53-1003169-01 27 June 2014 Web Tools Administrator's Guide Supporting Fabric OS v7.3.
© 2014, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron, HyperEdge, ICX, MLX, MyBrocade, NetIron, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and The Effortless Network and the On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands and product names mentioned may be trademarks of others.
Contents Preface...................................................................................................................................13 Document conventions....................................................................................13 Text formatting conventions................................................................ 13 Command syntax conventions............................................................ 13 Notes, cautions, and warnings.........................................
Switch View.......................................................................................41 Switch Events and Switch Information.............................................. 43 Free Professional Management tool................................................. 45 Displaying tool tips........................................................................................ 45 Right-click options.........................................................................................45 Refresh rates...
Filtering events by service component................................................73 Displaying the Name Server entries................................................................74 Printing the Name Server entries........................................................ 74 Displaying Name Server information for a particular device............... 74 Displaying zone members for a particular device............................... 75 Physically locating a switch using beaconing............................
Persistent enabling and disabling ports...................................................... 105 Configuring NPIV ports............................................................................... 106 Port activation............................................................................................. 106 Enabling Ports on Demand............................................................. 108 Enabling Dynamic Ports on Demand..............................................
Printing graphs.............................................................................................. 137 Modifying graphs...........................................................................................137 Administering Zoning............................................................................................................ 139 Zoning overview............................................................................................ 139 Basic zones..............................
Viewing the temperature status.......................................................162 Viewing the power supply status.....................................................163 Checking the physical health of a switch........................................ 163 Defining switch policy..................................................................................165 Port LED interpretation................................................................................166 Port icon colors...................
Viewing fabric shortest path first routing....................................................... 192 Configuring dynamic load sharing.................................................................193 Lossless dynamic load sharing......................................................... 193 Specifying frame order delivery.....................................................................194 Configuring the link cost for a port................................................................
Modifying TACACS+....................................................................... 222 Removing TACACS+...................................................................... 222 IPsec concepts............................................................................................223 Transport mode and tunnel mode................................................... 224 IPsec header options...................................................................... 224 Basic IPsec configurations...........
Configuring FCoE login groups..................................................................... 255 Displaying FCoE port information................................................................. 256 Displaying LAG information...........................................................................257 Displaying VLAN information........................................................................ 257 Displaying FCoE login groups......................................................................
Web Tools Administrator's Guide 53-1003169-01
Preface ● Document conventions....................................................................................................13 ● Brocade resources.......................................................................................................... 15 ● Contacting Brocade Technical Support...........................................................................15 ● Document feedback........................................................................................................
Notes, cautions, and warnings Convention Description value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. [] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets. {x|y|z} A choice of required parameters is enclosed in curly brackets separated by vertical bars. You must select one of the options.
Brocade resources Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.
Document feedback • Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider. Document feedback To send feedback and report errors in the documentation you can use the feedback form posted with the document or you can e-mail the documentation team.
About This Document ● Supported hardware and software.................................................................................. 17 ● What’s new in this document.......................................................................................... 18 Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not.
What’s new in this document • • • • • • • • • • • Brocade FC16-32 port blade Brocade FC16-48 port blade Brocade FC16-64 port blade Brocade FC8-16 port blade Brocade FC8-32 port blade Brocade FC8-32E port blade Brocade FC8-48 port blade Brocade FC8-48E port blade Brocade FC8-64 port blade Brocade FS8-18 encryption blade Brocade FX8-24 extension blade What’s new in this document The following additions and enhancements have been made since this document was last released: • • • • In-Band Management is not
Introducing Web Tools ● Web Tools overview........................................................................................................19 ● Web Tools, the EGM license, and Brocade Network Advisor......................................... 19 ● System requirements...................................................................................................... 23 ● Java installation on the workstation................................................................................
Web Tools features enabled by the EGM license Web Tools features enabled by the EGM license The following table describes those Web Tools features that require the EGM license.
Web Tools functionality moved to Brocade Network Advisor TABLE 1 Basic Web Tools features and EGM licensed features (Continued) Feature Basic Web Tools Web Tools with EGM License FRU Monitoring yes yes High Availability yes yes IP Sec Policies yes yes ISL Trunk Management no yes ISL Trunking information yes yes License Management yes yes Long Distance no yes Logical Switch Context Switching no yes Allow/Prohibit Matrix no yes Performance Monitoring dialog box no yes Port Ad
Introducing Web Tools TABLE 2 Web Tools functionality moved to Brocade Network Advisor 22 Function Web Tools 6.1.0 Brocade Network Advisor Comments Add Un-Zoned Devices Zone Admin Configure > Zoning Reverse Find in the Zoning dialog box provides the view of the zoned and unzoned devices in the fabric if all zone members are selected for Find. Analyze Zone Config Zone Admin 1.
System requirements TABLE 2 Web Tools functionality moved to Brocade Network Advisor (Continued) Function Web Tools 6.1.0 Brocade Network Advisor Remove Offline or Inaccessible Devices Zone Admin Configure > Zoning Replace/Replace All zone members by selecting the offline devices from the zone tree. Offline devices have an unknown overlay badge with good visibility. Zone database summary print Zone Admin Configure > Zoning Zoning report for both online and offline database.
Setting refresh frequency for Internet Explorer Brocade supports the platforms shown in the following table. TABLE 4 Supported platforms Operating System Browser Red Hat AS 4.0 (x86 32-bit) Firefox 12.0 Red Hat Enterprise Linux 6.1 Adv (32-bit) Red Hat Enterprise Server 5 Advanced Platform SUSE Linux Enterprise Server 10 (32-bit) SUSE Linux Enterprise Server 11 (x86 32-bit) SUSE Linux Enterprise Server 11 (SP2) (32-bit) Firefox 26.0 Windows 2000 Firefox 12.0, Internet Explorer 9.
Deleting temporary Internet files used by Java applications FIGURE 1 Configuring Internet Explorer Deleting temporary Internet files used by Java applications For Web Tools to operate correctly, you must delete the temporary Internet files used by Java applications. To delete these files, perform the following steps. 1. From the Control Panel, open Java. 2. Select the General tab and click Settings. 3. Click Delete Files to remove the temporary files used by Java applications. 4.
Java installation on the workstation If you have deleted all the temporary files, the list is empty. Java installation on the workstation Java Plug-in must be installed on the workstation. If you attempt to open Web Tools without any Java Plug-in installed: • Internet Explorer automatically prompts and downloads the proper Java Plug-in. • Firefox downloads the most recently released Java Plug-in.
Installing the Java Plug-in on Windows Installing the Java Plug-in on Windows To Install the Java Plug-in on Windows, perform the following steps. 1. From the Start menu, select Control Panel and select the Java Control Panel. 2. Select the About tab. 3. Determine whether the correct Java Plug-in version is installed: • If the correct version is installed, Web Tools is ready to use. • If no Java Plug-in is installed, point the browser to a switch running Fabric OS 7.0.0 or later to install JRE 1.7.0.
Configuring the Java Plug-in for Mozilla family browsers The Java Runtime Environment Settings dialog box displays. 4. Double-click the Runtime Parameters field and enter the following information to set the minimum and maximum heap size: -Xms256m -Xmx256m In this example, the minimum and maximum sizes are both 256 MB. 5. Click OK to apply your settings and close the Java Control Panel.
Opening Web Tools grace period, during which you can still monitor the switch while continuing to display warning messages periodically. These messages warn you that your fabric size exceeds the supported switch configuration limit and tells you how long you have before Web Tools is disabled. After the 30-day grace period, you are no longer able to open Web Tools from the switch with the limited switch license. Web Tools is part of the Fabric OS of a switch.
Logging in to a Virtual Fabric When you are presented with the login window, you must provide a user name and a password. Your home Admin Domain is automatically selected. You can select to log in to an Admin Domain other than your home domain. NOTE You must log in before you can view Switch Explorer (shown in Figure 4 on page 39). Use this procedure to log in to the Admin Domain. 1. Click Run on the signed certificate applet. A warning dialog box may display.
Switching between Virtual Fabrics FIGURE 3 Virtual Fabric login option 2. Log in to a logical fabric. • To log in to the home logical fabric, select Home Logical Fabric and click OK. • To log in to a logical fabric other than the home logical fabric, select User Specified Logical Fabric, enter the fabric ID number or the context name, and click OK. On providing the context name, a dialog box displays with the available list of VF ID-Context Name (role of the context).
Logging out • To log in to the home domain, select Home Domain and click OK. • To log in to an Admin Domain other than the home domain, select User Specified Domain, enter the Admin Domain name or number, and click OK. If the user name or password is incorrect, a dialog box displays indicating an authentication failure. If you entered valid credentials, but specified an invalid Admin Domain, a dialog box displays from which you can select a valid Admin Domain or click Cancel to log in to your home domain.
Session management TABLE 5 Predefined Web Tools roles (Continued) Role Description zoneadmin You can only create and modify zones. fabricadmin You can do everything the Admin role can do except create new users. basicswitchadmin You have a subset of Admin level access. user You have nonadministrative access and can perform tasks such as monitoring system activity. Session management A Web Tools session is the connection between the Web Tools client and its managed switch.
SupportSave logs When you launch Web Tools for the first time, it automatically creates the following directories. These directories are created under Web Tools directory if they are not available: • A directory under the user home directory. • The Web Tools Switch Support Save directory with the name format . The Web Tools Switch Support Save directory contains the following files: • Log4j.xml • WebTools.log • SwitchInfo.txt The SwitchInfo.
Requirements for IPv6 support The default path for Windows is C:\Documents and Settings\<>\Webtools\. The default path for Linux is /root/WebTools/. 3. Click Capture to start collecting the SupportSave logs. A zipped-up SupportSave folder is saved in the defined location. SupportSave zip file name format is "WT-SS-switchIP-FID-dd-mm-yy-hh-mm-ss". The SupportSave file name will show the VF ID if VF is enabled on the switch.
Requirements for IPv6 support 36 Web Tools Administrator's Guide 53-1003169-01
Using the Web Tools Interface ● Viewing Switch Explorer..................................................................................................37 ● Displaying tool tips.......................................................................................................... 45 ● Right-click options........................................................................................................... 45 ● Refresh rates.............................................................................
Using the Web Tools Interface ‐ ‐ Reporting tasks, such as viewing the status of a switch. Tools tasks, such as opening the Telnet or SSH client window, beaconing a switch or chassis, and access to SupportSave. • The buttons below the menu bar provide access to switch information: status, temperature, power, and fan data. Although clicking a button can open a separate dialog box or window displaying the management tasks, all access control is established when you first log in to the switch.
Persisting GUI preferences FIGURE 4 Switch Explorer 1. 2. 3. 4. 5. 6. 7. 8. 9.
Tabs • Table column sorting • Table column positions The Switch Explorer GUI preferences that persist are: • Last selected tab The Name Server GUI preferences that persist are: • Table column sorting • Table column positions The Zone Admin GUI preferences that persist are: • • • • • Basic Zones Traffic Isolation Zones Last selected tab Table column sorting Table column positions Tabs Switch Explorer provides access to the following three tabs: • Switch View • Port Admin • Name Server --This feature is av
Changing the Admin Domain context Changing the Admin Domain context The Admin Domain field displays the currently selected Admin Domain and allows you to change to a different one. The ability to change Admin Domain context requires that the EGM license is enabled on the switch. Otherwise, an error message displays. If you are logged in to Web Tools without the EGM license, you must log in again using a specific Admin Domain. After you log in, all Admin Domains assigned to you are available in the menu.
Port representations The default Switch View display refresh rate is 60 seconds. However, the initial display of Switch Explorer may take from 30 to 60 seconds after the switch is booted. Refresh rates are fabric-size dependent. The auto-refresh interval may not be less than 45 seconds. However, the refresh rate varies depending on the activity in the fabric and on the host system you are using. The larger the fabric, the longer it takes to poll the fabric and refresh the view.
Zoom in and zoom out FIGURE 5 USB port storage management NOTE Click the USB port on the Switch View to launch the USB Storage Management window. Zoom in and zoom out You can use the zoom buttons ( ) above the graphical Switch View to magnify the hardware image. Click the zoom in button (+) to see an enlarged view of the switch and click the zoom out button (-) to see the default view of the switch. You can pause the pointer over the zoom in button (+) and the zoom out button (-) to view the tool tip.
Using the Web Tools Interface NOTE You can click the column head to sort the events by a particular column, and drag the column divider to resize a column. You can also right-click a column heading to resize one or all columns, sort the information in ascending or descending order, or select which columns are displayed. The Switch Information tab displays information about the following items: • Last updated at: Displays the switch time. • Switch ‐ ‐ ‐ ‐ ‐ ‐ ‐ Name: Name of the switch.
Free Professional Management tool For more information, refer to Displaying switch information on page 161. Free Professional Management tool You can use the Professional Management tool with Web Tools to view connectivity for each fabric, to back up and restore last-known configurations, and more. You can also use it with the Enhanced Group Management (EGM) license to manage groups of switches, download firmware, manage security settings, and deploy configurations across groups of switches.
Refresh rates FIGURE 6 Right-click menu for ports (from Switch Explorer) The tasks are: • The Port Admin option displays the Port Admin tab. • The Port Details option displays read-only information about a port, without opening the Port Admin tab. You can right-click on the table content to export or copy the information from the Port Details window.
Displaying switches in the fabric TABLE 6 Polling rates (Continued) Module Polling rate Zoning Database 60 sec Fabric Watch 45 sec Performance Monitor (This feature requires the EGM license.) 30 sec Port Management User-defined; 45 sec minimum FC Routing 45-90 sec, depending on network traffic Displaying switches in the fabric If your fabric has more than one switch, you can open Web Tools from one switch and then access other switches.
Opening a Telnet or SSH client window might be lost. Make sure that, when you connect with simultaneous multiple connections, you do not overwrite the work of another connection. • Several tasks in Web Tools make fabric-level changes, such as the tasks in Zone Administration. When executing fabric-level configuration tasks, wait until you have received confirmation that the changes are implemented before executing any subsequent tasks. For a large fabric, this can take several minutes.
Using the Web Tools Interface 3. Expand the Java console. 4. Select Show console. 5. Restart Web Tools. The Java console displays, along with the Web Tools opening page. 6. Perform the Web Tools operation that caused the problem. 7. Collect the logs shown on the Java console. 8. If you no longer want to see the Java console when you start Web Tools, go back to the Control Panel, repeat steps 1 and 2, and then deselect Show console.
Collecting logs for troubleshooting 50 Web Tools Administrator's Guide 53-1003169-01
Managing Fabrics and Switches ● Fabric and switch management overview....................................................................... 51 ● Configuring IP and subnet mask information.................................................................. 53 ● Configuring Netstat Auto Refresh................................................................................... 54 ● Configuring a syslog IP address.....................................................................................
Opening the Switch Administration window FIGURE 7 Switch Administration window, Switch tab, Basic mode With the exception of switch time, information displayed in the Switch Administration window is not updated automatically by Web Tools. To update the information displayed in the Switch Administration window, click the Refresh button. ATTENTION Most changes you make in the Switch Administration window are buffered, and are not applied to the switch until you save the changes.
Configuring IP and subnet mask information 1. Click Configure > Switch Admin. The Switch Administration window displays in basic mode, as shown in Figure 7 on page 52. The basic mode displays the "basic" tabs and options. 2. Click Show Advanced Mode to see all the available tabs and options, as shown in the following figure.
Configuring Netstat Auto Refresh To configure the IP and subnet mask information, perform the following steps. 1. Select the Network tab. 2. In the appropriate IP address section, enter the IP address you want to use for the IP interface. Use the IPv4 Address section or the IPv6 Address section to specify IP addresses. 3. In the IPv4 Address section: • • • • • In the Ethernet IP field, enter the Ethernet IP address. In the IPFC Net IP field, enter the IPFC net IP address.
Removing a syslog IP address 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the Network tab. 3. In the Syslog IP’s Configuration section, in the New IP field, enter an IP address in either IPv4 or IPv6 format. 4. Click Add. The new IP address displays in the Syslog IP area. 5. Click Apply. Removing a syslog IP address To remove a syslog IP address, perform the following steps. 1.
Blade management • The Clone Policy button lets you copy a policy. Use this feature when you want to create similar policies. After you create a clone, you can edit the policy to make the appropriate changes. • The Activate Policy button lets you make an existing policy active. • The Distribute Policy button lets you distribute a policy to various switches. • The Accepts Distribution check box lets you set the policy to accept or reject distributions.
Setting a slot-level IP address FIGURE 9 Blade tab 3. Select Blade Action > Enable Blade for each blade you want to enable, or Blade Action > Disable Blade to disable a blade, and click Yes in the confirmation dialog box. Disabling a blade does not turn off the blade, it disables the ports on the blade. You cannot enable or disable the CP blades. Setting a slot-level IP address To set an IP address, perform the following steps. 1.
Viewing IP addresses NOTE To remove a configuration, select a row in the table and click Delete. 8. Click Apply to save the values currently shown in the table or click Cancel to close the dialog box without saving any of your changes. 9. To update the switch with your changes, update the table using the Add and Delete buttons, and then click Apply. Viewing IP addresses If you want to view the IP addresses configured on the switch for the currently populated slots, use the Show IP Address button.
Changing the switch name 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the Switch tab. 3. In the Switch Persistent section, do one of the following: • Click Enable to enable the switch persistent. • Click Disable switch immediately to disable the switch persistent immediately. • Click Disable when the switch reboots to set the switch persistent in the disabled state and disable switch persistent on reboot.
Viewing and printing a switch report Viewing and printing a switch report The switch report includes the following information: • • • • • • A list of switches in the fabric Switch configuration parameters A list of ISLs and ports Name Server information Zoning information SFP serial ID information To view or print a report, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the Switch tab. 3.
Switch restart TABLE 7 Principal switch selection factors (Continued) Principal switch Priority value with force option Expected behavior Equal to principal Fabric rebuild occurs and the principal switch is selected based on the WWN check (lower becomes principal switch). Lesser than subordinate No fabric rebuild, the switch remains principal. Greater than subordinate Fabric rebuild occurs and the switch becomes subordinate.
System configuration parameters System configuration parameters You must disable the switch before you can configure fabric parameters. You can change the following system configuration parameters: • • • • • • Switch fabric settings Virtual channel settings Arbitrated loop parameters System services CSCTL QoS mode settings Signed firmware WWN-based persistent PID assignment WWN-based PID assignment allows you to configure a PID persistently using a device’s WWN.
Configuring fabric settings TABLE 8 Switches that support WWN-based persistent PID on Web Tools (Continued) Platform VF Brocade 5100 Default switch Logical switch Area mode FICON mode Enabled Yes Yes Default-8 bit dynamic Configurable Disabled N/A N/A Default-8bit dynamic Configurable Brocade 5300 Brocade VA-40FC Brocade 6510 Brocade 6520 Brocade 7800 Brocade 7840 Brocade 300 Brocade 5100 Brocade 5300 Brocade VA-40FC Brocade 6510 Brocade 6520 Brocade 7800 Brocade 7840 Configuring fabric set
Enabling insistent domain ID mode TABLE 9 Fabric settings (Continued) E_D_TOV Error detect timeout value (in milliseconds). This timer is used to flag a potential error condition when an expected response is not received within the set time. The valid range is 1000 - (R_A_TOV/2) Datafield size The largest possible data field size (in bytes). The range of valid values is from 256 through 2112. Address mode Displays the addressing mode present in the switch.
Configuring arbitrated loop parameters ATTENTION The default virtual channel settings are already optimized for switch performance. Changing the default values can improve switch performance, but can also degrade performance. Do not change these settings without fully understanding the effects of the changes. VC Priority specifies the class of frame traffic given priority for a virtual channel. To configure the virtual channel settings, perform the following steps. 1.
Configuring system services Configuring system services You can enable or disable FCP read link status (RLS) probing for F_Ports and FL_Ports. It is disabled by default. To configure system services, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Disable the switch as described in Enabling and disabling a switch on page 58. 3. Select the Configure tab. 4. Select the System subtab. 5.
Licensed feature management 4. Select the Enable Signed Firmware Download check box. 5. Click Apply. Licensed feature management The licensed features currently installed on the switch are listed in the License tab of the Switch Administration window. If the feature is listed, such as the EGM license, it is installed and immediately available. When you enable some licenses, such as ISL Trunking, you might need to change the state of the port to enable the feature on the link.
Removing a license from a switch 4. Click Assign Slot(s). The Assign Slots window displays. 5. Select the slots you want to assign. 6. Click OK. NOTE The Assign Slot(s) option is not supported in pizza box switches. Removing a license from a switch To remove a license from a switch in the Switch Administration window, perform the following steps. ATTENTION Use care when removing licenses. If you remove a license for a feature, that feature no longer works. 1.
High Availability overview High Availability overview High Availability (HA) features provide maximum reliability and nondisruptive replacement of key hardware and software modules. High Availability is available only on the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 platforms. Refer to the Fabric OS Administrator's Guide for additional information about High Availability.
Admin Domain considerations FIGURE 10 High Availability window, CP tab The High Availability window gets refreshed automatically. You can also click Refresh to update the information displayed in the High Availability window. Admin Domain considerations To open the High Availability window, the switch must be a member of your current Admin Domain. If the switch is not a member of the current Admin Domain, the Synchronized Services and Initiate Failover buttons are unavailable.
Initiating a CP failover 3. Click Synchronize Services. The Warning dialog box displays. 4. Click Yes and wait for the CPs to complete a synchronization of services, so that a nondisruptive failover is ready. 5. Click Refresh to update the HA Status field. When the HA Status field displays HA enabled, Heartbeat Up, HA State synchronized, a failover can be initiated without disrupting frame traffic on the fabric. Initiating a CP failover A nondisruptive failover might take about 30 seconds to complete.
Displaying switch events On the Switch Events tab, you can click Filter to launch the Event Filter dialog box. The Event Filter dialog box allows you to define which events should be displayed on the Switch Events tab. For more information on filtering events, refer to Filtering switch events on page 72.
Filtering events by event severity levels 3. To filter events within a certain time period: • Select the From check box and enter the start time and date in the fields. • Select the To check box and enter the finish time and date in the fields. • To filter events beginning at a certain date and time, select only the From check box and enter the start time and date. • To filter events up until a certain date and time, select only the To check box and enter the finish time and date. 4. Click OK.
Displaying the Name Server entries 3. Select Service. The event service menu is enabled. 4. Select either Switch or Chassis from the menu to show only those messages from the logical switch or from the chassis. 5. Click OK. The filter is enabled and the window is refreshed to show the filtered information. Displaying the Name Server entries Web Tools displays Name Server entries listed in the Simple Name Server database.
Displaying zone members for a particular device The Name Server tab displays. 2. Select a device from the Domain column. 3. Click Detail View. The Name Server Information dialog box displays the information specific to that device. Displaying zone members for a particular device To display zone members for a particular device, perform the following steps. 1. In the Switch Explorer window, select Name Server. The Name Server tab displays. 2. Select a device from the Domain column. 3.
Virtual Fabrics overview The LEDs on the logical switch light up on the blades associated with the logical switch. Virtual Fabrics overview Virtual Fabrics is an architecture that virtualizes hardware boundaries. Traditionally, SAN design and management is done at the granularity of a physical switch. Each switch and all the ports in the switch act as a single fabric element that participates in a single fabric. Virtual Fabrics allows SAN design and management to be done at the granularity of a port.
Viewing logical ports You must have the EGM license installed to view the Logical Switch selection on a Brocade 5100, 5300, or VA-40FC. A dialog box displays asking you to confirm your selection. 2. Click Yes to confirm. The selected logical switch displays. Viewing logical ports When base switches are connected through XISLs, a base fabric is formed that includes logical switches in different chassis.
Viewing logical ports 78 Web Tools Administrator's Guide 53-1003169-01
Maintaining Configurations and Firmware ● Creating a configuration backup file................................................................................79 ● Restoring a configuration................................................................................................ 80 ● Admin Domain configuration maintenance..................................................................... 81 ● Uploading and downloading from USB storage..............................................................
Restoring a configuration If you select USB as the configuration file source, the network parameters are not needed and are not displayed. You can skip to step 6. 6. Use the Fabric ID selector to select the fabric ID of the logical switch from which the configuration file is to uploaded. The selector displays all the Virtual Fabric IDs that have been defined, the default of 128 for the physical switch, chassis level configuration, and all chassis and switches.
Admin Domain configuration maintenance 6. Enter the configuration file with a fully-qualified path, or select the configuration file in the Configuration File Name field. 7. Use the Fabric ID selector to select the fabric ID of the logical switch to which the configuration file is to be downloaded. The selector displays all the Virtual Fabric IDs that have been defined, the default of 128 for the physical switch, chassis level configuration, and all chassis and switches. 8.
Uploading and downloading from USB storage • Brocade VA-40FC • Brocade 7800 For non-8 Gbps platforms, all functionalities are available without the EGM license. Uploading and downloading from USB storage If you choose to upload or download from a USB device, you must click the USB port to launch the USB Port Management wizard. To update your USB storage, perform the following steps. 1. Select Mount USB Device, and select Yes at the confirmation prompt. 2.
Maintaining Configurations and Firmware The path name should use the following structure: ////release.plist In this syntax, the is the path up to the entry point of and is where the unzipped version of Fabric OS is located, for example: //directory_1/my_directory/v7.0.0/release.plist 5. Select the protocol type in the Protocol Type field.
Performing a firmware download 84 Web Tools Administrator's Guide 53-1003169-01
Managing Administrative Domains ● Administrative Domain overview..................................................................................... 85 ● Enabling Admin Domains................................................................................................87 ● Admin Domain window....................................................................................................87 ● Creating and populating domains...............................................................................
System-defined Admin Domains System-defined Admin Domains AD0 and AD255 are special Admin Domains and are present in every AD-capable fabric. AD0 AD0 is a system-defined Admin Domain that, in addition to containing members you explicitly added (similar to user-defined Admin Domains), it contains all online devices, switches, and switch ports that were not assigned to any user-defined Admin Domain. Unlike user-defined Admin Domains, AD0 has both an automatic membership list and a fixed membership list.
Admin Domain membership Admin Domain membership Switches, ports, and devices can be members of an Admin Domain. The following Admin Domain members can be either direct or indirect members: • Direct members--Devices, switches, and ports that you explicitly add to an Admin Domain. Direct members are listed in the Admin Domain membership list.
Managing Administrative Domains • • • • Brocade Encryption Switch Brocade 300, 5300, and 5100 switches Brocade VA-40FC Brocade 7800 For non-8 Gbps platforms, all functionalities are available without the EGM license. The Admin Domain window displays information about the Admin Domains that are defined in the fabric. If you launch the Admin Domain window from AD255 (physical fabric), the window contains information about the current content of all Admin Domains.
Opening the Admin Domain window In the Switch Members dialog box, enter the text string and press Enter . This is an incremental search and allows 24 maximum characters including the wildcards question mark (?) and asterisk (*). The first row containing the text string is highlighted. To find the next match, press the down arrow. To find the previous match, press the up arrow. If the text is not found in the table, the text turns red.
Saving local Admin Domain changes The information in the Admin Domain window is updated with the saved information on the switch. This action also refreshes the fabric information as described in Refreshing fabric information on page 89 on page 70. Any unsaved Admin Domain changes are deleted. Saving local Admin Domain changes All information displayed and all changes made in the Admin Domain window are buffered until you save the changes.
Creating an Admin Domain Creating an Admin Domain To create an Admin Domain, perform the following steps. 1. Open the Admin Domain window, as described in Opening the Admin Domain window on page 89. 2. Click New. The Create Admin Domain wizard displays. 3. In the Name area, assign an Admin Domain name. You can specify a name or let the system assign the name for you. 4. In the ID area, assign an Admin Domain ID. You can specify an ID or let the system assign the ID for you. 5.
Activating or deactivating an Admin Domain Activating or deactivating an Admin Domain To activate or deactivate an Admin Domain, perform the following steps. 1. Open the Admin Domain window. 2. From the tree on the left, select the Admin Domain you want to activate or deactivate. 3. Click Activate to activate the Admin Domain, or click Deactivate to deactivate the Admin Domain. 4. Select Actions > Save AD Configuration to save the new Admin Domain configuration to persistent storage. 5.
Renaming Admin Domains Renaming Admin Domains You can change the name of an Admin Domain, including an auto-assigned ID name. The Admin Domain name cannot exceed 63 characters and can contain alphanumeric characters. The only special character allowed is an underscore ( _ ). NOTE You cannot rename AD0 or AD255. To rename an Admin Domain, perform the following steps. 1. Open the Admin Domain window. 2. From the tree on the left, select the Admin Domain. 3. Click Rename. 4. Enter the new name and click OK.
Clearing the Admin Domain configuration 94 Web Tools Administrator's Guide 53-1003169-01
Managing Ports ● Port management overview............................................................................................ 95 ● Configuring FC ports....................................................................................................... 99 ● Assigning a name to a port........................................................................................... 103 ● Port beaconing..........................................................................................................
Admin Domain considerations NOTE You can drag the column divider to resize a column, or drag columns to re-arrange them in a custom order. You can also right-click a column heading to resize one or all columns, or sort the information in ascending or descending order.
Ports Explorer tree • • • • • • • • • • • • • • • • • • • DP1 GigePort DP1 Source IP DP1 Destination IP DP1 VLAN ID DP1 MTU Size Compression Mode Data L2COS Value DSCP Data IKE Policy Number IPsec Policy Enabled Keep Alive Timeout MaximumCommunicationRate (Mbps) MinimumCommunicationRate (Mbps) MaxRetransmitRate MinRetransmitRate Metric Pre-Shared key QOS Mapping Selective Ack Ports Explorer tree The Ports Explorer tree displays on the left side of the window.
Managing Ports ‐ Enable/Disable ‐ Persistent Enable/Persistent Disable • SFP --Physical ports only (FC, CEE, and GbE) ‐ Basic information about the port equipment • QSFP --Quad Small Form-factor Pluggable ports ‐ Basic information about the port. ‐ UnitNumber ‐ ChannelIndex ‐ DeviceTech • Port Statistics --All ports ‐ Basic port information and statistics Note that on the Port Statistics subtab, you can view either absolute values or deltas for port statistics.
Controllable ports ‐ Basic Information about the port. ‐ Advanced information about the port equipment. ‐ UnitNumber ‐ ChannelIndex ‐ DeviceTech ‐ MaxCaseTemp • Port Statistics ‐ ‐ ‐ Advanced port statistics Error details FCIP Tunnels--GbE ports and logical FCIP ports only (not available for the FR4-16IP). Controllable ports All ports have a Controllable attribute visible from the Advanced Mode , which represents the RBAC permission.
Allowed port types NOTE Long distance does not display from the General or Table subtabs if the EGM license is not enabled on the switch. 5. Select Edit from the Actions list. The FC Port Configuration wizard displays. The fields are populated with the current configuration values. NOTE Long distance is not displayed from the Edit Configuration window. You can view long distance from the View tab when you display the port details. 6. Follow the steps in the wizard.
Speed NOTE To configure a port as an EX_Port, the switch must be capable of supporting FCR or FCIP features. The EX_Port option is disabled in the wizard if the switch does not meet these requirements. Speed The FC Port Configuration tab provides the option to set the port speed. To set the speed, the EGM license must be enabled on the switch. Otherwise, access to port speed configuration is denied and an error message displays.
Managing Ports • Ingress rate limiting is not supported if the F_Port is in AOQ. • Ingress rate limiting is not supported if the F_Port is part of Trunk. • Ingress rate limiting is not supported if the F_Port is not QoS-enabled, but it connects to a QoSenabled AG switch port.
Available buffer credit calculation Available buffer credit calculation The FC Port Configuration wizard provides non-editable Recommended Buffer and Remaining Buffer fields to check the available buffer credit for a port. Recommended Buffer The number of recommended buffers. The recommended buffer is calculated based on the following values: • Speed (not based on auto-negotiate speed) • Frame size • Desired distance (km) Remaining Buffer The number of remaining buffers.
Enabling and disabling a port To configure beaconing for an FC port, perform the following steps. 1. Select the Port Admin tab. 2. Click View > Advanced, if the Port Admin tab is in Basic mode. 3. Select the switch in the FC Ports Explorer list. 4. From the table, select a port or multiple ports you want to set to beacon. 5. Select Beacon > Enable from the Actions list. NOTE You may select all the ports on the switch, but if you select a port that is not valid for beaconing, the Beacon option is disabled.
Persistent enabling and disabling ports • On FR4-18i and FC4-16IP port blades, all ports are disabled by default. You can disable and reenable them as needed. • If a port is not licensed you cannot enable it until you install the appropriate license, such as a Ports on Demand or N_Port ID Virtualization license (refer to Port activation on page 106 for more information). The Licensed field located in the General tab in the Port Admin tab indicates whether a port is licensed.
Configuring NPIV ports Configuring NPIV ports For detailed information about understanding and configuring NPIV ports, refer to the Fabric OS Administrator’s Guide. NOTE The NPIV feature cannot be disabled when Access Gateway mode is enabled. The NPIV Max Login Limit option configures the maximum number of permitted logins per NPIV port. Each NPIV port can support up to 255 logins. The range of valid values is from 1 through 255 logins per port. The default value is 126 logins.
Managing Ports TABLE 12 Ports enabled with POD licenses and DPOD feature (Continued) Switch name Enabled by default Enabled with Ports on Demand licenses Enabled with the Dynamic Ports on Demand feature Brocade 6505 0-11 12-23 Brocade 6510 0-23 24-35, 36-47 Brocade 6520 0-47 48-71, 72-95 Brocade VA-40FC 0-23 24-31, 32-39 Brocade NC-5480 1-8, 17-20 0, 9-16, 21-23 Brocade 5480 1-8, 17-20 0, 9-12, 13-16, 21-23 Brocade 5470 0-7, 15, 16 8-14, 17-19 Brocade 5460 0-3, 6-13 4, 5, 14-25 B
Enabling Ports on Demand After the license keys are installed, you must enable the ports. You can do so without disrupting switch operation, as described in Enabling and disabling a port on page 104. Alternatively, you can disable and re-enable the switch to activate all ports as described in Enabling and disabling a switch on page 58. To unlock a Ports on Demand license, you can use the supplied license key or generate a license key.
Diagnostic ports 3. From the tree on the left, select the switch or the slot that contain the ports. 4. Click Disable DPOD to set the licensing mechanism to static. If the button is labeled Enable DPOD, the licensing mechanism is already set to static. Diagnostic ports Diagnostic ports (D_Ports) are used for running diagnostics to isolate link level faults and inter-switch link testing in fabric, optical, and remote loopback modes.
Port swapping index To release a license, click Release License in the Port Admin tab. Port swapping index If a port malfunctions, or if you want to connect to different devices without having to rewire your infrastructure, you can move traffic from one port to another (swap ports) without changing the I/O Configuration Data Set (IOCDS) on the mainframe computer. NOTE Port swapping is not applicable to GE or ICL ports because there are no areas assigned to these ports.
Determining if a port index was swapped with another switch port 7. Enter the number of the port with which you want to swap the current port. If the port is on a blade, you must also provide the slot number. NOTE Port swapping on an FC8-48, FC8-48E, FC8-64, and FC16-48 is supported only on ports 0 through 15. 8. Click OK. Determining if a port index was swapped with another switch port To determine whether a port was swapped, perform the following steps. 1.
Configuring port binding FIGURE 15 Port swapping index Configuring port binding To bind a port or ports, perform the following steps. 1. Select a port in the Switch View to open the Port Admin tab. 2. Select the FC Ports tab. 3. Select View > Advanced. 4. From the table, select the port or ports you want to bind. 5. Select Binding > Bind PID from the Actions list. NOTE If a port is already bound, a warning message is displayed that the port ID is already bound.
Unbinding a port FIGURE 16 Port address binding 8. Click OK. In the port list table, for the bound ports, the Port ID column displays as Port ID value (Bound). You can also check the Bound Status attribute on the General tab to know if a port is bound or not. Unbinding a port To unbind a port or ports, perform the following steps. 1. Select a port in the Switch View to open the Port Admin tab. 2. Select the FC Ports tab. 3. Select View > Advanced. 4.
Configuring ALPA NOTE BB credit is not applicable for VE and ICL ports. 8. Select a port or ports under Selected Ports. 9. Click the right arrow to set the BB credit value for the selected ports and click OK. The value displays in the table of the Port Admin tab. If no value is configured, the F-Port BB Credit column displays the default value. Configuring ALPA PID is the address assigned to the host when it performs a login with a fabric. The 24 bits of the PID are built from three 1-byte fields.
Configuring port octet speed combination FIGURE 17 Port WWN Map dialog box 9. Optional: Click Remove All to clear all of the Port WWN maps. Configuring port octet speed combination The Port Admin tab provides an option to set the port octet speed combination.
Configuring CSCTL To configure the port octet speed combination, perform the following steps. 1. Select the Port Admin tab. 2. Select View > Advanced mode. 3. Select the FC Ports tab. 4. In the FC Ports Explorer dialog box, select a port to configure. FIGURE 18 FC Ports Explorer dialog box 5. Select Speed Combination from the Actions list. The Port Octet Speed Combination dialog box displays. FIGURE 19 Port Octet Speed Combination dialog box 6. Select a speed combination and click OK.
Enabling CSCTL mode VC number which, if this feature is enabled, is retrieved by indexing the CSCTL value into the table for each frame entering the fabric. Irrespective of the type of frame classification method used, the flow priority of a frame is primarily determined by the VC number used to transmit the frames across the ISL ports.
Enabling or disabling encryption Enabling or disabling encryption To configure encryption for an FC port, perform the following steps. 1. Click Configure > Switch Admin. 2. Select the Security Policies tab and then Authentication from the left panel. 3. Select Active or On from the Switch Authentication Policy Mode list. NOTE For enabling or disabling encryption on a port, the following criteria must be satisfied. • The switch authentication policy should be active or on.
Forward Error Correction N/A Compression is not supported. Forward Error Correction Forward Error Correction (FEC) allows recovering of error bits in a 10 Gbps or a 16 Gbps data stream. This feature is enabled by default on all ISLs and ICLs of 10 Gbps and 16 Gbps FC platforms. FEC is supported in Access Gateway mode. To configure FEC for an FC port or ICL port, perform the following steps. 1. Select the Port Admin tab from the Switch Explorer window. 2. Select View > Advanced. 3.
GigE port modes To configure In-Band Management, perform the following steps. 1. Select Port Admin > GigE Ports > In-Band IP Interface. 2. Click Add to configure a new In-Band Management entry. 3. Set the IP Address Type to IPv4. 4. Set the address options: • IP Address • Subnet Mask • MTU Size 5. Click OK. 6. Select the Inband IP Routes tab. 7. Click Add to configure a new route entry. You can create a maximum of 32 In-band IP route entries. 8. Set the IP Address Type to either IPv4 or IPv6. 9.
Enabling ISL Trunking ● ISL Trunking overview...................................................................................................121 ● Disabling or enabling ISL Trunking .............................................................................. 121 ● Viewing trunk group information....................................................................................122 ● F_Port trunk groups......................................................................................................
Admin Domain considerations 5. Select View > Advanced . 6. Select Trunking > Enable or Disable from the Actions list. If the option is unavailable, then the selected port is already in that state. 7. Click Yes in the confirmation dialog box. Admin Domain considerations You can only enable and disable trunking for a port when the current Admin Domain owns the switch. You can log in to a switch that is not in your Admin Domain, but most of the functionality is unavailable.
F_Port trunk groups F_Port trunk groups F_Port trunking provides extra bandwidth and robust connectivity for hosts and targets connected by switches in Access Gateway mode. There are five general criteria for establishing F_Port trunking: • The F_Port trunking feature requires installing the EGM license; otherwise, if you attempt to use this feature in Web Tools without the license, an error message displays. • Trunking must be enabled on the ports.
Enabling ISL Trunking NOTE To remove a port from the trunk group, select the port from the Trunk Groups table and then click Remove Members. 10.Click OK to save your changes.
Monitoring Performance ● Performance Monitor overview..................................................................................... 125 ● Opening the Performance Monitor window................................................................... 130 ● Creating basic performance monitor graphs................................................................. 130 ● Customizing basic monitoring graphs...........................................................................
Performance graphs For detailed information on performance monitoring, refer to the Fabric OS Administrator's Guide. Performance graphs Each performance graph is displayed individually in a window, so it can be minimized, maximized, resized, and closed. Graphs within the Performance Monitor window are updated every 30 seconds. When you first display the graph or if you modify the graph (such as to add additional ports), you might have to wait up to 30 seconds before the new values are shown.
Monitoring Performance TABLE 14 Basic performance graphs (Continued) Graph type Display description Switch Aggregate Throughput The aggregate performance of all ports on a switch. Blade Aggregate Throughput The aggregate performance of all ports on a port card. This graph is available only for the Brocade DCX and DCX-4S enterprise-class platforms. Switch Throughput Utilization The port throughput, in Gbps at the time the sample is taken.
Monitoring Performance TABLE 16 Supported port types for Brocade switches (Continued) Graph type Physical FC ports Logical FC ports GbE ports Switch Throughput Utilization P N/A P Port Error P P P Switch Percent Utilization P N/A P Port Snapshot Error P P N/A SID/DID Performance P P N/A SCSI Commands P N/A N/A SCSI vs.
User-defined graphs FIGURE 21 Accessing performance graphs User-defined graphs You can modify the predefined graphs to create your own customized graphs (refer to Customizing basic monitoring graphs on page 131 for more information). These user-defined graphs can be added and saved to canvas configurations. Canvas configurations A canvas is a saved configuration of graphs. The graphs can be either the Web Tools predefined graphs or user-defined graphs.
Opening the Performance Monitor window FIGURE 22 Canvas of six performance monitoring graphs Opening the Performance Monitor window To perform performance monitoring, you must use Web Tools with the EGM license; otherwise, access to performance monitoring is denied and an error messages displays. To open the Performance Monitor window, perform the following steps. 1. Select a switch from the Fabric Tree and log in when prompted. 2. Click Monitor > Performance Monitor.
Customizing basic monitoring graphs Depending on the type of graph you select, you might be prompted to select a slot or port for which to create a graph. 3. If prompted, drag the port into the Enter/drag slot, port field, or manually enter the slot and port information in the field, in the format slot,port. NOTE For the Brocade 300, 5100, 5300, 6505, 6510, 6520, VA-40FC, 7800 Extension Switch, 7840 Extension Switch, and the Encryption Switch, enter only a port number. 4. Click OK.
Monitoring Performance FIGURE 23 Select Ports for customizing the Switch Throughput Utilization graph You can perform the following in the dialog box: a) Double-click the domain to expand the slot or port list. b) NOTE For the Brocade DCX 8510-8, Brocade DCX 8510-4, and Brocade DCX and Brocade DCX-4S enterprise-class platforms, click the plus signs (+) to expand the ports under each slot, as shown in the previous figure. Click the port you want to monitor in the graph in the Port Selection List.
Advanced performance monitoring graphs Advanced performance monitoring graphs This section describes how to create the advanced performance monitor graphs listed in Predefined performance graphs on page 126. Because the procedure for creating these graphs differs depending on the type of graph, each type is described separately in the sections that follow. The advanced monitoring graphs are not supported for GbE ports.
Creating the SCSI vs. IP Traffic graph 7. Click Yes to display the graphs. 8. When you close a graph, a dialog box asks if you want to save the monitor. If you click OK, the monitor is saved, and persists if the switch is restarted. Creating the SCSI vs. IP Traffic graph The SCSI vs. IP Traffic graph displays the SCSI versus IP traffic for selected ports.
Tunnel and TCP performance monitoring graphs For the Brocade Encryption Switch, you can enter up to eight LUN masks For the Brocade 5100, 5300, 300, and 7800, you can enter up to eight LUN masks. 6. Click OK. The selected graph displays in the canvas. Tunnel and TCP performance monitoring graphs This section describes how to generate the Tunnel and TCP performance monitor graphs. You can launch a maximum of four Tunnel and TCP graphs for a switch at a time.
Tunnel and TCP graph chart properties • Range: The range is from 3 through 30 seconds. The X axis is limited to 30 minutes. The graph scale starts with 0 minutes and auto-scales to draw the statistics. Once the 30 minutes graph is drawn, the first minute data is removed to accommodate the 31st minute values. • Global auto scaling: By default, this option is in disabled mode. You can either enable or disable this option.
Adding graphs to an existing canvas Adding graphs to an existing canvas The following procedure assumes that a canvas is already created. To create a new canvas, you must first create graphs, as described in Creating basic performance monitor graphs on page 130 and Advanced performance monitoring graphs on page 133, and then save those graphs to a canvas, as described in Saving graphs to a canvas on page 136. To add a graph to an existing canvas, perform the following steps. 1.
Monitoring Performance NOTE The Edit button is enabled only for the graphs that are configurable or editable. 5. Make changes in the Edit dialog box, as necessary. 6. Click OK to close the Edit dialog box. 7. Click Save to save the changes and close the Performance Monitor Canvas dialog box. 8. Click Close to close the Canvas Configuration List.
Administering Zoning ● Zoning overview............................................................................................................ 139 ● Zoning configurations ...................................................................................................140 ● Zoning management..................................................................................................... 141 ● Zone configuration and zoning database management................................................
QoS zone requirements QoS zone requirements A QoS zone is a special zone that assigns a Quality of Service (QoS) level for traffic flow between a given host or target pair. The members of a QoS zone are WWNs of the host or target pairs. QoS zones can contain only WWN members. A QoS zone has a special prefix, to differentiate it from a regular zone. The formats and meaning of the QoS zone name prefix are shown in the following table (the names are not case-dependent).
Zoning management NOTE To use Admin Domains, you must set the default zoning mode to No Access prior to setting up the Admin Domains. To use the Admin Domain feature, the EGM license must be enabled on the switch; otherwise, access to this feature is denied. You cannot change the default zoning mode to All Access if user-specified Admin Domains are present in the fabric. To set the default zoning mode, perform the following steps. 1.
Administering Zoning FIGURE 24 Zone Administration window ATTENTION Any changes you make in the Zone Administration window are held in a buffered environment and are not updated in the zoning database until you save the changes. If you close the Zone Administration window without saving your changes, your changes are lost. To save the buffered changes you make in the Zone Administration window to the zoning database on the switch, refer to Saving local zoning changes on page 145.
Administering Zoning In the Member Selection List, you can differentiate between node WWN and port WWN by their icons, as shown in Figure 25 and Figure 26 . FIGURE 25 Port WWN icon for host FIGURE 26 Port WWN icon for device Admin Domain considerations: The Member Selection List panel displays a filtered list of ports that are: • Direct port members that are zoneable and are displayed in the tree.
Refreshing fabric information Refreshing fabric information This function refreshes the display of fabric elements only (switches, ports, and devices). It does not affect any zoning element changes or update zone information in the Zone Administration window. You can refresh the fabric element information displayed at any time. To refresh fabric information. 1. Open the Zone Administration window. 2. Select View > Refresh From Live Fabric .
Saving local zoning changes Saving local zoning changes All information displayed and all changes made in the Zone Administration window are buffered until you save the changes. In that case, any other user looking at the zone information for the switch does not see the changes you have made until you save them. Saving the changes propagates any changes made in the Zone Administration window (buffered changes) to the zoning database on the switch.
Creating and populating zone aliases Creating and populating zone aliases An alias is a logical group of port index numbers and WWNs. Specifying groups of ports or devices as an alias makes zone configuration easier, by enabling you to configure zones using an alias rather than providing a long string of individual members. You can specify members of an alias using the following methods: • Identifying members by switch domain and port index number pair, for example, 2, 20.
Renaming zone aliases 4. Select an element in the Member Selection List that you want to add to the alias, or select an element in the Alias Members list that you want to remove. 5. Click the right arrow to add the selected alias member, or click the left arrow to remove the selected alias member. The alias is modified in the Zone Admin buffer. 6. Select Zoning Actions > Save Config to save your configuration changes.
Creating and populating zones Creating and populating zones A zone is a region within the fabric where specified switches and devices can communicate. A device can communicate only with other devices connected to the fabric within its specified zone. To create a zone, perform the following steps. 1. Open the Zone Administration window as described in Opening the Zone Admin window on page 140. 2.
Renaming zones 4. Highlight an element in the Member Selection List that you want to include in your zone, or highlight an element in the Zone Members list that you want to delete. 5. Click the right arrow to add a zone member, or click the left arrow to remove a zone member. The zone is modified in the Zone Admin buffer. 6. Select Zoning Actions > Save Config to save the configuration changes. Renaming zones For information on enabling the configuration, refer to Enabling zone configurations on page 153.
Creating and populating enhanced Traffic Isolation zones 1. Open the Zone Administration window as described in Opening the Zone Admin window on page 140. 2. Click the Zone tab. 3. Select the zone you want to delete from the Name menu and click Delete. 4. On the confirmation dialog box, click Yes. The selected zone is deleted from the Zone Admin buffer. At this point, you can either save your changes or save and enable your changes. 5. Select Zoning Actions > Save Config to save the configuration changes.
Zone configuration and zoning database management Zone configuration and zoning database management A zone configuration is a group of zones; zoning is enabled on a fabric by enabling a specific configuration. You can specify members of a configuration using zone names. The following figure displays a sample zoning database and the relationship between the zone aliases, zones, and zoning configuration. The database contains one zoning configuration, myconfig, which contains two zones: Zone A and Zone B.
Adding or removing zone configuration members 1. Open the Zone Administration window as described in Opening the Zone Admin window on page 140. 2. Select a format to display zoning members in the Member Selection List as described in Selecting a zoning view on page 145. 3. Select the Zone Config tab and click New Zone Config. 4. In the Create New Config dialog box, enter a name for the new configuration and click OK. The new configuration displays in the Name list. 5.
Cloning zone configurations 1. Open the Zone Administration window as described in Opening the Zone Admin window on page 140. 2. Select the Zone Config tab. 3. Select the configuration you want to rename from the Name list and click Rename. 4. In the Rename a Config dialog box, enter a new configuration name and click OK. The configuration is renamed in the configuration database. 5. Select Zoning Actions > Save Config to save the configuration changes.
Disabling zone configurations If the zoning database size exceeds the maximum allowed, you cannot enable the zone configuration. The zoning database summary displays the maximum zoning database size. To enable the zone configuration, perform the following steps. 1. Open the Zone Administration window as described in Opening the Zone Admin window on page 140. 2. Select Zoning Actions > Enable Config. 3. On Enable Config, select the configuration to be enabled from the menu. 4.
Viewing the enabled zone configuration name without opening the Zone Administration window Viewing the enabled zone configuration name without opening the Zone Administration window To view the enabled zone configuration name, perform the following steps. Select a logical switch from the Logical Switch list in the top-right corner of the Switch Explorer window. The selected switch displays in the Switch View.
Removing a WWN from multiple aliases and zones To add a WWN, perform the following steps. 1. Open the Zone Administration window as described in Opening the Zone Admin window on page 140. 2. Select Edit > Add WWN. The Add WWN dialog box displays. 3. Enter a WWN value in the WWN field and click OK. The Add WWN dialog box displays all the zoning elements that include the new WWNs. All of the elements are selected by default. 4.
Searching for zone members Searching for zone members You can search zone member selection lists for specified strings of text. If you know some identifying information about a possible member of a zoning entity, you can select the tab and view for that entity and then search through its member selection list using the Search for Zone Member option.
Best practices for zoning • • • • Add unzoned devices Remove offline or inaccessible devices Replace offline devices Define device alias Best practices for zoning The following are recommendations for using zoning: • Always zone using the latest Fabric OS-level switch. Switches with earlier Fabric OS versions do not have the capability to view all the functionality that a newer Fabric OS provides as functionality is backwards-compatible but not forward-compatible.
Working with Diagnostic Features ● Trace dumps................................................................................................................. 159 ● Displaying switch information........................................................................................161 ● Defining switch policy....................................................................................................165 ● Port LED interpretation........................................................................
Setting up automatic trace dump transfers For details on the commands, refer to the Fabric OS Command Reference. Setting up automatic trace dump transfers You can set up a switch so that diagnostic information is transferred automatically to a remote server. Then, if a problem occurs you can provide your customer support representative with the most detailed information possible.
Displaying switch information To disable automatic trace uploads, perform the following steps. 1. Open the Switch Administration window. 2. Click Show Advanced Mode, if it is not selected. 3. Select the Trace tab. 4. Select Disable in the Auto FTP Upload section to disable automatic uploading of the trace dump to the FTP host. 5. Click Apply. Displaying switch information You can right-click in the table content of Fan, Temperature, and Power Status windows to find Export, Copy, and Search options.
Viewing detailed fan hardware status Viewing detailed fan hardware status The icon on the Fan button indicates the overall status of the fans. For more information about the switch fan, refer to the appropriate hardware documentation. You can display status information about the fans, as shown in the following figure. FIGURE 29 Fan States window The Fan No column indicates either the fan number or the fan FRU number, depending on the switch model. A fan FRU can contain one or more fans.
Viewing the power supply status 1. Select a logical switch from the Logical Switch list in the top-right corner of the Switch Explorer window. The selected switch displays in the Switch View . The icon on the Temp button indicates the overall status of the temperature. 2. Click Temp on the Switch View . The detailed temperature sensor states for the switch are displayed, as shown in Displaying switch information on page 161.
Working with Diagnostic Features If the switch status is marginal or critical, information on the trigger that caused that status displays in the Switch Information view. Click the Status button to display a detailed, customizable switch status report, shown in the following figure. Note that this is a static report and not a dynamic view of the switch. FIGURE 31 Switch Report window To check the physical health of the switch, perform the following steps. 1.
Defining switch policy • • • • • Refresh the information displayed in the report Customize the report View the data in raw XML format View the style sheet for the report View the XML schema for the report Defining switch policy The Switch Status Policy dialog box lets you define the values for what you consider a healthy switch. The parameters for Switch Policy define whether the unit is listed as being "Healthy", "Marginal", or "Down".
Port LED interpretation FIGURE 32 Switch Status Policy dialog box 3. Configure the numerical and percentage values to conform to your definition of a healthy switch. For the selected row, the corresponding field description is displayed in the panel underneath. 4. Optional: Right-click a row in the table to access options to copy the values to your clipboard, or to export the values to a file. 5. Click OK.
Using the FC-FC Routing Service ● Fibre Channel Routing overview................................................................................... 167 ● Supported switches for Fibre Channel Routing.............................................................168 ● Setting up FC-FC routing.............................................................................................. 168 ● FC-FC routing management.........................................................................................
Supported switches for Fibre Channel Routing • The backbone fabric and edge fabric 1 • Edge fabric 1 and edge fabric 2 • Edge fabric 2 and edge fabric 3 Supported switches for Fibre Channel Routing The FC-FC Routing Service is supported only on the following switch models: • • • • • • • Brocade VA-40FC Brocade 6510 Brocade 6520 Brocade 5100 and 5300 switches Brocade 7800 Extension Switch Brocade 7840 Extension Switch Brocade DCX and DCX-4S enterprise-class platforms, when configured with FC8-16, FC8-32,
FC-FC routing management FC-FC routing management You can perform Fibre Channel Routing operations using Web Tools, Web Tools with the EGM license, and Integrated Routing license. You can manage FC-FC Routing through the FC Routing module. The FC Routing module has tabbed panes that display EX-Ports, LSAN fabrics, LSAN zones, LSAN devices, and general FCR information. NOTE In Fabric OS 7.0.1, Integrated Routing (IR) license is not required to configure a port as EX_Port with Network OS mode.
Viewing and managing LSAN fabrics The FC Routing module displays. If FC-FC Routing is disabled, a message to that effect displays on all the tabs in the module. Viewing and managing LSAN fabrics The LSAN Fabric tab displays all the LSAN fabrics visible to your switch, in both a tabular and tree form. (If FC-FC Routing is disabled, the table and tree nodes in this tab are empty and the tree displays only the backbone switch.
Configuring an EX_Port ATTENTION During EX_Port configuration, the port is automatically disabled, and then re-enabled when the changes are applied. Be sure that you do not physically connect a port to a remote fabric before configuring it as an EX_Port; otherwise, the two fabrics merge and you lose the benefit of Fibre Channel Routing. You can enable or disable multiple ports at one time.
Configuring FCR router port cost Configuring FCR router port cost In FCR, EX_Ports can be assigned router port cost. The cost of the link is a positive number. The router port path or tunnel path is chosen based on the minimum cost per connection. If multiple paths exist with the same minimum cost, there will be load sharing over these paths. If multiple paths exist where one path costs less than the others, then the lowest cost path is used. Every link has a default cost.
Configuring the backbone fabric ID Configuring the backbone fabric ID Web Tools automatically disables FC-FC Routing before setting the fabric ID. You should manually enable FCR after setting backbone FID. However, you must first disable all of the EX_Ports before you begin this operation. After the fabric ID is changed, you must re-enable these ports. NOTE When the Virtual Fabrics capability is enabled on the switch, Fabric ID cannot be set using the Set Fabric ID button.
Configuring the backbone fabric ID 174 Web Tools Administrator's Guide 53-1003169-01
Using the Access Gateway ● Access Gateway overview............................................................................................ 175 ● Viewing Switch Explorer for Access Gateway mode.....................................................175 ● Access Gateway mode ................................................................................................ 176 ● Enabling Access Gateway mode..................................................................................
Access Gateway mode FIGURE 33 Switch Explorer view for Access Gateway mode The Access Gateway mode Switch Explorer is divided into the following areas: • • • • • • Menu bar Switch View buttons Switch View, Port Admin, and Access Gateway Devices tabs Switch Events and Access Gateway information Indicator bar Professional Management Tool offering Access Gateway mode The Access Gateway feature on the Brocade Encryption switch enables interoperability with the Cisco fabrics.
Enabling Access Gateway mode • Port Configuration Policy -- You can select Auto or Advanced mode (default mode). When auto mode is selected, options like Configure N-Port Groups, Configure F-N Port Mappings, and N Port configuration are disabled. • Trunking -- You can enable and disable N_Port trunking. • Configure N-Port Groups -- You can configure the port group details from the Port Group Configuration window.
Viewing the Access Gateway settings 1. Select a switch. 2. Click Configure > Switch Admin. The Switch Administration dialog box displays. 3. Click Disable in the Access Gateway Mode section. 4. Click Apply. 5. Click Yes to restart the device in native switch mode. Viewing the Access Gateway settings You can view the effective Access Gateway settings for the selected switch. The view can be customized. To view the Access Gateway settings select the Access Gateway Devices tab.
Creating port groups FIGURE 34 Edit dialog 5. Select the port to configure allowed port types, port speed, and ingress rate limit. 6. Click OK to save the changes. NOTE • Long distance is not displayed from the Edit window. • The Auto Max speed levels are displayed only when you set the port speed as Auto Negotiate and these options allow you to set the speed limit the port can auto-negotiate.
Editing or viewing port groups NOTE Configure N-Port Groups is unavailable if you select Automatic from the Port Configuration Policy. 5. In the Port Group Configuration dialog box, click Add. The Add Port Group window displays. 6. Enter the ID for the new port group in the Port Group ID* field. 7. Enter the name for the new port group in the Port Group Name field. 8. Select the Login Balancing check box to enable login balance for the port group. 9.
Deleting port groups Deleting port groups NOTE You cannot delete the default port group 0 (pg0). To delete port groups, perform the following steps. 1. Click a port in the Switch View to open the Port Admin tab. 2. Select Configure N-Port Groups from the Actions list. 3. In the Port Group Configuration dialog box, select the group that you want to delete and then click Delete. A confirmation dialog box displays. 4. Click Yes to confirm the action.
Defining custom WWN-N port mappings Defining custom WWN-N port mappings NOTE Static mappings and custom WWN-N port mappings are mutually exclusive. To manually change WWN-N port mappings, perform the following steps. 1. Select the Port Admin tab. 2. Click the FC Ports tab. 3. Select Configure WWN-N Port Mappings from the Actions list. 4. In the Primary Mappings area, select a WWN from the left pane and a group or port from the right pane. 5.
Enabling the Automatic Port Configuration policy 4. Select the appropriate check box to modify the policy. 5. Click Save. Enabling the Automatic Port Configuration policy The Automatic Port Configuration (APC) policy is a global configuration policy for a switch in Access Gateway mode. By default, this policy is disabled. If you created an N_Port grouping and switching over to the automatic mode, those port groups are lost.
Using the Access Gateway FIGURE 35 Access Gateway Auto Rebalancing 5. Click Refresh. 6. Under the Access Gateway Mode section, do the following: • Select the N Port Auto Rebalancing check box to enable N_Port rebalancing. • Select F Port Auto Rebalancing check box to enable F_Port rebalancing. • Click Manual Balancing and a confirmation dialog box displays. Click Yes to change F Port-N Port Mapping or click No to cancel the changes. 7. Click Apply to apply the changes.
Administering Fabric Watch ● Fabric Watch overview..................................................................................................185 Fabric Watch overview Fabric Watch is an optional Brocade licensed feature that monitors the performance and status of switches. Fabric Watch can automatically alert you when problems arise, before they become costly failures. NOTE If you do not own the switch, Fabric Watch is view-only.
Fabric Watch overview 186 Web Tools Administrator's Guide 53-1003169-01
Administering Extended Fabrics ● Extended link buffer allocation overview....................................................................... 187 ● Configuring a port for long distance.............................................................................. 189 Extended link buffer allocation overview If the link is used over long distances, use the Extended Fabric tab of the Switch Administration window to configure the long-distance setting of a port.
Administering Extended Fabrics • Remaining Buffer--The number of remaining buffers. The remaining buffer value is non-editable. If the Buffers Needed value exceeds the remaining buffer value, a warning message displays. • Frame Size --The size of the frame. When you edit the frame size value, the desired distance value can also be changed for LD and LS modes and vice versa. But the buffer value cannot be changed. • VC Link Init --The fill words used on long distance links.
Configuring a port for long distance For the Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 the slots for CPs are not available. The Brocade Encryption Switch and the FS8-18 Encryption blade support auto-negotiated link speeds of 1, 2, 4, and 8 Gbps. TABLE 18 Long-distance settings and license requirements Value Description Extended Fabrics License Required? L0 No No long-distance setting is enabled. The maximum supported link distance is: • • • • • 10 kilometers at 1 Gbps 5 kilometers at 2 Gbps 2.
Administering Extended Fabrics 5. Select a distance that corresponds to the port from the Long Distance menu. Depending on the distance selected, this might require a license. For information about the various distances, refer to Table 18 on page 189. If you select a long-distance setting of LD or LS, you must also enter a value in the Desired Distance column for that port number. For LD or LS options, the Buffer Needed column is made editable to specify the buffer needed value.
Routing Traffic ● Routing overview...........................................................................................................191 ● Viewing fabric shortest path first routing....................................................................... 192 ● Configuring dynamic load sharing.................................................................................193 ● Specifying frame order delivery.....................................................................................
Viewing fabric shortest path first routing FIGURE 37 Routing tab Viewing fabric shortest path first routing The Routing tab of the Switch Administration window displays information about routing paths. To view the fabric shortest path first routing, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the Routing tab. 3.
Configuring dynamic load sharing Configuring dynamic load sharing The exchange-based routing policy depends on the Fabric OS Dynamic Load Sharing feature (DLS) feature for dynamic routing path selection. When this policy is in force, DLS is always enabled and cannot be disabled. When the port-based policy is in force, you can enable DLS to optimize routing. When DLS is enabled, it shares traffic among multiple equivalent paths between switches.
Specifying frame order delivery 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the Routing tab. 3. Select On in the Loss Less area to enable the mode, or select Off to disable dynamic load sharing. When the exchange-based routing policy is in effect, the Lossless DLS buttons display on the Routing tab. 4. Click Apply, and then click OK.
Routing Traffic • For the Brocade DCX, DCX-4S, DCX 8510-8, and DCX 8510-4 enterprise-class platforms, click the slot number of the logical switch under Link Cost in the navigation tree. • For Brocade 300, 5100, 5300, 6505, 6510, 6520, 7800, 7840, VA-40FC, and the Encryption Switch, click Link Cost in the navigation tree. 4. Double-click in the row in the Cost column that corresponds to the appropriate port. 5. Enter the link cost. Valid values for link cost are from 1 through 65534.
Configuring the link cost for a port 196 Web Tools Administrator's Guide 53-1003169-01
Configuring Standard Security Features ● User-defined accounts.................................................................................................. 197 ● User-defined roles.........................................................................................................206 ● Access control list policy configuration..........................................................................209 ● Fabric-Wide Consistency Policy configuration....................................................
Virtual Fabrics considerations TABLE 19 User role and permissions Role Permissions admin Create and manage all predefined and user-defined accounts operator Change your own password and cannot create, modify, or view predefined or user-defined accounts securityadmin Create and manage all security roles switchadmin Change your own password and cannot create, modify, or view predefined or user-defined accounts zoneadmin Change your own password and cannot create, modify, or view predefined or user
Viewing user account information FIGURE 38 User tab Viewing user account information To view user account information, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the User tab. A list of the default and user-defined accounts displays. If you are logged in using the switchadmin role, only your account information displays.
Configuring Standard Security Features FIGURE 39 Add User Account dialog box (VF) For switches that support Administrative Domains (AD), refer to the following figure.
Configuring Standard Security Features FIGURE 40 Add User Account dialog box (AD) 4. Enter the user name. The user name must begin with an alphabetic character. The name can be up to 40 characters long. It is case-sensitive and can contain alphabetic and numeric characters, the period (.) and the underscore (_). It must be different from all other account names on the logical switch. 5. Select a role from the drop-down menu. For VF-enabled switches, the selection is done per logical fabric ID.
Deleting user-defined accounts The password is not displayed when you enter it on the command line. Passwords can be from 8 through 40 characters long. They must begin with an alphabetic or numeric character. They can include alphanumeric characters, the period (.), and the underscore (_). They are case-sensitive. Passwords must also meet any additional password rules that were set up. (Refer to the procedure Setting the rules for passwords on page 204 for more information.) 9.
Configuring Standard Security Features Users can select their own accounts in the user account table and change the password. All other buttons are unavailable. To change the user account parameters, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the User tab. 3. Select the account to modify. NOTE You cannot modify the default root and factory accounts, even if you are logged in as root. 4. Click Modify.
Maintaining passwords Maintaining passwords When a password expires, the next time that user logs in, Web Tools requires the user to provide a new password. NOTE You have to own the switch in order to modify password rules. A password becomes locked if a user has exceeded the maximum number of failed login attempts. This number is specified in the Lockout Threshold field. To unlock a locked password, refer to the unlock procedure in Unlocking a password on page 205.
Setting a password as expired 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the User tab. 3. Click Set Password Rule. The Configure Password Rule dialog box displays. 4. Fill out the dialog box for the password rules you want to enforce.
Displaying roles and assigned logical fabrics Displaying roles and assigned logical fabrics You can display user role assignments for logical fabrics. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the User tab. 3. Select an account. 4. Select Show Role and VF. The role mapping for that user displays. User-defined roles User-defined roles provide the ability to create roles dynamically on the switch.
Creating a user-defined role Creating a user-defined role To add a user-defined role, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the User tab. 3. Select the Role subtab. 4. Click the Add button. The Switch Admin: Add User Defined Role dialog box displays. FIGURE 41 Switch Admin: Add User Defined Role dialog box 5. Enter a role name in the Name field. 6.
Editing a user-defined role Editing a user-defined role To edit a user-defined role, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the User tab. 3. Select the Role subtab. 4. Select an existing user-defined role. 5. Click the Edit button. The Switch Admin: Edit User Defined Role dialog box displays. FIGURE 42 Switch Admin: Add User Defined Role dialog box 6.
Access control list policy configuration Access control list policy configuration Support for the Access Control List (ACL) policies is currently defined in the Switch Connection Control (SCC) and Device Connection Control (DCC) policies. SCC and DCC policy configuration in base Fabric OS is performed on a switch-local basis. Fabric Configuration Server (FCS) Policy can be created only once. While creating the FCS policy, the local switch WWN is automatically included in the list.
Editing an SCC, DCC, or FCS policy Editing an SCC, DCC, or FCS policy To edit an SCC, DCC, or FCS policy, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Make sure the Show Advanced Mode option is selected. 3. Select the Security Policies tab. 4. Select a policy by clicking on the appropriate tab. 5. Click Edit. This launches the ACL Policy Configuration wizard. 6. Select the policy type you want to edit. 7.
Distributing an SCC, DCC, or FCS policy Distributing an SCC, DCC, or FCS policy Perform this procedure to distribute an SCC, DCC, or FCS policy. NOTE SCC and DCC policy can be distributed only for a primary switch. To distribute an SCC, DCC, or FCS policy, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the Security Policies tab. 3. Select the appropriate tab (SCC, DCC, or FCS). 4. Click Distribute Policy.
Fabric-Wide Consistency Policy configuration When the ADS policy is disabled, all the allowed lists are cleared and all the devices are allowed to log in to the fabric. To configure ADS policy, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Click Show Advanced Mode. 3. Select the Security Policies tab to configure the ADS policy in Access Gateway mode. 4. Select the ADS option. 5.
Authentication policy configuration NOTE If the switch is not a primary switch, an error message dialog box displays. 7. Click No to discard the changes and click Refresh in the FWCP Configuration window to manually refresh the window. 8. Click Close. Authentication policy configuration You can configure an authentication protocol policy for E_Port and F_Port authentication, and then distribute the authentication policy to other switches in the fabric. You can also set shared secret keys.
Distributing authentication policies NOTE You must select DHCHAP when you are configuring authentication for an F_Port. 5. Set the switch authentication mode to either off or passive and click Apply. Distributing authentication policies Authentication policies are distributed only if all the selected switches accept the distribution. Only the policy mode is distributed to the selected switches. The switch initiating the distribution must accept distribution.
Modifying a shared secret key pair 6. Enter the Switch or HBA WWN, name, or domain ID, or use the Browse button to select a switch. 7. In the Peer Secret and Confirm Peer Secret fields, enter the peer secret value. 8. In the Local Secret and Confirm Local Secret fields, enter the local secret value. 9. Click Add. 10.When you are finished adding secret key pairs for switches, click Apply. Modifying a shared secret key pair You can edit and modify the secret key pairs by switch.
Changing the systemGroup configuration parameters 3. Select a trap level for a recipient from the corresponding Trap Level menu in the SNMPv1 and SNMPv3 sections. The level you select identifies the minimum event level that prompts a trap. NOTE Adding or editing the user name can be done only through the CLI and by selecting a user name from the User Name menu in the SNMPv3 section. 4. Click Apply.
Changing the access control configuration 4. Double-click a recipient IP address in the SNMPv3 section and enter a new IP address. 5. Select a trap level from the Trap Level menu. 6. Optional: Select the Enable SNMPv3 Informs for all Trap Recipients check box to enable or disable inform requests for all trap recipients. 7. Enabling SNMPv3 informs allows you to enter the Engine ID. The Engine ID is required to authenticate the inform request.
Enabling and disabling RADIUS • Switch Database when RADIUS Authentication Fails--When selected, the switch user login database is checked whenever RADIUS authentication fails. • Switch Database When RADIUS Times Out--Switch user login database is checked only if the physical connection to the RADIUS server fails. • None--Switch user login database is never checked. Only a RADIUS server can be used for authentication. If the switch database is selected as primary, there is no secondary option.
Modifying the RADIUS server 3. Click Add. The RADIUS/ADLDAP/TACACS+ Configuration dialog box displays. You can configure up to five RADIUS servers. If five RADIUS servers are already configured, the Add button is disabled. 4. Select RADIUS from Server Type. 5. Enter the RADIUS server name, as a valid IP address (in either IPv4 or IPv6 format) or Dynamic Name Server string. Each RADIUS server must have a unique IP address or DNS name for the RADIUS server. 6. Enter the port number. 7.
Removing a RADIUS server Removing a RADIUS server To remove a RADIUS server, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the AAA Service tab. 3. Select a RADIUS server from the RADIUS Configuration list. 4. Click Remove. If there is no RADIUS server configured, the Remove button is disabled. You cannot remove the only RADIUS server if RADIUS is the primary AAA service.
Modifying Active Directory service Modifying Active Directory service To change the parameters of a Active Directory service that is already configured, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2. Select the AAA Service tab. 3. Select a server from the ADLDAP Configuration list. 4. Click Modify. The RADIUS/ADLDAP/TACACS+ Configuration dialog box displays. 5. Enter new values for the port, timeout, and domain.
Configuring TACACS+ 4. Select None, Switch Database when TACACS+ Login Failed, or Switch Database when TACACS+ Login Timeout from the Secondary AAA Service menu. NOTE To disable TACACS+, select Switch Database from the Primary AAA Service menu and select None from the Secondary AAA Service menu. 5. Click Apply. Configuring TACACS+ To enable TACACS+, perform the following steps. 1. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 2.
IPsec concepts NOTE The server is not deleted until you apply the changes from the AAA Services tab. 5. Click Apply in the AAA Service tab. A confirmation dialog box displays, warning you that you are about to remove the selected server. 6. Click Yes in the confirmation dialog box. IPsec concepts Internet Security Protocol (IPsec) is a set of open standards that provide cryptographic security services for IP networks.
Transport mode and tunnel mode Transport mode and tunnel mode Transport mode adds an authentication header (AH) before the IP header. Only a single pair of addresses is used (those in the IP header). When transport mode is used, both endpoints implement IPsec. Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the addresses of the tunnel end points. IPsec is implemented between tunnel endpoints.
Encapsulating Security Payload FIGURE 44 AH header in transport mode and tunnel mode Encapsulating Security Payload ESP provides authentication, and also provides privacy by encrypting the IP datagram. The use of an ESP header is similar to the use of the AH header. A hash algorithm is used to calculate an authentication value, the authentication value is sent in an IP datagram, and the same hash algorithm is used by the receiver to verify the authentication value.
Gateway to Gateway kind of configuration would be used for direct communication between hosts. There are two drawbacks to consider: • If network address translation (NAT) is used on the connection, one or both endpoints may be behind a NAT node. If that is the case, UDP must be used to encapsulate the tunneled packets. Port numbers in the UDP headers can then be used to identify the endpoint behind the NAT node. • Packets cannot be inspected or modified in transit.
Hash algorithms Hash algorithms Hash message authentication codes (HMAC) check data integrity through a mathematical calculation on a message using a hash algorithm combined with a shared, secret key. The following table lists the available encryption algorithms. The sending computer uses the hash function and shared key to compute a checksum or code for the message, and sends it to the receiving computer.
Authentication methods DH group choices are 1(modp768), 2(modp1024), 14(modp2048), and 18(modp8192). Each group provides an incrementally more secure key exchange by providing more bits (768, 1024, 2048, 8192). Authentication methods The methods used to authenticate the IKE peer are preshared key (psk), DSS digital signature (dss), and RSA digital signature (rsasig): • A Preshared key (PSK) is a shared secret that is shared between two parties over a secure channel before it is used.
Establishing an IKE policy The Ethernet IPsec Policies dialog box displays. 5. Ethernet IPsec policies can be configured only after enabling IPsec by clicking the Enable button below the Ethernet IPsec policies table. Establishing an IKE policy When you establish an IKE policy, you identify a set of algorithms and authentication rules and parameters to use in a key exchange. Refer to the Fabric OS Administrator's Guide for details on IKE functionality.
Creating an SA proposal The choices are ah (for authentication header) and esp (for encapsulated security protocol). 6. Select the Authentication Algorithm option. 7. Select the Encryption Algorithm option. 8. Optionally, enter a value in the SPI number field. A Security Parameter Index (SPI) number is automatically assigned, but may be manually overridden. 9. Click OK. Creating an SA proposal An SA proposal is sent from one endpoint to another to negotiate IKE and IPsec policies.
Adding an IPsec selector 1. Select the Transforms tab. The Transforms window displays. 2. Select Add. The Add Transform dialog box displays. 3. Enter a name in the Transform Name field. 4. Select the IPsec Mode. The choices are Transport or Tunnel. 5. Enter the SA Proposal name. 6. Select the IPsec Protection Type option. 7. Select the IKE Policy Name option. IKE policies need to be created before adding a transform policy. If there are no names to select from, you must create an IKE policy. 8.
Editing an IKE or IPsec policy 1. Select the SA(Manual) tab. 2. Select Add. The Add Manual-SA dialog box displays. 3. Enter a security parameter index number in the SPI (Hexadecimal) field. The SPI must be manually applied when manually adding an SA. 4. Enter the IP address of the endpoint that sends the SA in the Source IP Address field. 5. Enter the IP address of the endpoint that receives the SA in the Peer IP Address field. 6.
Establishing authentication policies for HBAs 1. Open the Switch Administration window. 2. Select Show Advanced Mode. 3. Select the Security Policies tab. 4. Under Security Policies , select Ethernet IPsec or Ethernet IPsec. 5. Select the policy or policies you want to delete. 6. Select Delete. The policy is deleted from the SA database (SADB), and is removed from the list.
Establishing authentication policies for HBAs 234 Web Tools Administrator's Guide 53-1003169-01
Administering FICON CUP Fabrics ● FICON CUP fabrics overview........................................................................................235 ● Enabling port-based routing.......................................................................................... 236 ● Enabling or disabling FICON Management Server mode............................................. 237 ● FMS parameter configuration........................................................................................
Enabling port-based routing • Install a FICON CUP license on the Brocade switch. • Configure CUP attributes (FMS parameters) for the FICON director. You can use Web Tools for all of these tasks.
Enabling or disabling FICON Management Server mode Enabling or disabling FICON Management Server mode FICON Management Server (FMS) is used to support switch management using CUP. To be able to use the CUP functionality, all switches in the fabric must have FICON Management Server mode (FMS mode) enabled. FMS mode is a per-switch setting. After FMS mode is enabled, you can activate a CUP license without restarting the director. You can use Web Tools to install a CUP license.
Configuring FMS mode parameters TABLE 23 FMS mode parameter descriptions (Continued) Parameter Description Active=Saved Mode Controls the IPL file update. The IPL file saves port connectivity attributes and port names. After a switch restart or power cycle, the switch reads the IPL file and actives its contents as default configuration. When this mode is enabled, activating a configuration saves a copy to the IPL configuration file.
Displaying code page information 1. Select a FICON-enabled switch from the Fabric Tree. 2. Open the Switch Administration window as described in Opening the Switch Administration window on page 52. 3. Select the FICON CUP tab. The FICON CUP page displays the FICON Management Server page. All attributes on this page are read-only until FMS mode is enabled. 4. To enable or disable an FMS mode parameter, click the check box next to the parameter. A checked check box indicates that the parameter is enabled.
Allow / Prohibit Matrix configuration The following switch parameters being read or modified can cause the FICON CUP Busy error: • • • • • Mode Register Port Names (also called Port Address Name) Allow/Prohibit Matrix and Port Connectivity Attributes Switch enable/disable Switch name change To access the FICON CUP tab, perform the following steps. 1. Select a FICON-enabled switch from the Fabric Tree. 2.
Viewing Allow / Prohibit Matrix configurations Viewing Allow / Prohibit Matrix configurations To display a list of Allow / Prohibit Matrix configurations, perform the following steps. 1. Select a FICON-enabled switch from the Fabric Tree. 2. Select Configure > Switch Admin. 3. Click Show Advanced Mode to see all the available tabs and options. 4. Select the FICON CUP tab. The FICON CUP page displays the FICON Management Server page in front.
Activating an Allow / Prohibit Matrix configuration 6. Review your changes. A blue background in a cell indicates that its value has been modified. 7. After you have finished making changes, do any of the following: • Click Activate to save the changes and make the configuration active immediately, as described in Activating an Allow / Prohibit Matrix configuration on page 242. • Click Save to save the changes but not make the configuration active.
Copying an Allow / Prohibit Matrix configuration 4. Optional : Click Active=Saved Mode to enable (selected) or disable (not selected) the Active=Saved FMS parameter after the configuration is activated. 5. Click Yes to activate the configuration or click No to cancel the activation. Copying an Allow / Prohibit Matrix configuration To copy an Allow / Prohibit Matrix configuration to a new configuration, perform the following steps. 1. Display the Allow / Prohibit Matrix configuration list. 2.
Configuring CUP logical paths Configuring CUP logical paths To configure a CUP logical path, perform the following steps. 1. Select a FICON-enabled switch from the Fabric Tree. 2. Select Configure > Switch Admin. 3. Click Show Advanced Mode to see all the available tabs and options. 4. Select the FICON CUP tab. The FICON CUP page displays the FICON Management Server page in front. All attributes on this page are read-only until FMS mode is enabled. 5. Click the CUP Logical paths subtab. 6.
Displaying Request Node Identification Data Displaying Request Node Identification Data Web Tools displays Request Node Identification Data (RNID) information for the local switch, and for attached FICON devices and FICON channel paths. RNID information for the switch displays in the Switch Information tab as shown in the following figure. FIGURE 48 Switch RNID information RNID information for attached FICON devices and channel paths displays on the Name Server view.
Displaying Request Node Identification Data 246 Web Tools Administrator's Guide 53-1003169-01
Configuring FCoE with Web Tools ● Web Tools and FCoE overview.....................................................................................247 ● Web Tools, the EGM license, and Brocade Network Advisor....................................... 247 ● Switch administration and FCoE................................................................................... 248 ● FCoE configuration tasks..............................................................................................
Port information that is unique to FCoE A Web Tools license is not required, and a basic version of Web Tools is available for free. Additional functionality may be added by obtaining the Enhanced Group Management (EGM) license. The EGM license is required only for 8 Gbps platforms, such as the: • • • • Brocade Encryption Switch Brocade 300, 5300, and 5100 switches Brocade VA-40FC Brocade 7800 For non-8 Gbps platforms, all functionalities are available without the EGM license.
FCoE configuration tasks FCoE configuration tasks There are several tasks related to FCoE configuration. The following list describes the high level tasks in a suggested order: • Quality of Service (QoS) configuration (optional)--If you intend to implement a specific QoS scheme to prioritize data traffic, it is recommended that you finish your QoS configuration before you begin port configuration. QoS values are referenced when you configure ports.
Adding a traffic class map The precedence value controls QoS scheduling policies. The scheduler gives precedence to the highest precedence value. When the DCB Map Configuration dialog box displays, the default values shown in the Priority Group Map match the IEEE 802.1Q recommendation for systems supporting eight traffic classes. The Priority Group Map displays the Layer 2 Cos values mapped to Priority Group ID (PGID). PGID values are in the form ..
Configuring global LLDP characteristics • Configuring global LLDP characteristics. • Configuring an LLDP profile. Configuring global LLDP characteristics Configuring at the global level enables you to apply changes to every port. To configure the global LLDP characteristics, perform the following steps. 1. Select the DCB tab on the Switch Administration window. 2. Select the LLDP-DCBX tab. 3. Select the Global tab. 4. Select the LLDP check box to enable LLDP globally.
Adding an LLDP profile • • • • • ‐ system-capabilities --Describes the system capabilities. ‐ management-address --The IP address of the management port. Advertise dot1-tlv --Select this check box to advertise to any attached device to send IEEE 802.1 LLDP type, length, and values. Advertise dot3-tlv --Select this check box to advertise to any attached device to send IEEE 802.3 LLDP type, length, and values.
Configuring DCB interfaces • • • • • ‐ system capabilities --Describes the system capabilities. ‐ management-address --The IP address of the management port. Advertise dot1-tlv --Advertises to any attached device to send IEEE 802.1 LLDP type, length, and values. Advertise dot3-tlv --Advertises to any attached device to send IEEE 802.3 LLDP type, length, and values. Advertise DCBx-tlv --Advertises to any attached device the respective LLDP type, length, and values.
Configuring a link aggregation group 11.Click OK. 12.Click Enable for Status and LLDP Status. Configuring a link aggregation group FCoE ports can be grouped to create a link aggregation group (LAG). The LAG is treated as a single interface. To configure a LAG, perform the following steps. 1. Select the DCB Interfaces tab on the Switch Administration window. 2. Select the Link Aggregation tab. 3. Click Add. The Add LAG Configuration dialog box displays.
Configuring FCoE login groups an individual interface, or as a LAG. Before you start the VLAN configuration procedure, you need to know which interfaces or LAGs you want to associate with each VLAN. To configure a VLAN, perform the following steps. 1. Select the DCB tab on the Switch Administration window. 2. Select the VLAN tab. 3. Click Add. The VLAN Configuration dialog box displays. 4. Specify a VLAN ID. The format is VLAN.
Displaying FCoE port information 5. Select the switch WWN. The choices are: • Self -- WWN of your current switch • Other Switch WWN If you choose Other Switch WWN, you must enter the WWN of that switch in the provided field. 6. Under Login Member Configuration, select either Allow All Members or Allow Specific Member. • If you select Allow All Members, all devices attached to FCoE ports are allowed to log in to the switch.
Displaying LAG information • FCoE Port MAC displays the FCoE port MAC address. • Switch Port displays the switch port WWN. Displaying LAG information To display LAG information, perform the following steps. 1. Select the DCB tab on the Switch Administration panel. 2. Select the Link Aggregation tab. The LAG information displays. Displaying VLAN information To display VLAN information, perform the following steps. 1. Select the DCB tab on the Switch Administration window. 2. Select the VLAN tab.
Displaying DCB interface statistics 1. Select the DCB tab on the Switch Administration window. 2. Select the LLDP-DCBX tab. • To display global settings, select the Global tab. • To display LLDP profile information, select the LLDP Profile tab. Displaying DCB interface statistics The DCB interface Port Statistics tab displays basic and advanced statistics, and allows you to change statistics collection parameters.
Enabling and disabling a LAG • Select Enable or Disable from the Interface list to enable or disable the interface. • Click Edit Configuration to open the DCB Edit Configuration dialog box. Select Enable or Disable for the Status field to enable or disable the interface. Enabling and disabling a LAG To enable or disable a LAG, perform the following steps. 1. Select the DCB tab on the Switch Administration window. 2. Select the Link Aggregation tab. 3. Click Add. The LAG Configuration dialog box displays.
Enabling and disabling FCoE ports Enabling and disabling FCoE ports You can enable and disable FCoE Ports individually from the Port Admin tab. 1. Select the FCoE Ports tab on the Port Admin tab. 2. Select the port you want to enable or disable under the FCoE Ports Explorer, or from the list. 3. Select Enable / Disable > Enable or Disable from the Actions list to change the current status of the port.
Limitations ● General Web Tools limitations...................................................................................... 261 General Web Tools limitations The following table lists general Web Tools limitations that apply to all browsers and switch platforms. TABLE 24 Web Tools limitations Area Details Blade Failure If a blade fails on the switch, the Web Tools interface can still display slot and ports as healthy.
Limitations TABLE 24 Web Tools limitations (Continued) Area Details Firmware download There are multiple phases to firmware download and activation. When Web Tools reports that firmware download completed successfully, this indicates that a basic sanity check, package retrieval, package unloading, and verification was successful. Web Tools forces a full package install. A restart is required to activate the newly downloaded firmware.
Limitations TABLE 24 Web Tools limitations (Continued) Area Details Java Plug-in If you have a Web Tools session open and you open a second session using the File > New browser menu, this results in unexpected behavior of the original Web Tools session. For example, you cannot change Admin Domains in the second session. Web Tools supports only one browser instance per JRE, and when you open another window using the File > New menu, the two windows share the same JRE environment.
Limitations TABLE 24 Web Tools limitations (Continued) Area Details Performance Monitor The Switch Throughput Utilization, Switch Percent Utilization, and Port Snapshot Error graphs display the faulty/powered off slot node in the Y-Axis of the graph. Workaround: Launch any port selection dialog box and load the graphs accordingly. Refresh option in browsers When a window requesting a user response is pushed into the background and a refresh is requested, a fatal Internet Explorer error might occur.
Limitations TABLE 24 Web Tools limitations (Continued) Area Details Windows Operating Systems Occasionally, you will not see the "Lost connection to the switch" message on the Switch View, even though the Ethernet connection has been lost. You might still be able to invoke various features from Switch View, such as Status, Fan Temp, Power, and Beacon. Workaround: Verify Ethernet connection to the switch by pinging the logical switch IP address.
General Web Tools limitations 266 Web Tools Administrator's Guide 53-1003169-01
Index 2 domain/4 domain fabric licenses 28 7800 switch 104, 105 A access control. Refer to RBAC. 32 Access Control List.
Allow / Prohibit Matrix 240 arbitrated loop parameters 65 backbone fabric ID 173 default heap size 27 EX_Ports 170 fabric parameters 63 FAN frame notification parameters 65 FC ports 99 FCR router cost 172 FICON Management Server parameters 237 IOD frames delivery 194 Java Plug-in 27 link cost 194 long-distance settings 189 ports 95 port speed 99 port type 99 RADIUS server 218 routes 191 syslog IP address 54 system services 66 virtual channel settings 64 configuring FCR router port costs 172 Control Device s
Access Gateway mode 177 automatic trace dump transfer 160 beaconing 75 blades 56 DLS 193 FICON Management Server mode 237 insistent domain ID mode 64 ports 104 Ports on Demand 106 RADIUS 218 RLS probing 66 switch 58 trunking mode 121 zone configurations 153 ending sessions 32 activate 210 create 209 deactivate 210 delete 210 distribute 211 moving switch position 211 feature licenses 67 FICON Management Server mode, enabling and disabling 237 parameters 237 filtering events 72 Filtering IP Addresses 55 fir
IP address filtering 55 ISL trunking 121 J Java Plug-ins configuring 27 installing 26, 27 supported 23 JRE, installing 26 L launching FC Routing module 169 Web Tools 29 LEDs, port 166 licensed features 67 licenses activating 67 removing 68 limitations browsers 261 firmware download 261 HTTP 261 Microsoft Windows Operating System 261 Performance Monitor 261 Switch View 261 limited switch license 28 link cost 194 logging out 32 LSAN devices 172 fabrics, managing 170 zones, managing 172 M managing RAD
buffer-limited 187 configuring 95 disabling 104, 105 enabling 104 LEDs 166 long distance parameter 189 naming 103 Ports on Demand, enabling 106 port speed, configuring 99 port speed configuration 101 port swapping 111 port type, configuring 99 power supply status 163 preferences persist 39 printing effective zone configuration 155 performance graphs 137 protocol options 261 R R_A_TOV 63 RADIUS server about 217, 220, 221 configuring 218 enabling and disabling 218 modifying 219 modifying server order 219
opening 52 switch events, displaying 72 Switch Events and Switch Information 43 Switch Explorer, Admin Domains 41 switch name, changing 59 switch report 60 switch status report 163 Switch View 41 Switch View buttons 41 W syslog IP address WWN configuring 54 removing 55 system services, configuring 66 Web Tools Access Gateway mode, enable 177 enabling Dynamic POD 108 GUI preferences 39 launching 29 partial function transition to Brocade Network Advisor 21 adding to zones 155 removing from zones 156 rep
all access 140 default zoning 140 no access 140 zoning, disabling 154 zoning, saving changes 90, 145 zoning database clearing 157 maximum size 145, 153 zoning views 145 Web Tools Administrator's Guide 53-1003169-01 273
Web Tools Administrator's Guide 53-1003169-01