Administrator Guide

ManualsBrandsDell ManualsComputer AccessoriesPOWEREDGE M1000E

131

132

133

134

135

136

137

138

139

140

Table Of Contents

Contents
Figures
Tables
About This Document
- In this chapter
- How this document is organized
- Supported hardware and software
- What’s new in this document
- Document conventions
- Notice to the reader
- Additional information
  - Brocade resources
  - Other industry resources
- Getting technical help
- Document feedback
Understanding Fibre Channel Services
- In this chapter
- Fibre Channel services overview
- The Management Server
- Platform services
- Management server database
- Topology discovery
- Device login
- High availability of daemon processes
Performing Basic Configuration Tasks
- In this chapter
- Fabric OS overview
- Fabric OS command line interface
- Password modification
  - Default account passwords
- The Ethernet interface on your switch
- Date and time settings
- Domain IDs
  - Displaying the domain IDs
  - Setting the domain ID
- Switch names
  - Customizing the switch name
- Chassis names
  - Customizing chassis names
- Switch activation and deactivation
  - Disabling a switch
  - Enabling a switch
- Switch and enterprise-class platform shutdown
  - Powering off a Brocade switch
  - Powering off a Brocade enterprise-class platform
- Basic connections
  - Device connection
  - Switch connection
Performing Advanced Configuration Tasks
- In this chapter
- PIDs and PID binding overview
- Ports
- Blade terminology and compatibility
- Enabling and disabling blades
  - Enabling blades
  - Disabling blades
- Blade swapping
  - Swapping blades
  - Swapping blades
- Power management
  - Powering off a port blade
  - Powering on a port blade
- Equipment status
- Track and control switch changes
- Audit log configuration
Routing Traffic
- About this chapter
- Routing overview
- Inter-switch links
  - Buffer credits
  - Virtual Channels
- Gateway links
  - Configuring a link through a gateway
- Inter-chassis links
  - Supported topologies
- Routing policies
- Route selection
  - Dynamic Load Sharing
  - Static route assignment
- Frame order delivery
  - Forcing in-order frame delivery across topology changes
  - Restoring out-of-order frame delivery across topology changes
- Lossless Dynamic Load Sharing on ports
- Frame Redirection
Managing User Accounts
- In this chapter
- User accounts overview
  - Role-Based Access Control (RBAC)
  - The management channel
- Local database user accounts
  - Default accounts
  - Local account passwords
- Local account database distribution
- Password policies
- The boot PROM password
- The authentication model using RADIUS and LDAP
Configuring Protocols
- In this chapter
- Security protocols
- Secure Copy
  - Setting up SCP for configUploads and downloads
- Secure Shell protocol
  - SSH public key authentication
- Secure Sockets Layer protocol
- Simple Network Management Protocol
- Telnet protocol
  - Blocking Telnet
  - Unblocking Telnet
- Listener applications
- Ports and applications used by switches
  - Port configuration
Configuring Security Policies
- In this chapter
- ACL policies overview
  - How the ACL policies are stored
  - Policy members
- ACL policy management
- FCS policies
- DCC policies
- SCC policies
  - Creating an SCC policy
- Authentication policy for fabric elements
- IP Filter policy
- Policy database distribution
- Management interface security
Maintaining the Switch Configuration File
- In this chapter
- Configuration settings
  - Configuration file format
- Configuration file backup
  - Uploading a configuration file in interactive mode
- Configuration file restoration
  - Restrictions
  - Configuration download without disabling a switch
- Configurations across a fabric
  - Downloading a configuration file from one switch to another same model switch
  - Security considerations
- Configuration management for Virtual Fabrics
- Brocade configuration form
Installing and Maintaining Firmware
- In this chapter
- Firmware download process overview
- Preparing for a firmware download
- Firmware download on switches
  - Switch firmware download process overview
- Firmware download on an enterprise-class platform
  - Enterprise-class platform firmware download process overview
- Firmware download from a USB device
- FIPS Support
- Test and restore firmware on switches
  - Testing a different firmware version on a switch
- Test and restore firmware on enterprise-class platforms
  - Testing different firmware versions on enterprise-class platforms
- Validating a firmware download
Managing Virtual Fabrics
- In this chapter
- Virtual Fabrics overview
- Logical switch overview
  - Default logical switch
  - Logical switches and fabric IDs
  - Port assignment in logical switches
  - Logical switches and connected devices
- Logical fabric overview
  - Logical fabric and ISLs
  - Logical fabric and ISL sharing
- Management model for logical switches
- Account management and Virtual Fabrics
- Supported platforms for Virtual Fabrics
  - Supported port configurations in the Brocade 5100, 5300, and VA-40FC
  - Supported port configurations in the Brocade DCX and DCX-4S
  - Virtual Fabrics interaction with other Fabric OS features
- Limitations and restrictions of Virtual Fabrics
  - Restrictions on moving ports
- Enabling Virtual Fabrics mode
- Disabling Virtual Fabrics mode
- Configuring logical switches to use basic configuration values
- Creating a logical switch or base switch
- Executing a command in a different logical fabric context
- Deleting a logical switch
- Adding and removing ports on a logical switch
- Displaying logical switch configuration
- Changing the fabric ID of a logical switch
- Changing a logical switch to a base switch
- Setting up IP addresses for a Virtual Fabric
- Removing an IP address for a Virtual Fabric
- Configuring a logical switch to use XISLs
- Changing the context to a different logical fabric
- Creating a logical fabric using XISLs
Administering Advanced Zoning
- In this chapter
- Special zones
- Zoning overview
- Broadcast zones
- Zone aliases
- Zone creation and maintenance
- Default zoning mode
  - Setting the default zoning mode
  - Viewing the current default zone access mode
- Zoning database size
- Zoning configurations
- Zone object maintenance
- Zoning configuration management
  - New switch or fabric additions
  - Fabric segmentation and zoning
- Security and zoning
- Zone merging scenarios
Traffic Isolation Zoning
- In this chapter
- Traffic Isolation Zoning overview
  - TI zone failover
  - FSPF routing rules and traffic isolation
- Enhanced TI zones
- Traffic Isolation Zoning over FC routers
- General rules for TI zones
- Supported configurations for Traffic Isolation Zoning
  - Additional configuration rules for enhanced TI zones
  - Trunking with TI zones
- Limitations and restrictions of Traffic Isolation Zoning
- Admin Domain considerations for Traffic Isolation Zoning
- Virtual Fabric considerations for Traffic Isolation Zoning
- Traffic Isolation Zoning over FC routers with Virtual Fabrics
- Creating a TI zone
  - Creating a TI zone in a base fabric
- Modifying TI zones
- Changing the state of a TI zone
- Deleting a TI zone
- Displaying TI zones
- Setting up TI over FCR (sample procedure)
Administering NPIV
- In this chapter
- NPIV overview
- Configuring NPIV
- Enabling and disabling NPIV
- Viewing NPIV port configuration information
  - Viewing virtual PID login information
Interoperability for Merged SANs
- In this chapter
- Interoperability overview
- Connectivity solutions
- Domain ID offset modes
  - Configuring the Domain_ID offset
- McDATA Fabric mode configuration restrictions
- McDATA Open Fabric mode configuration restrictions
- Interoperability support for logical switches
- Switch configurations for interoperability
  - Enabling McDATA Open Fabric mode
  - Enabling McDATA Fabric mode
  - Enabling Brocade Native mode
- Zone management in interoperable fabrics
  - Zoning restrictions
  - Zone name restrictions
  - Zoning modes
  - Setting the safe zone mode on a stand-alone switch
  - Setting the safe zone mode fabric-wide
  - Disabling safe zone mode
  - Effective zone configuration
  - Saving the effective zone configuration to the Defined Database
- Frame Redirection in interoperable fabrics
- Traffic Isolation zones in interoperable fabrics
- Brocade SANtegrity implementation in mixed fabric SANS
  - Fabric OS Layer 2 Fabric Binding
- E_Port authentication between Fabric OS and M-EOS switches
  - Switch authentication policy
  - Dumb switch authentication
  - Authentication of EX_Port, VE_Port, and VEX_Port connections
  - Authentication of VE_Port-to-VE_Port connections
  - Authentication of VEX_Port-to-VE_Port connections
  - Authentication of VEX_Port-to-VEX_Port connections
- FCR SANtegrity
  - Fabric Binding behavior in a mixed fabric
  - Translate domains do not have Preferred or Insistent Domain ID behavior.
  - Configuring the preferred domain ID and the insistent domain ID
- FICON implementation in a mixed fabric
- Fabric OS version change restrictions in an interoperable environment
- Coordinated Hot Code Load
  - Bypassing the Coordinated HCL check on firmware download
  - Coordinated HCL on switches firmware downloads
  - Upgrade and downgrade considerations for HCL for interoperability
- McDATA-aware features
- McDATA-unaware features
  - M-EOS feature limitations in mixed fabrics
- Supported hardware in an interoperable environment
- Supported features in an interoperable environment
- Unsupported features in an interoperable environment
Managing Administrative Domains
- In this chapter
- Administrative Domains overview
- Admin Domain management for physical fabric administrators
- SAN management with Admin Domains
Administering Licensing
- In this chapter
- Licensing overview
- The Brocade 7800 Upgrade license
- ICL licensing
  - ICL 16-link license
  - ICL 8-link license
- 8G licensing
- Slot-based licensing
- Time-based licenses
  - Configupload and download considerations
  - Expired licenses
- Universal Time-based licenses
- Viewing installed licenses
- Activating a license
- Adding a licensed feature
- Removing a licensed feature
- Ports on Demand
Monitoring Fabric Performance
- In this chapter
- Advanced Performance Monitoring overview
  - Types of monitors
  - Virtual Fabrics considerations for Advanced Performance Monitoring
- End-to-end performance monitoring
- Frame monitoring
- ISL performance monitoring
- Top Talker monitors
- Trunk monitoring
- Displaying end-to-end and ISL monitor counters
- Clearing end-to-end and ISL monitor counters
- Saving and restoring monitor configurations
- Performance data collection
Optimizing Fabric Behavior
- In this chapter
- Adaptive Networking overview
- Ingress Rate Limiting
  - Limiting traffic from a particular device
  - Disabling ingress rate limiting
- QoS: SID/DID traffic prioritization
  - License requirements for traffic prioritization
- QoS zones
- Setting traffic prioritization
- Setting traffic prioritization over FC routers
- Disabling QoS
- Bottleneck detection
- Enabling bottleneck detection on a switch
- Excluding a port from bottleneck detection
- Displaying bottleneck detection configuration details
- Changing bottleneck alert parameters
- Displaying bottleneck statistics
- Disabling bottleneck detection on a switch
Managing Trunking Connections
- In this chapter
- Trunking overview
  - Criteria for managing trunking connections
- Supported hardware
- Recommendations for trunking groups
- Basic trunk group configuration
- Trunking over long distance fabrics
- F_Port trunking
- F_Port masterless trunking
Managing Long Distance Fabrics
- In this chapter
- Long distance fabrics overview
- Extended Fabrics device limitations
- Long distance link modes
- Configuring an extended ISL
  - Enabling long distance when connecting to TDM devices
- Buffer credit management
- Buffer credit recovery
Using the FC-FC Routing Service
- In this chapter
- FC-FC routing service overview
  - Supported platforms for Fibre Channel routing
  - Supported configurations
- Integrated Routing
- Fibre Channel routing concepts
- Setting up the FC-FC routing service
  - Verifying the setup for FC-FC routing
- Backbone fabric IDs
  - Assigning backbone fabric IDs
- FCIP tunnel configuration
- Inter-fabric link configuration
  - Configuring an IFL for both edge and backbone connections
- FC Router port cost configuration
  - Port cost considerations
  - Setting router port cost for an EX_Port
- EX_Port frame trunking configuration
- LSAN zone configuration
- Proxy PID configuration
- Fabric parameter considerations
- Inter-fabric broadcast frames
- Resource monitoring
- FC-FC Routing and Virtual Fabrics
  - Logical switch configuration for FC routing
  - Backbone-to-edge routing with Virtual Fabrics
- Upgrade and downgrade considerations for FC-FC routing
  - How replacing port blades affects EX_Port configuration
- Displaying the range of output ports connected to xlate domains
M-EOS Migration Path to Fabric OS
- In this appendix
- M-EOS fabrics overview
- McDATA Mi10K interoperability
- Fabric configurations for interconnectivity
Inband Management
- In this appendix
- Inband Management overview
- Internal Ethernet devices
- IP address and routing management
- Examples of supported configurations
  - Configuring a Management Station on the same subnet
  - Configuring a Management Station on different subnets
Port Indexing
- In this appendix
- Port indexing on the Brocade 48000 director
- Port indexing on the Brocade DCX backbone
- Port indexing on the Brocade DCX-4S backbone
FIPS Support
- In this appendix
- FIPS overview
- Zeroization functions
  - Power-up self tests
  - Conditional tests
- FIPS mode configuration
  - LDAP in FIPS mode
  - LDAP certificates for FIPS mode
- Preparing the switch for FIPS
Hexadecimal
- Hexadecimal overview
  - Example conversion of the hexadecimal triplet Ox616000
Index

92 Fabric OS Administrator’s Guide

53-1001763-02

Password policies

• MinLength

Specifies the minimum length of the password. The minimum can be from 8 to 40 characters.

New passwords must be between the minimum length specified and 40 characters. The

default value is 8. The maximum value must be greater than or equal to the MinLength value.

• Repeat

Specifies the length of repeated character sequences that will be disallowed. For example, if

the “repeat” value is set to 3, a password “passAAAword” is disallowed because it contains the

repeated sequence “AAA”. A password of “passAAword” would be allowed because no repeated

character sequence exceeds two characters. The range of allowed values is 1 – 40. The

default value is 1.

• Sequence

Specifies the length of sequential character sequences that will be disallowed. A sequential

character sequence is defined as a character sequence in which the ASCII value of each

contiguous character differs by one. The ASCII value for the characters in the sequence must

all be increasing or decreasing. For example, if the “sequence” value is set to 3, a password

“passABCword” is disallowed because it contains the sequence “ABC”. A password of

“passABword” would be allowed because it contains no sequential character sequence

exceeding two characters. The range of allowed values is 1 – 40. The default value is 1.

Example of a password strength policy

The following example shows a password strength policy that requires passwords to contain at

least 3 uppercase characters, 4 lowercase characters and 2 numeric digits; the minimum

length of the password is 9 characters.

passwdcfg --set -uppercase 3 -lowercase 4 -digits 2 -minlength 9

Password history policy

The password history policy prevents users from recycling recently used passwords, and is

enforced across all user accounts when users are setting their own passwords. The password

history policy is enforced only when a new password is defined.

Specify the number of past password values that are disallowed when setting a new password.

Allowable password history values range between 0 and 24. If the value is set to 0, it means that

the new password cannot be set to current password, but can be set to 1 previous password. The

default value is 1, which means the current and one previous password cannot be reused. The

value 2 indicates that the current and the two previous passwords cannot be used (and so on, up

to 24 passwords).

This policy does not verify that a new password meets a minimal standard of difference from prior

passwords, rather, it only determines whether or not a newly-specified password is identical to one

of the specified number (1-24) of previously used passwords.

The password history policy is not enforced when an administrator sets a password for another

user; instead, the user’s password history is preserved and the password set by the administrator

is recorded in the user’s password history.