Access Gateway Administrator's Guide 7.1.0
Page 2
...Guangzhou, China Tel: +8620 3891 2000 Fax: +8620 3891 2111 E-mail: china-info@brocade.com All Rights Reserved. To find out which open source software is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any loss, cost, liability, or damages ...arising from the United States government. Brocade reserves the right to make changes to be offered by the GNU General ...
...Guangzhou, China Tel: +8620 3891 2000 Fax: +8620 3891 2111 E-mail: china-info@brocade.com All Rights Reserved. To find out which open source software is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any loss, cost, liability, or damages ...arising from the United States government. Brocade reserves the right to make changes to be offered by the GNU General ...
Access Gateway Administrator's Guide 7.1.0
Page 6
... a port group and enabling Automatic Login Balancing mode 44 Enabling MFNM mode 45 Disabling MFNM mode 45 Displaying the current MFNM mode timeout value 46 Setting the current MFNM mode timeout value 46 Port Grouping policy considerations 46 Upgrade and downgrade considerations for the Port Grouping policy 47 Device Load Balancing...
... a port group and enabling Automatic Login Balancing mode 44 Enabling MFNM mode 45 Disabling MFNM mode 45 Displaying the current MFNM mode timeout value 46 Setting the current MFNM mode timeout value 46 Port Grouping policy considerations 46 Upgrade and downgrade considerations for the Port Grouping policy 47 Device Load Balancing...
Access Gateway Administrator's Guide 7.1.0
Page 7
... NPIV login limit 67 Setting the login limit 67 Advanced Performance Monitoring 68 End-to-end monitors 68 Frame monitors 69 Limitations for using APM 70 Considerations for the Brocade 8000 70 Port mapping 70 Policy and feature support 70 Fabric OS command support 71 Considerations for the Brocade 6505 and 6510 72 vii
... NPIV login limit 67 Setting the login limit 67 Advanced Performance Monitoring 68 End-to-end monitors 68 Frame monitors 69 Limitations for using APM 70 Considerations for the Brocade 8000 70 Port mapping 70 Policy and feature support 70 Fabric OS command support 71 Considerations for the Brocade 6505 and 6510 72 vii
Access Gateway Administrator's Guide 7.1.0
Page 13
... Administrator's Guide xiii 53-1002743-01 This preface contains the following components: • Chapter 1, "Access Gateway Basic Concepts" describes the Brocade Access Gateway and provides an overview of its key features. • Chapter 2, "Configuring Ports in Access Gateway Mode" describes how to...Access Gateway mode. • Chapter 3, "Managing Policies and Features in Access Gateway Mode" describes how to enable policies on how to set up failover and failback, and discusses how trunking and Adaptive Networking work in AG. • Chapter 4, "SAN Configuration with Access Gateway...
... Administrator's Guide xiii 53-1002743-01 This preface contains the following components: • Chapter 1, "Access Gateway Basic Concepts" describes the Brocade Access Gateway and provides an overview of its key features. • Chapter 2, "Configuring Ports in Access Gateway Mode" describes how to...Access Gateway mode. • Chapter 3, "Managing Policies and Features in Access Gateway Mode" describes how to enable policies on how to set up failover and failback, and discusses how trunking and Adaptive Networking work in AG. • Chapter 4, "SAN Configuration with Access Gateway...
Access Gateway Administrator's Guide 7.1.0
Page 21
... Switches in AG mode are logically transparent to the Fabric OS Command Reference Manual, the Web Tools Administrator's Guide, or the Brocade Network Advisor User Guide for more information about AG support in those tools. Comparing Native Fabric and Access Gateway modes The following ... in Access Gateway mode 3 •Access Gateway port types 9 •Access Gateway hardware considerations 11 Brocade Access Gateway overview Brocade Access Gateway (AG) is a Fabric OS feature that you set a Fabric OS switch to AG mode, the F_Ports connect to the Enterprise fabric as N_Ports rather than...
... Switches in AG mode are logically transparent to the Fabric OS Command Reference Manual, the Web Tools Administrator's Guide, or the Brocade Network Advisor User Guide for more information about AG support in those tools. Comparing Native Fabric and Access Gateway modes The following ... in Access Gateway mode 3 •Access Gateway port types 9 •Access Gateway hardware considerations 11 Brocade Access Gateway overview Brocade Access Gateway (AG) is a Fabric OS feature that you set a Fabric OS switch to AG mode, the F_Ports connect to the Enterprise fabric as N_Ports rather than...
Access Gateway Administrator's Guide 7.1.0
Page 27
... the connecting device initiates authentication. Authentication will not disable AG F_Ports if the connecting device does not support authentication or the policy mode is set to off . Access Gateway Administrator's Guide 7 53-1002743-01 The ports on the AG connected to the switch or device will be ... on, off policy modes are supported on the AG switch. The AG does not initiate authentication when connected to on since the on policy is set to off . To perform authentication with switch policy, the on and off , and passive modes are supported by Access Gateway: • On ...
... the connecting device initiates authentication. Authentication will not disable AG F_Ports if the connecting device does not support authentication or the policy mode is set to off . Access Gateway Administrator's Guide 7 53-1002743-01 The ports on the AG connected to the switch or device will be ... on, off policy modes are supported on the AG switch. The AG does not initiate authentication when connected to on since the on policy is set to off . To perform authentication with switch policy, the on and off , and passive modes are supported by Access Gateway: • On ...
Access Gateway Administrator's Guide 7.1.0
Page 28
... AG switch with switch policy mode on cascaded AG switch configurations. 8 Access Gateway Administrator's Guide 53-1002743-01 policy • authutil --show • authutil --set • secauthsecret --set • secauthsecret --show NOTE Although authutil --authinit is not supported in AG mode, it is not supported on Authorization negotiation - For more information, refer...
... AG switch with switch policy mode on cascaded AG switch configurations. 8 Access Gateway Administrator's Guide 53-1002743-01 policy • authutil --show • authutil --set • secauthsecret --set • secauthsecret --show NOTE Although authutil --authinit is not supported in AG mode, it is not supported on Authorization negotiation - For more information, refer...
Access Gateway Administrator's Guide 7.1.0
Page 29
... participates in diagnostic mode so that various tests can connect to connect the same number of hosts to an Edge fabric switch. After a switch is set in Access Gateway mode, it can run between an AG switch running Fabric OS v7.1.0 or later and a fabric running Fabric OS earlier than v7...
... participates in diagnostic mode so that various tests can connect to connect the same number of hosts to an Edge fabric switch. After a switch is set in Access Gateway mode, it can run between an AG switch running Fabric OS v7.1.0 or later and a fabric running Fabric OS earlier than v7...
Access Gateway Administrator's Guide 7.1.0
Page 33
...switch before making configuration changes. 6. For more information on page 17. For more information on AG default port mapping, see Table 7 on setting switches to Native mode, refer to enable and disable Access Gateway mode. All Fibre Channel ports are active. Access Gateway Administrator's Guide 13 53... in these steps, refer to AG mode, save the current configuration file using a factory default port mapping. If any transaction buffer is set the switch to verify the switch mode. If the switch mode is erased, such as the zone and security databases. Issue the switchShow...
...switch before making configuration changes. 6. For more information on page 17. For more information on AG default port mapping, see Table 7 on setting switches to Native mode, refer to enable and disable Access Gateway mode. All Fibre Channel ports are active. Access Gateway Administrator's Guide 13 53... in these steps, refer to AG mode, save the current configuration file using a factory default port mapping. If any transaction buffer is set the switch to verify the switch mode. If the switch mode is erased, such as the zone and security databases. Issue the switchShow...
Access Gateway Administrator's Guide 7.1.0
Page 36
... a switch in Figure 5. If you first enable a switch for all N_Ports. Figure 5 on page 16 shows an example in which eight F_Ports are mapped to a set of the port mapping in AG mode. 2 Access Gateway mapping Port mapping F_Ports must be mapped to N_Ports before the F_Port can come online. 16...
... a switch in Figure 5. If you first enable a switch for all N_Ports. Figure 5 on page 16 shows an example in which eight F_Ports are mapped to a set of the port mapping in AG mode. 2 Access Gateway mapping Port mapping F_Ports must be mapped to N_Ports before the F_Port can come online. 16...
Access Gateway Administrator's Guide 7.1.0
Page 40
... mapping. 1. Enter the ag --mapshow command and specify the port number to display the list of F_Ports to an N_Port. Remove any preferred secondary N_Port settings for the F_Port. The F_Port list can contain multiple F_Port numbers separated by adding F_Ports to the N_Port. Enter the ag command with the f_port1...
... mapping. 1. Enter the ag --mapshow command and specify the port number to display the list of F_Ports to an N_Port. Remove any preferred secondary N_Port settings for the F_Port. The F_Port list can contain multiple F_Port numbers separated by adding F_Ports to the N_Port. Enter the ag command with the f_port1...
Access Gateway Administrator's Guide 7.1.0
Page 41
...Balancing. Because F_Port Static Mapping forces the F_Port to stick with cascaded Access Gateway configurations. • Failover, failback, and preferred secondary N_Port settings are disabled for an F_Port already, you must remove all attached devices log out of the following when using the Automatic Port Configuration (APC...blocked from using F_Port Static Mapping with Access Gateway features and policies: • F_Port Static Mapping is not supported on the Brocade 8000 switch. • F_Port Static Mapping functions with a specific N_Port, NPIV devices that port group.
...Balancing. Because F_Port Static Mapping forces the F_Port to stick with cascaded Access Gateway configurations. • Failover, failback, and preferred secondary N_Port settings are disabled for an F_Port already, you must remove all attached devices log out of the following when using the Automatic Port Configuration (APC...blocked from using F_Port Static Mapping with Access Gateway features and policies: • F_Port Static Mapping is not supported on the Brocade 8000 switch. • F_Port Static Mapping functions with a specific N_Port, NPIV devices that port group.
Access Gateway Administrator's Guide 7.1.0
Page 44
..." as opposed to the original static mapping. If a device is mapped to an N_Port group, then all mapping is an ideal choice when a reasonably sized set of devices must connect to the same group of N_Ports, and you want the flexibility of mapping is recommended because the device will automatically connect...
..." as opposed to the original static mapping. If a device is mapped to an N_Port group, then all mapping is an ideal choice when a reasonably sized set of devices must connect to the same group of N_Ports, and you want the flexibility of mapping is recommended because the device will automatically connect...
Access Gateway Administrator's Guide 7.1.0
Page 47
... WWN, this can also occur when a VM first boots, prior to any additional disruptions, the server will not switch back to push a set of port group changes and a set of device mapping changes, they are mapped to an F_Port can be enabled by default. VMware configuration considerations Enabling device mapping for individual...
... WWN, this can also occur when a VM first boots, prior to any additional disruptions, the server will not switch back to push a set of port group changes and a set of device mapping changes, they are mapped to an F_Port can be enabled by default. VMware configuration considerations Enabling device mapping for individual...
Access Gateway Administrator's Guide 7.1.0
Page 56
...if the Failover and Failback policies are directly connected to all devices have access to the SAN. You can restrict the fabric connectivity to a set of devices where AG maintains a per-port allow list for each F_Port by specifying their Port WWN (PWWN). It is a security policy that...Device Load Balancing and Automatic Login Balancing cannot be enabled at the AG level to a particular set of both the Core and Edge AGs. You can configure the list of allowed devices for the set of authorized devices. For information on configuring the DCC policy, see "Enabling the DCC policy...
...if the Failover and Failback policies are directly connected to all devices have access to the SAN. You can restrict the fabric connectivity to a set of devices where AG maintains a per-port allow list for each F_Port by specifying their Port WWN (PWWN). It is a security policy that...Device Load Balancing and Automatic Login Balancing cannot be enabled at the AG level to a particular set of both the Core and Edge AGs. You can configure the list of allowed devices for the set of authorized devices. For information on configuring the DCC policy, see "Enabling the DCC policy...
Access Gateway Administrator's Guide 7.1.0
Page 57
... save the configuration using the configUpload command in to log in case you manually disable the ADS policy, all of double quotation marks ("") to set the allow list to log in quotation marks. List members must be specified for this configuration again. 1. A blank WWN list ("") indicates no...ADS policy. Enter the ag --policydisable ads command to enable the ADS policy. Enter the ag --adsset command with the appropriate options to set the allow list to succeed. When you need this command to "no access. switch:admin> ag --policyenable ads The policy ADS is ...
... save the configuration using the configUpload command in to log in case you manually disable the ADS policy, all of double quotation marks ("") to set the allow list to log in quotation marks. List members must be specified for this configuration again. 1. A blank WWN list ("") indicates no...ADS policy. Enter the ag --policydisable ads command to enable the ADS policy. Enter the ag --adsset command with the appropriate options to set the allow list to succeed. When you need this command to "no access. switch:admin> ag --policyenable ads The policy ADS is ...
Access Gateway Administrator's Guide 7.1.0
Page 58
... this command to the admin role. 2. Lists must be enclosed in 1. Enter the ag --adsadd command with the appropriate options to set successfully as the Allow Lists of the F_Port[s] Removing devices from the list of allowed devices Remove specified WWNs from the list of allowed...devices (for this command and its operands, refer to the specified F_Ports using an account assigned to succeed. 1. 3 Advanced Device Security policy Setting the list of devices not allowed to the Fabric OS Command Reference Manual. List members must be separated by semicolons. Enter the ag --...
... this command to the admin role. 2. Lists must be enclosed in 1. Enter the ag --adsadd command with the appropriate options to set successfully as the Allow Lists of the F_Port[s] Removing devices from the list of allowed devices Remove specified WWNs from the list of allowed...devices (for this command and its operands, refer to the specified F_Ports using an account assigned to succeed. 1. 3 Advanced Device Security policy Setting the list of devices not allowed to the Fabric OS Command Reference Manual. List members must be separated by semicolons. Enter the ag --...
Access Gateway Administrator's Guide 7.1.0
Page 59
...2. This policy is detected. APC dynamically maps F_Ports across available N_Ports so they are considerations for setting the ADS policy: • In cascading configurations, you should set the ADS policy on the AG module that directly connects to the Fabric OS Command Reference Manual. ...is connected to automatically discover port types (host, target, or fabric) and dynamically update the port maps when a change the ADS policy settings. Enter the ag --adsshow command. Automatic Port Configuration policy The Automatic Port Configuration (APC) provides the ability to a Fabric switch, AG...
...2. This policy is detected. APC dynamically maps F_Ports across available N_Ports so they are considerations for setting the ADS policy: • In cascading configurations, you should set the ADS policy on the AG module that directly connects to the Fabric OS Command Reference Manual. ...is connected to automatically discover port types (host, target, or fabric) and dynamically update the port maps when a change the ADS policy settings. Enter the ag --adsshow command. Automatic Port Configuration policy The Automatic Port Configuration (APC) provides the ability to a Fabric switch, AG...
Access Gateway Administrator's Guide 7.1.0
Page 64
... event occurs. A table containing a port group with the appropriate options to enable automatic login redistribution of F_Ports in port group 1 in using the steps under "Setting the current MFNM mode timeout value" on page 45. In "managed" mode, automatic failover is logged into RASLOG. Creating a port group and enabling Automatic Login...
... event occurs. A table containing a port group with the appropriate options to enable automatic login redistribution of F_Ports in port group 1 in using the steps under "Setting the current MFNM mode timeout value" on page 45. In "managed" mode, automatic failover is logged into RASLOG. Creating a port group and enabling Automatic Login...
Access Gateway Administrator's Guide 7.1.0
Page 65
...options to the Fabric OS Command Reference Manual. Enter the ag --pgdelmodes command with the appropriate options to display the automatic login redistribution settings for port groups. switch:admin> ag --pgdelmodes 3 "mfnm" Managed Fabric Name Monitoring mode has been disabled for Port Group 3...page 44. For more details on this command and its operands, refer to N_Ports. This command also displays the automatic login redistribution settings for port group 3. In the following example, MFNM mode is disabled for port 3. If disabled, "mfnm" should not display under...
...options to the Fabric OS Command Reference Manual. Enter the ag --pgdelmodes command with the appropriate options to display the automatic login redistribution settings for port groups. switch:admin> ag --pgdelmodes 3 "mfnm" Managed Fabric Name Monitoring mode has been disabled for Port Group 3...page 44. For more details on this command and its operands, refer to N_Ports. This command also displays the automatic login redistribution settings for port group 3. In the following example, MFNM mode is disabled for port 3. If disabled, "mfnm" should not display under...