HP StorageWorks Fabric OS 5.0.
Legal and notice information © Copyright 2005 Hewlett-Packard Development Company, L.P. © Copyright 2005, Brocade Communications Systems, Incorporated. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
Contents About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Document conventions and symbols . . . . . . . . . . . . . . . . . . . . HP technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HP Storage web site. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Obtaining slot information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a new SAN Director 2/128 with two domains . . . . . . . . . . . . . Converting an installed SAN Director 2/128 to support two domains . . . . . . Combining Core Switch 2/64 and SAN Director 2/128 cards in one chassis Setting the card beacon mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .................. .................. .................. .................. ......
10 Administering advanced performance monitoring . . . . . . . . . . . . . . . . . 143 Displaying and clearing the CRC error count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring end-to-end performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting a mask for end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting a PID format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Evaluating the fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Planning the update procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Online update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 8 Standard ISL modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Blocked listener applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Access details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About this guide This document provides information to assist fabric administrators in using the web-based graphical user interface to monitor and modify their HP StorageWorks switch fabrics. This preface discusses the following topics: • Intended audience, page 9 • Related documentation, page 9 • Document conventions and symbols, page 10 • HP technical support, page 11 Intended audience This book is intended for use by those responsible for monitoring and modifying their HP StorageWorks switch fabric.
Document conventions and symbols Document conventions Table 1 Convention Element Medium blue text: Figure 1 Cross-reference links and e-mail addresses Medium blue, underlined text (http://www.hp.
HP technical support Telephone numbers for worldwide technical support are listed on the following HP web site: http://www.hp.com/support/. From this web site, select the country of origin. NOTE: For continuous quality improvement, calls may be recorded or monitored.
About this guide
1 Introducing Fabric OS CLI procedures This guide contains procedures for configuring and managing an HP StorageWorks Storage Area Network (SAN) using the Fabric OS Command Line Interface (CLI). This chapter consists of the following sections: • Changes to this guide for OS v5.0.
• On page 107, in the section “SAN Switch 4/32” add the following: For the Brocade 4Gb SAN Switch for HP p-Class BladeSystem, each port group contains four ports and buffer credits are shared among all ports on the switch.
• On page 108, in the section “Choosing an extended ISL mode,” add the following: Brocade 4Gb SAN Switch for HP p-Class BladeSystem The number of ports that can be configured at various distances is summarized in Table 2. Table 2 Brocade 4Gb SAN Switch for HP p-Class BladeSystem Speed (Gbit/sec) Number of ports allowed at distance (km) 1 2 3 4 1 286 154 110 88 2 143 77 55 44 4 71.5 38.5 27.
NOTE: When command examples in this guide show user input enclosed in quotation marks, the quotation marks are required for versions earlier than v4.0.0. They are optional in later versions, unless specifically called for in the procedures. Scope and references Although many different software and hardware configurations are tested and supported by HP, documenting all possible configurations and scenarios is beyond the scope of this document.
access should be set to the core switches in the fabric. For example, to run Secure Fabric OS, use the latest-model switch as the primary FCS, the location to perform zoning tasks, and the time server. A number of management tasks are designed to make fabric-level changes; for example, zoning commands make changes that affect the entire fabric. When executing fabric-level configuration tasks, allow time for the changes to propagate across the fabric before executing any subsequent tasks.
Introducing Fabric OS CLI procedures
2 Performing basic configuration tasks This chapter contains procedures for performing basic switch configuration tasks using the Fabric OS CLI and contains the following sections: • Connecting to the CLI, page 19 • Setting the IP address, page 21 • Setting the default account passwords, page 21 • Setting the date and time, page 22 • Maintaining licensed features, page 25 • Customizing the switch name, page 27 • Customizing the chassis name, page 28 • Disabling and enabling a switch, page 28 • Disabling and
6. Verify that the login was successful. The prompt displays the switch name and user ID to which you are connected: login: admin password: xxxxxxx switch:admin> Consider the following for telnet connections: • Never change the IP address of the switch while two telnet sessions are active; if you do, your next attempt to log in fails. To recover, gain access to the switch by one of these methods: • Use Advanced Web Tools and perform a fast boot. When the switch comes up, the telnet quota is cleared.
Setting the IP address You must connect through the serial port to set the IP address (see ”To connect through the serial port:” on page 20). After connecting, use the ipaddrset command to set the IP address. CAUTION: The use of IP address 0.0.0.0 is not supported. Do not use this address. Fabric OS v2.6.0, v3.1.0, and v4.0.0 supports Classless Inter-Domain Routing (CIDR). Setting the default account passwords For each logical switch (domain), there are admin and user default access accounts.
Passwords can be from 8 to 40 characters long and must begin with an alphabetic character. They can include numerals, the dot (.), and the underscore (_). They are case sensitive, and they are not displayed when you enter them on the command line. You cannot reuse the default passwords. NOTE: Record the passwords exactly as entered and store them in a secure place; recovering passwords requires significant effort and fabric downtime. Example: login: admin Password: Please change your passwords now.
To set the date and time: 1. Connect to the switch and log in as admin. 2. Enter the date command at the command line using the following syntax: date “MMDDhhmmYY” The values represent the following: • MM is the month; valid values are 01 through 12. • DD is the date; valid values are 01 through 31. • hh is the hour; valid values are 00 through 23. • mm is minutes; valid values are 00 through 59.
To set the time zone: 1. Connect to the switch and log in as admin. 2. Issue the tstimezone command as follows: tstimezone [houroffset [, minuteoffset]] • For Pacific Standard Time enter tsTimeZone -8,0 • For Central Standard Time enter tsTimeZone -6,0 • For Eastern Standard Time enter tsTimeZone -5,0 The default time zone for switches is Universal Time Conversion (UTC), which is 8 hours ahead of (later than) Pacific Standard Time (PST). For additional time zone conversions, see Table 3.
Maintaining licensed features Feature licenses might be part the licensed Paper Pack supplied with switch software, or you can purchase licenses separately from your switch vendor, who will provide you with keys to unlock the features. License keys are provided on a per-chassis basis, so for products that support multiple logical switches (domains), a license key applies to all domains within the chassis.
10.Activate and verify the license as follows: a. Connect to the switch and log in as admin. b. Activate the license using the licenseadd command. For example: switch:admin> licenseadd “key” The license key is case sensitive and must be entered exactly as given. The quotation marks are optional. For the Core Switch 2/64 and SAN Director 2/128, the licenses are effective on both CPs and on all logical switches. c. Verify that the license was added by issuing the licenseshow command.
Example: switch:admin> licenseshow bQebzbRdScRfc0iK: Web license Zoning license SybbzQQ9edTzcc0X: Fabric license switch:admin> licenseremove “bQebzbRdScRfc0iK” removing license key “bQebzbRdScRfc0iK” switch:admin> After a reboot (or switchdisable and switchenable): Example: switch:admin> licenseshow SybbzQQ9edTzcc0X: Fabric license switch:admin> If there are no license keys, licenseshow displays No licenses.
3. For the Core Switch 2/64 and the SAN Director 2/128, proceed to the next step. For the SAN Director 2/128, if configured for one domain (the default) proceed to the next step. If configured with two domains, proceed as for the Core Switch 2/64. For the Core Switch 2/64, choose the logical switch that you want to change. Enter the value that corresponds to that logical region: • Enter 0 to configure logical switch 0 (slot 1 through 4). • Enter 1 to configure logical switch 1 (slot 7 through 10). 4.
2. Issue the switchdisable command at the command line. All Fibre Channel ports on the switch are taken offline. If the switch was part of a fabric, the fabric reconfigures. To enable a switch: 1. Connect to the switch and log in as admin. 2. Issue the switchenable command at the command line. All Fibre Channel ports that passed the POST test are enabled. If the switch has interswitch links to a fabric, it joins the fabric. Disabling and enabling a port All licensed ports are enabled by default.
Activating Ports on Demand The Core Switch 4/32 can be purchased with 16 or 32 licensed ports. As your needs increase, you can activate the remaining ports by purchasing and installig the optional HP StorageWorks 8-port upgrade license. Ports on Demand is ready to be unlocked in the switch firmware. Its license might be part of the licensed Paper Pack supplied with switch software, or you can purchase the license separately from your switch vendor, who will provide you with a key to unlock it.
Connecting to devices To minimize port logins, power off all devices before connecting them to the switch. For devices that cannot be powered off, first use the portdisable command to disable the port on the switch, and then connect the device. When powering the devices back on, wait for each device to complete the fabric login before powering on the next one.
2. Issue the fabricshow command. Fabric information is displayed, including the domain ID (D_ID). Example: switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr ------------------------------------------------------------------------3: fffc43 10:00:00:60:69:10:60:1f 192.168.64.187 0.0.0.0 2: fffc42 10:00:00:60:69:00:05:91 192.168.64.60 192.168.65.60 1:fffc41 10:00:00:60:69:00:02:0b 192.168.64.180 192.168.65.
• When determining switch count maximums, include the switches connected to both sides of the gateway. • Extended links (those created using the Extended Fabrics licensed feature) and the security features in Secure Fabric OS are not supported through gateway links. To configure a link through a gateway: 1. If you are not sure that the PID format is consistent across the entire fabric, issue the configshow command on all switches to check the PID setting.
To verify HA features: HA features provide maximum reliability and nondisruptive replacement of key hardware and software modules. To verify these features, connect to the switch as admin and use any of the following commands: • chassisshow verifies the Field Replaceable Units (FRUs). • For the Core Switch 2/64 and the SAN Director 2/128: • hashow verifies that HA is enabled, that the heartbeat is up, and that the HA state is synchronized between the active and standby CP cards.
Example: switch:admin> nsallshow { 010e00 012fe8 012fef 030500 030b04 030b08 030b17 030b18 030b1e 030b1f 040000 050000 050200 050700 050800 050de8 050def 051700 061c00 071a00 073c00 090d00 0a0200 0a07ca 0a07cb 0a07cc 0a07cd 0a07ce 0a07d1 0a07d2 0a07d3 0a07d4 0a07d5 0a07d6 0a07d9 0a07da 0a07dc 0a07e0 0a07e1 0a0f01 0a0f02 0a0f0f 0a0f10 0a0f1b 0a0f1d 0b2700 0b2e00 0b2fe8 0b2fef 0f0000 0f0226 0f0233 0f02e4 0f02e8 0f02ef 210e00 211700 211fe8 211fef 2c0000 2c0300 611000 6114e8 6114ef 611600 620800 621026 621036 6
A message appears, verifying that the Track Changes feature is on: switch:admin> trackchangesset 1 Committing configuration...done. switch:admin> The output from the Track Changes feature is dumped to the system message log for the switch. Use the errdump or errshow command to view the log. Items in the system message log created from the Track Changes feature are labeled TRCK; for example: 2004/08/24-08:45:43, [TRCK-1001], 212,, INFO, ras007, Successful login by user admin.
For the Core Switch 2/64 and the SAN Director 2/128, the output is similar to the following: switch:admin> switchstatuspolicyshow The current overall switch status policy parameters: Down Marginal ---------------------------------PowerSupplies 3 0 Temperatures 2 1 Fans 2 1 WWN 0 1 CP 0 1 Blade 0 1 Flash 0 1 MarginalPorts 2 1 FaultyPorts 2 1 MissingSFPs 0 0 switch:admin> The policy parameter determines the number of failed or inoperable units for each contributor that trigger
NOTE: By setting the DOWN and MARGINAL value for a parameter to 0,0 that parameter is no longer used in setting the overall status for the switch. For the SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, and SAN Switch 4/32, the following example shows the command as executed on a SAN Switch 2/32.
3 Configuring standard security features This chapter provides information and procedures for standard Fabric OS security features. Standard Fabric OS features include account and password management. Additional security is available when secure mode is enabled. For information about licensed security features available in Secure Fabric OS, refer to the HP StorageWorks Secure Fabric OS user guide.
Fabric OS v4.4.0 and later supports SSH protocol v2.0 (ssh2). For more information on SSH, see the SSH IETF web site: http://www.ietf.org/ids.by.wg/secsh.html Refer to SSH, The Secure Shell; The Definitive Guide, By Daniel J. Barrett and Richard Silverman; Published by O’Reilly. Fabric OS v4.4.0 comes with the SSH server preinstalled; however, you must select and install the SSH client. For information on installing and configuring the F-Secure SSH client, see the web site: http://www.f-secure.
To enable telnet: 1. Connect to the switch through a means other than telnet (for example, SSH) and log in as admin. 2. Issue the following command: configure telnetd 3. In response to the System Services prompt, enter y. 4. In response to the telnetd prompt, enter on. The telnet interface is enabled. Blocking listeners HP StorageWorks switches block Linux® subsystem listener applications that are not used to implement supported features and capabilities.
Table 5 Blocked listener applications Listener application Core Switch 2/64 and SAN Director 2/128 SAN switches 2/8V, 2/16V, 2/32, 4/32 chargen Do not start Do not start echo Do not start Do not start daytime Do not start Do not start discard Do not start Do not start ftp Do not start Do not start rexec Block with packet filter Do not start rsh Block with packet filter Do not start rlogin Block with packet filter Do not start time Block with packet filter Do not start rstats
Creating and maintaining user-defined accounts In addition to the default administrative and user accounts, Fabric OS supports up to 15 user-defined accounts in each logical switch (domain). These accounts expand your ability to track account access and audit administrative activities. User-defined accounts can be specified as either admin or user level. Admin-level accounts allow up to two simultaneous login sessions. User-level accounts allow up to four simultaneous login sessions.
2. Issue the following command: userConfig --add username -r rolename [-d description] where: username Specifies the account name, which must begin with an alphabetic character. The name can be from 8 to 40 characters. It is case sensitive and can contain alphabetic and numeric characters, the dot (.), and the underscore ( _ ). It must be different from all other account names on the logical switch.
2. Enter the following command: userConfig --change username [-r rolename] [-d description] [-e yes | no] where: username An option that changes the account attribute for username. The account must already exist. -r rolename An option that changes the role: either admin or user in nonsecure mode; admin, user, or nonfcsadmin in secure mode. An account cannot change its own role. You can only change the role name of a user-defined account with a lower level of authorization.
• Password prompting is disabled when security mode is enabled. • Starting with Fabric OS v4.4.0, admin level accounts can use Web Tools to change passwords. • Starting with Fabric OS v3.2.0, you cannot change default account names. • For information on password behavior when you upgrade (or downgrade) firmware, see ”Effects of firmware changes on accounts and passwords” on page 80. To change the password for the current login account: 1. Connect to the switch and log in as either admin or user. 2.
Consider the following effects of the use of RADIUS service on other Fabric OS features: • When RADIUS service is enabled, all account passwords must be managed on the RADIUS server. The Fabric OS mechanisms for changing switch passwords remain functional; however, such changes affect only the involved switches locally. They do not propagate to the RADIUS server, nor do they affect any account on the RADIUS server. When RADIUS is set up for a fabric that contains a mix of switches running v4.4.0 and v3.2.
Configuring the RADIUS server You must know the switch IP address or name to connect to switches. Use the ipaddrshow command to display a switch IP address. For the Core Switch 2/64 and the SAN Director 2/128 (chassis-based systems), the switch IP addresses are aliases of the physical Ethernet interfaces on the CP cards. When specifying client IP addresses for the logical switches in such systems, make sure that the CP card IP addresses are used.
5. In the Set Up a Custom Policy window: a. Select the Custom policy radio button. b. Enter a policy name for the user role (for example, HP User) in the space provided. c. Click Next. 6. In the Select Attribute window, select Windows-Groups and click Add. 7. In the Select Groups window: a. Enter the name of the Windows group that contains login names assigned to the user role. b. Click Check Names. When the system finds the Windows group, it underlines the name. 8. Click OK. 9.
25.Repeat the procedure to set the admin remote access policy, with these differences: • In step 5, enter a policy name for the admin role (for example, HP Admin) in the space provided. • In step 7, enter the name of the Windows group that contains login names assigned to the admin role. • In step 20, enter admin in the Attribute Value space. Linux Use the following procedure on a Linux FreeRADIUS server to: • Set up a vendor dictionary file and include it in the system dictionary file.
8. Open the user file in a text editor and add user names and roles for users who will be accessing the switch. For example, to set up an account called JohnDoe with the admin role: JohnDoe Auth-Type := Local, User-Password == “johnPassword” HP-Auth-Role = “admin” The user file is located in the RADIUS configuration directory. 9. Save the user file. 10.Enter this command to start the RADIUS server: /usr/local/sbin/radiusd 11.
To add a RADIUS server to the switch configuration: 1. Connect to the switch and log in as admin. 2. Enter this command: switch:admin> aaaConfig --add server [-p port] [-s secret] [-t timeout] [-a pap | chap] where: server Enter either a server name or IP address. Avoid duplicating server listings (that is, listing the same server once by name and again by IP address). Up to five servers can be added to the configuration. -p port Optional: enter a server port. The default is port 1812.
To change a RADIUS server configuration: 1. Connect to the switch and log in as admin. 2. Issue the following command: switch:admin> aaaConfig --change server [-p port] [-s secret] [-t timeout] [-a pap | chap] where: server Servers are listed by either name or IP address. Enter either the name or IP address of the server to be changed. -p port Optional: enter a server port. -s secret Optional: enter a shared secret.
Configuring for the SSL protocol Fabric OS v4.4.0 and later supports secure sockets layer (SSL) protocol, which provides secure access to a fabric through web-based management tools like Advanced Web Tools. SSL support is a standard Fabric OS feature; it is independent of Secure Fabric OS, which requires a license and separate certification.
You can request a certificate from a CA through a Web browser. After you request a certificate, the CA either sends certificate files by e-mail (public) or gives access to them on a remote host (private). Typically, the CA provides the certificate files listed in Table 7. Table 7 SSL certificate files Certificate file Description name.crt The switch certificate. nameRoot.crt The root certificate. Typically, this certificate is already installed in the browser, but if not, you must install it.
3. Respond to the prompts to continue and select the key size: Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done. Because CA support for the 2048-bit key size is limited, you should select 1024 in most cases. Generating and storing a CSR After generating a public/private key (see ”Generating a public/private key” on page 55 earlier), perform this procedure on each switch: 1. Connect to the switch and log in as admin. 2.
Obtaining certificates Check the instructions on the CA web site; then, perform this procedure for each switch: 1. Generate and store the CSR as described in ”Generating and storing a CSR” on page 56. 2. Open a Web browser window on the management workstation and go to the CA web site. Follow the instructions to request a certificate. Locate the area in the request form that is provided for you to paste the CSR. 3. Through a telnet window, connect to the switch and log in as admin. 4.
Activating a switch certificate Enter the configure command and respond to the prompts that apply to SSL certificates: SSL attributes Enter yes. Certificate File Enter the name of the switch certificate file: for example, 192.1.2.3.crt. CA Certificate File If you want the CA name to be displayed in the browser window, enter the name of the CA certificate file; otherwise, skip this prompt. Select length of crypto key Enter the encryption key length (40, 56, or 128). HTTP attributes Enter yes.
5. Scroll the authorities list to see if the root certificate is listed. (For example, its name may have the form nameRoot.crt.) If it is listed, you do not need to install it; forgo the remainder of this procedure. 6. If the certificate is not listed, click Import. 7. Browse to the certificate location and select the certificate. (For example, select nameRoot.crt.) 8. Click Open and follow the instructions to import the certificate.
Troubleshooting certificates If you receive messages in the browser or in a pop-up window when logging in to the target switch using HTTPS, see Table 10. Table 10 SSL messages and actions Message Action The page cannot be displayed The SSL certificate is not installed correctly or HTTPS is not enabled correctly. Make sure that the certificate has not expired, that HTTPS is enabled, and that certificate file names are configured correctly.
If you use both SW-MIB and FA-MIB, you may receive duplicate information. You can disable the FA-MIB, but the SW-MIB cannot be disabled. You can also use these additional MIBs and their associated traps: • HA-MIB (for the Core Switch 2/64 and SAN Director 2/128) • SW-EXTTRAP includes the swSsn (Software Serial Number) as a part of HP SW traps. It is also used with the legacy SAN Switched Integrated/64 to provide detailed group information for a particular trap.
To change the SNMPv3 configuration, use the following as an example: switch:admin> snmpconfig --set snmpv3 SNMPv3 user configuration: User (rw): [snmpadmin1] adminuser Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv[2]): (1..2) New Priv Passwd: Verify Priv Passwd: User (rw): [snmpadmin2] shauser Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv[2]): (1..
To change the SNMPv1 configuration, use the following as an example: switch:admin> snmpconfig --set snmpv1 SNMP community and trap recipient configuration: Community (rw): [Secret C0de] admin Trap Recipient's IP address in dot notation: [0.0.0.0] 10.32.225.1 Trap recipient Severity level : (0..5) [0] 1 Community (rw): [OrigEquipMfr] Trap Recipient's IP address in dot notation: [10.32.225.2] Trap recipient Severity level : (0..5) [1] Community (rw): [private] Trap Recipient's IP address in dot notation: [10.
To display the mibCapability configuration, use the following as an example: switch:admin> snmpconfig --show mibCapability FA-MIB: YES FICON-MIB: YES HA-MIB: YES SW-TRAP: YES swFCPortScn: YES swEventTrap: YES swFabricWatchTrap: YES swTrackChangesTrap: NO FA-TRAP: YES connUnitStatusChange: YES connUnitEventTrap: NO connUnitSensorStatusChange: YES connUnitPortStatusChange: YES SW-EXTTRAP: NO FICON-TRAP: NO HA-TRAP: YES fruStatusChanged: YES cpStatusChanged: YES fruHistoryTrap: NO To change the systemGroup co
Use the agtcfgshow command to display SNMP agent configuration information. For example: switch:admin> agtcfgshow Current SNMP Agent Configuration Customizable MIB-II system variables: sysDescr = FC Switch sysLocation = End User Premise sysContact = Field Support. authTraps = 1 (ON) SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) Trap recipient: 192.168.1.51 Trap recipient Severity level: 4 Community 2: OrigEquipMfr (rw) Trap recipient: 192.168.1.
Use the agtcfgset command to modify the SNMP configuration values. For example: switch:admin> agtcfgset Customizing MIB-II system variables ... At each prompt, do one of the followings: o to accept current value, o enter the appropriate new value, o to skip the rest of configuration, or o to cancel any change.
Use the agtcfgdefault command to reset the SNMP agent configuration to default values. For example: switch:admin> agtcfgdefault ***** This command will reset the agent's configuration back to factory default ***** Current SNMP Agent Configuration Customizable MIB-II system variables: sysDescr = Fibre Channel Switch. sysLocation = End User Premise sysContact = sweng authTraps = 0 (OFF) SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) Trap recipient: 192.168.15.
Use the snmpmibcapset command to modify the options for configuring SNMP MIB traps.
• connUnitPortStatusChange indicates that the status of the sensor associated with the connectivity unit has changed. • connUnitPortStatus shows overall protocol status for the port. • connUnitPortState shows the user-specified state of the port hardware. Use the snmpmibcapshow command to view the SNMP MIB trap setup.
Setting the boot PROM password The boot PROM password provides an additional layer of security by protecting the boot PROM from unauthorized use. Setting a recovery string for the boot PROM password enables you to recover a lost boot PROM password by contacting your switch service provider. Without the recovery string, a lost boot PROM password cannot be recovered. You should set the boot PROM password and the recovery string on all switches, as described in ”With a recovery string” on page 70.
6. Enter the boot PROM password and then reenter it when prompted. The password must be 8 alphanumeric characters (any additional characters are not recorded). Record this password for future use. The new password is automatically saved (the saveenv command is not required). 7. Reboot the switch. For the Core Switch 2/64 and the SAN Director 2/128, the boot PROM and recovery passwords must be set for each CP card on those switches: 1.
9. Connect the serial cable to the serial port on the new standby CP card (previously the active CP card). 10.Repeat step 2 through step 7 for the new standby CP card (each CP card has a separate boot PROM password). 11.Connect to the active CP card by serial or telnet and enter the haenable command to restore high availability.
3. Create a serial connection to the standby CP card as described in ”To connect through the serial port:” on page 20. 4. For the Core Switch 2/64, reboot the standby CP card by pressing the yellow ejector buttons at top and bottom of the CP card and then pressing both ejector handles back towards the switch to lock the card back into the slot. For the SAN Director 2/128, reboot the standby CP card by sliding the On/Off switch on the ejector handle of the standby CP card to Off, and then back to On.
4. Enter the requested information at the prompts. To recover a lost root password, contact your switch service provider. To recover a lost boot PROM password, contact your switch service provider. You must have previously set a recovery string to recover the boot PROM password.
4 Maintaining configurations and firmware This chapter contains procedures for maintaining switch configurations and installing firmware and consists of the following sections: • Maintaining configurations, page 75 • Maintaining firmware, page 78 • Troubleshooting firmware downloads, page 86 Maintaining configurations It is important to maintain consistent configuration settings on all switches in the same fabric, because inconsistent parameters (such as inconsistent PID formats) can cause fabric segmentat
Before beginning, verify that you can reach the FTP server from the switch. Using a telnet connection, save a backup copy of the configuration file to a host computer as follows: 1. Verify that the FTP service is running on the host computer. 2. Connect to the switch and log in as admin. 3. Enter the configupload command. The command becomes interactive and you are prompted for the required information. 4.
5. Respond to the prompts as follows: Protocol (scp or ftp) If your site requires the use of Secure Copy, specify scp. Otherwise, specify ftp. Server Name or IP Address Enter the name or IP address of the server where the file is stored; for example, 192.1.2.3. You can enter a server name if DNS is enabled. User name Enter the user name of your account on the server; for example, JohnDoe. File name Specify the full path name of the backup file; for example, /pub/configurations/config.txt.
Editing configuration files Beginning with Fabric OS v4.2.0, the portcfg line in the configuration file for a brand new switch contains 256 entries, regardless of the number of ports on the switch. This line length exceeds the capacity of the vi editor. If you must edit a new configuration file, you can do so with the vim editor.
Checking connected switches If the switch to be upgraded is running v4.1.0 firmware (or later), HP recommends that all switches directly connected to it be running versions no earlier than v2.6.1, v3.1.0, or v4.1.0. If some connected switches are running older firmware, upgrade them to at least the earliest recommended version (shown in Table 11) before upgrading firmware on your switch. Table 11 Recommended firmware If HP StorageWorks switch1 Earliest recommended Fabric OS version 1 GB v2.6.
HP StorageWorks fixed-port switches and each CP card of the Core Switch 2/64 and SAN Director 2/128 have two partitions of nonvolatile storage areas (a primary and a secondary) to store two firmware images. The firmwaredownload command always loads the new image into the secondary partition and swaps the secondary partition to be the primary. It then reboots the partition and activates the new image.
As an option, before starting a firmware download, HP suggests that you connect the switch with a console cable to a computer that is running a session capture. The information collected may be useful if needed for troubleshooting. Summary of the upgrade process The following summary describes the default behavior of the firmwaredownload command (without options) on the SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, and SAN Switch 4/32. • Issue the firmwaredownload command.
7. At the Do you want to continue [y/n] prompt, enter y. 8. Respond to the prompts as follows: Server Name Enter the name or IP address of the server where the firmware file is stored; or IP Address: for example, 192.1.2.3. You can enter a server name if DNS is enabled. User name: Enter the user name of your account on the server; for example, JohnDoe. File name: Specify the full path name of the firmware directory, appended by release.plist; for example, /pub/v4.4.0/release.plist.
Upgrading the Core Switch 2/64 and the SAN Director 2/128 You can download firmware to the Core Switch 2/64 and SAN Director 2/128 without disrupting the overall fabric if the two CP cards are installed and fully synchronized. Use the hashow command to confirm synchronization. If only one CP card is powered on, the switch must reboot to activate firmware, which is disruptive to the overall fabric.
Core Switch 2/64 and SAN Director 2/128 upgrade procedure The Core Switch 2/64 has four IP addresses: one for each of the two logical switches (switch 0 and switch 1) and one for each of the two CP cards (CP0 in slot 5 and CP1 in slot 6). The SAN Director 2/128 in its default configuration has three IP addresses, but it can be configured for four. NOTE: By default, the firmwaredownload command automatically upgrades both the active CP card and the standby CP card.
10.Respond to the prompts as follows: Server Name or IP Address Enter the name or IP address of the server where the firmware file is stored; for example, 192.1.2.3. You can enter a server name if DNS is enabled. User name Enter the user name of your account on the server; for example, JohnDoe. File name Specify the full path name of the firmware directory, appended by release.plist; for example, /pub/v4.4.0/release.plist. Password Enter your account password for the server.
Start a new session to view the upgrade progress: switch:admin> firmwaredownloadstatus [0]: Tue Apr 20 15:18:56 2003 cp0: Firmwaredownload has started on Standby CP. It may take up to 10 minutes. [1]: Tue Apr 20 15:24:17 2003 cp0: Firmwaredownload has completed successfully on Standby CP. [2]: Tue Apr 20 15:24:19 2003 cp0: Standby CP reboots. [3]: Tue Apr 20 15:27:06 2003 cp0: Standby CP booted up. [4]: Tue Apr 20 15:29:01 2003 cp1: Active CP forced failover succeeded. Now this CP becomes Active.
Decide which firmware version you want to be applied to both CP cards. Then repeat the download procedure. Fabric OS 5.0.
Maintaining configurations and firmware
5 Configuring the Core Switch 2/64 and the SAN Director 2/128 This chapter contains procedures that are specific to the Core Switch 2/64 and the SAN Director 2/128 and consists of the following sections: • Identifying ports, page 89 • Basic card management, page 90 • Setting chassis configurations, page 92 • Setting the card beacon mode, page 98 Because these switches contain interchangeable 16-port cards (the software calls them blades), their procedures differ from those for the SAN Switch 2/8V, SAN Switc
By slot and port number To select a specific port in the Core Switch 2/64 and the SAN Director 2/128, you must identify both the slot number and the port number using the format slot number/port number. No spaces are allowed between the slot number, the slash (/), and the port number. The following example shows how to enable port 4 on a card in slot 2: switch:admin> portenable 2/4 By port area ID Zoning commands require that you specify ports using the area ID method. In Fabric OS v4.0.
Example: switch:admin> slotpoweron 3 Powering on slot 3 switch:admin> Disabling and enabling cards Cards are enabled by default. You might need to disable a card to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the card to be disabled. This ensures that diagnostic activity does not interfere or disturb normal fabric traffic. To disable a card: 1. Connect to the switch and log in as admin. 2.
Setting chassis configurations The chassisconfig command allows you to set the chassis configuration for products that support both single-switch (one domain) and dual-switch (two domains) operation. Table 13 lists the supported options for Fabric OS v4.4.0 or later. In the table, Blade ID 4 indicates a SAN Director 2/128 card, and Blade ID 2 indicates a Core Switch 2/64 card.
Table 14 Header fields (continued) Field Value ID Displays the hardware ID of the card type Status Displays the status of the card: • VACANT: the slot is empty. • INSERTED, NOT POWERED ON: The card is present in the slot, but is turned off. • DIAG RUNNING POST1: The card is present, powered on, and running the post initialization power on self tests. • DIAG RUNNING POST2: The card is present, powered on, and running the power-on self test. • ENABLED: The card is on and enabled.
4. After the system reboots, log in again to the first logical switch (sw0) as admin. 5. Use the configure command to configure the sw0 to match your fabric specifications. If the director is to be merged into an existing fabric, do not configure zoning parameters; these are propagated automatically when you merge the director into the fabric. 6. Log in to the second logical switch (sw1) as admin. 7. Use the configure command to configure the sw1 to match your fabric specifications.
3. Issue the chassisconfig command to change the configuration from the default (one domain) to two domains. This command reboots the system. chassisconfig 2 During the conversion, you are prompted to save the configuration of sw0. Follow the prompts to save the configuration file. 4. After the system reboots, log in again as admin to each logical switch. 5. Using the configuration file saved in step 3 as a guide, manually reconfigure sw0 and sw1.
• The result of this procedure is two 64-port logical switches (domains) that communicate through external ISLs. • Only similar port cards can be inserted in the same logical switch (slots 1 through 4 or slots 7 through 10); you cannot install Core Switch 2/64 and SAN Director 2/128 port cards in the same logical switch.
10.Issue the slotshow command to view the status of the cards in each slot. The Core Switch 2/64 cards (ID = 2) show FAULTY status. For example: slotshow Slot 1 2 3 4 5 6 7 8 9 10 Blade Type SW BLADE SW BLADE SW BLADE SW BLADE CP BLADE CP BLADE SW BLADE SW BLADE SW BLADE SW BLADE ID 2 2 2 2 5 5 4 4 4 4 Status FAULTY (9) FAULTY (9) FAULTY (9) FAULTY (9) ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED Issue the chassisconfig command to configure two domains.
15.Reissue the slotshow command until you see that POST diagnostics are finished and the status of all cards is Enabled. For example: slotshow Slot 1 2 3 4 5 6 7 8 9 10 Blade Type SW BLADE SW BLADE SW BLADE SW BLADE CP BLADE CP BLADE SW BLADE SW BLADE SW BLADE SW BLADE ID 2 2 2 2 5 5 4 4 4 4 Status ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED 16.
6 Routing traffic This chapter contains procedures for configuring HP StorageWorks switch routing features. For details on the commands used in the procedures, refer to the HP StorageWorks Fabric OS 4.x command reference guide.
• 2: Device-based path selection on the on the SAN Switch 4/32 only • 3: Exchange-based path selection, which is the default on the SAN Switch 4/32 only The default policy usually provides the best performance. You should change the policy only if there is a performance problem that you cannot resolve in other ways. You must disable the switch before changing the routing policy, and reenable it afterward.
To force in-order frame delivery across topology changes: 1. Connect to the switch and log in as admin. 2. Issue the iodset command. NOTE: This command can cause a delay in the establishment of a new path when a topology change occurs, and should be used with care. To restore out-of-order frame delivery across topology changes: 1. Connect to the switch and log in as admin. 2. Issue the iodreset command.
Viewing routing path information The topologyshow and urouteshow commands provide information about the routing path. 1. Connect to the switch and log in as admin. 2. Issue the topologyshow command to display the fabric topology as it appears to the local switch.
Example: switch:admin> topologyshow 2 domains in the fabric; Local Domain ID: 1 Domain: 6 Metric: 500 Name: switch Path Count: 4 Hops: 1 Out Port: 60 In Ports: None Total Bandwidth: 2 Gbps Bandwidth Demand: 0% Flags: D Hops: 1 Out Port: 61 In Ports: None Total Bandwidth: 2 Gbps Bandwidth Demand: 0% Flags: D Hops: 1 Out Port: 62 In Ports: None Total Bandwidth: 2 Gbps Bandwidth Demand: 0% Flags: D Hops: 1 Out Port: 58 In Ports: None Total Bandwidth: 2 Gbps Bandwidth Demand: 0% Flags: D 3.
The following example displays the routing information of all the active ports: : switch:admin> urouteshow Local Domain ID: 3 In PortDomain Out Port Metric Hops Flags Next (Dom, Port) --------------------------------------------------------------------------0 1 11 1000 1 D 1,0 11 2 0 1500 2 D 4,0 4 16 500 1 D 4,0 16 1 27 1000 1 D 1,1 27 2 16 1500 2 D 4,16 4 0 29 500 1 D 4,0 The following example displays the routing information for port 11 on slot 1: switch:admin> urouteshow 1/11 Local Domain ID: 3 In Por
• Extended stats Detailed statistics on every link • Trace reverse path The path from the destination switch back to the source switches • Source route The route that the frame is forced to follow a specified path to reach the destination • Timeout The maximum time to wait for a response from pathinfo, in seconds Paths always originate on the local switch. The path destination can be specified by domain or port.
Routing traffic
7 Administering extended fabrics This chapter contains procedures for using the HP Extended Fabrics licensed feature, which extends the distance that interswitch links (ISLs) can reach. To use extended ISL modes, you must first install the Extended Fabrics license. For details on obtaining and installing licensed features, see ”Maintaining licensed features” on page 25.
Fabric considerations Consider these items that affect the fabric when you configure extended ISLs: • The extended link configuration mode, L2 can reach 100 km at a speed of 2Gbps between HP Fabric OS v4.x switches. However, it only supports a distance of up to 60 km if the link is established between HP Fabric OS v3.x and 4.x switches. • The standard-distance and long-distance ISL modes cannot be enabled at the same time.
The dynamic long-distance mode (LD) automatically configures the number of buffer credits required, based on the actual link distance. For the SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Core Switch 2/64, and SAN Director 2/128, the number of ports that can be configured per port group at various distances is summarized in Table 16.
To configure an extended ISL: 1. Connect to the switch and log in as admin. 2. If the fabric contains a mix of switches, use the configure command to make sure the fabric-wide configuration parameter fabric.ops.mode.longDistance is set to 0 on all switches in the fabric. If the fabric contains only HP StorageWorks 1 GB switches, use the switchdisable command to disable the switch and then use the configure command to set the fabric-wide configuration parameter fabric.ops.mode.
NOTE: In rare cases, reconfiguring a port to LD from one of the other modes can result in the port being disabled for lack of buffers. If this occurs: In Fabric OS v4.2.x, reconfigure the disabled LD port back to the original mode. In Fabric OS v4.4.0 and later, specify a slightly shorter distance for the desired_distance parameter in the portcfglongdistance command. Trunking over distance See ”Trunking over extended fabrics” on page 119. Fabric OS 5.0.
Administering extended fabrics
8 Administering ISL trunking This chapter contains procedures for using the HP ISL Trunking licensed feature, which optimizes the use of bandwidth by allowing a group of interswitch links to merge into a single logical link.
Fabric considerations The ISL Trunking feature is provided with the Fabric OS and can be activated by entering a license key, which is available from the switch supplier. When the ISL Trunking license is activated, trunking is automatically implemented for any eligible ISLs. A license must be activated on each switch that participates in trunking. For the Core Switch 2/64, a single license key enables the feature on both logical switches.
• Consider creating redundant trunking groups where additional ports are available or paths are particularly critical. This helps to protect against oversubscription of trunking groups, multiple ISL failures in the same group, and the rare occurrence of an ASIC failure. • To provide the highest level of reliability, deploy trunking groups in redundant fabrics to further ensure ISL failures do not disrupt business operations.
• Use the portperfshow command as described in the following procedure to record traffic volume for each port in your fabric over time. To use the portperfshow command: 1. Connect to the switch and log in as admin. 2. Issue the following command: portperfshow [interval] where interval is the number of seconds between each data-gathering sample (the default is one sample every second). 3. Record the traffic flow for each port participating in an ISL. 4.
2. Issue the portcfgtrunkport command. The format is: portcfgtrunkport slotnumber/portnumber 1|0 where: slotnumber Specifies the number of the slot in which the port card containing the port is located (this operand is required only for switches with slots, such as the Core Switch 2/64 and SAN Director 2/128). portnumber Specifies the number of the port on which you want to enable or disable trunking. 1|0 Enables (1) or disables (0) trunking on the specified port.
2. Issue the portcfgspeed command. The format is: portcfgspeed slotnumber/portnumber speedlevel where: slotnumber Specifies the switch slot (this operand is required only for switches with slots, such as the Core Switch 2/64 and SAN Director 2/128). portnumber Specifies the port number. speedlevel Specifies the speed of the link: • 0 is auto-negotiating mode. The port configures for the highest speed. • 1 is 1 Gbps mode, which fixes the port at a speed of 1 Gbps.
The following example sets the speed for all ports on the switch to auto-negotiate: switch:admin> switchcfgspeed 0 Committing configuration...done. switch:admin> Displaying trunking information Use the trunkshow command to display the following information about ISL Trunking groups: • Number identifier. • Port-to-port connections, listed in the format local port number -> remote port number. • WWNs of the remote switches.
Troubleshooting trunking problems If you have difficulty with trunking, try the solutions in this section. Listing link characteristics If a link that is part of an ISL Trunk fails, use the trunkdebug command to troubleshoot the problem, as shown in the following procedure: 1. Connect to the switch and log in as admin. 2. Issue the following command: trunkdebug port, port where port specifies the number of a port in an ISL Trunking group.
which buffers are available come up and stabilize. You should wait for stabilization, and then proceed with correcting the buffer allocation situation. Fabric OS 5.0.
Administering ISL trunking
9 Administering advanced zoning This chapter provides procedures for using the HP Advanced Zoning feature and consists of the following sections: • Zoning terminology, page 123 • Zoning concepts, page 124 • Creating and managing zone aliases, page 131 • Creating and maintaining zones, page 133 • Creating and modifying zoning configurations, page 134 • Managing zoning configurations in a fabric, page 137 • Using zoning to administer security, page 139 • Resolving zone conflicts, page 140 Zoning terminology
Zoning concepts Before using the procedures, you should become familiar with the zoning concepts described in the following sections. Zone types Table 18 summarizes the types of zoning and Table 19 summarizes the primary forms. Table 18 Types of zoning Zone type Description Storage-based Storage units typically implement LUN-based zoning, also called LUN masking. LUN-based zoning limits access to the LUNs on the storage port to the specific WWN of the server HBA. It is needed in most SANs.
Table 19 Approaches to fabric-based zoning Zoned by Description Single HBA Zoning by single HBA most closely re-creates the original SCSI bus. Each zone created has only one HBA (initiator) in the zone; each of the target devices is added to the zone. Typically, a zone is created for the HBA and the disk storage ports are added. If the HBA also accesses tape devices, a second zone is created with the HBA and associated tape devices in it.
Zone objects A zone object is any device in a zone, such as the: • Physical port number or area ID on the switch • Node World Wide Name (N-WWN) • Port World Wide Name (P-WWN) Zone objects identified by port number or area number are specified as a pair of decimal numbers in the form d, area (d is the domain ID of the switch and area is the area number on that switch). For example, on the Core Switch 2/64 and the SAN Director 2/128, 4, 46 specifies port 14 in slot number 3 (domain ID 4, area 46).
• Saved Configuration, which is a copy of the defined configuration plus the name of the effective configuration, which is saved in flash memory by the cfgSave command. (You can also use the configupload command to provide a backup of the zoning configuration and the configdownload command to restore the zoning configuration.
• Checks each frame before it is delivered to a zone member and discards it if there is a zone mismatch. When hardware-enforced zoning is active, the HP StorageWorks switch monitors the communications and blocks any frames that do not comply with the effective zone configuration. The switch performs this blocking at the transmit side of the port on which the destination device is located. • Is enforced at the ASIC level.
Figure 1 shows a fabric with four non-overlapping hardware-enforced zones. Figure 1 Hardware-enforced non-overlapping zones Figure 2 shows the same fabric components zoned in an overlapping fashion. Figure 2 Hardware-enforced overlapping zones Fabric OS 5.0.
Figure 3 Zoning with hardware assist (mixed port and WWN zones) Soft Figure 4 Overlapping hardware-enforced zoning with soft porting In Figure 4, only the ports that are overlapped are software-enforced with hardware assist. Rules for configuring zones Observe the following rules when configuring zones. • If security is a priority, you should use hard zoning. • The use of aliases is optional with zoning, and using aliases requires structure when defining zones.
• If the fabric includes an HP StorageWorks switch and you support a third-party switch product, the third-party switches are able to use only WWN zoning; other types of zoning, including QuickLoop, are not supported. • QuickLoop Evaluate whether the fabric will also use QuickLoop Fabric Assist (QLFA) or QuickLoop (QL). If you are running HP Fabric OS v4.x, consider the following before creating and setting up QLFA zones: • QuickLoop and QuickLoop zones cannot run on switches running Fabric OS v4.x.
Example: switch:admin> switch:admin> switch:admin> switch:admin> alicreate “array1”, “2,32; 2,33; 2,34; 4,4” alicreate “array2”, “21:00:00:20:37:0c:66:23; 4,3” alicreate “loop1”, “4,6[0x02]” cfgsave To add members to an alias: 1. Connect to the switch and log in as admin. 2. Issue the aliadd command. 3. Issue the cfgsave command to save the change to the defined configuration.
2. Issue the alishow command. The following example shows all zone aliases beginning with arr. switch:admin> alishow “arr*” alias: array1 21:00:00:20:37:0c:76:8c alias: array2 21:00:00:20:37:0c:66:23 If no parameters are specified, the entire zone database (both the defined and effective configuration) is displayed. Creating and maintaining zones To create a zone: 1. Connect to the switch and log in as admin. 2. Issue the zonecreate command. 3.
To delete a zone: 1. Connect to the switch and log in as admin. 2. Issue the zonedelete command. 3. Issue the cfgsave command to save the change to the defined configuration. Example: switch:admin> zonedelete “bluezone” switch:admin> cfgsave To view a zone in the defined configuration: 1. Connect to the switch and log in as admin. 2. Issue the zoneshow command.
To add zones (members) to a zoning configuration: 1. Connect to the switch and log in as admin. 2. Issue the cfgadd command. 3. Issue the cfgsave command to save the change to the defined configuration. Example: switch:admin> cfgadd “newcfg”, “bluezone” switch:admin> cfgsave To remove zones (members) from a zone configuration: 1. Connect to the switch and log in as admin. 2. Issue the cfgremove command. 3. Issue the cfgsave command to save the change to the defined configuration.
Example: switch:admin> cfgshow Defined configuration: cfg: USA1 Blue_zone cfg: USA_cfg Red_zone; Blue_zone zone: Blue_zone 1,1; array1; 1,2; array2 zone: Red_zone 1,0; loop1 alias: array1 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 alias: array2 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 alias: loop1 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df Effective configuration: cfg: USA_cfg zone: Blue_zone 1,1 21:00:00:20:37:0c:76:8c 21:00:00:20:37:0c:71:02 1,2 21:00:00:20:37:0c:76:22 21:00:00:20:37:0
Managing zoning configurations in a fabric To modify an existing zone configuration, you can add, delete, or remove individual elements to create the desired configuration. After the changes have been made, save the configuration to ensure the configuration is permanently saved in the switch and that the configuration is replicated throughout the fabric. The switch configuration file can also be uploaded to the host for archiving and it can be downloaded from the host to a switch in the fabric.
• Merging and segmentation—The fabric is checked for segmentation during power-up or when a switch is disabled or enabled, or when a new switch is added. Two databases are used with zoning. The first database is the zone configuration database. This is the data displayed as the defined configuration in the cfgShow command. It is stored in nonvolatile memory by the cfgSave command. This database is a replicated database, which means that all switches in the fabric has a copy of this database.
NOTE: If the zoneset members on two switches are not listed in the same order, the configuration is considered a mismatch, which causes the switches to be segmented from the fabric. For example: cfg1 = z1; z2 is different from cfg1 = z2; z1, even though members of the configuration are the same. If zoneset members on two switches have the same names defined in the configuration, make sure zoneset members are listed in the same order.
Resolving zone conflicts Zone conflicts can be resolved by saving a configuration file with the configupload command, examining the zoning information in the file, and performing a cut and paste operation so that the configuration information matches in the fabrics being merged.
Table 22 Considerations for zoning architecture (continued) Item Description Effect of changes in a production fabric Zone changes in a production fabric can result in a disruption of I/O under conditions where an RSCN is issued as a result of a zone change and the HBA is unable to process the RSCN fast enough. Though RSCNs are a normal part of a functioning SAN, the pause in I/O may not be acceptable.
Administering advanced zoning
10 Administering advanced performance monitoring This chapter contains procedures for the HP Advanced Performance Monitoring licensed feature and contains the following sections: • Displaying and clearing the CRC error count, page 145 • Monitoring end-to-end performance, page 145 • Monitoring filter-based performance, page 149 • Monitoring ISL performance, page 152 • Monitoring trunks, page 152 • Displaying monitor counters, page 153 • Clearing monitor counters, page 155 • Saving and restoring monitor confi
Table 23 Advanced performance monitoring commands Command Description perfaddeemonitor Add an end-to-end (EE) monitor to a port. perfaddipmonitor Add an IP monitor to a port. perfaddreadmonitor Add a SCSI Read monitor to a port. perfaddrwmonitor Add a SCSI Read and Write monitor to a port. perfaddscsimonitor Add a SCSI traffic frame monitor to a port. perfaddusermonitor Add a user-defined monitor to a port. perfaddwritemonitor Add a SCSI Write monitor to a port.
Displaying and clearing the CRC error count You can use the perfshowalpacrc command to display the CRC error count for all AL_PA devices or a single AL_PA on a specific active L_Port. NOTE: The SAN Switch 4/32 running Fabric OS v4.4.0 provides port CRC reports through Advanced Web Tools.
Each SID or DID has three fields, listed in the following order: • Domain ID (DD) • Area ID (AA) • AL_PA (PP) For example, the SID 0x118a0f denotes DD 0x11, AA 0x8a, and AL_PA 0x0f. You can monitor end-to-end performance using the perfmonitorshow command, as described in ”Displaying monitor counters” on page 153. You can clear end-to-end counters using the perfmonitorclear command, as described in ”Clearing monitor counters” on page 155.
Figure 5 shows two devices: • Host A is connected to domain 5 (0x05), switch area ID 18 (0x12), AL_PA 0x00 on Switch X. • Dev B is a storage device connected to domain 17 (0x11), switch area ID 30 (0x1e), AL_PA 0xef on Switch Y. SID 0x051200 Switch x Host A Switch y ... Monitor 0 domain 0x05, switch area ID 0x12 AL_PA 0x00 DID 0x111eef ...
Setting a mask for end-to-end monitors End-to-end monitors count the number of words in Fibre Channel frames that match a specific SID/DID pair. If you want to match only part of the SID or DID, you can set a mask on the port to compare only certain parts of the SID or DID. By default, the frame must match the entire SID and DID to trigger the monitor. By setting a mask, you can choose to have the frame match only one or two of the three fields (Domain ID, Area ID, and AL_PA) to trigger the monitor.
To set and display an end-to-end mask: switch:admin> perfsetporteemask 1/11, “00:00:ff” “00:00:ff” “00:00:ff” “00:00:ff” The EE mask on port 11 is set and EE counters are reset.
Adding standard filter-based monitors Table 24 lists the commands for adding standard filter-based monitors to a port. Table 24 Commands to add filter-based monitors Telnet command Description perfaddreadmonitor Count the number of SCSI Read commands. perfaddwritemonitor Count the number of SCSI Write commands. perfaddrwmonitor Count the number of SCSI Read and Write commands. perfaddscsimonitor Count the number of SCSI traffic frames. perfaddipmonitor Count the number of IP traffic frames.
The following number of offsets can be specified: • For the HP StorageWorks SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Core Switch 2/64, and SAN Director 2/128 (Fabric OS v4.0.0 or later), up to two different offsets per port. • For the SAN Switch 2/8–EL and SAN Switch 2/16 (Fabric OS v3.0.0 or later), up to three different offsets per port. • For the SAN Switch 4/32 (Fabric OS v4.4.0 or later), up to 15 different offsets per port (14 offsets when FMS is enabled).
Deleting filter-based monitors To delete a filter-based monitor: 1. List the valid monitor numbers using the perfshowfiltermonitor command. 2. Use the perfdelfiltermonitor command to delete a specific monitor. If you do not specify which monitor number to delete, you are asked if you want to delete all entries.
Displaying monitor counters Use the perfmonitorshow command to display the monitors on a specified port. For end-to-end counters, you can display either the cumulative count of the traffic detected by the monitors or a snapshot of the traffic at specified intervals. NOTE: The SAN Switch 4/32 output does not include CRC counts.
To display EE monitors on a port: switch:admin> perfMonitorShow --class EE 4/5 There are 7 end-to-end monitor(s) defined on port 53.
To display an ISL monitor information on a port: switch:admin> perfMonitorShow --class ISL 1/1 Total transmit count for this ISL: 1462326 Number of destination domains monitored: 3 Number of ports in this ISL: 2 Domain 97: 110379 Domain 98: Domain 99: 1337982 13965 Clearing monitor counters Before you clear statistics counters, verify the valid monitor numbers on a specific port using the perfmonitorshow command, to make sure the correct monitor counters are cleared.
To clear statistics counters for a filter-based monitor: switch:admin> perfMonitorClear --class FLT 1/2 4 Filter-based monitor number 4 counters are cleared switch:admin> perfMonitorClear --class FLT 1/2 This will clear ALL filter-based monitors' counters on port 2, continue? (yes, y, no, y): [no] y To clear statistics counters for an ISL monitor: switch:admin> perfMonitorClear --class ISL 1 This will clear ISL monitor on port 1, continue? (yes, y, no, n): [no] y Saving and restoring monitor configuration
11 Configuring the distributed management server This chapter contains the following sections: • Enabling and disabling the platform services, page 157 • Controlling access, page 158 • Configuring the server database, page 161 • Controlling topology discovery, page 162 The HP Fabric OS Distributed Management Server allows a SAN management application to retrieve information and administer interconnected switches, servers, and storage devices.
Example: switch:admin> msplmgmtdeactivate MS Platform Service is currently enabled. This will erase MS Platform Service configuration information as well as database in the entire fabric. Would you like to continue this operation? (yes, y, no, n): [no] y Request to deactivate MS Platform Service in progress...... *Completed deactivating MS Platform Service in the fabric! switch:admin> Controlling access You can use the msconfigure command to control access to the management server database.
In this example, the list is empty: switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 1 MS Access list is empty. 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN done ... switch:admin> To add a member to the ACL: 1. Connect to the switch and log in as admin. 2. Issue the msconfigure command. The command becomes interactive. 3.
Example: switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 2 Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 20:00:00:20:37:65:ce:aa *WWN is successfully added to the MS ACL. 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..
Example: switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 3 Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 20:00:00:20:37:65:ce:aa *WWN is successfully deleted from the MS ACL. 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..
Example: switch:admin> msplatshow ----------------------------------------------------------Platform Name: [9] "first obj" Platform Type: 5 : GATEWAY Number of Associated M.A.: 1 [35] "http://java.sun.com/products/plugin" Number of Associated Node Names: 1 Associated Node Names: 10:00:00:60:69:20:15:71 ----------------------------------------------------------Platform Name: [10] "second obj" Platform Type: 7 : HOST_BUS_ADAPTER Number of Associated M.A.: 1 Associated Management Addresses: [30] "http://java.
Example: switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. *MS Topology Discovery Enable Operation Complete!! To disable topology discovery: 1. Connect to the switch and log in as admin. 2. Issue the mstddisable command to disable the discovery feature locally.
Configuring the distributed management server
12 Working with diagnostic features This chapter contains the following sections: • Viewing power-on self test, page 165 • Viewing switch status, page 166 • Viewing port information, page 168 • Viewing equipment status, page 171 • Viewing the system message log, page 172 • Viewing the port log, page 173 • Configuring for syslogd, page 175 • Viewing and saving diagnostic information, page 177 • Setting up automatic trace dump transfers, page 178 This chapter provides information on diagnostics and how to dis
POST1 cannot be bypassed; it runs from the boot loader. The factory default configuration is also set to run POST2, but you can configure your switch to bypass POST2, which runs after the kernel image has started but before general system services, such as login, are enabled. Although each test performed during POST2 is configurable, modify a POST2 test only if directed by your switch provider’s customer service representative.
2. Issue the switchstatusshow command: switch:admin> switchstatusshow [7505]: Read 1 license entries for generation 1. [7505]: Read 1 license records. Switch Health Report Report time: 05/21/2004 03:50:36 PM Switch Name: SW3900 IP address: 10.33.54.
To display the uptime for a switch: 1. Connect to the switch and log in as admin. 2. Issue the uptime command: : switch:admin> uptime 4:43am up 1 day, 12:32, switch:admin> 1 user, load average: 1.29, 1.31, 1.27 The uptime command displays the length of time the system has been in operation, the total cumulative amount of uptime since the system was first powered-on, the date and time of the last reboot, the reason for the last reboot, and the load average over the past one minute (1.
To display the port statistics: 1. Connect to the switch and log in as admin. 2. Issue the portstatsshow command. Port statistics include information such as number of frames received, number of frames sent, number of encoding errors received, and number of class 2 and class 3 frames received. Refer to the HP StorageWorks Fabric OS 4.x command reference guide for additional portstatsshow command information, such as the syntax for slot or port numbering.
Example: switch:admin> porterrshow frames enc crc too too bad enc disc link loss loss frjt fbsy tx rx in err shrt long eof out c3 fail sync sig sig==================================================================== = 0: 22 24 0 0 0 0 0 1.5m 0 7 3 0 0 0 1: 22 24 0 0 0 0 0 1.
Error summary description (continued) Table 26 Error type Description bad eof Frames with bad end-of-frame delimiters. enc out Encoding error outside of frames. disc c3 Class 3 frames discarded. link fail Link failures (LF1 or LF2 states). loss sync Loss of synchronization. loss sig Loss of signal. frjt Frames rejected with F_RJT. fbsy Frames busied with F_BSY. Viewing equipment status You can display status for fans, power supply, and temperature.
To display the status of a power supply: 1. Connect to the switch and log in as admin. 2. Issue the psshow command: switch:admin> psshow Power Supply #1 is OK 0335,FF2Z0007161,60-0000739-02, B,,DCJ3002-01P, B,FF2Z0007161 Power Supply #2 is faulty 0335,FF2Z0007176,60-0000739-02, B,,DCJ3002-01P, B,FF2Z0007176 switch:admin> The possible status values are: • OK Power supply functioning correctly. • Absent Power supply not present. • Unknown Unknown power supply unit installed.
To display the system message log, with no page breaks: 1. Connect to the switch and log in as admin. 2. Issue the errdump command. To display the system message log, with page breaks: 1. Connect to the switch and log in as admin. 2. Issue the errshow command. To clear the system message log: 1. Connect to the switch and log in as admin. 2. Issue the errclear command. All switch and chassis events are removed. Viewing the port log The Fabric OS maintains an internal log of all port activity.
2. Issue the portlogshow command: switch:admin> portlogshow 8 Total records present = 12 Number of records displayed = 12 Time Module Event Port Len Log info -----------------------------------------------------------------------------18:36:52.036 fabctl PrtSCN 08 0 st=1, Topo=2, Spd=0 18:36:52.361 WKA Rx 08 140 22fffffe,00000000,01a6ffff,04000000 18:36:52.362 fabctl PrtSCN 08 0 st=2, Topo=2, Spd=2 18:36:52.365 fabctl Debug 08 0 Loading routes 18:36:52.
Because a portlogdump output is long, a truncated example is presented: switch:admin> portlogdump task event port cmd args ------------------------------------------------16:30:41.780 PORT Rx 9 40 02fffffd,00fffffd,0061ffff,14000000 16:30:41.780 PORT Tx 9 0 c0fffffd,00fffffd,0061030f 16:30:42.503 PORT Tx 9 40 02fffffd,00fffffd,0310ffff,14000000 16:30:42.505 PORT Rx 9 0 c0fffffd,00fffffd,03100062 16:31:00.464 PORT Rx 9 20 02fffc01,00fffca0,0063ffff,01000000 16:31:00.
Configuring the Host Fabric OS supports a subset of UNIX-style message severities that default to the UNIX local7 facility. To configure the host, edit the /etc/syslog.conf file to map Fabric OS message severities to UNIX severities, as shown in Table 28.
You can specify up to six host IP addresses for storing syslog messages, as shown in this example: switch:admin> syslogdipadd 10.1.2.1 switch:admin> syslogdipadd 10.1.2.2 switch:admin> syslogdipadd 10.1.2.3 switch:admin> syslogdipadd 10.1.2.4 switch:admin> syslogdipadd 10.1.2.5 switch:admin> syslogdipadd 10.1.2.6 switch:admin> syslogdipshow syslog.IP.address.1 10.1.2.1 syslog.IP.address.2 10.1.2.2 syslog.IP.address.3 10.1.2.3 syslog.IP.address.4 10.1.2.4 syslog.IP.address.5 10.1.2.5 syslog.IP.address.6 10.
Setting up automatic trace dump transfers You can set up a switch so that diagnostic information is transferred automatically to a remote server. Then, if a problem occurs you can provide your customer support representative with the most detailed information possible. To ensure the best service, you should set up for automatic transfer as part of standard switch configuration, before a problem occurs.
To set up periodic checking of the remote server: 1. Connect to the switch and log in as admin. 2. Issue the following command: supportftp -t interval The interval is in hours. The minimum interval is 1 hour. Specify 0 hours to disable the checking feature. To save a comprehensive set of diagnostic files to the server: 1. Connect to the switch and log in as admin. 2. Issue the following command: supportsave -c Fabric OS 5.0.
Working with diagnostic features
13 Troubleshooting This chapter contains the following sections: • Most common problem areas, page 182 • Gathering information for technical support, page 182 • Analyzing connection problems, page 184 • Restoring a segmented fabric, page 186 • Correcting zoning setup issues, page 187 • Recognizing MQ-WRITE errors, page 189 • Correcting I2C bus errors, page 190 • Correcting device login issues, page 191 • Identifying media-related issues, page 194 • Correcting link failures, page 196 • Correcting marginal li
Most common problem areas See Table 29 for a list of the most common problem areas that arise within SANs and a list of tools that can be used to resolve the problems.
4. Impact assessment and urgency: • Is the switch down? • Is it a standalone switch? • How large is the fabric? • Is the fabric redundant? 5. Issue the supportsave command. (See ”Viewing and saving diagnostic information” on page 177 and ”Setting up automatic trace dump transfers” on page 178). 6.
3. Storage information: • Disk/tape type • Disk/tape firmware level • Controller type • Controller firmware level • Configuration settings • Storage software (such as EMC Control Center, Veritas SPC, etc.) Analyzing connection problems If a host is unable to detect its target (for example, a storage or tape device), you should begin troubleshooting the problem in the middle of the data path.
To check the Simple Name Server (SNS): 1. Issue the nsshow command on the switch to which the device is attached.
3. Resolve zoning conflicts by putting the devices into the same zoning configuration. See ”Correcting zoning setup issues” on page 187 for additional information. Restoring a segmented fabric Fabric segmentation is generally caused by: • Incompatible fabric parameters (see ”To reconcile fabric parameters individually:” on page 186). • Incorrect PID setting (see ”Configuring the PID format” on page 203). • Incompatible zoning configuration (see ”To check for zoning problems:” on page 185).
8. Issue the configure command to edit the fabric parameters for the segmented switch. Refer to the HP StorageWorks Fabric OS 4.x command reference guide for more detailed information. 9. Enable the switch by entering the switchenable command. To download a correct configuration: You can restore a segmented fabric by downloading a previously saved correct backup configuration to the switch.
Table 31 summarizes commands that are useful for debugging zoning issues. Table 31 Commands for debugging zoning Command Function alicreate Use to create a zone alias. alidelete Use to delete a zone alias. cfgcreate Use to create a zone configuration. cfgshow Displays zoning configuration. licenseshow Displays current license keys and associated (licensed) products. switchshow Displays currently enabled configuration and any E_Port segmentations due to zone conflicts.
To verify a fabric merge problem: 1. Issue the switchshow command to validate that the segmentation is due to a zone issue. 2. See Table 30 on page 187 to view the different types of zone discrepancies. To edit zone configuration members: 1. Log in to one of the switches in a segmented fabric as admin. 2. Issue the cfgshow command. Typing the asterisk * after the command displays list of all configuration names. 3. Print the output from the cfgShow command. 4.
Correcting I2C bus errors I2C bus errors indicate defective hardware, and the specific item is listed in the error message. Refer to the HP StorageWorks Fabric OS 4.x diagnostics and system error messages reference guide for information specific to the error that was received. Some CPT and Environmental Monitor (EM) messages contain I2C-related information. If the I2C message does not indicate the specific hardware that might be failing, begin debugging the hardware, as this is the most likely cause.
Correcting device login issues To try to pinpoint problems with device logins, use this procedure: 1. Log in to the switch as root. 2. Issue the switchshow command; then check for correct logins. For example: switch:admin> switchshow switchName: sw094135 switchType: 26.
3. Issue the portconfigshow command to see how the port is configured. For example: sw094135:root> portcfgshow Ports of Slot 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 -----------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+-+-Speed AN 1G AN 2G AN AN AN AN AN AN AN AN AN AN AN AN Trunk Port ON ON .. ON ON ON ON ON ON ON ON ON ON ON ON ON Long Distance .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. VC Link Init .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. Locked L_Port .. .. .. .. .. .. .. .. .. .
5. Issue the portflagsshow command; then check to see how a port has logged in and where a login failed (if a failure occurred).
See ”Viewing the port log” on page 173 for overview information about a portlogdump. Refer to the HP StorageWorks Fabric OS 4.x command reference guide for information about decoding a portlogdump. Identifying media-related issues This section provides procedures that help pinpoint any media-related issues in the fabric. The tests listed in Table 32 are a combination of structural and functional tests that can be used to provide an overview of the hardware components and help identify media-related issues.
Example: switch:admin> crossporttest Running Cross Port Test .... passed. To test a switch’s internal components: 1. Connect to the switch and log in as admin. 2. Connect the port you want to test to any other switch port with the cable you want to test. 3. Issue the crossporttest -lb_mode 5 command.
Table 33 Switch component tests (continued) Test Function turboramtest Verifies that the on chip SRAM located in the 2 Gbps ASIC is using the Turbo-Ram BIST circuitry. These same SRAMs are tested by portregtest and sramretentiontest using PCI operations, but for this test the BIST controller is able to perform the SRAM write and read operations at a much faster rate. statstest Verifies that the ASIC statistics counter logic.
To check for a link initialization failure (loop): 1. Verify the port is an L_Port. a. Issue the switchShow command. b. Check the comment field of the output to verify that the switch port indicates an L_Port. If a loop device is connected to the switch, the switch port must be initialized as an L_Port. 2. Verify the loop initialization if the port is not an L_port. a. Issue the portLogShow or portLogDump command. b. Check the event area for a loopscn entry with command code LOOP. Example: 14:35:12.
2. See the comment fields in Table 34 and follow the suggested actions. Table 34 SwitchShow output and suggested action Output Suggested action Disabled Issue the portEnable command. Bypassed Check the output from the portLogShow or portLogDump commands and identify the link initialization stage where the initialization procedure went wrong. Loopback Check the output from portLogShow/PortLogDump commands and identify the link initialization stage where the initialization procedure went wrong.
Example: switch:admin> porterrshow frames enc crc too too bad enc disc link loss loss frjt fbsy tx rx in err shrt long eof out c3 fail sync sig sig===================================================================== 0: 22 24 0 0 0 0 0 1.5m 0 7 3 0 0 0 1: 22 24 0 0 0 0 0 1.
7. Optionally, to rule out cabling issues: a. Insert a new cable in to the suspected marginal port. b. Issue the portErrShow command to determine if a problem still exists. • If the portErrShow output displays a normal number of generated errors, the issue is solved. • If the portErrShow output still displays a high number of generated errors, follow the troubleshooting procedures for the Host or Storage device.
You can view the Name Server table in Advanced Web Tools by selecting the Name Server button in the Fabric Toolbar. Refer to the HP StorageWorks Fabric OS 4.x Advanced Web Tools user guide for more information. Fabric OS 5.0.
Troubleshooting
A Configuring the PID format This appendix contains the following sections: • About PIDs and PID binding, page 203 • Summary of PID formats, page 204 • Impact of changing the fabric PID format, page 204 • Selecting a PID format, page 206 • Evaluating the fabric, page 207 • Planning the update procedure, page 209 • Changing to core PID format, page 211 • Changing to extended edge PID format, page 212 • Performing PID format changes, page 213 • Swapping port area IDs, page 217 Port identifiers (called PIDs) a
Summary of PID formats HP StorageWorks switches employ these types of PID formats: • VC encoded This is the format defined by the Fibre Channel Storage Switch 8 and Fibre Channel Storage Switch 16. Connections to these switches are not supported in Fabric OS v4.0.0 and later. • native Introduced with the HP StorageWorks 1 GB switches, this format supports up to 16 ports per switch.
Host reboots In some Fibre Channel SAN environments, storage devices and host servers are bound to the host operating system by their PIDs (called their Fibre Channel addresses). In these environments, the hosts and target HBAs in a SAN need to know the full 24-bit PIDs of the hosts and targets they are communicating with, but they do not care how the PIDs are determined. But, if a storage device PID is changed, the host must reestablish a new binding, which requires the host to be rebooted.
Table 35 Effects of PID format changes on configurations (continued) PID format before change PID format after change Configuration effect? Native Core You must: Core Native • Reenable zoning, if there is an active zone set and it uses port zones. Extended Edge Core Core Extended Edge • If Destination ID (DID) binding is used, reconfigure persistent binding, and reconfigure DID list for performance monitor.
Table 36 shows various combinations of existing fabrics, new switches added to those fabrics, and the recommended PID format for that combination. The criteria for the recommendations are first to eliminate host reboots, and second to minimize the need for a host reboot in the future. Table 36 PID format recommendations for adding new switches Existing Fabric OS versions; PID format Switch to be added Recommendations (in order of preference) v2.0.0 and later/v3.1.2 and later; Native PID v2.0.
1. Collect device, software, hardware, and configuration data. The following is a non-comprehensive list of information to collect: • HBA driver versions • Fabric OS versions • RAID array microcode versions • SCSI bridge code versions • JBOD drive firmware versions • Multipathing software versions • HBA time-out values • Multipathing software time-out values • Kernel time-out values • Configuration of switch 2. Make a list of manually configurable PID drivers.
4. Perform empirical testing. Empirical testing may be required for some devices, to determine whether they bind by PID. If you are not sure about a device, work with the support provider to create a test environment. Create as close a match as practical between the test environment and the production environment, and perform an update using the procedure in ”Online update” on page 209.
3. Verify that I/O continues over the other fabric. 4. Disable all switches in the fabric to be updated, one switch at a time, and verify that I/O continues over the other fabric after each switch disable. 5. Change the PID format on each switch in the fabric. 6. Reenable the switches in the updated fabric one at a time. In a core/edge network, enable the core switches first. 7. After the fabric has reconverged, use the cfgenable command to update zoning. 8.
Changing to core PID format In Fabric OS release v4.2.0 and later, Native PID format is not supported; the default format is the Core PID format. In Fabric OS v3.1.2 and later, Core PID format is the default configuration. In Fabric OS v2.0.0 and later, Native PID format is the default configuration. Although the PID format is listed in the configuration file, do not edit the file to change the setting there. Instead, use the CLI configure command.
Changing to extended edge PID format In rare cases, you may be affected by the presence in the fabric of drivers that rely on static binding to the dynamically assigned PID; for example, you may be installing a switch running Fabric OS v4.2.0 into a fabric consisting solely of Fabric OS v2.0.0 and later or v3.1.2 and later switches. In these cases, if you absolutely cannot reboot the affected servers when you upgrade your switches, you can choose Extended Edge PID format.
Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [217] BB credit: (1..27) [16] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] SYNC IO mode: (0..10 [0] Switch PID Format : (0..2) [0] 2 Per-frame Route Priority: (0..1) [0] Long Distance Fabric: (0..
• Relocating devices to new ports or new switches (that is, for Add, Move, Change type operations) • Updating the core PID format • Using hot spare switch ports to deal with failures In every case where devices employ static PID binding, any such procedure becomes difficult or impossible to execute without downtime. In some cases, device drivers allow you to specify static PID binding. In these cases, such devices must be identified and their PID binding should be changed to WWN binding.
10.After all switches are updated to use the new PID format and reenabled, verify that the fabric has fully reconverged (each switch sees the other switches). 11.Issue the command cfgenable [active_zoning_config] on one of the switches in the fabric to update zoning to use the new PID form. This does not change the definition of zones in the fabric, but merely causes the lowest level tables in the zoning database to be updated with the new PID format setting.
17. If you are not using multipathing software, mount all devices again and restart I/O. For example: mount /mnt/jbod 18.If you are using multipathing software, reenable the affected path. The preceding steps do not clean up the results from ioscan. When viewing the output of ioscan, notice the that the original entry is still there, but now has a status of NO_HW.
6. Remove the device entries for the fabric you are migrating. For example, if the HBA for that fabric is fcs0, issue the command: rmdev -Rdl fcs0 7. Connect to each switch in the fabric. 8. Issue the switchdisable command. 9. Issue the configure command and change the Core Switch PID Format to 1. 10.Issue the configenable [effective_zone_configuration] command. For example: configenable my_config 11.Issue the switchenable command. Enable the core switches first, then the edges. 12.
4. For the HP StorageWorks SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, and SAN Switch 4/32: issue the following command: portswap port1 port2 For the Core Switch 2/64 and SAN Director 2/128: issue the following command: portswap slot1/port1 slot2/port2 5. Verify that the port area IDs have been swapped: portswapshow A table is shows the physical port numbers and the logical area IDs for any swapped ports. 6.
B Configuring interoperability mode This appendix contains the following sections: • Vendor switch requirements, page 219 • HP StorageWorks switch requirements, page 219 • Supported HP StorageWorks features, page 220 • Unsupported HP StorageWorks features, page 220 • Configuration recommendations, page 221 • Configuration restrictions, page 221 • Enabling and disabling interoperability mode, page 222 This appendix provides information on setting up a heterogeneous fabric that includes HP StorageWorks switch
• SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Core Switch 2/64, and SAN Director 2/128 must be running 4.2.0 or later. • SAN Switch 4/32 must be running Fabric OS v4.4.0 or later. • A zoning license and a fabric license must be installed on each HP StorageWorks switch.
Configuration recommendations The following is recommended when configuring an interoperable fabric: • Avoid domain ID conflicts before fabric reconfiguration. Every switch in the fabric must have a unique domain ID. • When you are configuring multiple switches, you should wait for a fabric reconfiguration after adding or removing each switch. Configuration restrictions In interoperable fabrics, the following restrictions apply: • Do not use Extended Edge PID mode.
• Zone configurations that use either physical port numbers or port IDs are not supported in interoperability mode. Zoning using port numbers uses the actual physical port numbers on the switch; for example slot 1, port 5. • When a zoning configuration is not in effect, by default all ports are isolated and traffic is not permitted. This is unlike HP StorageWorks behavior where Interoperability mode is off (and all data traffic is enabled).
To enable interoperability mode: 1. Verify that you have implemented all the HP StorageWorks prerequisites necessary to enable interoperability mode on the fabric (see ”Configuration recommendations” on page 221 and ”Configuration restrictions” on page 221). 2. Connect to the switch and log in as admin. 3. Issue the switchdisable command to disable the switch. 4. Issue the configure command to set the domain ID to a number in the range from 97 to 126.
Example: switch:admin> switchdisable switch:admin> interopmode 0 The switch effective configuration will be lost when the operating mode is changed; do you want to continue? (yes, y, no, n): [no] y done. Interopmode is disabled Note: It is recommended that you reboot this switch for the new change to take effect. switch:admin> 5. Wait for a fabric reconfiguration after removing each switch. 6. Each non-HP StorageWorks switch may require the execution of a similar command to disable interoperability. 7.
C Using Remote Switch The HP Remote Switch feature is available as part of the Fabric OS standard feature set through the use of the portcfgislmode command, which is described under ”Linking through a gateway” on page 32. For those who use Remote Switch as part of their legacy set of tools, this appendix contains a description and procedure for the feature.
You must connect the fabrics through the gateway device, and make sure that the configure command parameters are compatible with the gateway device. You may be required to reconfigure the following parameters, depending on the gateway requirements: • R_A_TOV: Specify a Resource Allocation Timeout Value compatible with your gateway device. • E_D_TOV: Specify a Error Detect Timeout Value compatible with your gateway device • Data field size: Specify the maximum Fibre Channel data field reported by the fabric.
The following example shows how to modify the data field size and suppress class F traffic on a switch: switch:admin> switchdisable switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [3] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] Data field size: (256..2112) [2112] 1000 Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] 1 VC Encoded Address Mode: (0..1) [0] Per-frame Route Priority: (0.
Using Remote Switch
D Understanding legacy password behavior This appendix contains the following sections: • Password management information, page 229 • Password prompting behaviors, page 232 • Password migration during firmware changes, page 233 • Password recovery options, page 235 The following sections provide password information for early versions of Fabric OS firmware. Password management information Table 39 describes the password standards and behaviors between various versions of firmware.
Table 39 Account and password characteristics matrix (continued) Topic V2.6.0/3.0.0 V2.6.2/3.1.0 V4.0.0 V4.1.0 to v4.2.0 Can different switch instances use a different password for the same account login level? For example, the password for admin for switch 0 can be different from password for admin for switch 1. n.a. n.a. No Yes for the Core Switch 2/64.
Table 39 Account and password characteristics matrix (continued) Topic V2.6.0/3.0.0 V2.6.2/3.1.0 V4.0.0 V4.1.0 to v4.2.0 Can API change passwords? API can change admin passwords on any switch, when security mode is disabled. It can only change the admin password on the primary FCS switch when security mode is enabled. API can change admin passwords on any switch, when security mode is disabled. It can only change the admin password on the primary FCS switch when security mode is enabled.
Password prompting behaviors Table 40 describes the expected password prompting behaviors of various Fabric OS versions. Table 40 Password prompting matrix Topic V2.6.0/3.0.0 V2.6.2/3.1.0 V4.0.0 V4.1.0 and later Must all password prompts be completed for any change to take effect? Yes. If users only provide some of the passwords before exiting, no passwords are changed. Prompting continues on the next appropriate login. Yes.
Table 40 Password prompting matrix (continued) Topic V2.6.0/3.0.0 V2.6.2/3.1.0 V4.0.0 V4.1.0 and later Is the passwd command disabled until the user has answered password prompting? True True False True Does password prompting reappear when passwords are changed back to default using the passwd command? No No Yes No Does password prompting reappear when passwords are changed back to default using the passwdDefault command? Yes Yes Yes Yes.
Table 41 Password migration behavior during firmware upgrade and downgrade (continued) Topic Is downgrading to an older firmware version (which does not support Secure Fabric OS) allowed when security mode is enabled? V2.4.0/2.6.0 V3.0.0/3.1.0 V4.0.0 V4.1.0 to v4.4.0 Yes. Yes n.a. Yes FirmwareDownload does not prevent such downgrades. Passwords used if downgrading to an older firmware for the first time When downgrading firmware from v2.6.0 to v2.4.
Password recovery options Table 42 describes the options available when one or more types of passwords are lost. Table 42 Password recovery options Topic V2.6.0/3.0.0 V3.0.0.2/3.1.0 V4.0.0 V4.1.
Understanding legacy password behavior
E Zone merging scenarios Table 43 provides information on merging zones and the expected results. Table 43 Zone merging scenarios Description Switch A Switch B Expected results Switch A with a defined configuration defined: cfg1: zone1: ali1; ali2 effective: none defined: none effective: none Configuration from Switch A to propagate throughout the fabric in an inactive state, because the configuration is not enabled.
Table 43 Zone merging scenarios (continued) Description Switch A Switch B Expected results Switch A and Switch B have different defined configurations. Switch B has an enabled configuration. defined: cfg2 zone2: ali3; ali4 effective: none defined: cfg1 zone1: ali1; ali2 effective: cfg1 Clean merge - The new cfg is a composite of the two, with cfg1 as the effective cfg.
F Upgrading firmware in single mode In the SAN Switch 2/32, the Core Switch 2/64, and the SAN Director 2/128, the firmwaredownload command, by default, performs a full installation, automatic reboot (autoreboot), and automatic firmware commit (autocommit). Automatic reboot and automatic commit modes are not selectable by default; however, they become selectable when single mode is enabled by entering the -s option on the command line.
7. Answer the next prompts as follows: Do Auto Commit after reboot [Y]: y If you specify no, you must manually enter the firmwarecommit command. Reboot system after download [N]: y The default is no. If you take the default, you must later use the hareboot command to perform a high-availability reboot manually. Full Install (Otherwise upgrade only) [Y]: y After you upgrade to v4.4.0 or later, this option is no longer available. 8. Wait for the firmware download to finish. 9.
5. Enter the IP address of the FTP server where the firmware is stored. 6. Enter your user name for the server. 7. Enter the full path to the firmware file on the server; for example: /pub/v4.4.0/release.plist 8. Enter your password. 9. Answer the next prompts as indicated: Do Auto Commit after reboot [Y]: y If you answer no, you must manually enter the firmwarecommit command. Reboot system after download [N]: y The default is no.
Upgrading firmware in single mode
Glossary 8b/10b encoding An encoding scheme that converts each 8-bit byte into 10 bits. Used to balance 1s and 0s in high-speed transports. ABTS Abort Basic Link Service. Also called an Abort Sequence. ACC Accept link service reply. The normal reply to an Extended Link Service request (such as FLOGI), indicating that the request has been completed. address identifier A 24-bit or 8-bit value used to identify the source or destination of a frame. See also S_ID and D_ID. AL_PA Arbitrated loop physical address.
arbitration A method of gaining orderly access to a shared-loop topology. area number In Fabric OS v4.0.0 and later, ports on a switch are assigned a logical area number. Port area numbers can be viewed by use of the switchshow command. Area numbers define the operative port for many Fabric OS commands; for example, area numbers can be used to define the ports within an alias or zone. ARR Asynchronous response router.
block As applied to Fibre Channel technology, upper-level application data that is transferred in a single sequence. broadcast The transmission of data from a single source to all devices in the fabric, regardless of zoning. See also multicast, unicast. buffer-to-buffer flow control Management of the frame transmission rate in either a point-to-point topology or in an arbitrated loop. See also BB_Credit.
configuration 1. A set of parameters that can be modified to fine-tune the operation of a switch. Use the configshow command to view the current configuration of your switch. 2. In HP Zoning, a zoning element that contains a set of zones. The configuration is the highest-level zoning element and is used to enable or disable a set of zones on the fabric. See also zone configuration. COS Class of service. CP Control processor.
E_Port Expansion port. A type of switch port that can be connected to an E_Port on another switch to create an ISL. See also ISL. ELP Exchange link parameters. ELS Extended link service. ELSs are sent to the destination N_Port to perform the requested function or service. ELS is a Fibre Channel standard that is sometimes called a Fibre Channel Physical (FC_PH) ELS. EM Environmental monitor. Monitors FRUs and reports failures.
Fabric Manager Optionally licensed HP software. Fabric Manager is a GUI that allows for fabric-wide administration and management. Switches can be treated as groups, and actions such as firmware downloads can be performed simultaneously. fabric name The unique identifier assigned to a fabric and communicated during login and port discovery. fabric services Codes that describe the communication to and from any well-known address. fabric topology The arrangement of switches that form a fabric.
FC-GS Fibre Channel generic services. FC-GS-2 Fibre Channel generic services, second generation. FC-GS-3 Fibre Channel Generic Services, third generation. FC_IP Fibre Channel-Over-IP. FC-PH The Fibre Channel physical and signaling standard for FC-0, FC-1, and FC-2 layers of the Fibre Channel Protocol. Indicates signaling used for cable plants, media types, and transmission speeds. FCP Fibre Channel Protocol. Mapping of protocols onto the Fibre Channel standard protocols.
FFFFF9 Well-known Fibre Channel address for a QoS facilitator. FFFFFA Well-known Fibre Channel address for a management server. FFFFFB Well-known Fibre Channel address for a time server. FFFFFC Well-known Fibre Channel address for a directory server. FFFFFD Well-known Fibre Channel address for a fabric controller. FFFFFE Well-known Fibre Channel address for a fabric F_Port. FFFFFF Well-known Fibre Channel address for a broadcast alias ID.
frame The Fibre Channel structure that transmits data between ports. Consists of a start-of-frame delimiter, header, optional headers, data payload, cyclic redundancy check (CRC), and end-of-frame delimiter. There are two types of frames: link control frames (transmission acknowledgements and so forth) and data frames. FRU Field-replaceable unit. A component that can be replaced onsite. FSPF Fabric shortest path first. The standard routing protocol for Fibre Channel switches.
GLM Gigabit Link Module. A semitransparent transceiver that incorporates serializing and deserializing functions. GMT Greenwich Mean Time. An international time zone. Also known as UTC. See also UTC. GUI A graphical user interface, such as HP Advanced Web Tools and HP Fabric Manager. HA High availability. A set of features in HP StorageWorks switches that provides maximum reliability and nondisruptive replacement of key hardware and software modules.
initiator A server or workstation on a Fibre Channel network that initiates communications with storage devices. See also target. insistent domain ID mode Sets the domain ID of a switch as insistent, so that it remains the same over reboots, power cycles, failovers, and fabric reconfigurations. interswitch link See ISL. IOCTL I/O control. IP Internet Protocol. The addressing part of TCP. ISL Interswitch link. A Fibre Channel link from the E_Port of one switch to the E_Port of another. See also E_Port.
latency The time required to transmit a frame. Together, latency and bandwidth define the speed and capacity of a link or system. LED Light-emitting diode. Indicates the status of elements on a switch. LIFA Loop-initialization fabric-assigned frame. Contains a bitmap of all fabric-assigned AL_PAs and is the first frame transmitted in the loop initialization process after a temporary loop master has been selected. LIHA Loop-initialization hard-assigned frame.
loop initialization The logical procedure used by an L_Port to discover its environment. Can be used to assign AL_PA addresses, detect loop failure, or reset a node. looplet A set of devices connected in a loop to a port that is a member of another loop. LR Link reset. A primitive sequence used during link initialization between two N_Ports in point-to-point topology or an N_Port and an F_Port in fabric topology. The expected response is an LRR. LRR Link reset response.
Name Server Simple Name Server (SNS). A switch service that stores names, addresses, and attributes for up to 15 minutes and provides them as required to other devices in the fabric. SNS is defined by Fibre Channel standards and exists at a well-known address. Also called a directory service. NL_Port Node loop port. A node port that has arbitrated loop capabilities. Connects an equipment port to the fabric in a loop configuration through an FL_Port. See also N_Port, Nx_Port.
originator The Nx_Port that originated an exchange. out-of-band Transmission of management protocol outside of the Fibre Channel network, usually over Ethernet. OX_ID Originator ID. The exchange ID assigned by the originator port. parallel The simultaneous transmission of data bits over multiple lines. path selection The selection of a transmission path through the fabric. HP StorageWorks switches use the FSPF protocol. See also FSPF. payload A Fibre Channel frame has a header and a payload.
port In an HP StorageWorks switch environment, an SFP, or GBIC receptacle on a switch to which an optic cable for another device is attached. port address In Fibre Channel technology, the port address is defined in hexadecimal. In HP Fabric OS, a port address can be defined by a domain and port number combination or by area number. In an ESCON Director, an address used to specify port connectivity parameters and to assign link addresses for attached channels and control units.
private loop An arbitrated loop that does not include a participating FL_Port. private loop device A device that supports a loop and can understand 8-bit addresses, but does not log in to the fabric. private NL_Port An NL_Port that communicates only with other private NL_Ports in the same loop and does not log in to the fabric. protocol A defined method and set of standards for communication.
R_CTL Route control. The first eight bits of the header, which defines the type of frame and its contents. R_RDY Receiver ready. A primitive signal indicating that the port is ready to receive a frame. R_T_TOV Receiver transmitter timeout value, used by receiver logic to detect loss of synchronization between transmitters and receivers. RAID Redundant array of independent disks.
RW Read/write. Refers to access rights. RX Receiving frames. RX_ID Responder exchange identifier. A 2-byte field in the frame header that can be used by the responder of the exchange to identify frames as being part of a particular exchange. S_ID Source ID. Refers to the native port address (24 bit address). SAN Storage area network. A network of systems and storage devices that communicate using Fibre Channel protocols. See also fabric.
sequence A group of related frames transmitted in the same direction between two N_Ports. sequence initiator The N_Port that begins a new sequence and transmits frames to another N_Port. sequence recipient Serializing and deserializing circuitry. A circuit that converts a serial bit stream into parallel characters, and vice-versa. SFP Small-form-factor pluggable. A transceiver used on 2 Gbps or 4 Gbps switches that replaces the GBIC.
SSH Secure shell. Used starting in HP Fabric OS v4.1.0 to support encrypted telnet sessions to the switch. SSH encrypts all messages, including the client sending the password at login. switch A fabric device providing bandwidth and high-speed routing of data through link-level addressing. switch name The arbitrary name assigned to a switch. switch port A port on a switch. Switch ports can be E_Ports, F_Ports, or FL_Ports. See also E_Port, F_Port, FL_Port.
Track Changes An HP Fabric OS feature that can be enabled to report specific activities (for example, logins, logouts, and configuration task changes). The output from the track-changes feature is dumped to the system message log for the switch. transceiver A device that converts one form of signaling to another for transmission and reception; in fiber optics, optical to electrical. translative mode A mode in which private devices can communicate with public devices across the fabric.
unicast The transmission of data from a single source to a single destination. See also broadcast, multicast. UTC Universal Time Conversion. Also known as Coordinated Universal Time, which is an international standard. UTC is 8 hours later than Pacific Standard Time and 5 hours later than Eastern Standard Time. See also GMT. WAN Wide area network. watchdog A software daemon that monitors Fabric OS modules on the kernel.
Glossary
Index A account ID 19 account privilege levels 21 activating a switch certificate 58 adding end-to-end monitors 146 filter-based monitors 150 adding members zone 133 adding members to a zone configuration 135 adding members, alias 132 adding switches to a zone 137 Advanced Performance Monitoring commands 143 alias adding members 132 creating 131 deleting 132 removing members 132 ATM gateway 225 authorized reseller, HP 11 B beaconing mode 98 boot PROM password 70, 72 browser and Java support 54 buffer-limit
end-to-end monitors adding 146 deleting 149 displaying the mask 148 restoring configuration 156 saving configuration 156 setting a mask 148 example chassisshow 34 fabricshow 34 nsallshow 34 slotshow 34 exchange-based routing 99, 100 F fabric connectivity 34 fabric, designing for trunking 114 fabricshow command 34 fans, status of 171 feature licenses 25 FICON environment changing domain ID 31 filter-based monitoring 149 filter-based monitors adding 150 deleting 152 restoring configuration 156 saving configu
prerequisites 9 privileges in accounts 21 public key infrastructure encryption 54 troubleshooting certificates 60 trunking displaying information 119 R U recovering forgotten passwords 73 recovery password 72 recovery string, boot PROM password 70 related documentation 9 Remote Switch 225 removing end-to-end monitors 149 filter-based monitors 152 removing members zone 133 removing members from a zone configuration 135 removing members, alias 132 restoring monitor configuration 156 restoring the system c
Index
