53-1003231-02 2 April 2014 Network OS NETCONF Operations Guide Supporting Network OS v4.1.
Copyright © 2012-2014 Brocade Communications Systems, Inc. All Rights Reserved. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, FastIron, ICX, MLX, MyBrocade, NetIron, OpenScript, ServerIron, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Contents (High Level) Section I Network OS Administration Chapter 1 NETCONF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 2 Basic NETCONF Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chapter 3 Basic Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Chapter 4 Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 23 Configuring Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311 Chapter 24 Configuring Spanning Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . .329 Chapter 25 Configuring UDLD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373 Chapter 26 Configuring Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377 Chapter 27 Configuring LLDP . . . . . . . . . . . . . . . . . . . . . .
Contents (Detailed) About This Document In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxix Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxix Text formatting . . . . . . . . . . . . . . . . . . . . . . . . .
Retrieving configuration data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Subtree filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 xpath filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Retrieving operational data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Using custom RPCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 4 Network Time Protocol In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Time management with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . 47 Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Chapter 5 Time zone settings . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 7 SNMP In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 SNMP management with NETCONF overview . . . . . . . . . . . . . . . . . . . . . 73 SNMP community strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74 Adding an SNMP community string . . . . . . . . . . . . . . . . . . . . . . . . . .74 Changing the access of a read-only community string . . . . . . . . . . 75 Removing an SNMP community string . . .
Chapter 10 Administering Zones In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Zoning with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Default zoning access modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . . .
Configuring a Fibre Channel port for trunking. . . . . . . . . . . . . . . . . . . . 139 Retrieving Fibre Channel interface information . . . . . . . . . . . . . . . . . . 140 Chapter 12 System Monitor Configuration In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 System Monitor configuration with NETCONF overview . . . . . . . . . . . . 143 FRU monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section II Chapter 15 Network OS Security Configuration Managing User Accounts In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Managing user accounts with NETCONF overview . . . . . . . . . . . . . . . . 173 User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Default accounts in the local switch user database . . . . . . . . . . . 174 Creating and modifying a user account . . . . . . . . .
LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FIPS compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client-side Active Directory server configuration . . . . . . . . . . . . . . Active Directory groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 20 Configuring a port-profile-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure the port-profile-port on the physical interface. . . . . . . . Association of multiple port-profiles with an interface . . . . . . . . . Deleting a port-profile-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 264 265 265 Configuring port-profile-domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the basic port-profile-domain . . . . . . .
Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a community PVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring an isolated PVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying PVLAN information. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Spanning tree configuration and management . . . . . . . . . . . . . . . . . . Enabling STP, RSTP, MSTP, PVST, or Rapid PVST . . . . . . . . . . . . . . Disabling STP, RSTP, MSTP, PVST, or Rapid PVST . . . . . . . . . . . . . Stopping STP, RSTP, MSTP, PVST, or Rapid PVST globally . . . . . . . Specifying the bridge priority for all xSTP . . . . . . . . . . . . . . . . . . . . Specifying the bridge priority on a per-VLAN basis . . . . . . . . . . . . Specifying the bridge forward delay for all xSTP . . . . .
Chapter 26 Configuring Link Aggregation In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Link aggregation with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . 377 Configuring a vLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Configuring the vLAG ignore split option . . . . . . . . . . . . . . . . . . . . . . . . 380 Configuring the load balancing feature . . . . . . . . . . . . . . . . . .
IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a standard IP or IPv6 ACL. . . . . . . . . . . . . . . . . . . . . . . . . Creating an extended IP or IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . Applying an IP or IPv6 ACL to a management interface . . . . . . . . Applying an IP ACL to a data interface . . . . . . . . . . . . . . . . . . . . . . Binding an ACL in standalone mode or fabric cluster mode. . . . .
Chapter 30 Configuring 802.1x Port Authentication In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 802.1x port authentication with NETCONF overview . . . . . . . . . . . . . . 473 802.1x authentication configuration tasks . . . . . . . . . . . . . . . . . . . . . . Configuring authentication between the switch and CNA or NIC . Setting a global timeout value for performing readiness checks . Disabling 802.1x globally . . . . . . . . . . . . . . .
Configuring an IP prefix list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Configuring a route map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 Configuring and activating an IP route policy . . . . . . . . . . . . . . . . . . . . 508 Chapter 33 IP Route Management In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 IP route management with NETCONF overview . . . . . . . . . . . . . . . .
Configuring a multigroup virtual router cluster . . . . . . . . . . . . . . . . . . . Configuring Router 1 as master for first virtual router group . . . . Configuring Router 1 as backup for second virtual router group . Configuring Router 2 as backup for first virtual router group . . . . Configuring Router 2 as master for second virtual router group . 545 546 547 548 550 Verifying VRRP and VRRP-E configuration . . . . . . . . . . . . . . . . . . . . . . .
Viewing NETCONF client capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 Viewing NETCONF statistics and session information . . . . . . . . . . . . .
xxii Network OS NETCONF Operations Guide 53-1003231-02
Figures Figure 1 Four layers of NETCONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Figure 2 NETCONF communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 3 Zone configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Figure 4 High-level communication for VXLAN gateway . . . . . . . . . . . . . . . . . . . . . . . . . .
xxiv Network OS NETCONF Operations Guide 53-1003231-02
Tables Table 1 Trademark references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi Table 2 NETCONF RPCs supported in Network OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Table 3 ECMP load balancing operands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Table 4 Fibre Channel port attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xxvi Network OS NETCONF Operations Guide 53-1003231-02
About This Document In this chapter • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Additional information . . . . . . . . . . . . . . . . . . . .
• Chapter 12, “System Monitor Configuration” provides procedures monitoring the health of each fan, power supply, temperature sensor, chassis identification (CID) card, small form-factor pluggable (SFP) device, management module (MM), line card, or switch fabric module (SFM), or compact flash of the switch. • Chapter 13, “VMware vCenter” provides procedures for configuring VMware vCenter. • Chapter 14, “Configuring Remote Monitoring” provides procedures for configuring Remote Monitoring.
• Chapter 33, “IP Route Management” provides procedures for configuring the route manager to optimize forwarding of IP packets. • Chapter 34, “Configuring OSPF” provides procedures for configuring Open Shortest Path First (OSPF). • Chapter 35, “Configuring VRRP” provides procedures for configuring the Virtual Router Redundancy Protocol (VRRP). • • • • Chapter 36, “Configuring VRF” provides procedures for configuring remote monitoring (RMON).
bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies paths and Internet addresses Identifies document titles code text Identifies CLI output Identifies command syntax examples Notes, cautions, and warnings The following notices and statements are used in this manual.
Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only. TABLE 1 Trademark references Corporation Referenced Trademarks and Products Microsoft Corporation Windows, Windows NT, Internet Explorer Red Hat, Inc.
Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1.
Section Network OS Administration I This section describes basic Network OS administration features, and includes the following chapters: • NETCONF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 • Basic NETCONF Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 • Basic Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 • Network Time Protocol . . . . . . . . . .
2 Network OS NETCONF Operations Guide 53-1003231-02
Chapter NETCONF Overview 1 In this chapter • NETCONF and YANG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 • NETCONF in client/server architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 • NETCONF support in Network OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 NETCONF and YANG Brocade Network OS provides support for the Network Configuration Protocol (NETCONF) and the YANG data modeling language.
1 NETCONF in client/server architecture NETCONF is partitioned conceptually into four layers, as shown in Figure 1. FIGURE 1 Four layers of NETCONF NETCONF in client/server architecture The NETCONF protocol uses RPCs to facilitate communication between the client (NETCONF Manager or application) and the server (NETCONF Agent or managed device). A client encodes an RPC in XML and sends it to a server using a secure, connection-oriented session.
NETCONF in client/server architecture FIGURE 2 1 NETCONF communication Configuration, State data (YANG) NETCONF Client (Manager) RPC (For example: Operation) NETCONF Server (Device) SSHv2 Transport, NETCONF port, XML RPC-REPLY The communication between the client and server consists of a series of alternating request and reply messages. The NETCONF peers use and elements to provide transport protocol-independent framing of NETCONF requests and responses.
1 NETCONF in client/server architecture RPC and error handling If the RPC request fails, an element is encoded inside the element and sent to the client. The element indicates the first detected error. The server is not required to detect or report multiple errors. If the server detects multiple errors then the order of the error detection and reporting is at the discretion of the server.
NETCONF support in Network OS 1 • RFC 6020, “YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)” • RFC 6021, “Common YANG Data Types” NETCONF support in Network OS This section describes the support in Network OS for NETCONF features. Table 2 describes the degree of support in Network OS for each NETCONF RPC. For details of the RPCs listed in Table 2, refer to RFC 4741.
1 8 NETCONF support in Network OS Network OS NETCONF Operations Guide 53-1003231-02
Chapter Basic NETCONF Operations 2 In this chapter • Establishing a NETCONF session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 • Retrieving configuration data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 • Retrieving operational data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 • Editing the configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Establishing a NETCONF session The following example shows a element from the NETCONF server. urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:capability:writable-running:1.0 urn:ietf:params:netconf:capability:startup:1.0 urn:ietf:params:netconf:capability:xpath:1.
Retrieving configuration data 2 • Actions capability—Allows operations to be performed on the datastore using the custom action mechanism for features that are supported by this mechanism in the YANG code. Refer to “Using the custom action mechanism” on page 17 for details. The URI for the actions capability is http://tail-f.com/ns/netconf/actions/1.0. • tailf-aaa capability—Supports proprietary authentication, authorization, and accounting (AAA). The URI for the tailf-aaa capability is http://tail-f.
2 Retrieving configuration data The following example shows a client message that issues the operation in its most basic form. It retrieves the entire running configuration. Such a request, however, typically results in an unwanted or unmanageable amount of output.
Retrieving configuration data 2 8/0/1 If all you want to know is the setting of one specific Fibre Channel port attribute, such as the configured speed, use a filter such as the following. In this case, suppresses the inclusion of all its sibling nodes. It is termed a selection node.
2 Retrieving configuration data xpath filtering Sometimes the data element that qualifies the information you want is at a lower level in the data hierarchy than the information you need.
Retrieving operational data 2 0 test Retrieving operational data In the Brocade Network OS implementation of NETCONF, two mechanisms are used for retrieving operational data: Brocade custom RPCs and custom actions. Custom RPC and action support is added to some of the YANG modules to support the return of specific operational data.
2 Retrieving operational data tengigabitethernet 9/0/54 auto-for_iscsi Refer to the Network OS YANG Reference Manual for a list of custom RPCs, a brief description of their function, and their location. Retrieving operational data with pagination Some RPCs return operational data that consists of lists of entities.
Retrieving operational data 2 vlan-20 active tengigabitethernet 66/0/10 tagged 20 true The field is true, so use the value returned in as the in the next call to to return information about the next VLAN.
2 Editing the configuration PAGE 51Managing the configuration 2 The delete operation is used to remove or disable part of the configuration. The following example disables MSTP on the managed device. PAGE 522 Managing the configuration The most common configuration management operation is to copy the running-config file to the startup-config file. You must perform this operation to save configuration changes across reboots. To copy the running-config file to the startup-config file, issue the following RPC. PAGE 53Disconnecting from a NETCONF session 2 Disconnecting from a NETCONF session To disconnect from a NETCONF session, issue the standard RPC. This operation causes the server to release any resources associated with the session and gracefully close any associated connections. PAGE 542 22 Disconnecting from a NETCONF session Network OS NETCONF Operations Guide 53-1003231-02
Chapter 3 Basic Switch Management In this chapter • Basic switch management with NETCONF overview . . . . . . . . . . . . . . . . . . . • Connecting to the switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Switch attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Disabling or enabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Rebooting a Brocade switch . . . . . . . . .
3 Connecting to the switch Connecting to the switch For NETCONF operations, you must connect to the switch through a Secure Shell (SSH) connection to the management port. You can use any account login present in the local switch database or on a configured authentication, authorization, and accounting (AAA) server for authentication. For initial setup procedures, use the preconfigured administrative account that is part of the default switch configuration.
Switch attributes 3 • A host name can be from 1 through 30 characters long. It must begin with a letter, and can contain letters, numbers, and underscore characters. The default host name is “sw0.” The host name is displayed at the system prompt. • Brocade recommends that you customize the chassis name for each platform. Some system logs identify the switch by its chassis name; if you assign a meaningful chassis name, logs are more useful.
3 Disabling or enabling a chassis 27 lab1_vdx0023 lab1_vdx0023 PAGE 59Rebooting a Brocade switch 3 • Enable the chassis to bring the interfaces back online. All interfaces that passed POST are enabled and come back online. If the switch was part of an Ethernet fabric, it rejoins the fabric. NOTE Disabling the chassis is a disruptive operation. Alternatively, you can shut down and re-enable individual interfaces. To enable a chassis, issue the / custom action located in the urn:brocade.com:mgmt:brocade-chassis namespace.
3 Interfaces, slots, and modules To perform a reboot of the entire modular chassis, issue the / custom action located in the urn:brocade.com:mgmt:brocade-ha namespace. PAGE 61Interfaces, slots, and modules 3 Obtaining slot and module status information To show information about all slots in the chassis, issue the / custom action located in the urn:brocade.
3 Interfaces, slots, and modules The example RPCs shown in the following procedure replace the card in slot 1 with a LC48x10G module. These examples assume VCS Fabric mode. For standalone mode, replace the / node elements with the node element. 1. Power off the interface module by issuing the / custom action located in the urn:brocade.com:mgmt:brocade-linecard-management namespace.
Interfaces, slots, and modules 3 5 1 LC48x10G 5.
3 Configuring a switch banner 1 LC48x10G Configuring a switch banner A banner is a text message that displays on the console of the CLI. It can contain information about the switch that an administrator may want users to know when accessing the switch.
supportSave data 3 Please do not disturb the setup on this switch supportSave data If you are troubleshooting a production system, you will have to capture data for further analysis or send the data to your switch service provider. The / custom action located in the urn:brocade.
3 supportSave data • (VCS Fabric mode only) In the field, specify the RBridge ID of the switch whose supportSave data you want to save. admin 10.38.33.
supportSave data 3 10.38.33.131 /home/admin/support h8F!@m 5 PAGE 683 supportSave data 27 3. Issue the // custom action located in the urn:brocade.
supportSave data 3 Network OS NETCONF Operations Guide 53-1003231-02 37
3 Syslog server setup Enabling or disabling FFDC First failure data capture (FFDC) is enabled by default. To re-enable FFDC in the VCS Fabric mode, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-ras namespace. 2. Under the node, include the node element. 3. Under the node, include the following leaf elements. a.
Syslog server setup 3 You can configure up to four secure or non-secure syslog servers. When you add a syslog server, you must specify the IPv4 or IPv6 address of the server. You can also specify the security mode (secure or non-secure), and the port number on which the syslog server is listening. By default, the security mode is non-secure, and the port number is UDP 514. Brocade recommends configuring a different port number for secure TLS connections.
3 Syslog server setup 192.168.163.236 4. To verify the syslog server configuration, issue the RPC with a subtree filter to return only information under the node in the urn:brocade.com:mgmt:brocade-ras namespace.
Syslog server setup 3 192.168.163.233 192.168.163.236 2001 PAGE 743 Syslog server setup testuser password 10.70.4.101 /users/home40/testuser ca.cert Removing a syslog CA certificate To delete the CA certificate, issue the action located in the / node, where the element resides in the urn:brocade.
RASlog configuration 3 192.168.163.236 RASlog configuration RASlog messages record system events filtered by configured severity levels.
3 RASlog configuration informational Port-profile aa1 removed successfully on TenGigabitEthernet/ 2/0/17 other switchA (output truncated) Setting the RASlog severity filter You can choose one of the following severity levels to filter RASlog messages: INFO (default), ERROR, WARNING, or CRITICAL. Input values are case-sensitive.
Audit log configuration 3 Audit log configuration Audit log messages contain user information such as login name and login IP address. The audit log’s purpose is to enable tracking of important user-originated events in the cluster; this is in contrast to RASlog messages, which are primarily used for abnormal or error-related events. When an audit log message is generated on a switch, it is forwarded to the syslog server.
3 46 Audit log configuration Network OS NETCONF Operations Guide 53-1003231-02
Chapter 4 Network Time Protocol In this chapter • Time management with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . • Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Time zone settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Time zone settings 1. Issue the action located in the urn:brocade.com:mgmt:brocade-clock namespace. 2. Under the node, specify the < clock> node element. 3. Under the node element, specify the element and provide a value for the desired date and time in the format CCYY-MM-DDTHH:MM:SS. The following example sets the local time to 2:15 in the afternoon of May 17, 2012. PAGE 81Time zone settings 4
Retrieving the current local clock and time zone The RPC in the urn:brocade.com:mgmt:brocade-clock namespace returns the local time, date, and time zone. The local clock is used unless a switch ID is specified. Specify “all” as the to request local clocks from all switches in the cluster.
4 Network Time Protocol Network Time Protocol Network Time Protocol (NTP) maintains uniform time across all switches in a network. Network OS supports the configuration of an external time server to maintain synchronization between all local clocks in a network. To keep the time in your network current, it is recommended that each switch have its time synchronized with at least one external NTP server.
Network Time Protocol 4 Retrieving an NTP server IP address Use the custom RPC located in the urn:brocade.com:mgmt:brocade-ntp namespace to return the IP address of the currently active NTP server. If no server is configured or no server can be reached, “LOCL” is returned instead (for local switch time). The request is for the local switch unless a switch ID is specified in the element. NOTE Specifying “all” in the element returns only local information.
4 Network Time Protocol PAGE 85Chapter 5 Installing and Maintaining Firmware In this chapter • Firmware upgrade with NETCONF overview. . . . . . . . . . . . . . . . . . . . . . . . . . • Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Downloading the firmware from a remote server . . . . . . . . . . . . . . . . . . . . . • Downloading firmware from a USB device. . . . . . . . . . . . . . . . . . . . . . . . . . . • Evaluating a firmware upgrade. . . . . . . . . . . . . . . . . . . .
5 Preparing for a firmware download • Use the custom RPC to query the status of a download operation. • Use the action to commit a firmware upgrade. • Use the action to restore a previous firmware version. Firmware download parameters, custom RPCs, and actions are defined in the brocade-firmware YANG module. For details, refer to the Network OS YANG Reference Manual.
Preparing for a firmware download 5 24 Network Operating system Software 4.0.0 1995-2010 Brocade Communications Systems, Inc. 19:18:58 Jun 23, 2012 v4.0.
5 Downloading the firmware from a remote server Downloading the firmware from a remote server Under normal circumstances, it is recommended to perform firmware download in the default mode. Do not disable autocommit mode unless you want to evaluate a firmware upgrade before committing to it. Refer to “Evaluating a firmware upgrade” on page 59 for details about overriding the autocommit mode. When upgrading multiple switches, complete the following steps on each switch before you upgrade the next one. 1.
Downloading the firmware from a remote server 5 34 0 CAUTION Do not interrupt the firmware download process. If you encounter a problem, wait for the timeout (30 minutes for network problems) before attempting the firmware download operation again.
5 Downloading firmware from a USB device 24 PAGE 91Evaluating a firmware upgrade 5 3. Issue the / action located in the urn:brocade.com:mgmt:brocade-firmware namespace to perform the firmware download operation. In the element, provide the directory on the remote server where the firmware file is located. The reply message contains a session ID in the element.
5 Evaluating a firmware upgrade • To enable firmware restoration on a modular switch with two management modules, you update the firmware on each management module separately by performing the firmware download operation with both the and options. This sequence or operations preserves the previous firmware on the secondary partitions of all system components and ensures that you will be able to restore the previous firmware version.
Evaluating a firmware upgrade 5 • —The directory on the remote server where the firmware file is located. • —The firmware filename. • —Ensures the firmware image is downloaded only to the primary partition. The reply message contains a session ID in the element. PAGE 945 Evaluating a firmware upgrade Freescale Semiconductor 8548E 2000 MB v3.0.1_bldg57 v4.0.
Evaluating a firmware upgrade 5 24 Network Operating system Software 4.0.0 1995-2010 Brocade Communications Systems, Inc. 19:18:58 Jun 23, 2012 v4.0.
5 Firmware upgrade in Brocade VCS Fabric mode 3. Issue the custom RPC and verify that both partitions on the switch have the original firmware. 24 PAGE 97Chapter 6 Administering Licenses In this chapter • Licensing with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Retrieving the switch license ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Obtaining a license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Installing or removing a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Activating the Dynamic POD feature . .
6 Obtaining a license key To retrieve the switch license ID, issue the // action that resides in the urn:brocade.com:mgmt:brocade-license namespace. The license ID is in the field in the reply message. The following example returns the license ID for all switches in the fabric. To return the licence ID of a specific switch, replace the element with an element containing the routing bridge ID. PAGE 99Installing or removing a license 6 Installing or removing a license Refer to the Network OS Administrator’s Guide for procedures for installing and removing licenses. You cannot install or remove licenses using the NETCONF interface. Activating the Dynamic POD feature To activate the Dynamic POD feature, complete the following steps. 1. Verify the current states of the ports with the custom RPC located in the urn:brocade.com:mgmt:brocade-interface-ext namespace.
6 Obtaining the Dynamic POD assignments Obtaining the Dynamic POD assignments To display the Dynamic POD assignments, issue the / action located in the urn:brocade.com:mgmt:brocade-license namespace. The reply provides a summary of the POD license status. In the following example, all 24 ports are licensed and potentially available. Currently, the three unassigned ports are disabled persistently, and therefore are not assigned to any Dynamic POD license port set.
Overriding Dynamic POD assignments 6 If all ports are assigned, select a port to release its POD assignment. Follow the instructions in “Releasing a port from a POD set” on page 70 to release a port from its POD assignment. Once the port is released, you can reuse the assignment for another port. 1. Select the port for which you want to reserve an assignment and issue the RPC to configure the node to reserve the desired ports.
6 Overriding Dynamic POD assignments 4. Issue the RPC to retrieve the DPOD configuration for the ports you reserved in step 1 to verify that the ports are reserved. ?xml version="1.0" encoding="UTF-8"?> PAGE 103Overriding Dynamic POD assignments 6 1/0/10
2. Issue the RPC to configure the node located in the urn:brocade.com:mgmt:brocade-license namespace and set the element to “release”. The following example releases ports 5/0/10 and 5/0/11.
6 Overriding Dynamic POD assignments 1/0/10 4.
Chapter 7 SNMP In this chapter • SNMP management with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . • SNMP community strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Obtaining SNMP user names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SNMP server hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Support for multiple SNMP server contexts . . . . . . . . . . . . . . .
7 SNMP community strings SNMP community strings SNMP versions 1 and 2c use community strings to restrict access to the switch. There are six default community strings: three read-write strings and three read-only strings. There is support for a total of 256 SNMP communities, all user-configurable.
SNMP community strings 7 Changing the access of a read-only community string To change the access permission for an SNMP community string to read-write, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-snmp namespace. 2. Under the node, specify the node element. 3.
7 Obtaining SNMP user names private PAGE 109SNMP server hosts 7 snmpuser3 md5 DES
SNMP server hosts Operations described in this section set the trap destination IP address, and optionally the destination port and severity level for the SNMP server host. For SNMP versions 1 and 2c, the SNMP version and community string are also set. For SNMP version 3, the user name is also set.
7 SNMP server hosts 1050:0:0:0:5:600:300c:326b commaccess 162 PAGE 111SNMP server hosts 7 dns1.mycorp.com snmpuser3 Removing the SNMP server host To remove version 2c from the host and replace it with version 1, perform the following steps. 1.
7 SNMP server hosts Setting the SNMP server contact To set the SNMP server contact string, issue the RPC to configure the / node in the urn:brocade:com:mgmt:brocade-snmp workspace and specify the contact string in the leaf element. The default contact string is Field Support. The following example changes the default contact string to “Operator 12345.” PAGE 113SNMP server hosts 7 Returning the SNMP configuration To display the current SNMP configuration for the SNMP host, community strings, user names, contact, and location, issue the RPC and provide a subtree filter to return the node from the urn:brocade.com:mgmt:brocade-snmp workspace in the running configuration. PAGE 1147 Support for multiple SNMP server contexts snmpuser3 md5 DES 10.17.37.107 public Field Support End User Premise
Support for multiple SNMP server contexts A single SNMP agent can be supported by the multiple instances of the same MIB module by mapping the context name with the VRF.
Support for password encryption for SNMPv3 users 7 Support for password encryption for SNMPv3 users For SNMPv3 user, the passwords for and are encrypted. You can configure either with plain text password or encrypted password. In both the cases, the passwords are shown as encrypted. PAGE 1167 84 Support for password encryption for SNMPv3 users Network OS NETCONF Operations Guide 53-1003231-02
Chapter 8 Fabric In this chapter • Fabric management with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . 85 • Brocade VCS Fabric configuration management . . . . . . . . . . . . . . . . . . . . . 86 • Fabric interface configuration management . . . . . . . . . . . . . . . . . . . . . . . . . 87 Fabric management with NETCONF overview This chapter provides procedures and examples for Brocade VCS Fabric management using the NETCONF interface.
8 Brocade VCS Fabric configuration management Brocade VCS Fabric configuration management To add a new switch into a VCS Fabric, you must complete the following configuration steps. 1. Enable VCS Fabric mode. 2. Assign a routing bridge ID. 3. Reboot the switch. You can enable VCS Fabric mode using the NETCONF interface. You cannot assign a routing bridge ID using the NETCONF interface.
Fabric interface configuration management 8 Fabric interface configuration management A physical interface in a virtual switch cluster can either be an edge port or a fabric port, but not both.
8 Fabric interface configuration management 1/0/2 PAGE 121Fabric interface configuration management 8 4. Under the , , , or node element, include the node element in the urn:brocade.com:mgmt:brocade-fcoe namespace. 5. Under the node, include the node element. 6. Under the node element, include the empty element to enable trunking on the ISL.
8 Fabric interface configuration management Broadcast, unknown unicast, and multicast forwarding All switches in a Brocade VCS Fabric share a single multicast tree rooted at the routing bridge with the lowest RBridge ID (domain ID).
Fabric interface configuration management 8 a. In the leaf element, specify the RBridge ID of the switch for which you want to change the priority. b. In the field, specify the new priority in the range 1 through 255. The following example sets the priority of routing bridge 12 to 10. PAGE 1248 Fabric interface configuration management
PAGE 125Fabric interface configuration management 8
This operation can be used in Fabric Cluster mode only. When the Virtual IP address is configured for the first time, the current principal switch in the cluster is assigned this IP address. Virtual IP configuration is global in nature. All the nodes in the cluster are configured with the same virtual IP address, but the address is bound to the current principal switch only.
8 Fabric interface configuration management If you wish to rebind this virtual IP address to this management interface, remove the currently configured virtual IP address and reconfigure it. This situation can arise when the virtual IP address was not bound to the management interface of the principal switch due to duplicate address detection. A separate gateway cannot be configured for the virtual IP address.
Fabric interface configuration management 8 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-rbridge namespace. 2. Under the node, include the leaf element to specify the routing bridge. 3. Under the node, include the node in the urn:brocade.com:mgmt:brocade-fabric-service namespace. 4. Under the node, include the node element. 5. Under the node, include the following leaf elements. a.
8 Fabric interface configuration management 2 PAGE 129Chapter 9 Metro VCS In this chapter • Metro VCS configuration with NETCONF overview. . . . . . . . . . . . . . . . . . . . . • Configuring Metro VCS using the long-distance-isl element. . . . . . . . . . . . . • Configuring Metro VCS using standard ISL . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring vLAGs for distributed Ethernet Fabrics . . . . . . . . . . . . . . . . . . .
9 Configuring Metro VCS using the long-distance-isl element 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element. 3. Under the node, include the following leaf element. a. In the element, specify the name of the interface you want to configure for long distance operation. Specify the name in [rbridge-id/]slot/port format. b.
Configuring Metro VCS using standard ISL 9 Configuring Metro VCS using standard ISL In order to deploy Metro VCS using standard ISL, no configuration is required on the standard fabric ISL. The default configuration on the 10 Gbps interface allows ISL formation with other Brocade VDX switches in the same VCS Cluster automatically.
9 Configuring vLAGs for distributed Ethernet Fabrics 7. Repeat for all interfaces that must be part of the port-channel. The following example configures physical interface 11/0/2 to port channel 4. PAGE 133Chapter 10 Administering Zones In this chapter • Zoning with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Default zoning access modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zone database size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zone aliases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zoning information . . . . . . . . .
10 Default zoning access modes Zone configurations A zone configuration is a group of one or more zones. A zone can be included in more than one zone configuration. When a zone configuration is enabled, all zones that are members of that configuration are in effect. Several zone configurations can reside on a switch at once, and you can quickly alternate between them. For example, you might want to have one configuration enabled during the business hours and another enabled overnight.
Zone database size 10 cfg-save noaccess PAGE 13610 Zone aliases Viewing database size information To retrieve database size information, issue the / custom action that resides in the urn:brocade.com:mgmt:brocade-zone namespace. PAGE 137Zone aliases 10
013100 20:00:00:00:00:00:00:01 10:00:00:05:00:00:00:01 (output truncated) 2.
10 Zone aliases Adding additional members to an existing alias 1. Issue the // custom action mechanism that resides in the urn:brocade.com:mgmt:brocade-nameserver namespace to list the WWNs of devices and targets available in the Brocade VCS Fabric. The available WWNs appear in the / and / fields in the reply message. PAGE 139Zone aliases 10 PAGE 14010 Zone aliases alias1 10:00:00:00:00:00:00:01 10:00:00:00:00:00:00:02 10:00:00:00:00:00:00:03
2.
Zone aliases 10 10:00:00:00:00:00:00:03 cfg-save PAGE 14210 Zoning information 10:00:00:00:00:00:00:03 (output truncated) 2. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-zone namespace, and specify the following elements. a. Under the node element, include the node element. b. Under the element, include the node element. c.
Zoning information 10 • “Retrieving the defined configuration” on page 111 • “Retrieving the enabled configuration” on page 113 Retrieving the defined configuration Use the RPC to query the defined configuration. You can retrieve the configuration for the entire defined configuration, query the zone membership details of a specific configuration, query the device membership of a specific zone, or query alias membership. To select the data you want to retrieve, use an appropriate filter.
10 Zoning information ?xml version="1.0" encoding="UTF-8"?> PAGE 145Zoning information 10 11:22:33:44:55:66:77:83
Retrieving the enabled configuration In an effort to improve DCMD zoning performance, the enabled zone configuration is no longer distributed in the DCMD database. This means that the zoning enabled-configuration can no longer be retrieved using the show running-config zoning enabled-configuration command.
10 Zoning information zone1 PAGE 147Zone creation and management 10 cfg1 zone101 10:00:00:00:00:00:00:65 ..
10 Zone creation and management PAGE 149Zone creation and management 10 cfg-save
Removing a member from a zone The following procedure removes a WWN from a zone and saves the modified zoning configuration to nonvolatile memory. NOTE You can remove only one zone member at a time. 1.
10 Zone creation and management Deleting a zone Before deleting a zone, Brocade recommends ensuring the zone is not a member of any zone configuration. Although the deletion will proceed in RAM, you will not be able to save the configuration to nonvolatile memory if a defined zone configuration has the deleted zone as a member.
Zone configuration management 10 cfg-save Zone configuration management The following sections describe zoning configuration and management. Creating a zone configuration The following procedure adds a new zone configuration to the defined configuration and saves it to nonvolatile memory.
10 Zone configuration management cfg-save NOTE Zone aliases are not valid zone configuration members. Adding an alias to an existing zone configuration will not be blocked.
Zone configuration management 10 cfg-save Removing a zone from a zone configuration The following procedure removes a zone from a zone configuration and saves the modified zoning configuration to nonvolatile memory. NOTE You can remove only one zone at a time. 1.
10 Zone configuration management cfg-save Enabling a zone configuration Only one zone configuration can be enabled. This procedure selects a configuration from the defined configuration and makes it the enabled configuration.
Zone configuration management 10 Command Failed error Cfg contains empty zone object "zoneB" Disabling a zone configuration This procedure disables the currently enabled configuration and returns the fabric to nonzoning mode. All devices can then access one another or not at all, depending on the default zone access mode setting.
10 Zone configuration management 1. Issue an RPC to configure the // node in the urn:brocade.com:mgmt:brocade-zone namespace and include the following elements. a. Include the element containing the name of the zone you want to delete. b. Include the delete operation in the tag. 2. Issue the RPC to configure the / node in the urn:brocade.
Zone configuration management 10 Clearing changes to a zone configuration This procedure removes all uncommitted operations from the database. It returns the configuration in volatile memory to its state the last time a transaction commit operation was performed. To remove all uncommitted operations from the database, issue an RPC to configure the / node in the urn:brocade.
10 Zone configuration management cfg-clear ?xml version="1.
Zone configuration management 10 1. Empty the transaction buffer by either committing the transaction to nonvolatile memory or aborting the transaction. • To save the defined configuration to nonvolatile memory, issue the RPC to configure the / node in the urn:brocade.com:mgmt:brocade-zone namespace and set the value of the element to “cfg-save”.
10 Zone configuration scenario NOTE This operation adds to the defined configuration. It does not replace the defined configuration. To add a saved configuration to the running configuration, issue the RPC and set the input elements as follows: • In the element, specify the location of the saved configuration you want to restore. • In the element, specify “running-config”. PAGE 161Zone configuration scenario 10 The following example creates the zone configuration shown in Figure 3. The example assumes that two hosts need access to the same storage device, while each host needs private storage of its own. You create two zones: Zone A contains Host 1, its private storage device, and the shared storage device; Zone B contains Host 2, its private storage device, and the shared storage device.
10 Zone configuration scenario PAGE 163Zone configuration scenario 10 PAGE 16410 Zone configuration scenario cfg2 PAGE 165Chapter 11 Configuring Fibre Channel Ports In this chapter • Fibre Channel ports configuration with NETCONF overview . . . . . . . . . . . . • Fibre Channel port attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Retrieving the Fibre Channel port configuration . . . . . . . . . . . . . . . . . . . . . • Fibre Channel port activation and deactivation . . . . . . . . . . . . . . . . . . . . . • Setting Fibre Channel port speed. . . . . . . . . . . . . . . . . . . . . . . .
11 Fibre Channel port attributes Fibre Channel port attributes Network OS v4.0.0 allows you to configure and query the Fibre Channel port attributes listed in Table 4 for an E_Port, using the NETCONF interface. The referenced XML elements that define the attributes values for a specific port reside within an instance of the node, which in turn, resides in the node in the urn:brocade.com:mgmt:brocade-interface.
Retrieving the Fibre Channel port configuration 11 To retrieve Fibre Channel configuration data for a specific Fibre Channel interface, use the following filter. 8/0/1 To retrieve the settings of specific attributes for a given Fibre Channel port, use a filter such as the following. In this case, just the configured port speed is retrieved.
11 Fibre Channel port activation and deactivation Fibre Channel port activation and deactivation An FCoE license must be installed on a Brocade VDX 6730 switch to allow Fibre Channel port activation. Brocade VCS Fabric mode must be enabled. Once the FCoE license is installed, all Fibre Channel ports are activated by default. Refer to Chapter 7, “Administering Licenses,” for details about installing the FCoE license.
Setting Fibre Channel port speed 11 Disabling a Fibre Channel port To disable a Fibre Channel port, add the element to the instance using the RPC. Perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element. 3. Under the node element, include the following leaf elements. a.
11 Configuring a Fibre Channel port for long distance operation b. In the element, specify “auto”, “1gbps”, “2gbps”, “4gbps”, or “8gbps” to set the port speed. The following example sets the port speed to 4 Gbps for port 1 on routing bridge 8. PAGE 171Configuring a Fibre Channel port for trunking 11 Possible values include “l0”, “le”, “ld”, and “ls”. The default value is “l0”. d. For LD and LS modes only, in the element, set the desired distance. e. For 8 Gbps ports only, in the element, set the fill word for the long distance link to the same value as the fill word for the remote port. Possible values include “idle” and “arb”. The default value is “idle”. f.
11 Retrieving Fibre Channel interface information This element is defined with type empty. To enable the trunking feature, you simply specify the element. The following example configures the link attached to port 4 on routing bridge 8 to be part of a trunk group. PAGE 173Retrieving Fibre Channel interface information 11 10:79:00:05:22:58:26:73 Online In_Sync trunk port True 0 100 10 0 True
11 142 Retrieving Fibre Channel interface information Network OS NETCONF Operations Guide 53-1003231-02
Chapter 12 System Monitor Configuration In this chapter • System Monitor configuration with NETCONF overview . . . . . . . . . . . . . . . • FRU monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Alert notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Resource monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Security monitoring . . . . . . . . .
12 FRU monitoring System Monitor parameters are defined in the brocade-system-monitor, brocade-system-monitor-ext, brocade-threshold-monitor, and brocade-threshold-monitor-ext YANG modules. For an overview and structural map of the YANG modules, refer to the Network OS YANG Reference Manual. For definitions and explanations of all user management parameters, refer to the brocade-system-monitor.yang, brocade-system-monitor-ext.yang, brocade-threshold-monitor.yang, and brocade-threshold-monitor-ext.
FRU monitoring 12 1 2 1 2 1 0 1 0
12 FRU monitoring To set FRU state alerts and actions, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-system-monitor namespace. 2. Under the node, include a node element for each FRU for which you want to configure an alert state or alert action. Node elements that can have their alert state and action set include , , , , and . 3.
FRU monitoring 12 removed raslog Obtaining the switch health status To obtain the switch health status, issue the custom RPC located in the urn:brocade.com:mgmt:brocade-system-monitor-ext namespace.
12 Alert notifications PAGE 181Alert notifications 12 Configuring e-mail alerts Use this procedure to configure e-mail recipients of FRU alerts. For an e-mail alert to function correctly, add the IP addresses and host names to the Domain Name System (DNS) and configure the domain name and name servers. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-system-monitor namespace. 2. Under the node, include the node element. 3.
12 Alert notifications To create a mapping: 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-system-monitor namespace. 2. Under the node, include the node element. 3. Under the node, include the node element. 4. Under the node, include the following leaf elements. a. In the field, specify the IP address of the Domain Name System. b.
Alert notifications 12 To change the domain name: 1.2.3.4 customer.com PAGE 18412 Resource monitoring Resource monitoring For a conceptual overview of resource monitoring, refer to the Network OS Administrator’s Guide. Configuring memory monitoring NOTE E-mail is not a supported action for threshold monitoring. To configure memory monitoring, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-threshold-monitor namespace. 2.
Resource monitoring 12 Configuring CPU monitoring To configure CPU monitoring, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-threshold-monitor namespace. 2.
12 Security monitoring Obtaining the threshold monitoring configuration To display the threshold monitoring configuration, issue the RPC with a subtree filter to restrict the returned configuration information to the / node in the urn:brocade.com:mgmt:brocade-threshold-monitor namespace.
Security monitoring 12 Displaying security monitoring default values To display the default values of security threshold and alert options, issue the custom action located in the node in the urn:brocade.com:mgmt:brocade-threshold-monitor namespace. The node is, in turn, located by augmentation under the / node hierarchy in the urn:brocade.com:mgmt:brocade-common-def namespace. PAGE 18812 Security monitoring In the element, specify the buffer value for in-range behavior. d. 7. The node element. Under the node element, include the and node elements. 8. Under the node, include the element and specify the actions to be taken when a the error count rises above the high threshold.
Interface monitoring 12 Applying security monitoring policies This procedure allows you to toggle between default settings and saved custom configuration settings and to apply actions and thresholds separately. For example, you can choose to use default threshold settings together with a customized subset of available actions, or you can modify some of the threshold settings and use the default action settings. To apply a custom security monitoring policy, perform the following steps. 1.
12 Interface monitoring Displaying interface monitoring default values To display the default values of Interface threshold and alert options, issue the custom action located in the node in the urn:brocade.com:mgmt:brocade-threshold-monitor namespace. The node is, in turn, located by augmentation under the / node hierarchy in the urn:brocade.com:mgmt:brocade-common-def namespace. PAGE 191Interface monitoring c. 12 Under the node element, include the following leaf elements: sets the allotted amount of time since the previous reading. Polling values are taken at different intervals depending on the configured time base. specifies the high limit for the specified interface error type. specifies the low limit for the specified interface error type.
12 Interface monitoring Applying interface monitoring policies This procedure allows you to toggle between default settings and saved custom configuration settings and to apply actions and thresholds separately.
Interface monitoring 12 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-threshold-monitor workspace. 2. Under the node, include the / hierarchy of node elements. 3. Under the node, include the empty element. rpc message-id="1122" xmlns="urn:ietf:params:xml:ns:netconf:base:1.
12 Interface monitoring PAGE 195Chapter VMware vCenter 13 In this chapter • vCenter management with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . 163 • Configuring vCenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 vCenter management with NETCONF overview This chapter provides procedures and examples for Brocade VCS Fabric management using the NETCONF interface.
13 Configuring vCenter Step 2: Enabling CDP/LLDP In order for an Ethernet Fabric to detect the ESX/ESXi hosts, you must first enable Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) on all the virtual switches (vSwitches) and distributed vSwitches (dvSwitches) in the vCenter Inventory. For more information, refer to the VMware KB article 1003885. Enabling CDP/LLDP on vSwitches Complete the following steps to enable CDP/LLDP on virtual switches (vSwitches). 1.
Configuring vCenter 13 myvcenter https://10.2.2.
13 Configuring vCenter Immediately following first-time vCenter activation, Network OS starts the virtual asset discovery process. When the discovery process completes, the status displays as “Success.” Network OS has performed all the necessary configurations needed for the vCenter Server. Network OS is now ready for CDP transmissions from the virtual switches to identify which ESX/ESXi host is connected to which physical interface in the Ethernet Fabric.
Chapter Configuring Remote Monitoring 14 In this chapter • RMON configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . 167 • RMON configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 RMON configuration with NETCONF overview This chapter provides procedures for configuring remote monitoring (RMON) events and alarms using the NETCONF interface.
14 RMON configuration and management Configuring RMON alarm settings To configure RMON alarms and events, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-rmon workspace. 2. Under the node, include the node element. 3. Under the node, include the following leaf elements to configure the RMON alarm. a.
RMON configuration and management 14 The following example shows an alarm that tests the delta between samples for a falling threshold. 5 1.
14 170 RMON configuration and management Network OS NETCONF Operations Guide 53-1003231-02
Section Network OS Security Configuration II This section describes security features, and includes the following chapters: • Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 • External Server Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 • Fabric Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
172 Network OS NETCONF Operations Guide 53-1003231-02
Chapter 15 Managing User Accounts In this chapter • Managing user accounts with NETCONF overview . . . . . . . . . . . . . . . . . . . • User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Command access rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Password policies . . . . . . . . . . . . . . . . .
15 User accounts All modules that pertain to security, for example, user and user roles, RBAC, and password attributes (for example, encryption), are globally configurable data entities. This means that if a switch is in logical chassis cluster mode, all switches in the cluster will have a common configuration for all the previously mentioned entities. Default accounts in the local switch user database Network OS comes with two predefined user accounts that are part of the factory-default settings.
User accounts 15 Creating a user account The following example creates a new user account with the minimally required attributes: name, role, and password. The account name “brcdUser” has the default user privilege of accessing commands in the privileged EXEC mode. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. Under the node, include the , , and leaf elements to define the user.
15 User accounts brcdUser2 Broom6fielD user brcdUser3 Esoj3naS user Include the element in the input under the node to return information about a specific user. To return information about only enabled users, include the TRUE element under the node.
User accounts 15 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. Under the node, include the following leaf elements. a. In the element, identify the user whose account information is to be changed. b. In the element, provide the new password. PAGE 21015 User accounts Deleting a user account 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. In the element tag, include the delete operation. 3. Under the node, include the element and identify the user you want to delete. PAGE 211Role-based access control 15 Configuring a user alias The global alias is accessible across all users. The user-level alias is accessible only when the respective user logs in. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. Under the node, include the , , and leaf elements to define the alias configuration.
15 Role-based access control • The admin role has the highest privileges. All commands available in Privileged EXEC mode and in global configuration mode are accessible to the user associated with the admin role. With a new switch, only the admin user account has access to perform user and role management operations. The admin user can create any roles and configure those roles for access to user and role management operations.
Role-based access control 15 VLANAdmin Manages security PAGE 21415 Command access rules Deleting a role To delete a role, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. Under the node, include the node element, and include the delete operation in the element tag. 3. Under the node, include the leaf element and specify the name of the role you want to delete.
Command access rules TABLE 7 15 Rule attributes (Continued) Parameter Description operation Optional. Defines the general access mode granted by the rule. Access can be read-only or read-write (default). action Optional. A modifier restricting the general access mode. The specified access is either accepted (accept) or rejected (reject). The default value is “reject”.
15 Command access rules The following exception applies. When a match is found for a rule with the read-only operation, and the accept action, the system seeks to determine if there are any rules with the read-write operation and the accept action. If such rules are found, the rule with the read-write permission is applied. Adding a rule When you add a rule to a role, any updates to the authorization rules will not apply to the active sessions of the users.
Command access rules 15 Changing a rule Changing a rule is like adding a rule, only the rule already exists. The following example changes the previously created rule (index number 155). PAGE 21815 Command access rules 155
Verifying a rule Issue the RPC with a subtree filter to return information under the node in the urn:brocade.com:mgmt:brocade-aaa namespace. Include lower-level elements to further filter the output; for example, include the node to return information about a specific rule.
Command access rules 15 Configuration examples The following configuration examples illustrate the step-by-step configuration of two frequently used administrative accounts: Brocade VCS Fabric security administrator, and FCoE Fabric administrator.
15 Command access rules username 33 accept read-write NetworkSecurityAdmin aaa PAGE 221Password policies 15 FCoEAdmin testpassword 40 accept read-write FCoEAdmin PAGE 22215 Password policies TABLE 8 Password policy parameters (Continued) Parameter Description character-restriction numeric Specifies the minimum number of numeric characters that must occur in the password. The maximum value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of numeric characters. character-restriction special-char Specifies the minimum number of punctuation characters that must occur in the password.
Password policies 15 3. To verify the enforcement of password encryption, issue the RPC with a subtree filter to return information under the node in the urn:brocade.com:mgmt:brocade-aaa namespace. PAGE 22415 Password policies The output shows the password stored in encrypted form because the switch-level encryption level overrides the account level. PAGE 225Password policies 15 Configuring the account lockout threshold You can configure the lockout threshold. The lockout threshold is the number of times a user can attempt to log in with an incorrect password before the account is locked. The number of failed login attempts is counted from the last successful login. This value can be set to a value from 0 through 16. A value of 0 disables the lockout mechanism (default). 1.
15 Password policies Managing password policies Configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace to define or modify existing password policies. Creating a password policy The following example defines a password policy that places restrictions on minimum length and enforces character restrictions and account lockout. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2.
Password policies 15 PAGE 22815 Security event logging Security event logging Security event logging utilizes the RASlog audit infrastructure to record security-related audit events. Any user-initiated security event generates an auditable event. Audited events are generated for all Management interfaces. In Brocade VCS Fabric mode, for cluster-wide events, the audit is generated on all switches of the cluster. Refer to the Network OS Message Reference for information on how to configure and monitor security audit logging.
Chapter 16 External Server Authentication In this chapter • Remote server authentication with NETCONF overview . . . . . . . . . . . . . . . • Login authentication mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • TACACS+ accounting . . . . .
16 Login authentication mode Login authentication mode Using the NETCONF interfaces, you can configure primary and secondary authentication modes. The primary mode can be RADIUS, TACACS+, LDAP, or local. The secondary mode is optional and can only be local, and then only if the primary mode is RADIUS, TACACS+, or LDAP. Setting and verifying the login authentication mode To configure and verify the login authentication mode, perform the following steps. 1.
Login authentication mode 16 PAGE 23216 Login authentication mode
4. To verify the configuration, issue the RPC with a subtree filter to limit the returned information to the contents of the // node. PAGE 233Login authentication mode 16
2. Specify the desired authentication mode.
16 RADIUS radius local 4. Log in to the switch using an account with TACACS+ credentials. The login should fail with an “access denied” error. 5.
RADIUS TABLE 9 16 RADIUS server parameters (Continued) Parameter Description key The shared secret between the switch and the RADIUS server. The default value is “sharedsecret.” The key cannot contain spaces and must be from 8 through 40 characters in length. Empty keys are not supported. retries The number of attempts permitted to connect to a RADIUS server. The range is 0 through 100. The default value is 5. timeout The wait time in seconds for the RADIUS server to respond.
16 RADIUS 4. To validate the new configuration, issue the RPC with a subtree filter to limit the returned information to RADIUS server 10.38.37.130. PAGE 237RADIUS 16 10.38.37.180 1812 pap new#virgo*secret 5 10 10.24.65.6 1812 pap changedesc 5 3
2. Issue the RPC to change the configuration of the RADIUS server.
16 RADIUS 10.38.37.180 1812 pap changedesc 5 3 Removing a RADIUS server from a client’s server list To remove a RADIUS server from a client’s server list, follow these steps.
TACACS+ 16 TACACS+ TACACS+ is an AAA server protocol that uses a centralized authentication server and multiple Network Access Servers or clients. With TACACS+ support, management of Brocade switches seamlessly integrates into these environments. Once configured to use TACACS+, a Brocade switch becomes a Network Access Server (NAS). This section provides procedures and examples for client-side configuration for TACACS+ servers.
16 TACACS+ 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa workspace. 2. Under the node, include the node element. 3. Under the node, include the element, and leaf elements that define the parameters you want to set. The following example adds a TACACS+ server with an IPv6 address and sets the protocol and key values.
TACACS+ 16 5 Modifying the TACACS+ server configuration To modify the TACACS+ configuration, perform the following steps. 1. Issue the RPC with a subtree filter to return only information about configured TACACS+ servers. PAGE 24216 TACACS+ 3. Issue the RPC with a subtree filter to restrict the output to the modified TACACS+ server to verify the configuration change. PAGE 243TACACS+ accounting 16
Configuring the client to use TACACS+ for login authentication After configuring the client-side TACACS+ server list, you must set the authentication mode so that TACACS+ is used as the primary source of authentication. Refer to “Login authentication mode” on page 198 for information on how to configure the login authentication mode.
16 TACACS+ accounting 4. Issue the RPC with a subtree filter to limit the output to information under the // node to verify the configuration. PAGE 245TACACS+ accounting 16 tacacs+
4.
16 TACACS+ accounting Disabling accounting You must perform the disable operation separately for login accounting and for command accounting. To disable command accounting, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa workspace. 2. under the node, include the //// hierarchy of node elements. 3.
LDAP 16 none LDAP Lightweight Directory Access Protocol (LDAP) is an open-source protocol for accessing distributed directory services that act in accordance with X.
16 LDAP c. In the element, enter the password. d. In the element, enter the IPv4 address of the remote host. e. In the element, specify the path to the directory that contains the certificate file on the remote host. f. In the element, specify the certificate filename. PAGE 249LDAP 16 FIPS compliance To support FIPS compliance, the CA certificate of the AD server’s certificate should be installed on the switch, and the FIPS-compliant TLS ciphers for LDAP should be used. Client-side Active Directory server configuration Each Brocade switch client must be individually configured to use AD servers. You can use the NETCONF interfaces to specify the host server, authentication protocols, and other parameters.
16 LDAP 10.24.65.6 security.brocade.com 3890 8 3 4.
LDAP 16 10.24.65.6 Removing an LDAP server To delete a connection to an LDAP server, perform the following steps. 1.
16 LDAP Mapping an Active Directory group to a switch role A maximum of 16 AD groups can be mapped to the switch roles. To map an Active Directory (AD) group to a switch role, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. Under the node, include the / hierarchy of node elements. 3. Under the node, include the following leaf elements. a.
LDAP 16 The following example removes the mapping between the Brocade admin role and the Active Directory Administrator group. A Brocade user with the admin role can no longer perform the operations associated with the Active Directory Administrator group. PAGE 25416 222 LDAP Network OS NETCONF Operations Guide 53-1003231-02
Chapter Fabric Authentication 17 In this chapter • Fabric authentication with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . 223 • Device authentication configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 • Switch Connection Control policy configuration . . . . . . . . . . . . . . . . . . . . .
17 Device authentication configuration FC AUTH and SCC policy parameters are defined in the brocade-fc-auth YANG module. For details, refer to the Network OS YANG Reference Manual. Device authentication configuration Configuring a Brocade VDX 6730 switch to access a SAN fabric connected through an FC router involves the following steps. 1. Configure the matching shared secret pairs on the VDX 6730 and on the FC router. 2.
Device authentication configuration 17 Shared secret is configured successfully.
17 Device authentication configuration 10:00:00:05:1e:7a:c3:00 PAGE 259Device authentication configuration 17 dh-chap 2 md5 off PAGE 26017 Switch Connection Control policy configuration
5. Issue the RPC with a subtree filter to return the contents of the // node in the urn:brocade.com:mgmt:brocade-fc-auth namespace to return and verify the switch policy state. Switch Connection Control policy configuration This section provides procedures to create, modify, activate, and remove a defined Switch Connection Control (SCC) policy.
Switch Connection Control policy configuration 17 Modifying the SCC policy The same procedure that creates the SCC policy adds members. The defined SCC member entries are cumulative. Use the delete operation in the opening tag of the element to remove members from the policy.
17 Switch Connection Control policy configuration 3.
Switch Connection Control policy configuration 17 Removing the SCC policy To remove the SCC policy, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-fc-auth namespace. 2. Under the node, include the / hierarchy of node elements, and include the delete operation in the opening tag of the element. 3.
17 232 Switch Connection Control policy configuration Network OS NETCONF Operations Guide 53-1003231-02
Section III Network OS Layer 2 Switch Features This section describes the Layer 2 features of Network OS, and includes the following chapters: • Administering Edge-Loop Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring AMPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring FCoE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring VLANs . . . . . . . . . . . . . . . . .
234 Network OS NETCONF Operations Guide 53-1003231-02
Chapter Administering Edge-Loop Detection 18 In this chapter • Edge-loop detection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 • Configuring edge-loop detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 • Edge-loop detection troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Edge-loop detection overview This chapter provides procedures for configuring edge-loop detection using the NETCONF interface.
18 Configuring edge-loop detection For each interface on which ELD runs, enable the edge-loop detection protocol to enable ELD. You must also specify the ELD-port priority. Global-level ELD configuration variables are defined in the brocade-eld module. Interface-level ELD configuration variables are defined in the brocade-interface module. Refer to the Network OS YANG Reference Manual for information about these modules.
Configuring edge-loop detection 18 Setting interface parameters on a port Perform this procedure for every port you want monitored by ELD. To set interface parameters on a port, connect to any switch in a Brocade VCS Fabric cluster, and perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
18 Edge-loop detection troubleshooting 7 10 Edge-loop detection troubleshooting To re-enable a port that was disabled by ELD, perform the following steps. 1. Shut down the port disabled by ELD.
Edge-loop detection troubleshooting 18 NOTE If an edge-port becomes an ISL port because the VCS ID of the remote port was changed, a port that was already shut down by ELD must be shut down and re-enabled to be detected as an ISL port. To re-enable all ports disabled by ELD, disable the edge-loop detection protocol, as shown in the following example.
18 240 Edge-loop detection troubleshooting Network OS NETCONF Operations Guide 53-1003231-02
Chapter 19 Configuring AMPP In this chapter • AMPP configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . • Configuring AMPP port-profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Obtaining the AMPP operational data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring a port-profile-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring port-profile-domains . . . . . . . . . . . . . . . . . . . .
19 Configuring AMPP port-profiles Configuring a new port-profile To support VM MAC address learning, the default port-profile is employed. The default profile is different from the other user-defined AMPP profiles: • • • • • The port-profile ID (ppid) of the profile cannot be changed. The VLAN subprofile cannot be modified. The QoS subprofile and security-profile cannot be added. The default port-profile cannot be activated.
Configuring AMPP port-profiles 19 7. Activate the profile. PAGE 27619 Configuring AMPP port-profiles 0050.56bf:0004 vm1-port-profile 0050.56bf:0005
PAGE 277Configuring AMPP port-profiles a. 19 Under the node, specify the name of the port-profile: vm1-port-profile b. Under the node, use the element to specify the VLAN subprofile. c. Under the node, specify the node to change the mode to Layer 2 and set the switching characteristics. d. Under the node, access the VLAN profile mode for the correct VLAN.
19 Configuring AMPP port-profiles 300 3. Activate the profile. PAGE 279Configuring AMPP port-profiles 19 vm1-port-profile 0050.56bf:0003 vm1-port-profile 0050.56bf:0004 vm1-port-profile 0050.
19 Configuring AMPP port-profiles 5111 111 PAGE 281Configuring AMPP port-profiles 19 5112 112 Configuring FCoE profiles Only the FCoE profile of the default profile can be modified.
19 Configuring AMPP port-profiles 4. In the node in the urn:brocade.com:mgmt:brocade-port-profile namespace, activate the FCoE port profile. An FCoE map cannot be applied on interfaces that already have a CEE map applied to them. PAGE 283Configuring AMPP port-profiles 19
2. Issue the RPC to configure the / node in the urn:brocade.com:mgmt:brocade-port-profile namespace. Under the node, configure the following entities. a. Apply the CEE map.
19 Configuring AMPP port-profiles The following code snippet enables pause generation with PFC: 1 on on 2 on on The following example configures the QoS profile. PAGE 285Configuring AMPP port-profiles 19 3. Activate the profile. vm1-port-profile PAGE 28619 Configuring AMPP port-profiles 0050.56bf:0005
Configuring security profiles A security profile defines all the security rules needed for the server port. A typical security profile contains attributes for MAC-based standard and extended ACLs.
Configuring AMPP port-profiles 19 vm1-port-profile vm1-acl 3. Activate the profile.
19 Configuring AMPP port-profiles 0050.56bf:0002 vm1-port-profile 0050.56bf:0003 vm1-port-profile 0050.56bf:0004 vm1-port-profile 0050.
Configuring AMPP port-profiles 19 xmlns="urn:brocade.com:mgmt:brocade-port-profile"> vm1-port-profile 0050.56bf:0001 vm1-port-profile 0050.
19 Configuring AMPP port-profiles vm1-port-profile PAGE 291Configuring AMPP port-profiles 19 Deleting a subprofile To delete a subprofile, perform the following steps. 1. Deactivate the port-profile—Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-port-profile namespace. Under the node, specify the following leaf elements. a. In the element, specify the subprofile you want to delete, b. In the element, include the delete operation in the opening tag.
19 Configuring AMPP port-profiles 3. To delete the security subprofile, issue an RPC to configure the node in the urn:brocade.cpm:mgmt:brocade-port-profile namespace. Under the node, specify the following leaf elements. a.
Obtaining the AMPP operational data 19 default 5. To delete the QoS subprofile, issue an RPC to configure the node in the urn:brocade.cpm:mgmt:brocade-port-profile namespace.
19 Obtaining the AMPP operational data With no input parameters, the RPC returns information about all AMPP profiles in all states. Alternatively, you can specify the element in the input to restrict the returned information to one port-profile. You can also specify the parameter to restrict the returned information to port-profiles in a specific state; applied, activated, or associated.
Obtaining the AMPP operational data 19 auto-VM_Network 00:50:56:b3:00:01 PAGE 29619 Configuring a port-profile-port PAGE 297Configuring a port-profile-port 19
Association of multiple port-profiles with an interface The port-profile-port command allows a user to associate a profiled-port to a single port-profile or to a port-profile domain that contains multiple port-profiles. The result is that all VLANs specified therein are configured onto the port. When neither the profile nor the domain keyword is used, the default is to apply only the 802.
19 Configuring port-profile-domains 1/0/1 PAGE 299Configuring port-profile-domains 19 1. Activate the port-profile-domain—Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-port-profile namespace. Under the node, specify the following leaf elements. 2. Specify the name for the element for modification. 3. Specify the element for the AMPP profile name to add to the port-profile-domain.
19 Configuring port-profile-domains Deleting a port-profile-domain This task deletes the port-profile-domain. Any associated AMPP port-profiles are not deleted from the switch. 1. Activate the port-profile-domain—Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-port-profile namespace.
Configuring port-profile-domains 19 PAGE 30219 270 Configuring port-profile-domains Network OS NETCONF Operations Guide 53-1003231-02
Chapter Configuring FCoE Interfaces 20 In this chapter • FCoE configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . 271 • Configuring FCoE interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 • Obtaining FCoE status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20 Configuring FCoE interfaces Configuring FCoE interfaces FCoE maps are used to configure FCoE properties on interfaces. An FCoE map is a placeholder for an FCoE VLAN and a CEE map. You will assign FCoE maps on to physical interfaces using the fcoeport command. Once the FCoE map is assigned onto an interface: • The corresponding FCoE VLAN 1002 is applied to the interface. • The corresponding CEE map is applied to the interface. • The FCoE/FIP VLAN classifiers are applied to the interface.
Configuring FCoE interfaces 20 default 5. Confirm the changes to the interface using the RPC with a subtree filter to return only the node information of the 1/0/1 interface. The output returns the FCoE mapping association for the interface.
20 Configuring FCoE interfaces To assign an FCoE map to a LAG, perform the following steps. 1. Issue the RPC to configure the / node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, in the leaf element, specify the port-channel number of the LAG to which you want to apply the FCoE map. 3. Under the node, specify the node in the urn:brocade.com:mgmt:brocade-fcoe namespace. 4.
Obtaining FCoE status 20 PAGE 30820 Obtaining FCoE status The following example returns information for all FCoE devices logged into routing bridge 13. 13 PAGE 309Chapter 21 Configuring VLANs In this chapter • VLAN configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . • VLAN configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring protocol-based VLAN classifier rules . . . . . . . . . . . . . . . . . . . . • Configuring the MAC address table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Private VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21 VLAN configuration and management Enabling and disabling an interface port NOTE DCB interfaces are disabled by default in standalone mode, but enabled by default in Brocade VCS Fabric mode. NOTE DCB interfaces do not support auto-negotiation of Ethernet link speeds. The DCB interfaces support 100-Gigabit Ethernet, 40-Gigabit Ethernet, 10-Gigabit Ethernet, and Gigabit Ethernet. To enable an interface port, perform the following steps. 1.
VLAN configuration and management 21 22/0/1 Configuring the MTU on an interface port To configure the maximum transmission unit (MTU) on an interface port, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
21 VLAN configuration and management Creating a VLAN interface On Brocade VDX hardware, VLANs are treated as interfaces from a configuration viewpoint. By default, all the DCB ports are assigned to VLAN 1 (VLAN ID equals 1). The VLAN ID can be 1 through 8192, but VLAN IDs 3584 through 4094 are internally-reserved VLAN IDs. VLAN 8191 is the largest VLAN ID that can be assigned. To create a VLAN interface, perform the following steps. 1.
VLAN configuration and management 21 1. To select the type of STP, issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace, and specify the following elements. a. Under the node, specify the node element in the urn:brocade.com:mgmt:brocade-xstp namespace. b. Under the node element, specify the node element. c.
21 VLAN configuration and management Disabling STP on a VLAN Once all of the interface ports have been configured for a VLAN, you can disable STP for all members of the VLAN with a single RPC. To disable STP for a VLAN, perform the following steps. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, specify the / hierarchy of node elements. 3.
VLAN configuration and management 21 a. In the element, specify the interface port in [rbridge-id/]slot/port format. b. In the element, include the delete operation in the opening tag to enable the interface port. c. Include the / elements to configure the interface as a layer 2 switch port. The following example configures 10-Gigabit Ethernet port 22/0/1 as a Layer 2 switch port.
21 VLAN configuration and management 67174401 2500 2500 up PAGE 317VLAN configuration and management 21 6. Under the , , , or element, include the following elements: 7. a. In the element, specify the same port name you specified in step 3. b. Include the / hierarchy of node elements. Under the node element, specify the leaf element containing the VLAN ID to configure a layer 2 switch port as an access interface.
21 VLAN configuration and management a. In the element, specify the port name in [rbridge-id/]slot/port format. b. In the element, include the delete operation in the element opening tag to enable the interface port. c. Include the / elements to configure the port as a Layer 2 interface. The following example configures 10-Gigabit Ethernet port 1/0/1 as a Layer 2 switch port.
VLAN configuration and management 21 11 The following fragment allows no VLAN to transmit or receive through the DCB interface.
21 VLAN configuration and management Disabling a VLAN on a trunk interface To disable a VLAN on a trunk interface, perform the following steps. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, specify the interface type element (, , , or ). 3.
Configuring protocol-based VLAN classifier rules 21 22/0/1 30 PAGE 32221 Configuring protocol-based VLAN classifier rules NOTE For complete information on all available VLAN classifier rule options, refer to the Network OS Command Reference. Configuring a VLAN classifier rule To configure an ARP-based VLAN classifier rule, perform the following steps. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-vlan namespace. 2. Under the node, include the / hierarchy of node elements. 3.
Configuring protocol-based VLAN classifier rules 21 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-vlan namespace. 2. Under the node, specify the / hierarchy of node elements. 3. Under the element, specify the element, and give it an integer representing the rule ID. 4. Under the element, specify the node element. 5. Under the node element, include an element and assign it a MAC address.
21 Configuring protocol-based VLAN classifier rules 1 add Rule 1 PAGE 325Configuring protocol-based VLAN classifier rules 21 Activating a VLAN classifier group with an interface port To associate a VLAN classifier group with an interface port, perform the following steps. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
21 Configuring protocol-based VLAN classifier rules 1 vlan 2 PAGE 327Configuring protocol-based VLAN classifier rules 21 up up (output truncated) Obtaining port information for a sequence of ports To retrieve information for a sequence ports, issue the RPC multiple times and use the node element on input.
21 Configuring protocol-based VLAN classifier rules Obtaining VLAN information for one VLAN To return information about a specific VLAN, issue the custom RPC from the urn:brocade.com:mgmt:brocade-interface-ext namespace and specify the VLAN in the input parameter. PAGE 329Configuring the MAC address table 21 active tengigabitethernet 66/0/10 tagged 30 true Configuring the MAC address table Each DCB port has a MAC address table. The MAC address table stores a number of unicast and multicast address entries without flooding any frames.
21 Private VLANs Adding static addresses to the MAC address table To add a static address to the MAC address table, perform the following steps. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-mac-address-table namespace. 2. Under the node, specify the node element. 3. Under the node element, specify the following leaf elements. a. In the element, specify a MAC address in the format nnnn.nnnn.
Private VLANs 21 An isolated VLAN is a secondary VLAN whose distinctive characteristic is that all hosts connected to its ports are isolated at Layer 2. A community VLAN is a secondary VLAN that is associated to a group of ports that connect to a designated community of end devices with mutual trust relationships. Configuring a private VLAN This procedure configures the PVLAN and associates the secondary VLAN with the primary VLAN. 1.
21 Private VLANs 200 community > Configuring an isolated PVLAN This procedure configures an isolated PVLAN. 1.
Private VLANs 21 Displaying PVLAN information Use the RPC to retrieve the current configuration data and operational state data. Refer to “Retrieving configuration data” on page 11 and “Retrieving operational data” on page 15 for detailed instructions.
21 302 Private VLANs Network OS NETCONF Operations Guide 53-1003231-02
Chapter Configuring VXLANs 22 In this chapter • VXLAN configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . 303 • VXLAN configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 VXLAN configuration with NETCONF overview This chapter provides procedures for configuring VXLANs using the NETCONF interface.
22 VXLAN configuration and management High-level communication in a VXLAN environment Figure 4 provides a basic view of the interaction of components in a VXLAN environment. FIGURE 4 High-level communication for VXLAN gateway VXLAN gateways must be part of a two-node virtual switching cluster. In the example shown in Figure 4, RBridge 1 and RBridge 2 make up the two-node cluster. These two RBridges combine to form the VXLAN gateway.
VXLAN configuration and management 22 name1 3.
22 VXLAN configuration and management All the MAC addresses that the VXLAN gateway learns on these VLANs are shared with the NSX controller. When a MAC address ages out in VCS, the MAC address is removed from the NSX. 5.
VXLAN configuration and management 22 add 5,15-17 7. (optional) Within the container, include the node. Set the element values for the node as listed below: • Set the element to 1. This SPAN session must be pre-configured.
22 VXLAN configuration and management Configuring the NSX Controller Prerequisite steps Before you configure the NSX controller, complete the task in “Configuring the VXLAN Gateway” on page 304. The purpose of this task is to generate the security certificate for the VXLAN gateway. This procedure uses data shown in Figure 4. 1. Issue the RPC to edit the running configuration. 2.
VXLAN configuration and management 22 4. (optional) Within the container, include the element to change the reconnect interval between the NSX controller and the VCS fabric in case the connection is lost. The default is 10 seconds, meaning that a reconnection is attempted every 10 seconds. PAGE 34222 310 VXLAN configuration and management Network OS NETCONF Operations Guide 53-1003231-02
Chapter Configuring Virtual Fabrics 23 In this chapter • Virtual Fabric configuration with NETCONF overview . . . . . . . . . . . . . . . . . 311 Virtual Fabric configuration with NETCONF overview This chapter provides procedures for configuring a Virtual Fabric using the NETCONF interface.
23 Virtual Fabric configuration with NETCONF overview PAGE 345Virtual Fabric configuration with NETCONF overview 23 • Community VLAN At least two of these three types of VLANS must be configured to create a Virtual Fabric. 1. Under the node, specify the element containing the new VLAN ID to create VLAN instances that are equal to or greater than 4096, through 8191. Repeat this command for three Virtual Fabrics: 5000, 6000, and 7000. PAGE 34623 Virtual Fabric configuration with NETCONF overview 7000
2. Use the node to create the three types of PVLAN: primary, isolated, and community.
Virtual Fabric configuration with NETCONF overview 23 PAGE 34823 Virtual Fabric configuration with NETCONF overview
PAGE 349Virtual Fabric configuration with NETCONF overview 23 1. Create classification rules for the primary and isolated or community VLANs at the respective primary and host ports. a. Use the and nodes to configure interface tengigabitethernet 11/0/1 as the primary promiscuous trunk port. PAGE 35023 Virtual Fabric configuration with NETCONF overview
c. Use the and nodes to configure interface tengigabitethernet 11/0/3 as the community trunk port.
Virtual Fabric configuration with NETCONF overview 23 PAGE 35223 Virtual Fabric configuration with NETCONF overview a. In the element, specify the port name in [rbridge-id/]slot/port format. b. Include the / elements to configure the port as a trunk Virtual Fabric using the element. c. Add the element and include the element. d. Specify the value and the value.
Virtual Fabric configuration with NETCONF overview 23 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, specify the interface type element (, , , or ). 3. Under the , , , or element, include the following elements: a.
23 Virtual Fabric configuration with NETCONF overview Configuring native Virtual Fabric on interfaces To configure the native Virtual Fabric classifications requires two RPCs. The first RPC configures the port as a Layer 2 interface; the second RPC configures the native VLAN classification. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
Virtual Fabric configuration with NETCONF overview 23 PAGE 35623 Virtual Fabric configuration with NETCONF overview Configuring access Virtual Fabric on interfaces To configure the interface as an access Virtual Fabric interface requires two RPCs. The first RPC configures the port as a Layer 2 interface; the second RPC configures the interface port as an access Virtual Fabric with a MAC address. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
Virtual Fabric configuration with NETCONF overview 23 Configuring an access Virtual Fabric with a MAC group To configure the interface as an access Virtual Fabric interface requires two RPCs. The first RPC configures the port as a Layer 2 interface; the second RPC configures the interface port as an access Virtual Fabric with a MAC group. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
23 Virtual Fabric configuration with NETCONF overview Configuring MAC groups You can create a group of Virtual Machine (VM) MAC addresses to support Virtual Fabrics at an access port. You can specify the list of MAC addresses in the element and then associate the list with a VLAN on an interface.
Transport service 23 PAGE 36023 Transport service 6011 21 PAGE 361Chapter 24 Configuring Spanning Tree Protocols In this chapter • Spanning tree configuration with NETCONF overview . . . . . . . . . . . . . . . . • Configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24 Configuring STP Configuring STP To configure STP, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node from the urn:brocade.com:mgmt:brocade-xstp namespace. 3. Under the node, include the node element to configure global STP parameters. Refer to “Enabling STP, RSTP, MSTP, PVST, or Rapid PVST” on page 338 for details. 4.
Configuring STP 24 22/0/13 32 For details, refer to “Specifying the port priority” on page 367. 8. Optional: Enable the guard root feature on a port.
24 Configuring RSTP 22/0/11 22/0/13 PAGE 365Configuring RSTP 24 For details, refer to “Specifying the bridge priority for all xSTP” on page 340. The range is 0 through 61440 and the priority values can be set only in increments of 4096. The default value is 32768. 28672 5.
24 Configuring RSTP The port priority range is 0 through 240 in increments of 16. The default is 128. A lower number designates a higher priority. 22/0/13 PAGE 367Configuring MSTP 24 custom 5
22/0/10 PAGE 36824 Configuring MSTP 4. Under the node, include the node element and specify an MSTP region. For more details, refer to “Specifying a name for an MSTP region” on page 353. 5. Under the node, include the element and specify a revision number for the MSTP configuration. For more details, refer to “Specifying a revision number for MSTP configuration” on page 354. 6. Under the node, specify an node for each MSTP instance you want to configure. 7.
Configuring PVST and Rapid PVST 24 Configuring PVST and Rapid PVST The basic process for configuring PVST or Rapid PVST is as follows. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node from the urn:brocade.com:mgmt:brocade-xstp namespace. 3. Under the node, include the or node element to access the PVST or Rapid PVST mode parameters.
24 Spanning tree configuration and management Spanning tree configuration and management This section provides procedures for setting global spanning tree parameters. NOTE Issue the RPC to save your configuration changes. Enabling STP, RSTP, MSTP, PVST, or Rapid PVST You enable STP to detect or avoid loops. STP is not required in a loop-free topology.
Spanning tree configuration and management 24 Disabling STP, RSTP, MSTP, PVST, or Rapid PVST NOTE This procedure deletes the context and all the configurations defined within the context or protocol for the interface. By default, STP, RSTP, MSTP, PVST, and Rapid PVST are not enabled. To disable STP, RSTP, MSTP, PVST, or Rapid PVST, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
24 Spanning tree configuration and management PAGE 373Spanning tree configuration and management 24 20480 PAGE 37424 Spanning tree configuration and management Specifying the bridge forward delay for all xSTP For any spanning tree mode (STP, RSTP, MSTP, PVST, or Rapid PVST), use this procedure to specify how long an interface remains in the listening and learning states before the interface begins forwarding all spanning tree instances. The range is 4 through 30 seconds. The default is 15 seconds.
Spanning tree configuration and management 24 Specifying bridge forward delay on a per-VLAN basis Using PVST or Rapid PVST, you may specify the forward delay for a specific VLAN. If the VLAN parameter is not provided, the priority value is applied globally for all per-VLAN instances. But for the VLANs which have been configured explicitly, the per-VLAN configuration takes precedence over the global configuration. The VLAN ID value can be 1 through 3583.
24 Spanning tree configuration and management Specifying the bridge maximum aging time for all xSTP For any spanning tree mode (STP, RSTP, MSTP, PVST, or Rapid PVST), use this procedure to control the maximum length of time that passes before an interface saves its Bridge Protocol Data Unit (BPDU) configuration information. When configuring the maximum aging time, the max-age setting must be greater than the hello-time setting. The range is 6 through 40 seconds. The default is 20 seconds.
Spanning tree configuration and management 24 2*(forward_delay - 1)>=max_age>=2*(hello_time + 1) To specify the bridge maximum aging time for a VLAN, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node from the urn:brocade.com:mgmt:brocade-xstp namespace. 3. Under the node, include the , or node element. 4.
24 Spanning tree configuration and management 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node from the urn:brocade.com:mgmt:brocade-xstp namespace. 3. Under the node, include the , , , , or node element. 4. Under the , , , , or node, include the node element. 5.
Spanning tree configuration and management 24 5. Under the node, include the element and specify the time in seconds it takes for an interface to timeout. PAGE 38024 Spanning tree configuration and management custom
PAGE 381Spanning tree configuration and management 24
Specifying the bridge hello time per VLAN (PVST or RPVST) For PVST or Rapid PVST, use this procedure to configure the bridge hello time on a per VLAN basis. The hello time determines how often the switch interface broadcasts BPDUs to other devices. The range is 1 through 10 seconds. The default is 2 seconds. For the VLANs which have been configured explicitly, the per-VLAN configuration takes precedence over the global configuration.
24 Spanning tree configuration and management Specifying the transmit hold count Use this procedure to configure the BPDU burst size by specifying the transmit hold count value. The node configures the maximum number of BPDUs transmitted per second for RSTP, MSTP, and Rapid PVST before pausing for 1 second. The range is 1 through 10. The default is 6. To specify the transmit hold count, perform the following steps. 1.
Spanning tree configuration and management 24 To enable interoperability with certain legacy Cisco switches, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node from the urn:brocade.com:mgmt:brocade-xstp namespace. 3. Under the node, include the node element. 4.
24 Spanning tree configuration and management disable Mapping a VLAN to an MSTP instance Use the this procedure to map a VLAN to an MTSP instance. You can group a set of VLANs to an instance. This element can be mapped only after the VLAN is created.
Spanning tree configuration and management 24 Specifying the maximum number of hops for a BPDU (MSTP) Use this procedure to configure the maximum number of hops for a BPDU in an MSTP region. Specifying the maximum hops for a BPDU prevents the messages from looping indefinitely on the interface. When you change the number of hops, it affects all spanning tree instances. The range is 1 through 40. The default is 20 hops.
24 Spanning tree configuration and management 4. Under the node, include the element and specify an MSTP region. PAGE 387Retrieving spanning tree-related information 24 Retrieving spanning tree-related information Use the custom RPC to display STP, RSTP, MSTP, PVST, or Rapid-PVST-related information. Issue the custom RPC located in the urn:brocade.com:mgmt:brocade-xstp-ext namespace without any input parameters to retrieve the first spanning tree instance.
24 Configuring all xSTP on DCB interface ports Reissue the RPC, using the value returned in the element as an input parameter to return the next spanning tree instance. You can continue to repeat the RPC until returns false. PAGE 389Configuring all xSTP on DCB interface ports 24 a. In the element, specify the interface name in [rbridge-id/]slot/port format or port-channel number. b. In the element, include the delete operation in the element tag to enable the port. c. Include the node element, which resides in the urn:brocade.com:mgmt:brocade-xstp namespace. 4. Under the node, include the empty leaf element to enable automatic edge detection on the DCB interface.
24 Configuring all xSTP on DCB interface ports c. Include the node element, which resides in the urn:brocade.com:mgmt:brocade-xstp namespace. 4. Under the node element, include the leaf element and specify the path cost for spanning tree calculations on the DCB interface. PAGE 391Configuring all xSTP on DCB interface ports c. 24 Include the node element, which resides in the urn:brocade.com:mgmt:brocade-xstp namespace. 4. Under the node element, include the node element. 5. Under the node element, include the following leaf elements. a. In the element, specify the VLAN ID. b. In the element, specify the path cost for spanning tree calculations on the DCB interface for the specified VLAN.
24 Configuring all xSTP on DCB interface ports 1. Issue the RPC to configure the interface node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the , , , , or node element. 3. Under the , , , , or node element, include the following elements. a.
Configuring all xSTP on DCB interface ports 24 Guard root protects the root bridge from malicious attacks and unintentional misconfigurations in which a bridge device that is not intended to be the root bridge becomes the root bridge. Such attacks can cause severe bottlenecks in the data path. Guard root ensures that the port on which it is enabled is a designated port. If the guard root-enabled port receives a superior BPDU, it goes to a discarding state.
24 Configuring all xSTP on DCB interface ports Enabling the guard root per LAN (PVST and Rapid PVST) Use this procedure to enable the guard root on the switch for a specific VLAN. For the VLANs which have been configured explicitly, the per-VLAN configuration takes precedence over the global configuration. The guard root feature provides a way to enforce the root bridge placement in the network.
Configuring all xSTP on DCB interface ports 24 100 Specifying the MSTP hello time Use this procedure to set the time interval between BPDUs sent by the root switch.
24 Configuring all xSTP on DCB interface ports 5 PAGE 397Configuring all xSTP on DCB interface ports 24 5 Specifying a link type Use this procedure to specify a link type. Specifying a point-to-point link type enables rapid spanning tree transitions to the forwarding state.
24 Configuring all xSTP on DCB interface ports Enabling port fast (STP and PVST) Use this procedure to enable port fast on an interface to allow the interface to quickly transition to the forwarding state. Port fast immediately puts the interface into the forwarding state without having to wait for the standard forward time.
Configuring all xSTP on DCB interface ports 24 22/0/1 PAGE 40024 Configuring all xSTP on DCB interface ports 22/0/1 32
PAGE 401Configuring all xSTP on DCB interface ports 24 22/0/1 100 32 PAGE 40224 Configuring all xSTP on DCB interface ports operation="delete"/> Restricting the topology change notification (MSTP) Use this procedure to restrict the topology change notification BPDUs sent on the interface.
Configuring all xSTP on DCB interface ports 24 Enabling spanning tree To enable spanning tree on the DCB interface, perform the following steps. 1. Issue the RPC to configure the interface node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
24 Configuring all xSTP on DCB interface ports Disabling spanning tree By default, spanning tree is disabled. To disable spanning tree on the DCB interface, perform the following steps. 1. Issue the RPC to configure the interface node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the , , , , or node element. 3.
Chapter Configuring UDLD 25 In this chapter • Overview of UDLD and NETCONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 • Configuring UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Overview of UDLD and NETCONF This chapter provides procedures for configuring unidirectional Link Detection (UDLD) using the NETCONF interface. Refer to the Network OS Administrator’s Guide for information on UDLD and how it works.
25 Configuring UDLD 20 8 2.
Configuring UDLD 25 Disabling UDLD To disable UDLD, perform the following steps. 1. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the shutdown for the node element from the urn:brocade.com:mgmt:brocade-udld namespace. 3. Under the node element, include the leaf element. The following example disables UDLD.
25 376 Configuring UDLD Network OS NETCONF Operations Guide 53-1003231-02
Chapter 26 Configuring Link Aggregation In this chapter • Link aggregation with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring a vLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring the vLAG ignore split option . . . . . . . . . . . . . . . . . . . . . . . . . . . • LACP configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26 Configuring a vLAG The default configuration is to treat FCoE traffic as non-vLAG traffic. This operation must be performed on every switch in the vLAG. The following example configures port channel interface 10. PAGE 411Configuring a vLAG 26 231 tengigabitethernet 231/0/23 0xE718170202 1 231 tengigabitethernet 231/0/36 0xE718240305 1 231 tengigabitethernet
26 Configuring the vLAG ignore split option PAGE 413Configuring the vLAG ignore split option 26 NOTE With ignore-split active, a vLAG node reboot can result in a more than one second loss while interoperating with a Linux server/nic-team/CNA, due to premature egress of traffic from the server. FIGURE 5 vLAG configuration of the ignore split To reduce vLAG failover downtime, you must set the ignore split option on all of the legs in the vLAG (RB2, RB3, and RB4, in this case). To configure the vLAG ignore split, perform the following steps. 1.
26 Configuring the vLAG ignore split option 3. Start a NETCONF session with RB3. 4. Activate vLAG ignore split for the second leg. PAGE 415Configuring the vLAG ignore split option 26 Configuring the load balancing feature This feature allows you to configure the load balancing feature on a remote routing bridge which is not a member of the vLAG (also known as a non-local routing bridge), to forward traffic to a vLAG. To distribute the traffic among the possible paths towards the vLAG, you can configure the vLAG load-balancing flavor on RB2.
26 LACP configuration and management 2 PAGE 417LACP configuration and management 26 3. Under the , , , or node, specify the following elements: a. In the element, provide the name of the interface you want to add to the LAG. b. In the element, include the delete operation in the element tag to enable the interface. c. Include the node element. 4.
26 LACP configuration and management 25000 PAGE 419LACP configuration and management 26 PAGE 42026 388 LACP configuration and management Network OS NETCONF Operations Guide 53-1003231-02
Chapter 27 Configuring LLDP In this chapter • LLDP configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . • Enabling and disabling LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring LLDP global options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring LLDP interface-level options . . . . . . . . . . . . . . . . . . . . . . . . . . .
27 Enabling and disabling LLDP To enable LLDP globally, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element from the urn:brocade.com:mgmt:brocade-lldp namespace to enable LLDP. The node element contains elements that allow you to configure the global LLDP parameters.
Configuring LLDP global options 27 operation="delete"/> To disable LLDP globally, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element from the urn:brocade.com:mgmt:brocade-lldp namespace. 3.
27 Configuring LLDP global options NOTE Brocade recommends you use the operating system version for the description or use the description from the chassis/entity MIB. Do not use special characters, such as #, $, !, @, as part of the system name and description. To specify a global system name and system description for the Brocade VDX hardware, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
Configuring LLDP global options 27 Brocade-LLDP-installed-july-25 PAGE 42627 Configuring LLDP global options tx PAGE 427Configuring LLDP global options 27 45 PAGE 42827 Configuring LLDP global options
Advertising the optional LLDP TLVs To configure the optional LLDP type-length-value (TLV) fields, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element, which resides in the urn:brocade.com:mgmt:brocade-lldp namespace. 3. Under the node, include the node element. 4.
Configuring LLDP global options 27 Configuring the advertisement of LLDP DCBX-related TLVs For a switch in standalone mode, only the DCBX TLV is advertised by default. For a switch in Brocade VCS Fabric mode, the following TLVs are advertised by default: • dcbx-tlv • dcbx-fcoe-app-tlv • dcbx-fcoe-logical-link-tlv To configure the LLDP DCBX-related TLVs to be advertised, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.
27 Configuring LLDP global options Configuring iSCSI priority The iSCSI priority setting is used to configure the priority that will be advertised in the DCBX iSCSI TLV. The iSCSI TLV is used only to advertise the iSCSI traffic configuration parameters to the attached CEE-enabled servers and targets. No verification or enforcement of the usage of the advertised parameters by the iSCSI server or target is done by the switch. The default iSCSI priority is 4. The valid range is 0 through 7.
Configuring LLDP global options 27 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element, which resides in the urn:brocade.com:mgmt:brocade-lldp namespace. 3. Under the node, include the node element. 4. Under the node, include the following leaf elements: a. In the element, specify the name of the profile. b.
27 Configuring LLDP global options UK_LLDP_IT Standard profile by Jane PAGE 433Configuring LLDP global options a. In the element, specify the priority group ID. b. In the element, map a weight to a Deficit Weighted Round Robin (DWRR) scheduler queue. c. In the element, specify “on” to enable priority-based flow control. 27 5. Under the node, provide the priority table in the node element. 6. Under the node, include an element entry for each CoS level to define the mapping to a priority group.
27 Configuring LLDP global options PAGE 435Configuring LLDP interface-level options 27 Deleting an LLDP profile To delete an LLDP profile, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the node element, which resides in the urn:brocade.com:mgmt:brocade-lldp namespace. 3.
27 Configuring LLDP interface-level options 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include a , , , or node element. 3. Under the , , , or node, include a element to identify the interface in [rbridge-id/]slot/port format.
Chapter 28 Configuring ACLs In this chapter • ACL configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . • Default ACL configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • ACL configuration and management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28 ACL configuration and management • • • • • • seq 6 permit tcp any any eq 443 seq 7 permit udp any any eq 161 seq 8 permit udp any any eq 111 seq 9 permit tcp any any eq 123 seq 10 permit tcp any any range 600 65535 seq 11 permit udp any any range 600 65535 Refer to the Network OS Administrator’s Guide for an explanation of ACL rules. ACL configuration and management NOTE Issue the RPC to save your configuration changes.
ACL configuration and management 28 6. Issue the RPC to save the running-config file to the startup-config file. The following example creates a standard MAC ACL named test_01 and adds two rules to it: • Rule 100 drops traffic from source MAC address 0011.2222.3333 and maintains a count of packets dropped. • Rule 1000 allows traffic from source MAC address 0022.1111.2222 and maintains a count of packets allowed.
28 ACL configuration and management 3. Under the node, include the leaf node, and specify the name of the ACL you want to create or modify. 4. Under the node, specify a node element for each rule you want to configure. 5. Under each node, specify the following leaf elements. a. In the element, set a sequence number for the rule. b.
ACL configuration and management 28 Applying a MAC ACL to a DCB interface Ensure that the ACL that you want to apply exists and is configured to filter traffic in the manner that you need for a specific DCB interface. An ACL does not take effect until it is expressly applied to an interface. Frames can be filtered as they enter an interface (ingress direction).
28 ACL configuration and management test_02 in PAGE 443ACL configuration and management 28 test_02 in Modifying MAC ACL rules You cannot modify the existing rules of a MAC ACL. However, you can remove the rule and then recreate it with the desired changes.
28 ACL configuration and management 6. Issue another RPC to replace rule 100. Refer to “Creating an extended MAC ACL and adding rules” on page 407 for details. The following example creates a new rule 100. PAGE 445ACL configuration and management 28 3. Under the node, include the element, and specify the name of the standard ACL you want to delete. PAGE 44628 IP ACL IP ACL The IP ACLs control access to the switch. The policies do not control the egress and outbound management traffic initiated from the switch. The IP ACLs support both IPv4 and IPv6 simultaneously. An IP ACL is a set of rules that are applied to the interface as a packet filtering firewall. Each rule defines whether traffic of a combination of source and destination IP address, protocol, or port, is to be denied or permitted.
IP ACL 28 a. In the element, set a sequence number for the rule to identify the rule and determine the sequence in which rules are applied (lowest first). b. In the element, specify “deny” to create a rule in the IP ACL to drop traffic with the source IP address, “permit” to create a rule in the IP ACL to permit traffic with the source IP address, or “hard-drop” to create a rule in the IP ACL to force drop traffic. c.
28 IP ACL Creating an extended IP or IPv6 ACL To create an extended IP ACL, perform the following steps. 1. Issue the RPC to configure the or node in the urn:brocade.com:mgmt:brocade-ip-access-list or urn:brocade.com:mgmt:brocade-ipv6-access-list namespace, respectively. 2. Under the or node, include the or node element. 3. Under the or node, include the / hierarchy of node elements. 4.
IP ACL 28 eq 23 7 deny tcp any any eq 80 10 deny udp any any rang
28 IP ACL 5. Under the or node, include the node element located in either the urn:brocade.com:mgmt:brocade-ip-access-list or urn:brocade.com:mgmt:brocade-ipv6-access-list namespace, respectively. 6. Under the node, include the or leaf node, and specify the name of the access list. The following example applies stdV6ACL1 to the management interface.
IP ACL 28 6. Under the node, include the or leaf node, and specify the name of the access list. The following example applies stdV6ACL1 to the 101/0/1 interface. PAGE 45228 IP ACL PAGE 453Chapter 29 Configuring QoS In this chapter • QoS configuration under NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . • Standalone QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Rewriting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Queueing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Congestion control. . . . . . . .
29 Rewriting Rewriting Rewriting a frame header field is typically performed by an edge device. Rewriting occurs on frames as they enter or exit a network because the neighboring device is untrusted, unable to mark the frame, or is using a different QoS mapping. The frame rewriting rules set the Ethernet CoS and VLAN ID fields. Egress Ethernet CoS rewriting is based on the user-priority mapping derived for each frame as described later in the queueing section.
Queueing 29 22/0/2 PAGE 45629 Queueing Configuring user-priority mappings To configure user-priority mappings, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the , , , , or node element. 3.
Queueing 29 4. Under the node, include the following elements. a. In the element, assign a name to the map. b. In each successive element, associate each inbound CoS value to an output CoS value. For example, the following element maps outbound CoS value to 3 for all packets with inbound CoS value of 3. 3 5. Issue the RPC to save the running-config file to the startup-config file.
29 Queueing 5. Under the node, include the leaf element and specify the CoS-to-CoS mutation QoS map to activate and apply changes made to the map. 6. Under the node, include the node element. 7. Under the node element, include the empty leaf element to specify the trust mode for incoming traffic. This step specifies the interface ingress QoS trust mode, which controls user priority mapping of incoming traffic.
Queueing 29 PAGE 46029 Queueing 0 test 0/60 PAGE 461Queueing 29 6. Issue the RPC to save the running-config file to the startup-config file. The following example sets the trust mode on interface 22/0/2. 22/0/2 PAGE 46229 Queueing
Creating a DSCP mutation map NOTE This feature is only supported on Brocade VDX 8770-4, VDX 8770-8, and later models. To create a DSCP mutation and remap the incoming DSCP value of the ingress packet to other DSCP values, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-qos namespace. 2. Under the node, include the
Queueing 29 19 12,14,16,18 20 2,4,6,8 10 Applying a DSCP mutation map to an interface To apply a DSCP mutation QoS map, perform the following steps. 1.
29 Queueing test Verifying DSCP mutation mapping To verify a DSCP mutation mapping, issue the RPC to retrieve the DSCP mutation QoS map and the interface names to which a map is bound. 1.
Queueing 29 12,14,16,18 20 2,4,6,8 10 2. Return a list of interfaces that are bound to a DSCP mutation QoS map using an xpath filter.
29 Queueing Creating a DSCP-to-CoS mutation map You can use the incoming DSCP value of ingress packets to remap the outgoing 802.1P CoS priority values by configuring a DSCP-to-CoS mutation map on the ingress interface. Perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-qos namespace. 2. Under the node, include the
Queueing 29 Applying a DSCP-to-CoS map to an interface To apply a DSCP-to-CoS map to an interface, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
29 Queueing Verifying a DSCP-to-CoS mutation map To verify a DSCP-to-CoS mapping, issue the RPC to retrieve the DSCP-to-CoS map and the interface names to which a map is bound. 1. Verify a DSCP-to-CoS map using a subtree filter to view only the contents of the /
Queueing 29 2. Return a list of interfaces that are bound to a DSCP-to-CoS map using an xpath filter. You must use an xpath filter and not a subtree filter in this case, because the element to be used for the selection criteria (name) resides at a lower level in the hierarchy than the information to be retrieved (the interface name). The following example returns the interface names to which the DSCP-to-CoS map named “test” is bound.
29 Queueing To map a CoS to a Traffic-Class, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-qos namespace. 2. Under the node, include the
Queueing 29 3. Under the , , , , or node, include the interface on which you want to activate the mapping in the leaf element. 4. Under the , , , , or node, include the node element from the urn:brocade.com:mgmt:brocade-qos namespace. 5.
29 Queueing PAGE 473Queueing 29 0/51 0 test 0/52 PAGE 47429 Queueing
PAGE 475Queueing 29 22/0/2 test PAGE 47629 Queueing 11,13,15,17 5 12,14,16,18 6 2,4,6,8 7
2. Return a list of interfaces that are bound to a DSCP-to-traffic class map using an xpath filter.
Congestion control 29 Congestion control For conceptual information about the various congestion control methods supported in Network OS, including IEEE 802.3x Ethernet Pause, Tail Drop, and Ethernet Priority Flow Control (PFC), refer to the Network OS Administrator’s Guide. Tail drop This section provides procedures for configuring tail drop congestion control. Changing the multicast tail drop threshold To change the Tail Drop threshold, perform the following steps. 1.
29 Congestion control Configuring CoS thresholds To configure CoS thresholds, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the or node element. 3.
Congestion control 29 Random Early Detection Procedures for configuring and applying Random Early Detection (RED) profiles follow. For conceptual information about RED profiles and for operational considerations, refer to the Network OS Administrator’s Guide. Configuring RED profiles To configure an egress RED profile, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-qos namespace 2.
29 Congestion control Enabling a RED profile to use CoS priority To map a CoS priority value on a per-port basis to the RED profile created under “Configuring RED profiles” on page 447, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
Congestion control 29 Enabling Ethernet Pause To enable Ethernet Pause, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the , , , , or node element. 3.
29 Congestion control Ethernet Priority Flow Control This section provides procedures for configuring Ethernet Priority-based Flow Control (PFC) for congestion control. Enabling Ethernet PFC To enable Ethernet PFC, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
Multicast rate limiting 29 Multicast rate limiting Multicast rate limiting provides a mechanism to control multicast frame replication and cap the effect of multicast traffic. For additional information, refer to the Network OS Administrator’s Guide. NOTE Multicast rate limiting is not supported on VDX 8770-4 and VDX 8770-8 platforms.
29 Broadcast, unknown unicast, and multicast storm control Broadcast, unknown unicast, and multicast storm control Broadcast, unknown unicast, and multicast (BUM) storm control can be configured for the following physical interface types: • • • • gigabitethernet tengigabitethernet fortygigabitethernet hundredgigabitethernet For conceptual information about BUM storm control and operational considerations, refer to the Network OS Administrator’s Guide.
Scheduling 29 101/0/2 PAGE 48629 Scheduling c. In the element, set the percentage of bandwidth to be allocated to the specific queue. 4. Issue the RPC to save the running-config file to the startup-config file. The following example assigns Traffic Classes 4 through 7 to the strict priority Traffic Class, and allocates percentage bandwidth to each Traffic Class. PAGE 487Data Center Bridging map configuration 29 4. Under the node, include a node for each traffic class, and set each such element to a percentage bandwidth. 5. Issue the RPC to save the running-config file to the startup-config file. The following example schedules the QoS multicast queue with bandwidth percentages 5, 10, 15, 20, 5, 10, 15, and 20 for Traffic Classes 0 through 7, respectively.
29 Data Center Bridging map configuration The following example creates a CEE map named “default.” default PAGE 489Data Center Bridging map configuration 29 Defining a priority-table map To define a priority-table map, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-cee-map namespace. 2. Under the node, identify the CEE map in the element.
29 Data Center Bridging map configuration Applying a CEE provisioning map to an interface To apply a CEE provisioning map to an interface, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the , , , , or node element. 3.
Brocade VCS Fabric QoS 29 PAGE 49229 Brocade VCS Fabric QoS Configuring Brocade VCS Fabric QoS To configure the remapping priorities for the Brocade VCS Fabric, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-cee-map namespace, and specify the following elements. a. Under the node, include the element and specify the default CEE map. b. Under the node, include the node element. c.
Restrictions for Layer 3 features in VCS mode 29 22/0/1 default Restrictions for Layer 3 features in VCS mode For an overview of Layer 3 restrictions in VCS mode, refer to the Network OS Administrator’s Guide.
29 Port-based Policier 1. Issue the RPC to configure the node in the urn:borcade.com:mgmt:brocade-policer namespace. 2. Under the node, include the leaf element and specify a name for the class map. The name for the class map must be a character string up to 64 characters. To delete the class map, include the delete operation in the node and specify the class map you want to delete in the element. 3.
Port-based Policier 29 To configure a priority map, perform the following steps. For a complete description of all the priority map attributes, refer to the brocade-policer YANG module and the Network OS Administrator’s Guide. 1. Issue the RPC to configure the in the urn:brocade.com:mgmt:brocade-policer namespace. 2. Under the node, include the leaf element, and specify the priority map name.
29 Port-based Policier Configuring the policy map A policy map can contain multiple classification maps. Configure a policy map to associate QoS and policing parameters to traffic belonging to these classification maps. You can apply only one policy map per interface per direction (ingress and egress). To configure a policy map, add a class map, and configure QoS and policing parameters for the class map, perform the following steps.
Port-based Policier 29 PAGE 49829 Port-based Policier pmap1 default 3000 PAGE 499Port-based Policier 29 22/0/2 policymap1 policymap1 PAGE 50029 Port-based Policier
The following example returns the running configured policy map. It uses the RPC and a subtree filter to restrict the output to the contents of the node in the urn:brocade.com:mgmt:brocade-policer namespace. PAGE 501Port-based Policier 29 pmap1
Priority maps The following example displays the running configured police priority map name and mapping of CoS values for conform and exceed color priorities. It uses the RPC with a subtree filter to limit the output to the contents of the node in the urn:brocade.com:mgmt:brocade-policer namespace.
29 Configuring Auto-QOS Configuring Auto-QOS Auto QoS (Quality of Service) for NAS creates a minimum bandwidth guarantee for Network Attached Storage traffic. Auto QoS for NAS is disabled by default; you must enable Auto QoS to allow NAS packets to have the correct service levels. The cee-map priority group and priority-map settings must be their default values.
Configuring Auto-QOS 29 4. Set the DSCP value for all NAS traffic by entering a value for the node. The Differentiated Services Code Point (DSCP) value affects how Auto-QoS operates by specifying the priority value for Network Attached Storage traffic on IP networks. Higher numbers provide a higher level of priority.
29 472 Configuring Auto-QOS Network OS NETCONF Operations Guide 53-1003231-02
Chapter 30 Configuring 802.1x Port Authentication In this chapter • 802.1x port authentication with NETCONF overview . . . . . . . . . . . . . . . . . • 802.1x authentication configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . • Interface-specific administrative tasks for 802.1x . . . . . . . . . . . . . . . . . . . • Checking 802.1x configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 473 476 482 802.
30 802.1x authentication configuration tasks To add a RADIUS server and enable 802.1x authentication globally, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-aaa namespace. 2. Under the node, include the node element. 3. Under the node, include the element and specify the RADIUS server. 4. Configure the node in the urn:brocade.com:mgmt:brocade-dot1x namespace. 5.
802.1x authentication configuration tasks 30 Before running the readiness check, you can set a timeout value in seconds. The default timeout value is 10 seconds. To configure a readiness check timeout value, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-dot1x namespace. 2. Under the node, include the node element. 3.
30 Interface-specific administrative tasks for 802.1x Interface-specific administrative tasks for 802.1x It is essential to configure the 802.1x port authentication protocol globally on the Brocade VDX hardware, and then enable 802.1x and make customized changes for each interface port. Because 802.1x was enabled and configured in “802.
Interface-specific administrative tasks for 802.1x 30 22/0/1 Configuring 802.
30 Interface-specific administrative tasks for 802.1x 3. Under the , , , or node, include the leaf element and specify the name of the interface on which you want to configure 802.1x authentication timers. Specify the interface in [rbridge-id/]slot/port format. 4.
Interface-specific administrative tasks for 802.1x 30 3. Under the , , , or node, include the leaf element and specify the name of the interface on which you want to configure 802.1x re-authentication. Specify the interface in [rbridge-id/]slot/port format. 4.
30 Interface-specific administrative tasks for 802.1x • force-authorized—802.1x authentication is disabled and the port moves to the authorized state. • force-unauthorized—802.1x authentication is disabled and the port moves to the unauthorized state. NOTE If you globally disable 802.1x, all interface ports with 802.1x authentication enabled automatically switch to force-authorized port-control mode. To configure 802.1x port-control on a specific interface port, perform the following steps.
Interface-specific administrative tasks for 802.1x 30 Disabling 802.1x on specific interface ports To disable 802.1x authentication on a specific interface port, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
30 Checking 802.1x configurations Checking 802.1x configurations You cannot obtain 802.1x authentication operational data using the NETCONF interface. To obtain information about dot1x statistical and diagnostic information requires the CLI. Refer to the Network OS Administrator’s Guide for details. To retrieve running configuration information for global 802.
Checking 802.
30 484 Checking 802.
Chapter 31 Configuring sFlow In this chapter • sFlow configuration with NETCONF overview. . . . . . . . . . . . . . . . . . . . . . . . • Configuring the sFlow protocol globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Interface-specific administrative tasks for sFlow . . . . . . . . . . . . . . . . . . . . • Flow-based sFlow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
31 Configuring the sFlow protocol globally To configure sFlow globally, perform the following steps. 1. Issue an RPC to configure the node in the urn:brocade.com:mgmt:brocade-sflow namespace. 2. Under the node, include the following elements. a. Include the empty leaf element to enable the sFlow protocol globally. b. In the element, set the maximum number of seconds between successive samples of counters to be sent to the collector.
Interface-specific administrative tasks for sFlow 31 Interface-specific administrative tasks for sFlow After the global sFlow configuration, sFlow must be explicitly enabled on all the required interface ports. NOTE When sFlow is enabled on an interface port, it inherits the sampling rate and polling interval from the global sFlow configuration. Enabling and customizing sFlow on specific interfaces NOTE On the Brocade VDX 8770, SPAN and sFlow can be enabled at the same time.
31 Interface-specific administrative tasks for sFlow 1/0/16 35 8192 PAGE 521Flow-based sFlow 31 Flow-based sFlow Refer to the Network OS Administrator’s Guide for related conceptual and overview information about flow-based sFlow. Configuring flow-based sFlow Flow-based sFlow is used to analyze a specific type of traffic (flow based on access control lists, or ACLs).
31 Flow-based sFlow 3. Create a class map and attach the ACL to the class map. PAGE 523Flow-based sFlow 31 new_policy_map
PAGE 52431 Flow-based sFlow 1/0/1 new_policy-map
PAGE 525Flow-based sFlow 31 Retrieving flow-based sFlow statistics Use the RPC to retrieve the current configuration data and operational state data. Refer to “Retrieving configuration data” on page 11 and “Retrieving operational data” on page 15 for detailed instructions.
31 494 Flow-based sFlow Network OS NETCONF Operations Guide 53-1003231-02
Chapter 32 Configuring Switched Port Analyzer In this chapter • SPAN configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . • Configuring ingress SPAN, egress SPAN, or bidirectional SPAN . . . . . . . . . • Deleting a SPAN connection from a session . . . . . . . . . . . . . . . . . . . . . . . . • Deleting a SPAN session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SPAN in management cluster . . . . . . . . . . . . . . . . . . . . . . . .
32 Configuring ingress SPAN, egress SPAN, or bidirectional SPAN 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-span namespace. 2. Under the node, include the node element. 3. Under the node, include the following leaf elements. a. In the field, identify the session with a unique session number. b. Optional: In the field, provide a descriptive text for the session. 4.
Deleting a SPAN connection from a session 32 Deleting a SPAN connection from a session To remove a single connection from a SPAN session, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-span namespace. 2. Under the node, include the node. 3.
32 Deleting a SPAN session xmlns="urn:ietf:params:xml:ns:netconf:base:1.
SPAN in management cluster 32 1/0/18 both 2 (output truncated) 2. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-span namespace. 3. Under the node, include the node element and include the delete operation in the element tag. 4.
32 Configuring RSPAN 1 Hello World source tengigabitethernet 3/0/15 destination tengigabitethernet 5/0/18 both This conf
Configuring RSPAN 32 4. Under the node, set the value to to make the VLAN remote. 1010 PAGE 53432 Configuring RSPAN The following example configures an RSPAN session. It designates 1/0/11 as the source port and VLAN 1010 as the destination. PAGE 535Section IV Network OS Layer 3 Routing Features This section describes Layer 3 routing features of Network OS, and includes the following chapters: • IP Route Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IP Route Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring OSPF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring VRRP. . . . . . .
504 Network OS NETCONF Operations Guide 53-1003231-02
Chapter 32 IP Route Policy In this chapter • IP route policy configuration with NETCONF overview. . . . . . . . . . . . . . . . . • Configuring an IP prefix list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring a route map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring and activating an IP route policy . . . . . . . . . . . . . . . . . . . . . . .
32 Configuring a route map a. In the element, specify the IP prefix list name. b. In the element, specify the instance ID. c. In the element, specify “permit” or “deny”. d. In the element, specify the prefix IP4 address. e. Optional: In the element, specify the lower limit of the mask length, f. Optional: In the element, specify the upper limit of the mask length.
Configuring a route map 32 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-ip-policy namespace. 2. Under the node, include a node element for each instance of the route map. 3. Under the node, include the following elements. a. In the element, specify the route map name. b. In the element, specify “permit” or “deny”. c. In the element, specify the instance ID.
32 Configuring and activating an IP route policy pre-test 5000 NOTE The maximum number of OSPF networks that can be advertised and processed in a single area in a router is limited to 600.
Configuring and activating an IP route policy 32 b.
32 Configuring and activating an IP route policy 2. Create the prefix and next hop for each static route. NOTE The following example is for a standalone router and therefore configures the node in the urn:brocade.com:mgmt:brocade--common-def namespace. For a node in a Brocade VCS Fabric, configure the node in the urn:brocade.com:mgmt:brocade-rbridge namespace instead. PAGE 543Configuring and activating an IP route policy 32 0
You can configure the router to explicitly permit or deny specific IP addresses. The router permits all IP addresses by default. If you want permit to remain the default behavior, define individual filters to deny specific IP addresses.
32 512 Configuring and activating an IP route policy Network OS NETCONF Operations Guide 53-1003231-02
Chapter IP Route Management 33 In this chapter • IP route management with NETCONF overview. . . . . . . . . . . . . . . . . . . . . . 513 • Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 • Other routing operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33 Configuring static routes Specifying the next hop gateway To specify the next hop gateway, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-rbridge namespace. 2. Under the node, include the leaf node, and specify the ID of the routing bridge on which you want to configure static routes. 3.
Configuring static routes 33 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-rbridge namespace. 2. Under the node, include the leaf node, and specify the ID of the routing bridge on which you want to configure static routes. 3. Under the node, include the ///static-route-oif> hierarchy of node elements. The and subsequent nodes are located in the urn:brocade.
33 Other routing operations Configuring the default route The default route is configured with an all zeros prefix/netmask (that is, 0.0.0.0/0). This default route gets installed in the ASIC. All traffic that does not have other matching routes is forwarded using the default route. The following example configures a default route with a next hop of 207.95.6.157. PAGE 549Other routing operations 33 30 207.95.7.0/24 207.95.6.
33 Other routing operations 30 ospf PAGE 551Chapter 34 Configuring OSPF In this chapter • OSPF configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . • OSPF over VRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • OSPF in a VCS environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Performing basic OSPF configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
34 OSPF over VRF OSPF over VRF With Network OS 4.0 and later, OSPF can run over multiple Virtual Forwarding and Routing (VRF) mechanisms. OSPF maintains multiple instances of the routing protocol to exchange route information among various VRFs. A multi-VRF-capable router maps an input interface to a unique VRF, based on user configuration. These input interfaces can be physical or SVIs. By default, all input interfaces are attached to the default VRF. All OSPF commands supported in Network OS 4.
OSPF in a VCS environment f. Assign the VE interface to the area created in step c. g. Enable the VE interface. 34 1001 PAGE 55434 OSPF in a VCS environment c. Create an OSPF area on Router RB2. d. Configure a virtual Ethernet (VE) interface using the VLAN number created in step a. e. Configure an IP address for the VE. f. Assign the interface to the area created in step c. g. Enable the VE interface. PAGE 555Performing basic OSPF configuration 34 3. Assign VLAN 1001 to a VLAG. Performing basic OSPF configuration To begin using OSPF on the router, perform these steps. 1. Follow the rules in the “OSPF configuration rules” on page 523. 2. Enable OSPF on the router. Refer to “Enabling and disabling OSPF on the router” on page 523. 3. Assign the areas to which the router will be attached. Refer to “Assigning OSPF areas” on page 525. 4. Assign individual interfaces to the OSPF areas.
34 Performing basic OSPF configuration Enabling OSPF on the router OSPF can be activated only in the RBridge ID context. To enable OSPF on the router, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-rbridge namespace. 2. Under the node, include the leaf element and specify the switch for which you want to enable OSPF. 3. Under the node, include the node element. 4.
Performing basic OSPF configuration 34 Assigning OSPF areas Once OSPF is enabled on the system, you can assign areas. Assign an IP address or number as the area ID for each area. The area ID is representative of all IP addresses (subnets) on a router port. Each port on a router can support one area.
34 Performing basic OSPF configuration Assigning a totally stubby area By default, the device sends summary LSAs (type 2 LSAs) into stub areas. You can further reduce the number of link state advertisements (LSAs) sent into a stub area by configuring the device to stop sending summary LSAs (type 3 LSAs) into the area. This is called assigning a totally stubby area. You can disable the summary LSAs when you are configuring the stub area or later after you have configured the area.
Performing basic OSPF configuration 34 Assigning a Not-So-Stubby Area The OSPF Not-So-Stubby-Area (NSSA) feature enables you to configure OSPF areas that provide the benefits of stub areas, but that also are capable of importing external route information. OSPF does not flood external routes from other areas into an NSSA, but does translate and flood route information from the NSSA into other areas such as the backbone. Refer to the Network OS Administrator’s Guide for details.
34 Performing basic OSPF configuration 101 PAGE 561Performing basic OSPF configuration 34 193.45.0.0 255.255.0.0 not-advertise
Assigning interfaces to an area Once you define OSPF areas, you can assign interfaces to the areas.
34 Performing basic OSPF configuration Assigning virtual links All ABRs must have either a direct or indirect link to the OSPF backbone area (0.0.0.0 or 0). If an ABR does not have a physical link to the area backbone, the ABR can configure a virtual link to another router within the same area, which has a physical connection to the backbone area. Refer to the Network OS Administrator’s Guide for details.
Performing basic OSPF configuration 34 101 PAGE 56434 Performing basic OSPF configuration Changing other settings Refer to the Network OS YANG Reference Manual for other global and interface-level parameters you can use to change default OSPF settings. Refer to the brocade-ospf.yang file for descriptions of each parameter. Some commonly configured items include: • Changing reference bandwidth to change interface costs by using the node.
Chapter 35 Configuring VRRP In this chapter • VRRP and VRRP-E configuration with NETCONF overview . . . . . . . . . . . . . • VRRP basic configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling preemption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring the track priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling short-path forwarding (VRRP-E only). . . . . . . . . . . . . . .
35 VRRP and VRRP-E configuration with NETCONF overview Figure 8 shows an example of a basic VRRP setup to illustrate some basic VRRP concepts. Router 1 and Router 2 are two physical routers that can be configured to compose one virtual router. This virtual router would provide redundant network access for Host 1. If Router 1 were to fail, Router 2 could provide the default gateway out of the subnet.
VRRP basic configuration example 35 • Backup—Routers that belong to a virtual router but are not the master. Then, if the master becomes unavailable, the backup router with the highest priority (a configurable value) becomes the new master. By default, backup routers are given a priority of 100. You can assign a backup a priority value of 3 through 254. VRRP basic configuration example The following procedures configure the basic configuration shown in Figure 8 on page 534 for VRRP.
35 VRRP basic configuration example 7. Assign Router 1 to a group. and assign the group a virtual router IP address. These assignments are done in the node in the urn:brocade.com:mgmt:brocade-vrrp namespace. The group is identified by group number in the element and has a range of 1 through 255. The virtual router IP address is identified in the / element.
VRRP basic configuration example 35 Configuring the backup router To create a basic backup router configuration for Router 2 in Figure 8 on page 534, perform the following steps. 1. Establish a NETCONF session with Router 2. 2. Issue the RPC to edit the running configuration. 3.
35 VRRP basic configuration example 7. Assign Router 2 to the same VRRP group as Router 1 and give the group the same virtual IP address. The assignment is done in the node in the urn:brocade.com:mgmt:brocade-vrrp namespace. The group is identified by group number in the element, and the virtual router IP address in the / element. For VRRP, the physical router IP address and the virtual router group IP address are different. Thus Router 2 is not the master.
Enabling preemption 35 VRRP-E differences for basic configuration If you were to configure the two routers shown in Figure 8 on page 534, you must consider the following items specific to VRRP-E: • Specifying the element in the urn:brocade.com:mgmt:brocade-vrrp namespace enables VRRP-E as well as VRRP.
35 Enabling preemption The procedure for enabling pre-emption differs depending on the Ethernet link interface type, which for VRRP can be a physical Ethernet link (10 Gigabit Ethernet, Gigabit Ethernet, 40 Gigabit Ethernet), port-channel, or VE. For VRRP-E, the Ethernet link interface type must be VE. Enabling preemption for physical Ethernet or port-channel To enable preemption for a physical or port-channel router interface, perform the following steps. 1.
Configuring the track priority 35 Enabling preemption for a VE interface To enable preemption for a VE interface, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the / hierarchy of node elements, 3. Under the node, include the element, and specify the VE name. 4.
35 Configuring the track priority The procedure for configuring track priority differs depending on the Ethernet link interface type, which for VRRP can be a physical Ethernet link (10 Gigabit Ethernet, Gigabit Ethernet, 40 Gigabit Ethernet), port-channel, or VE. For VRRP-E, the Ethernet link interface type must be VE. Configuring track priority for physical Ethernet or port-channel To configure the track priority for a physical Ethernet link or port-channel, perform the following steps. 1.
Configuring the track priority 35 Configuring track priority for a VE link interface To configure the track priority for a VE interface, perform the following steps. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2.
35 Enabling short-path forwarding (VRRP-E only) tengigabitethernet 2/4 60 PAGE 577Configuring a multigroup virtual router cluster 35 Configuring a multigroup virtual router cluster Figure 9 shows a commonly employed virtual router setup. This setup introduces redundancy by configuring two virtual router groups. The first group has Router 1 as the master and Router 2 as the backup.
35 Configuring a multigroup virtual router cluster Router 1 is the master for Group 1 (master priority = 110) and Router 2 is the backup for Group 1 (backup priority = 100). Router 1 and Router 2 both track the uplinks to the Internet. If an uplink failure occurs on Router 1, its backup priority is decremented by 20 (track priority = 90), so that all traffic destined to the Internet is sent through Router 2 instead.
Configuring a multigroup virtual router cluster 35 10 192.53.5.2/24 1 192.53.5.
35 Configuring a multigroup virtual router cluster 101 PAGE 581Configuring a multigroup virtual router cluster 35 NOTE (For VRRP-E only) The virtual IP address cannot be the same as a real IP address configured on the interface. 102 PAGE 58235 Configuring a multigroup virtual router cluster Configuring Router 2 as master for second virtual router group The following example RPC configures Router2 as the master for the second router group. Ensure that VCS Fabric mode is enabled, and then perform the following steps. 1. Establish a NETCONF session with Router 2. 2. To configure the Ethernet interface link for Router 2, enable configuration of VE interface 15. 3. Assign Router 2 to group 2. 4.
Verifying VRRP and VRRP-E configuration 35 Verifying VRRP and VRRP-E configuration To obtain configuration information about VRRP or VRRP-E for a specific interface, issue the RPC with a subtree filter to limit the output to VRRP information, VRRP-E information, or information about a specific VRRP or VRRP-E group.
35 552 Verifying VRRP and VRRP-E configuration Network OS NETCONF Operations Guide 53-1003231-02
Chapter Configuring VRF 36 In this chapter • VRF configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . . 553 • Configuring VRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 VRF configuration with NETCONF overview VRF (Virtual Routing and Forwarding) is a technology that controls information flow within a network by isolating the traffic by partitioning the network into different logical VRF domains.
36 Configuring VRF Configuring VRF Typical full-blown implementations of VRFs are designed to support BGP/MPLS VPNs, whereas VRF-lite implementations typically are much simpler with moderate scalability (as compared to BGP/MPLS VPNs). These two flavors share a lot in common but differ in the interconnect schemes, routing protocols used over the interconnect, and also in the VRF classification mechanisms. Brocade Network OS v4.1.1 supports the VRF-lite implementation.
Configuring VRF 36 orange 19:1 399 11.1.1.1 2. Configure VRF on the interface.
36 Configuring VRF 4. Configure the static ARP for the interface. The static route and ARP must be configured under address family mode. 3.3.3.3 4.4.4 interface 2/0/9 The following example configures all commands under the VRF submode. This configuration is non-default VRF. PAGE 589Chapter Configuring BGP 37 In this chapter • BGP configuration with NETCONF overview. . . . . . . . . . . . . . . . . . . . . . . . . 557 • Configuring BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557 BGP configuration with NETCONF overview Border Gateway Protocol (BGP) is an exterior gateway protocol that can do inter-domain and intra-domain routing.
37 Configuring BGP Enabling BGP on an RBridge To enable BGP on an RBridge, configure BGP with the default vrf-name for that RBridge. 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-bgp namespace. 2. Under node, set the value of to 'default' PAGE 591Configuring BGP 37 Configuring BGP global mode Configurations that are not specific to address-family configuration are available in the BGP global configuration mode.
37 Configuring BGP 188 default 1.1.1.
Configuring BGP • • • • • • • • • • 37 default-metric—Set metric of redistributed routes maximum-paths—Forward packets over multiple paths multipath—Enable multipath for iBGP or EBGP neighbors only neighbor—Specify a neighbor router network—Specify a network to announce via BGP next-hop-enable-default—Enable default route for BGP next-hop lookup next-hop-recursion—Perform next-hop recursive lookup for BGP route redistribute—Redistribute information from another routing protocol rib-route-limit—Limit BGP
37 Configuring BGP PAGE 595Chapter 38 Configuring IGMP In this chapter • IGMP configuration with NETCONF overview . . . . . . . . . . . . . . . . . . . . . . . . • Configuring IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring IGMP snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Monitoring IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38 Configuring IGMP snooping 5. Under the node, include the empty node. 6. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 7. Under the node, include the / hierarchy of node elements. 8. Under the node, include the leaf element, and set it to the VLAN number for which you want to enable IGMP snooping. 9. Under the node, include the node. 10.
Configuring IGMP snooping querier 38 Configuring IGMP snooping querier If your multicast traffic is not routed because Protocol Independent Multicast (PIM) and IGMP are not configured, use the IGMP snooping querier in a VLAN. IGMP snooping querier sends out IGMP queries to trigger IGMP responses from switches that wish to receive IP multicast traffic. IGMP snooping listens for these responses to map the appropriate forwarding addresses.
38 Monitoring IGMP snooping 125 Monitoring IGMP snooping Monitoring the performance of your IGMP traffic allows you to diagnose any potential issues on your switch.
Chapter 39 Configuring DHCP Relay In this chapter • DHCP Relay configuration with NETCONF overview . . . . . . . . . . . . . . . . . . • Configuring DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Removing the DHCP Relay address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Verifying configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39 Configuring DHCP Relay 1. Issue the RPC to configure the node in the urn:brocade.com:mgmt:brocade-interface namespace. 2. Under the node, include the , , , , or node element. 3.
Configuring DHCP Relay 39 DHCP server and client interface on different VRF instances If the DHCP server is on a different Virtual Routing and Forwarding (VRF) instances than the interface where the client is connected, use the node.
39 Removing the DHCP Relay address Removing the DHCP Relay address To remove the IP DHCP Relay address, use the standard delete process for NETCONF. PAGE 603Section V Appendixes This section contains the following appendix: • Managing NETCONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
572 Network OS NETCONF Operations Guide 53-1003231-02
Appendix A Managing NETCONF In this appendix • Viewing NETCONF client capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 • Viewing NETCONF statistics and session information . . . . . . . . . . . . . . . . 574 Viewing NETCONF client capabilities You can view the NETCONF client capabilities for all active sessions through the NETCONF interface or using the Network OS CLI.
A Viewing NETCONF statistics and session information 10 root Brocade Brocade Network Advisor 9.1.0 Build 123 admin-user 10.24.65.8 PAGE 607Viewing NETCONF statistics and session information A To view the NETCONF datastores on the NETCONF server and related locking information, enter the show netconf-state datastores command. switch# show netconf-state datastores LOCKED LOCKED BY LOCKED LOCK BY LOCKED LOCKED NAME SESSION TIME ID SESSION TIME SELECT NODE ----------------------------------------------------------------running startup - To view the data models supported by the NETCONF server, enter the show netconf-state schemas command.
A 576 Viewing NETCONF statistics and session information Network OS NETCONF Operations Guide 53-1003231-02
Index Numerics 802.
C CA certificate, 215 deleting, 216 importing, 215 capabilities NETCONF client, overview, 11 NETCONF client, viewing, 573 NETCONF server, viewing, 574 standard, 10 CEE interface applying a MAC ACL, 409 configuring for STP, RSTP, MSTP, 356 configuring the hello time for MSTP, 363 disabling STP on the interface, 371 enabling and disabling, 278 enabling as an edge port for RSTP, MSTP, 359 enabling guard root for STP, RSTP, MSTP, 360, 362 enabling LACP, 384 enabling port fast, 366 enabling STP on the interface,
E ECMP load balancing, 94 edge detection, 356 edge port enabling, 333 edge port, enabling a CEE interface as an edge port for RSTP, MSTP, 359 edge-loop detection See ELD edit-config RPC, 7, 18 ELD global parameters, configuring, 236 hello interval, configuring, 236 interface parameters, configuring, 237 overview, 235 PDU receive limit, configuring, 236 port priority, configuring, 237 shutdown time, configuring, 236 troubleshooting, 238 VLAN, 99, 237 e-mail alerts, 149 error disable timeout, 345 error disabl
G get RPC, 7, 11 get-config RPC, 7, 11 get-interface-detail RPC, 67, 283, 294 get-mac-acl-for-intf RPC, 413 get-netconf-client-capabilities RPC, 573 get-port-channel-detail RPC, 378 get-port-channel-info-by-intf RPC, 379 get-port-profile-for-intf RPC, 263 get-port-profile-status RPC, 261 get-stp-brief-info RPC, 355 get-vlan-brief RPC, 296 guard root, enabling on a CEE interface, 360, 362 H HA failover, 189 has-more element, 16 health status, 147 hello message, 9, 11 hello time (MSTP), 363 hops, configuring
license ID, retrieving, 65 installing, 67 reserving, 69 upgrading, 66 license key, 65 line card monitoring configuring a threshold, 144 configuring an action, 145 link type, specifying, 365 LLDP DCB-related TLVs, advertizing, 397 disabling globally, 390 enabling globally, 389 frames See LLDP frames global command options, 391 hold time, configuring, 395 interface-level options, 403 iSCSI priority, configuring, 398 iSCSI profile, configuring, 400 optional TLVs, advertising, 396 profile See LLDP profile syste
MSTP bridge forward delay, setting, 342 bridge maximum aging time, setting, 344 bridge priority, setting, 340 Cisco interoperability, disabling, 351 Cisco interoperability, enabling, 350 configuring, 335 disabling globally, 339 disabling on an interface, 372 edge detection, enabling, 356 edge port, enabling on an interface, 359 enabling globally, 338 enabling on an interface, 371 error disable timeout timer, enabling, 345 error disable timeout timer, setting, 346 hello time, specifying, 363 hops, specifying
policer class map, configuring class map, retrieving, 468 configuring, 461 policy map, binding to interface, 466 policy map, configuring, 464, 465 policy map, retrieving, 467 priority map, configuring, 462 priority map, retrieving, 469 port assignment obtaining existing, 68 overriding, 68 releasing, 70 reserving, 68 port configuration for STP, RSTP, MSTP, 356 port fast enabling in STP, 331 enabling on a CEE interface, 366 port priority, specifying on a CEE interface, 367, 368 port shape, 465 port-channel co
Q QoS auto-QoS, 470 Brocade VCA Fabric, configuring in, 460 CEE map, applying, 458 CEE map, creating, 455 CEE map, verifying, 458 configuration procedures configuring the DSCP trust mode, 428 creating a CoS-to-CoS mutation QoS map, 424 congestion control, 445 data center bridging map configuration overview, 455 DSCP-to-Traffic-Class map, verifying, 443 DSCP-to-Traffic-Class mapping, activating, 442 DSCP-to-Traffic-Class, mapping, 441 flow-based, 465 multicast rate limiting, 451 overview, 421 policer, config
remote procedure call (RPC) See RPC, 19 removing alias members, 107 revision number, specifying for MSTP, 354 RJ-45 Ethernet port, 24 roles creating, 180 default, 179 deleting, 182 modifying, 180 user-defined, 180 verifying, 181 root port, CEE interface, restricting for Spanning Tree, 369 route-map, configuring, 506 routing bridge assigning an ID, 86 priority, 90 Network OS NETCONF Operations Guide 53-1003231-02 RPC bna-config-cmd, 19 bna-config-cmd-status, 20 clock-show, 49 close-session, 7, 21 copy-conf
RSTP bridge forward delay, setting, 342 bridge hello time, setting, 348 bridge maximum aging time, setting, 344 bridge priority, setting, 340 configuring, 332 disabling, 339 disabling on an interface, 372 edge detection, enabling, 356 edge port, enabling on an interface, 359 enabling globally, 338 enabling on an interface, 371 error disable timeout timer, enabling, 345 error disable timeout timer, setting, 346 guard root, enabling, 360 link type, specifying, 365 operational state information, retrieving, 35
startup capability, 10 startup-config, 19 static routes default route, configuring, 516 egress interface, configuring, 514 next hop gateway, configuring, 514 STP bridge forward delay, setting, 342 bridge hello time, setting, 348 bridge maximum aging time, setting, 344 bridge priority, setting, 340 configuring, 330 disabling globally, 339 disabling on a VLAN, 282 disabling on an interface, 372 enabling globally, 338 enabling on a VLAN, 280 enabling on an interface, 371 error disable timeout timer, enabling,
U UniDirectional Link Detection (UDLD) configuring, 373 unlock action, 178 unlock RPC, 7 USB downloading firmware, 59 uploading supportsave, 35 usb action, 35, 59 USB device, 35, 58 user account creating, 175 default, 24 deleting, 178 disabling, 177 modifying, 176 unlocking, 178 verifying, 175 user authentication, configuring, 198 user-defined roles, 180 user-priority mapping, QoS, 422 V validate capability, 10 VCS Fabric mode disabling, 86 enabling, 86 VCS restrictions for DSCP features, 461 Virtual Fabri
VRRP backup router, configuring, 537 backup router, definition, 535 configuration, verifying, 551 master router, configuring, 535 master router, definition, 534 multigroup virtual router, configuring, 545 overview, 534 owner router, definition, 534 preemption enabling for physical Ethernet link, 540 enabling for port-channel, 540 enabling for VE interface, 541 Short-Path Forwarding, configuring, 544 track priority configuring for physical Ethernet link, 542 configuring for port-channel, 542 configuring for
590 Network OS NETCONF Operations Guide 53-1003231-02
