53-1001763-02

Brocade Communications Systems 53-1001763-02 User manual

  • Hello! I am an AI chatbot trained to assist you with the Brocade Communications Systems 53-1001763-02 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
53-1001763-02
13 September 2010
®
Fabric OS
Administrator’s Guide
Supporting Fabric OS v6.4.0
Copyright © 2005-2010 Brocade Communications Systems, Inc. All Rights Reserved.
Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron,
SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health
are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their
respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with
respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that
accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other
open source license agreements. To find out which open source software is included in Brocade products, view the licensing
terms applicable to the open source software, and obtain a copy of the programming source code, please visit
http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Document History
Corporate and Latin American Headquarters
Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
Tel: 1-408-333-8000
Fax: 1-408-333-8101
E-mail: info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
European Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour B - 4ème étage
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: emea-inf[email protected]
Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 – 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
Title Publication number Summary of changes Date
Fabric OS Procedures Guide 53-0000518-02 First released edition. April 2003
Fabric OS Procedures Guide 53-0000518-03 Revised for Fabric OS v4.2.0. December 2003
Fabric OS Procedures Guide 53-0000518-04 Revised to include switch-specific
information.
March 2004
Fabric OS Procedures Guide 53-0000518-05 Revised for Fabric OS v4.4.0. September 2004
Fabric OS Procedures Guide 53-0000518-06 Revised to add RADIUS and SSL
procedures.
October 2004
Fabric OS Administrator’s Guide 53-0000518-07 Revised book title. Added information
about 200E, 4012, and 48000
switches.
April 2005
Fabric OS Administrator’s Guide 53-1000043-01 Revised for Fabric OS v5.1.0. January 2006
Fabric OS Administrator’s Guide iii
53-1001763-02
Fabric OS Administrator’s Guide 53-1000043-02 Removed SilkWorm 4016 and 4020
from supported switches; FCIP chapter
updates.
June 2006
Fabric OS Administrator’s Guide 53-1000239-01 Revised for Fabric OS v5.2.0 features.
Added new hardware platforms:
Brocade FC4-48 and FC4-16IP.
September 2006
Fabric OS Administrator’s Guide 53-1000448-01 Added Fabric OS v5.3.0 features.
Added support for new hardware
platforms: Brocade 7600, FA4-18, and
FC10-6.
15 June 2007
Fabric OS Administrator’s Guide 53-1000598-01 Added Fabric OS v6.0.0 features.
Added support for new hardware
platforms: Brocade DCX Backbone,
FC8-16, FC8-32, and FC8-48.
19 October 2007
Fabric OS Administrator’s Guide 53-1000598-02 Changed “DCX” and “DCX director” to
the correct name: Brocade DCX
Backbone. Also, added the word
“director” to the 48000.
22 January 2008
Fabric OS Administrator’s Guide 53-1000598-03 Added Fabric OS v6.1.0 features.
Added support for new hardware
platforms: Brocade 5300, 5100, and
300.
12 March 2008
Fabric OS Administrator’s Guide 53-1000598-04 Updated document to streamline
content. No new hardware or Fabric OS
features.
18 July 2008
Fabric OS Administrator’s Guide 53-1001185-01 Added Fabric OS v 6.2.0 software
features and support for new hardware
platforms: Brocade DCX-4S.
24 November 2008
Fabric OS Administrator’s Guide 53-1001336-01 Added Fabric OS v6.3.0 software
features and support for new hardware
platforms.
July 2009
Fabric OS Administrator’s Guide 53-1001336-02 Incorporate release notes from Fabric
OS v6.3.0 and v6.3.0a.
November 2009
Fabric OS Administrator’s Guide 53-1001763-01 Added enhancements and new
features for Fabric OS v6.4.0. Added
support for the Brocade VA-40FC
hardware.
March 2010
Fabric OS Administrator’s Guide 53-1001763-02 Corrected minor errors. Added
additional clarification in some places.
September 2010
Title Publication number Summary of changes Date
iv Fabric OS Administrator’s Guide
53-1001763-02
Fabric OS Administrator’s Guide v
53-1001763-02
Contents
About This Document
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . xxxiv
What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Section I Standard Features
Chapter 1 Understanding Fibre Channel Services
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
The Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Platform services in a Virtual Fabric. . . . . . . . . . . . . . . . . . . . . . . 5
Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Displaying the management server ACL. . . . . . . . . . . . . . . . . . . . 6
Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . . . 7
Viewing the contents of the management server database . . . . 8
Clearing the management server database . . . . . . . . . . . . . . . . 8
Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . . 9
Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Disabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
vi Fabric OS Administrator’s Guide
53-1001763-02
Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
E_Port login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Fabric login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
RSCN causes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2 Performing Basic Configuration Tasks
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Console sessions using the serial port. . . . . . . . . . . . . . . . . . . . 16
Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
The Ethernet interface on your switch. . . . . . . . . . . . . . . . . . . . . . . .20
Virtual Fabrics and the Ethernet interface. . . . . . . . . . . . . . . . . 20
Displaying the network interface settings . . . . . . . . . . . . . . . . . 21
Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Time zone settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Switch and enterprise-class platform shutdown. . . . . . . . . . . . . . . . 31
Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Powering off a Brocade enterprise-class platform. . . . . . . . . . . 32
Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Fabric OS Administrator’s Guide vii
53-1001763-02
Chapter 3 Performing Advanced Configuration Tasks
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
PIDs and PID binding overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Port identification by slot and port number . . . . . . . . . . . . . . . . 41
Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . . 41
Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Port activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . .42
Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Setting the same speed for all ports on the switch. . . . . . . . . .44
Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .44
CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Port and application blade compatibility . . . . . . . . . . . . . . . . . .46
FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Blade swapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Verifying High Availability features (directors and enterprise-class
platforms only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Track and control switch changes . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Enabling the track changes feature . . . . . . . . . . . . . . . . . . . . . . 56
Displaying the status of the track changes feature. . . . . . . . . . 57
Viewing the switch status policy threshold values. . . . . . . . . . . 57
Setting the switch status policy threshold values . . . . . . . . . . . 57
Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Auditable event classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Verifying host syslog prior to configuring the audit log . . . . . . .60
Configuring an audit log for specific event classes . . . . . . . . . . 61
viii Fabric OS Administrator’s Guide
53-1001763-02
Chapter 4 Routing Traffic
About this chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Path versus route selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Virtual Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . . .70
Inter-chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Supported topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Routing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Displaying the current routing policy . . . . . . . . . . . . . . . . . . . . . 74
Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
AP route policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Routing in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Static route assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Forcing in-order frame delivery across topology changes. . . . .78
Restoring out-of-order frame delivery across topology changes78
Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . . .79
Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring Lossless Dynamic Load Sharing . . . . . . . . . . . . . . . 80
Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . . .80
Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . . .82
Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Viewing redirect zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Chapter 5 Managing User Accounts
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Role-Based Access Control (RBAC) . . . . . . . . . . . . . . . . . . . . . . .84
The management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Local account database distribution . . . . . . . . . . . . . . . . . . . . . . . . .90
Distributing the local user database . . . . . . . . . . . . . . . . . . . . . 90
Accepting distribution of user databases on the local switch .90
Rejecting distributed user databases on the local switch . . . .90
Fabric OS Administrator’s Guide ix
53-1001763-02
Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Account lockout policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Setting the boot PROM password for a switch with a recovery string
95
Setting the boot PROM password for a director with a recovery string
96
Setting the boot PROM password for a switch without a recovery
string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Setting the boot PROM password for a director without a recovery
string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
The authentication model using RADIUS and LDAP . . . . . . . . . . . . .99
Setting the switch authentication mode . . . . . . . . . . . . . . . . .101
Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Fabric OS users on the RADIUS server. . . . . . . . . . . . . . . . . . .102
The RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
LDAP configuration and Microsoft Active Directory . . . . . . . . .111
Authentication servers on the switch . . . . . . . . . . . . . . . . . . . .114
Configuring local authentication as backup. . . . . . . . . . . . . . .115
Chapter 6 Configuring Protocols
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Setting up SCP for configUploads and downloads . . . . . . . . .119
Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .120
Secure Sockets Layer protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Browser and Java support. . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
SSL configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Certificate authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Root certificates for the Java Plug-in . . . . . . . . . . . . . . . . . . . .126
Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .127
SNMP and Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
The security level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
The snmpConfig command . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Telnet protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Blocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .131
Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
x Fabric OS Administrator’s Guide
53-1001763-02
Chapter 7 Configuring Security Policies
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .133
Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Saving changes without activating the policies . . . . . . . . . . . .135
Activating policy changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Adding a member to an existing ACL policy . . . . . . . . . . . . . . .136
Removing a member from an ACL policy . . . . . . . . . . . . . . . . .136
Aborting unsaved policy changes . . . . . . . . . . . . . . . . . . . . . . .136
FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .138
Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .139
FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
DCC policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
SCC policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .144
E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .147
AUTH policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148
Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .149
FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .150
Fabric-wide distribution of the Auth policy . . . . . . . . . . . . . . . .153
IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Deleting an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .157
Deleting a rule to an IP Filter policy . . . . . . . . . . . . . . . . . . . . .157
Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .157
IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Fabric OS Administrator’s Guide xi
53-1001763-02
Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .159
ACL policy distribution to other switches . . . . . . . . . . . . . . . . .160
Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .162
Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
IPsec protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Authentication and encryption algorithms . . . . . . . . . . . . . . . .167
IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
IKE policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Example of an End-to-End Transport Tunnel mode . . . . . . . . .172
Chapter 8 Maintaining the Switch Configuration File
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Uploading a configuration file in interactive mode . . . . . . . . .179
Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Configuration download without disabling a switch . . . . . . . .182
Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Downloading a configuration file from one switch to another same
model switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Configuration management for Virtual Fabrics. . . . . . . . . . . . . . . .184
Uploading a configuration file from a switch with Virtual Fabrics
enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
Restoring logical switch configuration using configDownload185
Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Chapter 9 Installing and Maintaining Firmware
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .189
Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .190
Considerations for FICON CUP environments . . . . . . . . . . . . .191
HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .192
Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Finding the switch firmware version . . . . . . . . . . . . . . . . . . . . .193
Obtain and decompress firmware . . . . . . . . . . . . . . . . . . . . . .193
xii Fabric OS Administrator’s Guide
53-1001763-02
Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Switch firmware download process overview. . . . . . . . . . . . . .194
Firmware download on an enterprise-class platform . . . . . . . . . . .196
Enterprise-class platform firmware download process overview196
Firmware download from a USB device. . . . . . . . . . . . . . . . . . . . . .200
Enabling USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Downloading from USB using the relative path . . . . . . . . . . . .200
Downloading from USB using the absolute path . . . . . . . . . . .200
FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Public and Private Key Management . . . . . . . . . . . . . . . . . . . .201
The firmwareDownload Command . . . . . . . . . . . . . . . . . . . . . .201
Power-on Firmware Checksum Test . . . . . . . . . . . . . . . . . . . . .202
Test and restore firmware on switches . . . . . . . . . . . . . . . . . . . . . .203
Testing a different firmware version on a switch . . . . . . . . . . .203
Test and restore firmware on enterprise-class platforms. . . . . . . .204
Testing different firmware versions on enterprise-class platforms205
Validating a firmware download. . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Chapter 10 Managing Virtual Fabrics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .212
Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .212
Logical switches and connected devices . . . . . . . . . . . . . . . . .213
Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
Logical fabric and ISL sharing . . . . . . . . . . . . . . . . . . . . . . . . . .216
Management model for logical switches. . . . . . . . . . . . . . . . . . . . .219
Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .220
Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .220
Supported port configurations in the Brocade 5100, 5300, and VA-
40FC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220
Supported port configurations in the Brocade DCX and DCX-4S221
Virtual Fabrics interaction with other Fabric OS features . . . .221
Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .222
Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .223
Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Configuring logical switches to use basic configuration values. . .225
Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .225
Executing a command in a different logical fabric context . . . . . .227
Fabric OS Administrator’s Guide xiii
53-1001763-02
Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Adding and removing ports on a logical switch. . . . . . . . . . . . . . . .229
Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .230
Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .230
Changing a logical switch to a base switch . . . . . . . . . . . . . . . . . . .231
Setting up IP addresses for a Virtual Fabric . . . . . . . . . . . . . . . . . .232
Removing an IP address for a Virtual Fabric . . . . . . . . . . . . . . . . . .232
Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .232
Changing the context to a different logical fabric . . . . . . . . . . . . . .233
Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .234
Chapter 11 Administering Advanced Zoning
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Special zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Zone configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Considerations for zoning architecture . . . . . . . . . . . . . . . . . .243
Best practices for zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .244
Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .245
High availability considerations with broadcast zones . . . . . .246
Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .246
Broadcast zones and default zoning . . . . . . . . . . . . . . . . . . . .246
Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .247
Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
Viewing an alias in the defined configuration . . . . . . . . . . . . .248
Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .249
Removing devices (members) from a zone . . . . . . . . . . . . . . .250
Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250
Viewing a zone in the defined configuration . . . . . . . . . . . . . .251
Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
Default zoning mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .252
Viewing the current default zone access mode. . . . . . . . . . . .253
Zoning database size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
xiv Fabric OS Administrators Guide
53-1001763-02
Zoning configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Creating a zoning configuration . . . . . . . . . . . . . . . . . . . . . . . .254
Adding zones (members) to a zoning configuration . . . . . . . .254
Removing zones (members) from a zone configuration . . . . .255
Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .255
Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .256
Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .256
Clearing changes to a configuration. . . . . . . . . . . . . . . . . . . . .257
Viewing all zone configuration information . . . . . . . . . . . . . . .257
Viewing selected zone configuration information . . . . . . . . . .258
Viewing the configuration in the effective zone database . . .258
Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .258
Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Zoning configuration management . . . . . . . . . . . . . . . . . . . . . . . . .261
New switch or fabric additions . . . . . . . . . . . . . . . . . . . . . . . . .261
Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .263
Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264
Chapter 12 Traffic Isolation Zoning
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267
Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .267
TI zone failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .270
Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272
Traffic Isolation Zoning over FC routers . . . . . . . . . . . . . . . . . . . . . .273
TI within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
TI within a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .276
General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Supported configurations for Traffic Isolation Zoning . . . . . . . . . .277
Additional configuration rules for enhanced TI zones. . . . . . .278
Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .278
Admin Domain considerations for Traffic Isolation Zoning . . . . . .279
Virtual Fabric considerations for Traffic Isolation Zoning. . . . . . . .279
Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .281
Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .284
Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
Fabric OS Administrator’s Guide xv
53-1001763-02
Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Setting up TI over FCR (sample procedure). . . . . . . . . . . . . . . . . . .287
Chapter 13 Administering NPIV
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
Viewing NPIV port configuration information . . . . . . . . . . . . . . . . .294
Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .296
Chapter 14 Interoperability for Merged SANs
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Interoperability overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Connectivity solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298
Domain ID offset modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
Configuring the Domain_ID offset . . . . . . . . . . . . . . . . . . . . . .301
McDATA Fabric mode configuration restrictions . . . . . . . . . . . . . . .301
McDATA Open Fabric mode configuration restrictions . . . . . . . . . .302
Interoperability support for logical switches . . . . . . . . . . . . . . . . . .302
Switch configurations for interoperability . . . . . . . . . . . . . . . . . . . .303
Enabling McDATA Open Fabric mode . . . . . . . . . . . . . . . . . . . .303
Enabling McDATA Fabric mode . . . . . . . . . . . . . . . . . . . . . . . . .304
Enabling Brocade Native mode. . . . . . . . . . . . . . . . . . . . . . . . .305
Zone management in interoperable fabrics . . . . . . . . . . . . . . . . . .306
Zoning restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Zone name restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Zoning modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Setting the safe zone mode on a stand-alone switch . . . . . . .308
Setting the safe zone mode fabric-wide. . . . . . . . . . . . . . . . . .308
Disabling safe zone mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308
Effective zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Saving the effective zone configuration to the Defined Database309
Frame Redirection in interoperable fabrics. . . . . . . . . . . . . . . . . . .310
Traffic Isolation zones in interoperable fabrics . . . . . . . . . . . . . . . .310
Brocade SANtegrity implementation in mixed fabric SANS . . . . . .311
Fabric OS Layer 2 Fabric Binding . . . . . . . . . . . . . . . . . . . . . . .311
xvi Fabric OS Administrators Guide
53-1001763-02
E_Port authentication between Fabric OS and M-EOS switches . .311
Switch authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .313
Dumb switch authentication . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Authentication of EX_Port, VE_Port, and VEX_Port connections316
Authentication of VE_Port-to-VE_Port connections . . . . . . . . . 317
Authentication of VEX_Port-to-VE_Port connections . . . . . . . .320
Authentication of VEX_Port-to-VEX_Port connections . . . . . . .321
FCR SANtegrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Fabric Binding behavior in a mixed fabric . . . . . . . . . . . . . . . .322
Translate domains do not have Preferred or Insistent Domain ID
behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Configuring the preferred domain ID and the insistent domain ID322
FICON implementation in a mixed fabric. . . . . . . . . . . . . . . . . . . . .323
Fabric OS version change restrictions in an interoperable environment
323
Coordinated Hot Code Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324
Bypassing the Coordinated HCL check on firmware download324
Coordinated HCL on switches firmware downloads . . . . . . . .325
Upgrade and downgrade considerations for HCL for interoperability
325
McDATA-aware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
McDATA-unaware features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326
M-EOS feature limitations in mixed fabrics . . . . . . . . . . . . . . .328
Supported hardware in an interoperable environment . . . . . . . . .329
Supported features in an interoperable environment . . . . . . . . . .331
Unsupported features in an interoperable environment . . . . . . . .334
Chapter 15 Managing Administrative Domains
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .335
Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .337
Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .338
User-defined Administrative Domains . . . . . . . . . . . . . . . . . . .338
System-defined Administrative Domains . . . . . . . . . . . . . . . . .338
Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .341
Admin Domains and switch WWN. . . . . . . . . . . . . . . . . . . . . . .342
Admin Domain compatibility, availability, and merging . . . . . .344
Fabric OS Administrator’s Guide xvii
53-1001763-02
Admin Domain management for physical fabric administrators . .344
Setting the default zoning mode for Admin Domains . . . . . . .344
Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .345
User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .346
Removing an Admin Domain from a user account . . . . . . . . .348
Activating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .349
Adding members to an existing Admin Domain . . . . . . . . . . . .349
Removing members from an Admin Domain . . . . . . . . . . . . . .350
Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .350
Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .351
Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .352
Deleting all user-defined Admin Domains non-disruptively . .352
Validating an Admin Domain member list . . . . . . . . . . . . . . . .356
SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .356
CLI commands in an AD context . . . . . . . . . . . . . . . . . . . . . . . .357
Executing a command in a different AD context . . . . . . . . . . .357
Displaying an Admin Domain configuration . . . . . . . . . . . . . . .358
Switching to a different Admin Domain context. . . . . . . . . . . .358
Admin Domain interactions with other Fabric OS features . . .359
Admin Domains, zones, and zone databases . . . . . . . . . . . . .360
Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .362
Configuration upload and download in an AD context . . . . . .362
Section II Licensed Features
Chapter 16 Administering Licensing
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
The Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . 371
ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Upgrade/downgrade considerations . . . . . . . . . . . . . . . . . . . .373
Adding a license to a slot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Removing a license from a slot. . . . . . . . . . . . . . . . . . . . . . . . .373
Time-based licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Configupload and download considerations . . . . . . . . . . . . . . 374
Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Universal Time-based licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Universal Time-based license expiration date . . . . . . . . . . . . . 374
Extending a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Deleting a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Date change restriction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Universal Time-based license shelf life . . . . . . . . . . . . . . . . . .375
xviii Fabric OS Administrator’s Guide
53-1001763-02
Viewing installed licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Activating a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Adding a licensed feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Removing a licensed feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377
Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377
Activating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Displaying the port license assignments . . . . . . . . . . . . . . . . .379
Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . .380
Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . .380
Reserving a port license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381
Releasing a port from a POD set. . . . . . . . . . . . . . . . . . . . . . . .382
Chapter 17 Monitoring Fabric Performance
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Advanced Performance Monitoring overview . . . . . . . . . . . . . . . . .383
Types of monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Virtual Fabrics considerations for Advanced Performance Monitoring
384
End-to-end performance monitoring . . . . . . . . . . . . . . . . . . . . . . . .385
End-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
Adding end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . .386
Setting a mask for an end-to-end monitor . . . . . . . . . . . . . . . .387
Deleting end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . .388
Frame monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389
Creating frame types to be monitored . . . . . . . . . . . . . . . . . . .390
Deleting frame types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
Adding frame monitors to a port. . . . . . . . . . . . . . . . . . . . . . . .391
Removing frame monitors from a port . . . . . . . . . . . . . . . . . . .391
Saving frame monitor configuration . . . . . . . . . . . . . . . . . . . . .391
Displaying frame monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
Clearing frame monitor counters . . . . . . . . . . . . . . . . . . . . . . .392
ISL performance monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393
Top Talker monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393
Adding a Top Talker monitor on an F_Port . . . . . . . . . . . . . . . .394
Adding Top Talker monitors on all switches in the fabric (fabric mode)
394
Displaying the top n bandwidth-using flows on an F_Port . . .395
Displaying top talking flows for a given domain ID (fabric mode)396
Deleting a Top Talker monitor on an F_Port. . . . . . . . . . . . . . .396
Deleting the fabric mode Top Talker monitors . . . . . . . . . . . . .396
Limitations of Top Talker monitors . . . . . . . . . . . . . . . . . . . . . .397
Trunk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397
Displaying end-to-end and ISL monitor counters . . . . . . . . . . . . . .397
Clearing end-to-end and ISL monitor counters . . . . . . . . . . . . . . . .398
Saving and restoring monitor configurations . . . . . . . . . . . . . . . . .399
Fabric OS Administrator’s Guide xix
53-1001763-02
Performance data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Chapter 18 Optimizing Fabric Behavior
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401
Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401
Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402
Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .403
Disabling ingress rate limiting. . . . . . . . . . . . . . . . . . . . . . . . . .403
QoS: SID/DID traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . .403
License requirements for traffic prioritization . . . . . . . . . . . . .404
QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406
QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407
QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408
Virtual Fabric considerations for traffic prioritization . . . . . . .409
High availability considerations for traffic prioritization . . . . .410
Supported configurations for traffic prioritization . . . . . . . . . . 410
Upgrade considerations for traffic prioritization . . . . . . . . . . . 410
Limitations and restrictions for traffic prioritization . . . . . . . .413
Setting traffic prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Setting traffic prioritization over FC routers . . . . . . . . . . . . . . . . . .415
Disabling QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416
Bottleneck detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416
Supported configurations for bottleneck detection. . . . . . . . . 417
How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . . 417
Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . . 417
High availability considerations for bottleneck detection . . . . 417
Upgrade and downgrade considerations for bottleneck detection418
Trunking considerations for bottleneck detection . . . . . . . . . . 418
Virtual Fabrics considerations for bottleneck detection . . . . .418
Access Gateway considerations for bottleneck detection. . . .418
Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . . 419
Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .419
Displaying bottleneck detection configuration details . . . . . . . . . .420
Changing bottleneck alert parameters . . . . . . . . . . . . . . . . . . . . . .420
Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .422
Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .423
Chapter 19 Managing Trunking Connections
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425
Criteria for managing trunking connections. . . . . . . . . . . . . . .426
Supported hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
Recommendations for trunking groups . . . . . . . . . . . . . . . . . . . . . .427
xx Fabric OS Administrators Guide
53-1001763-02
Basic trunk group configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Re-initializing ports for trunking . . . . . . . . . . . . . . . . . . . . . . . .428
Enabling Trunking on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Enabling Trunking on a switch . . . . . . . . . . . . . . . . . . . . . . . . .428
Displaying trunking information . . . . . . . . . . . . . . . . . . . . . . . .429
Trunking over long distance fabrics . . . . . . . . . . . . . . . . . . . . . . . . .430
F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431
Prerequisites for F_Port trunking . . . . . . . . . . . . . . . . . . . . . . .431
Enabling F_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
F_Port trunking in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . .432
F_Port trunking considerations for Virtual Fabrics . . . . . . . . .433
F_Port masterless trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433
F_Port masterless trunking considerations . . . . . . . . . . . . . . .435
Assigning a Trunk Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
Enabling the DCC policy on a Trunk Area . . . . . . . . . . . . . . . . .439
Chapter 20 Managing Long Distance Fabrics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .441
Long distance fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .441
Extended Fabrics device limitations . . . . . . . . . . . . . . . . . . . . . . . .442
Long distance link modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
Configuring an extended ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Enabling long distance when connecting to TDM devices . . .444
Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445
Buffer-to-Buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .445
Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .446
Fibre Channel gigabit values reference definition. . . . . . . . . .447
Allocating buffer credits based on full-size frames . . . . . . . . .447
Allocating buffer credits based on average-size frames . . . . .449
Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .450
Displaying the remaining buffers in a port group . . . . . . . . . .450
Buffer credits for each switch model . . . . . . . . . . . . . . . . . . . .451
Maximum configurable distances for Extended Fabrics . . . . .452
Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453
Chapter 21 Using the FC-FC Routing Service
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455
FC-FC routing service overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .455
Supported platforms for Fibre Channel routing . . . . . . . . . . . .456
Supported configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456
Integrated Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457
/