Dell Brocade 6520 User guide

53-1002920-02

9 September 2013

®

Fabric OS

Administrator’s Guide

Supporting Fabric OS 7.2.0

ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and

Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of

Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names

mentioned may be trademarks of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning

any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to

this document at any time, without notice, and assumes no responsibility for its use. This informational document describes

features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.

Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with

respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that

accompany it.

The product described by this document may contain “open source” software covered by the GNU General Public License or other

open source license agreements. To find out which open source software is included in Brocade products, view the licensing

terms applicable to the open source software, and obtain a copy of the programming source code, please visit

http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Document History

Corporate and Latin American Headquarters

Brocade Communications Systems, Inc.

130 Holger Way

San Jose, CA 95134

Tel: 1-408-333-8000

Fax: 1-408-333-8101

E-mail: info@brocade.com

Asia-Pacific Headquarters

Brocade Communications Systems China HK, Ltd.

No. 1 Guanghua Road

Chao Yang District

Units 2718 and 2818

Beijing 100020, China

Tel: +8610 6588 8888

Fax: +8610 6588 9999

E-mail: china-info@brocade.com

European Headquarters

Brocade Communications Switzerland Sàrl

Centre Swissair

Tour B - 4ème étage

29, Route de l'Aéroport

Case Postale 105

CH-1215 Genève 15

Switzerland

Tel: +41 22 799 5640

Fax: +41 22 799 5641

E-mail: emea-info@brocade.com

Asia-Pacific Headquarters

Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)

Citic Plaza

No. 233 Tian He Road North

Unit 1308 – 13th Floor

Guangzhou, China

Tel: +8620 3891 2000

Fax: +8620 3891 2111

E-mail: china-info@brocade.com

Title Publication number Summary of changes Date

Fabric OS Administrator’s Guide 53-1002920-01 Added Fabric OS v7.2.0 software features

and support for embedded switches:

Brocade 5431, M6505, and 6547.

July 2013

Fabric OS Administrator’s Guide 53-1002920-02 Corrections and additions for the Fabric OS

7.2.0a release.

September 2013

Fabric OS Administrator’s Guide 3

53-1002920-02

Contents (High Level)

Section I Standard Features

Chapter 1 Understanding Fibre Channel Services . . . . . . . . . . . . . . . . . . . . . . . . .45

Chapter 2 Performing Basic Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Chapter 3 Performing Advanced Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .83

Chapter 4 Routing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Chapter 5 Buffer-to-Buffer Credits and Credit Recovery. . . . . . . . . . . . . . . . . . . .135

Chapter 6 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Chapter 7 Configuring Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Chapter 8 Configuring Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

Chapter 9 Maintaining the Switch Configuration File . . . . . . . . . . . . . . . . . . . . . .277

Chapter 10 Installing and Maintaining Firmware . . . . . . . . . . . . . . . . . . . . . . . . . .289

Chapter 11 Managing Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Chapter 12 Administering Advanced Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Chapter 13 Traffic Isolation Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Chapter 14 Optimizing Fabric Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

Chapter 15 Bottleneck Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

Chapter 16 In-flight Encryption and Compression . . . . . . . . . . . . . . . . . . . . . . . . .445

Chapter 17 Diagnostic Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Chapter 18 NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Chapter 19 Fabric-Assigned PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479

Chapter 20 Managing Administrative Domains . . . . . . . . . . . . . . . . . . . . . . . . . . .485

Section II Licensed Features

Chapter 21 Administering Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Chapter 22 Inter-chassis Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543

Chapter 23 Monitoring Fabric Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551

Chapter 24 Managing Trunking Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569

4 Fabric OS Administrator’s Guide

53-1002920-02

Chapter 25 Managing Long-Distance Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Chapter 26 Using FC-FC Routing to Connect Fabrics . . . . . . . . . . . . . . . . . . . . . . .593

Appendix A Port Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641

Appendix B FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Appendix C Hexadecimal Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657

Fabric OS Administrator’s Guide 5

53-1002920-02

Contents

About This Document

Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . 35

What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Section I Standard Features

Chapter 1 Understanding Fibre Channel Services

Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Platform services and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . 47

Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Displaying the management server ACL. . . . . . . . . . . . . . . . . . .48

Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . . 49

Viewing the contents of the management server database . . . 50

Clearing the management server database . . . . . . . . . . . . . . . 51

Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . 51

Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Disabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

E_Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Fabric login process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

RSCNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Duplicate Port World Wide Name . . . . . . . . . . . . . . . . . . . . . . . . 55

High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . .55

6 Fabric OS Administrator’s Guide

53-1002920-02

Chapter 2 Performing Basic Configuration Tasks

Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . .58

Console sessions using the serial port. . . . . . . . . . . . . . . . . . . .58

Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Viewing a history of command line entries . . . . . . . . . . . . . . . . 61

Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

The switch Ethernet interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Virtual Fabrics and the Ethernet interface. . . . . . . . . . . . . . . . .65

Management Ethernet port bonding . . . . . . . . . . . . . . . . . . . . .65

Displaying the network interface settings . . . . . . . . . . . . . . . . .66

Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Time zone settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Fabric name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Configuring the fabric name . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

High availability considerations for fabric names . . . . . . . . . . . 78

Upgrade and downgrade considerations for fabric names. . . .78

Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . .78

Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Disabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Enabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Switch and Backbone shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . .80

Powering off a Brocade Backbone . . . . . . . . . . . . . . . . . . . . . . . 81

Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Fabric OS Administrator’s Guide 7

53-1002920-02

Chapter 3 Performing Advanced Configuration Tasks

Port identifiers (PIDs) and PID binding overview . . . . . . . . . . . . . . .83

Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Port Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Backbone port blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Port identification by slot and port number . . . . . . . . . . . . . . . .89

Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . .90

Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Configuring a device-switch connection . . . . . . . . . . . . . . . . . . .90

Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Port activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . .92

Port decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Setting port modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93

Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Setting all ports on a switch to the same speed . . . . . . . . . . . .94

Setting port speed for a port octet . . . . . . . . . . . . . . . . . . . . . . .95

Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .95

CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Port and application blade compatibility . . . . . . . . . . . . . . . . . .98

FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Blade swapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

How blades are swapped . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Disabling switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Verifying High Availability features (Backbones only) . . . . . . .104

Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Viewing the switch status policy threshold values. . . . . . . . . .105

Setting the switch status policy threshold values . . . . . . . . . .106

Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Verifying host syslog prior to configuring the audit log . . . . . .109

Configuring an audit log for specific event classes . . . . . . . . .109

8 Fabric OS Administrator’s Guide

53-1002920-02

Duplicate PWWN handling during device login . . . . . . . . . . . . . . . .110

Setting 0, First login precedence . . . . . . . . . . . . . . . . . . . . . . .110

Setting 1, Second login precedence. . . . . . . . . . . . . . . . . . . . .110

Setting 2, Mixed precedence . . . . . . . . . . . . . . . . . . . . . . . . . .110

Setting the behavior for handling duplicate PWWNs. . . . . . . .111

Enabling forward error correction . . . . . . . . . . . . . . . . . . . . . . . . . .111

FEC Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

Using the portCfgFec command . . . . . . . . . . . . . . . . . . . . . . . .112

Chapter 4 Routing Traffic

Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Paths and route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Congestion versus over-subscription . . . . . . . . . . . . . . . . . . . .119

Virtual channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . .121

Routing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Displaying the current routing policy . . . . . . . . . . . . . . . . . . . .122

Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Device-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Dynamic Path Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

AP route policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

Forcing in-order frame delivery across topology changes. . . .127

Restoring out-of-order frame delivery across topology

changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

Using Frame Viewer to understand why frames are dropped.127

Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . .129

Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130

Configuring Lossless Dynamic Load Sharing . . . . . . . . . . . . . .131

Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . .131

Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .132

Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .133

Viewing frame redirect zones . . . . . . . . . . . . . . . . . . . . . . . . . .133

Fabric OS Administrator’s Guide 9

53-1002920-02

Chapter 5 Buffer-to-Buffer Credits and Credit Recovery

Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Buffer-to-buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .136

Fibre Channel gigabit values reference definition. . . . . . . . . .137

Buffer credit allocation based on full-size frames. . . . . . . . . .137

Allocating buffer credits based on average-size frames . . . . .140

Configuring buffers for a single port directly . . . . . . . . . . . . . . 141

Configuring buffers using frame size . . . . . . . . . . . . . . . . . . . .141

Calculating the number of buffers required given the

distance, speed, and frame size. . . . . . . . . . . . . . . . . . . . . . . .142

Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .142

Monitoring buffers in a port group . . . . . . . . . . . . . . . . . . . . . .142

Buffer credits switch or blade model . . . . . . . . . . . . . . . . . . . .143

Maximum configurable distances for Extended Fabrics . . . . .144

Downgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .145

Configuring credits for a single VC . . . . . . . . . . . . . . . . . . . . . .146

Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146

Buffer credit recovery over an E_Port. . . . . . . . . . . . . . . . . . . .147

Buffer credit recovery over an F_Port. . . . . . . . . . . . . . . . . . . .147

Buffer credit recovery over an EX_Port. . . . . . . . . . . . . . . . . . .148

Enabling and disabling buffer credit recovery . . . . . . . . . . . . .148

Credit loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Back-end credit loss detection and recovery support on

Brocade 5300 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Back-end credit loss detection and recovery support on

Brocade 6520 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Enabling back-end credit loss detection and recovery . . . . . .150

Chapter 6 Managing User Accounts

User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

Management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Managing user-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . .154

Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156

Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Local user account database distribution. . . . . . . . . . . . . . . . . . . .158

Distributing the local user database . . . . . . . . . . . . . . . . . . . .158

Accepting distributed user databases on the local switch . . .158

Rejecting distributed user databases on the local switch . . .159

Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

Account lockout policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

10 Fabric OS Administrator’s Guide

53-1002920-02

The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Setting the boot PROM password for a switch with a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Setting the boot PROM password for a Backbone with a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

Setting the boot PROM password for a switch without a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

Setting the boot PROM password for a Backbone without a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

Remote authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Remote authentication configuration. . . . . . . . . . . . . . . . . . . .167

Setting the switch authentication mode . . . . . . . . . . . . . . . . . 171

Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Fabric OS users on the RADIUS server. . . . . . . . . . . . . . . . . . .172

Setting up a RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . .175

LDAP configuration and Microsoft Active Directory . . . . . . . . .181

LDAP configuration and OpenLDAP . . . . . . . . . . . . . . . . . . . . .184

TACACS+ service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189

Remote authentication configuration on the switch . . . . . . . .192

Configuring local authentication as backup. . . . . . . . . . . . . . .194

Chapter 7 Configuring Protocols

Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Setting up SCP for configuration uploads and downloads . . .197

Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .198

Secure Sockets Layer protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

Browser and Java support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

SSL configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204

Root certificates for the Java plugin . . . . . . . . . . . . . . . . . . . . .205

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .206

SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Management Information Base (MIB) . . . . . . . . . . . . . . . . . . .207

Basic SNMP operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Understanding MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208

Access to MIB variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208

SNMP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Loading Brocade MIBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212

Access Gateway and Brocade MIBs . . . . . . . . . . . . . . . . . . . . .216

Firmware upgrades and enabled traps . . . . . . . . . . . . . . . . . .216

Support for Administrative Domains . . . . . . . . . . . . . . . . . . . .216

Support for Role-Based Access Control . . . . . . . . . . . . . . . . . .216

Support for IPv6 addressing . . . . . . . . . . . . . . . . . . . . . . . . . . .217

Support for Virtual Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217

Configuring SNMP using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . .218

Fabric OS Administrator’s Guide 11

53-1002920-02

Telnet protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226

Blocking Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227

Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .229

Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Chapter 8 Configuring Security Policies

ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .231

Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232

ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232

Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233

Saving changes without activating the policies . . . . . . . . . . . .233

Activating ACL policy changes . . . . . . . . . . . . . . . . . . . . . . . . . .233

Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233

Adding a member to an existing ACL policy . . . . . . . . . . . . . . .234

Removing a member from an ACL policy . . . . . . . . . . . . . . . . .234

Abandoning unsaved ACL policy changes . . . . . . . . . . . . . . . .234

FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .236

Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236

Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .237

FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

Device Connection Control policies . . . . . . . . . . . . . . . . . . . . . . . . .238

DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240

DCC policy behavior with Fabric-Assigned PWWNs . . . . . . . . . 241

SCC Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242

Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243

Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .243

E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244

Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .246

AUTH policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247

Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248

Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .249

FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .251

Fabric-wide distribution of the authorization policy. . . . . . . . .253

12 Fabric OS Administrator’s Guide

53-1002920-02

IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .255

Deleting an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .258

Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .259

Deleting a rule from an IP Filter policy . . . . . . . . . . . . . . . . . . .259

Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .259

IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .261

ACL policy distribution to other switches . . . . . . . . . . . . . . . . .262

Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263

Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .264

Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .266

Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

IPsec protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269

Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269

Authentication and encryption algorithms . . . . . . . . . . . . . . . .269

IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270

IKE policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272

Example of an end-to-end transport tunnel mode. . . . . . . . . . 274

Chapter 9 Maintaining the Switch Configuration File

Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277

Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279

Uploading a configuration file in interactive mode . . . . . . . . .279

Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280

Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281

Configuration download without disabling a switch . . . . . . . .282

Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Downloading a configuration file from one switch to

another switch of the same model . . . . . . . . . . . . . . . . . . . . . .284

Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Configuration management for Virtual Fabrics. . . . . . . . . . . . . . . .285

Uploading a configuration file from a switch with

Virtual Fabrics enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

Restoring a logical switch configuration using

configDownload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287

Fabric OS Administrator’s Guide 13

53-1002920-02

Chapter 10 Installing and Maintaining Firmware

Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .289

Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .291

Considerations for FICON CUP environments . . . . . . . . . . . . .291

HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .292

Obtaining and decompressing firmware . . . . . . . . . . . . . . . . .293

Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293

Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .294

Switch firmware download process overview. . . . . . . . . . . . . .294

Firmware download on a Backbone. . . . . . . . . . . . . . . . . . . . . . . . .296

Backbone firmware download process overview. . . . . . . . . . .296

Firmware download from a USB device. . . . . . . . . . . . . . . . . . . . . .299

Enabling the USB device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Downloading from the USB device using the relative path. . .300

Downloading from the USB device using the absolute path. .300

FIPS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

Public and private key management . . . . . . . . . . . . . . . . . . . .300

The firmwareDownload command . . . . . . . . . . . . . . . . . . . . . .301

Power-on firmware checksum test . . . . . . . . . . . . . . . . . . . . . .302

Testing and restoring firmware on switches . . . . . . . . . . . . . . . . . .302

Testing a different firmware version on a switch . . . . . . . . . . .302

Testing and restoring firmware on Backbones . . . . . . . . . . . . . . . .304

Testing different firmware versions on Backbones . . . . . . . . .304

Validating a firmware download. . . . . . . . . . . . . . . . . . . . . . . . . . . .306

Chapter 11 Managing Virtual Fabrics

Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310

Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310

Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .311

Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .312

Logical switches and connected devices . . . . . . . . . . . . . . . . .313

Management model for logical switches. . . . . . . . . . . . . . . . . . . . .314

Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315

Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315

Base switch and extended ISLs . . . . . . . . . . . . . . . . . . . . . . . .316

Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .319

Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .320

Supported port configurations in the fixed-port switches. . . .320

Supported port configurations in Brocade Backbones . . . . . .321

Virtual Fabrics interaction with other Fabric OS features . . . .322

14 Fabric OS Administrator’s Guide

53-1002920-02

Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .322

Restrictions on XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323

Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .324

Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324

Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .325

Configuring logical switches to use basic configuration values. . .326

Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .326

Executing a command in a different logical switch context . . . . . .328

Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Adding and moving ports on a logical switch . . . . . . . . . . . . . . . . .329

Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .330

Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .331

Changing a logical switch to a base switch . . . . . . . . . . . . . . . . . . .331

Setting up IP addresses for a logical switch . . . . . . . . . . . . . . . . . .333

Removing an IP address for a logical switch. . . . . . . . . . . . . . . . . .333

Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .333

Changing the context to a different logical fabric . . . . . . . . . . . . . .334

Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .334

Chapter 12 Administering Advanced Zoning

Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338

Approaches to zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339

Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340

Zone configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341

Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342

Considerations for zoning architecture . . . . . . . . . . . . . . . . . .342

Best practices for zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .344

Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .345

High availability considerations with broadcast zones . . . . . .346

Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .346

Broadcast zones and default zoning mode . . . . . . . . . . . . . . .346

Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346

Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .348

Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349

Viewing an alias in the defined configuration . . . . . . . . . . . . .349

Fabric OS Administrator’s Guide 15

53-1002920-02

Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .350

Displaying existing zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350

Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350

Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .351

Removing devices (members) from a zone . . . . . . . . . . . . . . .352

Replacing zone members . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353

Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355

Viewing a zone in the defined configuration . . . . . . . . . . . . . .356

Viewing zone configuration names without case distinction .356

Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358

Default zoning mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360

Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .361

Viewing the current default zone access mode. . . . . . . . . . . .361

Zone database size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362

Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362

Creating a zone configuration. . . . . . . . . . . . . . . . . . . . . . . . . .363

Adding zones to a zone configuration . . . . . . . . . . . . . . . . . . .363

Removing members from a zone configuration. . . . . . . . . . . .364

Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .364

Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .365

Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .365

Abandoning zone configuration changes. . . . . . . . . . . . . . . . .366

Viewing all zone configuration information . . . . . . . . . . . . . . .366

Viewing selected zone configuration information . . . . . . . . . .367

Viewing the configuration in the effective zone database . . .367

Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .367

Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368

Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368

Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369

Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370

Zone configuration management. . . . . . . . . . . . . . . . . . . . . . . . . . .370

Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Zone merging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .373

Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Concurrent zone transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Viewing zone database transactions . . . . . . . . . . . . . . . . . . . .377

Chapter 13 Traffic Isolation Zoning

Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .379

TI zone failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380

Additional considerations when disabling failover . . . . . . . . .381

FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .383

Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384

Illegal configurations with enhanced TI zones. . . . . . . . . . . . .385

16 Fabric OS Administrator’s Guide

53-1002920-02

Traffic Isolation Zoning over FC routers . . . . . . . . . . . . . . . . . . . . . .386

TI zones within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . .388

TI zones within a backbone fabric . . . . . . . . . . . . . . . . . . . . . .389

Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .390

Fabric-Level Traffic Isolation in a backbone fabric . . . . . . . . . . . . .390

Fabric-Level TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391

Failover behavior for Fabric-Level TI zones . . . . . . . . . . . . . . .392

Creating a separate TI zone for each path . . . . . . . . . . . . . . . .392

Creating a single TI zone for all paths . . . . . . . . . . . . . . . . . . .393

General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394

Traffic Isolation Zone violation handling for trunk ports . . . . .395

Supported configurations for Traffic Isolation Zoning . . . . . . . . . .396

Additional configuration rules for enhanced TI zones. . . . . . .396

Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .398

Admin Domain considerations for Traffic Isolation Zoning . . . . . .398

Virtual Fabrics considerations for Traffic Isolation Zoning . . . . . . .399

Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .401

Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402

Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .404

Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405

Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .406

Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Troubleshooting TI zone routing problems . . . . . . . . . . . . . . . . . . .408

Setting up TI zones over FCR (sample procedure) . . . . . . . . . . . . .409

Chapter 14 Optimizing Fabric Behavior

Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414

Virtual Fabrics considerations. . . . . . . . . . . . . . . . . . . . . . . . . . 414

Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .415

Disabling Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . .415

QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

License requirements for QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 416

CS_CTL-based frame prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . 416

Supported configurations for CS_CTL-based frame

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

High availability considerations for CS_CTL-based frame

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Enabling CS_CTL-based frame prioritization on ports . . . . . . . 417

Disabling CS_CTL-based frame prioritization on ports . . . . . . 418

Using CS_CTL auto mode at the chassis level . . . . . . . . . . . . . 418

Considerations for using CS_CTL-based frame prioritization .418

Fabric OS Administrator’s Guide 17

53-1002920-02

QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . .419

QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419

QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421

QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421

Virtual Fabrics considerations for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422

High-availability considerations for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422

Supported configurations for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423

Limitations and restrictions for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424

Setting QoS zone-based traffic prioritization. . . . . . . . . . . . . . . . . .424

Setting QoS zone-based traffic prioritization over FC routers . . . .426

Disabling QoS zone-based traffic prioritization. . . . . . . . . . . . . . . .426

Chapter 15 Bottleneck Detection

Bottleneck detection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

Types of bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428

How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . .428

Supported configurations for bottleneck detection . . . . . . . . . . . .429

Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . .429

High availability considerations for bottleneck detection . . . .430

Upgrade and downgrade considerations for bottleneck

detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430

Trunking considerations for bottleneck detection . . . . . . . . . .430

Virtual Fabrics considerations for bottleneck detection . . . . .430

Access Gateway considerations for bottleneck detection. . . .430

Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . .431

Displaying bottleneck detection configuration details . . . . . . . . . .431

Setting bottleneck detection alerts . . . . . . . . . . . . . . . . . . . . . . . . .433

Setting both a congestion alert and a latency alert . . . . . . . .434

Setting a congestion alert only . . . . . . . . . . . . . . . . . . . . . . . . .434

Setting a latency alert only . . . . . . . . . . . . . . . . . . . . . . . . . . . .435

Changing bottleneck detection parameters . . . . . . . . . . . . . . . . . .435

Examples of applying and changing bottleneck detection

parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436

Advanced bottleneck detection settings . . . . . . . . . . . . . . . . . . . . .439

Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .440

Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .442

18 Fabric OS Administrator’s Guide

53-1002920-02

Chapter 16 In-flight Encryption and Compression

In-flight encryption and compression overview. . . . . . . . . . . . . . . .445

Supported ports for in-flight encryption and compression . . .446

In-flight encryption and compression restrictions . . . . . . . . . .446

How in-flight encryption and compression are enabled . . . . .448

Authentication and key generation for encryption and

compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448

Availability considerations for encryption and compression. .449

Virtual Fabrics considerations for encryption and

compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449

In-flight compression on long-distance ports. . . . . . . . . . . . . .450

Compression ratios for compression-enabled ports . . . . . . . .450

Configuring in-flight encryption and compression on an EX_Port .450

Configuring in-flight encryption and compression on an E_Port . .451

Viewing the encryption and compression configuration . . . . . . . .452

Configuring and enabling authentication for in-flight encryption .453

Enabling in-flight encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

Enabling in-flight compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Disabling in-flight encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Disabling in-flight compression . . . . . . . . . . . . . . . . . . . . . . . . . . . .457

Chapter 17 Diagnostic Port

Diagnostic Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Supported platforms for D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Licensing requirements for D_Port . . . . . . . . . . . . . . . . . . . . . . . . .460

Understanding D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460

Advantages of D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

D_Port configuration mode and nature of test . . . . . . . . . . . .461

General limitations and considerations for D_Port . . . . . . . . .462

Supported topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

Topology 1: ISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

Topology 2: ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

Topology 3: Access Gateways . . . . . . . . . . . . . . . . . . . . . . . . . .464

Topology 4: HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Using D_Port without HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Enabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Disabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

Using D_Port with HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467

Automatic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . .467

Dynamic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . .468

BCU D_Port commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468

Limitations and considerations for D_Port with HBAs. . . . . . .468

Controlling testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .469

Fabric OS Administrator’s Guide 19

53-1002920-02

Example test scenarios and output . . . . . . . . . . . . . . . . . . . . . . . . .469

Confirming SFP and link status with an HBA . . . . . . . . . . . . . .470

Starting and stopping D_Port testing . . . . . . . . . . . . . . . . . . . .470

Chapter 18 NPIV

NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475

Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Viewing NPIV port configuration information . . . . . . . . . . . . . . . . . 476

Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .478

Chapter 19 Fabric-Assigned PWWN

Fabric-Assigned PWWN overview. . . . . . . . . . . . . . . . . . . . . . . . . . .479

User- and auto-assigned FA-PWWN behavior . . . . . . . . . . . . . . . . .480

Configuring an FA-PWWN for an HBA connected to an

Access Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481

Configuring an FA-PWWN for an HBA connected to an edge

switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482

Supported switches and configurations for FA-PWWN. . . . . . . . . .483

Configuration upload and download considerations for

FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483

Security considerations for FA-PWWN . . . . . . . . . . . . . . . . . . . . . . .483

Restrictions of FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484

Access Gateway N_Port failover with FA-PWWN . . . . . . . . . . . . . . .484

Chapter 20 Managing Administrative Domains

Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .485

Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487

Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .487

Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .487

User-defined Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . .488

System-defined Admin Domains. . . . . . . . . . . . . . . . . . . . . . . .488

Home Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . .490

Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .491

Admin Domains and switch WWNs. . . . . . . . . . . . . . . . . . . . . .492

Admin Domain compatibility, availability, and merging . . . . . .494

20 Fabric OS Administrator’s Guide

53-1002920-02

Admin Domain management for physical fabric administrators . .494

Setting the default zoning mode for Admin Domains . . . . . . .495

Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .495

User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .496

Removing an Admin Domain from a user account . . . . . . . . .498

Activating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . .498

Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .499

Adding members to an existing Admin Domain . . . . . . . . . . . .499

Removing members from an Admin Domain . . . . . . . . . . . . . .500

Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .500

Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .501

Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .502

Deleting all user-defined Admin Domains non-disruptively . .502

Validating an Admin Domain member list . . . . . . . . . . . . . . . .506

SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .506

CLI commands in an AD context . . . . . . . . . . . . . . . . . . . . . . . .507

Executing a command in a different AD context . . . . . . . . . . .507

Displaying an Admin Domain configuration . . . . . . . . . . . . . . .508

Switching to a different Admin Domain context. . . . . . . . . . . .508

Admin Domain interactions with other Fabric OS features . . .509

Admin Domains, zones, and zone databases . . . . . . . . . . . . .510

Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .511

Configuration upload and download in an AD context . . . . . .512

Section II Licensed Features

Chapter 21 Administering Licensing

Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL 1st POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL 2nd POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

Enterprise ICL license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525

Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526

Upgrade and downgrade considerations . . . . . . . . . . . . . . . . .526

Assigning a license to a slot . . . . . . . . . . . . . . . . . . . . . . . . . . .526

Removing a license from a slot. . . . . . . . . . . . . . . . . . . . . . . . .527

10G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527

Enabling 10 Gbps operation on an FC port . . . . . . . . . . . . . . .528

Enabling the 10-GbE ports on an FX8-24 blade . . . . . . . . . . .529

Page is loading ...

Dell Brocade 6520 User guide

Related papers

Other documents