport) authentication options are None (0

bytes), MD5 (16 bytes), SHA (20 bytes)

 Port authentication options are None (0 bytes), Chap (16 bytes)

5. In the Secret area, enter an authentication "password" to be assigned that member. Or, you can click the Generate Secret button to randomly generate a secret.

6. In the Binding field (ISL groups only), enter the domain ID (1-239) for the switch for the ISL group member. The WWN of the switch must be at the entered domain ID when attempting to enter the fabric, otherwise it will become isolated.

7. Click the OK button to save the changes.

59097-02 B 3-15

3 – Managing Fabrics Securing a Fabric

3.2.4.7

Editing the Security Configuration on a Switch

To edit a security configuration on the switch, do the following:

1. On the faceplate display, click the Security button on the toolbar, or open the Security menu and select Edit Security to open the Edit Security dialog. By default, the security configuration on the switch is displayed in the Edit Security dialog. To edit a security configuration saved to a file, open the File menu and select Open File, or press Ctrl+o (letter o) to open the Open dialog. Browse for and select the security file, and click the Open button to display the security file in the Edit Security dialog.

2. Select the security item to edit in the graphic window , a nd choose one of the following:

 Rename a Security Set, or Group. Open the Edit menu and select a

Rename option. In the Rename dialog, enter a new name and click the OK button to save the changes.

 Edit Security Group Member. Open the Edit menu and select a Edit

Security Group Member option. In the Edit Security Group Member dialog, enter a new Group Member (WWN), choose an option in the Authentication pull-down menu, and click the OK button to save the changes.

 Remove a Security Set, Group, or Member. Select the item to

remove, open the Edit menu and select a Remove option. In the Remove dialog, click the OK button to remove that item from the security file and save the changes.

 Clear Security . Select the Security Sets directory name, open the Edit

menu and select Clear Security. In the Remove dialog, click the OK button to remove all security sets and save the changes. You can also right-click on the Security Sets (top level) directory name, and select Clear Security from the popup menu, and click the OK button to remove all security sets.

3. Click the Apply button to save the changes and keep the Edit Security dialog open. To save changes and close the Edit Security dialog in one step, click the OK button.

4. Click the OK button to close the Edit Security dialog.

3-16 59097-02 B

3.2.4.8

Viewing Properties of a Security Set, Group, or Member

To view the properties of a security set, group, or member, do the following:

1. On the faceplate display and click the Security button on the toolbar, or open the Security menu and select Edit Security to open the Edit Security dialog.

2. Choose one of the following:  Select a security set, group, or member, open the Edit menu and select

Properties.

 In the graphic window, right-click on the security item, and select

Properties from the popup menu.

3. View the security information for the selected item in the Properties dialog.

3.2.4.9

Using the Security Config Dialog

Use the Security Config dialog, shown in Figure 3-8, to save the active security configuration on the switch to non-volatile or to temporary memory, and to require the domain ID of a switch be validated before attaching to the fabric.

3 – Managing Fabrics

Securing a Fabric

Figure 3-8. Security Config Dialog

To configure security on the switch, do the following:

1. On the faceplate display, open the Security menu and select Edit Security Config to open the Security Config dialog.

2. Check the Auto Save check box to enable (default) or disable Auto Save mode. If enabled, the security configuration is saved to non-volatile memory on the switch. If disabled, the security file is saved only to temporary memory. The Auto Save feature is used when Fabric Binding is enabled. When Auto Save is disabled, any updates from remote switches will not be

59097-02 B 3-17

saved locally. If the local switch is reset, it may isolate.

3 – Managing Fabrics Securing a Fabric

3. Check the Fabric Binding Enabled check box to require the expected domain ID of a switch is verified before being allowed to attach to the fabric.

NOTE: The fabric binding feature must be enabled on all switches in the

fabric. When enabling this feature, it is best to set the switch state to offline, enable the fabric binding feature on all switches, and then set the switch state to online.

4. Click the Apply button to save the settings.

5. Click the OK button to close the Security Config dialog.

3.2.4.10

Archiving a Security Configuration to a File

To archive (save) a security configuration to a file, do the following:

1. On the faceplate display, click the Security button on the toolbar, or open the Security menu and select Edit Security to open the Edit Security dialog.

2. Configure the security settings as desired.

3. Open the File menu and select Save As.

4. In the Save dialog, enter a name and location for the security file (.xml extension).

5. Click the Save button to save the security file.

3.2.4.11

Activating a Security Set

Only one security set can be active at one time. To activate a security set, do the following:

1. On the faceplate display, open the Security menu and select Activate Security Set to open the Activate Security Set dialog.

2. In the Activate Security Set dialog, select a security set from the pull-down menu.

3. Click the Activate button to activate the security set.

3.2.4.12

Deactivating a Security Set

Only one security set can be active at one time. To deactivate an active security set, do the following:

1. In the faceplate display, open the Security menu and select Deactivate Security Set.

2. In the Deactivate dialog, click the Yes button to confirm that you want to deactivate the active security set.

3-18 59097-02 B

3.2.4.13

Configured Security Data Window

The Configured Security data window displays a graphical representation of all security sets, groups, and members in the database. To open the Configured Security data window, click the Configured Security tab below the data window in the faceplate display.

3.2.4.14

Active Security Data Window

The Active Security data window displays a graphical representatio n of the active security set, its groups, and members in the database . To open the Active Security data window , click the Active Security tab below the data window in the faceplate display.

3.2.5

Fabric Services

Fabric services security includes SNMP and In-band management. Simple Network Management Protocol (SNMP) is the protocol governing network management and monitoring of network devices. SNMP security consists of a read community string and a write community string, that are basically the passwords that control read and write access to the switch. The read community string ("public") and write community string ("private") are set at the factory to these well-known defaults and should be changed if SNMP is enabled using the System Servieces or SNMP Properties dialogs. If SNMP is enabled (default) and the read and write community strings have not been changed from their defaults, you risk unwanted access to the switch. Refer to ”Enabling SNMP Configuration”

on page 3-20 for more information. SNMP is enabled by default.

3 – Managing Fabrics

Securing a Fabric

In-band management is the ability to manage switches across inter-switch links using SANsurfer Switch Manager, SNMP, management server, or the application programming interface. The switch comes from the factory with in-band management enabled. If you disable in-band management on a particular switch, you can no longer communicate with that switch by means other than a direct Ethernet or serial connection. Refer to ”Enabling In-band Management” on

59097-02 B 3-19

page 3-20 for more information.

3 – Managing Fabrics Tracking Fabric Firmware and Software Versions

3.2.5.1

Enabling SNMP Configuration

To enable SNMP configuration, do the following:

1. On the faceplate display, open the Switch menu and select SNMP Properties to open the SNMP Properties dialog.

2. In the SNMP Configuration area, place a check mark in the SNMP Enabled check box.

3. Click the OK button to save the change to the database.

3.2.5.2

Enabling In-band Management

To enable In-band Management, do the following:

1. On the faceplate display, open the Switch menu and select Switch Properties to open the Switch Properties dialog.

2. Click the In-band Management Enable button.

3. Click the OK button to save the change to the database.

3.3

Tracking Fabric Firmware and Software Versions

The Fabric Tracker option enables you to generate a snapshot or baseline of current system version information, which can be viewed, analyzed and compared to other snapshot files, and exported to a file. Information includes date and time, SANsurfer Switch Manager version, switch active firmware version, device hardware, drivers, and firmware version from FDMI.

The Snapshot Analyzer option enables you to:

 Compare two snapshots  Detect mismatches of firmware and driver versions  Detect devices that have been moved, added to or removed from the fabric.

3-20 59097-02 B

3.3.1

Tracking Fabric Firmware and Software Versions

Saving a Version Snapshot

To save the current snapshot to an XML file, open the Fabric menu, select Fabric Tracker, and select Save Snapshot. To view and analyze system version information, open the Fabric menu, select Fabric Tracker, and select Analyze Snapshots. The Fabric Version Snapshot Analysis dialog, shown in Figure 3-9,

opens with the Summary, Differences and Reports tab pages. Click the Browse buttons to open and view the snapshot files in the corresponding tab p ages. Click the Close button to exit the Fabric Version Snapshot Analysis dialog. The color key below the scrollable area defines the meanings of the colors used.

The Summary tab page shows a brief description of the changes that have occurred between the older snapshot and the newer one. Use the Summary tab page quickly view what has changed.

3.3.2

Viewing and Comparing Version Snapshots

The Differences tab page shows a side-by-side comp arison of two snapshot s. The timestamp of each snapshot is displayed above the scroll area showing that snapshot. The background color of the older snapshot is darker than the background of the newer snapshot. The arrow icon between the snapshot selectors always points from the older snapshot to the newer one. If the two snapshots have the same timestamp, the arrow will not be displayed. The scroll bars are synchronized to view the same portion of each snapshot file simultaneously. Click and drag the separator bar between the two panes to resize each pane. At the top of the separator bar between the two panes, click the left/right arrows to close the corresponding pane. The left/right arrows move to one side.

3 – Managing Fabrics

59097-02 B 3-21

3 – Managing Fabrics Tracking Fabric Firmware and Software Versions

3.3.3

Exporting Version Snapshots to a File

The Reports tab page enables you to select one of several reports to save to a text file. The are two types of reports. The Summary report type shows the same format displayed on the Summary tab page without the color highlighting. The Detail report type shows a detailed breakdown of the differences. Use the Export button to save the selected report to a text file.

Figure 3-9. Fabric Version Snapshot Analysis Dialog

3-22 59097-02 B

3.4

Managing the Fabric Database

A fabric database contains the set of fabrics that you have added during a SANsurfer Switch Manager session. Initially, if you do not open an existing fabric or fabric view file, the SANsurfer Switch Manager application opens with an empty fabric database.

3.4.1

Adding a Fabric

To add a fabric to the database, do the following:

1. Open the Fabric menu and select Add Fabric to open the Add a New Fabric dialog as shown in Figure 3-10.

3 – Managing Fabrics

Managing the Fabric Database

Figure 3-10. Add a New Fabric Dialog

2. Enter a fabric name (optional) and the IP address of the switch through which to manage the fabric.

3. Enter an account name and password. The factory account name and password are "admin" and "password". The password is for the switch and is stored in the switch firmware. Refer to ”Managing User Accounts” on

page 4-2 for information about creating user accounts.

4. Click the Add Fabric button.

59097-02 B 3-23

3 – Managing Fabrics Managing the Fabric Database

NOTE: A switch supports a combined maximum of 19 logins or sessions

reserved as follows:

 4 logins or sessions for internal applications such as management

 9 high priority Telnet sessions  6 logins or sessions for SANsurfer Switch Manager inband and

NOTE: If the entry switch has SSL (Secure Socket Layer) enabled, the switch

will generate and display a Verify Certificate dialog that you must accept before gaining access to the fabric. Refer to ”Connection

Security” on page 3-7 and ”System Services Dialog” on page 4-27 for

more information on certificates and SSL.

server and SNMP

out-of-band logins, Application Programming Interface (API) inband and out-of-band logins, and Telnet logins. Additional logins will be refused.

3.4.2

Removing a Fabric

To delete a fabric file from the database, do the following:

1. Select a fabric in the fabric tree.

2. Open the Fabric menu and select Remove Fabric.

3.4.3

Opening a Fabric View File

A fabric view file is one or more fabrics saved to a file. To open an existing view file, do the following:

1. Open the File menu and select Open View File, or click the Open button. If the fabric you are currently viewing has changed, you will be prompted to save the changes to the fabric view file with the Save View dialog before opening a different view file.

2. In the Open View dialog, enter the name of the file to open, and enter a file password, if a password was entered when this fabric view file was saved.

3. Click the OK button.

3-24 59097-02 B

3.4.4

Saving a Fabric View File

To save a fabric view file, do the following:

1. Open the File menu, and select Save View As.

2. In the Save View dialog, enter a new file name.

3. Enter a file password, if necessary.

4. Click the OK button.

3.4.5

Rediscovering a Fabric

After making changes to or deleting switches from a fabric view, it may be helpful to again view the actual fabric configuration. The rediscover fabric option clears out the current fabric information being displayed, and rediscovers all switch information. To rediscover a fabric, open the Fabric menu, and select Rediscover Fabric. The rediscover function is more comprehensive than the refresh function.

3.4.6

Deleting Switches and Links

3 – Managing Fabrics

Managing the Fabric Database

The SANsurfer Switch Manager application does not automatically delete switches or links that have failed or have been physically removed from the fabric. In these cases, you can delete switches and links to bring the display up to date. If you delete a switch or a link that is still active, the SANsurfer Switch Manager application will restore it automatically. You can also refresh the display. To delete a switch from the topology display, do the following:

1. Select one or more switches in the topology display.

2. Open the Switch menu and select Delete.

To delete a link, do the following:

1. Select one or more links in the topology display.

2. Open the Switch menu and select Delete.

59097-02 B 3-25

3 – Managing Fabrics Managing the Fabric Database

3.4.7

Adding a New Switch to a Fabric

If there are no special conditions to be configured for the new switch, simply plug in the switch and the switch becomes functional with the default fabric configuration. The default fabric configuration settings are:

 Fabric zoning is sent to the switch from the fabric.  All 1/2/4-Gbps ports will be GL_Ports; all 10-Gbps ports will be G_Ports.  The default IP address 10.0.0.1 is assigned to the switch without a gateway

or boot protocol configured (RARP, BOOTP, and DHCP).

If you are adding a new switch to a fabric and do not want to accept the default fabric configuration, do the following:

1. If the switch is not new from the factory, reset the switch to the factory configuration before adding the switch to the fabric by selecting Restore Factory Defaults in the Switch menu from the faceplate display.

2. If you want to manage the switch through the Ethernet port, you must first configure the IP address using the Network Properties dialog or the Configuration Wizard.

3. Configure any special switch settings. Consider configuring the Default Visibility setting to None in the Zoning Config dialog to prevent devices from finding other devices on all switches in the fabric until the new switch is configured. To open the Zoning Config dialog, open the Zoning menu, and select Edit Zoning Config.

4. Plug in the inter-switch links (ISL), but do not connect the devices.

5. Configure the port types for the new switch using the Port Properties dialog. The 1/2/4-Gbps ports can be G_Port, GL_Port, F_Port, FL_Port, or Donor. The 10-Gbps ports can be a G_Port or F_Port.

6. Connect the devices to the switch.

7. Make any necessary zoning changes using the Edit Zoning dialog. To open the Edit Zoning dialog, open the Zoning menu, and select Edit Zoning. If you changed the Default Visibility setting in the Zoning Config dialog from All to None, change that setting back to All. To open the Zoning Config dialog, open the Zoning menu, and select Edit Zoning Config.

3-26 59097-02 B

3.4.8

Replacing a Failed Switch

The archive/restore works for all switches. However, the Restore menu item is not available for the in-band switches. You can only restore a switch out-of-band (the fabric management switch). There are certain parameters that are not archived, and these are not restored by SANsurfer Switch Manager. Refer to ”Archiving a

Switch” on page 4-37 and ”Restoring a Switch” on page 4-38 for information about

archive and restore. Use the following procedure to replace a failed switch for which an archive is available.

1. At the failed switch: a. Turn off the power and disconnect the AC cords. b. Note port locations and remove the interconnection cables and SFPs. c. Remove the failed switch.

2. At the replacement switch: a. Mount the switch in the location where the failed switch was removed. b. Install the SFPs using the same ports as were used on the failed

switch.

3 – Managing Fabrics

Managing the Fabric Database

CAUTION!

c. Attach the AC cords and power up the switch.

3. Select the failed switch in the topology display. Open the Switch menu and select Delete.

4. Restore the configuration from the failed switch to the replacement switch: a. Open a new fabric through the replacement switch. b. Open the faceplate display for the replacement switch. Open the

Switch menu and select Restore.

c. In the Restore dialog, enter the archive file from the failed switch or

browse for the file.

d. Click the Restore button.

5. Reset the replacement switch to activate the configuration formerly possessed by the failed switch including the domain ID and the zoning database. Open the Switch menu and select Reset Switch.

6. Reconnect the inter-switch links, target devices, and initiator devices to the replacement switch using the same ports as were used on the failed switch.

Do not reconnect inter-switch links, target devices, and initiator devices at this time. Doing so could invalidate the fabric zoning configuration.

59097-02 B 3-27

3 – Managing Fabrics Displaying Fabric Information

3.5

Displaying Fabric Information

The topology display is your primary tool for monitoring a fabric. The graphic window of the topology display provides status information for switches, inter-switch links, and the Ethernet connection to the management workstation.

The data window tabs show device, switch, and active zone set information. The Active Zoneset tab shows the zone definitions for the active zone set. Refer to

”Devices Data Window” on page 3-34 and ”Switch Data Window” on page 4-8 for

information about the Devices and Switch data windows.

3-28 59097-02 B

3.5.1

Fabric Status

The fabric updates the topology and faceplate displays by forwarding changes in status to the management workstation as they occur. You can allow the fabric to update the display status, or you can refresh the display at any time. To refresh the topology display, do one of the following:

 Click the Refresh button.  Open the View menu and select Refresh.  Press the F5 key.  Right-click anywhere in the background of the topology display and select

The topology display uses switch and status icons to provide status information about switches, inter-switch links, and the Ethernet connection. The switch status icons, displayed on the left side of a switch, vary in shape and color. Switches controlled by an Ethernet Internet Protocol have a colored Ethernet icon displayed on the right side of the switch. A green Ethernet icon indicates normal operation, yellow indicates a condition that may require attention to maintain maximum performance, and red indicates a potential failure. Table 3-1 shows the different switch icons and their meanings.

3 – Managing Fabrics

Displaying Fabric Information

Refresh Fabric from the popup menu.

Table 3-1. Topology Display Switch and Status Icons

Switch Icon Description

SANbox 5600 Series Switch

 Normal operation (Green)  Warning–operational with errors (Yellow)  Critical–potential failure (Red)  Unknown–communication status unknown, unreach-

able, or unmanageable (Blue)

Fabric Management Switch

 Ethernet connection normal (Green)  Ethernet connection warning (Yellow)  Ethernet connection critical (Red)

Switch is not manageable with this version of SANsurfer Switch Manager. Use the management application that was shipped with this switch.

59097-02 B 3-29

3 – Managing Fabrics Displaying Fabric Information

3.5.2

Displaying the Event Browser

The Event Browser displays a list of events gen erated by the switches in the fabric and the SANsurfer Switch Manager application. Events that are generated by the SANsurfer Switch Manager application are not saved on the switch, but can be saved to a file during the SANsurfer Switch Manager session.

Entries in the Event Browser shown in Figure 3-11, are formatted by severity, time stamp, source, type, and description. The maximum number of entries allowed in the Event Browser is 10,000. The maximum number of entries allowed on a switch is 1200. Once the maximum is reached, the event list wraps and the oldest events are discarded and replaced with the new events. Event entries from the switch, use the switch time stamp, while event entries generated by the application have a workstation time stamp. You can filter , so rt, and export the co ntents of the Event Browser to a file. The Event Browser begins recording when enabled and SANsurfer Switch Manager is running.

If the Event Browser is enabled using the Preferences dialog, the next time SANsurfer Switch Manager is started all events from the switch log will be displayed. If the Event Browser is disabled when SANsurfer Switch Manager is started and later enabled, only those events from the time the Event Browser was enabled and forward will be displayed.

To display the Event Browser, open the Fabric menu and select Show Event Browser, or click the Events button on the tool bar. If the Show Event Browser selection or the Events button is grayed-out, you must first enable the Events Browser preference. Refer to ”Setting SANsurfer Switch Manager Preferences”

on page 2-16.

Column Sorting

Buttons

Severity

Column

Figure 3-11. Events Browser

3-30 59097-02 B

3 – Managing Fabrics

Displaying Fabric Information

Severity is indicated in the severity column using icons as described in Table 3-2.

Table 3-2. Severity Levels

Severity

Icon

Alarm – An Alarm is a "serviceable event". T his means that attention by the user or field service is required. Alarms are posted asynchronously to the screen and cannot be turned off. If the alarm denotes that a system error has occurred the customer and/or field representative will generally be directed to provide a "show support" capture of the switch .

Critical event – An event that indicates a potential failure. Critical log messages are events that warrant notice by the user. By default, these log messages will be posted to the screen. Critical log messages do not have alarm status as they require no immediate attention from a user or service representative.

Warning event – An event that indicates errors or other conditions that may require attention to maintain maximum perfor mance. Warning messages will not be posted to the screen unless the log is configured to do so. Warning messages are not disruptive and, therefore, do not meet the criteria of Critical. The user need not be informed asynchronously

No icon Informative – An unclassified event that provides supporting informa-

tion.

Description

NOTE:  Events (Alarms, Critical, Warning, and Informative) generated by

the application are not saved on the switch. They are permanently discarded when you close a SANsurfer Switch Manager session, but you can save these events to a file on the workstation before you close SANsurfer Switch Manager and read it later with a text editor or browser.

 Events generated by the switch are stored on switch, and will be

retrieved when the application is restarted. Some alarms are configurable. Refer to ”Configuring Port Threshold Alarms” on

page 4-14.

59097-02 B 3-31

3 – Managing Fabrics Displaying Fabric Information

3.5.2.1

Filtering the Event Browser

Filtering the Event Browser enables you to display only those events that are of interest based on the event severity, timestamp, source, type, and description. To filter the Event Browser, open the Filter menu and select Filter Entries. This opens the Filter Events dialog shown in Figure 3-12. The Event Browser displays those events that meet all of the criteria in the Filter Events dialog. If the filtering criteria is cleared or changed, then all the events that were previously hidden that satisfy the new criteria will be shown.

You can filter the event browser in the following ways:  Severity – Check one or more of the corresponding check boxes to display

alarm events, critical events, warning events, or informative events.

 Date/Time – Check one or both of the From: and To: check boxes. Enter the

bounding timestamps (MM/dd/yy hh:mm:ss aa) to display only those events that fall within those times. ("aa" indicates AM or PM.) The current year (yy) can be entered as either 2 or 4 digits. For example, 12/12/03 will be interpreted December 12, 2003.

 Text – Check one or more of the corresponding check boxes and enter a text

string (case sensitive) for event source, type, and description. The Event Browser displays only those events that satisfy all of the search specifications for the Source, Type, and Description text.

Figure 3-12. Filter Events Dialog

3-32 59097-02 B

3.5.2.2

Sorting the Event Browser

Sorting the Event Browser enables you to display the events in alphanumeric order based on the event severity , timest amp, source, type, or description. Initially, the Event Browser is sorted in ascending order by timestamp. To sort the Event Browser, click the Severity, Timestamp, Source, Type, or Description column buttons. You can also open the Sort menu and select By Severity, By Timestamp, By Source, By Type, or By Description. Successive sort operations of the same type alternate between ascending and descending order.

3.5.2.3

Saving the Event Browser to a File

You can save the displayed Event Browser entries to a file. Filtering affects the save operation, because only displayed events are saved. To save the Event Browser to a file, do the following:

1. Filter and sort the Event Browser to obtain the desired display.

2. Open the File menu and select Save As.

3 – Managing Fabrics

Displaying Fabric Information

3. Select a folder and enter a file name in which to save the e vent log an d click the Save button. The file can be saved in XML, CSV, or text format. XML files can be opened with an internet browser or text editor. CSV files can be opened with most spreadsheet applications.

59097-02 B 3-33

3 – Managing Fabrics Displaying Fabric Information

3.5.3

Devices Data Window

The Devices data window displays information about devices (hosts and storage targets) connected to the switch. Click the Devices tab below the data window to display device information for all devices that are logged into the selected fabric. To narrow the display to devices that are logged into specific switches, select one or more switches in the fabric tree or the topology display . Table 3-3 describes the entries in the Devices data window. Refer to ”Exporting Device Information to a

File” on page 3-37 for exporting device information.

Entry Description

Port WWN Port world wide name Nickname Device port nickname. To create a new nickname or edit an

Table 3-3. Devices Data Window Entries

existing nickname, double-click the cell and enter a nickname in the Edit Nickname dialog. Refer to ”Managing Device Port

Nicknames” on page 3-37 for more information.

Details Click the (i) to display additional detail about the device. Refer

to ”Displaying Detailed Device Information” on page 3-36. FC Address Fibre Channel address Switch Switch name Port Switch port number Target/Initiator Device type: target or initiator Vendor Host Bus Adapter/Device V endor Host Name Name of host Active Zones The active zone to which the device belongs Row # Number of port as displayed in the faceplate display

3-34 59097-02 B

3.5.4

Active Zone Set Data Window

The Active Zoneset data window displays the zone membership for the active zone set that resides on the fabric management switch. The active zone set is the same on all switches in the fabric – you can confirm this by adding a fabric through another switch and comparing Active Zone Set displays.

To open the Active Zoneset data window, click the Active Zoneset tab below the data window in the topology display. Refer to ”Configured Zonesets Data

Windows” on page 4-13 for information about the zone set definitions on a

particular switch. Refer to ”Zoning a Fabric” on page 3-39 for more information about zone sets and zones.

The Active Zoneset data window, shown in Figure 3-13, uses display conventions for expanding and contracting entries that are similar to the fabric tree. An entry handle located to the left of an entry in the tree indicates that the entry can be expanded. Click this handle or double-click the following entries:

 A zone set entry expands to show its member zones.

3 – Managing Fabrics

Displaying Fabric Information

 A zone entry expands to show its member ports/devices.  Ports/devices that are zoned by WWN or FC address, but no longer part of

the fabric, are grayed-out.

Active Zoneset

Data Window

Figure 3-13. Active Zone Set Data Window

59097-02 B 3-35

3 – Managing Fabrics Working with Device Information and Nicknames

3.5.5

Link Data Window

The Link data window displays information about all switch links in the fabric or selected links. This information includes the switch name, the port number at the end of each link, and the link status icons. To open the Link data window, click the Link tab below the data window in the topology display.

3.6

Working with Device Information and Nicknames

SANsurfer Switch Manager enables you to do the following:

 Display detailed device information  Export device information to a file  Manage device port nicknames

3.6.1

Displaying Detailed Device Information

In addition to the information that is available in the Devices data window, you can click the (i) in the Details column to display more information as shown in

Figure 3-14.

Figure 3-14. Detailed Devices Display Dialog

3-36 59097-02 B

3.6.2

Exporting Device Information to a File

To save device information to a file, open the topology display and do the following:

1. Select one or more switches. If no switches are selected, Devices information is gathered for all switches.

2. Open the Switch menu and select Export Devices Information.

3. In the Save dialog, enter a file name.

4. Click the Save button.

3.6.3

Managing Device Port Nicknames

You can assign a nickname to a device port World Wide Name. A nickname is a user-definable, meaningful name that can be used in place of the World Wide Name. Assigning a nickname makes it easier to recognize device ports when zoning your fabric or when viewing the Devices data window.

3 – Managing Fabrics

Working with Device Information and Nicknames

SANsurfer Switch Manager maintains nicknames in Nicknames.xml, which is found in your working directory. In addition to creating, editing, and deleting nicknames, you can also export the nicknames to a file, which can then be imported into the Nicknames.xml file on other workstations.

3.6.3.1

Creating a Nickname

To create a device port nickname, do the following:

1. Open the File menu and select Nicknames to open the Nicknames dialog.

2. Choose one of the following methods to enter a nickname. A nickname must start with a letter and can have up to 64 characters. Valid characters include alphanumeric characters [aA-zZ][0-9] and special symbols [$ _ - ^ ].

 Click on a device in the table. Open the Edit menu and select Create

Nickname to open the Add Nickname dialog. In the Add Nickname dialog, enter a nickname and WWN and click the OK button.

 Double-click a cell in the Nicknames column, and enter a new

nickname in the text field. Click the Save button to save the changes and exit the Nicknames dialog.

You can also create a nickname by double clicking a cell in the Nickname column of the Devices data window. Refer to ”Devices Data Window” on page 3-34.

59097-02 B 3-37

3 – Managing Fabrics Working with Device Information and Nicknames

3.6.3.2

Editing a Nickname

A nickname must start with a letter and can have up to 64 characters. Valid characters include alphanumeric characters [aA-zZ][0-9] and special symbols [$ _

- ^ ]. You can access the Edit Nicknames dialog two ways. Choose one of the

following methods to edit a nickname:  In the topology or faceplate display, open the File menu and select

Nicknames to open the Nicknames dialog. The device entries are listed in table format.

 Click on a device entry in the table. Open the Edit menu and select

Edit Nickname to open the Edit Nicknames dialog. Edit the nickname in the text field. Click the OK button to save the changes.

 Double-click a cell in the Nicknames or WWN columns, and edit the

nickname in the text field. Click the OK button to save the changes.

 In the topology or faceplate display, click the Devices tab to display the

Devices data window. Double-click a cell in the Nickname column to open the Edit Nickname dialog. Edit the nickname in the text field. Click the OK button to save the changes. Refer to ”Devices Data Window” on page 3-34 for more information.

3.6.3.3

Deleting a Nickname

To delete a device port nickname, do the following:

1. Open the File menu and select Nicknames to open the Nicknames dialog.

2. Click a device in the table. Open the Edit menu and select Delete Nickname.

3. Click the Save button to save the changes.

3.6.3.4

Exporting Nicknames to a File

You can save nicknames to a file. This is useful for distributing nicknames to other management workstations. To save nicknames to an XML file, do the following:

1. Open the File menu and select Nicknames to open the Nicknames dialog.

2. Open the File menu in the Nicknames dialog, and select Export.

3. Enter a name for the XML nickname file in the Save dialog and click Save.

3-38 59097-02 B

3.6.3.5

Importing a Nicknames File

Importing a nicknames file copies its contents into and replaces the contents of the Nicknames.xml file which is used by SANsurfer Switch Manager. To import a nickname file, do the following:

1. Open the File menu and select Nicknames to open the Nicknames dialog.

2. Open the File menu in the Nicknames dialog, and select Import.

3. Select an XML nickname file in the Open dialog and click Open. When prompted to overwrite existing nicknames, click Yes.

3.7

Zoning a Fabric

Zoning enables you to divide the ports and devices of the fabric into zones for more efficient and secure communication among functiona lly grouped nodes. This subsection addresses the following topics:

 Zoning Concepts  Using the Zoning Wizard

3 – Managing Fabrics

Zoning a Fabric

 Managing the Zoning Database  Managing Zone Sets  Managing Zones  Managing Aliases  Merging Fabrics and Zoning

3.7.1

Zoning Concepts

The following zoning concepts provide some context for the zoning tasks described in this section:

 Zones  Aliases  Zone Sets  Zoning Database  Configuring the Zoning Database

59097-02 B 3-39

3 – Managing Fabrics Zoning a Fabric

3.7.1.1

Zones

A zone is a named group of ports or devices that can communicate with each other. Devices within a zone can only communicate with other devices in the same zone. A device may participate in more than one zone.

Membership in a zone can be defined by switch domain ID and port number, device Fibre Channel address (FCID), or device World Wide Name (WWN).

 WWN entries define zone membership by the World Wide Name of the

 FCID entries define zone membership by the Fibre Channel address of the

attached device. With this membership method, you can move WWN member devices to different switch ports in dif fe rent zones without having to edit the member entry as you would with a domain ID/port number member. Furthermore, unlike FCID members, WWN zone members are not affected by changes in the fabric that could change the Fibre Channel address of an attached device.

attached device. With this membership method you can replace a device on the same port without having to edit the member entry as you would with a WWN member.

3.7.1.1.1

Soft Zones

 Domain ID/Port number entries define zone membership by switch domain

ID and port number. All devices attached to the specified port become members of the zone. The specified port must be an F_Port or an FL_Port.

Two types of zones are supported:

 Soft zone  Hard zone - Access Control List (domain/port member only or it will revert

back to a soft zone when activated)

Soft zoning divides the fabric for purposes of controlling discovery. Devices within the same soft zone automatically discover and communicate freely with all other members of the same zone. The soft zone boundary is not secure; traffic across soft zones can occur if addressed correctly. Soft zones that include members from multiple switches need not include the ports of the inter-switch links. Soft zone boundaries yield to ACL zone boundaries. Soft zones can overlap; that is, a device can participate in more than one soft zone. Zone membership can be defined by Fibre Channel address, domain ID and port number, World Wide Name, or a combination. Soft zoning supports all port types.

3-40 59097-02 B

3.7.1.1.2

Access Control List Hard Zones

Access Control List (ACL) zoning divides the fabric for purposes of controlling discovery and inbound traffic. ACL zoning is a type of hard zoning that is hardware enforced. This type of zoning is useful for controlling access to certain devices without totally isolating them from the fabric. Devices can communicate with each other and transmit outside the ACL zone, but cannot receive inbound traffic from outside the zone. The ACL zone boundary is secure against inbound traffic. ACL zones can overlap; that is, a port can be a member of more than one ACL zone. ACL zones that include members from multiple switches need not include the ports of the inter-switch links. ACL zone boundaries supersede soft zone boundaries. Membership can be defined only by domain ID and port number. ACL zoning supports all port types.

3.7.1.2

Aliases

To make it easier to add a group of ports or devices to one or more zones, you can create an alias. An alias is a named set of ports or devices that are grouped together for convenience. Unlike zones, aliases impose no communication restrictions between its members. You can add an alias to one or more zones. However, you cannot add a zone to an alias, nor can an alias be a member of another alias.

3 – Managing Fabrics

Zoning a Fabric

3.7.1.3

Zone Sets

A zone set is a named group of zones. A zone can be a member of more than one zone set. Each switch in the fabric maintains its own zoning database containing one or more zone sets. This zoning database resides in non-volatile or permanent memory and is therefore retained after a reset. Refer to ”Configured Zonesets

Data Windows” on page 4-13 for information about displaying the zoning

database. The orphan zone set is created by the application automatically to hold the zones

which are not in any set. The orphan zone set cannot be removed and is not saved on the switch.

To apply zoning to a fabric, choose a zone set and activate it. When you activate a zone set, the switch distributes that zone set and its zones, excluding aliases, to every switch in the fabric. This zone set is known as the active zone set. Refer to

”Active Zone Set Data Window” on p age 3-35 for information about displaying the

active zone set.

59097-02 B 3-41

3 – Managing Fabrics Zoning a Fabric

3.7.1.4

Zoning Database

Each switch has its own zoning database. The zoning database is made up of all aliases, zones, and zone sets that have been created on the switch or received from other switches. The switch maintains two copies of the inactive zoning database: one copy is maintained in temporary memory for editing purposes; the second copy is maintained in permanent memory. Zoning database edits are made on an individual switch basis and are not propagated to other switches in the fabric when saved.

There are two configuration parameters that affect the zoning database: Interop Auto Save and Default Visibility. The Interop Auto Save parameter determines whether changes to the active zone set that a switch receives from another switch in the fabric will be saved to permanent memory on that switch. The Default Visibility parameter permits or prohibits communication among ports/devices when there is no active zone set. Refer to ”Configuring the Zoning Database” on

page 3-47 for information about zoning configuration.

3.7.1.4.1

Viewing Zoning Limits and Properties

Zoning limits vary depending on the firmware installed on the switch. To view zoning limits and properties on a switch, do the following:

1. In the faceplate display, open the Zoning menu and select Edit Zoning to open the Edit Zoning dialog.

2. Choose one of the following:  In the zone sets tree (left windowpane), right-click on the top zonesets

entry, a zone set, a zone, or a zone member. In the popup menu, select Properties.

 In the zone set tree (left windowpane), select the top zonesets entry, a

zone set, a zone, or a zone member. Open the Edit menu and select Properties.

3. View the zoning limits and properties information in the Properties dialog.

4. Click the OK button to close the Properties dialog.

The zoning limits for switches with 5.02 firmware are:  MaxZoneSets is 256. The maximum number of zone sets that can be

configured on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from the fabric.

 MaxZones is 2000. The maximum number of zones that can be configured

on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from the fabric.

3-42 59097-02 B

3 – Managing Fabrics

Zoning a Fabric

 MaxAliases is 2500. The maximum number of aliases that can be

configured on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from the fabric.

 MaxT ot alMembers is 10,000. The maximum number of tot al zone and alias

members that can be configured on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from the fabric. Aliases are considered zone members since they can be added to a zone just like a normal zone member.

 MaxZonesInZoneSets is 2000. The maximum number of zone linkages to

zonesets that can be configured on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from the fabric. Every time a zone is added to a zoneset this constitutes a linkage.

 MaxMembersPerZone is 2000. The maximum number of zone members

that can be added to any zone on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from th e fabric. Aliases are considered zone members when added to a zone.

 MaxMembersPerAlias is 2000. The maximum number of zone members

that can be added to any alias on the switch. This will be enforced during the configuration of zoning and during a zoning database merge from the fabric.

3.7.2

Using the Zoning Wizard

The Zoning Wizard is a series of dialogs that leads you through the process of zoning a fabric. To open the Zoning Wizard, open the Wizards menu in the faceplate display, and select Zoning Wizard.

The Zoning Wizard helps you with the two most typical reasons for zoning:

 Zoning Windows servers storage  Assign storage to servers.

To solve these problems, there must be at least one target and at least one initiator in the name server. Windows servers do not share devices well, but sometimes they must share devices, such as a tape drive. The wizard helps you define which devices are sharable and which ones are not. Once a device is in a Windows group, it can no longer be in any other group.

59097-02 B 3-43

3 – Managing Fabrics Zoning a Fabric

3.7.3

Managing the Zoning Database

Managing the zoning database consists of the following:

 Editing the Zoning Database  Configuring the Zoning Database  Saving the Zoning Database to a File  Restoring the Zoning Database from a File  Restoring the Default Zoning Database  Removing All Zoning Definitions

3.7.3.1

Editing the Zoning Database

To edit the zoning database for a particular switch, open the Zoning menu from the faceplate display and select Edit Zoning to open the Edit Zoning dialog shown in Figure 3-15. Changes can only be made to inactive zone sets, which are stored in flash (non-volatile) memory and retained after resetting a switch.

Port/Device

Tree

Zone Sets

Tree

Figure 3-15. Edit Zoning Dialog

3-44 59097-02 B

3 – Managing Fabrics

Zoning a Fabric

You cannot edit an active zone set on a switch. You must configure an inactive zone set to your needs and then activate that updated zone set to apply the changes to the fabric. When you activate a zone set, the switch distributes that zone set to the temporary zoning database on every switch in the fabric. However , in addition to the merged active zone set, each switch maintains its own original zone set in its zoning database. Only one zone set can be active at one time.

NOTE: If the Interop Auto Save parameter is enabled on the Zoning

Configuration dialog, then every time the active zone set changes, the switch will copy it into an inactive zone set stored on the switch. You can edit this copy of the active zone set stored on the switch, and activate the updated copy to conveniently apply the changes to the active zone set. The edited copy then becomes the active zone set.

The Edit Zoning dialog has a Zone Sets tree on the left and a Port/Device (or members) tree on the right. Both trees use display conventions similar to the fabric tree for expanding and contracting zone sets, zones, and ports. An expanded port shows the port Fibre Channel address; an expanded address shows the port World Wide Name. You can select zone sets, zones, and ports in the following ways:

 Click a zone, zone set, or port icon.  Right-click to select a zone set or zone, and open the corresponding popup

menu.

 Hold down the Shift key while clicking several consecutive icons.  Hold down the Control key while clicking several non-consecutive icons.

Using tool bar buttons, popup menus, or a drag-and-drop method, you can create and manage zone sets and zones in the zoning datab ase. Table 3-4 describes the zoning tool bar operations.

Use the Edit Zoning dialog to define zoning changes, and click the Apply button to open the Error Check dialog. Click the Error Check button to have SANsurfer Switch Manager check for zoning conflicts, such as empty zones, aliases, or zo ne sets, and ACL zones with non-domain ID/port number membership. Click the Save Zoning button to implement the changes. Click the Close button to close the Error Check dialog. On the Edit Zoning dialog, click the Close button to close the Edit Zoning dialog.

Table 3-4. Edit Zoning Dialog Tool Bar Buttons and Icons

Tool Bar Button Description

Create Zone Set button - create a new zone set

59097-02 B 3-45

3 – Managing Fabrics Zoning a Fabric

Tool Bar Button Description

Table 3-4. Edit Zoning Dialog Tool Bar Buttons and Icons (Continued)

Create Zone button - create a new zone

Create Alias button - create another name for a set of objects

Add Member button - adds selected port/device to a zone

Remove Member button - delete the selected zone from a zone set, or delete the selected port/device from a zone

Switch port icon – not logged in

Switch port icon – logged in

NL_Port (loop) device icon – logged in to fabric

NL_Port (loop) device icon – not logged in to fabric

N_Port device icon – logged in to fabric

N_Port device icon – not logged in to fabric

3-46 59097-02 B

3.7.3.2

Configuring the Zoning Database

Use the Zoning Config dialog to change the Auto Save, Default Visibility, and Discard Inactive configuration parameters. In the faceplate display, open the Zoning menu and select Edit Zoning Config to open the Zoning Config dialog shown in Figure 3-16. After making changes, click the OK button to put the new values into effect.

3 – Managing Fabrics

Zoning a Fabric

3.7.3.2.1

Interop Auto Save

The Interop Auto Save parameter determines whether changes to the active zone set that a switch receives from other switches in the fabric will be saved to the zoning database on that switch. Changes a re saved whe n an updated zone set is activated. Zoning changes are always saved to temporary memory. However, if Interop Auto Save is enabled, the switch firmware saves changes to the active zone set in temporary memory and to the zoning database. If Interop Auto Save is disabled, changes to the active zone set are stored only in temporary memory which is cleared when the switch is reset.

NOTE: Disabling the Interop Auto Save parameter can be useful to prevent

Figure 3-16. Zoning Config Dialog

the propagation of zoning information when experimenting with different zoning schemes. However, leaving the Interop Auto Save parameter disabled can disrupt device configurations should a switch have to be reset. For this reason, the Interop Auto Save parameter should be enabled in a production environment.

59097-02 B 3-47

3 – Managing Fabrics Zoning a Fabric

3.7.3.2.2

Default Visibility

Default visibility determines the level of communication that is permitted among ports/devices when there is no active zone set. The default visibility parameter can be set differently on each switch. When default visibility is enabled (ALL) on a switch, all ports/devices on the switch can communicate with all ports/devices on switches that also have default visibility enabled. When Default Visibility is disabled (NONE), none of the ports/devices on that switch can communicate with any other port/device in the fabric.

3.7.3.2.3

Discard Inactive

The Discard Inactive parameter automatically removes inactive zones and zone sets when a zoneset is activated or deactivated from a remote switch.

3.7.3.3

Saving the Zoning Database to a File

You can save the zoning database to an XML file. Y ou ca n later reload this zoning database on the same switch or another switch. To save a zoning database to a file, do the following:

1. In the faceplate display, open the Zoning menu, and select Edit Zoning.

2. In the Edit Zoning dialog, open the File menu and select Save As.

3. In the Save dialog, enter a file name for the database file.

4. Click the Save button to save the zoning file.

3.7.3.4

Restoring the Zoning Database from a File

CAUTION! Restoring the zoning database from a file will replace the current

zoning database on the switch.

Do the following to restore the zoning database from a file to a switch:

1. In the faceplate display, open the Zoning menu and select Edit Zoning to open the Edit Zoning window.

2. Open the File menu and select Open File. A popup window will prompt you to select an XML zoning database file.

3. Select a file and click Open.

3-48 59097-02 B

3.7.3.5

Restoring the Default Zoning Database

Restoring the default zoning clears the switch of all zoning definitions.

CAUTION! This command will deactivate the active zone set.

To restore the default zoning for a switch:

1. In the faceplate display, open the Zoning menu and select Restore Default Zoning.

2. Click the OK button to confirm that you want to restore default zoning and save changes to the zoning database.

3.7.3.6

Removing All Zoning Definitions

To clear all zone and zone set definitions from the zoning database, choose one of the following:

3 – Managing Fabrics

Zoning a Fabric

 Open the Edit menu and select Clear Zoning. In the Removes All dialog,

click the Yes button to confirm that you want to delete all zones and zone sets.

 Right-click the Zone Sets heading at the top of the Zone Sets tree, and

select Clear Zoning from the popup menu. Click the Yes button to confirm that you want to delete all zone sets and zones.

59097-02 B 3-49

3 – Managing Fabrics Zoning a Fabric

3.7.4

Managing Zone Sets

Zoning a fabric involves creating a zone set, creating zones as zon e set members, then adding devices as zone members. The zoning database supports multiple zone sets to serve the different security and access needs of your storage area network, but only one zone set can be active at one time. Managing zone sets consists of the following tasks:

 Creating a Zone Set  Activating and Deactivating a Zone Set  Copying a Zone to a Zone Set  Removing a Zone from a Zone Set or from All Zone Sets  Removing a Zone Set

NOTE: Changes that you make to the zoning database are limited to the

managed switch and do not propagate to the rest of the fabric. To distribute changes to configured zone sets fabric wide, you must edit the zoning databases on the individual switches.

3.7.4.1

Creating a Zone Set

To create a zone set, do the following:

1. Open the Zoning menu, and select Edit Zoning to open the Edit Zoning dialog.

2. Open the Edit menu, and select Create Zone Set to open the Create Zone Set dialog.

3. Enter a name for the zone set, and click the OK button. The new zone set name is displayed in the Zone Sets dialog. A zone set name must begin with a letter and be no longer than 64 characters. Valid characters are 0-9, A-Z, a-z, _, -, ^, and $.

4. To create new zones in a zone set, do one of the following:

 Right-click a zone set and select Create A Zone from the popup menu.

 Copy an existing zone by dragging a zone into the new zone set. Refer

5. Click the Apply button to save changes to the zoning database.

In the Create a Zone dialog, enter a name for the new zone, and click the OK button. The new zone name is displayed in the Zone Sets dialog.

to ”Copying a Zone to a Zone Set” on page 3-51.

3-50 59097-02 B

3.7.4.2

Activating and Deactivating a Zone Set

You must activate a zone set to apply its zoning definitions to the fabric. Only one zone set can be active at one time. When you activate a zone set, the switch distributes that zone set to the temporary zoning database on every switch in the fabric.

The purpose of the deactivate function is to suspend all fabric zoning which results in free communication fabric wide or no communication depending on the default visibility setting. Refer to ”Default Visibility” on page 3-48 for more information. It is not necessary to deactivate the active zone set before activating a new one.

 To activate a zone set, open the Zoning menu and select Activate Zone Set

to open the Activate Zone Set dialog. Select a zone set from th e Select Zone Set pull-down menu, and click the Activate button.

 To deactivate the active zone set, open the Zoning menu, select Deactivate

Zone Set. Acknowledge the warning about traffic disruption, and click the Yes button to confirm that you want to deactivate the active zone set.

3 – Managing Fabrics

Zoning a Fabric

3.7.4.3

Copying a Zone to a Zone Set

To copy an existing zone and its membership from one zone set to another, select the zone and drag it to the chosen zone set. Click the Apply button to save changes to the zoning database.

3.7.4.4

Removing a Zone from a Zone Set or from All Zone Sets

You can remove a zone from a zone set or from all zone sets in the database.

1. In the faceplate display, open the Zoning menu and select Edit Zoning to open the Edit Zoning dialog.

2. In the Zone Sets tree, select the zone(s) to be removed.

3. Open the Edit menu, and select Remove to remove the zone from the zone set, or select Remove from All Zones to remove the zone from all zone sets.

4. Click the Apply button to save changes to the zoning database.

Alternatively, you may use shortcut menus to remove a zone from a zone set or from all zone sets in the database.

59097-02 B 3-51

3 – Managing Fabrics Zoning a Fabric

3.7.4.5

Removing a Zone Set

Removing a zone set from the database affects the me mber zones in the following ways.

 Member zones that are members of other zone sets are not affected.  Member zones that are not members of other zone sets become members

of the orphan zone set. The orphan zone set cannot be removed and is not saved on the switch.

To delete a zone set from the database, do the following:

1. In the faceplate display, open the Zoning menu and select Edit Zoning to open the Edit Zoning dialog.

2. In the Zone Sets tree, select the zone set to be removed.

3. Open the Edit menu, and select Remove to remove the zone set.

4. Click the Apply button to save changes to the zoning database.

Alternatively, you may use shortcut menus to remove a zone set from the database.

3.7.5

Managing Zones

Managing zones involves the following:

 Creating a Zone in a Zone Set  Adding Zone Members  Renaming a Zone or a Zone Set  Removing a Zone Member  Removing a Zone from a Zone Set  Removing a Zone from All Zone Sets  Changing Zone Types

NOTE: Changes that you make to the zoning database are limited to the

managed switch and do not propagate to the rest of the fabric. To distribute changes to configured zone sets fabric wide, you must edit the zoning databases on the individual switches.

3-52 59097-02 B

3.7.5.1

Creating a Zone in a Zone Set

When a zone is created, its zone type is soft. To change the zone type to a hard zone, refer to ”Changing Zone T ypes” on p age 3-56 for more information. Refer to

”Zones” on page 3-40 for information on zone types (soft and hard). To create a

zone in a zone set, do the following:

1. Open the Zoning menu, and select Edit Zoning to open the Edit Zoning dialog.

2. Select a zone set.

3. Open the Edit menu and select Create a Zone.

4. In the Create a Zone dialog, enter a name for the new zone, and click the OK button. The new zone name is displayed in the Zone Sets dialog. A zone name must begin with a letter and be no longer than 64 characters. Valid characters are 0-9, A-Z, a-z, _, ^, $, and -.

NOTE: If you enter the name of a zone that already exists in the

database, the SANsurfer Switch Manager application will ask if you would like to add that zone and its membership to the zone set.

3 – Managing Fabrics

Zoning a Fabric

5. To add switch ports or attached devices to the zone, do one of the following:  In the zone set tree, select the zone set. In the graphic window, select

the port to add to the zone. Open the Edit menu and select Add Members.

 Select a port by port number, Fibre Channel address, or World Wide

Name in the Port/Device tree, and drag it into the zone.

 Select a port by port number, Fibre Channel address, or World Wide

Name in the Port/Device tree. Right-click the zone and select Add Zone Members from the popup menu.

6. Click the Apply button to save changes to the zoning database.

59097-02 B 3-53

3 – Managing Fabrics Zoning a Fabric

3.7.5.2

Adding Zone Members

You can zone a port/device by switch domain ID and port number, device port Fibre Channel address, or the device port WWN. Adding a port/device to a zone affects every zone set in which that zone is a member. To add ports/devices to a zone, do the following:

1. Open the Zoning menu, and select Edit Zoning to open the Edit Zoning dialog.

2. Choose one of the following methods to add the port/device:  Select a port/device in the Port/Device tree, and drag it into the zone.

To select multiple ports/devices, press and hold the Control key while selecting.

 Select a port/device in the Port/Device tree. To select multiple

ports/devices, press the Control key while selecting. Select a zone set in the left pane. Open the Edit menu and select Add Members.

 Select a port/device in the Port/Device tree. To select multiple

ports/devices, press the Control key while selecting. Select a zone set in the left pane. Click the Insert button.

If the port/device you want to add is not in the Port/Device tree, you can add it by doing the following:

a. Right click the selected zone. b. Open the Edit menu and select Create Members. c. Choose the WWN, Domain/Port, or First Port Address radio button. d. Enter the hexadecimal value for the port/device according to the radio

button selection: 16 digits for a WWN member, 4 digits for a Domain/ Port member (DDPP), or a 6-digit Fibre Channel Address for a First Port Address member (DDPP AA) where D=domain ID, P=port number , and A=ALPA.

3. Click the OK button to add the member and save the change.

NOTE: Domain ID conflicts can result in automatic reassignment of switch

domain IDs. These reassignments are not reflected in zones that use domain ID/port number pair to define their membership. Be sure to reconfigure zones that are affected by a domain ID change.

3-54 59097-02 B

Q-Logic 5600 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

List of Figures

List of Tables

Intended Audience

Related Materials

JDOM License

Technical Support

Availability

Training

Contact Information

Workst ation Requirements

Installing the Management Application

SANsurfer Switch Manager

SANsurfer Management Suite

SMS Installation for Windows

SMS Installation for Linux

SMS Installation for Solaris

Starting SANsurfer Switch Manager

Exiting SANsurfer Switch Manager

Uninstalling SANsurfer Switch Manager

SMS Uninstall

Standalone Uninstall

Changing the Encryption Key for the Default Fabric View File

Saving and Opening Fabric View Files

Setting SANsurfer Switch Manager Preferences

Using Online Help

Viewing Software Version and Copyright Information

SANsurfer Switch Manager User Interface

Menu Bars

Topology Display Menu

Faceplate Display Menu

Shortcut Keys

Tool Bar

Fabric Tree

Graphic Window

Data Window and Tabs

Working Status Indicator

Using the Topology Display

Switch and Link Status

Working with Switches and Links

Selecting Switches and Links

Arranging Switches in the Display

Opening the Faceplate and Topology Display Popup Menus

Topology Data Windows

Using the Faceplate Display

Port Views and Status

Working with Ports

Selecting Ports

Opening the Faceplate Popup Menu

Faceplate Data Windows

RADIUS Servers

Adding a RADIUS Server

Removing a RADIUS Server

Editing RADIUS Server Information

Modifying Authentication Order RADIUS Server Information

Securing a Fabric

Connection Security

User Account Security

Security Consistency Checklist

Device Security

Edit Security Dialog

Creating a Security Set

Create Security Group Dialog

Creating a Security Group

Create Security Group Member Dialog

Creating a Security Group Member

Editing the Security Configuration on a Switch

Viewing Properties of a Security Set, Group, or Member

Using the Security Config Dialog

Archiving a Security Configuration to a File

Activating a Security Set

Deactivating a Security Set

Configured Security Data Window

Active Security Data Window

Fabric Services

Enabling SNMP Configuration