Administrator Guide

ManualsBrandsDell ManualsComputer AccessoriesPOWEREDGE M1000E

151

152

153

154

155

156

157

158

159

160

Table Of Contents

Contents
Figures
Tables
About This Document
- In this chapter
- How this document is organized
- Supported hardware and software
- What’s new in this document
- Document conventions
- Notice to the reader
- Additional information
  - Brocade resources
  - Other industry resources
- Getting technical help
- Document feedback
Understanding Fibre Channel Services
- In this chapter
- Fibre Channel services overview
- The Management Server
- Platform services
- Management server database
- Topology discovery
- Device login
- High availability of daemon processes
Performing Basic Configuration Tasks
- In this chapter
- Fabric OS overview
- Fabric OS command line interface
- Password modification
  - Default account passwords
- The Ethernet interface on your switch
- Date and time settings
- Domain IDs
  - Displaying the domain IDs
  - Setting the domain ID
- Switch names
  - Customizing the switch name
- Chassis names
  - Customizing chassis names
- Switch activation and deactivation
  - Disabling a switch
  - Enabling a switch
- Switch and enterprise-class platform shutdown
  - Powering off a Brocade switch
  - Powering off a Brocade enterprise-class platform
- Basic connections
  - Device connection
  - Switch connection
Performing Advanced Configuration Tasks
- In this chapter
- PIDs and PID binding overview
- Ports
- Blade terminology and compatibility
- Enabling and disabling blades
  - Enabling blades
  - Disabling blades
- Blade swapping
  - Swapping blades
  - Swapping blades
- Power management
  - Powering off a port blade
  - Powering on a port blade
- Equipment status
- Track and control switch changes
- Audit log configuration
Routing Traffic
- About this chapter
- Routing overview
- Inter-switch links
  - Buffer credits
  - Virtual Channels
- Gateway links
  - Configuring a link through a gateway
- Inter-chassis links
  - Supported topologies
- Routing policies
- Route selection
  - Dynamic Load Sharing
  - Static route assignment
- Frame order delivery
  - Forcing in-order frame delivery across topology changes
  - Restoring out-of-order frame delivery across topology changes
- Lossless Dynamic Load Sharing on ports
- Frame Redirection
Managing User Accounts
- In this chapter
- User accounts overview
  - Role-Based Access Control (RBAC)
  - The management channel
- Local database user accounts
  - Default accounts
  - Local account passwords
- Local account database distribution
- Password policies
- The boot PROM password
- The authentication model using RADIUS and LDAP
Configuring Protocols
- In this chapter
- Security protocols
- Secure Copy
  - Setting up SCP for configUploads and downloads
- Secure Shell protocol
  - SSH public key authentication
- Secure Sockets Layer protocol
- Simple Network Management Protocol
- Telnet protocol
  - Blocking Telnet
  - Unblocking Telnet
- Listener applications
- Ports and applications used by switches
  - Port configuration
Configuring Security Policies
- In this chapter
- ACL policies overview
  - How the ACL policies are stored
  - Policy members
- ACL policy management
- FCS policies
- DCC policies
- SCC policies
  - Creating an SCC policy
- Authentication policy for fabric elements
- IP Filter policy
- Policy database distribution
- Management interface security
Maintaining the Switch Configuration File
- In this chapter
- Configuration settings
  - Configuration file format
- Configuration file backup
  - Uploading a configuration file in interactive mode
- Configuration file restoration
  - Restrictions
  - Configuration download without disabling a switch
- Configurations across a fabric
  - Downloading a configuration file from one switch to another same model switch
  - Security considerations
- Configuration management for Virtual Fabrics
- Brocade configuration form
Installing and Maintaining Firmware
- In this chapter
- Firmware download process overview
- Preparing for a firmware download
- Firmware download on switches
  - Switch firmware download process overview
- Firmware download on an enterprise-class platform
  - Enterprise-class platform firmware download process overview
- Firmware download from a USB device
- FIPS Support
- Test and restore firmware on switches
  - Testing a different firmware version on a switch
- Test and restore firmware on enterprise-class platforms
  - Testing different firmware versions on enterprise-class platforms
- Validating a firmware download
Managing Virtual Fabrics
- In this chapter
- Virtual Fabrics overview
- Logical switch overview
  - Default logical switch
  - Logical switches and fabric IDs
  - Port assignment in logical switches
  - Logical switches and connected devices
- Logical fabric overview
  - Logical fabric and ISLs
  - Logical fabric and ISL sharing
- Management model for logical switches
- Account management and Virtual Fabrics
- Supported platforms for Virtual Fabrics
  - Supported port configurations in the Brocade 5100, 5300, and VA-40FC
  - Supported port configurations in the Brocade DCX and DCX-4S
  - Virtual Fabrics interaction with other Fabric OS features
- Limitations and restrictions of Virtual Fabrics
  - Restrictions on moving ports
- Enabling Virtual Fabrics mode
- Disabling Virtual Fabrics mode
- Configuring logical switches to use basic configuration values
- Creating a logical switch or base switch
- Executing a command in a different logical fabric context
- Deleting a logical switch
- Adding and removing ports on a logical switch
- Displaying logical switch configuration
- Changing the fabric ID of a logical switch
- Changing a logical switch to a base switch
- Setting up IP addresses for a Virtual Fabric
- Removing an IP address for a Virtual Fabric
- Configuring a logical switch to use XISLs
- Changing the context to a different logical fabric
- Creating a logical fabric using XISLs
Administering Advanced Zoning
- In this chapter
- Special zones
- Zoning overview
- Broadcast zones
- Zone aliases
- Zone creation and maintenance
- Default zoning mode
  - Setting the default zoning mode
  - Viewing the current default zone access mode
- Zoning database size
- Zoning configurations
- Zone object maintenance
- Zoning configuration management
  - New switch or fabric additions
  - Fabric segmentation and zoning
- Security and zoning
- Zone merging scenarios
Traffic Isolation Zoning
- In this chapter
- Traffic Isolation Zoning overview
  - TI zone failover
  - FSPF routing rules and traffic isolation
- Enhanced TI zones
- Traffic Isolation Zoning over FC routers
- General rules for TI zones
- Supported configurations for Traffic Isolation Zoning
  - Additional configuration rules for enhanced TI zones
  - Trunking with TI zones
- Limitations and restrictions of Traffic Isolation Zoning
- Admin Domain considerations for Traffic Isolation Zoning
- Virtual Fabric considerations for Traffic Isolation Zoning
- Traffic Isolation Zoning over FC routers with Virtual Fabrics
- Creating a TI zone
  - Creating a TI zone in a base fabric
- Modifying TI zones
- Changing the state of a TI zone
- Deleting a TI zone
- Displaying TI zones
- Setting up TI over FCR (sample procedure)
Administering NPIV
- In this chapter
- NPIV overview
- Configuring NPIV
- Enabling and disabling NPIV
- Viewing NPIV port configuration information
  - Viewing virtual PID login information
Interoperability for Merged SANs
- In this chapter
- Interoperability overview
- Connectivity solutions
- Domain ID offset modes
  - Configuring the Domain_ID offset
- McDATA Fabric mode configuration restrictions
- McDATA Open Fabric mode configuration restrictions
- Interoperability support for logical switches
- Switch configurations for interoperability
  - Enabling McDATA Open Fabric mode
  - Enabling McDATA Fabric mode
  - Enabling Brocade Native mode
- Zone management in interoperable fabrics
  - Zoning restrictions
  - Zone name restrictions
  - Zoning modes
  - Setting the safe zone mode on a stand-alone switch
  - Setting the safe zone mode fabric-wide
  - Disabling safe zone mode
  - Effective zone configuration
  - Saving the effective zone configuration to the Defined Database
- Frame Redirection in interoperable fabrics
- Traffic Isolation zones in interoperable fabrics
- Brocade SANtegrity implementation in mixed fabric SANS
  - Fabric OS Layer 2 Fabric Binding
- E_Port authentication between Fabric OS and M-EOS switches
  - Switch authentication policy
  - Dumb switch authentication
  - Authentication of EX_Port, VE_Port, and VEX_Port connections
  - Authentication of VE_Port-to-VE_Port connections
  - Authentication of VEX_Port-to-VE_Port connections
  - Authentication of VEX_Port-to-VEX_Port connections
- FCR SANtegrity
  - Fabric Binding behavior in a mixed fabric
  - Translate domains do not have Preferred or Insistent Domain ID behavior.
  - Configuring the preferred domain ID and the insistent domain ID
- FICON implementation in a mixed fabric
- Fabric OS version change restrictions in an interoperable environment
- Coordinated Hot Code Load
  - Bypassing the Coordinated HCL check on firmware download
  - Coordinated HCL on switches firmware downloads
  - Upgrade and downgrade considerations for HCL for interoperability
- McDATA-aware features
- McDATA-unaware features
  - M-EOS feature limitations in mixed fabrics
- Supported hardware in an interoperable environment
- Supported features in an interoperable environment
- Unsupported features in an interoperable environment
Managing Administrative Domains
- In this chapter
- Administrative Domains overview
- Admin Domain management for physical fabric administrators
- SAN management with Admin Domains
Administering Licensing
- In this chapter
- Licensing overview
- The Brocade 7800 Upgrade license
- ICL licensing
  - ICL 16-link license
  - ICL 8-link license
- 8G licensing
- Slot-based licensing
- Time-based licenses
  - Configupload and download considerations
  - Expired licenses
- Universal Time-based licenses
- Viewing installed licenses
- Activating a license
- Adding a licensed feature
- Removing a licensed feature
- Ports on Demand
Monitoring Fabric Performance
- In this chapter
- Advanced Performance Monitoring overview
  - Types of monitors
  - Virtual Fabrics considerations for Advanced Performance Monitoring
- End-to-end performance monitoring
- Frame monitoring
- ISL performance monitoring
- Top Talker monitors
- Trunk monitoring
- Displaying end-to-end and ISL monitor counters
- Clearing end-to-end and ISL monitor counters
- Saving and restoring monitor configurations
- Performance data collection
Optimizing Fabric Behavior
- In this chapter
- Adaptive Networking overview
- Ingress Rate Limiting
  - Limiting traffic from a particular device
  - Disabling ingress rate limiting
- QoS: SID/DID traffic prioritization
  - License requirements for traffic prioritization
- QoS zones
- Setting traffic prioritization
- Setting traffic prioritization over FC routers
- Disabling QoS
- Bottleneck detection
- Enabling bottleneck detection on a switch
- Excluding a port from bottleneck detection
- Displaying bottleneck detection configuration details
- Changing bottleneck alert parameters
- Displaying bottleneck statistics
- Disabling bottleneck detection on a switch
Managing Trunking Connections
- In this chapter
- Trunking overview
  - Criteria for managing trunking connections
- Supported hardware
- Recommendations for trunking groups
- Basic trunk group configuration
- Trunking over long distance fabrics
- F_Port trunking
- F_Port masterless trunking
Managing Long Distance Fabrics
- In this chapter
- Long distance fabrics overview
- Extended Fabrics device limitations
- Long distance link modes
- Configuring an extended ISL
  - Enabling long distance when connecting to TDM devices
- Buffer credit management
- Buffer credit recovery
Using the FC-FC Routing Service
- In this chapter
- FC-FC routing service overview
  - Supported platforms for Fibre Channel routing
  - Supported configurations
- Integrated Routing
- Fibre Channel routing concepts
- Setting up the FC-FC routing service
  - Verifying the setup for FC-FC routing
- Backbone fabric IDs
  - Assigning backbone fabric IDs
- FCIP tunnel configuration
- Inter-fabric link configuration
  - Configuring an IFL for both edge and backbone connections
- FC Router port cost configuration
  - Port cost considerations
  - Setting router port cost for an EX_Port
- EX_Port frame trunking configuration
- LSAN zone configuration
- Proxy PID configuration
- Fabric parameter considerations
- Inter-fabric broadcast frames
- Resource monitoring
- FC-FC Routing and Virtual Fabrics
  - Logical switch configuration for FC routing
  - Backbone-to-edge routing with Virtual Fabrics
- Upgrade and downgrade considerations for FC-FC routing
  - How replacing port blades affects EX_Port configuration
- Displaying the range of output ports connected to xlate domains
M-EOS Migration Path to Fabric OS
- In this appendix
- M-EOS fabrics overview
- McDATA Mi10K interoperability
- Fabric configurations for interconnectivity
Inband Management
- In this appendix
- Inband Management overview
- Internal Ethernet devices
- IP address and routing management
- Examples of supported configurations
  - Configuring a Management Station on the same subnet
  - Configuring a Management Station on different subnets
Port Indexing
- In this appendix
- Port indexing on the Brocade 48000 director
- Port indexing on the Brocade DCX backbone
- Port indexing on the Brocade DCX-4S backbone
FIPS Support
- In this appendix
- FIPS overview
- Zeroization functions
  - Power-up self tests
  - Conditional tests
- FIPS mode configuration
  - LDAP in FIPS mode
  - LDAP certificates for FIPS mode
- Preparing the switch for FIPS
Hexadecimal
- Hexadecimal overview
  - Example conversion of the hexadecimal triplet Ox616000
Index

118 Fabric OS Administrator’s Guide

53-1001763-02

Secure Copy

Table 19 describes additional software or certificates that you must obtain to deploy secure

protocols.

The security protocols are designed with the four main use cases described in Table 20.

Secure Copy

The secure copy protocol (SCP) runs on port 22. It encrypts data during transfer, thereby avoiding

packet sniffers that attempt to extract useful information during data transfer. SCP relies on SSH to

provide authentication and security.

SSH Secure Shell (SSH) is a network protocol that allows data to be exchanged over a

secure channel between two computers. Encryption provides confidentiality and

integrity of data. SSH uses public-key cryptography to authenticate the remote

computer and allow the remote computer to authenticate the user, if necessary.

SSL Fabric OS uses secure socket layer (SSL) to support HTTPS. A certificate must be

generated and installed on each switch to enable SSL. Supports SSLv3, 128-bit

encryption by default.

TABLE 19 Items needed to deploy secure protocols

Protocol Host side Switch side

SSHv2 Secure shell client None

HTTPS No requirement on host side

except a browser that

supports HTTPS

Switch IP certificate for SSL

SCP SSH daemon, SCP server None

SNMPv1, SNMPv2, SNMPv3 None None

TABLE 20 Main security scenarios

Fabric Management

interfaces

Comments

Nonsecure Nonsecure No special setup is needed to use Telnet or HTTP.

Nonsecure Secure Secure protocols may be used. An SSL switch certificate must be

installed if HTTPS is used.

Secure Secure Switches running earlier Fabric OS versions can be part of the

secure fabric, but they do not support secure management.

Secure management protocols must be configured for each

participating switch. Nonsecure protocols may be disabled on

nonparticipating switches.

If SSL is used, then certificates must be installed. For more

information on installing certificates, refer to “Installing a switch

certificate” on page 125.

Secure Nonsecure You must use SSH because Telnet is not allowed with some features.

TABLE 18 Secure protocol support

Protocol Description