53-1002152-01 29 April 2011 Web Tools Administrator’s Guide Supporting Fabric OS v7.0.
Copyright © 2006-2011 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and Brocade Network Advisor, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Document History Document Title Publication Number Summary of Changes Publication Date Web Tools User’s Guide v2.0 53-0001536-01 N/A September 1999 Web Tools User’s Guide v2.2 53-0001558-02 N/A May 2000 Web Tools User’s Guide v2.3 53-0000067-02 N/A December 2000 Web Tools User’s Guide v3.0 53-0000130-03 N/A July 2001 Web Tools User’s Guide v2.6 53-0000197-02 N/A December 2001 Advanced Web Tools User’s Guide v3.0 / v4.
Document Title Publication Number Summary of Changes Publication Date Web Tools Administrator’s Guide 53-1000606-01 Updates to reflect updates to enhanced October 2007 Access Gateway support, changes to FCIP tunneling wizard, and other enhancements. Web Tools Administrator’s Guide 53-1000606-02 March 2008 Updates for support for new switches, traffic isolation zoning, F_Port trunking, removal of enhanced Access Gateway support, and other enhancements.
Contents About This Document In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . .xxii What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Role-Based Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Session management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Ending a Web Tools session . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Web Tools system logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Requirements for IPv6 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Enabling and disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . 37 Changing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Changing the switch domain ID . . . . . . . . . . . . . . . . . . . . . . . . . 38 Viewing and printing a switch report . . . . . . . . . . . . . . . . . . . . . 38 Switch restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Admin Domain configuration maintenance. . . . . . . . . . . . . . . . . . . . 59 Uploading and downloading from USB storage. . . . . . . . . . . . . . . . . 60 Performing a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Chapter 5 Managing Administrative Domains In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Administrative Domain overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Port activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Enabling Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . 88 Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . . . 88 Diagnostic ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Reserving and releasing licenses on a port basis . . . . . . . . . .
Saving graphs to a canvas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Adding graphs to an existing canvas . . . . . . . . . . . . . . . . . . . . . . . .115 Printing graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 Modifying graphs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Chapter 9 Administering Zoning In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Zone configuration and zoning database management . . . . . . . .128 Creating zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . .129 Adding or removing zone configuration members. . . . . . . . . .130 Renaming zone configurations . . . . . . . . . . . . . . . . . . . . . . . . .130 Cloning zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . .131 Deleting zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . .131 Enabling zone configurations . . . . . .
Viewing EX_Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148 Configuring an EX_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149 Editing the configuration of an EX_Port . . . . . . . . . . . . . . . . . .149 Configuring FCR router port cost . . . . . . . . . . . . . . . . . . . . . . . . . . .149 Viewing LSAN zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150 Viewing LSAN devices . . . . . . . . . . . . . . . .
Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169 Viewing fabric shortest path first routing . . . . . . . . . . . . . . . . . . . .170 Configuring dynamic load sharing . . . . . . . . . . . . . . . . . . . . . . . . . .170 Lossless dynamic load sharing . . . . . . . . . . . . . . . . . . . . . . . . . 171 Specifying frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . .172 Configuring the link cost for a port . . . . . . . . . . . . .
RADIUS management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196 Enabling and disabling RADIUS . . . . . . . . . . . . . . . . . . . . . . . .196 Configuring RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197 Modifying the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . .197 Modifying the RADIUS server order . . . . . . . . . . . . . . . . . . . . .198 Removing a RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow / Prohibit Matrix configuration . . . . . . . . . . . . . . . . . . . . . . . .220 Viewing Allow / Prohibit Matrix configurations. . . . . . . . . . . . .221 Modifying Allow / Prohibit Matrix configurations . . . . . . . . . . .221 Activating an Allow / Prohibit Matrix configuration . . . . . . . . .223 Copying an Allow / Prohibit Matrix configuration. . . . . . . . . . .223 Deleting an Allow / Prohibit Matrix configuration . . . . . . . . . .224 CUP logical path configuration . . . . . . . . . . . .
Enabling and disabling LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Enabling and disabling QoS priority-based flow control . . . . . . . . .242 Enabling and disabling FCoE ports . . . . . . . . . . . . . . . . . . . . . . . . .242 Chapter 19 Limitations In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243 General Web Tools limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figures Figure 1 Configuring Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 2 Default Java for browsers option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Figure 3 Web Tools interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 4 Virtual Fabric login option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xviii Figure 37 Switch Admin:Add User Defined Role dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Figure 38 Switch Admin:Add User Defined Role dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Figure 39 Transport mode and tunnel mode comparison . . . . . . . . . . . . . . . . . . . . . . . . . 201 Figure 40 AH header in transport mode and tunnel mode . . . . . . . . . . . . . . . . . . . . . . . . 202 Figure 41 ESP header in transport mode and tunnel mode . . . . .
Tables Table 1 Basic Web Tools features and EGM licensed features . . . . . . . . . . . . . . . . . . . . . 2 Table 2 Web Tools functionality moved to Brocade Network Advisor . . . . . . . . . . . . . . . . 3 Table 3 Certified and tested platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 4 Supported platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 5 Predefined Web Tools roles . . . . .
xx Web Tools Adminstrator’s Guide 53-1002152-01
About This Document In this chapter • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv • Notice to the reader . . . . . . . . . . . . . .
• Chapter 10, “Working with Diagnostic Features” provides information about trace dumps, viewing switch health, and interpreting the LEDs. • Chapter 11, “Using the FC-FC Routing Service” provides information on using the FC-FC Routing Service to share devices between fabrics without merging those fabrics. • Chapter 12, “Using the Access Gateway” provides information on how to configure and manage the Brocade Access Gateway.
• • • • • • • Brocade 8000 Brocade DCX 8510-4 Brocade DCX 8510-8 Backbone Brocade DCX Backbone Brocade DCX-4S Backbone Brocade Encryption Switch Brocade VA-40FC The following blades are supported by this release: • • • • • • • • • • • • • • • • Brocade CORE 8 blade Brocade CP8 blade Brocade CR16-4 blade Brocade CR16-8 blade Brocade CR4S-8 blade Brocade FC10-6 port blade Brocade FC16-32 port blade Brocade FC16-48 port blade Brocade FC8-16 port blade Brocade FC8-32 port blade Brocade FC8-48 port blade Bro
Document conventions This section describes text formatting conventions and important notice formats used in this document.
Key terms For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only.
Other industry resources For additional resource information, visit the Technical Committee T11 website. This website provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.
• Brocade 8000 —On the switch ID pull-out tab located inside the chassis on the port side on the left. 3. World Wide Name (WWN) Use the licenseIdShow command to display the WWN of the chassis. If you cannot use the licenseIdShow command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX. For the Brocade DCX, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis.
xxviii Web Tools Adminstrator’s Guide 53-1002152-01
Chapter Introducing Web Tools 1 In this chapter • Web Tools overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Web Tools, the EGM license, and Brocade Network Advisor . . . . . . . . . . . . . 1 • System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 • Java installation on the workstation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 • Java plug-in configuration . . . . . . .
1 Web Tools, the EGM license, and Brocade Network Advisor Web Tools features enabled by the EGM license Table 1 describes those Web Tools features that require the EGM license.
Web Tools, the EGM license, and Brocade Network Advisor TABLE 1 1 Basic Web Tools features and EGM licensed features (Continued) Feature Basic Web Tools Web Tools with EGM License Port Administration yes yes Print zone database summary no no RBAC yes yes Routing and DLS Configuration no yes Security Policies Tab (like ACL) yes yes Switch Info tab yes yes Switch Status yes yes Switch View right-click options yes yes Trace dump yes yes USB Management yes yes User Managemen
1 System requirements TABLE 2 Web Tools functionality moved to Brocade Network Advisor (Continued) Function Web Tools 6.1.0 Brocade Network Advisor Comments Device Accessibility Matrix Zone Admin Configure > Zoning the Compare dialog box provides the Storage-Host and Host-Storage view in a tree representation that is comparable to the Device Accessibility Matrix when all devices are selected.
System requirements 1 Brocade has certified and tested Web Tools on the platforms shown in Table 3. TABLE 3 Certified and tested platforms Operating System Browser Windows Server 2008 R2 Standard (64-bit) Internet Explorer 8.0 Windows Server 2008 Standard Internet Explorer 7.0 Windows Vista Business Internet Explorer 7.0 Red Hat Enterprise Server 5 Advanced Platform Internet Explorer 7.0 SUSE Linux Enterprise Server 10 Internet Explorer 7.0 Brocade supports the platforms shown in Table 4.
1 Java installation on the workstation 3. Choose Every visit to the page under “Check for newer versions of stored pages:” as shown in Figure 1 on page 6. FIGURE 1 Configuring Internet Explorer Deleting temporary internet files used by Java applications For Web Tools to operate correctly, you must delete the temporary internet files used by Java applications. To delete these files, perform the following steps. 1. From the Control Panel, open Java. 2. Select the General tab and click Settings. 3.
Java installation on the workstation 1 If you attempt to open Web Tools with a later version of Java Plug-in installed: • Internet Explorer might prompt for an upgrade, depending on the existing Java Plug-in version. • Firefox uses the existing Java Plug-in. Installing the JRE on your Solaris or Linux client workstation To do the JRE installation, perform the following steps. 1. Locate the JRE on the Internet, at the following URL: http://java.sun.com/products/archive/j2se/6/index.
1 Java plug-in configuration • If no Java Plug-in is installed, point the browser to a switch running Fabric OS 5.2.0 or later to install JRE 1.6.0. For Fabric OS 6.3.0 install JRE 1.6.0 update 13. Web Tools guides you through the steps to download the proper Java Plug-in. • If an outdated version is currently installed, uninstall it, restart your computer, reopen the browser, and enter the address of a switch running Fabric OS 5.2.0 or later to install JRE 1.6.0. For Fabric OS 6.3.0 install JRE 1.6.
Value line licenses 1 Configuring the Java plug-in for Mozilla family browsers To configure Java plug-in for Mozilla family browsers, perform the following steps. 1. From the Start menu, select Settings > Control Panel. 2. Click the Advanced tab and expand the Default Java for browsers option, as shown in Figure 2 on page 9. FIGURE 2 Default Java for browsers option 3. Select Mozilla family and click OK. 4. Click OK to apply your settings and close the Java Control Panel.
1 Opening Web Tools Opening Web Tools You can open Web Tools on any workstation with a compatible Web browser installed. For a list of Web browsers compatible with Fabric OS v7.0.0, refer to Table 3. Web Tools supports both HTTP and HTTPS protocol. To open Web Tools, perform the following steps. 1. Open the Web browser and enter the IP address of the device in the Address field, such as: http://10.77.77.77 or https://10.77.77.77 2. Press Enter. The Web Tools login dialog box displays.
Opening Web Tools 1 Logging in When you use Web Tools, you must log in before you can view or modify any switch information. This section describes the login process. Prior to displaying the login window, Web Tools displays a security banner (if one is configured for your switch), that you must accept before logging in. The security banner displays every time you access the switch. When you are presented with the login screen you must provide a user name and a password.
1 Opening Web Tools To log in to a Virtual Fabric, perform the following steps. 1. Select Options to display the Virtual Fabric options. You are given a choice between Home Logical Fabric and User Specified Virtual Fabric (Figure 4). Home Logical Fabric is the default. FIGURE 4 Virtual Fabric login option 2. Log in to a logical fabric. • To log in to the home logical fabric, select Home Logical Fabric and click OK.
1 Role-Based Access Control • Your currently selected Admin Domain is removed or invalidated. • Your currently selected Admin Domain is removed from your Admin Domain list. • You initiate a firmware download from Web Tool’s Switch Administration window. In this case, you are logged out a few minutes later when the switch restarts. • Your session times out. Role-Based Access Control Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the assigned role.
1 Web Tools system logs A session automatically ends if no information was sent to the switch for more than two hours. Because user key strokes are not sent to the switch until you apply or save the information, it is possible for your session to end while you are entering information in the interface. For example, entering a zoning scheme in the Zoning module does not require you to send information to the switch until you save the scheme.
1 Requirements for IPv6 support The maximum size of the webtools.log file is 2MB. It is rolled into new file when the 5mb file size limit is exceeded. A backup file named webtools1.log is automatically created. Web Tools maintains only one webtools.log backup file at a time. The Web Tools debug dialog box can be used to enable the debug state and level for a module at runtime. If you are familiar with XML scripting, you can edit the configuration file (log4j.xml) to collect the data at startup.
1 16 Requirements for IPv6 support Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 2 Using the Web Tools Interface In this chapter • Viewing Switch Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Displaying tool tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Right-click options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Refresh rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Viewing Switch Explorer NOTE To perform monitoring tasks such as performance monitoring the EGM license must be installed on the switch; otherwise, access to this feature is denied and an error message displays. - Tools tasks, such as opening the Telnet window. • The buttons above the Switch View provide access to switch information: status, temperature, power, and fan data, beaconing, and the legend for the Switch View.
2 Viewing Switch Explorer For non-8 Gbps platforms, all functionalities are available without EGM license.
2 Viewing Switch Explorer If you launch WebTools from Brocade Network Advisor (BNA), all of the Web Tools GUI persistence data for each user name is stored in the BNA database.
Viewing Switch Explorer • • • • • 2 Switch administration Port administration Admin Domain administration FCR (present only on the base switch when the Virtual Fabrics capability is enabled.) Fabric Watch NOTE Some of these functions require a license key to activate them.
2 Viewing Switch Explorer After you log in, all Admin Domains assigned to you are available in the drop-down menu. For most administrative tasks, you must be in either AD0 or the physical fabric. When changing the Admin Domain context, the option for selecting AD from the drop-down list is not available if the EGM license is not present.
2 Viewing Switch Explorer To change the Admin Domain context, perform the following steps. 1. Select a domain from the Admin Domain menu. 2. Click OK in the confirmation window. Switch Explorer refreshes to display the new Admin Domain context. You can monitor the progress using the progress bar. The system displays a list of all open windows. You can choose to change the Admin Domain, which closes all the open windows, or cancel the action and return to Switch Explorer.
2 Viewing Switch Explorer The default Switch View display refresh rate is 60 seconds. However, the initial display of Switch Explorer might take from 30 to 60 seconds after the switch is booted. Refresh rates are fabric-size dependent. The auto refresh interval may not be less than 60 seconds. However, the refresh rate varies depending on the activity in the fabric and on the host system you are using. The larger the fabric, the longer it takes to poll the fabric and refresh the view.
2 Viewing Switch Explorer NOTE Click the USB port on the switch to launch the USB Storage Management window. Switch Events and Switch Information Switch Events and Switch Information display as tab forms under Switch View. The information in the Switch Information View is polled every 60 seconds. NOTE You can click the column head to sort the events by a particular column, and drag the column divider to resize a column.
2 Displaying tool tips • Other • RNID - Manufacturer serial number Supplier serial number License ID Type Model Tag Sequence number Insistent Domain ID Mode Manufacturer Manufacturer Plant Displays the serial number of the manufacturer. Displays the serial number of the supplier. Displays the license ID. Type of the switch. Model of the switch. Tag of the switch. Sequence number of the switch. Current status of the Insistent Domain ID mode of the switch. Manufacturer of the switch.
Right-click options 2 • port status (online or offline) • port state (in-sync, no_sync, no light, or no module) Right-click options You can right-click a port to quickly perform some basic port administration tasks, as shown in Figure 7. FIGURE 7 Right-click menu for ports (from Switch Explorer) The tasks are: • The Port Admin option displays the Port Administration window. • The Port Details option displays read-only information about a port, without opening the Port Administration window.
2 Displaying switches in the fabric For these reasons, the time displayed in the port statistics tab might not be refreshed as expected. The counter time indicates only that “this statistics data is retrieved from the switch in this time period.” To ensure the correct information, the time field is updated along with the port statistics data after every refresh. The refresh rates are different for each module. Table 6 lists polling rates by module.
Working with Web Tools: recommendations 2 Working with Web Tools: recommendations Brocades makes the following recommendations for working with Web Tools: • If you receive an error when saving changes in the Switch Administration window, note the error messages, refresh the window, and make your changes again. Do not continue making changes without refreshing the window and determining which changes were saved correctly.
2 Collecting logs for troubleshooting To avoid the need to remember and key in the path, you can store the path on your PC and browse to the location. Clicking the button to the right of the field initiates the browse capability. 5. Click OK. The Telnet or SSH window displays. 6. Enter your user credentials at the login prompt. 7. To close the session, enter exit at the prompt and press the Enter key.
Chapter 3 Managing Fabrics and Switches In this chapter • Fabric and switch management overview . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring IP and subnet mask information . . . . . . . . . . . . . . . . . . . . . . . . • Configuring Netstat Auto Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring a syslog IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Removing a syslog IP address . . . . . . . . . . . . . .
3 Fabric and switch management overview If the switch is not a member of the selected Admin Domain, most tabs in the Switch Administration window display in read-only mode, regardless of your permission level. The User tab is editable because most of its information does not require switch membership in the current Admin Domain.
Configuring IP and subnet mask information 3 Opening the Switch Administration window Most of the management procedures in this chapter are performed from the Switch Administration window. To open the Switch Administration window, perform the following steps. 1. Select Tasks > Manage > Switch Admin. The Switch Administration dialog box displays in basic mode, as shown in Figure 8 on page 32. The basic mode displays the “basic” tabs and options. 2.
3 Configuring a syslog IP address To configure Auto Refresh, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Network tab. 3. Click Netstat Performance. 4. Select the Auto Refresh check box to automatically refresh the port details. Clear the check box to disable auto refresh. 5. When enabled, enter the interval time in seconds in the Auto-Refresh Interval field.
3 Configuring IP Filtering Configuring IP Filtering Web Tools provides the ability to control what client IP addresses may connect to a switch or fabric. To set up IP Filtering, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Security Policies tab. 3. Select IPFilter on the Security Policies menu. 4. Click Create Policy. The Create IP Filter Policy dialog box displays. 5.
3 Blade management NOTE The blade state is always shown as enabled, even if you perform a blade disable operation. When a blade is set to a disable state, only the ports on the balde are disabled. The blade remains active. To enable or disable a blade, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Blade tab (Figure 9). FIGURE 9 Blade tab 3.
3 Switch configuration 5. Enter the IP address, subnet mask, and Gateway IP address. 6. Select a type from the list. 7. Click Add to add the new entry to the table. When you click Add, the values remain in the fields. The Clear Gateway and Clear IP buttons are available for clearing fields in the table. NOTE To remove a configuration, select a row in the table and click Delete. 8.
3 Switch configuration The system displays a confirmation window that asks if you want to save the changes to the switch. You must click Yes to save the changes. Changing the switch name Switches can be identified by IP address, domain ID, World Wide Name (WWN), or switch names. Names must begin with an alphabetic character, but otherwise can consist of alphanumeric, hyphen, and underscore characters. The maximum number of characters is 30, unless FICON mode is enabled.
Switch restart 3 To view or print a report, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Switch tab. 3. Click View Report. 4. In the new window that displays the report, view or print the report using your browser. Switch restart When you restart the switch, the restart takes effect immediately.
3 System configuration parameters • System services • Signed firmware WWN-based Persistent PID assignment WWN-based PID assignment allows you to configure a PID persistently using a device’s WWN. When the device logs into the switch, the PID is bound to the device WWN. If the device is moved to another port in the same switch, or a new blade is hot plugged, the device receives the same PID (area) at its next login.
System configuration parameters 3 Configuring fabric settings To configure the fabric settings, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Configure tab. 3. Select the Fabric subtab. 4. Make the fabric parameter configuration changes. 5. Click Apply. 6. Enable the switch as described in “Enabling and disabling a switch” on page 37.
3 System configuration parameters 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Disable the switch as described in “Enabling and disabling a switch” on page 37. 3. Select the Configure tab. 4. Select the Fabric subtab. 5. Select the Insistent Domain ID Mode check box. 6. Click Apply. 7. Enable the switch as described in “Enabling and disabling a switch” on page 37.
System configuration parameters 3 5. Select or clear the check boxes to enable or disable the corresponding arbitrated loop parameters. 6. Click Apply. 7. Enable the switch as described in “Enabling and disabling a switch” on page 37.
3 Licensed feature management To configure the signed firmware, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Configure tab. 3. Select the Firmware subtab. 4. Select the Enable Signed Firmware Download check box. 5. Click Apply. Licensed feature management The licensed features currently installed on the switch are listed in the License tab of the Switch Administration window.
3 Licensed feature management 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the License tab. 3. Select the license key for which you want to assign slots from the License Administration table. The Assign Slots window displays. 4. Select the slots you want to assign. 5. Click OK. Removing a license from a switch To remove a license from a switch in the Switch Administration window, perform the following steps.
3 High Availability overview • Server Application Optimization High Availability overview High-Availability (HA) features provide maximum reliability and nondisruptive replacement of key hardware and software modules. High Availability is available only on the Brocade DCX, DCX-4S, DCX 8510-4 and DCX 8510-8 platforms. Refer to the Fabric OS Administrator’s Guide for additional information about High Availability.
3 High Availability overview • The CP tab displays information about slots. For Brocade DCX-4S or DCX 8510-4, CP blades are placed in slot 4 and slot 5.,For the Brocade DCX or DCX 8510-8, CP blades are placed in slot 6 and 7. FIGURE 10 High Availability window, CP tab The High Availability window gets refreshed automatically. You can also click Refresh to update the information displayed in the High Availability window.
3 Event monitoring 4. Click Yes and wait for the CPs to complete a synchronization of services, so that a nondisruptive failover is ready. 5. Click Refresh to update the HA Status field. When the HA Status field displays HA enabled, Heartbeat Up, HA State synchronized a failover can be initiated without disrupting frame traffic on the fabric. Initiating a CP failover A nondisruptive failover might take about 30 seconds to complete.
3 Event monitoring • • • • Marginal Notice Information Debug Table 8 lists the event message severity levels displayed on the Switch Events tab and explains what qualifies event messages to be certain levels. On the Switch Events tab, you can click the Filter button to launch the Filter Events dialog box. The Filter Events dialog box allows you to define which events should be displayed on the Switch Events tab. For more information on filtering events, refer to “Filtering Switch Events” on page 50.
3 Event monitoring To display Switch Events, perform the following steps. 1. Select the switch from the Fabric Tree. The Switch View displays. 2. Select the Switch Events tab, if necessary. Filtering Switch Events You can filter the fabric and switch events by time, severity, message ID, and service. You can apply either one type of filter at a time or multiple types of filters at the same time.
Displaying the Name Server entries 3 Filtering events by message ID To filter events by message ID, perform the following steps. 1. Open the Switch Events tab as described in “Displaying Switch Events” on page 49. 2. Click Filter. The Event Filter dialog box displays. 3. Select Message ID. 4. Enter the message IDs in the associated field. NOTE You can enter multiple message IDs as long as you separate them by commas.
3 Displaying the Name Server entries For FICON devices: The Name Server table lists the request node identification (RNID) information. To display the Name Servers, perform the following steps. 1. Select Tasks > Monitor > Name Server. The Name Server window displays. 2. To set an autorefresh rate for the Name Server entries, select the Auto Refresh check box in the Name Server window, and enter an auto-refresh interval (in seconds). The minimum (and default) interval is 15 seconds.
3 Physically locating a switch using beaconing Physically locating a switch using beaconing Use the Beacon button to physically locate a switch in a fabric. The beaconing function helps to physically locate a switch by sending a signal to the specified switch, resulting in an LED light pattern that cycles through all ports for each switch (from left to right). NOTE You must have an RBAC role of admin to initiate switch beaconing. The LED light pattern is initiated on the actual switch or chassis.
3 Virtual Fabrics overview • Brocade DCX 8510-8 Virtual Fabrics cannot be configured or managed from Web Tools. Configuration and management is done from either the Brocade Network Advisor, or the Fabric OS command line interface. For information about configuring and managing Virtual Fabrics, refer to the Brocade Network Advisor User Manual if you are using Brocade Network Advisor, or Fabric OS Administrator’s Guide if you are using the Fabric OS command line interface.
Virtual Fabrics overview 3 Logical ports are software constructs, and have no corresponding hardware to represent them on the Switch View. Logical port information is available in the Port Administration window. 1. Select Port Administration. The Port Administration window displays. Logical ports are displayed in the FC Ports Explorer tree structure. 2. To view logical port properties, expand the Logical Ports folder, and select a port. The General properties are displayed.
3 56 Virtual Fabrics overview Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 4 Maintaining Configurations and Firmware In this chapter • Creating a configuration backup file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Restoring a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Admin Domain configuration maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . • Uploading and downloading from USB storage . . . . . . . . . . . . . . . . . . . . . . . • Performing a firmware download . . . . . . . . .
4 Restoring a configuration NOTE By default, Config Upload is chosen under Function, and Network is chosen as the source of the configuration file. 5. Enter the configuration file with a fully-qualified path, or select the configuration file name in the Configuration File Name field. If you select USB as the configuration file source, the network parameters are not needed and are not displayed. You can skip to step 6. 6.
4 Admin Domain configuration maintenance 4. Select the Upload/Download tab. The Upload/Download configuration screen displays. By default, Config Upload is chosen under Function, and Network is chosen as the source of the configuration file. 5. Under Function, select Config Download to Switch. If you select USB as the configuration file source, the network parameters are not needed and are not displayed, and you can skip to step 7.
4 Uploading and downloading from USB storage • If you invoke Admin Domain from AD255 and you are logged in with any role that allows configuration upload/download, the following items are saved in the configuration file: - Configuration information for zones in all Admin Domains All other configuration information, including zoning from all Admin Domains The filtering depends on the Admin Domain switch ownership, with additional access if you are in AD255.
4 Performing a firmware download To download a new firmware version, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Firmware Download tab. 3. Choose to download either the firmware or the firmware key. The download source can be located on the network or a USB device. NOTE When you select the USB button, you can specify only a firmware path or directory name.
4 62 Performing a firmware download Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 5 Managing Administrative Domains In this chapter • Administrative Domain overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Admin Domain window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Creating and populating domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Modifying Admin Domain members . . .
5 Administrative Domain overview User-defined Admin Domains AD1 through AD254 are user-defined Admin Domains. These user-defined Admin Domains can be created only by a physical fabric administrator in AD255. System-defined Admin Domains AD0 and AD255 are special Admin Domains and are present in every AD-capable fabric.
Enabling Admin Domains 5 • Manage Advanced Performance Monitoring (this can be managed in AD0 if no other Admin Domains are present, but only if you are using Web Tools with the EGM license). The EGM license is required only for 8 Gbps platforms, such as the: • • • • • Brocade Encryption Switch Brocade 300, 5300, and 5100 switches Brocade VA-40FC Brocade 8000 Brocade 7800 For non-8 Gbps platforms, all functionalities are available without EGM license.
5 Admin Domain window To enable Admin Domains, perform the following steps. 1. Change the Admin Domain context to AD0. Refer to “Changing the Admin Domain context” on page 21. NOTE Changing the Admin Domain context requires using Web Tools with the EGM license; otherwise, access to this feature is denied and an error message displays. Change the Default Zone mode to No Access. Refer to “Setting the default zoning mode” on page 119 for more information. 2.
Admin Domain window 5 When you launch the Admin Domain window and select the parent Admin Domains node in the tree on the left pane, the Admin Domain window displays summary information about all of the Admin Domains. You can also select a specific Admin Domain from the tree to display detailed information about that Admin Domain. The detailed view displays summary information as well as information about the online switch, port, and device members of the selected Admin Domain.
5 Admin Domain window To open an Admin Domain window, perform the following steps. 1. Select a switch from the Fabric Tree and log in when prompted. Switch View displays information for the selected switch. 2. If you plan to modify the Admin Domain configuration, from the Admin Domain menu, select Physical Fabric. 3. Click Admin Domain in the Manage section of the Tasks menu. The Admin Domain window displays.
5 Creating and populating domains To save the local Admin Domain changes, perform the following steps. 1. Select Actions > Save AD Configuration to save your changes to persistent storage as the defined Admin Domain configuration. 2. Select Actions > Apply AD Configuration to save your changes to persistent storage and make your changes effective in the fabric. These options are not enabled until you make a change to the Admin Domain configuration.
5 Creating and populating domains 3. In the Name area, assign an Admin Domain name. You can specify a name or let the system assign the name for you. 4. In the ID area, assign an Admin Domain ID. You can specify an ID or let the system assign the ID for you. 5. In the State area, select the Active check box to activate the Admin Domain when you finish creating it. NOTE Clear the Active check box if you want the Admin Domain deactivated when you finish creating it. 6. Click Next. 7.
5 Modifying Admin Domain members Activating or deactivating an Admin Domain To activate or deactivate an Admin Domain, perform the following steps. 1. Open the Admin Domain window. 2. From the tree on the left, select the Admin Domain you want to activate or deactivate. 3. Click Activate to activate the Admin Domain, or click Deactivate to deactivate the Admin Domain. 4. Select Actions > Save AD Configuration to save the new Admin Domain configuration to persistent storage. 5.
5 Modifying Admin Domain members 9. Select Actions > Save AD Configuration to save the new Admin Domain configuration to persistent storage. 10. Select Actions > Apply AD Configuration to enforce the new Admin Domain configuration as the effective configuration. Renaming Admin Domains You can change the name of an Admin Domain, including an auto-assigned ID name. The Admin Domain name cannot exceed 63 characters and can contain alphabetic and numeric characters.
Modifying Admin Domain members 5 Clearing the Admin Domain configuration When you clear the Admin Domain configuration, all user-defined Admin Domains are deleted and all fabric resources (switches, ports, and devices) are returned to AD0. You cannot clear the Admin Domain configuration if zone configurations exist in any of the user-defined Admin Domains. To clear the Admin Domain configuration, perform the following steps. 1. Open the Admin Domain window. 2. Select Actions > Clear AD Configuration. 3.
5 74 Modifying Admin Domain members Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 6 Managing Ports In this chapter • Port management overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring FC ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Assigning a name to a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Port beaconing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling and disabling a port.
6 Port management overview NOTE You can drag the column divider to resize a column, or drag columns to re-arrange them in a custom order. You can also right-click a column heading to resize one or all columns, or sort the information in ascending or descending order.
Port management overview • • • • • • • • • • • • • • • 6 MTU Size Compression Mode Data L2COS Value DSCP Data IKE Policy Number IPsec Policy Enabled Keep Alive Timeout MaximumCommunicationRate MinimumCommunicationRate MaxRetransmitRate MinRetransmitRate Metric Pre-Shared key QOS Mapping Selective Ack Ports Explorer tree The Ports Explorer tree displays on the left side of the window.
6 Port management overview When viewing detailed information about a port, Basic Mode provides these subtabs: • General—All ports - View Details - Rename - Edit Configuration - Enable/Disable (port) - Persistent Enable/Persistent Disable (port) • SFP—Physical ports only (FC, CEE, and GbE) - Basic information about the port equipment • QSFP—Quad Small Form-factor Pluggable ports - Basic Information about the port.
6 Configuring FC ports • SFP—Physical ports only (FC, CEE, and GbE) - Basic Information about the port. - Advanced information about the port equipment • QSFP—Quad Small Form-factor Pluggable ports - Basic Information about the port. - Advanced information about the port equipment. - UnitNumber - ChannelIndex - DeviceTech - MaxCaseTemp • Port Statistics - Advanced port statistics - Error details - FCIP Tunnels—GbE ports and logical FCIP ports only (not available for the FR4-16IP).
6 Configuring FC ports • Brocade 7800 For non-8 Gbps platforms, all functionality is available without EGM license. The following procedure describes how to open the FC Port Configuration wizard. The wizard is self-explanatory, so the explicit steps are not documented here. 1. Click a port in the Switch View to open the Port Administration window. 2. Select the Auto Refresh check box to automatically refresh the port details. Clear the check box to disable auto refresh. 3.
Configuring FC ports 6 E_Port The port can be used to connect to another switch. On the Brocade FC8-64, ports 56 through 63 are not available as E_Ports. This option is unavailable for these ports. U_Port For a physical FC port: the port can be any one of E_Port, F_Port, or L_Port. For a logical FC port: the port can be either VE_Port or VEX_Port. When the wizard prompts you to select allowed port types, if all of these boxes are selected, there are no constraints on port type.
6 Assigning a name to a port Ingress rate limiting is applicable only to F_Ports and FL_Ports and is available only on the following platforms: • • • • • • • • • • • • • • • • • Brocade DCX Brocade DCX-4S Brocade DCX 8510 Brocade Encryption Switch Brocade 300 Brocade 5100 Brocade 5300 Brocade 5410 Brocade 5424 Brocade 5450 Brocade 5460 Brocade 5470 Brocade 5480 Brocade 6510 Brocade 7800 Brocade VA-40FC Brocade 8000 To configure the ingress rate limit feature, perform the following steps. 1.
Port beaconing 6 Port names can be from 1 through 128 alphanumeric characters, unless FICON Management Server (FMS) mode is enabled. If FMS mode is enabled, port names should be limited from 1 through 24 alphanumeric characters. The comma (,), semicolon (;), and “at” symbol (@) are not allowed. NOTE Although it is not required, it is recommended that port names be unique. To assign a name to a port, perform the following steps. 1. Click a port in the Switch View to open the Port Administration window.
6 Enabling and disabling a port Enabling and disabling a port To enable or disable a port, perform the following steps. 1. Click a port in the Switch View to open the Port Administration window. 2. Select the FC Ports or GigE Ports tab. 3. From the tree on the left, select the switch or slot that contains the port you want to enable or disable. 4. From the table, select one or more ports. NOTE Use Shift+click and Ctrl+click to select multiple ports. You can select multiple ports from the table.
Persistent enabling and disabling ports 6 Persistent enabling and disabling ports To enable or disable a port so that it remains enabled or disabled across switch restarts, perform the following steps. NOTE Ports cannot be persistently enabled or disabled when FMS is enabled. 1. Select a port in the Switch View to open the Port Administration window. 2. Select the FC Ports, VE/VEx Ports, ICL Ports, or GigE Ports tab. 3. From the tree on the left, select the switch or slot that contains the port. 4.
6 Port activation The NPIV Max Login Limit option configures the maximum number of permitted logins per NPIV port. Each NPIV port can support up to 255 logins. The range of valid values is from 1 through 255 logins per port. The default value is 126 logins. This feature supports virtual switches, but not on physical switches. Each port can have a different NPIV login limit value in each logical switch. The NPIV Max Login column displays the value assigned to each port.
Port activation TABLE 9 6 Ports enabled with POD licenses and DPOD feature (Continued) Switch name Enabled by default Enabled with Ports on Demand licenses Enabled with the Dynamic Ports on Demand feature Brocade 5460 0-3, 6-13 4, 5, 14-25 Brocade 5450 1-10, 19-22 0, 11-18, 23-25 Brocade 5424 1-8, 17-20 0, 9-16, 21-23 Brocade 5300 0-47 48-63, 64-79 Brocade 5100 0-23 24-31, 32-39 Brocade 5000 Brocade 4100 0-15 16-23, 24-31 Not supported Brocade 4900 0-31 32-47, 48-63 Not support
6 Port activation If you remove a Ports on Demand license, the licensed ports are disabled after the next platform restart or the next port deactivation. Enabling Dynamic Ports on Demand You must be logged in as Admin to enable the Dynamic POD feature. NOTE The Dynamic PODs feature is supported on the Brocade 4018, 4020, 4024, 5460, and 5470 switches only. If you click the Enable DPOD button on an unsupported switch, an error message displays.
Port activation 6 Diagnostic ports Diagnostic ports (D_Port) are used for running diagnostics to isolate link level faults and inter-switch link testing in fabric, optical and remote loopback modes. D_Ports are not part of any fabric and it does not carry any data or protocol traffic with it. It is used only for running diagnostic traffic for isolating link level faults. D_Port can be used to get estimated link distance measure as done for long distance mode links.
6 Port swapping index Port swapping index If a port malfunctions, or if you want to connect to different devices without having to rewire your infrastructure, you can move traffic from one port to another (swap ports) without changing the I/O Configuration Data Set (IOCDS) on the mainframe computer. NOTE Port swapping is not applicable to GE or ICL ports because there are no areas assigned to these ports. The following restrictions apply to all ports: • Ports can be swapped only once.
Port swapping index 6 If the port is on a blade, you must also provide the slot number. NOTE Port swap is not supported above the 16th port in a 48 port card in FMS mode. 8. Click Swap. Determining if a port index was swapped with another switch port To determine whether a port was swapped, perform the following steps. 1. Select a port in the Switch View to open the Port Administration window. 2. Select the FC Ports tab. 3. Click Show Advanced Mode. 4.
6 Configuring BB credits on an F_Port Configuring BB credits on an F_Port In Fabric OS v6.4.0 and later, you can configure the BB credits value on an F_Port. Follow the steps given below. 1. Select a port in the Switch View to open the Port Administration window. 2. Select the FC Ports tab. 3. Click Show Advanced Mode. 4. Click F-Port BB Credit. 5. Enter the BB credit value in the Enter BB Credit field (the default value is 8). NOTE You cannot modify the default BB credit value for VE and ICL ports. 6.
6 Configuring Port Octet Speed Combination After selecting enable, the stringent and flexible radio buttons are enabled. Neither radio buttons are selected by default. 3. Select either stringent or flexible. 4. Click Apply. 5. Close the Switch page. 6. Select Port Admin. 7. Select an F_Port or U_Port from the device tree or Port List table. 8. Click ALPA Map. FIGURE 15 ALPA Map selection A dialog launches listing the Port WWN to ALPA Map with the host. The Port WWN map automatically populates.
6 Configuring Port Octet Speed Combination The ports on these hardware models are segregated into 8 port octets. The Port Octet Speed Combination is applied to the eight ports to which the selected port belongs. Based on this Port Octet Speed combination, the speed options will be available in the Edit Configuration Dialog.
Configuring CSCTL 6 Configuring CSCTL Unlike QoS Zone-based FC flow prioritization method, CSCTL enables the same SID/DID pair exchange frames with different priorities. To be able to prioritize a frame flow between two end nodes, Fabric OS v7.0.0 provides support for up to 32 Virtual Channels (VCs) per port. This categorizes the frames entering into a fabric on the basis of preset behavior defined with these VCs, and conserves the frame’s behavior until it is transmitted out of fabric.
6 Inband Management Inband Management Inband Management is designed to allow the management of the switch through GigE ports. This allows a management station located on the WAN side of the FCIP platform to communicate with the control processor for management tasks, such as launching Web Tools, SNMP polling, SNMP traps, trouble shooting, and configuration.
Inband Management 6 10. Click OK. 11. Select the General sub-tab. 12. Select the Enable option from the Inband selection list to activate Inband Management.
6 98 Inband Management Web Tools Adminstrator’s Guide 53-1002152-01
Chapter Enabling ISL Trunking 7 In this chapter • ISL Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 • Disabling or enabling ISL Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 • Viewing trunk group information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 • F_Port trunk groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7 Viewing trunk group information To disable trunking on a port, or to re-enable trunking if it has been disabled, perform the following steps. 1. Select a port in the Switch View to open the Port Admin window. 2. Select the FC Ports tab. 3. From the tree on the left, select the switch name or slot name. 4. From the table, select the port that you want to trunk. You can select multiple ports from the table. You cannot select multiple ports from the tree. 5.
F_Port trunk groups 7 • Bandwidth (shown only for E_Port, Ex_Port, F_Port, and N_Port). • Throughput (shown only for E_Port, Ex_Port, F_Port, and N_Port). • Utilization (shown only for E_Port, Ex_Port, F_Port, and N_Port). Additionally, the following trunking attributes can also be displayed from the Port Admin view by clicking the Show Advanced Mode button: • • • • Trunk port state, either master or slave. Master Port Trunk Index (applies only to F_Port trunking).
7 F_Port trunk groups 3. Select any port from the port group in which you want to create the trunk group. 4. Select F_Port Trunking. The F_Port Trunking dialog box displays. 5. Select one or more ports in the Ports for trunking pane. A dialog box displays, asking you to select a trunk index. 6. Select the trunk index from the drop-down list populated with the index for all the ports. A trunk group is created, identified by the trunk index, and containing the port you selected. 7.
Chapter 8 Monitoring Performance In this chapter • Performance Monitor overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Opening the Performance Monitoring window . . . . . . . . . . . . . . . . . . . . . . • Creating basic performance monitor graphs. . . . . . . . . . . . . . . . . . . . . . . . • Customizing basic monitoring graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Advanced performance monitoring graphs . . . . . . . . . . . . . . . . . . . . . .
8 Performance Monitor overview Advanced monitoring The Advanced Monitoring menu is an optionally licensed feature. To utilize the Advanced Monitoring feature you must have a Performance Monitor license installed and you must log in using an account with an admin, switchadmin, fabricadmin role, and properly configured user defined roles. The Advanced Monitoring option in the Performance Graphs window displays predefined reports and filter-based performance monitoring.
8 Performance Monitor overview Predefined performance graphs Web Tools predefines basic graph types to simplify performance monitoring. A wide range of end-to-end fabric, LUN, device, and port metrics graphs are included. Table 11 lists the basic monitoring graphs available. Table 12 lists the advanced monitoring graphs. The advanced monitoring graphs give more detailed performance information to help you manage your fabric.
8 Performance Monitor overview Table 13 lists each graph and indicates the supported port types for each graph. The port selection columns for each graph displays the supported ports.
Performance Monitor overview 8 Figure 20 shows how to access the list of Advanced Performance Monitoring graphs using Web Tools with the EGM license. This example displays the graphs available in the Performance Monitoring window with the Advanced Performance Monitoring license installed. Note that the slot number is identified.
8 Opening the Performance Monitoring window Canvas configurations A canvas is a saved configuration of graphs. The graphs can be either the Web Tools predefined graphs or user-defined graphs. Each canvas can hold up to eight graphs per window, with six shown in Figure 21. Up to 20 canvases can be set up for different users or different scenarios. Each canvas is saved with a name and an optional brief description.
8 Creating basic performance monitor graphs Creating basic performance monitor graphs To create the basic performance monitor graphs listed in Table 11 on page 105, perform the following steps. 1. Open the Performance Monitoring window. 2. Select Performance Graphs > Basic Monitoring > Graph Type. Depending on the type of graph you select, you might be prompted to select a slot or port for which to create a graph. 3.
8 Customizing basic monitoring graphs The title of the dialog box varies, depending on the type of graph you are customizing, but the layout of the dialog box is the same. Figure 22 displays an example of the setup dialog box for the Edit Switch Throughput Utilization graph. FIGURE 22 Select Ports for customizing the Switch Throughput Utilization graph You can perform the following in the dialog box: a. Double-click the domain to expand the slot or port list.
8 Advanced performance monitoring graphs f. Click Apply. Only the selected ports are displayed in the graph. Advanced performance monitoring graphs This section describes how to create the advanced performance monitor graphs listed in Table 12 on page 105. Because the procedure for creating these graphs differs depending on the type of graph, each type is described separately in the sections that follow. The advanced monitoring graphs are not supported for GbE ports.
8 Advanced performance monitoring graphs 5. Select a destination ID from the Port or Sid/Did Selection List, and click Add Did. You can also enter a destination ID in the Enter/drag DID number field. 6. Click OK. If you selected multiple EE monitors, SIDs, or PIDs, a confirmation dialog box displays, reminding you that one graph is opened for each selection. 7. Click Yes to display the graphs. 8. When you close a graph, a dialog box asks if you want to save the monitor.
Tunnel and TCP performance monitoring graphs 8 To create a SCSI command graph, perform the following steps. 1. Open the Performance Monitoring window. 2. Select Performance Graphs > Advanced Monitoring > SCSI Commands > Graph Type. The applicable setup dialog box displays. 3. Navigate to a switch > slot > port in the Port Selection List. 4. Click the port from the Port Selection List and drag it into the Enter/drag port field. 5.
8 Saving graphs to a canvas 3. Select the tunnel from the Tunnels drop-down list for which you want to generate the graphs. For Brocade 7800 extension switch, you can have maximum six circuit connections in a tunnel and for FX8-24 DCX extension blade, you can have maximum of ten circuit connections in a tunnel. 4. In the Tunnel and TCP area at the bottom of the screen, select the required check boxes for the statistic you want to graph. Note that each column represents a different graph. 5.
8 Adding graphs to an existing canvas The following procedure describes how to save graphs to a new canvas. 1. Open the Performance Monitoring window. 2. Create basic or advanced Performance Monitor graphs, as described in “Creating basic performance monitor graphs” on page 109 and “Advanced performance monitoring graphs” on page 111. The graphs display in the Performance Monitor window. 3. Select File > Save Current Canvas Configuration. The Save Canvas Configuration dialog box displays. 4.
8 Modifying graphs 4. In the print dialog box, click OK. Modifying graphs To modify an existing graph that is saved in a canvas, perform the following steps. 1. Open the Performance Monitoring window. 2. Select File > Display Canvas Configurations. The Canvas Configuration List displays. A message “No Canvas configuration to display” displays if there are no saved canvas configurations. 3. Select a canvas from the list and click Edit. The Performance Monitor Canvas: Canvas Name dialog box displays. 4.
Chapter 9 Administering Zoning In this chapter • Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zoning configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zoning management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Zone configuration and zoning database management. . . . . . . . . . . . . . . • Best practices for zoning. . . . . . . . . . . . . .
9 Zoning configurations LSAN zone requirements An LSAN zone enables device connectivity between fabrics connected in Fibre Channel Routing (FCR) configurations without forcing you to merge fabrics. Extension switches provide multiple mechanisms to manage interfabric device connectivity. Zones that contain hosts and targets that are shared between the two fabrics need to be explicitly coordinated.
9 Zoning management Setting the default zoning mode The default zoning mode has two options: • All Access—All devices within the fabric can communicate with all other devices. • No Access—Devices in the fabric cannot access any other device in the fabric. Web Tools supports default zoning on switches running firmware v5.1.0 or later. Default zoning on legacy switches (switches running firmware versions prior to v 5.1.0) are not supported.
9 Zoning management When you log in to a virtual switch, or select a virtual switch using the drop-down list under Fabric Tree section in the Switch Explorer window, only the ports that are associated with the Virtual Fabric ID you selected are displayed in the member selection list, as shown in Figure 23. You can use the Add Other button to add ports of other switches in the fabric.
9 Zoning management Click the Alias tab to display which aliases the port or device is a member of. Also, you can right-click the device nodes and click View Device Detail to display detailed information about the selected device. The Member Selection List panel displays only physical FC ports. To verify whether you have any unzoned devices, you must use Brocade Network Advisor to analyze zone configurations.
9 Zoning management Any local zoning changes are buffered by the Zone Admin window until explicitly saved to the fabric. If the fabric zoning database is independently changed by another user or from another interface (for example, the CLI) while Web Tools zoning changes are still pending, the refresh icon starts to blink (after a 15–30 second polling delay).
9 Zoning management Selecting a zoning view You can define how zoning elements are displayed in the Zone Admin window. The zoning view you select determines how members are displayed in the Member Selection List panel (Figure 23). The views filter the fabric and device information displayed in the Member Selection List for the selected view, making it easier for you to create and modify zones, especially when creating “hard zones.
9 Zoning management The choices available in the Member Selection List depend on the selection in the View menu. 6. Click elements in the Member Selection List that you want to include in the alias. The right arrow becomes active. 7. Click the right arrow to add alias members. Selected members move to the Alias Members window. 8. Optional: Repeat steps 6 and 7 to add more elements to the alias. 9. Optional: Click Add Other to include a WWN or port that is not currently a part of the fabric. 10.
9 Zoning management 4. Enter a new alias name and click OK. The alias is renamed in the Zone Admin buffer. At this point, you can either save your changes or save and enable your changes. 5. Select Zoning Actions > Save Config to save the configuration changes. Deleting zone aliases You can remove a zone alias from the Zone Admin buffer. When a zone alias is deleted, it is no longer a member of the zones of which it was once a member.
9 Zoning management 6. Expand the Member Selection List to view the nested elements. The choices available in the list depend on the selection made in the View menu. 7. Select an element in the Member Selection List that you want to include in your zone. Note that LSAN zones should contain only port WWN members. The right arrow becomes active. 8. Click the right arrow to add the zone member. The selected member is moved to the Zone Members window. 9.
Zoning management 9 4. Click Rename. 5. In the Rename a Zone dialog box, enter a new zone name and click OK. The zone is renamed in the Zone Admin buffer. 6. Select Zoning Actions > Save Config to save the configuration changes. Cloning zones To perform clone operations for zoning, the EGM license must be installed on the switch; otherwise, access to this feature is denied and an error message displays.
9 Zone configuration and zoning database management Creating and populating enhanced traffic isolation zones An enhanced traffic isolation zone (TI zone) is a special zone that creates a dedicated path for a specific traffic flow. When an enhanced TI zone is activated, inter-switch traffic from a zone member is directed to E_Ports that are included in the TI zone. Traffic from outside the TI zone is excluded. A maximum of 255 TI zones can be configured.
9 Zone configuration and zoning database management Figure 24 displays a sample zoning database and the relationship between the zone aliases, zones, and zoning configuration. The database contains one zoning configuration, myconfig, which contains two zones: Zone A and Zone B. The database also contains four aliases, which are members of Zone A and Zone B. Zone A and Zone B also have additional members other than the aliases.
9 Zone configuration and zoning database management The new configuration displays in the Name list. 5. Expand the Member Selection List to view the nested elements. The choices available in the list depend on the selection made in the View menu. 6. Select an element in the Member Selection List that you want to include in your configuration. The right arrow becomes active. 7. Click the right arrow to add configuration members. Selected members are moved to the Config Members window. 8.
9 Zone configuration and zoning database management The configuration is renamed in the configuration database. 5. Select Zoning Actions > Save Config to save the configuration changes. Cloning zone configurations You must use Web Tools with the EGM license to perform cloning operations for zone configurations; otherwise, access to this feature is denied and an error message displays. To clone a zone configuration, perform the following steps. 1.
9 Zone configuration and zoning database management To enable the zone configuration, perform the following steps. 1. Open the Zone Admin window as described in “Opening the Zone Admin window” on page 118. 2. Select Zoning Actions > Enable Config. 3. On Enable Config, select the configuration to be enabled from the menu. 4. Click OK to save and enable the selected configuration.
Zone configuration and zoning database management 9 2. You can view the current zone configuration name (if one is enabled) in the lower portion of the Switch Events and Switch Information window. If no zone configuration is enabled, the field displays “No configuration in effect”. Viewing detailed information about the enabled zone configuration To view detailed information about the enabled zone configuration, perform the following steps. 1.
9 Zone configuration and zoning database management The Add WWN dialog box displays all the zoning elements that include the new WWNs. All of the elements are selected by default. 4. Click items in the list to select or unselect, and click Add to add the new WWN to all the selected zoning elements. The WWN is added to the Zone Admin buffer and can be used as a member. Removing a WWN from multiple aliases and zones Use this procedure if you want to remove a WWN from all or most zoning entities. 1.
Zone configuration and zoning database management 9 Searching for zone members You can search zone member selection lists for specified strings of text. If you know some identifying information about a possible member of a zoning entity, you can select the tab and view for that entity and then search through its member selection list using the Search for Zone Member option.
9 Best practices for zoning Zone configuration analysis You must use Brocade Network Advisor to analyze the following zone configurations: • • • • Add unzoned devices Remove offline or inaccessible devices Replace offline devices Define device alias Best practices for zoning The following are recommendations for using zoning: • Always zone using the highest Fabric OS-level switch.
Chapter 10 Working with Diagnostic Features In this chapter • Trace dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Displaying switch information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Defining Switch Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Port LED interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10 Trace dumps How a trace dump is used The generation of a trace dump causes a CRITICAL message to be logged to the system error log. When a trace dump is detected, issue the supportSave command on the affected switch. This command packages all error logs, the supportShow output, and trace dump, and moves these to your FTP server. You can also configure your switch to automatically copy trace dumps to your FTP server (refer to “Setting up automatic trace dump transfers”).
Displaying switch information 10 3. Select the Trace tab. 4. Select Enable in the Auto FTP Upload section to enable automatic uploading of the trace dump to the FTP host. 5. Click Apply. Disabling automatic trace uploads If automatic uploading of a trace dump is disabled, you must manually upload the trace dump or else the information is overwritten when a subsequent trace dump is generated. The switch must belong to your current Admin Domain before you can perform this task.
10 Displaying switch information Enter the text string in the box that displays on the table, as shown in Figure 25, and press Enter. This is an incremental search and allows 24 maximum characters including wildcards question mark (?) and asterisk (*). The first row containing the text string is highlighted. To find the next match, click the down arrow. To find the previous match, click the up arrow. If the text is not found in the table, the text turns red.
10 Displaying switch information To view the detailed fan status of a switch, perform the following steps. 1. Select a logical switch using the drop-down list under Fabric Tree section in the Switch Explorer window. The selected switch displays in the Switch View. The icon on the Fan button indicates the overall status of the fan. 2. Click the Fan button. The detailed fan status for the switch displays, as shown in Figure 26.
10 Displaying switch information 3. Click Power on the Switch View. The detailed power supply states are displayed (Figure 27). If you are using the Brocade 6510, the Type column displays either AC or DC. For all other hardware the value will be N/A. Checking the physical health of a switch The Status button displays the operational state of the switch. The icon on the button displays the real-time status of the switch.
Defining Switch Policy 10 NOTE The Port Detail Report and Switch Availability Monitor (SAM) reports display the details of only those ports which are members of the current Admin Domain context and the E_Ports of the switch. 4.
10 Port LED interpretation NOTE The options available in the dialog box may differ, depending on the options available on your switch, including CP, core blades, blades, and WWN. FIGURE 29 Switch Status Policy dialog box 3. Configure the numerical and percentage values to conform to your definition of a healthy switch. 4. Optional: Right-click a row in the table to access options to copy the values to your clipboard, or to export the values to a file. 5. Click OK.
Chapter 11 Using the FC-FC Routing Service In this chapter • Fibre Channel Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Supported switches for Fibre Channel Routing . . . . . . . . . . . . . . . . . . . . . . • Setting up FC-FC routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • FC-FC routing management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing EX_Ports . . . . . . . . . . . . . . . .
11 Supported switches for Fibre Channel Routing VEX_Port A virtual port that enables routing functionality through an FCIP tunnel. A VEX_Port is similar to an EX_Port.
11 FC-FC routing management FC-FC routing management You can perform Fibre Channel Routing operations using Web Tools, Web Tools with the EGM license, and Integrated Routing license. You can manage FC-FC Routing through the FC Routing module. The FC Routing module has tabbed panes that display EX_Ports, LSAN fabrics, LSAN zones, LSAN devices, and general FCR information. The FC Routing module provides a dynamic display.
11 Viewing EX_Ports Viewing and managing LSAN fabrics The LSAN Fabric tab displays all the LSAN fabrics visible to your switch, in both a tabular and tree form. (If FC-FC Routing is disabled, the table and tree nodes in this tab are empty and the tree displays only the backbone switch.) For more detailed information about a specific LSAN fabric, click a fabric name in the table and then click View Details in the task bar. You can also click the fabric name in the tree on the left side of the window.
Configuring an EX_Port 11 You can enable or disable multiple ports at one time. Use Shift-click and Ctrl-click to select multiple ports in the table, and then click one of the enable or disable tasks in the task bar. You can select multiple ports in the table, but you can select only one port at a time in the tree. Configuring an EX_Port To configure an EX_Port, perform the following steps. 1. Select Tasks > Manage > FCR. 2. Select the EX_Ports tab. 3.
11 Viewing LSAN zones Every link has a default cost. For an EX_Port 1 Gbps, 2 Gbps, 4 Gbps, 8 Gbps, 10 Gbps, and 16 Gbps links, the default cost is 1000. For a VEX_Port, the default cost is 10000. If the cost is set to 0, the default cost are be used for that link. To configure the FCR router port cost, perform the following steps. 1. Open the Switch View window. 2. Click FCR in the Manage section of the Tasks menu. 3. Click the EX_Ports tab. 4. Disable the EX_Port. 5. Click the Router Port Cost button.
Configuring the backbone fabric ID 11 NOTE When the Virtual Fabrics capability is enabled on the switch, Fabric ID cannot be set using the Set Fabric ID button. To configure the backbone fabric ID, perform the following steps. 1. Open the Switch View window. 2. Select FCR in the Manage section of the Tasks menu. 3. Select the EX-Ports tab. 4. Select all the EX_Ports in the table, and click Disable. 5. Select the General tab. 6. Click Set Fabric ID in the task bar.
11 152 Configuring the backbone fabric ID Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 12 Using the Access Gateway In this chapter • Access Gateway overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing Switch Explorer for Access Gateway mode. . . . . . . . . . . . . . . . . . . • Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Disabling Access Gateway mode . . . . . . . . . . . . . . .
12 Viewing Switch Explorer for Access Gateway mode Viewing Switch Explorer for Access Gateway mode The Switch Explorer for Access Gateway mode displays as shown in Figure 30.
Access Gateway mode 12 Access Gateway mode The Access Gateway feature on the Brocade Encryption switch and the Brocade 8000 enables interoperability with the Cisco fabrics. The Access Gateway mode of the switch presents standard F_Ports to the hosts, but it connects to the Enterprise fabric as N_Port (rather than as E_Port in case of a regular switch).
12 Disabling Access Gateway mode To enable Access Gateway mode, perform the following steps. 1. Select a switch. 2. Click Switch Admin in the Manage section under Tasks. The Switch Administration dialog box displays. 3. Click Disable in the Switch Status section. You can enable Access Gateway mode only after the switch is disabled. 4. Click Enable in the Access Gateway Mode section. 5. Click Apply. 6. Click Yes to restart the switch in Access Gateway mode.
Port configuration 12 3. Configure F_Port-to-N_Port mappings. You can set up primary and secondary mappings. The secondary mapping is the N_Port to which an F_Port is mapped when the primary N_Port mapping goes offline. 4. Configure WWN-N_Port mappings Creating port groups You can group a number of N_Ports (and its mapped F_Ports) together to connect to multiple independent fabrics or to create performance optimized ports.
12 Port configuration 3. On Port Group Configuration dialog box, select the group that you want to edit and then click Edit/View. The Edit/View Port Group window displays. 4. Edit the name of the port group in the Port Group Name field. 5. Select the Login Balancing check box and the Fabric Name Monitoring check box if you want to enable these features. Clear the check boxes to disable these features.
Port configuration 12 Defining custom primary F-N port mapping To manually change primary F-N port mappings, perform the following steps. 1. Click a port in the Switch View to open the Port Administration window. 2. Click the FC Ports tab. 3. Click Configure F_N Port Mappings. 4. Select the Primary Mappings subtab on the right side of the dialog. 5. In the Primary Mappings area, select ports and use the Add (right arrow) button to map F_Ports or U_Ports to N_Ports. 6.
12 Access Gateway policy modification 1. Open the Port Administration window. 2. Click the FC Ports tab. 3. Click Configure WWN-N Port Mappings. 4. In the Primary Mappings area, select a WWN from the left pane and a group or port from the right pane. 5. Click the Add (right arrow) button to map the WWN to the port or port group. 6. Optional: Expand the port in the right page and select the WWN and then use the Remove (left arrow) to remove the mapping. 7.
Access Gateway policy modification 12 Enabling the Automatic Port Configuration policy The Automatic Port Configuration (APC) policy is a global configuration policy for a switch in Access Gateway mode. By default, this policy is disabled. If you created an N_Port grouping and switching over to the automatic mode, those port groups are lost. After you enable the APC policy, you cannot define custom port type configurations, port mappings, Path Failover, and Failback settings.
12 Access Gateway limitations on the Brocade 8000 • Select F Port Auto Rebalancing check box to enable F_Port rebalancing. • Click Manual Balancing and a confirmation dialog box displays. Click Yes to change F Port-N Port Mapping or click No to cancel the changes. 7. Click Apply to apply the changes.
Chapter Administering Fabric Watch 13 In this chapter • Fabric Watch overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Fabric Watch overview Fabric Watch is an optional Brocade licensed feature that monitors the performance and status of switches. Fabric Watch can automatically alert you when problems arise, before they become costly failures. NOTE If you do not own the switch, Fabric Watch is view-only.
13 164 Fabric Watch overview Web Tools Adminstrator’s Guide 53-1002152-01
Chapter Administering Extended Fabrics 14 In this chapter • Extended link buffer allocation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 • Configuring a port for long distance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Extended link buffer allocation overview If the link is used over long distances, use the Extended Fabric tab of the Switch Administration window to configure the long-distance setting of a port.
14 Extended link buffer allocation overview • Actual Distance (km)—The actual distance for the link in kilometers. • Desired Distance (km)—Required for a port configured in LD or LS mode (Table 15 on page 167), the desired distance, in kilometers, for the link. For an LD-mode link, the desired distance is used as the upper limit of the link distance to calculate buffer availability for other ports in the same port group.
Configuring a port for long distance 14 The Brocade Encryption Switch and the FS8-18 Encryption blade support auto-negotiated link speeds of 1, 2, 4, and 8 Gbps. The GE ports are always locked at 1 Gbps. TABLE 15 Long-distance settings and license requirements Value Description Extended Fabrics License Required? L0 No long-distance setting is enabled. The maximum supported link distance is: • 10 kilometers at 1 Gbps • 5 kilometers at 2 Gbps • 2.
14 Configuring a port for long distance Depending on the distance selected, this might require a license. For information about the various distances, refer to Table 15. If you select a long-distance setting of LD or LS, you must also enter a value in the Desired Distance column for that port number: a. Double-click the Desired Distance field for the port, as shown in Figure 32. b. Enter a number in the field to indicate the distance in kilometers.
Chapter 15 Routing Traffic In this chapter • Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing fabric shortest path first routing. . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring dynamic load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Specifying frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring the link cost for a port. . . . . . . . .
15 Viewing fabric shortest path first routing Use the Routing tab of the Switch Administration window to view and modify routing information. Figure 33 on page 170 displays the Routing tab. FIGURE 33 Routing tab Viewing fabric shortest path first routing The Routing tab of the Switch Administration window displays information about routing paths. To view the fabric shortest path first routing, perform the following steps. 1.
Configuring dynamic load sharing 15 When the port-based policy is in force, you can enable DLS to optimize routing. When DLS is enabled, it shares traffic among multiple equivalent paths between switches. DLS recomputes load sharing either when a switch boots up or each time an E_Port or FX_Port goes online or offline. Enabling this feature allows a path to be discovered automatically by the FSPF path-selection protocol.
15 Specifying frame order delivery When the exchange-based routing policy is in effect, the Loss Less DLS radio buttons display on the Routing tab 4. Click Apply, and then click OK. Specifying frame order delivery In a stable fabric, frames are always delivered in order, even when the traffic between switches is shared among multiple paths.
Configuring the link cost for a port 15 3. This step is switch-specific: - For the Brocade DCX and DCX-4S enterprise-class platforms, click the slot number of the logical switch under Link Cost in the navigation tree. - For Brocade 300, 5100, 5300, and the Encryption Switch, click Link Cost in the navigation tree. 4. Double-click in the row in the Cost column that corresponds to the appropriate port. 5. Enter the link cost. Valid values for link cost are from 1 through 65534.
15 174 Configuring the link cost for a port Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 16 Configuring Standard Security Features In this chapter • User-defined accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • User-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access control list policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Fabric-Wide Consistency Policy configuration . . . . . . . . . . . . . . . . . . . . . . .
16 User-defined accounts Access rights for any user session are determined by the user’s role-based access rights. Refer to Chapter 1, “Introducing Web Tools” for additional information about Role-Based Access Control (RBAC). The User tab of the Switch Administration window (Figure 34 on page 177) displays account information. You can create and manage accounts depending on your role. The roles and permissions are listed in Table 16.
User-defined accounts 16 NOTE The User tab displays and changes information in the switch database. If you have RADIUS configured, note that this tab displays the logged-in RADIUS account information but does not allow the user to modify the RADIUS host server database. FIGURE 34 User tab Viewing user account information To view user account information, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2.
16 User-defined accounts The Add User Account dialog box displays. For switches that support Virtual Fabrics, refer to Figure 35. For switches that support Administrative Domains (AD), refer to Figure 36.
16 User-defined accounts 4. Enter the user name. The user name must begin with an alphabetic character. The name can be up to 40 characters long. It is case-sensitive and can contain alphabetic and numeric characters, the dot (.) and the underscore (_). It must be different from all other account names on the logical switch. 5. Select a role from the drop-down menu. For VF-enabled switches, the selection is done per logical fabric ID.
16 User-defined accounts Deleting user-defined accounts To delete user-defined accounts, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the User tab. 3. Select the account to remove and click Remove. 4. Click Apply to save your changes. You cannot delete the default accounts. An account cannot delete itself. All active command line interface (CLI) sessions for the deleted account are logged out.
User-defined accounts 16 8. Check the available Admin Domains that the user can access. Only Admin Domains that have already been created and are accessible to you display. If all the Admin Domains in the list are inactive then you cannot log in to the switch. NOTE The All option does not mean all of the listed Admin Domains; it means all Admin Domains from AD0 through AD255, regardless of whether they were already created.
16 User-defined accounts 3. Select the account to modify. If you are logged in as a switchadmin, you can only change the password of your own account. 4. Click Change Password. The Set User Account Password dialog box displays. 5. Enter the current password of the account. This step is required only if you are changing the password of your own or a peer admin account. 6. Enter the new password of the account. The new password must have at least one character different from the old password. 7.
User-defined roles 16 Setting a password as expired To set a password as expired, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the User tab. 3. Select the account. 4. Click Expire Password. If the button is unavailable, the password is already expired. 5. Click Apply to save your changes. Unlocking a password To unlock a password, perform the following steps. 1.
16 User-defined roles Guidelines and restrictions Follow these guidelines and restrictions when creating and configuring user-defined roles: • In order for the user-defined role to be able to edit the Port Admin and FCR configuration, you must assign the RBAC_SwitchPortManagement and RBAC_SwitchPortConfiguration RBAC classes to the role. • In order for the user-defined role to be able to set the Fabric ID, you must assign the RBAC_FabricRouting and RBAC_SwitchConfiguration RBAC classes to the role.
User-defined roles 16 The Switch Admin:Add User Defined Role dialog displays. FIGURE 37 Switch Admin:Add User Defined Role dialog 5. Enter a role name in the Name field. 6. Enter a description of the role in the Description field. 7. To grant the role a read/write privilege, select the privilege and click the right-arrow next to the Read & Write Privileges section. You can select multiple privileges. 8.
16 Access control list policy configuration 5. Click the Edit button. The Switch Admin:Edit User Defined Role dialog displays. FIGURE 38 Switch Admin:Add User Defined Role dialog 6. To grant the role a read/write privilege, select the privilege and click the right-arrow next to the Read & Write Privileges section. You can select multiple privileges. 7. To grant the role a read privilege, select the privilege and click the right-arrow next to the Read Privileges section.
Access control list policy configuration 16 Virtual Fabrics considerations ACL policies can be implemented at the logical switch/logical fabric level. Admin Domain considerations ACL management can be done on AD255 and in AD0 only if there are no other user-defined Admin Domains. Both AD0 (when no other user-defined Admin Domains exist) and AD255 provide an unfiltered view of the fabric. If there are user defined Admin Domains, then ACL management can be done on AD255 only.
16 Access control list policy configuration 3. Select the Security Policies tab. 4. Select a policy by clicking on the appropriate tab. 5. Click Edit. This launches the ACL Policy Configuration wizard. 6. Select the policy type you want to edit. 7. Click Next and click Modify. 8. Select a switch or highlight multiple switches to add to the policy by clicking Add or Add All. 9. Select a switch or highlight multiple switches to remove a policy by clicking Remove. 10.
Access control list policy configuration 16 NOTE SCC and DCC policy can be distributed only for a primary switch. To distribute an SCC, DCC, or FCS policy, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the Security Policies tab. 3. Select the appropriate tab (SCC, DCC, or FCS). 4. Click Distribute Policy. 5. Select the switches that will receive the policy. 6. Select OK.
16 Fabric-Wide Consistency Policy configuration When the ADS policy is enabled first time, all the F_Ports are set to All Access and all the devices are allowed to login into fabric. This configuration persists for subsequent logins from all devices. Existing devices that are already logged into the fabric are not affected. When the ADS policy is disabled, all the allowed lists are cleared and all the devices are allowed to login into the fabric. To configure ADS policy, perform the following steps. 1.
16 Authentication policy configuration NOTE You can change the consistency behaviors of SCC, DCC, or FCS policy only for a primary switch. 5. Click Apply. 6. Click Yes to accept the changes. NOTE If the switch is not a primary switch, an error message dialog box displays. 7. Click No to discard the changes and click Refresh in the FWCP Configuration window to manually refresh the window. 8. Click Close.
16 Authentication policy configuration Configuring authentication policies for F_Ports To configure authentication policies for F_Ports, perform the following steps. 1. Open the Switch Administration window and click Show Advanced Mode, if not selected. 2. Select the Security Policies tab. 3. Select Authentication on the Security Policies menu. 4. In the Authentication Type field, select DHCHAP. NOTE You must select DHCHAP when you are configuring authentication for an F_Port. 5.
16 Authentication policy configuration Setting a shared secret key pair DH-CHAP requires a shared secret key pair between two entities to authenticate with each other. A key pair consists of a local secret and a peer secret. The local secret identifies the local switch. The peer secret identifies the entity to which the local switch may authenticate. To set a shared secret key pair, perform the following steps. 1.
16 SNMP configuration 4. Use the Switch Policy Authentication Mode option to select the authentication policy. SNMP configuration This section describes how to manage the configuration of the SNMP agent in the switch. The configuration includes SNMPv1 and SNMPv3 configuration, accessControl, and systemGroup configuration parameters. Access is read-only if you do not have admin or security admin authority. For more information, refer to the snmpConfig command in the Fabric OS Command Reference.
SNMP configuration 16 3. Double-click a community string in the SNMPv1 section and enter a new community string. 4. Double-click a recipient IP address in the SNMPv1 section and enter a new IP address. 5. Click Apply. Setting SNMPv3 configuration parameters NOTE The port number is not included. To set SNMPv3 configuration parameters, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the SNMP tab. 3.
16 RADIUS management 4. Select a permission for the host from the Access Control List menu. Options are Read Only and Read Write. 5. Click Apply. RADIUS management Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS client. In this configuration, authentication records are stored in the RADIUS host server database.
16 RADIUS management NOTE To disable RADIUS, select Switch Database from the Primary AAA Service menu and select None from the Secondary AAA Service menu. 5. Click Apply. Configuring RADIUS The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and it is replicated on a standby CP, if one is present. It is saved in a configuration upload, and can be applied to other switches in a configuration download.
16 RADIUS management 4. Click Modify. The RADIUS/ADLDAP Configuration dialog box displays. 5. Enter new values for the port number, timeout time (in minutes), and secret string. 6. Select either CHAP or PAP as the authentication protocol. The default value is CHAP, and if you do not change it, CHAP becomes the authentication protocol. 7. Click OK to return to the AAA Service tab. 8. Click Apply.
16 Active Directory service management Active Directory service management Active Directory is the directory server that holds all the user profiles. Active Directory provides user authentication and authorization using LDAP as authentication protocol. Active Directory provides better security while using remote authentication mechanism. You can add, remove, and modify settings of Active Directory Server.
16 IPsec concepts Removing Active Directory service To remove a RADIUS server, perform the following steps. 1. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 2. Select the AAA Service tab. 3. Select a server from the ADLDAP Configuration list. 4. Click Remove. NOTE The server is not deleted until you apply the changes from the AAA Services tab. 5. Click Apply in the AAA Services tab.
IPsec concepts TABLE 17 16 Relevant RFCs (Continued) RFC number Title RFC 4309 Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) RFC 4306 Internet Key Exchange Version 2 (IKEv2) Protocol RF C4307 Cryptographic Algorithms for Internet Key Exchange Version 2 (IKEv2) RFC 3971 Secure Neighbor Discovery RFC 3972 Cryptographically Generated Addresses RFC 3041 Privacy Extensions for Stateless Address Auto configuration in IPv6 Transport mode and tun
16 IPsec concepts Authentication Header AH can be used to authenticate a data stream, but does not provide encryption needed for privacy. The AH contains a message authentication code (MAC). The MAC is created by a hash algorithm calculation. The MAC is transmitted in an IP datagram. The same hash algorithm is then used by the receiver to verify the integrity of the packet. AH can be used in either transport mode or tunnel mode, as shown in Figure 40.
IPsec concepts 16 • Endpoint to Gateway Endpoint to Endpoint In an endpoint to endpoint configuration, both endpoints implement IPsec. Transport mode is commonly used in endpoint to endpoint configurations, and only a single pair of addresses is used. Typically, this kind of configuration would be used for direct communication between hosts. There are two drawbacks to consider: • If network address translation (NAT) is used on the connection, one or both endpoints may be behind a NAT node.
16 IPsec concepts Encryption algorithms An encryption algorithm is used to encrypt messages used in the IKE negotiation. Table 18 lists the available encryption algorithms. A brief description is provided. If you need further information, please refer to the RFC. TABLE 18 Encryption algorithm options Encryption algorithm Description RFC number 3des_cbc 3DES processes each block three times, using a unique 56-bit key each time. RFC 2451 null_enc No encryption is performed.
IPsec over FCIP 16 For example, if a 200 MB file is transferred with a 100 MB lifetime, at least two keys are generated. If a communication takes one hour, and you specify a lifetime of 300 seconds (five minutes), more than 12 keys may be generated to complete the communication. The SA lifetime limits the length of time a key is used before it is replaced by a new key, thus limiting the amount of time a given key is available to a potential attacker.
16 IPsec over FCIP • • • • • Create a security association (SA). Create an SA proposal. Add an IPsec Transform policy, referencing the IKE policy and the SA proposal. Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow. Enable the policy. FCIP Compression The FCIP tunnel compression mode allows IP packets to be compressed over the FCIP. The modes available are None, Moderate, and Auto. FCIP tunnel configuration is available in Brocade Network Advisor.
16 IPsec over management ports 8. Set a Security Association Lifetime (in seconds). The Security Association Lifetime is a time value in seconds. When this timer expires, the security association (SA) is rekeyed. This limits the amount of time a given key is available to a potential attacker. 9. Click OK. Establishing an IPsec policy for an FCIP tunnel To establish an IPsec policy for an FCIP tunnel, perform the following steps. 1. Select the IPsec tab. The IPsec Policies window displays. 2.
16 IPsec over management ports Enabling the Ethernet IPsec policies To access the Ethernet IPsec Policies dialog box, perform the following steps. 1. Open the Switch Administration window. 2. Select Show Advanced Mode. 3. Select the Security Policies tab. 4. Under Security Policies, select Ethernet IPsec. The Ethernet IPsec Policies screen displays. 5. Ethernet IPsec policies can be configured only after enabling IPsec by clicking the Enable button below the Ethernet IPsec policies table.
IPsec over management ports 16 Creating a security association A security association (SA) describes a set of parameters for providing secure communications between two endpoints. To create a security association, perform the following steps. 1. Select the IPsec tab. The IPsec Policies screen displays. 2. Select the SA tab. 3. Select Add. The Add SA dialog box displays. 4. Enter a name for the SA in the SA Name field. 5. Select the IPsec Protocol. option.
16 IPsec over management ports 5. Optionally, define SA lifetime parameters. The SA lifetime may be defined as a time value in seconds (LifeTime in seconds), as the number of bytes transmitted before the SA is rekeyed (LifeTime in bytes), or both. When both are used, the SA lifetime is determined by the threshold that is first reached. 6. Click OK. Adding an IPsec transform policy The IPsec transform policy is the combination of protocols and algorithms applied to a flow of IP packets.
IPsec over management ports 16 2. Select Add. The Add Selector dialog box displays. 3. Enter a name in the Selector Name field. 4. Select the Traffic Flow Direction (in or out). IPsec policies are unidirectional, and must be applied separately to inbound and outbound flows. 5. Enter the IP address of the sender in the Source IP Address field. 6. Enter the IP address of the receiver in the Peer IP Address field. 7. Enter the Transform Name value. 8.
16 IPsec over management ports 9. Select the IPsec Protocol. The choices are ah (for authentication header) and esp (for encapsulated security protocol). 10. Select the IPsec Protection Type option. 11. Select the Authentication Algorithm option. 12. Enter or copy a generated encryption key in the Encryption Key field. 13. Select the Encryption Algorithm. 14. Enter or copy a generated authentication key in the Authentication Key field. 15. Optional: Enter a local and peer tunnel IP address. 16. Click OK.
Establishing authentication policies for HBAs 16 Establishing authentication policies for HBAs To establish and enable authentication policies for HBAs as the log in to a fabric, perform the following steps. 1. Open the Switch Administration window. 2. Click Show Advanced Mode. 3. Select the Security Policies tab. 4. Select Authentication under Security Policies. The Authentication Policy Settings screen displays. 5. Under Configure Authentication Policy, do the following.
16 214 Establishing authentication policies for HBAs Web Tools Adminstrator’s Guide 53-1002152-01
Chapter 17 Administering FICON CUP Fabrics In this chapter • FICON CUP fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling or disabling FICON Management Server mode . . . . . . . . . . . . . . • FMS parameter configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Displaying code page information . . . . . . . . . . . . .
17 Enabling port-based routing • Install a FICON CUP license on the Brocade switch. • Configure CUP attributes (FMS parameters) for the FICON director. FMS mode enable failed due to ports with areas 0xFE or 0xFF are connected to devices. You can use Web Tools for all of these tasks.
Enabling or disabling FICON Management Server mode 17 Enabling or disabling FICON Management Server mode FICON Management Server (FMS) is used to support switch management using CUP. To be able to use the CUP functionality, all switches in the fabric must have FICON Management Server mode (FMS mode) enabled. FMS mode is a per-switch setting. After FMS mode is enabled, you can activate a CUP license without restarting the director. You can use Web Tools to install a CUP license.
17 FMS parameter configuration FMS parameter configuration FMS parameters control the behavior of the switch with respect to CUP itself, as well as the behavior of other management interfaces (director console, Alternate Managers). You can configure FMS parameters for a switch only after FMS mode is enabled on the switch. All FMS parameter settings are persistent across switch power cycles. There are six FMS parameters, as described in Table 20.
17 Displaying code page information Configuring FMS mode parameters To configure FMS mode parameters, perform the following steps. 1. Select a FICON-enabled switch from the Fabric Tree. 2. Open the Switch Administration window as described in “Opening the Switch Administration window” on page 33. 3. Select the FICON CUP tab. The FICON CUP page displays the FICON Management Server page. All attributes on this page are read-only until FMS mode is enabled. 4.
17 Allow / Prohibit Matrix configuration Device allegiance usually lasts for a very short time. However, under abnormal conditions, device allegiance can get “stuck” and fail to terminate. It might cause the switch to be unmanageable with CUP, and you will continue to receive the FICON CUP Busy Error. In this case, you should check the control device state and the last update time to identify if the device allegiance is stuck.
17 Allow / Prohibit Matrix configuration When initially installed, a switch allows any port to dynamically communicate with any other port. Two connectivity attributes are defined to restrict this any-to-any capability for external ports: Block and Prohibit. Block is a port connectivity attribute that prevents all communication through a port. Prohibit is the port connectivity attribute that prohibits or allows dynamic communication between ports when a port is not blocked.
17 Allow / Prohibit Matrix configuration To create a new Allow / Prohibit Matrix configuration or to edit an existing configuration, perform the following steps. 1. Display the Allow / Prohibit Matrix configuration list. 2. You can either create a new configuration or edit an existing configuration: • To create a new configuration, click New. The Allow / Prohibit Matrix Configuration dialog box displays all ports and port names on the selected switch (similar to the dialog box shown in Figure 43).
17 Allow / Prohibit Matrix configuration FIGURE 43 Allow / Prohibit Matrix Configuration dialog box Activating an Allow / Prohibit Matrix configuration When you activate a saved Allow / Prohibit Matrix configuration on the switch, the preceding configuration (currently activated) is overwritten. To activate an Allow / Prohibit Matrix configuration, perform the following steps. 1. Open theAllow / Prohibit Matrix configuration list. 2. Select the saved configuration from the list. 3. Click Activate.
17 CUP logical path configuration 3. Click Copy. The Allow / Prohibit Matrix Configuration dialog box displays. 4. In the dialog box, enter a name and description for the new configuration and click OK to save the configuration to the target file; click Cancel to cancel copying the configuration. The file name must be in alphanumeric characters and can contain only dashes or underscores as special characters.
Link Incident Registered Recipient configuration 17 The FICON CUP page displays the FICON Management Server page in front. All attributes on this page are read-only until FMS mode is enabled. 5. Click the CUP Logical paths subtab. 6. Select a logical path and click Set Current. Link Incident Registered Recipient configuration The Link Incident Registered Recipient (LIRR) receives Link Incident Reports (RLIR) on the source N_Port. The LIRR database is stored on the switch.
17 Displaying Request Node Identification Data Displaying Request Node Identification Data Web Tools displays Request Node Identification Data (RNID) information for the local switch, and for attached FICON devices and FICON channel paths. RNID information for the switch displays in the Switch Information tab (Figure 44). FIGURE 44 Switch RNID information RNID information for attached FICON devices and channel paths displays on the Name Server view.
Chapter 18 Configuring FCoE with Web Tools In this chapter • Web Tools and FCoE overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Web Tools, the EGM license, and Brocade Network Advisor . . . . . . . . . . . • Switch administration and FCoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • FC0E configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Quality of Service configuration . . . . . . . . . . . . . . . .
18 Web Tools and FCoE overview Web Tools and FCoE overview Brocade Web Tools is an embedded graphical user interface (GUI) that enables administrators to monitor and manage single or small fabrics, switches, and ports. Web Tools is launched directly from a web browser, or from Brocade Network Advisor. NOTE For complete information on Web Tools, refer to the Web Tools Administrator’s Guide. This chapter only discusses Web Tools and FCoE configuration.
18 Switch administration and FCoE • L2 Mode—The values are Access, Trunk, or Converged. Access mode allows only one VLAN association, and allows only untagged frames. Trunk mode allows more than one VLAN association, and allows tagged frames. Converged mode interface can be native (untagged or access) in one VLAN and it could be non-native (trunk or tagged) type in more than one VLAN. • DCB Map—The name of a DCB map that was created and associated with the port.
18 Quality of Service configuration • Link Aggregation Group (LAG) configuration (mandatory)—Ports must be configured before they can be placed into a LAG. The parameters applied to the LAG reflects on each port that is member of the LAG. • VLAN configuration (optional)—Port and LAG names are referenced in VLAN configuration, and must be defined before you can successfully complete a VLAN configuration.
18 LLDP-DCBX configuration An entry is added to the Priority Group table. NOTE When you add an entry, a PGID is automatically assigned. The PGID is an integer from 0 to 7. The first added entry is given a PGID of 0, and the PGID increments by one for each additional added entry until a PGID of 7 is reached. 7. Edit the Bandwidth entry to indicate the desired percentage of total bandwidth. 8. Change the Priority Flow Control Status to Enabled to enable PFC for the entry. 9. Click OK.
18 LLDP-DCBX configuration Configuring global LLDP characteristics Configuring at the global level enables you to apply changes to every port. To configure the global LLDP characteristics, perform the following steps. 1. Select the DCB tab on the Switch Administration panel. 2. Select the LLDP-DCBX tab. 3. Select the Global tab. 4. Select the LLDP check box to enable LLDP globally. You can clear the check box to disable LLDP. 5. Enter a name for the configuration in the System Name field. 6.
LLDP-DCBX configuration 18 • Advertise Optional-tlv—Advertises the following optional TLVs: - system-description—Describes switch or blade characteristics. - port-description—Describes the configured port. - system-name—Specifies the system name. - system-capabilities—Describes the system capabilities. - management-address—The IP address of the management port on the 8000 switch. • Advertise dot1-tlv—Select this check box to advertise to any attached device to send IEEE 802.
18 Configuring DCB interfaces The range is 2 to 10. The default is the global configuration range. The multiplier is related to the Hello time interval. Using the defaults, you wait four times (the multiplier value) at 30 second intervals (the hello value) before giving up on the interface. 10. Select the parameters you want to exchange. Note that the term TLV indicates packaging of parameters into a Brocade-specific Type/Length/Value (TLV).
Configuring a link aggregation group 18 6. Select the L2 Mode. The choices are Access, Trunk, and Converged. The default is Access. The L2 mode setting determines operation within a VLAN: • Access mode allows only one VLAN association, and all frames are untagged. • Trunk mode allows more that one VLAN association, and tagged frames are allowed. • Converged mode interface can be Native (untagged or access) in one VLAN and it could be non-native (trunk or tagged) type in another VLAN. 7.
18 Configuring VLANs The choices are Static and Dynamic. Static mode does not use Link Aggregation Control Protocol (LACP) to negotiate and manage link aggregation. Link participation in the LAG is determined by the link’s operational status and administrative state. Dynamic mode uses LACP. LACP allows partner systems to examine the attributes of the links that connect them and dynamically form a LAG.
Configuring FCoE login groups 18 NOTE If you want to modify any converged interface as either native or non-native, you must first remove that particular member from that VLAN and then re-add it to the same VLAN. 6. Under the Selection List, click the plus sign (+) next to the Interface and LAG folders, and select individual interfaces and LAGs you want to associate with the VLAN ID. 7. Click Add to move the interfaces or LAGs to the Selected List.
18 Displaying FCoE port information • If you select Allow Specific Member, you can control which devices can log in, using Member Type, Member PWWN/MAC, and the Add and Remove buttons, as described below. a. Select Model2 as Member Type. a. Enter the port WWN in hexadecimal format in the Member PWWN/MAC field, and click Add. The WWN displays under Allowed Login Members. If you decide a member should not be on the list, highlight the entry and click Remove. 7. Click OK.
Displaying LAG information 18 • Connected Peer Type displays the port type on the connected device. • Is Directly Connected indicates whether or not the device is directly connected to the trunk. • FCoE Port MAC displays the FCoE port MAC address. • Switch Port displays the switch port WWN. Displaying LAG information To display LAG information, perform the following steps. 1. Select the DCB tab on the Switch Administration panel. 2. Select the Link Aggregation tab. The LAG information displays.
18 Displaying LLDP-DCBX information Displaying LLDP-DCBX information To display LLDP-DCBX information, perform the following steps. 1. Select the DCB tab on the Switch Administration panel. 2. Select the LLDP-DCBX tab. • To display global settings, select the Global tab. • To display LLDP profile information, select the LLDP Profile tab.
Configuring a DCB interface from the Port Admin panel 18 Configuring a DCB interface from the Port Admin panel DCB interfaces can be enabled and disabled from the Port Administration panel. To enable or disable a DCB interface from the Port Administration panel, perform the following steps. 1. Select the DCB Interfaces tab on the Port Administration panel. 2. Under the DCB Interface Explorer, select the port you want to enable or disable. 3. Select the General tab. This tab is normally pre-selected.
18 Enabling and disabling QoS priority-based flow control Enabling and disabling QoS priority-based flow control Priority-based flow control (PFC) can be used to control network congestion. PFC can be used to selectively pause lower priority traffic classes to ensure that high priority and delay-sensitive traffic are not affected by network congestion.
Chapter 19 Limitations In this chapter • General Web Tools limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 General Web Tools limitations Table 21 lists general Web Tools limitations that apply to all browsers and switch platforms. TABLE 21 Web Tools limitations Area Details Blade Failure If a blade fails on the switch, the Web Tools interface can still display slot and ports as healthy.
19 General Web Tools limitations TABLE 21 Web Tools limitations (Continued) Area Details Firmware download There are multiple phases to firmware download and activation. When Web Tools reports that firmware download completed successfully, this indicates that a basic sanity check, package retrieval, package unloading, and verification was successful. Web Tools forces a full package install. A restart is required to activate the newly downloaded firmware.
General Web Tools limitations TABLE 21 19 Web Tools limitations (Continued) Area Details Loss of Connection Occasionally, you might see the following message when you try to retrieve data from the switch or send a request to the switch: Switch Status Checking The switch is not currently accessible. The dialog box title may vary, because it indicates which module is having the problem. This is caused by the loss of HTTP connection with the switch, due to a variety of possible problems.
19 General Web Tools limitations TABLE 21 246 Web Tools limitations (Continued) Area Details Refresh option in browsers If you change the switch name using the Web Tools Switch Administration page or SNMP and then open a Telnet window to verify the name change, the CLI prompt (for example, switch:admin >) displays the previous name. The Telnet prompt cannot pick up the new switch name until the switch is fastbooted.
Index Numerics 2 domain/4 domain fabric licenses, 9 7800 switch, 84, 85 A Access Control List. Refer to ACL access control. Refer to RBAC.
configuration Access Gateway mode, 153 upload, 155 configuration file Admin Domain considerations, 59 backing up, 57 restoring, 58 configuring Allow / Prohibit Matrix, 220 arbitrated loop parameters, 42 backbone fabric ID, 150 default heap size, 8 EX_Ports, 148 fabric parameters, 41 FAN frame notification parameters, 42 FC ports, 79 FCR router cost, 149 FICON Management Server parameters, 218 IOD frames delivery, 172 Java Plug-in, 8 link cost, 172 long-distance settings, 167 port speed, 79 port type, 79 por
edge fabrics, 145 EGM licensed features FICON CUP, 215 Performance Monitoring, 18 enabled zone configuration, displaying, 132 enabling Access Gateway mode, 155 automatic trace dump transfer, 138 beaconing, 53 blades, 35 DLS, 170 FICON Management Server mode, 217 insistent domain ID mode, 41 ports, 84 Ports on Demand, 86 RADIUS, 196 RLS probing, 43 switch, 37 trunking mode, 99 zone configurations, 131 ending sessions, 12 events displaying, 49 filtering, 50 severity levels, 48 EX_Ports, configuring, 148 excha
in-order delivery. Refer to IOD insistent domain ID mode about, 41 enabling, 41 installing Java Plug-in, 6, 7 JRE, 7 JRE patches on Solaris, 7 Solaris patches, 7 Internet Explorer 7.
per-frame routing priority, 41 persistently disable a port, 85 platforms, supported, 5 polling rates, 28 port membership in Admin Domains, 76 port menu, 27 port names, assigning, 82 port speed, configuring, 79 port swapping, 91 port type, configuring, 79 port-based routing, 169 ports buffer-limited, 165 configuring, 75 disabling, 84, 85 enabling, 84 LEDs, 144 long distance parameter, 167 naming, 82 Ports on Demand, enabling, 86 power supply status, 141, 142 preferences persist, 19 printing effective zone co
swapping port index IDs, 91 switch 7800, 84, 85 changing the name of, 38 enabling and disabling, 37 mouse over information, 26 rebooting, 39 Switch Administration window, 31 opening, 33 Switch Events and Switch Information, 25 switch events, displaying, 49 Switch Explorer, Admin Domains, 21 switch name, changing, 38 switch report, 38 switch status report, 142 Switch View, 23 Switch View buttons, 23 syslog IP address configuring, 34 removing, 34 system services, configuring, 43 T Telnet, 29 temperature stat
zones about, 117 adding WWNs, 133 best practices, 136 creating, 125 deleting, 127 description, 125 LSAN, 150 modifying, 126 removing WWNs, 134 renaming, 126 replacing WWNs, 134 selecting a view, 123 zoning all access, 119 default zoning, 119 no access, 119 zoning database clearing, 135 maximum size, 122, 131 zoning views, 123 zoning, disabling, 132 zoning, saving changes, 68, 122 Web Tools Adminstrator’s Guide 53-1002152-01 253
254 Web Tools Adminstrator’s Guide 53-1002152-01