Fabric OS Administrator’s Guide V7.2.0 1507967232powerconnect B Dcx4s Administrator Guide6 En Us

User Manual: DELL POWERCONNECT B-DCX-4S BACKBONE pdf | FreeUserManuals.com

Open the PDF directly: View PDF .
Page Count: 694 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Contents (High Level)
Contents
Figures
Tables
About This Document
- Supported hardware and software
- What’s new in this document
- Document conventions
- Notice to the reader
- Additional information
- Getting technical help
- Document feedback
Understanding Fibre Channel Services
- Fibre Channel services overview
- Management server
- Platform services
- Management server database
- Topology discovery
- Device login
- High availability of daemon processes
Performing Basic Configuration Tasks
- Fabric OS overview
- Fabric OS command line interface
- Password modification
  - Default account passwords
    - Changing the default account passwords at login
- The switch Ethernet interface
- Date and time settings
- Domain IDs
- Switch names
  - Customizing the switch name
- Chassis names
  - Customizing chassis names
- Fabric name
- Switch activation and deactivation
- Switch and Backbone shutdown
  - Powering off a Brocade switch
  - Powering off a Brocade Backbone
- Basic connections
  - Device connection
  - Switch connection
Performing Advanced Configuration Tasks
- Port identifiers (PIDs) and PID binding overview
- Ports
- Blade terminology and compatibility
- Enabling and disabling blades
  - Enabling blades
    - FC8-48, FC8-48E, FC8-64, and FC16-48 port blade enabling exceptions
  - Disabling blades
- Blade swapping
  - How blades are swapped
  - Swapping blades
- Disabling switches
- Power management
  - Powering off a port blade
  - Powering on a port blade
- Equipment status
- Audit log configuration
  - Verifying host syslog prior to configuring the audit log
  - Configuring an audit log for specific event classes
- Duplicate PWWN handling during device login
- Enabling forward error correction
  - FEC Limitations
  - Using the portCfgFec command
Routing Traffic
- Routing overview
- Inter-switch links
- Gateway links
  - Configuring a link through a gateway
- Routing policies
- Route selection
  - Dynamic Load Sharing
    - Setting DLS
- Frame order delivery
- Lossless Dynamic Load Sharing on ports
- Frame Redirection
Buffer-to-Buffer Credits and Credit Recovery
- Buffer credit management
- Buffer credit recovery
- Credit loss
Managing User Accounts
- User accounts overview
- Local database user accounts
  - Default accounts
  - Local account passwords
    - Changing the password for the current login account
    - Changing the password for a different account
- Local user account database distribution
- Password policies
- The boot PROM password
- Remote authentication
Configuring Protocols
- Security protocols
- Secure Copy
  - Setting up SCP for configuration uploads and downloads
- Secure Shell protocol
  - SSH public key authentication
- Secure Sockets Layer protocol
- Simple Network Management Protocol
- Telnet protocol
  - Blocking Telnet
  - Unblocking Telnet
- Listener applications
- Ports and applications used by switches
  - Port configuration
Configuring Security Policies
- ACL policies overview
  - How the ACL policies are stored
  - Policy members
- ACL policy management
- FCS policies
- Device Connection Control policies
- SCC Policies
  - Creating an SCC policy
- Authentication policy for fabric elements
- IP Filter policy
- Policy database distribution
- Management interface security
Maintaining the Switch Configuration File
- Configuration settings
  - Configuration file format
    - Chassis section
    - Switch section
- Configuration file backup
  - Uploading a configuration file in interactive mode
- Configuration file restoration
  - Restrictions
  - Configuration download without disabling a switch
    - Restoring a configuration
- Configurations across a fabric
  - Downloading a configuration file from one switch to another switch of the same model
  - Security considerations
- Configuration management for Virtual Fabrics
- Brocade configuration form
Installing and Maintaining Firmware
- Firmware download process overview
- Preparing for a firmware download
  - Obtaining and decompressing firmware
  - Connected switches
    - Finding the switch firmware version
- Firmware download on switches
  - Switch firmware download process overview
    - Upgrading firmware for Brocade fixed-port switches
- Firmware download on a Backbone
  - Backbone firmware download process overview
    - Upgrading firmware on Backbones (including blades)
- Firmware download from a USB device
- FIPS support
- Testing and restoring firmware on switches
  - Testing a different firmware version on a switch
- Testing and restoring firmware on Backbones
  - Testing different firmware versions on Backbones
- Validating a firmware download
Managing Virtual Fabrics
- Virtual Fabrics overview
- Logical switch overview
  - Default logical switch
  - Logical switches and fabric IDs
  - Port assignment in logical switches
  - Logical switches and connected devices
- Management model for logical switches
- Logical fabric overview
  - Logical fabric and ISLs
  - Base switch and extended ISLs
- Account management and Virtual Fabrics
- Supported platforms for Virtual Fabrics
  - Supported port configurations in the fixed-port switches
    - Restrictions on fixed-port switches
  - Supported port configurations in Brocade Backbones
    - Restrictions on Brocade Backbones
  - Virtual Fabrics interaction with other Fabric OS features
- Limitations and restrictions of Virtual Fabrics
  - Restrictions on XISLs
  - Restrictions on moving ports
- Enabling Virtual Fabrics mode
- Disabling Virtual Fabrics mode
- Configuring logical switches to use basic configuration values
- Creating a logical switch or base switch
- Executing a command in a different logical switch context
- Deleting a logical switch
- Adding and moving ports on a logical switch
- Displaying logical switch configuration
- Changing the fabric ID of a logical switch
- Changing a logical switch to a base switch
- Setting up IP addresses for a logical switch
- Removing an IP address for a logical switch
- Configuring a logical switch to use XISLs
- Changing the context to a different logical fabric
- Creating a logical fabric using XISLs
Administering Advanced Zoning
- Zone types
- Zoning overview
- Broadcast zones
- Zone aliases
- Zone creation and maintenance
- Default zoning mode
  - Setting the default zoning mode
  - Viewing the current default zone access mode
- Zone database size
- Zone configurations
- Zone object maintenance
- Zone configuration management
- Security and zoning
- Zone merging
  - Fabric segmentation and zoning
  - Zone merging scenarios
- Concurrent zone transactions
  - Viewing zone database transactions
Traffic Isolation Zoning
- Traffic Isolation Zoning overview
- TI zone failover
  - Additional considerations when disabling failover
  - FSPF routing rules and traffic isolation
- Enhanced TI zones
  - Illegal configurations with enhanced TI zones
    - Illegal ETIZ configuration: separate paths from a port to devices on same domain
    - Illegal ETIZ configuration: separate paths from a single port to the same domain
- Traffic Isolation Zoning over FC routers
- Fabric-Level Traffic Isolation in a backbone fabric
- General rules for TI zones
  - Traffic Isolation Zone violation handling for trunk ports
- Supported configurations for Traffic Isolation Zoning
  - Additional configuration rules for enhanced TI zones
  - Trunking with TI zones
- Limitations and restrictions of Traffic Isolation Zoning
- Admin Domain considerations for Traffic Isolation Zoning
- Virtual Fabrics considerations for Traffic Isolation Zoning
- Traffic Isolation Zoning over FC routers with Virtual Fabrics
- Creating a TI zone
  - Creating a TI zone in a base fabric
- Modifying TI zones
- Changing the state of a TI zone
- Deleting a TI zone
- Displaying TI zones
- Troubleshooting TI zone routing problems
- Setting up TI zones over FCR (sample procedure)
Optimizing Fabric Behavior
- Adaptive Networking overview
- Ingress Rate Limiting
- QoS
  - License requirements for QoS
- CS_CTL-based frame prioritization
- QoS zone-based traffic prioritization
- QoS zones
- Setting QoS zone-based traffic prioritization
- Setting QoS zone-based traffic prioritization over FC routers
- Disabling QoS zone-based traffic prioritization
Bottleneck Detection
- Bottleneck detection overview
  - Types of bottlenecks
  - How bottlenecks are reported
- Supported configurations for bottleneck detection
- Enabling bottleneck detection on a switch
- Displaying bottleneck detection configuration details
- Setting bottleneck detection alerts
- Changing bottleneck detection parameters
  - Examples of applying and changing bottleneck detection parameters
    - Adjusting the frequency of bottleneck alerts
- Advanced bottleneck detection settings
- Excluding a port from bottleneck detection
- Displaying bottleneck statistics
- Disabling bottleneck detection on a switch
In-flight Encryption and Compression
- In-flight encryption and compression overview
- Configuring in-flight encryption and compression on an EX_Port
- Configuring in-flight encryption and compression on an E_Port
- Viewing the encryption and compression configuration
- Configuring and enabling authentication for in-flight encryption
- Enabling in-flight encryption
- Enabling in-flight compression
- Disabling in-flight encryption
- Disabling in-flight compression
Diagnostic Port
- Diagnostic Port
- Supported platforms for D_Port
- Licensing requirements for D_Port
- Understanding D_Port
- Supported topologies
- Using D_Port without HBAs
  - Enabling D_Port
  - Disabling D_Port
- Using D_Port with HBAs
- Controlling testing
- Example test scenarios and output
  - Confirming SFP and link status with an HBA
  - Starting and stopping D_Port testing
NPIV
- NPIV overview
- Configuring NPIV
- Enabling and disabling NPIV
- Viewing NPIV port configuration information
  - Viewing virtual PID login information
Fabric-Assigned PWWN
- Fabric-Assigned PWWN overview
- User- and auto-assigned FA-PWWN behavior
- Configuring an FA-PWWN for an HBA connected to an Access Gateway
- Configuring an FA-PWWN for an HBA connected to an edge switch
- Supported switches and configurations for FA-PWWN
- Configuration upload and download considerations for FA-PWWN
- Security considerations for FA-PWWN
- Restrictions of FA-PWWN
- Access Gateway N_Port failover with FA-PWWN
Managing Administrative Domains
- Administrative Domains overview
- Admin Domain management for physical fabric administrators
- SAN management with Admin Domains
Administering Licensing
- Licensing overview
- Brocade 7800 Upgrade license
- ICL licensing
- 8G licensing
- Slot-based licensing
- 10G licensing
  - Enabling 10 Gbps operation on an FC port
  - Enabling the 10-GbE ports on an FX8-24 blade
- Temporary licenses
- Viewing installed licenses
- Activating a license
- Adding a licensed feature
- Removing a licensed feature
- Ports on Demand
Inter-chassis Links
- Inter-chassis links
  - License requirements for ICLs
- ICLs for the Brocade DCX 8510 Backbone family
  - ICL trunking on the Brocade DCX 8510-8 and DCX 8510-4
- ICLs for the Brocade DCX Backbone family
  - ICL trunking on the Brocade DCX and DCX-4S
- Virtual Fabrics considerations for ICLs
- Supported topologies for ICL connections
  - Mesh topology
  - Core-edge topology
Monitoring Fabric Performance
- Advanced Performance Monitoring overview
- End-to-end performance monitoring
- Frame monitoring
- Top Talker monitors
- Trunk monitoring
  - Trunk monitoring considerations
- Saving and restoring monitor configurations
- Performance data collection
Managing Trunking Connections
- Trunking overview
- Supported platforms for trunking
- Supported configurations for trunking
  - High Availability support for trunking
- Requirements for trunk groups
- Recommendations for trunk groups
- Configuring trunk groups
- Enabling trunking
- Disabling trunking
- Displaying trunking information
- Trunk Area and Admin Domains
  - Example of Trunk Area assignment on port domain,index
- ISL trunking over long-distance fabrics
- EX_Port trunking
- F_Port trunking
- Displaying F_Port trunking information
- Disabling F_Port trunking
- Enabling the DCC policy on a trunk area
Managing Long-Distance Fabrics
- Long-distance fabrics overview
- Extended Fabrics device limitations
- Long-distance link modes
- Configuring an extended ISL
  - Enabling long distance when connecting to TDM devices
- Forward error correction on long-distance links
  - Enabling FEC on a long-distance link
  - Disabling FEC on a long-distance link
Using FC-FC Routing to Connect Fabrics
- FC-FC routing overview
- Fibre Channel routing concepts
- Setting up FC-FC routing
  - Verifying the setup for FC-FC routing
- Backbone fabric IDs
  - Assigning backbone fabric IDs
- FCIP tunnel configuration
- Inter-fabric link configuration
  - Configuring an IFL for both edge and backbone connections
  - Configuring EX_Ports on an ICL
- FC router port cost configuration
  - Port cost considerations
  - Setting router port cost for an EX_Port
- Shortest IFL cost configuration
  - Configuring shortest IFL cost
- EX_Port frame trunking configuration
- LSAN zone configuration
- Proxy PID configuration
- Fabric parameter considerations
- Inter-fabric broadcast frames
- Resource monitoring
- FC-FC routing and Virtual Fabrics
  - Logical switch configuration for FC routing
  - Backbone-to-edge routing with Virtual Fabrics
- Upgrade and downgrade considerations for FC-FC routing
  - How replacing port blades affects EX_Port configuration
- Displaying the range of output ports connected to xlate domains
Port Indexing
FIPS Support
- FIPS overview
- Zeroization functions
  - Power-on self-tests
  - Conditional tests
- FIPS mode configuration
  - LDAP in FIPS mode
    - Setting up LDAP for FIPS mode
  - LDAP certificates for FIPS mode
- Preparing a switch for FIPS
Hexadecimal Conversion
- Example conversion of the hexadecimal triplet Ox616000
- Decimal-to-hexadecimal conversion table
Index

53-1002920-02

9 September 2013

Fabric OS

Administrator’s Guide

Supporting Fabric OS 7.2.0

ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and

Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of

Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names

mentioned may be trademarks of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning

any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to

this document at any time, without notice, and assumes no responsibility for its use. This informational document describes

features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.

Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with

respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that

accompany it.

The product described by this document may contain “open source” software covered by the GNU General Public License or other

open source license agreements. To find out which open source software is included in Brocade products, view the licensing

terms applicable to the open source software, and obtain a copy of the programming source code, please visit

http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Document History

Corporate and Latin American Headquarters

Brocade Communications Systems, Inc.

130 Holger Way

San Jose, CA 95134

Tel: 1-408-333-8000

Fax: 1-408-333-8101

E-mail: info@brocade.com

Asia-Pacific Headquarters

Brocade Communications Systems China HK, Ltd.

No. 1 Guanghua Road

Chao Yang District

Units 2718 and 2818

Beijing 100020, China

Tel: +8610 6588 8888

Fax: +8610 6588 9999

E-mail: china-info@brocade.com

European Headquarters

Brocade Communications Switzerland Sàrl

Centre Swissair

Tour B - 4ème étage

29, Route de l'Aéroport

Case Postale 105

CH-1215 Genève 15

Switzerland

Tel: +41 22 799 5640

Fax: +41 22 799 5641

E-mail: emea-info@brocade.com

Asia-Pacific Headquarters

Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)

Citic Plaza

No. 233 Tian He Road North

Unit 1308 – 13th Floor

Guangzhou, China

Tel: +8620 3891 2000

Fax: +8620 3891 2111

E-mail: china-info@brocade.com

Title Publication number Summary of changes Date

Fabric OS Administrator’s Guide 53-1002920-01 Added Fabric OS v7.2.0 software features

and support for embedded switches:

Brocade 5431, M6505, and 6547.

July 2013

Fabric OS Administrator’s Guide 53-1002920-02 Corrections and additions for the Fabric OS

7.2.0a release.

September 2013

Fabric OS Administrator’s Guide 3

53-1002920-02

Contents (High Level)

Section I Standard Features

Chapter 1 Understanding Fibre Channel Services . . . . . . . . . . . . . . . . . . . . . . . . .45

Chapter 2 Performing Basic Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Chapter 3 Performing Advanced Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .83

Chapter 4 Routing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Chapter 5 Buffer-to-Buffer Credits and Credit Recovery. . . . . . . . . . . . . . . . . . . .135

Chapter 6 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Chapter 7 Configuring Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Chapter 8 Configuring Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

Chapter 9 Maintaining the Switch Configuration File . . . . . . . . . . . . . . . . . . . . . .277

Chapter 10 Installing and Maintaining Firmware . . . . . . . . . . . . . . . . . . . . . . . . . .289

Chapter 11 Managing Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Chapter 12 Administering Advanced Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Chapter 13 Traffic Isolation Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Chapter 14 Optimizing Fabric Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

Chapter 15 Bottleneck Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

Chapter 16 In-flight Encryption and Compression . . . . . . . . . . . . . . . . . . . . . . . . .445

Chapter 17 Diagnostic Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Chapter 18 NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Chapter 19 Fabric-Assigned PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479

Chapter 20 Managing Administrative Domains . . . . . . . . . . . . . . . . . . . . . . . . . . .485

Section II Licensed Features

Chapter 21 Administering Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Chapter 22 Inter-chassis Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543

Chapter 23 Monitoring Fabric Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551

Chapter 24 Managing Trunking Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569

4Fabric OS Administrator’s Guide

53-1002920-02

Chapter 25 Managing Long-Distance Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Chapter 26 Using FC-FC Routing to Connect Fabrics . . . . . . . . . . . . . . . . . . . . . . .593

Appendix A Port Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641

Appendix B FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Appendix C Hexadecimal Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657

Fabric OS Administrator’s Guide 5

53-1002920-02

Contents

About This Document

Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . 35

What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Section I Standard Features

Chapter 1 Understanding Fibre Channel Services

Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Platform services and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . 47

Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Displaying the management server ACL. . . . . . . . . . . . . . . . . . .48

Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . . 49

Viewing the contents of the management server database . . . 50

Clearing the management server database . . . . . . . . . . . . . . . 51

Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . 51

Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Disabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

E_Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Fabric login process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

RSCNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Duplicate Port World Wide Name . . . . . . . . . . . . . . . . . . . . . . . . 55

High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . .55

6Fabric OS Administrator’s Guide

53-1002920-02

Chapter 2 Performing Basic Configuration Tasks

Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . .58

Console sessions using the serial port. . . . . . . . . . . . . . . . . . . .58

Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Viewing a history of command line entries . . . . . . . . . . . . . . . . 61

Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

The switch Ethernet interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Virtual Fabrics and the Ethernet interface. . . . . . . . . . . . . . . . .65

Management Ethernet port bonding . . . . . . . . . . . . . . . . . . . . .65

Displaying the network interface settings . . . . . . . . . . . . . . . . .66

Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Time zone settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Fabric name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Configuring the fabric name . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

High availability considerations for fabric names . . . . . . . . . . . 78

Upgrade and downgrade considerations for fabric names. . . .78

Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . .78

Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Disabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Enabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Switch and Backbone shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . .80

Powering off a Brocade Backbone . . . . . . . . . . . . . . . . . . . . . . . 81

Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Fabric OS Administrator’s Guide 7

53-1002920-02

Chapter 3 Performing Advanced Configuration Tasks

Port identifiers (PIDs) and PID binding overview . . . . . . . . . . . . . . .83

Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Port Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Backbone port blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Port identification by slot and port number . . . . . . . . . . . . . . . .89

Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . .90

Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Configuring a device-switch connection . . . . . . . . . . . . . . . . . . .90

Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Port activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . .92

Port decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Setting port modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93

Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Setting all ports on a switch to the same speed . . . . . . . . . . . .94

Setting port speed for a port octet . . . . . . . . . . . . . . . . . . . . . . .95

Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .95

CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Port and application blade compatibility . . . . . . . . . . . . . . . . . .98

FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Blade swapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

How blades are swapped . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Disabling switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Verifying High Availability features (Backbones only) . . . . . . .104

Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Viewing the switch status policy threshold values. . . . . . . . . .105

Setting the switch status policy threshold values . . . . . . . . . .106

Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Verifying host syslog prior to configuring the audit log . . . . . .109

Configuring an audit log for specific event classes . . . . . . . . .109

8Fabric OS Administrator’s Guide

53-1002920-02

Duplicate PWWN handling during device login . . . . . . . . . . . . . . . .110

Setting 0, First login precedence . . . . . . . . . . . . . . . . . . . . . . .110

Setting 1, Second login precedence. . . . . . . . . . . . . . . . . . . . .110

Setting 2, Mixed precedence . . . . . . . . . . . . . . . . . . . . . . . . . .110

Setting the behavior for handling duplicate PWWNs. . . . . . . .111

Enabling forward error correction . . . . . . . . . . . . . . . . . . . . . . . . . .111

FEC Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

Using the portCfgFec command . . . . . . . . . . . . . . . . . . . . . . . .112

Chapter 4 Routing Traffic

Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Paths and route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Congestion versus over-subscription . . . . . . . . . . . . . . . . . . . .119

Virtual channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . .121

Routing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Displaying the current routing policy . . . . . . . . . . . . . . . . . . . .122

Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Device-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Dynamic Path Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

AP route policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

Forcing in-order frame delivery across topology changes. . . .127

Restoring out-of-order frame delivery across topology

changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

Using Frame Viewer to understand why frames are dropped.127

Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . .129

Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130

Configuring Lossless Dynamic Load Sharing . . . . . . . . . . . . . .131

Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . .131

Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .132

Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .133

Viewing frame redirect zones . . . . . . . . . . . . . . . . . . . . . . . . . .133

Fabric OS Administrator’s Guide 9

53-1002920-02

Chapter 5 Buffer-to-Buffer Credits and Credit Recovery

Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Buffer-to-buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .136

Fibre Channel gigabit values reference definition. . . . . . . . . .137

Buffer credit allocation based on full-size frames. . . . . . . . . .137

Allocating buffer credits based on average-size frames . . . . .140

Configuring buffers for a single port directly . . . . . . . . . . . . . . 141

Configuring buffers using frame size . . . . . . . . . . . . . . . . . . . .141

Calculating the number of buffers required given the

distance, speed, and frame size. . . . . . . . . . . . . . . . . . . . . . . .142

Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .142

Monitoring buffers in a port group . . . . . . . . . . . . . . . . . . . . . .142

Buffer credits switch or blade model . . . . . . . . . . . . . . . . . . . .143

Maximum configurable distances for Extended Fabrics . . . . .144

Downgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .145

Configuring credits for a single VC . . . . . . . . . . . . . . . . . . . . . .146

Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146

Buffer credit recovery over an E_Port. . . . . . . . . . . . . . . . . . . .147

Buffer credit recovery over an F_Port. . . . . . . . . . . . . . . . . . . .147

Buffer credit recovery over an EX_Port. . . . . . . . . . . . . . . . . . .148

Enabling and disabling buffer credit recovery . . . . . . . . . . . . .148

Credit loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Back-end credit loss detection and recovery support on

Brocade 5300 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Back-end credit loss detection and recovery support on

Brocade 6520 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Enabling back-end credit loss detection and recovery . . . . . .150

Chapter 6 Managing User Accounts

User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

Management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Managing user-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . .154

Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156

Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Local user account database distribution. . . . . . . . . . . . . . . . . . . .158

Distributing the local user database . . . . . . . . . . . . . . . . . . . .158

Accepting distributed user databases on the local switch . . .158

Rejecting distributed user databases on the local switch . . .159

Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

Account lockout policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

10 Fabric OS Administrator’s Guide

53-1002920-02

The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Setting the boot PROM password for a switch with a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Setting the boot PROM password for a Backbone with a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

Setting the boot PROM password for a switch without a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

Setting the boot PROM password for a Backbone without a

recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

Remote authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Remote authentication configuration. . . . . . . . . . . . . . . . . . . .167

Setting the switch authentication mode . . . . . . . . . . . . . . . . . 171

Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Fabric OS users on the RADIUS server. . . . . . . . . . . . . . . . . . .172

Setting up a RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . .175

LDAP configuration and Microsoft Active Directory . . . . . . . . .181

LDAP configuration and OpenLDAP . . . . . . . . . . . . . . . . . . . . .184

TACACS+ service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189

Remote authentication configuration on the switch . . . . . . . .192

Configuring local authentication as backup. . . . . . . . . . . . . . .194

Chapter 7 Configuring Protocols

Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Setting up SCP for configuration uploads and downloads . . .197

Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .198

Secure Sockets Layer protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

Browser and Java support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

SSL configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204

Root certificates for the Java plugin . . . . . . . . . . . . . . . . . . . . .205

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .206

SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Management Information Base (MIB) . . . . . . . . . . . . . . . . . . .207

Basic SNMP operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Understanding MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208

Access to MIB variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208

SNMP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Loading Brocade MIBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212

Access Gateway and Brocade MIBs . . . . . . . . . . . . . . . . . . . . .216

Firmware upgrades and enabled traps . . . . . . . . . . . . . . . . . .216

Support for Administrative Domains . . . . . . . . . . . . . . . . . . . .216

Support for Role-Based Access Control . . . . . . . . . . . . . . . . . .216

Support for IPv6 addressing . . . . . . . . . . . . . . . . . . . . . . . . . . .217

Support for Virtual Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217

Configuring SNMP using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . .218

Fabric OS Administrator’s Guide 11

53-1002920-02

Telnet protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226

Blocking Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227

Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .229

Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Chapter 8 Configuring Security Policies

ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .231

Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232

ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232

Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233

Saving changes without activating the policies . . . . . . . . . . . .233

Activating ACL policy changes . . . . . . . . . . . . . . . . . . . . . . . . . .233

Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233

Adding a member to an existing ACL policy . . . . . . . . . . . . . . .234

Removing a member from an ACL policy . . . . . . . . . . . . . . . . .234

Abandoning unsaved ACL policy changes . . . . . . . . . . . . . . . .234

FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .236

Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236

Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .237

FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

Device Connection Control policies . . . . . . . . . . . . . . . . . . . . . . . . .238

DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240

DCC policy behavior with Fabric-Assigned PWWNs . . . . . . . . . 241

SCC Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242

Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243

Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .243

E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244

Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .246

AUTH policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247

Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248

Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .249

FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .251

Fabric-wide distribution of the authorization policy. . . . . . . . .253

12 Fabric OS Administrator’s Guide

53-1002920-02

IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .255

Deleting an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .258

Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .259

Deleting a rule from an IP Filter policy . . . . . . . . . . . . . . . . . . .259

Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .259

IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .261

ACL policy distribution to other switches . . . . . . . . . . . . . . . . .262

Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263

Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .264

Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .266

Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

IPsec protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269

Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269

Authentication and encryption algorithms . . . . . . . . . . . . . . . .269

IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270

IKE policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272

Example of an end-to-end transport tunnel mode. . . . . . . . . . 274

Chapter 9 Maintaining the Switch Configuration File

Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277

Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279

Uploading a configuration file in interactive mode . . . . . . . . .279

Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280

Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281

Configuration download without disabling a switch . . . . . . . .282

Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Downloading a configuration file from one switch to

another switch of the same model . . . . . . . . . . . . . . . . . . . . . .284

Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Configuration management for Virtual Fabrics. . . . . . . . . . . . . . . .285

Uploading a configuration file from a switch with

Virtual Fabrics enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

Restoring a logical switch configuration using

configDownload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287

Fabric OS Administrator’s Guide 13

53-1002920-02

Chapter 10 Installing and Maintaining Firmware

Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .289

Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .291

Considerations for FICON CUP environments . . . . . . . . . . . . .291

HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .292

Obtaining and decompressing firmware . . . . . . . . . . . . . . . . .293

Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293

Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .294

Switch firmware download process overview. . . . . . . . . . . . . .294

Firmware download on a Backbone. . . . . . . . . . . . . . . . . . . . . . . . .296

Backbone firmware download process overview. . . . . . . . . . .296

Firmware download from a USB device. . . . . . . . . . . . . . . . . . . . . .299

Enabling the USB device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Downloading from the USB device using the relative path. . .300

Downloading from the USB device using the absolute path. .300

FIPS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

Public and private key management . . . . . . . . . . . . . . . . . . . .300

The firmwareDownload command . . . . . . . . . . . . . . . . . . . . . .301

Power-on firmware checksum test . . . . . . . . . . . . . . . . . . . . . .302

Testing and restoring firmware on switches . . . . . . . . . . . . . . . . . .302

Testing a different firmware version on a switch . . . . . . . . . . .302

Testing and restoring firmware on Backbones . . . . . . . . . . . . . . . .304

Testing different firmware versions on Backbones . . . . . . . . .304

Validating a firmware download. . . . . . . . . . . . . . . . . . . . . . . . . . . .306

Chapter 11 Managing Virtual Fabrics

Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310

Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310

Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .311

Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .312

Logical switches and connected devices . . . . . . . . . . . . . . . . .313

Management model for logical switches. . . . . . . . . . . . . . . . . . . . .314

Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315

Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315

Base switch and extended ISLs . . . . . . . . . . . . . . . . . . . . . . . .316

Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .319

Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .320

Supported port configurations in the fixed-port switches. . . .320

Supported port configurations in Brocade Backbones . . . . . .321

Virtual Fabrics interaction with other Fabric OS features . . . .322

14 Fabric OS Administrator’s Guide

53-1002920-02

Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .322

Restrictions on XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323

Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .324

Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324

Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .325

Configuring logical switches to use basic configuration values. . .326

Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .326

Executing a command in a different logical switch context . . . . . .328

Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Adding and moving ports on a logical switch . . . . . . . . . . . . . . . . .329

Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .330

Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .331

Changing a logical switch to a base switch . . . . . . . . . . . . . . . . . . .331

Setting up IP addresses for a logical switch . . . . . . . . . . . . . . . . . .333

Removing an IP address for a logical switch. . . . . . . . . . . . . . . . . .333

Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .333

Changing the context to a different logical fabric . . . . . . . . . . . . . .334

Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .334

Chapter 12 Administering Advanced Zoning

Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338

Approaches to zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339

Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340

Zone configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341

Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342

Considerations for zoning architecture . . . . . . . . . . . . . . . . . .342

Best practices for zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .344

Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .345

High availability considerations with broadcast zones . . . . . .346

Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .346

Broadcast zones and default zoning mode . . . . . . . . . . . . . . .346

Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346

Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .348

Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349

Viewing an alias in the defined configuration . . . . . . . . . . . . .349

Fabric OS Administrator’s Guide 15

53-1002920-02

Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .350

Displaying existing zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350

Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350

Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .351

Removing devices (members) from a zone . . . . . . . . . . . . . . .352

Replacing zone members . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353

Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355

Viewing a zone in the defined configuration . . . . . . . . . . . . . .356

Viewing zone configuration names without case distinction .356

Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358

Default zoning mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360

Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .361

Viewing the current default zone access mode. . . . . . . . . . . .361

Zone database size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362

Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362

Creating a zone configuration. . . . . . . . . . . . . . . . . . . . . . . . . .363

Adding zones to a zone configuration . . . . . . . . . . . . . . . . . . .363

Removing members from a zone configuration. . . . . . . . . . . .364

Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .364

Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .365

Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .365

Abandoning zone configuration changes. . . . . . . . . . . . . . . . .366

Viewing all zone configuration information . . . . . . . . . . . . . . .366

Viewing selected zone configuration information . . . . . . . . . .367

Viewing the configuration in the effective zone database . . .367

Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .367

Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368

Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368

Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369

Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370

Zone configuration management. . . . . . . . . . . . . . . . . . . . . . . . . . .370

Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Zone merging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .373

Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Concurrent zone transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Viewing zone database transactions . . . . . . . . . . . . . . . . . . . .377

Chapter 13 Traffic Isolation Zoning

Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .379

TI zone failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380

Additional considerations when disabling failover . . . . . . . . .381

FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .383

Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384

Illegal configurations with enhanced TI zones. . . . . . . . . . . . .385

16 Fabric OS Administrator’s Guide

53-1002920-02

Traffic Isolation Zoning over FC routers . . . . . . . . . . . . . . . . . . . . . .386

TI zones within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . .388

TI zones within a backbone fabric . . . . . . . . . . . . . . . . . . . . . .389

Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .390

Fabric-Level Traffic Isolation in a backbone fabric . . . . . . . . . . . . .390

Fabric-Level TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391

Failover behavior for Fabric-Level TI zones . . . . . . . . . . . . . . .392

Creating a separate TI zone for each path . . . . . . . . . . . . . . . .392

Creating a single TI zone for all paths . . . . . . . . . . . . . . . . . . .393

General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394

Traffic Isolation Zone violation handling for trunk ports . . . . .395

Supported configurations for Traffic Isolation Zoning . . . . . . . . . .396

Additional configuration rules for enhanced TI zones. . . . . . .396

Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .398

Admin Domain considerations for Traffic Isolation Zoning . . . . . .398

Virtual Fabrics considerations for Traffic Isolation Zoning . . . . . . .399

Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .401

Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402

Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .404

Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405

Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .406

Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Troubleshooting TI zone routing problems . . . . . . . . . . . . . . . . . . .408

Setting up TI zones over FCR (sample procedure) . . . . . . . . . . . . .409

Chapter 14 Optimizing Fabric Behavior

Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414

Virtual Fabrics considerations. . . . . . . . . . . . . . . . . . . . . . . . . . 414

Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .415

Disabling Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . .415

QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

License requirements for QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 416

CS_CTL-based frame prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . 416

Supported configurations for CS_CTL-based frame

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

High availability considerations for CS_CTL-based frame

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Enabling CS_CTL-based frame prioritization on ports . . . . . . . 417

Disabling CS_CTL-based frame prioritization on ports . . . . . . 418

Using CS_CTL auto mode at the chassis level . . . . . . . . . . . . . 418

Considerations for using CS_CTL-based frame prioritization .418

Fabric OS Administrator’s Guide 17

53-1002920-02

QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . .419

QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419

QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421

QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421

Virtual Fabrics considerations for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422

High-availability considerations for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422

Supported configurations for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423

Limitations and restrictions for QoS zone-based traffic

prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424

Setting QoS zone-based traffic prioritization. . . . . . . . . . . . . . . . . .424

Setting QoS zone-based traffic prioritization over FC routers . . . .426

Disabling QoS zone-based traffic prioritization. . . . . . . . . . . . . . . .426

Chapter 15 Bottleneck Detection

Bottleneck detection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

Types of bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428

How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . .428

Supported configurations for bottleneck detection . . . . . . . . . . . .429

Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . .429

High availability considerations for bottleneck detection . . . .430

Upgrade and downgrade considerations for bottleneck

detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430

Trunking considerations for bottleneck detection . . . . . . . . . .430

Virtual Fabrics considerations for bottleneck detection . . . . .430

Access Gateway considerations for bottleneck detection. . . .430

Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . .431

Displaying bottleneck detection configuration details . . . . . . . . . .431

Setting bottleneck detection alerts . . . . . . . . . . . . . . . . . . . . . . . . .433

Setting both a congestion alert and a latency alert . . . . . . . .434

Setting a congestion alert only . . . . . . . . . . . . . . . . . . . . . . . . .434

Setting a latency alert only . . . . . . . . . . . . . . . . . . . . . . . . . . . .435

Changing bottleneck detection parameters . . . . . . . . . . . . . . . . . .435

Examples of applying and changing bottleneck detection

parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436

Advanced bottleneck detection settings . . . . . . . . . . . . . . . . . . . . .439

Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .440

Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .442

18 Fabric OS Administrator’s Guide

53-1002920-02

Chapter 16 In-flight Encryption and Compression

In-flight encryption and compression overview. . . . . . . . . . . . . . . .445

Supported ports for in-flight encryption and compression . . .446

In-flight encryption and compression restrictions . . . . . . . . . .446

How in-flight encryption and compression are enabled . . . . .448

Authentication and key generation for encryption and

compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448

Availability considerations for encryption and compression. .449

Virtual Fabrics considerations for encryption and

compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449

In-flight compression on long-distance ports. . . . . . . . . . . . . .450

Compression ratios for compression-enabled ports . . . . . . . .450

Configuring in-flight encryption and compression on an EX_Port .450

Configuring in-flight encryption and compression on an E_Port . .451

Viewing the encryption and compression configuration . . . . . . . .452

Configuring and enabling authentication for in-flight encryption .453

Enabling in-flight encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

Enabling in-flight compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Disabling in-flight encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Disabling in-flight compression . . . . . . . . . . . . . . . . . . . . . . . . . . . .457

Chapter 17 Diagnostic Port

Diagnostic Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Supported platforms for D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Licensing requirements for D_Port . . . . . . . . . . . . . . . . . . . . . . . . .460

Understanding D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460

Advantages of D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

D_Port configuration mode and nature of test . . . . . . . . . . . .461

General limitations and considerations for D_Port . . . . . . . . .462

Supported topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

Topology 1: ISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

Topology 2: ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

Topology 3: Access Gateways . . . . . . . . . . . . . . . . . . . . . . . . . .464

Topology 4: HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Using D_Port without HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Enabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Disabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

Using D_Port with HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467

Automatic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . .467

Dynamic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . .468

BCU D_Port commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468

Limitations and considerations for D_Port with HBAs. . . . . . .468

Controlling testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .469

Fabric OS Administrator’s Guide 19

53-1002920-02

Example test scenarios and output . . . . . . . . . . . . . . . . . . . . . . . . .469

Confirming SFP and link status with an HBA . . . . . . . . . . . . . .470

Starting and stopping D_Port testing . . . . . . . . . . . . . . . . . . . .470

Chapter 18 NPIV

NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

10-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475

Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Viewing NPIV port configuration information . . . . . . . . . . . . . . . . . 476

Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .478

Chapter 19 Fabric-Assigned PWWN

Fabric-Assigned PWWN overview. . . . . . . . . . . . . . . . . . . . . . . . . . .479

User- and auto-assigned FA-PWWN behavior . . . . . . . . . . . . . . . . .480

Configuring an FA-PWWN for an HBA connected to an

Access Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481

Configuring an FA-PWWN for an HBA connected to an edge

switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482

Supported switches and configurations for FA-PWWN. . . . . . . . . .483

Configuration upload and download considerations for

FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483

Security considerations for FA-PWWN . . . . . . . . . . . . . . . . . . . . . . .483

Restrictions of FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484

Access Gateway N_Port failover with FA-PWWN . . . . . . . . . . . . . . .484

Chapter 20 Managing Administrative Domains

Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .485

Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487

Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .487

Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .487

User-defined Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . .488

System-defined Admin Domains. . . . . . . . . . . . . . . . . . . . . . . .488

Home Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . .490

Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .491

Admin Domains and switch WWNs. . . . . . . . . . . . . . . . . . . . . .492

Admin Domain compatibility, availability, and merging . . . . . .494

20 Fabric OS Administrator’s Guide

53-1002920-02

Admin Domain management for physical fabric administrators . .494

Setting the default zoning mode for Admin Domains . . . . . . .495

Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .495

User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .496

Removing an Admin Domain from a user account . . . . . . . . .498

Activating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . .498

Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .499

Adding members to an existing Admin Domain . . . . . . . . . . . .499

Removing members from an Admin Domain . . . . . . . . . . . . . .500

Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .500

Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .501

Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .502

Deleting all user-defined Admin Domains non-disruptively . .502

Validating an Admin Domain member list . . . . . . . . . . . . . . . .506

SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .506

CLI commands in an AD context . . . . . . . . . . . . . . . . . . . . . . . .507

Executing a command in a different AD context . . . . . . . . . . .507

Displaying an Admin Domain configuration . . . . . . . . . . . . . . .508

Switching to a different Admin Domain context. . . . . . . . . . . .508

Admin Domain interactions with other Fabric OS features . . .509

Admin Domains, zones, and zone databases . . . . . . . . . . . . .510

Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .511

Configuration upload and download in an AD context . . . . . .512

Section II Licensed Features

Chapter 21 Administering Licensing

Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL 1st POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL 2nd POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

Enterprise ICL license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525

Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526

Upgrade and downgrade considerations . . . . . . . . . . . . . . . . .526

Assigning a license to a slot . . . . . . . . . . . . . . . . . . . . . . . . . . .526

Removing a license from a slot. . . . . . . . . . . . . . . . . . . . . . . . .527

10G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527

Enabling 10 Gbps operation on an FC port . . . . . . . . . . . . . . .528

Enabling the 10-GbE ports on an FX8-24 blade . . . . . . . . . . .529

Fabric OS Administrator’s Guide 21

53-1002920-02

Temporary licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530

Restrictions on upgrading temporary slot-based licenses . . .531

Date change restriction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531

Configupload and download considerations . . . . . . . . . . . . . .531

Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531

Universal temporary licenses . . . . . . . . . . . . . . . . . . . . . . . . . .532

Extending a universal temporary license . . . . . . . . . . . . . . . . .532

Universal temporary license shelf life. . . . . . . . . . . . . . . . . . . .532

Viewing installed licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532

Activating a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533

Adding a licensed feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533

Removing a licensed feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534

Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535

Displaying installed licenses . . . . . . . . . . . . . . . . . . . . . . . . . . .536

Activating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .537

Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . .537

Displaying the port license assignments . . . . . . . . . . . . . . . . .538

Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . .538

Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . .539

Reserving a port license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540

Releasing a port from a POD set. . . . . . . . . . . . . . . . . . . . . . . .540

Chapter 22 Inter-chassis Links

Inter-chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543

License requirements for ICLs . . . . . . . . . . . . . . . . . . . . . . . . .544

ICLs for the Brocade DCX 8510 Backbone family. . . . . . . . . . . . . .544

ICL trunking on the Brocade DCX 8510-8 and DCX 8510-4 . .545

ICLs for the Brocade DCX Backbone family. . . . . . . . . . . . . . . . . . .546

ICL trunking on the Brocade DCX and DCX-4S. . . . . . . . . . . . .547

Virtual Fabrics considerations for ICLs . . . . . . . . . . . . . . . . . . . . . .547

Supported topologies for ICL connections . . . . . . . . . . . . . . . . . . .547

Mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547

Core-edge topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549

Chapter 23 Monitoring Fabric Performance

Advanced Performance Monitoring overview . . . . . . . . . . . . . . . . .551

Types of monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551

Restrictions for installing monitors. . . . . . . . . . . . . . . . . . . . . .552

Virtual Fabrics considerations for Advanced Performance

Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .552

Access Gateway considerations for Advanced Performance

Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .553

22 Fabric OS Administrator’s Guide

53-1002920-02

End-to-end performance monitoring . . . . . . . . . . . . . . . . . . . . . . . .553

Maximum number of EE monitors . . . . . . . . . . . . . . . . . . . . . .553

Supported port configurations for EE monitors . . . . . . . . . . . .554

Adding EE monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554

Setting a mask for an EE monitor . . . . . . . . . . . . . . . . . . . . . . .555

Deleting EE monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556

Displaying EE monitor counters . . . . . . . . . . . . . . . . . . . . . . . .557

Clearing EE monitor counters . . . . . . . . . . . . . . . . . . . . . . . . . .557

Frame monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558

License requirements for frame monitoring . . . . . . . . . . . . . .558

Creating frame types to be monitored . . . . . . . . . . . . . . . . . . .559

Creating a frame monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559

Deleting frame types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .560

Adding frame monitors to a port. . . . . . . . . . . . . . . . . . . . . . . .560

Removing frame monitors from a port . . . . . . . . . . . . . . . . . . .560

Saving a frame monitor configuration . . . . . . . . . . . . . . . . . . .560

Displaying frame monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . .561

Clearing frame monitor counters . . . . . . . . . . . . . . . . . . . . . . .562

Top Talker monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562

Top Talker monitors and FC-FC routing. . . . . . . . . . . . . . . . . . .563

Limitations of Top Talker monitors . . . . . . . . . . . . . . . . . . . . . .565

Adding a Top Talker monitor to a port (port mode) . . . . . . . . .565

Adding Top Talker monitors on all switches in the fabric

(fabric mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .565

Displaying the top n bandwidth-using flows on a port

(port mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566

Displaying top talking flows for a given domain ID

(fabric mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566

Deleting a Top Talker monitor on a port (port mode) . . . . . . .567

Deleting all fabric mode Top Talker monitors. . . . . . . . . . . . . .567

Trunk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567

Trunk monitoring considerations . . . . . . . . . . . . . . . . . . . . . . .567

Saving and restoring monitor configurations . . . . . . . . . . . . . . . . .567

Performance data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568

Chapter 24 Managing Trunking Connections

Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569

Types of trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570

Masterless trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570

License requirements for trunking . . . . . . . . . . . . . . . . . . . . . . 571

Port groups for trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Supported platforms for trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Supported configurations for trunking . . . . . . . . . . . . . . . . . . . . . . 571

High Availability support for trunking . . . . . . . . . . . . . . . . . . . .572

Requirements for trunk groups . . . . . . . . . . . . . . . . . . . . . . . . . . . .572

Recommendations for trunk groups . . . . . . . . . . . . . . . . . . . . . . . .572

Configuring trunk groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573

Fabric OS Administrator’s Guide 23

53-1002920-02

Enabling trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Disabling trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Displaying trunking information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Trunk Area and Admin Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . 576

Example of Trunk Area assignment on port domain,index . . . 576

ISL trunking over long-distance fabrics . . . . . . . . . . . . . . . . . . . . . . 576

EX_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577

Masterless EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . .577

Supported configurations and platforms for EX_Port

trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .578

Configuring EX_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . .578

Displaying EX_Port trunking information . . . . . . . . . . . . . . . . .578

F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579

F_Port trunking for Access Gateway . . . . . . . . . . . . . . . . . . . . .579

F_Port trunking for Brocade adapters . . . . . . . . . . . . . . . . . . .581

F_Port trunking considerations. . . . . . . . . . . . . . . . . . . . . . . . .582

F_Port trunking in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . .584

Displaying F_Port trunking information . . . . . . . . . . . . . . . . . . . . . .585

Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585

Enabling the DCC policy on a trunk area. . . . . . . . . . . . . . . . . . . . .586

Chapter 25 Managing Long-Distance Fabrics

Long-distance fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Extended Fabrics device limitations . . . . . . . . . . . . . . . . . . . . . . . .588

Long-distance link modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588

Configuring an extended ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .589

Enabling long distance when connecting to TDM devices . . .590

Forward error correction on long-distance links . . . . . . . . . . . . . . .591

Enabling FEC on a long-distance link . . . . . . . . . . . . . . . . . . . .591

Disabling FEC on a long-distance link . . . . . . . . . . . . . . . . . . .591

Chapter 26 Using FC-FC Routing to Connect Fabrics

FC-FC routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593

License requirements for FC-FC routing . . . . . . . . . . . . . . . . . .594

Supported platforms for FC-FC routing. . . . . . . . . . . . . . . . . . .594

Supported configurations for FC-FC routing. . . . . . . . . . . . . . .595

Network OS connectivity limitations . . . . . . . . . . . . . . . . . . . . .595

Fibre Channel routing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . .596

Proxy devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .599

FC-FC routing topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .600

Phantom domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601

FC router authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603

Setting up FC-FC routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603

Verifying the setup for FC-FC routing . . . . . . . . . . . . . . . . . . . .604

24 Fabric OS Administrator’s Guide

53-1002920-02

Backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .605

Assigning backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . .606

FCIP tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .606

Inter-fabric link configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607

Configuring an IFL for both edge and backbone connections 607

Configuring EX_Ports on an ICL . . . . . . . . . . . . . . . . . . . . . . . .611

FC router port cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .613

Port cost considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614

Setting router port cost for an EX_Port. . . . . . . . . . . . . . . . . . .614

Shortest IFL cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .615

Configuring shortest IFL cost . . . . . . . . . . . . . . . . . . . . . . . . . . 617

EX_Port frame trunking configuration . . . . . . . . . . . . . . . . . . . . . . .619

LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620

Use of Admin Domains with LSAN zones and FC-FC routing .620

Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .620

LSAN zones and fabric-to-fabric communications. . . . . . . . . .621

Controlling device communication with the LSAN . . . . . . . . . .621

Configuring backbone fabrics for interconnectivity . . . . . . . . .623

Setting the maximum LSAN count . . . . . . . . . . . . . . . . . . . . . .624

HA and downgrade considerations for LSAN zones . . . . . . . .624

LSAN zone policies using LSAN tagging . . . . . . . . . . . . . . . . . .624

LSAN zone binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .628

Proxy PID configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633

Fabric parameter considerations. . . . . . . . . . . . . . . . . . . . . . . . . . .633

Inter-fabric broadcast frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634

Displaying the current broadcast configuration. . . . . . . . . . . .634

Enabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .634

Disabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .634

Resource monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634

FC-FC routing and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . .636

Logical switch configuration for FC routing . . . . . . . . . . . . . . .637

Backbone-to-edge routing with Virtual Fabrics . . . . . . . . . . . .638

Upgrade and downgrade considerations for FC-FC routing . . . . . .639

How replacing port blades affects EX_Port configuration. . . .639

Displaying the range of output ports connected to xlate domains 639

Appendix A Port Indexing

Appendix B FIPS Support

FIPS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Power-on self-tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647

Conditional tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647

Fabric OS Administrator’s Guide 25

53-1002920-02

FIPS mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647

LDAP in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .648

LDAP certificates for FIPS mode . . . . . . . . . . . . . . . . . . . . . . . .650

Preparing a switch for FIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .651

Overview of steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652

Enabling FIPS mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652

Zeroizing for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655

Displaying FIPS configuration . . . . . . . . . . . . . . . . . . . . . . . . . .655

Appendix C Hexadecimal Conversion

Example conversion of the hexadecimal triplet Ox616000 . .657

Decimal-to-hexadecimal conversion table . . . . . . . . . . . . . . . .658

Index

26 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS Administrator’s Guide 27

53-1002920-02

Figures

Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Figure 3 Blade swap with Virtual Fabrics during the swap. . . . . . . . . . . . . . . . . . . . . . . . 101

Figure 4 Blade swap with Virtual Fabrics after the swap . . . . . . . . . . . . . . . . . . . . . . . . . 102

Figure 5 Principal ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Figure 6 New switch added to existing fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Figure 7 Virtual channels on a QoS-enabled ISL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Figure 8 Gateway link merging SANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Figure 9 Single host and target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Figure 10 Windows 2000 VSA configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Figure 11 Example of a brocade.dct file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Figure 12 Example of the dictiona.dcm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Figure 13 SNMP structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Figure 14 SNMP query. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Figure 15 SNMP trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Figure 16 Brocade MIB tree location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Figure 17 DH-CHAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Figure 18 Protected endpoints configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Figure 19 Gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Figure 20 Endpoint-to-gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Figure 21 Switch before and after enabling Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . 310

Figure 22 Switch before and after creating logical switches . . . . . . . . . . . . . . . . . . . . . . . 311

Figure 23 Fabric IDs assigned to logical switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Figure 24 Assigning ports to logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Figure 25 Logical switches connected to devices and non-Virtual Fabrics switch . . . . . . 314

Figure 26 Logical switches in a single chassis belong to separate fabrics . . . . . . . . . . . . 314

Figure 27 Logical switches connected to other logical switches through physical ISLs. . 316

Figure 28 Logical switches connected to form logical fabrics . . . . . . . . . . . . . . . . . . . . . . 316

Figure 29 Base switches connected by an XISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Figure 30 Logical ISLs connecting logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Figure 31 Logical fabric using ISLs and XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Figure 32 Example of logical fabrics in multiple chassis and XISLs . . . . . . . . . . . . . . . . . 335

Figure 33 Zoning example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Figure 34 Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Figure 35 Traffic Isolation zone creating a dedicated path through the fabric. . . . . . . . . 380

Figure 36 Fabric incorrectly configured for TI zone with failover disabled . . . . . . . . . . . . 382

28 Fabric OS Administrator’s Guide

53-1002920-02

Figure 37 Dedicated path is the only shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

Figure 38 Dedicated path is not the shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Figure 39 Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Figure 40 Illegal ETIZ configuration: two paths from one port to two devices on the

same remote domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Figure 41 Illegal ETIZ configuration: two paths from one port . . . . . . . . . . . . . . . . . . . . . . 386

Figure 42 Traffic Isolation Zoning over FCR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Figure 43 TI zone in an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Figure 44 TI zone in a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Figure 45 Fabric-level traffic isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Figure 46 TI zone misconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Figure 47 Dedicated path with Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Figure 48 Creating a TI zone in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

Figure 49 Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

Figure 50 Example configuration for TI zones over FC routers in logical fabrics . . . . . . . 401

Figure 51 Logical representation of TI zones over FC routers in logical fabrics . . . . . . . . 401

Figure 52 TI over FCR example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Figure 53 QoS traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Figure 54 QoS with E_Ports enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Figure 55 Traffic prioritization in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Figure 56 Affected seconds for bottleneck detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

Figure 57 Encryption and compression on 16 Gbps ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . 446

Figure 58 Example of a basic D_Port connection between switches . . . . . . . . . . . . . . . . 460

Figure 59 ISLs connecting multiple switches and chassis . . . . . . . . . . . . . . . . . . . . . . . . . 463

Figure 60 ICLs connecting chassis blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Figure 61 Single Access Gateway to switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Figure 62 Multiple Access Gateways cascaded to switch . . . . . . . . . . . . . . . . . . . . . . . . . 464

Figure 63 Access Gateway to HBA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Figure 64 HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

Figure 65 Fabric-assigned port World Wide Name provisioning scenarios . . . . . . . . . . . . 480

Figure 66 Fabric with two Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Figure 67 Filtered fabric views when using Admin Domains . . . . . . . . . . . . . . . . . . . . . . . 486

Figure 68 Fabric with AD0 and AD255. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Figure 69 Fabric showing switch and device WWNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

Figure 70 Filtered fabric views showing converted switch WWNs . . . . . . . . . . . . . . . . . . . 493

Figure 71 AD0 and two user-defined Admin Domains, AD1 and AD2 . . . . . . . . . . . . . . . . 504

Figure 72 AD0 with three zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Figure 73 Minimum configuration for 64 Gbps ICLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545

Figure 74 DCX-4S allowed ICL connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546

Figure 75 ICL triangular topology with Brocade DCX 8510-8 chassis . . . . . . . . . . . . . . . . 548

Figure 76 Full nine-mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

Figure 77 64 Gbps ICL core-edge topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Fabric OS Administrator’s Guide 29

53-1002920-02

Figure 78 Setting end-to-end monitors on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554

Figure 79 Mask positions for end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

Figure 80 Fabric mode Top Talker monitors on FC router do not monitor any flows . . . . 564

Figure 81 Fabric mode Top Talker monitors on FC router monitor flows over the E_Port 564

Figure 82 Port group configuration for the Brocade 5100. . . . . . . . . . . . . . . . . . . . . . . . . 571

Figure 83 Switch in Access Gateway mode without F_Port masterless trunking . . . . . . . 580

Figure 84 Switch in Access Gateway mode with F_Port masterless trunking . . . . . . . . . . 580

Figure 85 A metaSAN with inter-fabric links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596

Figure 86 A metaSAN with edge-to-edge and backbone fabrics and LSAN zones . . . . . . 597

Figure 87 Edge SANs connected through a backbone fabric. . . . . . . . . . . . . . . . . . . . . . . 599

Figure 88 MetaSAN with imported devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600

Figure 89 Sample topology (physical topology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601

Figure 90 EX_Port phantom switch topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602

Figure 91 Shortest IFL solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617

Figure 92 Example of setting up Speed LSAN tag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626

Figure 93 LSAN zone binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629

Figure 94 EX_Ports in a base switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637

Figure 95 Logical representation of EX_Ports in a base switch . . . . . . . . . . . . . . . . . . . . . 638

Figure 96 Backbone-to-edge routing across base switch using FC router in legacy mode 639

30 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS Administrator’s Guide 31

53-1002920-02

Tables

Table 1 Daemons that are automatically restarted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Table 2 Terminal port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Table 3 Help topic contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Table 4 fabricShow fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 5 Ports affected when you enable or disable a switch in VF or non-VF mode . . . . 79

Table 6 Core and CP blade terminology and platform support. . . . . . . . . . . . . . . . . . . . . 95

Table 7 Port blade terminology, numbering, and platform support . . . . . . . . . . . . . . . . . 96

Table 8 Blade compatibility within Brocade Backbone families. . . . . . . . . . . . . . . . . . . . 98

Table 9 Duplicate PWWN behavior: First login takes precedence over second login . . 110

Table 10 Duplicate PWWN behavior: Second login overrides first login . . . . . . . . . . . . . 110

Table 11 Duplicate PWWN behavior: Port type determines which login takes

precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Table 12 Combinations of routing policy and IOD with Lossless DLS enabled . . . . . . . . 130

Table 13 Fibre Channel gigabit values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Table 14 Fibre Channel data frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Table 15 Total FC ports, ports per port group, and unreserved buffer credits per

port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Table 16 Configurable distances for Extended Fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Table 17 Default Fabric OS roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Table 18 Permission types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Table 19 Maximum number of simultaneous sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Table 20 Default local user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Table 21 LDAP options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Table 22 Authentication configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Table 23 Syntax for VSA-based account roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Table 24 Entries in dictionary.brocade file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Table 25 Brocade custom TACACS+ attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Table 26 Secure protocol support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Table 27 Items needed to deploy secure protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Table 28 Main security scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Table 29 SSL certificate files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Table 30 Brocade SNMP MIB dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Table 31 Access Gateway MIB support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Table 32 Security level options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Table 33 Blocked listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Table 34 Access defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

32 Fabric OS Administrator’s Guide

53-1002920-02

Table 35 Port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Table 36 Valid methods for specifying policy members . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Table 37 FCS policy states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Table 38 FCS switch operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Table 39 Distribution policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Table 40 DCC policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Table 41 DCC policy behavior with FA-PWWN when created using lockdown support . . 241

Table 42 DCC policy behavior when created manually with PWWN . . . . . . . . . . . . . . . . . 242

Table 43 SCC policy states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Table 44 FCAP certificate files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Table 45 Supported services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Table 46 Implicit IP Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Table 47 Default IP policy rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Table 48 Interaction between fabric-wide consistency policy and distribution settings . 261

Table 49 Supported policy databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Table 50 Fabric-wide consistency policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Table 51 Merging fabrics with matching fabric-wide consistency policies. . . . . . . . . . . . 265

Table 52 Examples of strict fabric merges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Table 53 Fabric merges with tolerant and absent combinations . . . . . . . . . . . . . . . . . . . 266

Table 54 Algorithms and associated authentication policies . . . . . . . . . . . . . . . . . . . . . . 270

Table 55 CLI commands to display or modify switch configuration information . . . . . . . 281

Table 56 Brocade configuration and connection form . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Table 57 Backbone HA sync states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Table 58 Commands used for validating a firmware download . . . . . . . . . . . . . . . . . . . . 307

Table 59 Blade and port types supported on logical switches . . . . . . . . . . . . . . . . . . . . . 321

Table 60 Virtual Fabrics interaction with Fabric OS features . . . . . . . . . . . . . . . . . . . . . . 322

Table 61 Maximum number of logical switches per chassis. . . . . . . . . . . . . . . . . . . . . . . 323

Table 62 Approaches to fabric-based zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Table 63 Considerations for zoning architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Table 64 Zone merging scenarios: Defined and effective configurations . . . . . . . . . . . . 373

Table 65 Zone merging scenarios: Different content . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Table 66 Zone merging scenarios: Different names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Table 67 Zone merging scenarios: TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Table 68 Zone merging scenarios: Default access mode . . . . . . . . . . . . . . . . . . . . . . . . . 376

Table 69 Zone merging scenarios: Mixed Fabric OS versions. . . . . . . . . . . . . . . . . . . . . . 376

Table 70 Traffic behavior when failover is enabled or disabled in TI zones . . . . . . . . . . 381

Table 71 Comparison between CS_CTL-based and QoS zone-based prioritization. . . . . 416

Table 72 Mapping of CS_CTL values to QoS priority for frame prioritization in

CS_CTL default mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Table 73 Mapping of CS_CTL values to QoS priority for frame prioritization in

CS_CTL auto mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Fabric OS Administrator’s Guide 33

53-1002920-02

Table 74 Number of ports supported for in-flight encryption and compression

at various port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Table 75 Supported platforms for D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Table 76 D_Port configuration mode and nature of test. . . . . . . . . . . . . . . . . . . . . . . . . . 462

Table 77 Limitation on number of D_Ports for simultaneous tests . . . . . . . . . . . . . . . . . 469

Table 78 Number of supported NPIV devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Table 79 AD user types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Table 80 Ports and devices in CLI output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Table 81 Admin Domain interaction with Fabric OS features . . . . . . . . . . . . . . . . . . . . . . 509

Table 82 Configuration upload and download scenarios in an AD context . . . . . . . . . . . 512

Table 83 Available Brocade licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516

Table 84 License requirements and location name by feature . . . . . . . . . . . . . . . . . . . . 519

Table 85 Base to Upgrade license comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Table 86 List of available user ports when implementing PODs . . . . . . . . . . . . . . . . . . 535

Table 87 Number of logical switches that support performance monitors . . . . . . . . . . . 552

Table 88 Maximum number of frame monitors and offsets per port . . . . . . . . . . . . . . . . 558

Table 89 Predefined values at offset 0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559

Table 90 Trunking over long distance for the Brocade Backbones and blades . . . . . . . 576

Table 91 F_Port masterless trunking considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

Table 92 PWWN format for F_Port and N_Port trunk ports. . . . . . . . . . . . . . . . . . . . . . . . 584

Table 93 Fabric-wide settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589

Table 94 LSAN information stored in FC routers, with and without LSAN zone binding . 630

Table 95 Zeroization behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645

Table 96 FIPS mode restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647

Table 97 FIPS and non-FIPS modes of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

Table 98 Active Directory keys to modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650

Table 99 Decimal-to-hexadecimal conversion table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658

34 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS Administrator’s Guide 35

53-1002920-02

About This Document

In this chapter

•Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

•What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

•Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

•Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

•Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

•Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

•Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Supported hardware and software

In those instances in which procedures or parts of procedures documented here apply to some

switches but not to others, this guide identifies exactly which switches are supported and which are

not.

Although many different software and hardware configurations are tested and supported by

Brocade Communications Systems, Inc. for Fabric OS v7.2.0, documenting all possible

configurations and scenarios is beyond the scope of this document.

The following hardware platforms are supported by this release of Fabric OS:

•Fixed-port switches:

-Brocade 300 switch

-Brocade 5100 switch

-Brocade 5300 switch

-Brocade 5410 embedded switch

-Brocade 5424 embedded switch

-Brocade 5430 embedded switch

-Brocade 5431 embedded switch

-Brocade 5450 embedded switch

-Brocade 5460 embedded switch

-Brocade 5470 embedded switch

-Brocade 5480 embedded switch

-Brocade M6505 embedded switch

-Brocade 6505 switch

-Brocade 6510 switch

36 Fabric OS Administrator’s Guide

53-1002920-02

-Brocade 6520 switch

-Brocade 6547 embedded switch

-Brocade 7800 extension switch

-Brocade VA-40FC

-Brocade Encryption Switch

•Brocade DCX Backbone family:

-Brocade DCX

-Brocade DCX-4S

•Brocade DCX 8510 Backbone family:

-Brocade DCX 8510-4

-Brocade DCX 8510-8

What’s new in this document

Information that was modified:

•Renamed and moved the section about the two Ethernet ports on the CP blade to

“Management Ethernet port bonding” on page 65.

•Moved the section “Enabling forward error correction” from the Routing chapter to Chapter 3,

“Performing Advanced Configuration Tasks”.

•In Chapter 17, “Diagnostic Port,” updated Table 76 and added some HA considerations and

some considerations for D_Port with HBAs.

•Updated the “Setting up FC-FC routing” section and the “Configuring EX_Ports on an ICL”

section in Chapter 26, “Using FC-FC Routing to Connect Fabrics”.

•In Appendix B, “FIPS Support,” updated Table 96 on page 647 with entries for Authentication

and FC-FC routing.

Document conventions

This section describes text formatting conventions and important notice formats used in this

document.

Text formatting

The narrative-text formatting conventions that are used are as follows:

bold text Identifies command names

Identifies the names of user-manipulated GUI elements

Identifies keywords and operands

Identifies text to enter at the GUI or CLI

Fabric OS Administrator’s Guide 37

53-1002920-02

italic text Provides emphasis

Identifies variables

Identifies paths and Internet addresses

Identifies document titles

code text Identifies CLI output

Identifies command syntax examples

For readability, command names in the narrative portions of this guide are presented in mixed

lettercase: for example, switchShow. In actual examples, command lettercase is often all

lowercase. Otherwise, this manual specifically notes those cases in which a command is case

sensitive.

Command syntax conventions

Command syntax in this manual follows these conventions:

Notes, cautions, and warnings

The following notices and statements are used in this manual. They are listed below in order of

increasing severity of potential hazards.

NOTE

A note provides a tip, guidance or advice, emphasizes important information, or provides a reference

to related information.

ATTENTION

An Attention statement indicates potential damage to hardware or data.

command Commands are printed in bold.

--option, option Command options are printed in bold.

-argument, arg Arguments.

[ ] Optional element.

variable Variables are printed in italics. In the help pages, values are underlined or

enclosed in angled brackets < >.

... Repeat the previous element, for example “member[;member...]”

value Fixed values following arguments are printed in plain font. For example,

--show WWN

| Boolean. Elements are exclusive. Example: --show -mode egress | ingress

38 Fabric OS Administrator’s Guide

53-1002920-02

CAUTION

A Caution statement alerts you to situations that can be potentially hazardous to you or cause

damage to hardware, firmware, software, or data.

DANGER

A Danger statement indicates conditions or situations that can be potentially lethal or extremely

hazardous to you. Safety labels are also attached directly to products to warn of these conditions

or situations.

Key terms

For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary.

For definitions of SAN-specific terms, visit the Storage Networking Industry Association online

dictionary at:

http://www.snia.org/education/dictionary

Notice to the reader

This document may contain references to the trademarks of the following corporations. These

trademarks are the properties of their respective companies and corporations.

These references are made for informational purposes only.

Additional information

This section lists additional Brocade and industry-specific documentation that you might find

helpful.

Brocade resources

To get up-to-the-minute information, go to http://my.brocade.com and register at no cost for a user

ID and password.

Corporation Referenced Trademarks and Products

Microsoft Corporation Windows, Windows NT, Internet Explorer

Mozilla Corporation Mozilla, Firefox

Netscape Communications Corporation Netscape

Red Hat, Inc. Red Hat, Red Hat Network, Maximum RPM, Linux Undercover

Sun Microsystems, Inc. Sun, Solaris

Fabric OS Administrator’s Guide 39

53-1002920-02

For practical discussions about SAN design, implementation, and maintenance, you can obtain

Building SANs with Brocade Fabric Switches through:

http://www.amazon.com

For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource

Library location:

http://www.brocade.com

Release notes are available on the My Brocade website and are also bundled with the Fabric OS

firmware.

Other industry resources

For additional resource information, visit the Technical Committee T11 website. This website

provides interface standards for high-performance and mass storage applications for Fibre

Channel, storage management, and other applications:

http://www.t11.org

For information about the Fibre Channel industry, visit the Fibre Channel Industry Association

website:

http://www.fibrechannel.org

40 Fabric OS Administrator’s Guide

53-1002920-02

Getting technical help

Contact your switch support supplier for hardware, firmware, and software support, including

product repairs and part ordering. To expedite your call, have the following information available:

1. General Information

•Switch model

•Switch operating system version

•Error numbers and messages received

•supportSave command output

•Detailed description of the problem, including the switch or fabric behavior immediately

following the problem, and specific questions

•Description of any troubleshooting steps already performed and the results

•Serial console and Telnet session logs

•syslog message logs

2. switch serial number

The switch serial number and corresponding bar code are provided on the serial number label,

as illustrated below.:

The serial number label is located as follows:

•Brocade 300, 5100, 5300, 6505, M6505, 6510, 6520, 6547, 7800, VA-40FC, and Brocade

Encryption Switch—On the switch ID pull-out tab located inside the chassis on the port side on

the left

•Brocade 5410, 5424, 5430, 5431, 5450, 5460, 5470, 5480—Serial number label attached to

the module

•Brocade 6510—On the pull-out tab on the front of the switch

•Brocade DCX and DCX 8510-8—On the bottom right on the port side of the chassis

•Brocade DCX-4S and DCX 8510-4—On the bottom right on the port side of the chassis, directly

above the cable management comb

3. World Wide Name (WWN)

Use the wwn command to display the switch WWN.

If you cannot use the wwn command because the switch is inoperable, you can get the WWN

from the same place as the serial number, except for the Brocade DCX enterprise class

platform. For the Brocade DCX enterprise class platform, access the numbers on the WWN

cards by removing the Brocade logo plate at the top of the nonport side of the chassis.

For the Brocade 5424 embedded switch: Provide the license ID. Use the licenseIdShow

command to display the WWN.

'"!&'

FT00X0054E9

Fabric OS Administrator’s Guide 41

53-1002920-02

Document feedback

Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and

completeness of this document. However, if you find an error or an omission, or you think that a

topic needs further development, we want to hear from you. Forward your feedback to:

documentation@brocade.com

Provide the title and version number of the document and as much detail as possible about your

comment, including the topic heading and page number and your suggestions for improvement.

42 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS Administrator’s Guide 43

53-1002920-02

Section

Standard Features

This section describes standard Fabric OS features, and includes the following chapters:

•Chapter 1, “Understanding Fibre Channel Services”

•Chapter 2, “Performing Basic Configuration Tasks”

•Chapter 3, “Performing Advanced Configuration Tasks”

•Chapter 4, “Routing Traffic”

•Chapter 5, “Buffer-to-Buffer Credits and Credit Recovery”

•Chapter 6, “Managing User Accounts”

•Chapter 7, “Configuring Protocols”

•Chapter 8, “Configuring Security Policies”

•Chapter 9, “Maintaining the Switch Configuration File”

•Chapter 10, “Installing and Maintaining Firmware”

•Chapter 11, “Managing Virtual Fabrics”

•Chapter 12, “Administering Advanced Zoning”

•Chapter 13, “Traffic Isolation Zoning”

•Chapter 14, “Optimizing Fabric Behavior”

•Chapter 15, “Bottleneck Detection”

•Chapter 16, “In-flight Encryption and Compression”

•Chapter 17, “Diagnostic Port”

•Chapter 18, “NPIV”

•Chapter 19, “Fabric-Assigned PWWN”

•Chapter 20, “Managing Administrative Domains”

44 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS Administrator’s Guide 45

53-1002920-02

Chapter

Understanding Fibre Channel Services

In this chapter

•Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

•Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

•Platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

•Management server database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

•Topology discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

•Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

•High availability of daemon processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Fibre Channel services overview

Fibre Channel services define service functions that reside at well-known addresses. A well-known

address is a reserved three-byte address for each service. Services are provided to either nodes or

management applications in the fabric.

Figure 1 Well-known addresses

Fabric Login — The Fabric Login server assigns a fabric address to a fabric node, which allows it to

communicate with services on the switch or other nodes in the fabric. The fabric address is a 24-bit

address (0x000000) containing three 3-byte nodes. Reading from left to right, the first node

(0x000000) represents the domain ID, the second node (0x000000) the port area number of the

port where the node is attached, and the third node (0x000000) the arbitrated loop physical

address (AL_PA), if applicable.

Directory server — The directory server or name server registers fabric and public nodes and

conducts queries to discover other devices in the fabric.

Fabric controller — The fabric controller provides State Change Notifications (SCNs) to registered

nodes when a change in the fabric topology occurs.

Time server — The time server sends the time to the member switches in the fabric from either the

principal switch or, if configured, the primary fabric configuration server (FCS) switch.

Refer to Chapter 8, “Configuring Security Policies,” for additional information on FCS policies.

46 Fabric OS Administrator’s Guide

53-1002920-02

Management server

Management server — The management server provides a single point for managing the fabric.

This is the only service that users can configure. See “Management server” below for more details

Alias server — The alias server keeps a group of nodes registered as one name to handle multicast

groups.

Broadcast server — The broadcast server is optional. When frames are transmitted to this address,

they are broadcast to all operational N_ and NL_Ports.

When registration and query frames are sent to a well-known address, a different protocol service,

Fibre Channel Common Transport (FC-CT), is used. This protocol provides a simple, consistent

format and behavior when a service provider is accessed for registration and query purposes.

Management server

The Brocade Fabric OS management server (MS) allows a SAN management application to retrieve

information and administer interconnected switches, servers, and storage devices. The

management server assists in the autodiscovery of switch-based fabrics and their associated

topologies.

A client of the management server can find basic information about the switches in the fabric and

use this information to construct topology relationships. The management server also allows you to

obtain certain switch attributes and, in some cases, modify them. For example, logical names

identifying switches can be registered with the management server.

The management server provides several advantages for managing a Fibre Channel fabric:

•It is accessed by an external Fibre Channel node at the well-known address FFFFFAh, so an

application can access information about the entire fabric management with minimal

knowledge of the existing configuration.

•It is replicated on every Brocade switch within a fabric.

•It provides an unzoned view of the overall fabric configuration. This fabric topology view

exposes the internal configuration of a fabric for management purposes; it contains

interconnect information about switches and devices connected to the fabric. Under normal

circumstances, a device (typically an FCP initiator) queries the name server for storage devices

within its member zones. Because this limited view is not always sufficient, the management

server provides the application with a list of the entire name server database.

Platform services

By default, all management services except platform services are enabled; the MS platform service

and topology discovery are disabled.

You can activate and deactivate the platform services throughout the fabric. Activating the platform

services attempts to activate the MS platform service for each switch in the fabric. The change

takes effect immediately and is committed to the configuration database of each affected switch.

MS activation is persistent across power cycles and reboots.

NOTE

The commands msplMgmtActivate and msplMgmtDeactivate are allowed only in AD0 and AD255.

Fabric OS Administrator’s Guide 47

53-1002920-02

Management server database 1

Platform services and Virtual Fabrics

Each logical switch has a separate platform database. All platform registrations done to a logical

switch are valid only in that particular logical switch’s Virtual Fabric.

Activating the platform services on a switch activates the platform services on all logical switches in

a Virtual Fabric. Similarly, deactivating the platform services deactivates the platform service on all

logical switches in a Virtual Fabric. The msPlatShow command displays all platforms registered in a

Virtual Fabric.

Enabling platform services

When FCS policy is enabled, the msplMgmtActivate command can be issued only from the primary

FCS switch.

The execution of the msplMgmtActivate command is subject to Admin Domain restrictions that may

be in place.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msCapabilityShow command to verify that all switches in the fabric support the MS

platform service; otherwise, the next step fails.

3. Enter the msplMgmtActivate command, as in the following example.

switch:admin> msplmgmtactivate

Request to activate MS Platform Service in progress......

*Completed activating MS Platform Service in the fabric!

Disabling platform services

Use the following procedure to disable platform services:

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msplMgmtDeactivate command.

3. Enter y to confirm the deactivation, as in the following example.

switch:admin> msplmgmtdeactivate

MS Platform Service is currently enabled.

This will erase MS Platform Service configuration

information as well as database in the entire fabric.

Would you like to continue this operation? (yes, y, no, n): [no] y

Request to deactivate MS Platform Service in progress......

*Completed deactivating MS Platform Service in the fabric!

Management server database

You can control access to the management server database.

An access control list (ACL) of WWN addresses determines which systems have access to the

management server database. The ACL typically contains those WWNs of host systems that are

running management applications.

48 Fabric OS Administrator’s Guide

53-1002920-02

Management server database

If the list is empty (the default), the management server is accessible to all systems connected

in-band to the fabric. For more access security, you can specify WWNs in the ACL so that access to

the management server is restricted to only those WWNs listed.

NOTE

The management server is logical switch-capable. All management server features are supported

within a logical switch.

Displaying the management server ACL

Use the following procedure to display the management server ACL:

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msConfigure command.

The command becomes interactive.

3. At the “select” prompt, enter 1 to display the access list.

A list of WWNs that have access to the management server is displayed.

Example of an empty access list

switch:admin> msconfigure

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [1] 1

MS Access list is empty.

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [1] 0

done ...

Adding a member to the ACL

Use the following procedure to add a member to the ACL:

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msConfigure command.

The command becomes interactive.

3. At the “select” prompt, enter 2 to add a member based on its port/node WWN.

4. At the “Port/Node WWN” prompt, enter the WWN of the host to be added to the ACL.

5. At the “select” prompt, enter 1 to display the access list so you can verify that the WWN you

entered was added to the ACL.

6. After verifying that the WWN was added correctly, enter 0 at the prompt to end the session.

7. At the “Update the FLASH?” prompt, enter y.

8. Press Enter to update the nonvolatile memory and end the session.

Fabric OS Administrator’s Guide 49

53-1002920-02

Management server database 1

Example of adding a member to the management server ACL

switch:admin> msconfigure

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [1] 2

Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 20:00:00:20:37:65:ce:aa

*WWN is successfully added to the MS ACL.

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [2] 1

MS Access List consists of (14): {

20:00:00:20:37:65:ce:aa

20:00:00:20:37:65:ce:bb

20:00:00:20:37:65:ce:ff

20:00:00:20:37:65:ce:11

20:00:00:20:37:65:ce:22

20:00:00:20:37:65:ce:33

20:00:00:20:37:65:ce:44

10:00:00:60:69:04:11:24

10:00:00:60:69:04:11:23

21:00:00:e0:8b:04:70:3b

10:00:00:60:69:04:11:33

20:00:00:20:37:65:ce:55

20:00:00:20:37:65:ce:66

00:00:00:00:00:00:00:00

}

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [1] 0

done ...

Update the FLASH? (yes, y, no, n): [yes] y

*Successfully saved the MS ACL to the flash.

Deleting a member from the ACL

When you delete a member from the ACL, that member no longer has access to the management

server.

NOTE

If you delete the last member of the ACL, leaving the ACL list is empty, then the management server

will be accessible to all systems connected in-band to the fabric.

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the msConfigure command.

The command becomes interactive.

3. At the “select” prompt, enter 3 to delete a member based on its port/node WWN.

4. At the “Port/Node WWN” prompt, enter the WWN of the member to be deleted from the ACL.

50 Fabric OS Administrator’s Guide

53-1002920-02

Management server database

5. At the “select” prompt, enter 1 to display the access list so you can verify that the WWN you

entered was deleted from the ACL.

6. After verifying that the WWN was deleted correctly, enter 0 at the “select” prompt to end the

session.

7. At the “Update the FLASH?” prompt, enter y.

8. Press Enter to update the nonvolatile memory and end the session.

Example of deleting a member from the management server ACL

switch:admin> msconfigure

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [1] 3

Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 10:00:00:00:c9:29:b3:84

*WWN is successfully deleted from the MS ACL.

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [3] 1

MS Access list is empty

0 Done

1 Display the access list

2 Add member based on its Port/Node WWN

3 Delete member based on its Port/Node WWN

select : (0..3) [1] 0

Viewing the contents of the management server database

Use the following procedure to view the contents of the management server database:

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msPlatShow command.

Example of viewing the contents of the management server platform database

switch:admin> msplatshow

-----------------------------------------------------------

Platform Name: [9] "first obj"

Platform Type: 5 : GATEWAY

Number of Associated M.A.: 1

[35] "http://java.sun.com/products/plugin"

Number of Associated Node Names: 1

Associated Node Names:

10:00:00:60:69:20:15:71

-----------------------------------------------------------

Platform Name: [10] "second obj"

Platform Type: 7 : HOST_BUS_ADAPTER

Number of Associated M.A.: 1

Associated Management Addresses:

[30] "http://java.sun.com/products/1"

Fabric OS Administrator’s Guide 51

53-1002920-02

Topology discovery 1

Number of Associated Node Names: 1

Associated Node Names:

10:00:00:60:69:20:15:75

Clearing the management server database

Use the following procedure to clear the management server database:

NOTE

The command msPlClearDB is allowed only in AD0 and AD255.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the msplClearDb command.

3. Enter y to confirm the deletion.

The management server platform database is cleared.

Topology discovery

The topology discovery feature can be displayed, enabled, and disabled; it is disabled by default.

The commands mstdEnable and mstdDisable are allowed only in AD0 and AD255.

Displaying topology discovery status

Use the following procedure to display the status of the topology discovery:

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the mstdReadConfig command.

switch:admin> mstdreadconfig

*MS Topology Discovery is Enabled.

Enabling topology discovery

Use the following procedure to enable topology discovery:

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the appropriate following command based on how you want to enable discovery:

•For the local switch, enter the mstdEnable command.

•For the entire fabric, enter the mstdEnable all command.

Example of enabling discovery

switch:admin> mstdenable

Request to enable MS Topology Discovery Service in progress....

*MS Topology Discovery enabled locally.

switch:admin> mstdenable ALL

Request to enable MS Topology Discovery Service in progress....

52 Fabric OS Administrator’s Guide

53-1002920-02

Topology discovery

*MS Topology Discovery enabled locally.

*MS Topology Discovery Enable Operation Complete!!

Disabling topology discovery

Use the following procedure to disable topology discovery:

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the appropriate following command based on how you want to disable discovery:

•For the local switch, enter the mstdDisable command.

•For the entire fabric, enter the mstdDisable all command.

A warning displays stating that all NID entries might be cleared.

3. Enter y to disable the Topology Discovery feature.

NOTE

Topology discovery is disabled by default.

ATTENTION

Disabling discovery of management server topology might erase all node ID entries.

If Admin Domains are enabled, you must be in the AD0 or AD255 context. Refer to Chapter 20,

“Managing Administrative Domains,” for additional information.

Example of disabling discovery

switch:admin> mstddisable

This may erase all NID entries. Are you sure? (yes, y, no, n): [no] y

Request to disable MS Topology Discovery Service in progress....

*MS Topology Discovery disabled locally.

switch:admin> mstddisable all

This may erase all NID entries. Are you sure? (yes, y, no, n): [no] y

Request to disable MS Topology Discovery Service in progress....

*MS Topology Discovery disabled locally.

*MS Topology Discovery Disable Operation Complete!!

Fabric OS Administrator’s Guide 53

53-1002920-02

Device login 1

Device login

A device can be storage, a host, or a switch. When new devices are introduced into the fabric, they

must be powered on and, if a host or storage device, connected to a switch. Switch-to-switch logins

(using the E_Port) are handled differently than storage and host logins. E_Ports exchange different

frames than the ones listed below with the Fabric Controller to access the fabric. Once storage and

host devices are powered on and connected, the following logins occur:

1. FLOGI—Fabric Login command establishes a 24-bit address for the device logging in, and

establishes buffer-to-buffer credits and the class of service supported.

2. PLOGI—Port Login command logs the device into the name server to register its information

and query for devices that share its zone. During the PLOGI process, information is exchanged

between the new device and the fabric. Some of the following types of information exchanges

occur:

•SCR—State Change Registration registers the device for State Change Notifications. If a

change in the fabric occurs, such as a zoning change or a change in the state of a device

to which this device has access, the device receives a Registered State Change

Notification (RSCN).

•Registration—A device exchanges registration information with the name server.

•Query—Devices query the name server for information about the device it can access.

Principal switch

In a fabric with multiple switches, and one inter-switch link (ISL) exists between any two switches, a

principal switch is automatically elected. The principal switch provides the following capabilities:

•Maintains time for the entire fabric. Subordinate switches synchronize their time with the

principal switch. Changes to the clock server value on the principal switch are propagated to all

switches in the fabric.

•Manages domain ID assignment within the fabric. If a switch requests a domain ID that has

been used before, the principal switch grants the same domain ID unless it is in use by another

switch.

E_Port login process

An E_Port does not use a FLOGI to log in to another switch. Instead, the new switch exchanges

frames with the neighboring switch to establish that the new switch is an E_Port and that it has

information to exchange. If everything is acceptable to the neighboring switch, it replies to the new

switch with an SW_ACC (accept) frame. The initializing frame is an Exchange Link Parameters (ELP)

frame that allows an exchange of parameters between two ports, such as flow control,

buffer-to-buffer credits, RA_TOV, and ED_TOV. This is not a negotiation. If one or the other port’s link

parameters do not match, a link does not occur. Once an SW_ACC frame is received from the

neighboring switch, the new switch sends an Exchange Switch Capabilities (ESC) frame. The two

switches exchange routing protocols and agree on a common routing protocol. An SW_ACC frame is

received from the neighboring switch and the new switch sends an Exchange Fabric Parameters

(EFP) frame to the neighboring switch, requesting principal switch priority and the domain ID list.

Buffer-to-buffer credits for the device and switch ports are exchanged in the SW_ACC command

sent to the device in response to the FLOGI.

54 Fabric OS Administrator’s Guide

53-1002920-02

Device login

Fabric login process

A device performs a fabric login (FLOGI) to determine if a fabric is present. If a fabric is detected

then it exchanges service parameters with the fabric controller. A successful FLOGI sends back the

24-bit address for the device in the fabric. The device must issue and successfully complete a

FLOGI command before communicating with other devices in the fabric.

Because the device does not know its 24-bit address until after the FLOGI, the source ID (SID) in

the frame header of the FLOGI request are zeros (0x000000).

Port login process

The steps in the port initialization process occur as the result of a protocol that functions to

discover the type of device connected and establish the port type and negotiate port speed. See

“Port Types” on page 88 for a discussion of available port types.

The Fibre Channel protocol (FCP) auto discovery process enables private storage devices that

accept the process login (PRLI) to communicate in a fabric.

If device probing is enabled, the embedded port performs a PLOGI and attempts a PRLI into the

device to retrieve information to enter into the name server. This enables private devices that do

not explicitly register with the Name Server (NS) to be entered in the NS and receive full fabric

access.

A fabric-capable device registers its information with the name server during a FLOGI. These

devices typically register information with the name server before querying for a device list. The

embedded port still performs a PLOGI and attempts a PRLI with these devices.

If a port decides to end the current session, it initiates a logout. A logout concludes the session and

terminates any work in progress associated with that session.

To display the contents of a switch’s name server, use the nsShow or nsAllShow command.

For more information about these commands, refer to the Fabric OS Command Reference.

RSCNs

A Registered State Change Notification (RSCN) is a notification frame that is sent to devices that

are zoned together and are registered to receive a State Change Notification (SCN). The RSCN is

responsible for notifying all devices of fabric changes. The following general list of actions can

cause an RSCN to be sent through your fabric:

•A new device has been added to the fabric.

•An existing device has been removed from the fabric.

•A zone has changed.

•A switch name has changed or an IP address has changed.

•Nodes leaving or joining the fabric, such as zoning, powering on or shutting down a device, or

zoning changes.

NOTE

Fabric reconfigurations with no domain change do not cause an RSCN.

Fabric OS Administrator’s Guide 55

53-1002920-02

High availability of daemon processes 1

Duplicate Port World Wide Name

According to Fibre Channel standards, the Port World Wide Name (PWWN) of a device cannot

overlap with that of another device, thus having duplicate PWWNs within the same fabric is an

illegal configuration.

If a PWWN conflict occurs with two devices attached to the same domain, Fabric OS handles device

information, refer to “Duplicate PWWN handling during device login” on page 110.

If a PWWN conflict occurs and two duplicate devices are attached to the fabric through different

domains, the devices are removed from the Name Server database and a RASlog is generated.

Device recovery

To recover devices that have been removed from the Name Server database due to duplicate

PWWNs, the devices must re-login to the fabric. This is true for any device—for example, a device on

an F_Port, NPIV devices, or devices attached to a switch in Access Gateway mode.

High availability of daemon processes

Starting non-critical daemons is automatic; you cannot configure the startup process. The following

sequence of events occurs when a non-critical daemon fails:

1. A RASlog and AUDIT event message are logged.

2. The daemon is automatically started again.

3. If the restart is successful, then another message is sent to RASlog and AUDIT reporting the

successful restart status.

4. If the restart fails, another message is sent to RASlog and no further attempts are made to

restart the daemon.

Schedule downtime and reboot the switch at your convenience.

The following table lists the daemons that are considered non-critical and are automatically

restarted on failure.

Table 1 Daemons that are automatically restarted

Daemon Description

arrd Asynchronous Response Router, which is used to send management data to hosts when the switch is

accessed through the APIs (FA API or SMI-S).

cald Common Access Layer daemon, which is used by manageability applications.

raslogd Reliability, Availability, and Supportability daemon logs error detection, reporting, handling, and

presentation of data into a format readable by you and management tools.

rpcd Remote Procedure Call daemon, which is used by the API (Fabric Access API and SMI-S).

snmpd Simple Network Management Protocol daemon.

npd Flow Vision daemon.

56 Fabric OS Administrator’s Guide

53-1002920-02

High availability of daemon processes

traced Trace daemon provides trace entry date and time translation to Trace Device at startup and when

date/time changed by command. Maintains the trace dump trigger parameters in a Trace Device.

Performs the trace Background Dump, trace automatic FTP, and FTP “aliveness check” if auto-FTP is

enabled.

trafd Traffic daemon implements Bottleneck detection.

webd Webserver daemon used for Web Tools (includes httpd as well).

weblinkerd Weblinker daemon provides an HTTP interface to manageability applications for switch management

and fabric discovery.

Table 1 Daemons that are automatically restarted (Continued)

Daemon Description

Fabric OS Administrator’s Guide 57

53-1002920-02

Chapter

Performing Basic Configuration Tasks

In this chapter

•Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

•Fabric OS command line interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

•Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

•The switch Ethernet interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

•Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

•Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

•Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

•Chassis names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

•Fabric name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

•Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

•Switch and Backbone shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

•Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Fabric OS overview

This chapter describes how to configure your Brocade SAN using the Fabric OS command line

interface (CLI). Before you can configure a storage area network (SAN), you must power up the

Backbone platform or switch and blades, and then set the IP addresses of those devices. Although

this chapter focuses on configuring a SAN using the CLI, you can also use the following methods to

configure a SAN:

•Web Tools

For Web Tools procedures, refer to Web Tools Administrator’s Guide.

•Brocade Network Advisor

For additional information, refer to the Brocade Network Advisor User Manual for the version

you have.

•A third-party application using the API

For third-party application procedures, refer to the third-party API documentation.

Because of the differences between fixed-port and variable-port devices, procedures sometimes

differ among Brocade models. As new Brocade models are introduced, new features sometimes

apply only to those models.

When procedures or parts of procedures apply to some models but not others, this guide identifies

the specifics for each model. For example, a number of procedures that apply only to variable-port

devices are found in Chapter 3, “Performing Advanced Configuration Tasks”.

58 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS command line interface

Although many different software and hardware configurations are tested and supported by

Brocade Communications Systems, Inc., documenting all possible configurations and scenarios is

beyond the scope of this document. In some cases, earlier releases are highlighted to present

considerations for interoperating with them.

The hardware reference manuals for Brocade products describe how to power up devices and set

their IP addresses. After the IP address is set, you can use the CLI procedures contained in this

guide. For additional information about the commands used in the procedures, refer to the Fabric

OS Command Reference.

Fabric OS command line interface

Fabric OS uses Role-Based Access Control (RBAC) to control access to all Fabric OS operations.

Each feature is associated with an RBAC role and you need to know which role is allowed to run a

command, make modifications to the switch, or view the output of the command. To determine

which RBAC role you need to run a command, review the section “Role-Based Access Control” on

page 152.

Note the following about the command display in this guide:

•Commands are shown and can be entered either in all lower case or using Java-style

capitalization. This means that while bannershow and bannerShow will both work,

BANNERSHOW and BannerShow will not.

•When command examples in this guide show user input enclosed in quotation marks, the

quotation marks are required. Example: zonecreate "zonename" requires that the value for

zonename be in quotation marks.

Console sessions using the serial port

Be aware of the following behaviors for serial connections:

•Some procedures require that you connect through the serial port; for example, setting the IP

address or setting the boot PROM password.

•Brocade DCX and DCX 8510 Backbone families: You can connect to CP0 or CP1 using either of

the two serial ports.

Connecting to Fabric OS through the serial port

Use the following procedure to connect to the Fabric OS using the serial port:

1. Connect the serial cable to the serial port on the switch and to an RS-232 serial port on

the workstation.

If the serial port on the workstation is an RJ-45 port, instead of RS-232, remove the adapter on

the end of the serial cable and insert the exposed RJ-45 connector into the RJ-45 serial port on

the workstation.

2. Open a terminal emulator application (such as HyperTerminal on a PC, TERM, TIP, or Kermit in

a UNIX environment), and configure the application as follows:

Fabric OS Administrator’s Guide 59

53-1002920-02

Fabric OS command line interface 2

•In a Windows environment enter the following parameters:

•In a UNIX environment, enter the following string at the prompt:

tip /dev/ttyb -9600

If ttyb is already in use, use ttya instead and enter the following string at the prompt:

tip /dev/ttya -9600

Telnet or SSH sessions

You can connect to the Fabric OS through a Telnet or SSH connection or by using a console session

on the serial port. The switch must also be physically connected to the network. If the switch

network interface is not configured or the switch has been disconnected from the network, use a

console session on the serial port as described in “Console sessions using the serial port” on

page 58.

NOTE

To automatically configure the network interface on a DHCP-enabled switch, plug the switch into the

network and power it on. The DHCP client automatically gets the IP and gateway addresses from the

DHCP server. The DHCP server must be on the same subnet as the switch. Refer to “DHCP

activation” on page 69.

Rules for Telnet connections

The following rules must be observed when making Telnet connections to your switch:

•Never change the IP address of the switch while two Telnet sessions are active; if you do, your

next attempt to log in fails. To recover, gain access to the switch by one of these methods:

-You can use Web Tools to perform a fast boot. When the switch comes up, the Telnet quota

is cleared. (For instructions on performing a fast boot with Web Tools, see the Web Tools

Administrator’s Guide.)

-If you have the required privileges, you can connect through the serial port, log in as

admin, and use the killTelnet command to identify and kill the Telnet processes without

disrupting the fabric.

•For accounts with an admin role, Fabric OS limits the number of simultaneous Telnet sessions

per switch to two. For more details on session limits, refer to Chapter 6, “Managing User

Accounts”.

TABLE 2 Terminal port parameters

Parameter Value

Bits per second 9600

Databits 8

Parity None

Stop bits 1

Flow control None

60 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS command line interface

Connecting to Fabric OS using Telnet

Use the following procedure to connect to the Fabric OS using Telnet:

1. Connect through a serial port to the switch that is appropriate for your fabric:

•If Virtual Fabrics is enabled, log in using an admin account assigned the chassis-role

permission.

•If Virtual Fabrics is not enabled, log in using an account assigned to the admin role.

2. Verify the switch’s network interface is configured and that it is connected to the IP network

through the RJ-45 Ethernet port.

Switches in the fabric that are not connected through the Ethernet port can be managed

through switches that are using IP over Fibre Channel. The embedded port must have an

assigned IP address.

3. Log off the switch’s serial port.

4. From a management station, open a Telnet connection using the IP address of the switch to

which you want to connect.

The login prompt is displayed when the Telnet connection finds the switch in the network.

5. Enter the account ID at the login prompt.

6. Enter the password.

If you have not changed the system passwords from the default, you are prompted to change

them. Enter the new system passwords, or press Ctrl+C to skip the password prompts. For

more information on system passwords, refer to “Default account passwords” on page 63.

7. Verify the login was successful.

The prompt displays the switch name and user ID to which you are connected.

password: xxxxxxx

Getting help on a command

You can display a list of all command help topics for a given login level. For example, if you log in as

user and enter the help command, a list of all user-level commands that can be executed is

displayed. The same rule applies to the admin, securityAdmin, and the switchAdmin roles.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the help [|more] command with no specific command and all commands are displayed.

The optional |more argument displays the commands one page at a time.

For command-specific information, you can enter help command |more, where command is

the name of the command for which you need specific information.

Fabric OS Administrator’s Guide 61

53-1002920-02

Fabric OS command line interface 2

The commands in the following table provide help files for the indicated specific topics.

Viewing a history of command line entries

The CLI command history log file saves the last 512 commands from all users on a FIFO basis, and

this log is persistent across reboots and firmware downloads. This command is also supported for

standby CPs.

The log records the following information whenever a command ins entered in the switch CLI:

•Timestamp

•Username

•IP address of the telnet session

•Options

•Arguments

Use the following procedure to view the CLI command log:

1. Connect to the switch and log in.

2. Enter the cliHistory command with the desired argument (see below for arguments).

Entering no specific argument displays only the command line history of the currently logged-in

user.

cliHistory

Entering the cliHistory command with no arguments displays the command line history for the

currently logged-in user only (even for the root user).

Example cliHistory command output from root login

switch:root> clihistory

CLI history

Date & Time Message

Thu Sep 27 04:58:00 2012 root, 10.70.12.101, firmwareshow -v

Thu Sep 27 04:58:19 2012 root, 10.70.12.101, telnet 127.1.10.1

Thu Sep 27 05:25:45 2012 root, 10.70.12.101, ipaddrshow]

TABLE 3 Help topic contents

Topic name Help contents description

diagHelp Diagnostic help information

ficonHelp FICON help information

fwHelp Fabric Watch help information

iscsiHelp iSCSI help information

licenseHelp License help information

perfHelp Performance Monitoring help information

routeHelp Routing help information

trackChangesHelp Track Changes help information

zoneHelp Zoning help information

62 Fabric OS Administrator’s Guide

53-1002920-02

Fabric OS command line interface

Example cliHistory command output from admin login

switch:admin> clihistory

CLI history

Date & Time Message

Thu Sep 27 10:14:41 2012 admin, 10.70.12.101, clihistory

Thu Sep 27 10:14:48 2012 admin, 10.70.12.101, clihistory --show

cliHistory --show

Using the “--show” argument displays the same results as entering “cliHistory” without any

arguments.

cliHistory --showuser <username>

Using the “--showuser <username>” argument displays the command line history of the named

user. This argument is available only to Root, Admin, Factory and Securityadmin RBAC roles.

Example cliHistory command output showing username

switch:root> clihistory --showuser admin

CLI history

Date & Time Message

Thu Sep 27 10:14:41 2012 admin, 10.70.12.101, clihistory

Thu Sep 27 10:14:48 2012 admin, 10.70.12.101, clihistory --show

Thu Sep 27 10:15:00 2012 admin, 10.70.12.101, clihistory

cliHistory --showall

Using the “--showall” argument displays the command line history for all users. With this option,

admin/factory/securityadmin users can see the root user command history.

This argument is available only to Root, Admin, Factory and Securityadmin RBAC roles.

Example cliHistory showing history of all users

switch:admin> clihistory --showall

CLI history

Date & Time Message

Thu Sep 27 04:58:00 2012 root, 10.70.12.101, firmwareshow -v

Thu Sep 27 04:58:19 2012 root, 10.70.12.101, telnet 127.1.10.1

Thu Sep 27 05:25:45 2012 root, 10.70.12.101, ipaddrshow]

Thu Sep 27 05:25:48 2012 root, 10.70.12.101, ipaddrshow

cliHistory - -help

Using the “-- help” argument displays a list of the available command arguments.

swd77:admin> clihistory --help

clihistory usage:

clihistory:

Displays the CLI History of the current user

clihistory --show:

Displays the CLI History of the current user

clihistory --showuser <username>:

Displays the CLI History of the given user

clihistory --showall:

Displays the CLI History of all users

clihistory --help:

Displays the command usage

Fabric OS Administrator’s Guide 63

53-1002920-02

Password modification 2

Notes:

•SSH login CLI logs are not recorded in the command line history.

•The CLI command log will be collected as part of any “supportsave” operation.

The command long record of such an operation will be the equivalent of running

“cliHistory --showall”.

•For CLI commands that require a password (Examples: firmwaredownload,

configupload/download, supportsave, and so on), only the command (no arguments) is stored

(see below for an illustration).

sw0:FID128:root> firmwaredownload -s -p scp 10.70.4.109,fvt,/dist,pray4green

Server IP: 10.70.4.109, Protocol IPv4

Checking system settings for firmwaredownload...

Failed to access scp://fvt:**********@10.70.4.109//dist/release.plist

sw0:FID128:root> clihistory

Date & Time Message

Wed May 23 03:39:37 2012 root, console, firmwaredownload

Password modification

The switch automatically prompts you to change the default account passwords after logging in for

the first time. If you do not change the passwords, the switch prompts you after each subsequent

NOTE

The default account passwords can be changed from their original values only when prompted

immediately following the login; the passwords cannot be changed using the passwd command later

in the session. If you skip the prompt, and then later decide to change the passwords, log out and

then back in.

The default accounts on the switch are admin, user, root, and factory. Use the “admin” account to

all of these accounts is “password”.

There is only one set of default accounts for the entire chassis. The root and factory default

accounts are reserved for development and manufacturing. The user account is primarily used for

system monitoring. For more information on default accounts, refer to “Default accounts” on

page 156.

Default account passwords

The change default account passwords prompt is a string that begins with the message “Please

change your passwords now”. User-defined passwords can have from 8 through 40 characters.

They must begin with an alphabetic character and can include numeric characters, the period (.),

and the underscore ( _ ). They are case-sensitive, and th