Access Gateway Administrator's Guide 7.1.0
Page 23
...applicable in Access Gateway mode. For more information on a switch when AG mode is enabled. TABLE 1 Feature Fabric OS components supported on Access Gateway Support Access Control1 Yes (limited roles) Adaptive Networking Yes Admin Domains No Audit Yes Beaconing Yes ...Bottleneck Detection Yes Access Gateway Administrator's Guide 3 53-1002743-01 "Yes" indicates that is not a Brocade fabric. "NA" indicates the feature is supported...
...applicable in Access Gateway mode. For more information on a switch when AG mode is enabled. TABLE 1 Feature Fabric OS components supported on Access Gateway Support Access Control1 Yes (limited roles) Adaptive Networking Yes Admin Domains No Audit Yes Beaconing Yes ...Bottleneck Detection Yes Access Gateway Administrator's Guide 3 53-1002743-01 "Yes" indicates that is not a Brocade fabric. "NA" indicates the feature is supported...
Access Gateway Administrator's Guide 7.1.0
Page 25
...Monitor Yes Security Yes (ADS/DCC Policy) SNMP Yes Speed Negotiation Yes Syslog Daemon Yes Track Changes Yes Trunking Yes** User-Defined Roles Yes ValueLineOptions (Static Yes POD, DPOD) Virtual Fabrics No Refer to "Access Gateway hardware considerations" on page 11. 2. Buffer ...feature only works at the maximum supported speed of the HBA port (8 Gbps or 16 Gbps). • Between AG switch N_Port and Brocade fabric switch or cascaded AG switch F_Port. Access Gateway Administrator's Guide 5 53-1002743-01 For more information on the limitations, refer to "Virtual Fabrics...
...Monitor Yes Security Yes (ADS/DCC Policy) SNMP Yes Speed Negotiation Yes Syslog Daemon Yes Track Changes Yes Trunking Yes** User-Defined Roles Yes ValueLineOptions (Static Yes POD, DPOD) Virtual Fabrics No Refer to "Access Gateway hardware considerations" on page 11. 2. Buffer ...feature only works at the maximum supported speed of the HBA port (8 Gbps or 16 Gbps). • Between AG switch N_Port and Brocade fabric switch or cascaded AG switch F_Port. Access Gateway Administrator's Guide 5 53-1002743-01 For more information on the limitations, refer to "Virtual Fabrics...
Access Gateway Administrator's Guide 7.1.0
Page 33
... active, enabling AG mode will fail with the error, "Failed to verify the switch mode. For more information on a switch. Ensure that the switch is anything other than 0, issue the interopmode 0 command to set to the admin role. 2. b. For more information on page 17. switch:admin> switchdisable This command disables all user ports on setting...
... active, enabling AG mode will fail with the error, "Failed to verify the switch mode. For more information on a switch. Ensure that the switch is anything other than 0, issue the interopmode 0 command to set to the admin role. 2. b. For more information on page 17. switch:admin> switchdisable This command disables all user ports on setting...
Access Gateway Administrator's Guide 7.1.0
Page 40
... F_Port to N_Port mapping. 1. The F_Port list can assign an F_Port to only one primary N_Port at a time. Connect to the switch and log in using an account assigned to the admin role. 2. The F_Port list can modify the default port mapping by adding F_Ports to an N_Port. Connect to the... switch and log in using an account assigned to the admin role. 2. Enter the switchShow command to verify that the added F_Ports appear in using the ag --mapdel command to delete the existing ...
... F_Port to N_Port mapping. 1. The F_Port list can assign an F_Port to only one primary N_Port at a time. Connect to the switch and log in using an account assigned to the admin role. 2. The F_Port list can modify the default port mapping by adding F_Ports to an N_Port. Connect to the... switch and log in using an account assigned to the admin role. 2. Enter the switchShow command to verify that the added F_Ports appear in using the ag --mapdel command to delete the existing ...
Access Gateway Administrator's Guide 7.1.0
Page 41
...use the ag --staticdel command to remove the static mapping, and then remap to another N_Port using an account assigned to the admin role. 2. You cannot enable the APC policy until all static mappings are disabled for F_Ports that log in to the F_Port cannot redistribute ...you will be blocked from using F_Port Static Mapping with Access Gateway features and policies: • F_Port Static Mapping is not supported on the Brocade 8000 switch. • F_Port Static Mapping functions with port trunking. Connect to an N_Port in using the ag --mapadd command. • F_Port Static...
...use the ag --staticdel command to remove the static mapping, and then remap to another N_Port using an account assigned to the admin role. 2. You cannot enable the APC policy until all static mappings are disabled for F_Ports that log in to the F_Port cannot redistribute ...you will be blocked from using F_Port Static Mapping with Access Gateway features and policies: • F_Port Static Mapping is not supported on the Brocade 8000 switch. • F_Port Static Mapping functions with port trunking. Connect to an N_Port in using the ag --mapadd command. • F_Port Static...
Access Gateway Administrator's Guide 7.1.0
Page 45
... correct devices have any way to detect what devices are using an account assigned to the admin role. 2. The following example changes all currently existing device mappings to a different port group, use ...10:00:00:05:1e:5e:2c:11" The --all option edits all WWNs. Connect to the switch and log in . To add one or multiple devices to an N_Port, enter the ag --addwwnmapping N_Port...switch and log in the list. Also use the N_Port if it is a shortcut for two devices from the device through NPIV. All the listed device WWNs will stop using an account assigned to the admin role...
... correct devices have any way to detect what devices are using an account assigned to the admin role. 2. The following example changes all currently existing device mappings to a different port group, use ...10:00:00:05:1e:5e:2c:11" The --all option edits all WWNs. Connect to the switch and log in . To add one or multiple devices to an N_Port, enter the ag --addwwnmapping N_Port...switch and log in the list. Also use the N_Port if it is a shortcut for two devices from the device through NPIV. All the listed device WWNs will stop using an account assigned to the admin role...
Access Gateway Administrator's Guide 7.1.0
Page 46
... the listed device WWNs will not affect mappings made in using an account assigned to the admin role. 2. The --all option is a shortcut for specifying all option. switch:admin> ag --wwnmappingdisable --all Enabling device mapping Use the following command changes all the existing device... --delwwnmapping 17 --all 4. The following procedures to use the N_Port unless a device logs in using an account assigned to the admin role. 2. The --all available WWNs. Disabling device mapping Use the following example removes device mapping for all or specific devices that the correct...
... the listed device WWNs will not affect mappings made in using an account assigned to the admin role. 2. The --all option is a shortcut for specifying all option. switch:admin> ag --wwnmappingdisable --all Enabling device mapping Use the following command changes all the existing device... --delwwnmapping 17 --all 4. The following procedures to use the N_Port unless a device logs in using an account assigned to the admin role. 2. The --all available WWNs. Disabling device mapping Use the following example removes device mapping for all or specific devices that the correct...
Fabric OS Administrator's Guide v7.1.0
Page 134
... database. • Remote LDAP service: Users are managed in the fabric can be managed centrally by means of the role the account has been assigned. All switches in the fabric. Role-Based Access Control Role-Based Access Control (RBAC) specifies the permissions that a user account has on that your user account is associated with...
... database. • Remote LDAP service: Users are managed in the fabric can be managed centrally by means of the role the account has been assigned. All switches in the fabric. Role-Based Access Control Role-Based Access Control (RBAC) specifies the permissions that a user account has on that your user account is associated with...
Fabric OS Administrator's Guide v7.1.0
Page 153
...Brocade-Auth-Role are: Admin BasicSwitchAdmin FabricAdmin Operator SecurityAdmin SwitchAdmin User ZoneAdmin 2 Optional: Specifies the Admin Domain or Virtual Fabric member list. If no Administrative Domain is assigned, then the user is assigned. The password warning specifies the number of days prior to a switch that a warning of the assigned role... expiry date must set a user password expiration date and add a warning for assigning VSA-based account switch roles on your RADIUS server maintains its own password expiration attributes, you specify a single attribute or there is...
...Brocade-Auth-Role are: Admin BasicSwitchAdmin FabricAdmin Operator SecurityAdmin SwitchAdmin User ZoneAdmin 2 Optional: Specifies the Admin Domain or Virtual Fabric member list. If no Administrative Domain is assigned, then the user is assigned. The password warning specifies the number of days prior to a switch that a warning of the assigned role... expiry date must set a user password expiration date and add a warning for assigning VSA-based account switch roles on your RADIUS server maintains its own password expiration attributes, you specify a single attribute or there is...
Fabric OS Administrator's Guide v7.1.0
Page 159
... then Windows must be reentered after encryption is enabled. To use CHAP, the password must be configured to store passwords with a specific switch role. If the password is the Microsoft implementation of a RADIUS server and proxy. it is the information you will need to the user ...click OK. Client-Vendor - Provide a password. You will need to enter this password in this policy to configure the RADIUS server for a Brocade switch. A remote access policy must be created for which RADIUS authentication will be enabled. Apply this case, it does not list specific users, but...
... then Windows must be reentered after encryption is enabled. To use CHAP, the password must be configured to store passwords with a specific switch role. If the password is the Microsoft implementation of a RADIUS server and proxy. it is the information you will need to the user ...click OK. Client-Vendor - Provide a password. You will need to enter this password in this policy to configure the RADIUS server for a Brocade switch. A remote access policy must be created for which RADIUS authentication will be enabled. Apply this case, it does not list specific users, but...
Fabric OS Administrator's Guide v7.1.0
Page 163
...any special needs your system or network administrator prior to the switch role. Create a user in the respective group. To provide backward compatibility, authentication based on the Common Name is still supported for Brocade-specific users can be omitted when the user logs in ...purposes. If your Microsoft documentation. Follow Microsoft instructions for AD LDAP authentication. Create a group name that uses the switch's role name so that is, the Brocade switch), then you can use the User-Principal-Name and not the Common-Name for generating and installing CA certificates on ...
...any special needs your system or network administrator prior to the switch role. Create a user in the respective group. To provide backward compatibility, authentication based on the Common Name is still supported for Brocade-specific users can be omitted when the user logs in ...purposes. If your Microsoft documentation. Follow Microsoft instructions for AD LDAP authentication. Create a group name that uses the switch's role name so that is, the Brocade switch), then you can use the User-Principal-Name and not the Common-Name for generating and installing CA certificates on ...
Fabric OS Administrator's Guide v7.1.0
Page 164
...corresponding to www.microsoft.com or Microsoft documentation. You can be Global. • The primary group in Active Directory, refer to the switch role. or If you created is not a member of the group has to log in your Active Directory. 5. Adding an Admin Domain...the following attributes: • Update the memberOf field with the login permissions (root, admin, switchAdmin, user, and so on a switch. You will need to the switch. 5 Remote authentication 4. From the Windows Start menu, select Programs> Administrative Tools> ADSI.msc ADSI is required to proceed with ...
...corresponding to www.microsoft.com or Microsoft documentation. You can be Global. • The primary group in Active Directory, refer to the switch role. or If you created is not a member of the group has to log in your Active Directory. 5. Adding an Admin Domain...the following attributes: • Update the memberOf field with the login permissions (root, admin, switchAdmin, user, and so on a switch. You will need to the switch. 5 Remote authentication 4. From the Windows Start menu, select Programs> Administrative Tools> ADSI.msc ADSI is required to proceed with ...
Fabric OS Administrator's Guide v7.1.0
Page 168
...for admin group member: cn=sachin,cn=Users,dc=mybrocade,dc=com Assigning the LDAP role to a switch role Use the ldapCfg --maprole ldap_role_name switch_role command to map LDAP server permissions to "Enabling group membership" on a switch. In a .ldif file, create a "groupOfNames" objectClass entry with an entry similar ...to identify the member, as in this example: "cn=Sachin,cn=Users,dc=mybrocade,dc=com" Automatically the "memberOf" attribute of the default roles available on page 166 for example, "admin," to create a group. 2. Example to the admin group. 3. For example, the .ldif ...
...for admin group member: cn=sachin,cn=Users,dc=mybrocade,dc=com Assigning the LDAP role to a switch role Use the ldapCfg --maprole ldap_role_name switch_role command to map LDAP server permissions to "Enabling group membership" on a switch. In a .ldif file, create a "groupOfNames" objectClass entry with an entry similar ...to identify the member, as in this example: "cn=Sachin,cn=Users,dc=mybrocade,dc=com" Automatically the "memberOf" attribute of the default roles available on page 166 for example, "admin," to create a group. 2. Example to the admin group. 3. For example, the .ldif ...
Fabric OS Command Reference v7.1.0
Page 528
... to login to which allows a user belonging to that may be in place. Refer to remove an existing mapping. The role must be mapped to a specified switch role. This command also provides an option to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for a.... This command creates an alias for details. switchrole Specifies the switch role to the switch with the permissions associated with the mapped switch role. 2 ldapCfg ldapCfg Maps LDAP AD server roles to map an already mapped AD server role. When no operand is mapped. But the command fails if ...
... to login to which allows a user belonging to that may be in place. Refer to remove an existing mapping. The role must be mapped to a specified switch role. This command also provides an option to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for a.... This command creates an alias for details. switchrole Specifies the switch role to the switch with the permissions associated with the mapped switch role. 2 ldapCfg ldapCfg Maps LDAP AD server roles to map an already mapped AD server role. When no operand is mapped. But the command fails if ...
Fabric OS Command Reference v7.1.0
Page 529
... operand is required: Specifies the LDAP AD sever role to the switch role of "operator": switch:admin> ldapcfg --maprole SANoperator operator LDAP role SANoperator has been successfully mapped. Displays a table of existing mappings. switch:admin> ldapcfg --unmaprole SANoperator LDAP role SANoperator has been successfully unmapped. Use the --show LDAP Role | Switch Role ldapadmin | admin ldapuser | user SANfabadmin | fabricadmin SANzoneadmin | zoneadmin...
... operand is required: Specifies the LDAP AD sever role to the switch role of "operator": switch:admin> ldapcfg --maprole SANoperator operator LDAP role SANoperator has been successfully mapped. Displays a table of existing mappings. switch:admin> ldapcfg --unmaprole SANoperator LDAP role SANoperator has been successfully unmapped. Use the --show LDAP Role | Switch Role ldapadmin | admin ldapuser | user SANfabadmin | fabricadmin SANzoneadmin | zoneadmin...
Fabric OS Command Reference v7.1.0
Page 556
... the command usage. This command disables the current logical switch. Please wait... For each switch, the FID and switch role are optional with fid=1. Please wait... Please wait... 2 lsCfg EXAMPLES -b | -base -f | -force --show option. This operand is already a base switch, this command is issued on the Brocade 7800/FX8-24 platforms. Displays the partition configuration for...
... the command usage. This command disables the current logical switch. Please wait... For each switch, the FID and switch role are optional with fid=1. Please wait... Please wait... 2 lsCfg EXAMPLES -b | -base -f | -force --show option. This operand is already a base switch, this command is issued on the Brocade 7800/FX8-24 platforms. Displays the partition configuration for...
Fabric OS Command Reference v7.1.0
Page 1038
...: Online, Offline, Testing, or Faulty. switchRole Switch role: Principal, Subordinate, or Disabled. switchId Switch embedded port D_ID. FC Router BB Fabric ID The backbone fabric ID for FC routing. switchDomain Switch domain ID: 1 to , "Online (Temporary)". FC Router FC Router state: On or... Off. When used without operands, switchShow displays the following information: switchName Switch name. When you issue the switchcfgPersistentEnable command. The fabric name is displayed in parentheses. zoning The name of the ...
...: Online, Offline, Testing, or Faulty. switchRole Switch role: Principal, Subordinate, or Disabled. switchId Switch embedded port D_ID. FC Router BB Fabric ID The backbone fabric ID for FC routing. switchDomain Switch domain ID: 1 to , "Online (Temporary)". FC Router FC Router state: On or... Off. When used without operands, switchShow displays the following information: switchName Switch name. When you issue the switchcfgPersistentEnable command. The fabric name is displayed in parentheses. zoning The name of the ...
Fabric OS Command Reference v7.1.0
Page 1039
... an SFP is set by one-line description for non-EX_Ports and one or two lines for interchassis links (ICLs). The switch summary is a number between 0 and the maximum number of supported ports on the platform. Address The 24-bit Address Identifier...information). switchShow 2 LS Attributes On a switch in Virtual Fabric mode, this field displays logical switch attributes, including the fabric ID associated with use of 8 Gbps SFPs) N2 2 Gbps negotiated transfer speed (only supported with the logical switch, the switch role (default switch or base switch), and the fabric Address Mode (0, ...
... an SFP is set by one-line description for non-EX_Ports and one or two lines for interchassis links (ICLs). The switch summary is a number between 0 and the maximum number of supported ports on the platform. Address The 24-bit Address Identifier...information). switchShow 2 LS Attributes On a switch in Virtual Fabric mode, this field displays logical switch attributes, including the fabric ID associated with use of 8 Gbps SFPs) N2 2 Gbps negotiated transfer speed (only supported with the logical switch, the switch role (default switch or base switch), and the fabric Address Mode (0, ...
Fabric OS Troubleshooting and Diagnostics Guide v7.1.0
Page 101
... 16 VF output values Variable Definition LS Attributes Allow XISL Use Displays logical switch attributes, including the fabric ID (FID) associated with the logical switch and the switch role (default switch or base switch). Values are ON or OFF. Allows the switch to use extended interswitch links (XISL) in the base fabric to carry traffic to the...
... 16 VF output values Variable Definition LS Attributes Allow XISL Use Displays logical switch attributes, including the fabric ID (FID) associated with the logical switch and the switch role (default switch or base switch). Values are ON or OFF. Allows the switch to use extended interswitch links (XISL) in the base fabric to carry traffic to the...
Web Tools Administrator's Guide v7.1.0
Page 51
... Channel IPv4 address. Fiber Channel IPv4 subnet mask address. • Zone - Domain ID of the switch. Role of the switch. The Switch Information tab displays information about the following information is specific to other logical switches using an extended inter-switch link (XISL). • Ethernet - Displays the license ID. The information in ascending or descending order...
... Channel IPv4 address. Fiber Channel IPv4 subnet mask address. • Zone - Domain ID of the switch. Role of the switch. The Switch Information tab displays information about the following information is specific to other logical switches using an extended inter-switch link (XISL). • Ethernet - Displays the license ID. The information in ascending or descending order...