Administrator Guide

ManualsBrandsDell ManualsComputer AccessoriesPOWEREDGE M1000E

161

162

163

164

165

166

167

168

169

170

Table Of Contents

Contents
Figures
Tables
About This Document
- In this chapter
- How this document is organized
- Supported hardware and software
- What’s new in this document
- Document conventions
- Notice to the reader
- Additional information
  - Brocade resources
  - Other industry resources
- Getting technical help
- Document feedback
Understanding Fibre Channel Services
- In this chapter
- Fibre Channel services overview
- The Management Server
- Platform services
- Management server database
- Topology discovery
- Device login
- High availability of daemon processes
Performing Basic Configuration Tasks
- In this chapter
- Fabric OS overview
- Fabric OS command line interface
- Password modification
  - Default account passwords
- The Ethernet interface on your switch
- Date and time settings
- Domain IDs
  - Displaying the domain IDs
  - Setting the domain ID
- Switch names
  - Customizing the switch name
- Chassis names
  - Customizing chassis names
- Switch activation and deactivation
  - Disabling a switch
  - Enabling a switch
- Switch and enterprise-class platform shutdown
  - Powering off a Brocade switch
  - Powering off a Brocade enterprise-class platform
- Basic connections
  - Device connection
  - Switch connection
Performing Advanced Configuration Tasks
- In this chapter
- PIDs and PID binding overview
- Ports
- Blade terminology and compatibility
- Enabling and disabling blades
  - Enabling blades
  - Disabling blades
- Blade swapping
  - Swapping blades
  - Swapping blades
- Power management
  - Powering off a port blade
  - Powering on a port blade
- Equipment status
- Track and control switch changes
- Audit log configuration
Routing Traffic
- About this chapter
- Routing overview
- Inter-switch links
  - Buffer credits
  - Virtual Channels
- Gateway links
  - Configuring a link through a gateway
- Inter-chassis links
  - Supported topologies
- Routing policies
- Route selection
  - Dynamic Load Sharing
  - Static route assignment
- Frame order delivery
  - Forcing in-order frame delivery across topology changes
  - Restoring out-of-order frame delivery across topology changes
- Lossless Dynamic Load Sharing on ports
- Frame Redirection
Managing User Accounts
- In this chapter
- User accounts overview
  - Role-Based Access Control (RBAC)
  - The management channel
- Local database user accounts
  - Default accounts
  - Local account passwords
- Local account database distribution
- Password policies
- The boot PROM password
- The authentication model using RADIUS and LDAP
Configuring Protocols
- In this chapter
- Security protocols
- Secure Copy
  - Setting up SCP for configUploads and downloads
- Secure Shell protocol
  - SSH public key authentication
- Secure Sockets Layer protocol
- Simple Network Management Protocol
- Telnet protocol
  - Blocking Telnet
  - Unblocking Telnet
- Listener applications
- Ports and applications used by switches
  - Port configuration
Configuring Security Policies
- In this chapter
- ACL policies overview
  - How the ACL policies are stored
  - Policy members
- ACL policy management
- FCS policies
- DCC policies
- SCC policies
  - Creating an SCC policy
- Authentication policy for fabric elements
- IP Filter policy
- Policy database distribution
- Management interface security
Maintaining the Switch Configuration File
- In this chapter
- Configuration settings
  - Configuration file format
- Configuration file backup
  - Uploading a configuration file in interactive mode
- Configuration file restoration
  - Restrictions
  - Configuration download without disabling a switch
- Configurations across a fabric
  - Downloading a configuration file from one switch to another same model switch
  - Security considerations
- Configuration management for Virtual Fabrics
- Brocade configuration form
Installing and Maintaining Firmware
- In this chapter
- Firmware download process overview
- Preparing for a firmware download
- Firmware download on switches
  - Switch firmware download process overview
- Firmware download on an enterprise-class platform
  - Enterprise-class platform firmware download process overview
- Firmware download from a USB device
- FIPS Support
- Test and restore firmware on switches
  - Testing a different firmware version on a switch
- Test and restore firmware on enterprise-class platforms
  - Testing different firmware versions on enterprise-class platforms
- Validating a firmware download
Managing Virtual Fabrics
- In this chapter
- Virtual Fabrics overview
- Logical switch overview
  - Default logical switch
  - Logical switches and fabric IDs
  - Port assignment in logical switches
  - Logical switches and connected devices
- Logical fabric overview
  - Logical fabric and ISLs
  - Logical fabric and ISL sharing
- Management model for logical switches
- Account management and Virtual Fabrics
- Supported platforms for Virtual Fabrics
  - Supported port configurations in the Brocade 5100, 5300, and VA-40FC
  - Supported port configurations in the Brocade DCX and DCX-4S
  - Virtual Fabrics interaction with other Fabric OS features
- Limitations and restrictions of Virtual Fabrics
  - Restrictions on moving ports
- Enabling Virtual Fabrics mode
- Disabling Virtual Fabrics mode
- Configuring logical switches to use basic configuration values
- Creating a logical switch or base switch
- Executing a command in a different logical fabric context
- Deleting a logical switch
- Adding and removing ports on a logical switch
- Displaying logical switch configuration
- Changing the fabric ID of a logical switch
- Changing a logical switch to a base switch
- Setting up IP addresses for a Virtual Fabric
- Removing an IP address for a Virtual Fabric
- Configuring a logical switch to use XISLs
- Changing the context to a different logical fabric
- Creating a logical fabric using XISLs
Administering Advanced Zoning
- In this chapter
- Special zones
- Zoning overview
- Broadcast zones
- Zone aliases
- Zone creation and maintenance
- Default zoning mode
  - Setting the default zoning mode
  - Viewing the current default zone access mode
- Zoning database size
- Zoning configurations
- Zone object maintenance
- Zoning configuration management
  - New switch or fabric additions
  - Fabric segmentation and zoning
- Security and zoning
- Zone merging scenarios
Traffic Isolation Zoning
- In this chapter
- Traffic Isolation Zoning overview
  - TI zone failover
  - FSPF routing rules and traffic isolation
- Enhanced TI zones
- Traffic Isolation Zoning over FC routers
- General rules for TI zones
- Supported configurations for Traffic Isolation Zoning
  - Additional configuration rules for enhanced TI zones
  - Trunking with TI zones
- Limitations and restrictions of Traffic Isolation Zoning
- Admin Domain considerations for Traffic Isolation Zoning
- Virtual Fabric considerations for Traffic Isolation Zoning
- Traffic Isolation Zoning over FC routers with Virtual Fabrics
- Creating a TI zone
  - Creating a TI zone in a base fabric
- Modifying TI zones
- Changing the state of a TI zone
- Deleting a TI zone
- Displaying TI zones
- Setting up TI over FCR (sample procedure)
Administering NPIV
- In this chapter
- NPIV overview
- Configuring NPIV
- Enabling and disabling NPIV
- Viewing NPIV port configuration information
  - Viewing virtual PID login information
Interoperability for Merged SANs
- In this chapter
- Interoperability overview
- Connectivity solutions
- Domain ID offset modes
  - Configuring the Domain_ID offset
- McDATA Fabric mode configuration restrictions
- McDATA Open Fabric mode configuration restrictions
- Interoperability support for logical switches
- Switch configurations for interoperability
  - Enabling McDATA Open Fabric mode
  - Enabling McDATA Fabric mode
  - Enabling Brocade Native mode
- Zone management in interoperable fabrics
  - Zoning restrictions
  - Zone name restrictions
  - Zoning modes
  - Setting the safe zone mode on a stand-alone switch
  - Setting the safe zone mode fabric-wide
  - Disabling safe zone mode
  - Effective zone configuration
  - Saving the effective zone configuration to the Defined Database
- Frame Redirection in interoperable fabrics
- Traffic Isolation zones in interoperable fabrics
- Brocade SANtegrity implementation in mixed fabric SANS
  - Fabric OS Layer 2 Fabric Binding
- E_Port authentication between Fabric OS and M-EOS switches
  - Switch authentication policy
  - Dumb switch authentication
  - Authentication of EX_Port, VE_Port, and VEX_Port connections
  - Authentication of VE_Port-to-VE_Port connections
  - Authentication of VEX_Port-to-VE_Port connections
  - Authentication of VEX_Port-to-VEX_Port connections
- FCR SANtegrity
  - Fabric Binding behavior in a mixed fabric
  - Translate domains do not have Preferred or Insistent Domain ID behavior.
  - Configuring the preferred domain ID and the insistent domain ID
- FICON implementation in a mixed fabric
- Fabric OS version change restrictions in an interoperable environment
- Coordinated Hot Code Load
  - Bypassing the Coordinated HCL check on firmware download
  - Coordinated HCL on switches firmware downloads
  - Upgrade and downgrade considerations for HCL for interoperability
- McDATA-aware features
- McDATA-unaware features
  - M-EOS feature limitations in mixed fabrics
- Supported hardware in an interoperable environment
- Supported features in an interoperable environment
- Unsupported features in an interoperable environment
Managing Administrative Domains
- In this chapter
- Administrative Domains overview
- Admin Domain management for physical fabric administrators
- SAN management with Admin Domains
Administering Licensing
- In this chapter
- Licensing overview
- The Brocade 7800 Upgrade license
- ICL licensing
  - ICL 16-link license
  - ICL 8-link license
- 8G licensing
- Slot-based licensing
- Time-based licenses
  - Configupload and download considerations
  - Expired licenses
- Universal Time-based licenses
- Viewing installed licenses
- Activating a license
- Adding a licensed feature
- Removing a licensed feature
- Ports on Demand
Monitoring Fabric Performance
- In this chapter
- Advanced Performance Monitoring overview
  - Types of monitors
  - Virtual Fabrics considerations for Advanced Performance Monitoring
- End-to-end performance monitoring
- Frame monitoring
- ISL performance monitoring
- Top Talker monitors
- Trunk monitoring
- Displaying end-to-end and ISL monitor counters
- Clearing end-to-end and ISL monitor counters
- Saving and restoring monitor configurations
- Performance data collection
Optimizing Fabric Behavior
- In this chapter
- Adaptive Networking overview
- Ingress Rate Limiting
  - Limiting traffic from a particular device
  - Disabling ingress rate limiting
- QoS: SID/DID traffic prioritization
  - License requirements for traffic prioritization
- QoS zones
- Setting traffic prioritization
- Setting traffic prioritization over FC routers
- Disabling QoS
- Bottleneck detection
- Enabling bottleneck detection on a switch
- Excluding a port from bottleneck detection
- Displaying bottleneck detection configuration details
- Changing bottleneck alert parameters
- Displaying bottleneck statistics
- Disabling bottleneck detection on a switch
Managing Trunking Connections
- In this chapter
- Trunking overview
  - Criteria for managing trunking connections
- Supported hardware
- Recommendations for trunking groups
- Basic trunk group configuration
- Trunking over long distance fabrics
- F_Port trunking
- F_Port masterless trunking
Managing Long Distance Fabrics
- In this chapter
- Long distance fabrics overview
- Extended Fabrics device limitations
- Long distance link modes
- Configuring an extended ISL
  - Enabling long distance when connecting to TDM devices
- Buffer credit management
- Buffer credit recovery
Using the FC-FC Routing Service
- In this chapter
- FC-FC routing service overview
  - Supported platforms for Fibre Channel routing
  - Supported configurations
- Integrated Routing
- Fibre Channel routing concepts
- Setting up the FC-FC routing service
  - Verifying the setup for FC-FC routing
- Backbone fabric IDs
  - Assigning backbone fabric IDs
- FCIP tunnel configuration
- Inter-fabric link configuration
  - Configuring an IFL for both edge and backbone connections
- FC Router port cost configuration
  - Port cost considerations
  - Setting router port cost for an EX_Port
- EX_Port frame trunking configuration
- LSAN zone configuration
- Proxy PID configuration
- Fabric parameter considerations
- Inter-fabric broadcast frames
- Resource monitoring
- FC-FC Routing and Virtual Fabrics
  - Logical switch configuration for FC routing
  - Backbone-to-edge routing with Virtual Fabrics
- Upgrade and downgrade considerations for FC-FC routing
  - How replacing port blades affects EX_Port configuration
- Displaying the range of output ports connected to xlate domains
M-EOS Migration Path to Fabric OS
- In this appendix
- M-EOS fabrics overview
- McDATA Mi10K interoperability
- Fabric configurations for interconnectivity
Inband Management
- In this appendix
- Inband Management overview
- Internal Ethernet devices
- IP address and routing management
- Examples of supported configurations
  - Configuring a Management Station on the same subnet
  - Configuring a Management Station on different subnets
Port Indexing
- In this appendix
- Port indexing on the Brocade 48000 director
- Port indexing on the Brocade DCX backbone
- Port indexing on the Brocade DCX-4S backbone
FIPS Support
- In this appendix
- FIPS overview
- Zeroization functions
  - Power-up self tests
  - Conditional tests
- FIPS mode configuration
  - LDAP in FIPS mode
  - LDAP certificates for FIPS mode
- Preparing the switch for FIPS
Hexadecimal
- Hexadecimal overview
  - Example conversion of the hexadecimal triplet Ox616000
Index

124 Fabric OS Administrator’s Guide

53-1001763-02

Secure Sockets Layer protocol

Generating a public and private key

Perform this procedure on each switch.

1. Connect to the switch and log in as admin.

2. Enter the secCertUtil genkey

command to generate a public/private key pair.

The system reports that this process will disable secure protocols, delete any existing CSR, and

delete any existing certificates.

3. Respond to the prompts to continue and select the key size.

Example of generating a key

Continue (yes, y, no, n): [no] y

Select key size [1024 or 2048]: 1024

Generating new rsa public/private key pair

Done.

Because CA support for the 2048-bit key size is limited, you should select 1024 in most cases.

Generating and storing a CSR

After generating a public/private key, perform this procedure on each switch.

1. Connect to the switch and log in as admin.

2. Enter the secCertUtil gencsr

command.

3. Enter the requested information.

Example of generating a CSR

Country Name (2 letter code, eg, US):US

State or Province Name (full name, eg, California):California

Locality Name (eg, city name):San Jose

Organization Name (eg, company name):Brocade

Organizational Unit Name (eg, department name):Eng

Common Name (Fully qualified Domain Name, or IP address): 192.1.2.3

Generating CSR, file name is: 192.1.2.3.csr

Done.

Your CA may require specific codes for Country, State or Province, Locality, Organization, and

Organizational Unit names. Make sure that your spelling is correct and matches the CA

requirements. If the CA requires that the Common Name be specified as an FQDN, make sure

that the fully qualified domain name is set on the domain name server. The IP address or

FQDN will be the server where the certificate will be put on.

4. Enter the secCertUtil export

command to store the CSR:

5. Enter the requested information. You can use either FTP or SCP.

Example of exporting a CSR

Select protocol [ftp or scp]: ftp

Enter IP address: 192.1.2.3

Enter remote directory: path_to_remote_directory

Enter Login Name: your account

Enter Password: your password

Success: exported CSR.