Access Gateway Administrator's Guide 7.1.0
Page 3
October 2007 Added support for Cascading Access Gateway. bit routing Added support for the March 2008 300 and 4424 models. November 2008 Updated for new features: - Added support for Fabric OS v6.3.0. Advance Device Security policy - 16- Direct Target Connectivity -...Administrator's Guide 53-1001189-01 53-1001345-01 53-1001760-01 53-1002156-01 53-1002475-01 53-1002743-01 Summary of contents. Masterless Trunking - July 2008 Updated for new policies and changes to fix the table of changes Publication date First version. June 2007 Added support for Fabric...
October 2007 Added support for Cascading Access Gateway. bit routing Added support for the March 2008 300 and 4424 models. November 2008 Updated for new features: - Added support for Fabric OS v6.3.0. Advance Device Security policy - 16- Direct Target Connectivity -...Administrator's Guide 53-1001189-01 53-1001345-01 53-1001760-01 53-1002156-01 53-1002475-01 53-1002743-01 Summary of contents. Masterless Trunking - July 2008 Updated for new policies and changes to fix the table of changes Publication date First version. June 2007 Added support for Fabric...
Access Gateway Administrator's Guide 7.1.0
Page 7
...unreliable links (N_Port monitoring 57 Trunking in Access Gateway mode 58 How trunking works 58 Configuring trunking on the Edge switch 58 Configuration management for trunk areas 59 Enabling trunking 61 Disabling F_Port trunking 61 Monitoring trunking 61 AG trunking considerations for the Edge switch 62 Trunking considerations for Access Gateway mode 65... Monitoring 68 End-to-end monitors 68 Frame monitors 69 Limitations for using APM 70 Considerations for the Brocade 8000 70 Port mapping 70 Policy and feature support 70 Fabric OS command support 71 Considerations for the...
...unreliable links (N_Port monitoring 57 Trunking in Access Gateway mode 58 How trunking works 58 Configuring trunking on the Edge switch 58 Configuration management for trunk areas 59 Enabling trunking 61 Disabling F_Port trunking 61 Monitoring trunking 61 AG trunking considerations for the Edge switch 62 Trunking considerations for Access Gateway mode 65... Monitoring 68 End-to-end monitors 68 Frame monitors 69 Limitations for using APM 70 Considerations for the Brocade 8000 70 Port mapping 70 Policy and feature support 70 Fabric OS command support 71 Considerations for the...
Access Gateway Administrator's Guide 7.1.0
Page 11
... 11 Port state description 14 Description of port mapping 16 Access Gateway default port mapping 17 Policy enforcement matrix 36 Address identifier 60 Access Gateway trunking considerations for the Edge switch 62 PWWN format for F_Port and N_Port trunk ports 65 Troubleshooting 81 Access Gateway Administrator's Guide xi 53-1002743-01
... 11 Port state description 14 Description of port mapping 16 Access Gateway default port mapping 17 Policy enforcement matrix 36 Address identifier 60 Access Gateway trunking considerations for the Edge switch 62 PWWN format for F_Port and N_Port trunk ports 65 Troubleshooting 81 Access Gateway Administrator's Guide xi 53-1002743-01
Access Gateway Administrator's Guide 7.1.0
Page 13
...How this document is organized This document is a procedural guide to enable policies on how to set up failover and failback, and discusses how trunking and Adaptive Networking work in AG. • Chapter 4, "SAN Configuration with Access Gateway" describes how to connect multiple devices using Access Gateway... terms for Access Gateway xvii •Additional information xviii •Getting technical help SAN administrators configure and manage Brocade Access Gateway (AG). It also provides information on a switch in Access Gateway mode. Access Gateway Administrator's Guide xiii 53-1002743-01...
...How this document is organized This document is a procedural guide to enable policies on how to set up failover and failback, and discusses how trunking and Adaptive Networking work in AG. • Chapter 4, "SAN Configuration with Access Gateway" describes how to connect multiple devices using Access Gateway... terms for Access Gateway xvii •Additional information xviii •Getting technical help SAN administrators configure and manage Brocade Access Gateway (AG). It also provides information on a switch in Access Gateway mode. Access Gateway Administrator's Guide xiii 53-1002743-01...
Access Gateway Administrator's Guide 7.1.0
Page 25
...User Service (RADIUS) Resource Monitor Yes Security Yes (ADS/DCC Policy) SNMP Yes Speed Negotiation Yes Syslog Daemon Yes Track Changes Yes Trunking Yes** User-Defined Roles Yes ValueLineOptions (Static Yes POD, DPOD) Virtual Fabrics No Refer to "Access Gateway hardware considerations" on page ...support This Fabric OS feature is behaving as an AG, RBAC features in following configurations: • Between AG switch F_Port and Brocade HBA port using Adapter v3.2 or greater firmware or any device supporting credit recovery, This feature only works at the maximum supported ...
...User Service (RADIUS) Resource Monitor Yes Security Yes (ADS/DCC Policy) SNMP Yes Speed Negotiation Yes Syslog Daemon Yes Track Changes Yes Trunking Yes** User-Defined Roles Yes ValueLineOptions (Static Yes POD, DPOD) Virtual Fabrics No Refer to "Access Gateway hardware considerations" on page ...support This Fabric OS feature is behaving as an AG, RBAC features in following configurations: • Between AG switch F_Port and Brocade HBA port using Adapter v3.2 or greater firmware or any device supporting credit recovery, This feature only works at the maximum supported ...
Access Gateway Administrator's Guide 7.1.0
Page 26
...in R_RDY or VC_RDY mode. Virtual Fabrics support Although you cannot enable AG mode on a switch enabled for FEC: • Supported on Brocade 16 Gbps platforms only. • Supported by Fabric OS 7.1.0 and later. • Enabled by default. Device authentication support Devices use DH...or cascaded AG switch. If an FCAP certificate is sending login request with fabric assigned PWWN (FA-PWWN), FEC, QoS, and trunking Fabric OS features. Specific switch platforms support this command. This prevents any unauthorized device from logging into switches only after exchanging DH_CHAP ...
...in R_RDY or VC_RDY mode. Virtual Fabrics support Although you cannot enable AG mode on a switch enabled for FEC: • Supported on Brocade 16 Gbps platforms only. • Supported by Fabric OS 7.1.0 and later. • Enabled by default. Device authentication support Devices use DH...or cascaded AG switch. If an FCAP certificate is sending login request with fabric assigned PWWN (FA-PWWN), FEC, QoS, and trunking Fabric OS features. Specific switch platforms support this command. This prevents any unauthorized device from logging into switches only after exchanging DH_CHAP ...
Access Gateway Administrator's Guide 7.1.0
Page 39
...refer to "Default port mapping" on page 16), consider the following connections are divided into six groups, or trunks, consisting of four ports each. Brocade 8000 mapping differences The Brocade 8000 contains 24 internal FCoE ports and 8 external Fibre Channel ports. Although you should map them to separate ... for these FCoE ports: • All four FCoE ports in the group are mapped to one N_Port. Access Gateway mapping 2 TABLE 7 Brocade Model 6510 Access Gateway default port mapping (Continued) Total ports F_Ports N_Ports 48 0-39 40-47 8000 32 8-31 0-7 FCoE ports mapped as...
...refer to "Default port mapping" on page 16), consider the following connections are divided into six groups, or trunks, consisting of four ports each. Brocade 8000 mapping differences The Brocade 8000 contains 24 internal FCoE ports and 8 external Fibre Channel ports. Although you should map them to separate ... for these FCoE ports: • All four FCoE ports in the group are mapped to one N_Port. Access Gateway mapping 2 TABLE 7 Brocade Model 6510 Access Gateway default port mapping (Continued) Total ports F_Ports N_Ports 48 0-39 40-47 8000 32 8-31 0-7 FCoE ports mapped as...
Access Gateway Administrator's Guide 7.1.0
Page 41
...that other AG features and policies Consider the following command to policy behavior. Access Gateway Administrator's Guide 21 53-1002743-01 If port trunking is enabled for the F_Port. Upgrade and downgrade considerations • All static mappings will not be maintained when upgrading to the new... the Port Grouping (PG) policy with a specific N_Port, NPIV devices that port group. If an F_Port is not supported on the Brocade 8000 switch. • F_Port Static Mapping functions with Device Load Balancing. You cannot enable the APC policy until all static mappings are ...
...that other AG features and policies Consider the following command to policy behavior. Access Gateway Administrator's Guide 21 53-1002743-01 If port trunking is enabled for the F_Port. Upgrade and downgrade considerations • All static mappings will not be maintained when upgrading to the new... the Port Grouping (PG) policy with a specific N_Port, NPIV devices that port group. If an F_Port is not supported on the Brocade 8000 switch. • F_Port Static Mapping functions with Device Load Balancing. You cannot enable the APC policy until all static mappings are ...
Access Gateway Administrator's Guide 7.1.0
Page 55
.... Connect to the switch and log in using an account assigned to control various advanced features, such as failover, failback, and trunking, when used to the admin role. 2. Enter the ag --policyshow command. Displaying current policies You can be used in Access Gateway... Gateway 65 •Per-Port NPIV login limit 67 •Advanced Performance Monitoring 68 •Considerations for the Brocade 8000 70 •Considerations for the Brocade 6505 and 6510 72 Access Gateway policies overview This chapter provides detailed information on a switch. 1. Access Gateway Administrator...
.... Connect to the switch and log in using an account assigned to control various advanced features, such as failover, failback, and trunking, when used to the admin role. 2. Enter the ag --policyshow command. Displaying current policies You can be used in Access Gateway... Gateway 65 •Per-Port NPIV login limit 67 •Advanced Performance Monitoring 68 •Considerations for the Brocade 8000 70 •Considerations for the Brocade 6505 and 6510 72 Access Gateway policies overview This chapter provides detailed information on a switch. 1. Access Gateway Administrator...
Access Gateway Administrator's Guide 7.1.0
Page 56
...in the Enterprise fabric using the Device Connection Control (DCC) policy. The DCC policy in the Auto Port Configuration policy row, only N_Port Trunking and Advanced Device Security can be enabled with active connections to all F_Ports on Core AGs, such as the AGs that restricts access to ...view the devices with this policy. By default, all ports. For information on configuring the DCC policy, see "Enabling the DCC policy on a trunk" on all devices have access to implement the security policy in the AG module rather than in through an F_Port. It is a security policy that...
...in the Enterprise fabric using the Device Connection Control (DCC) policy. The DCC policy in the Auto Port Configuration policy row, only N_Port Trunking and Advanced Device Security can be enabled with active connections to all F_Ports on Core AGs, such as the AGs that restricts access to ...view the devices with this policy. By default, all ports. For information on configuring the DCC policy, see "Enabling the DCC policy on a trunk" on all devices have access to implement the security policy in the AG module rather than in through an F_Port. It is a security policy that...
Access Gateway Administrator's Guide 7.1.0
Page 68
...steps. 48 Access Gateway Administrator's Guide 53-1002743-01 You can enable Persistent ALPA using the Device Load Balancing policy, make sure that trunk. Because the Arbitrated Port Loop Address (ALPA) field makes up the device with operating systems that a host has the same ALPA on ...the fabric, this request may be proportional to determine the devices using a particular trunk. • When using the ag --persistentalpaenable command with the following syntax and with one of the following modes deal with this policy is...
...steps. 48 Access Gateway Administrator's Guide 53-1002743-01 You can enable Persistent ALPA using the Device Load Balancing policy, make sure that trunk. Because the Arbitrated Port Loop Address (ALPA) field makes up the device with operating systems that a host has the same ALPA on ...the fabric, this request may be proportional to determine the devices using a particular trunk. • When using the ag --persistentalpaenable command with the following syntax and with one of the following modes deal with this policy is...
Access Gateway Administrator's Guide 7.1.0
Page 78
... links between N_Ports on the AG module and F_Ports on N_Ports that the trunking license is assigned to Brocade fabrics. 3 Trunking in Access Gateway mode Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of a port trunk group. 58 Access Gateway Administrator's Guide 53-1002743-01 ensure that distributes...
... links between N_Ports on the AG module and F_Ports on N_Ports that the trunking license is assigned to Brocade fabrics. 3 Trunking in Access Gateway mode Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of a port trunk group. 58 Access Gateway Administrator's Guide 53-1002743-01 ensure that distributes...
Access Gateway Administrator's Guide 7.1.0
Page 79
... the ports on an AG. 6. Trunk groups form when you assign a TA, the ports within a TA can be removed, but this adds the Index back to the number of the switch. A port group or a quad is no longer exist on the switch. The Brocade 300 switch supports a trunk group with TA 8 holds true.... Setting up trunking Use the following steps to any ports because index 9 and 10 no longer part of ports on domain 3. If...
... the ports on an AG. 6. Trunk groups form when you assign a TA, the ports within a TA can be removed, but this adds the Index back to the number of the switch. A port group or a quad is no longer exist on the switch. The Brocade 300 switch supports a trunk group with TA 8 holds true.... Setting up trunking Use the following steps to any ports because index 9 and 10 no longer part of ports on domain 3. If...
Access Gateway Administrator's Guide 7.1.0
Page 80
... the ports using the porttrunkarea --show enabled command. 5. Enabling the DCC policy on a trunk After you assign a Trunk Area, the porttrunkarea command checks whether there are specified to enable trunking on a port or on the Brocade FC8-48 blades. TABLE 9 Address identifier 23 22 21 20 19 18 17 16 15... 14 13 12 11 10 9 8 76 5 4 3 2 10 Domain ID Area_ID Address Identifier Port ID 1. Use the portCfgTrunkPort or switchCfgTrunk command to be included in a trunk area ...
... the ports using the porttrunkarea --show enabled command. 5. Enabling the DCC policy on a trunk After you assign a Trunk Area, the porttrunkarea command checks whether there are specified to enable trunking on a port or on the Brocade FC8-48 blades. TABLE 9 Address identifier 23 22 21 20 19 18 17 16 15... 14 13 12 11 10 9 8 76 5 4 3 2 10 Domain ID Area_ID Address Identifier Port ID 1. Use the portCfgTrunkPort or switchCfgTrunk command to be included in a trunk area ...
Access Gateway Administrator's Guide 7.1.0
Page 81
...an account assigned to re-enable the desired ports, such as in using the portdisable port command, and then reissue the command. Monitoring trunking For F_Port masterless trunking, you attempt to add a monitor to a slave port, it is selected from the old master and install the monitor on an ... log in the TA to the admin role. 2. The Advanced Performance Monitor (APM) must install Filter, EE, or TT monitors on the trunk ports. These will be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in step 2, then the following steps ...
...an account assigned to re-enable the desired ports, such as in using the portdisable port command, and then reissue the command. Monitoring trunking For F_Port masterless trunking, you attempt to add a monitor to a slave port, it is selected from the old master and install the monitor on an ... log in the TA to the admin role. 2. The Advanced Performance Monitor (APM) must install Filter, EE, or TT monitors on the trunk ports. These will be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in step 2, then the following steps ...
Access Gateway Administrator's Guide 7.1.0
Page 82
... authentication follows FLOGI on that port, only that port displays the authentication details when you issue the portshow command. Authentication The static trunk area you assign must be disabled before performing a firmware downgrade. No limitations on upgrade to ports if the standby CP is disruptive... 7.1.0 if the F_Port is the same as the first byte of the trunk group. Upgrading is the F_Port masterless trunk. The static trunk area you assign must fall within the F_Port trunk group starting from a trunk group. Because only one of the port's default areas of the PWWN....
... authentication follows FLOGI on that port, only that port displays the authentication details when you issue the portshow command. Authentication The static trunk area you assign must be disabled before performing a firmware downgrade. No limitations on upgrade to ports if the standby CP is disruptive... 7.1.0 if the F_Port is the same as the first byte of the trunk group. Upgrading is the F_Port masterless trunk. The static trunk area you assign must fall within the F_Port trunk group starting from a trunk group. Because only one of the port's default areas of the PWWN....
Access Gateway Administrator's Guide 7.1.0
Page 83
... supported on the PID of an F_Port trunk port. F_Port trunking does not support shared area ports on a switch must first enable trunking on ports that port. The only time you cannot assign a Trunk Area to assign a Trunk Area on the Brocade FC8-48 in a 48000. switchCfgTrunk 0 will fail if a Trunk Area is fastwrite-enabled, the port...
... supported on the PID of an F_Port trunk port. F_Port trunking does not support shared area ports on a switch must first enable trunking on ports that port. The only time you cannot assign a Trunk Area to assign a Trunk Area on the Brocade FC8-48 in a 48000. switchCfgTrunk 0 will fail if a Trunk Area is fastwrite-enabled, the port...
Access Gateway Administrator's Guide 7.1.0
Page 84
...same "I ". This means that Domain,Index (D,I " can remove the port from the AG will not go through DCC policy check on the Trunk Area; The "I ), which refers to Domain,Index. Two masters QoS Note: "I" refers to Index and D,I refers to an "I ) DCC... D,I Zoning (D,I) AD (D, I) DCC and (PWWN, I ", that might have the "I " for the Trunk Area group. 3 Trunking in Access Gateway mode TABLE 10 Category Access Gateway trunking considerations for the Edge switch (Continued) Description configDownload and configUpload If you issue the configdownload command for a port ...
...same "I ". This means that Domain,Index (D,I " can remove the port from the AG will not go through DCC policy check on the Trunk Area; The "I ), which refers to Domain,Index. Two masters QoS Note: "I" refers to Index and D,I refers to an "I ) DCC... D,I Zoning (D,I) AD (D, I) DCC and (PWWN, I ", that might have the "I " for the Trunk Area group. 3 Trunking in Access Gateway mode TABLE 10 Category Access Gateway trunking considerations for the Edge switch (Continued) Description configDownload and configUpload If you issue the configdownload command for a port ...
Access Gateway Administrator's Guide 7.1.0
Page 85
... for critical servers, virtual servers, or applications in that trunk. FF], FX_Ports for Brocade adapters, refer to the Brocade Adapters Administrator's Guide. Multiple trunk groups are marked as medium. When trunking is [0 - Trunking considerations for Access Gateway mode Consider the following configurations: ...port with the Quality of Service (QoS) feature on Brocade fabrics. Access Gateway Administrator's Guide 65 53-1002743-01 If a device is currently part of a trunk, then the device will not display trunking for a given source and destination traffic flow. FF],...
... for critical servers, virtual servers, or applications in that trunk. FF], FX_Ports for Brocade adapters, refer to the Brocade Adapters Administrator's Guide. Multiple trunk groups are marked as medium. When trunking is [0 - Trunking considerations for Access Gateway mode Consider the following configurations: ...port with the Quality of Service (QoS) feature on Brocade fabrics. Access Gateway Administrator's Guide 65 53-1002743-01 If a device is currently part of a trunk, then the device will not display trunking for a given source and destination traffic flow. FF],...
Access Gateway Administrator's Guide 7.1.0
Page 87
To recover, disable QoS on the port, and then enable the port. • Disabling QoS on online N_Ports in the same trunk can have a specific NPIV login limit value in each port can cause the slave N_Port ID Virtualization (NPIV) F_Port on port 12 to become ... to set the login limit. For details, refer to ports enabled for N_Ports. Connect to a Fabric OS v6.2 AG switch. • Disable QoS on trunked ports. portcfgnpivport --setloginlimit 12 200 Access Gateway Administrator's Guide 67 53-1002743-01 Otherwise, the port will automatically disable with "Area has been acquired." To...
To recover, disable QoS on the port, and then enable the port. • Disabling QoS on online N_Ports in the same trunk can have a specific NPIV login limit value in each port can cause the slave N_Port ID Virtualization (NPIV) F_Port on port 12 to become ... to set the login limit. For details, refer to ports enabled for N_Ports. Connect to a Fabric OS v6.2 AG switch. • Disable QoS on trunked ports. portcfgnpivport --setloginlimit 12 200 Access Gateway Administrator's Guide 67 53-1002743-01 Otherwise, the port will automatically disable with "Area has been acquired." To...