53-1001189-01 November 24, 2008 Access Gateway Administrator’s Guide Supporting Fabric OS 6.2.
Copyright © 2007-2008 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol, DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
Document History The following table lists all versions of the Access Gateway Administrator’s Guide. Document Title Publication Number Summary of Changes Publication Date Access Gateway Administrator’s Guide 53-1000430-01 First version January 2007 Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E June 2007 Access Gateway Administrator’s Guide 53-1000605-01 Added support for new policies and changes to N_Port mappings.
iv Access Gateway Administrator’s Guide 53-1001189-01
Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiii What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Enabling the Advanced Device Security policy. . . . . . . . . . . . . . 10 Disabling the Advanced Device Security policy . . . . . . . . . . . . . 10 Setting which devices can log in if ADS policy is enabled. . . . . 10 Setting which devices cannot log in if ADS policy is enabled . . 11 Removing devices from the list of devices allowed at login . . . 11 Adding new devices to the list of devices allowed at login . . .
Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Access Gateway routing requirements with Cisco fabrics. . . . . 36 Enabling NPIV on a Cisco switch. . . . . . . . . . . . . . . . . . . . . . . . . 36 Workaround for QLogic-based devices . . . . . . . . . . . . . . . . . . . . 37 Editing Company ID List if no FC target devices on switch . . . . 37 Adding or deleting an OUI from the Company ID List . . . . . . . .
viii Access Gateway Administrator’s Guide 53-1001189-01
Figures Figure 1 Access Gateway and fabric switch comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Figure 2 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Figure 3 Example F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 4 Example 1 and 2 Failover policy behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x Access Gateway Administrator’s Guide 53-1001189-01
Tables Table 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3 Table 2 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 3 Description of F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Table 4 Firmware upgrade and downgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Table 5 Policy enforcement matrix . . . . .
xii Access Gateway Administrator’s Guide 53-1001189-01
About This Document • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • Key terms . . . . . . . . . . . . . . . . . . . . . . . . .
What’s new in this document The following changes have been made since this document was last released: Information that was added: • Supported software • M-EOSc products: Release 9.1 or later and 9.6 or later • Cisco Products: SAN-OS 3.0(1) or later and 3.1(1) or later • Supported platforms • Brocade 300 (24-port version only), 5100 • Embedded switches: 5410, 5424, 5480 • Supported configurations in cascaded AG For further information, refer to the release notes.
command Commands are printed in bold. --option, option Command options are printed in bold. -argument, arg Arguments. [] Optional element. variable Variables are printed in italics. In the help pages, values are underlined or enclosed in angled brackets < >. ... Repeat the previous element, for example “member[;member...]” value Fixed values following arguments are printed in plain font. For example, --show WWN | Boolean. Elements are exclusive.
Access Gateway (AG) Fabric OS mode for switches that reduces SAN (storage area network) deployment complexity by leveraging NPIV (N_Port ID Virtualization). E_Port An ISL (Interswitch link) port. A switch port that connects switches together to form a fabric. Edge switch A fabric switch that connects host, storage, or other devices, such as Brocade Access Gateway, to the fabric. F_Port A fabric port. A switch port that connects a host, HBA (host bus adaptor), or storage device to the SAN.
Brocade resources To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com and click Brocade Connect to register at no cost for a user ID and password. For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through: http://www.amazon.com For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource Library location: http://www.brocade.
• Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions • Description of any troubleshooting steps already performed and the results • Serial console and Telnet session logs • Syslog message logs 2. Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number label, as shown here.
Chapter 1 Getting Started In this chapter • Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • How Access Gateway maps ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway limitations. . . . . . . . . . . . . .
1 Fabric OS features in Access Gateway mode FIGURE 1 Access Gateway and fabric switch comparison The following points summarize the differences between a Fabric OS switch in Native mode and a Fabric OS switch in AG mode: • The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.
Fabric OS features in Access Gateway mode TABLE 1 1 Fabric OS components supported on Access Gateway Feature Support Access Control Yes (limited roles) Audit Yes Beaconing Yes Config Download/Upload Yes DHCP Yes Environmental Monitor Yes Error Event Management Yes Extended Fabrics No Fabric Device Management Interface (FDMI) Yes* Fabric Manager Yes** Fabric Watch Yes (limited) FICON (includes CUP) No High Availability Hot Code Load IPoverFC Yes* Native Interoperability Mode
1 Access Gateway port types Access Gateway port types Access Gateway differs from a typical fabric switch because it is not a switch; instead, it is a mode that you enable on a switch using the ag command. After a switch is set in ag mode, it can connect to the fabric using node ports (N_Ports). Typically fabric switches connect to the Enterprise fabric using ISL (InterSwitch Link) ports, such as E_Ports.
How Access Gateway maps ports 1 Table 2 shows a comparison of port configurations with AG to a standard fabric switch. TABLE 2 Port configurations Port Type Access Gateway Fabric switch F_Port Yes Connects hosts and targets to Access Gateway. Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Port Yes Connects Access Gateway to a fabric switch. NA N_Ports are not supported. E_Port NA ISL is not supported.1 Yes Connects the switch to other switches to form a fabric.
1 Access Gateway limitations TABLE 3 Description of F_Port-to-N_Port mapping Access Gateway Fabric F_Port N_Port Edge switch F_Port F_1, F_2 N_1 Switch_A F_A1 F_3, F_4 N_2 Switch_A F_A2 F_5, F_6 N_3 Switch_B F_B1 F_7, F_8 N_4 Switch_B F_B2 Access Gateway limitations The limitations of Access Gateway are as follows: • Limited to switch platforms and embedded switch platforms listed in “Supported hardware and software” on page xiii.
Upgrade and downgrade considerations for switches in AG mode 1 Note the following upgrade and downgrade considerations when the Brocade policies are enabled. Advance Device Security policy If you upgrade from v5.2.1/v5.3.x to v6.2.0, the ADS policy is disabled. Downgrading to v6.0 or earlier is permitted, but you must disable ADS. Downgrading to v6.1 is allowed and ADS is supported. Automatic Port Configuration policy If you upgrade from Fabric OS v6.0.x or earlier to Fabric OS 6.2.
1 8 Upgrade and downgrade considerations for switches in AG mode Access Gateway Administrator’s Guide 53-1001189-01
Chapter Enabling Policies on Switches in Access Gateway Mode 2 In this chapter • Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 • Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 • Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 • Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Advanced Device Security policy Advanced Device Security policy The Advanced Device Security (ADS) policy is supported on AG F_Ports. Fabric OS v6.2.0 extends the DCC policy to switches in AG mode to provide an additional level of security. It does this by extending the DCC policy to the physical F_Ports and the NPIV logins on F_Ports. As more physical servers become virtual, virtual servers can become vulnerable and security becomes an integral part of server IO virtualization.
Advanced Device Security policy 2 • The same Allow List can be specified for more than one F_Port. This example show how to set the list of allowed devices for ports 1, 10, and 13 to all access: 1. Connect to the switch and log in as admin. 2. Enter the ag --adsset “1;10;13”“*” command.
2 Automatic Port Configuration policy 1. Connect to the switch and log in as admin. 2. Enter the ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" command. switch:admin> ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" WWNs added successfully to Allow Lists of the F_Port[s] Displaying the list of devices on the switch 1. Connect to the switch and log in as admin. 2. Enter the ag --adsshow command.
Automatic Port Configuration policy 2 NOTE When in Access Gateway mode, the Automatic Port Configuration policy may not work when attached to M-EOS switches. M-EOS ports should be set to G_Port to prevent problems with port type discovery. Ports 16-47 on the FC8-48 blade may not be used for AG F_Port Trunking connections. Enabling the Automatic Port Configuration policy 1. Connect to the switch and log in as admin. 2. Ensure that the switch is disabled, enter the switchdisable command 3.
2 Failover policy Failover policy Access Gateway Failover and Failback policies ensure maximum uptime for the servers. When a port is configured as an N_Port and if by default, the Failover policy is enabled, F_Ports are not disabled if its N_Port goes off line. If you specify a Preferred Secondary N_Port for any of the F_Ports, and if the N_Port goes offline, the F_Ports will fail over to the Preferred Secondary N_Port, and then re-enable.
2 Failover policy • Next the F_A2 port goes offline, as shown in Figure 4 on page 15 Example 2 (right), causing the corresponding Access Gateway N_2 port to be disabled. The ports mapped to N_2 (F_1, F_3, and F_4) fail over to N_3 and N_4. Note that the F_Ports are evenly distributed to the remaining online N_Ports and that the F_2 port did not participate in the failover event.
2 Failback policy Disabling the Failover policy 1. Connect to the switch and log in as admin. 2. Enter the ag command with the --failovershow operand to display the failover setting. switch:admin> ag --failovershow 13 Failover on N_Port 13 is supported 3. Enter the ag --failoverdisable operand to disable failover.
Failback policy 2 Example 3 Host_1 Fabric Access Gateway Hosts Edge Switch (Switch_A) F_1 F_A1 N_1 Host_2 F_2 NPIV enabled F_A2 Host_3 Host_4 F_3 N_2 NPIV enabled Edge Switch (Switch_B) F_4 F_B1 N_3 Host_5 NPIV enabled F_5 F_B2 N_4 Host_6 F_6 Host_7 F_7 Host_8 FIGURE 5 F_8 NPIV enabled Legend Physical connection Mapped online Failover route online Original mapped route (offline) Failback policy behavior Enabling the Failback policy 1.
2 Cold Failover policy Failback policy is disabled for port 13 Cold Failover policy All F_Ports for an N_Port that goes offline are failed over to other N_Ports. However, if the N_Port fails to come online after the switch comes online, it triggers cold failover of its F_Ports. If any of these F_Ports have a Preferred Secondary N_Port set, and if the Preferred Secondary N_Port is online, those F_Ports fail over to the Preferred Secondary N_Port during cold failover.
Port Grouping policy 2 Figure 7 shows that if you create port groups and when an N_Port goes offline, the F_Ports being routed through that port will fail over to any of the N_Ports that are part of that port group and are currently active. For example, if N_Port4 goes offline then F_Ports7 and 8 are routed through to N_Port 3 as long as N_Port 3 is online because both N_Ports3 and 4 belong to the same port group, PG2. If no active N_Ports are available, the F_Ports are disabled.
2 Port Grouping policy You can create new port groups and add N_Ports to those groups. However, all N_Ports that are not part of any user-created port group are part of the default port group pg0. Because port groups cannot be overlapped, if you specify an N_Port as a Preferred Secondary N_Port and it already belongs to another port group, the Port Group creation fails.
Port Grouping policy 2 3. Enter the command ag --pgshow to verify the N_Port was deleted from the specified port group. switch:admin> ag --pgshow PG_ID N_Ports PG_Name ----------------------------------------------------------------------------0 13;15 pg0 3 12;14 Test ----------------------------------------------------------------------------- Removing a port group 1. Connect to the switch and log in as admin. 2. Enter the command ag --pgremove with the operands.
2 Access Gateway policy enforcement matrix Auto Port Configuration auto Disabled Advance Device Security ADS Disabled ---------------------------------------------------------- Access Gateway policy enforcement matrix The following table shows which combinations of policies can co-exist with each other.
Access Gateway trunking 2 Trunking prevents reassignments of the Port ID (also referred to as the Address Identifier as described in Table 7 on page 26) when N_Ports go offline. You must install the Brocade ISL license on both the Edge switch and the module running in AG mode and you must ensure that both modules running Fabric OS v6.1.0 or later. All ports within a trunk group must be part of the same port group; ports outside of a port group cannot form a trunk group.
2 Access Gateway trunking TABLE 6 Access Gateway trunking considerations for the Edge switch Category Description PWWN The entire Trunk Area trunk group share the same Port WWN within the trunk group. The PWWN is the same across the F_Port trunk that will have 0x2f or 0x25 as the first byte of the PWWN. The TA is part of the PWWN in the format listed in Table 7 on page 26. Downgrade You can have trunking on, but you must disable the trunk ports before performing a firmware downgrade.
Access Gateway trunking TABLE 6 2 Access Gateway trunking considerations for the Edge switch Category Description PID format F_Port masterless trunking is only supported in CORE PID format. Long Distance Long distance is not allowed on F_Port trunks, which means a Trunk Area is not allowed on long distance ports; you cannot enable long distance on ports that have a Trunk Area assigned to them.
2 Access Gateway trunking The following table describes the PWWN format for F_Port and N_Port trunk ports. TABLE 7 PWWN format for F_Port and N_Port trunk ports NAA = 2 2f:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch’s FX_Ports. The valid range of xx is [0 - FF], for maximum of 256. NAA = 2 25:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switch's FX_Ports The valid range of xx is [0 - FF], for maximum of 256.
2 Access Gateway trunking Assigning a Trunk Area You must enable trunking on all ports to be included in a Trunk Area before you can create a Trunk Area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all ports of a switch. Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a TA from a port or group of ports in a trunk, and to display masterless trunking information.
2 Configuration management for trunk areas Enabling the DCC policy on trunk 1. After you assign a Trunk Area, the porttrunkarea CLI checks whether there are any active DCC policies on the port with the index TA, and then issues a warning to add all the device WWNs to the existing DCC policy with index as TA. All DCC policies that refer to an Index that no longer exist will not be in effect. 2. Add the WWN of all the devices to the DCC policy against the TA. 3.
Configuration management for trunk areas 2 switchType: 66.
2 Access Gateway Cascading Port Type State Master TA DA ------------------------------------36 ---37 36 37 ---37 37 38 ---37 38 39 ---37 39 Disabling F_Port trunking 1. Connect to the switch and log in as admin. 2. Enter the porttrunkarea --disable command. switch:admin> porttrunkarea --disable 36-39 ERROR: port 36 has to be disabled Disable each port prior to removing ports from the TA.
Access Gateway Cascading 2 . FIGURE 9 Access Gateway cascading Ports are connected between the two AG switches, which are connected to each other. AG cascading connections between devices increase the network use because cascading provides higher over-subscription while allowing you to consolidate the number of ports going to the main fabric. There is no license requirement to use this feature.
2 32 Access Gateway Cascading Access Gateway Administrator’s Guide 53-1001189-01
Chapter 3 Connecting Devices Using Access Gateway In this chapter • Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . • Fabric and Edge switch configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Fabric and Edge switch configuration • Allow multiple logins. The recommended fabric login setting is the maximum allowed per port and per switch. • Use only WWN zoning throughout the fabric. Access Gateway does not support domain ID and other types of zoning schemes. • Include the Access Gateway WWN or the port WWN of the N_Ports, also include the HBA WWNs that will be connected to AG F_Ports to the ACL list in ACL policies.
Connectivity to Cisco Fabrics 20 20 21 21 master) 22 22 23 23 3 -id N4 N4 No_Module Online E-Port segmented,(zone conflict)(Trunk id id N4 N4 Online Online E-Port E-Port (Trunk port, master is Port 21 ) (Trunk port, master is Port 21 ) See Table 10 on page 41 for a description of the port state. If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch. Setting the Fabric OS switch to Native Mode 1.
3 Connectivity to Cisco Fabrics In this case, you must configure the Cisco switch using the Cisco provided procedures to ensure interoperability with Access Gateway. If you are using Emulex HBAs or any other HBAs that are not based on QLogic FC ASIC technology, ensure that N_Port ID Virtualization (NPIV) is enabled on the Cisco switch and that the switch is running SAN-OS 3.0 (1) or SAN-OS 3.1 (1) or later. By default, NPIV is enabled per switch and not per port.
Connectivity to Cisco Fabrics 3 Workaround for QLogic-based devices If there are QLogic-based devices behind a switch in AG mode, you must use the Cisco provided procedures to connect to a Fabric OS switch in AG mode to a Cisco fabric. Cisco software maintains a list of QLogic-based HBAs. Each HBA is identified by its company ID (also know as Organizational Unit Identifier, or OUI) used in the PWWN during a fabric log in. You can modify the Cisco Company ID entries using the CLI.
3 Connectivity to Cisco Fabrics 00:E0:8B * <- Explicitly deleted entry (from the original default list) Total company ids 6 + - Additional user configured company ids * -Explicitly deleted company ids from default list. Adding or deleting an OUI from the Company ID List The following example shows how to add or delete an OUI (0x112233) from the Company ID List. 1. Enter the following command: config t 2.
Connectivity to Cisco Fabrics 3 Enabling Flat FCID mode if no FC target devices on switch 1. Alternatively, you can place the Cisco switch FCID allocation mode into FLAT mode by entering the following commands: config t fcinterop fcid-allocation flat 2. Enter the following command to enable VSAN mode: vsan database 3. Enter the following commands to enable the Flat FCID mode: vsan suspend no vsan suspend 4. Press Ctrl-Z to exit. 5.
3 Access Gateway mode Access Gateway mode Before enabling a switch to AG mode, you must save the switch configuration because after you enable AG mode, some fabric information is erased, such as the zone and security databases. For information on backing up and restoring the configuration file, refer to the Fabric OS Administrator’s Guide. Enabling AG mode is disruptive; the switch is disabled and rebooted. You must verify that the switch is set to Native mode or interopmode 0.
3 Access Gateway mode 4. Enter the switchShow command without any options to display the status of all ports. switch:admin> switchshow switchName: switch switchType: 43.
3 Access Gateway mode TABLE 10 Port state description State Description Diag_Flt Port failed diagnostics Lock_Ref Locking to the reference signal Testing Running diagnostics Offline Connection not established (only for virtual ports) Online The port is up and running Disabling Access Gateway mode Before you disable a switch in AG mode, you should always back up the current configuration. Disabling AG mode clears the F_Port-to-N_Port mapping.
Rejoining switches to a fabric 3 Rejoining switches to a fabric After a switch reboots and AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected. Use one of the following methods to re-join a switch to the fabric: • If you saved a Fabric OS configuration before enabling AG mode, download the configuration using the configDownload command.
3 44 Rejoining switches to a fabric Access Gateway Administrator’s Guide 53-1001189-01
Chapter Configuring Ports in Access Gateway mode 4 In this chapter • Port Initialization in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . 45 • N_Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 • Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 N_Ports a b c d e FIGURE 10 Initialized ports in Access Gateway You can expand your fabric by configuring the F_Ports to connect to the fabric as N_Ports, which increases the number of device ports you can connect to a single fabric port. You can connect AG to more than one fabric. When AG is connected to at least one Edge switch in the fabric, Fibre Channel ports operate as either a target or as an initiator. Fibre Channel ports target ports can also connect to AG as F_Ports.
N_Ports 4 Figure 11 shows a host connected to an embedded switch’s external F_Port when Access Gateway is enabled. The configured F_Port is mapped to an N_Port. FIGURE 11 Example of adding an external F_Port (F9) on an embedded switch Unlocking N_Ports Unlocking the N_Port configuration automatically changes the port to an F_Port. When you unlock an N_Port, the F_Ports are automatically unmapped and disabled. 1. Connect to the switch and log in as admin. 2. Enter the portcfgnport command.
4 N_Ports By default, on embedded switches, all external ports are configured as N_Port lock mode when you enable Access Gateway. Access Gateway connects only FCP initiators and targets to the fabric. It does not support other types of ports, such as ISL (interswitch link) ports. The port types on a fabric switch are not locked.
N_Ports 4 Displaying N_Port mapping 1. Connect to the switch and log in as admin. 2. Enter the ag --mapshow command and specify the port number. The N_Port failover and failback policies and the mapped F_Ports displays.
4 Port configurations Port configurations The following mapping updates and adding and removing of ports are only applicable to the Port Grouping policy. Adding F_Ports to an N_Port When you update the mapping, only the F_Ports added or removed are affected. Adding an F_Port to an N_Port routes that traffic to and from the fabric through the specified N_Port.
Port configurations 13 14 15 13 14 15 id id id N4 N4 N4 Online Online Online N-Port N-Port N-Port 4 10:00:00:05:1e:35:10:1e 0x5a0a00 10:00:00:05:1e:35:10:1e 0x5a0900 10:00:00:05:1e:35:10:1e 0x5a0800 4. Enter the ag command with the --mapadd “ operand to add the list of F_Ports to the N_Port. The f_portlist can contain multiple F_Port numbers separated by semicolons, for example “17;18”.
4 Port configurations Adding a preferred secondary N_Port Preferred mapping is optional. Adding a preferred N_Port provides an alternate N_Port for F_Ports to fail over to. The F_Ports must have a primary N_Port mapping before a secondary N_Port can be configured. You add the F_Ports to a preferred secondary N_Port using the prefset command, which sets the preferred N_Port for one or more F_Ports. You can delete the F_Ports from the preferred N_Port using the prefdel command.
Port configurations 4 The following table shows the default F_Port-to-N_Port mapping that is automatically configured when Access Gateway mode is enabled. All N_Ports have failover and failback enabled. All ports must have the POD license active to use Access Gateway on the Brocade 300 and 200E. .
4 Port configurations TABLE 11 54 Access Gateway default F_Port-to-N_Port mapping Brocade Model Total Ports F_Ports N_Ports Default F_ to N_Port Mapping 4424 24 17-20 1-8 0, 17-23 as N_Port with failover enabled, failback enabled 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 5424 24 0, 17-23 1-16 0, 17-23 are N_ports with failover enabled, failback enabled and PG policy 1, 2 mapped to 1
Port configurations TABLE 11 4 Access Gateway default F_Port-to-N_Port mapping Brocade Model Total Ports F_Ports N_Ports Default F_ to N_Port Mapping 5100 40 32-39 0-31 32-39 as N_Port with failover enabled, failback enabled 0, 1, 2, 3 mapped to 32 4, 5, 6, 7 mapped to 33 8, 9, 10, 11 mapped to 34 12, 13, 14, 15 mapped to 35 16, 17, 18, 19 mapped to 36 20, 21, 22, 23 mapped to 37 24, 25, 26, 27 mapped to 38 28, 29, 30, 31 mapped to 39 Access Gateway Administrator’s Guide 53-1001189-01 55
4 56 Port configurations Access Gateway Administrator’s Guide 53-1001189-01
Appendix A Troubleshooting This appendix provides troubleshooting instructions. TABLE 12 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Access Gateway Mode.
A Troubleshooting TABLE 12 Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the operand. Enter the ag --failbackShow command with the operand. Command returns “Failback (or Failover) on N_Port is supported.” If it returns, “Failback (or Failover) on N_Port is not supported.
Index A B Access Gateway cascading, 30 comparison to standard switches, 4 compatible fabrics, 2 connecting devices, 33 connecting two AGs, 30 description, 1 displaying information, 35 features, 2 mapping description, 6 port mapping, 5 port types, 4 Access Gateway mode comparison, 2 direct target attach, 33 disabling, 42 enabling, 40 port initialization, 45 port types, 4 saving configuration, 42 supported firmware versions, 33 terms, xv ACL policies, settings, 34 adding devices to fabric, 11 Address Ident
commands ag, 42 ag --failbackDisable, 17 ag --failbackEnable, 17 ag --failbackShow, 17, 58 ag --failoverDisable, 16 ag --failoverEnable, 15 ag --failoverShow, 15, 16, 58 ag --mapAdd, 51 ag --mapDel, 50, 51 ag --mapShow, 40, 48, 49, 51 ag --modeDisable, 42, 58 ag --modeEnable, 40, 57 ag --modeShow, 40, 42 cfgSave, 43 configDownload, 43 configUpload, 35, 42 defZone --allAccess, 43 portCfgNpivPort, 57 portCfgNport, 47, 48, 57 portCfgShow, 57 switchDisable, 35, 42, 43, 57, 58 switchEnable, 43 switchMode, 57, 58
I ICL ports, limitations, 25 inband queries, 34 internal port, F_Port, 50 J join fabric, 43 non disruptive, 24 NPIV Edge switch, 33 enable with portcfgnpivport command, 46 enabling on Cisco switch, 36 enabling on M-EOS switch, 35 support, 33 O optional features, xvii L long distance mode, Edge switch, 33 M management server, 23 mapping example, 5 ports, 5 show, 48 masterless trunking blades not supported, 24 PID format, 25 M-EOS switch, enabling NPIV, 35 N N_Port AG configurations, 46 displaying confi
preferred secondary N_Port cold failover, 18 definition, xvi deleting F_Ports, 52 failover policy, 14 forming groups, 18 not online, 14 online, 14 PWWN format, 26 sharing TA trunk group, 24 Q QLogic-based devices, workaround, 37 R removing devices from switch, 11 removing trunk ports, 24 requirements, ports, 33 S settings ACL policies, 34 FLOGI, 34 inband queries, 34 Management Server Platform, 34 zone, no access, 43 supported hardware and software, xiii switch mode, verify, 34 switchMode Access Gateway