Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)
74 Secure Fabric OS Administrator’s Guide
53-1000244-02
4
Troubleshooting
Some of the most likely issues with Secure Fabric OS management and the recommended actions
are described in Table 19. The information in the table is based on the assumption that the fabric
was originally fully functional and secure mode was enabled.
CAUTION
Some of the recommended actions might interrupt data traffic.
TABLE 19 Recovery Processes
Symptom Possible Causes Recommended Actions
Secure Fabric OS policies
do not appear to be in
effect.
Secure mode is not enabled. Type the secModeShow command. If secure mode is
disabled, enter the secModeEnable command on the
switch that you want to become the primary FCS
switch and specify the FCS switches at the prompts.
Policy changes have not
been applied.
Type the secPolicyShow command and review the
differences between the active and defined policy
sets. If desired, enter the secPolicyActivate command
to activate all recent policy changes.
Fabric has segmented. See possible causes and actions for “One or more
switches has segmented from the fabric,” later in this
table.
Cannot execute
commands from any
switch in the fabric.
All FCS switches have failed
but secure mode is still
enabled, preventing access
to fabric.
Type the secModeEnable command from the switch
that you want to become the new primary FCS switch,
and specify the FCS switches.
Note: Specify adequate backup FCS switches to
prevent a recurrence of this problem.
Cannot access some or all
switches in the fabric.
The MAC policies are
restricting access.
Note: An empty MAC policy
blocks all access through
that management channel.
Use a serial cable to connect to the primary FCS
switch; then, enter the secPolicyShow command to
review the MAC policies.
Modify policies as necessary by either entering valid
entries or deleting the empty policies.
Cannot access primary
FCS switch by any
management method.
Primary FCS switch has
failed or lost all connections.
Log in to the backup FCS switch that you want to
become the new primary FCS switch and enter the
secFCSFailover command to reassign the primary
FCS role to a backup FCS switch.
If no backup FCS switches are available, enter the
secModeEnable command to specify a new primary
FCS switch. Specify adequate backup FCS switches
to prevent a recurrence.
Troubleshoot the previous primary FCS switch as
required.
Cannot access a device or
switch port listed in the
SCC or in a DCC policy.
Switch port might be
disabled.
Type the switchShow command. If the port in
question is disabled, enter the portEnable command.
If the switch port still cannot be accessed, enter the
portEnable command for the port on the other switch.