53-1000605-01 19 Oct 2007 Access Gateway Administrator’s Guide Supporting Fabric OS v6.0.
Copyright © 2006-2007 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the Brocade B-weave logo, Fabric OS, File Lifecycle Manager, MyView, SilkWorm, and StorageX are registered trademarks and the Brocade B-wing symbol, SAN Health, and Tapestry are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. FICON is a registered trademark of IBM Corporation in the U.S. and other countries.
Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . vi What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Using the CLI to enable Access Gateway mode . . . . . . . . . . . . . 16 Chapter 3 Disabling Access Gateway Mode In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Backing up the Switch Configuration . . . . . . . . . . . . . . . . . . . . .
About This Document This document is a procedural guide to help SAN administrators configure and manage Brocade Access Gateway. This preface contains the following sections: • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Supported hardware and software In those instances in which procedures or parts of procedures documented here apply to some switches but not to others, this guide identifies exactly which switches are supported and which are not. Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for 6.0.0, documenting all possible configurations and scenarios is beyond the scope of this document.
Text formatting The narrative-text formatting conventions that are used in this document are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies paths and Internet addresses Identifies document titles code text Identifies CLI output Identifies syntax examples For readability, command names in the narrative portions of
For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. The following terms are used in this manual to describe Access Gateway mode and its components. Access Gateway (AG) Fabric OS mode for embedded switches that reduces SAN (storage area network) deployment complexity by leveraging NPIV (N_Port ID virtualization). E_Port An ISL (Interswitch link) port. A switch port that connects switches together to form a fabric.
Release notes are available on the Brocade Connect Web site and are also bundled with the Fabric OS firmware. Other industry resources • White papers, online demos, and data sheets are available through the Brocade Web site at http://www.brocade.com/products/software.jhtml. • Best practice guides, white papers, data sheets, and other documentation is available through the Brocade Partner Web site. For additional resource information, visit the Technical Committee T11 Web site.
: *FT00X0054E9* FT00X0054E9 The serial number label is located as follows: • Brocade 200E—On the nonport side of the chassis • Brocade 4100, 4900, and 7500—On the switch ID pull-out tab located inside the chassis on the port side on the left • Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the switch • Brocade 7600—On the bottom of the chassis • Brocade 48000—Inside the chassis next to the power supply bays • Brocade DCX—On the bottom right on the port side of the c
Chapter 1 Introduction to the Brocade Access Gateway This chapter describes the functions of Brocade Access Gateway. The Brocade 200E switch and the Brocade 4012, 4016, 4018, 4020, and 4024 embedded switches running Fabric OS 6.0.0 or higher support Access Gateway (AG). In this chapter • Overview of Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Overview of Brocade Access Gateway FIGURE 1 Access Gateway and fabric switch comparison The differences between the fabric switch (Fabric OS native mode) and Brocade Access Gateway are as follows: • The Fabric OS switch is a part of the fabric; it requires two to four times as many physical ports, consumes fabric resources, and can connect to a Brocade-based fabric only.
Access Gateway port types 1 Access Gateway port types Brocade Access Gateway differs from a typical fabric switch because it connects to the fabric using node ports (N_Ports). Typically fabric switches connect to the enterprise fabric using ISL (InterSwitch Link) ports, such as an E_Port. The following defines the Fibre Channel (FC) port terms used in this manual: • F_Port, fabric port. A switch port that connects a host, HBA, or storage device to the SAN. • N_Port, node port.
1 Port mapping NOTE The two devices in Figure 2 on page 3 are the same. One switch is in default standard mode and the other switch is in AG mode. Table 1 compares port configuration with Access Gateway to a typical fabric switch. TABLE 1 Port Configurations Port Type Access Gateway Fabric switch F_Port Yes Connects hosts to Brocade Access Gateway. Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Port Yes Connects Access Gateway to a fabric switch.
Port mapping 1 Figure 3 shows a mapping with eight F_Ports evenly mapped to four N_Ports on Brocade Access Gateway. The N_Ports connect to the same fabric through different edge switches. This example is also explains mapping, failover, and failback polices.
1 Failover and Failback policies Failover and Failback policies When a port is configured as an N_Port, the Failover policy is enabled by default. If a primary N_Port goes offline because a cable is removed or any other offline event, the F_Ports that are mapped to the N_Port are disabled. If a Preferred Secondary N_Port is set for any of the F_Ports, and if those N_Ports are online, these F_Ports will be failed over to their respective Preferred Secondary N_Port, and then re-enabled.
Access Gateway policies 1 a. The host sends a FLOGI (fabric login) request. b. Access Gateway converts the FLOGI request into an FDISC request to the fabric with the same parameters as the host. c. The fabric processes the request and sends an FDISC response. d. Access Gateway converts the FDISC ACC response to the host as an FLOGI ACC using the same parameters as the fabric. e. The host receives the response from the fabric.
1 Access Gateway policies 3. If the N_Port Failover policy is enabled, and a Preferred Secondary N_Port is specified for the F_Port and that N_Port is online, the F-Port fails over to respective Preferred Secondary N_Port, and then re-enables. NOTE The Preferred Secondary N_Port is defined per F_Port. For example, if two F_Ports are mapped to a primary N_Port1, you can define a secondary N_Port for one of those F_Ports and not define a secondary N_Port for the other F_Port.
1 Access Gateway policies Example 1 Hosts Host_1 Example 2 Hosts Access Gateway Fabric F_1 Host_1 Access Gateway Fabric F_1 Edge Switch (Switch_A) Host_2 F_2 F_A1 N_1 Host_3 Edge Switch (Switch_A) Host_2 F_A2 Host_4 NPIV enabled F_3 F_A2 N_2 NPIV enabled Host_4 F_4 F_A1 N_1 Host_3 F_3 N_2 F_2 NPIV enabled NPIV enabled F_4 Edge Switch (Switch_B) Host_5 F_B1 F_5 N_3 Host_6 F_6 Host_5 F_B1 F_5 N_3 NPIV enabled F_B2 N_4 Edge Switch (Switch_B) Host_6 NPIV enabled F_6 F_B2
1 Access Gateway policies In Example 3, the ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4 were originally mapped to N_2 are disabled and rerouted to N_2, and then enabled.
Access Gateway policies FIGURE 7 1 pg0 default setup Figure 8 demonstrates that if you created port groups then, when an N_Port goes offline, the F_Ports being routed through that port fails over to any of the N_Ports that are part of that port group and are currently active. For example, if N_Port4 goes offline then F_Ports7 and 8 is routed through to N_Port 3 as long as N_Port 3 is online because both N_Ports3 and 4 belong to the same port group PG2.
1 Access Gateway policies ATTENTION If N_Ports connected to unrelated fabrics are grouped together, N_Port failover within a port group can cause the F_Ports to connect to a different fabric and the F_Port may lose connectivity to the targets it was connected to before failover, causing I/O disruption. You can create new port groups and add N_Ports to these groups. However, all N_Ports which are not part of any user-created port group will be part of the default port group pg0.
Access Gateway policies 1 The APC is mutually exclusive with the Port Grouping policy. When this policy is enabled on a switch connected to multiple fabrics, no attempt is made by Access Gateway to restrict failover behavior even if N_Ports are connected to unrelated fabrics. It is recommended not to use this policy when Access Gateway is connected to multiple fabrics.
1 14 Access Gateway policies Access Gateway Administrator’s Guide 53-1000605-01
Chapter Configuring Access Gateway 2 This chapter describes the initial setup required to deploy Brocade Access Gateway. NOTE Refer to the Web Tools Administrator’s Guide to manage Access Gateway using Web Tools. In this chapter • Verifying the fabric and edge switch settings . . . . . . . . . . . . . . . . . . . . . . . . 15 • Enabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Enabling Access Gateway mode Enabling Access Gateway mode This section explains how to change the switch mode from Fabric OS Native mode to Access Gateway mode using the command line interface. Converting a switch to a Brocade Access Gateway allows you to use the switch as a device management tool that transparently connects hosts to the fabric. NOTE On the 200E, you must enable all ports using POD licensing before enabling Access Gateway mode.
Enabling Access Gateway mode 2 switch:admin> switchshow switchName: switch switchType: 43.
2 Enabling Access Gateway mode If the parameter is set to ‘0’, continue to the next step. If the parameter is not set to ‘0’, change the parameter and reboot the switch. 4. Enter the ag --modeenable command to enable Access Gateway mode. switch:admin> ag --modeenable The switch automatically reboots and comes back online in Access Gateway mode using a factory default F_Port to N_Port mapping. For more information on which ports are mapped by default, refer to Appendix A, “Default Port Mapping”. 5.
2 Enabling Access Gateway mode 7. Enter the switchShow command without any options to display the status of all ports. switch:admin> switchshow switchName: switch switchType: 43.
2 20 Enabling Access Gateway mode Access Gateway Administrator’s Guide 53-1000605-01
Chapter Disabling Access Gateway Mode 3 This chapter describes how to disable Access Gateway mode. Disabling Access Gateway mode is disruptive; the switch is disabled and rebooted. In this chapter • Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 • Disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 • Notes on joining the switch to a fabric. . . . . . . . . . . . . . . . . . . . . . . . . .
3 Notes on joining the switch to a fabric Using the CLI to disable Access Gateway mode After you disable Access Gateway mode, use the instructions in the Fabric OS Administrator’s Guide to reconfigure the switch and join it to the fabric. NOTE Disabling Access Gateway mode clears the current Access Gateway mode configuration and reboots the switch. To disable Access Gateway mode 1. Connect and log in to the switch. 2. Enter the ag --modeshow command to verify that the switch is in Access Gateway mode.
Notes on joining the switch to a fabric 3 To use a previous configuration 1. Enter the switchDisable command to disable the switch. 2. Enter the configDownload command to revert to the previous configuration. 3. Enter the switchEnable command to bring the switch back online. The switch automatically joins the fabric. To allow the switch to merge with the fabric NOTE Only connect the switch to the fabrics which you want it to join. 1. Enter the switchDisable command to disable the switch. 2.
3 24 Notes on joining the switch to a fabric Access Gateway Administrator’s Guide 53-1000605-01
Chapter 4 Managing Ports in Access Gateway mode This chapter explains how to use the CLI to manage the ports on Brocade Access Gateway. NOTE Refer to the Web Tools Administrator’s Guide for information on setting up Access Gateway using Web Tools. In this chapter • Determining the mapping and port status . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring port maps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring additional F_Ports . . .
4 Determining the mapping and port status The following information displays. N_Port Configured F_Ports Current F_Ports Failover and Failback PG_ID and PG_Name Port numbers of ports locked in N_Port mode. List of F_Ports that are mapped to the corresponding N_Port. For example, in the following sample output, F_Ports 9 and 10 are mapped to N_Port 0. Shows the F_Ports that are currently connected to the fabric on the corresponding N_Port.
4 Configuring port maps Displaying the port status This section explains how to determine the port status. To display the port status 1. Connect and log in to the switch. 2. Enter the switchShow command without any options to display the status of all ports. switch:admin> switchshow switchName: switch switchType: 43.
4 Configuring port maps NOTE For bladed servers, the HBA connects to the internal ports. Therefore, the internal ports are F_Ports and by default, only the external ports are configured as Imports. Adding F_Ports Adding an F_Port to an N_Port routes that traffic to and from the fabric through the specified N_Port. When failover is enabled and the N_Port goes offline or fails, the F_Port automatically routes to another N_Port that is connected to the same fabric.
Configuring port maps 4 4. Enter the ag command with the --mapadd “ operand to add the list of F_Ports to the N_Port. Where the f_portlist can contain multiple F_Port numbers separated by semicolons, for example “17;18”. switch:admin> ag --mapadd 13 "6;7" F-Port to N-Port mapping has been updated successfully 5. Enter the ag --mapshow command with the n_portnumber operand to display a list of mapped F_Ports. Verify that the F_Ports you added appear in the list.
4 Configuring additional F_Ports The prefset command sets the preferred N_Port for one or more F_Ports. Preferred mapping is optional. Preferred F_Port to N_Port Mapping provides an alternate N_Port for F_Ports to come online for predictable failover and failback. An F_Port must have primary N_Port mapping before a secondary N_Port can be configured. The list of F_Ports to mapped must be enclosed in quotation marks. Port numbers must be separated by a semicolon.
Configuring additional F_Ports 4 Figure 9 shows a host connected to an embedded switch’s external F_Port when Brocade Access Gateway is enabled. The newly configured F_Port was mapped to an N_Port. FIGURE 9 Example of adding an external F_Port (F9) on an embedded switch Unlocking N_Port mode By default, on embedded switches, all external ports are locked in N_Port mode when Access Gateway is enabled.
4 Managing policies switch:admin> portcfgnport 10 0 Alternatively, to lock a port in N_Port mode, enter the portCfgNport 1 command. switch:admin> portcfgnport 10 1 4. Enter the portCfgNport command to display the N_Port lock settings and verify that the port is no longer locked in N_Port mode. switch:admin> portcfgnport Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 --------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-Locked N_Port .. .. .. .. .. .. .. .. .. .. ..
Managing policies 4 3. Enter the ag command with the --failoverenable operand to enable path failover. switch:admin> ag --failoverenable 13 Failover policy is enabled for port 13 To disable failover 1. Connect and log in to the switch. 2. Enter the ag command with the --failovershow operand to display the failover setting. switch:admin> ag --failovershow 13 Failover on N_Port 13 is supported 3.
4 Managing policies Port Group policy The Port Group policy is enabled by default. To create a port group 1. Connect and log in to the switch. 2. Enter the command ag --pgcreate with the “ [-n ] operands. switch:admin> ag --pgcreate 3 "12;13" -n Test Port Group 3 created successfully 3. Enter the command ag --pgshow to verify the port group was created.
Managing policies 4 To remove a port group from the switch 1. Connect and log in to the switch. 2. Enter the command ag --pgremove with the operands. switch:admin> ag --pgremove 3 Port Group 3 has been removed successfully 3. Enter the command ag --pgshow to verify the port group has been deleted.
4 Managing policies To enable APC 1. Connect and log in to the switch. 2. Enter the configupload command to save the switch’s current configuration. 3. Enter the command switchdisable to disable the switch. 4. Enter the command ag --policyenable auto to enable the APC. 5. At the command prompt, type Y to enable the policy. switch:admin> ag --policyenable auto All Port related Access Gateway configurations will be lost. Please save the current configuration using configupload.
Appendix A Default Port Mapping The following table shows the default F_Port to N_Port maps that are automatically configured when Access Gateway mode is enabled. All N_Ports have failover and failback enabled .
A 38 Default Port Mapping Access Gateway Administrator’s Guide 53-1000605-01
Appendix B Compatibility In Access Gateway mode, the switch can connect to a fabric that supports NPIV. Fabric OS supports NPIV in v5.0.1 and later. This section describes the supported Access Gateway configurations. Access Gateway Mode Switches The following switches support Access Gateway mode: • • • • • • Brocade 200E Brocade 4012 Brocade 4016 Brocade 4018 Brocade 4020 Brocade 4024 NOTE Connecting Access Gateway devices one to another, daisy chaining, is not supported.
B Compatibility How to configure McDATA switch 1. Log in as admin on the McDATA switch. 2. Enable MS services on the McDATA switch and enter the following command: config OpenSysMs setState 3. Enable NPIV functionality on the edge fabric ports so that multiple logins are allowed for each port. Enter the following command on the McDATA switch to enable NPIV on the specified ports. config NPIV Your McDATA switch is now ready to connect. How to configure Cisco switch 1. Log in as admin on the Cisco switch.
Appendix C Troubleshooting This appendix provides troubleshooting instructions. TABLE 6 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Access Gateway Mode.
C TABLE 6 Troubleshooting Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the operand. Enter the ag --failbackShow command with the operand. Command returns “Failback (or Failover) on N_Port is supported.” If it returns, “Failback (or Failover) on N_Port is not supported.
Appendix Access Gateway Commands D This appendix contains the commands for Access Gateway mode in the Fabric OS 6.0.0 release. System messages can be found in the Fabric OS Message Reference. This appendix uses the same conventions as the Fabric OS Command References. Access Gateway commands ag Enables and manages Access Gateway mode to perform AG specific operations.
D ag --failbackdisable Disables the Failback policy for the specified N_Port. --failbackenable Enables the Failback policy for the specified N_Port. --failbackshow [N_Port] Displays the Failback policy for all the N_Ports. If an optional N_Port is specified, then the failback policy for that N_Port is displayed. --failoverdisable Disables the Failover policy for the specified N_Port. --failoverenable Enables the Failover policy for the specified N_Port.
ag D --pgcreate “” [-n ] Creates a port group with a PG_ID and associated N_Ports. Specify the port group name. Specify the port group ID. Specify the N_Ports associated with the port group ID. The N_Port numbers must be separated by semicolons. --pgdel “” Deletes the N_Ports from an existing port group. Specify the port group ID. Specify the N_Ports to be deleted. The N_Port numbers must be separated by semicolons.
D ag --prefdel “” Deletes the N_Port as the secondary N_Port for the specified list of F_Ports. Specify the F_Ports. Specify the N_Port. The F_Port numbers must be separated by semicolons. --prefset “” Sets this N_Port as the secondary N_Port for the list of F_Ports specified. Specify the F_Ports. Specify the N_Port. The F_Port numbers must be separated by semicolons.
ag D Examples To display Access Gateway information: switch:admin> ag --show Name : ST3 NodeName : 10:00:08:00:88:35:a0:12 Number of Ports : 16 IP Address(es) : 192.115.74.55 Firmware Version : v6.0.0v6.0.
D ag To display all the F_Ports that are mapped to a given N_Port: switch:admin> ag --mapshow N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name ----------------------------------------------------------------------------12 0;1;2 None 1 1 0 pg0 13 3;4;5 None 1 1 0 pg0 14 6;7;8 None 1 1 0 pg0 15 9;10;11 None 1 1 0 pg0 ----------------------------------------------------------------------------switch:admin> ag --mapshow 15 N_Port Failover(1=enabled/0=disabled) Failback(1=enabled/0=dis
Index A Access Gateway mode commands, 43 comparison, 2 configuration, 15 disable, 21, 22 enable, 16, 22 introduction, 1 manage ports, 25 overview, 1 port types, 3 switches, 39 terms, vii ACL policies settings, 15 B behavior failover policy, 10 C code, vii commands ag, 22 ag --failbackDisable, 33 ag --failbackEnable, 33 ag --failbackShow, 33, 42 ag --failoverDisable, 33 ag --failoverEnable, 33 ag --failoverShow, 32, 33, 42 ag --mapAdd, 29 ag --mapDel, 28, 29 ag --mapShow, 16, 18, 25, 26, 29 ag --modeDisa
display mapping, 25, 26 status, port, 27 I E J edge switch compatibility, 39 FLOGI, 15 long distance mode setting, 15 NPIV, 15 settings, 15 enable Access Gateway mode, 16, 22 failback policy, 33 failover policy, 32 N_Port mode, 32 join fabric, 22 F F_Port add to an N_Port, 28 mapping, example, 5 mapping, show, 25 remove, 29 settings, edge switch, 15 status, 27 fabric compatibility, 15 inband queries, 15 join, 22 logins, 15 Management Server Platform, 15 merge switch, 23 settings, 15 zoning scheme, 15
P Z policy failback, enable, 33 failover, enable, 32 port comparison, 3 initialization, 5 management, 25 mapping, 4 requirements, 39 types, 3 zoning merge, 23 schemes, 15 setting, 22 R requirements edge switch settings, 15 fabric settings, 15 ports, 39 S settings ACL policies, 15 FLOGI, 15 inband queries, 15 Management Server Platform, 15 zone, no access, 22 status port, display, 27 show, 27 supported hardware and software, vi switchMode Access Gateway mode, 18 Native, 17 T terms, vii U unlock N_Port
52 Access Gateway Administrator’s Guide 53-1000605-01