Administrator's Guide Supporting Fabric OS 7.1.0
Page 3
... Section II Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Fabric OS Administrator's Guide 53-1002745-02 Standard Features Understanding Fibre Channel Services 43 Performing Basic Configuration Tasks 55 Performing Advanced Configuration Tasks 79...Routing Traffic 111 Managing User Accounts 133 Configuring Protocols 177 Configuring Security Policies 195 Maintaining the Switch Configuration File 241 Installing and Maintaining Firmware 255 Managing Virtual Fabrics 275 Administering Advanced Zoning 303 Traffic Isolation Zoning 345 Bottleneck Detection 375 ...
... Section II Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Fabric OS Administrator's Guide 53-1002745-02 Standard Features Understanding Fibre Channel Services 43 Performing Basic Configuration Tasks 55 Performing Advanced Configuration Tasks 79...Routing Traffic 111 Managing User Accounts 133 Configuring Protocols 177 Configuring Security Policies 195 Maintaining the Switch Configuration File 241 Installing and Maintaining Firmware 255 Managing Virtual Fabrics 275 Administering Advanced Zoning 303 Traffic Isolation Zoning 345 Bottleneck Detection 375 ...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 12
Chapter 9 Chapter 10 Installing and Maintaining Firmware Firmware download process overview 255 Upgrading and downgrading firmware 257 Considerations for FICON CUP environments 257 HA sync state 257 Preparing for a ... Account management and Virtual Fabrics 286 Supported platforms for Virtual Fabrics 286 Supported port configurations in the fixed-port switches. . . .286 Supported port configurations in Brocade Backbones . . . . . .287 Virtual Fabrics interaction with other Fabric OS features . . . .288 12 Fabric OS Administrator...
Chapter 9 Chapter 10 Installing and Maintaining Firmware Firmware download process overview 255 Upgrading and downgrading firmware 257 Considerations for FICON CUP environments 257 HA sync state 257 Preparing for a ... Account management and Virtual Fabrics 286 Supported platforms for Virtual Fabrics 286 Supported port configurations in the fixed-port switches. . . .286 Supported port configurations in Brocade Backbones . . . . . .287 Virtual Fabrics interaction with other Fabric OS features . . . .288 12 Fabric OS Administrator...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 18
... and LSAN zones 459 Configuration upload and download in an AD context . . . . . .460 Licensed Features Administering Licensing Licensing overview 463 Brocade 7800 Upgrade license 470 ICL licensing 471 ICL 1st POD license 471 ICL 2nd POD license 471 ICL 8-link license 472 ICL 16-link license... 479 Expired licenses 480 Universal temporary licenses 480 Extending a universal temporary license 480 Universal temporary license shelf life 480 Viewing installed licenses 481 Activating a license 481 Adding a licensed feature 481 Removing a licensed feature 482 18 Fabric OS Administrator...
... and LSAN zones 459 Configuration upload and download in an AD context . . . . . .460 Licensed Features Administering Licensing Licensing overview 463 Brocade 7800 Upgrade license 470 ICL licensing 471 ICL 1st POD license 471 ICL 2nd POD license 471 ICL 8-link license 472 ICL 16-link license... 479 Expired licenses 480 Universal temporary licenses 480 Extending a universal temporary license 480 Universal temporary license shelf life 480 Viewing installed licenses 481 Activating a license 481 Adding a licensed feature 481 Removing a licensed feature 482 18 Fabric OS Administrator...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 19
... family 493 ICL trunking on the Brocade DCX and DCX-4S 494 Virtual Fabrics considerations for ICLs 494 Supported topologies for ICL connections 495 Mesh topology 495 Core-edge topology 496 Monitoring Fabric Performance Advanced Performance Monitoring overview 499 Types of monitors 499 Restrictions for installing monitors 500 Virtual Fabrics considerations for... a port 508 Removing frame monitors from a port 508 Saving a frame monitor configuration 508 Displaying frame monitors 508 Clearing frame monitor counters 509 Fabric OS Administrator's Guide 19 53-1002745-02
... family 493 ICL trunking on the Brocade DCX and DCX-4S 494 Virtual Fabrics considerations for ICLs 494 Supported topologies for ICL connections 495 Mesh topology 495 Core-edge topology 496 Monitoring Fabric Performance Advanced Performance Monitoring overview 499 Types of monitors 499 Restrictions for installing monitors 500 Virtual Fabrics considerations for... a port 508 Removing frame monitors from a port 508 Saving a frame monitor configuration 508 Displaying frame monitors 508 Clearing frame monitor counters 509 Fabric OS Administrator's Guide 19 53-1002745-02
Administrator's Guide Supporting Fabric OS 7.1.0
Page 20
... traffic prioritization 519 License requirements for SID/DID prioritization 520 CS_CTL-based frame prioritization 521 QoS zone-based traffic prioritization 523 Trunking considerations before you install the Adaptive Networking license 523 Manually disabling QoS on trunked ports 524 QoS zones 525 QoS on E_Ports 526 QoS over FC routers 527 Virtual...-based traffic prioritization 530 Setting QoS zone-based traffic prioritization over FC routers . . . .532 Disabling QoS zone-based traffic prioritization 532 20 Fabric OS Administrator's Guide 53-1002745-02
... traffic prioritization 519 License requirements for SID/DID prioritization 520 CS_CTL-based frame prioritization 521 QoS zone-based traffic prioritization 523 Trunking considerations before you install the Adaptive Networking license 523 Manually disabling QoS on trunked ports 524 QoS zones 525 QoS on E_Ports 526 QoS over FC routers 527 Virtual...-based traffic prioritization 530 Setting QoS zone-based traffic prioritization over FC routers . . . .532 Disabling QoS zone-based traffic prioritization 532 20 Fabric OS Administrator's Guide 53-1002745-02
Administrator's Guide Supporting Fabric OS 7.1.0
Page 33
Fabric OS Administrator's Guide 33 53-1002745-02 About ... following topics: • Chapter 1, "Understanding Fibre Channel Services," provides information on the Fibre Channel services on Brocade switches. • Chapter 2, "Performing Basic Configuration Tasks," gives a brief overview of Fabric OS, explains the...the Switch Configuration File," provides procedures for maintaining and backing up your switch configurations. • Chapter 9, "Installing and Maintaining Firmware," provides preparations and procedures for performing firmware downloads. • Chapter 10, "Managing Virtual ...
Fabric OS Administrator's Guide 33 53-1002745-02 About ... following topics: • Chapter 1, "Understanding Fibre Channel Services," provides information on the Fibre Channel services on Brocade switches. • Chapter 2, "Performing Basic Configuration Tasks," gives a brief overview of Fabric OS, explains the...the Switch Configuration File," provides procedures for maintaining and backing up your switch configurations. • Chapter 9, "Installing and Maintaining Firmware," provides preparations and procedures for performing firmware downloads. • Chapter 10, "Managing Virtual ...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 35
Brocade 5300 switch - Brocade 5410 embedded switch - Brocade 5470 embedded switch - Brocade 6510 switch - Brocade 6520 switch - Brocade VA-40FC - Brocade DCX-4S • Brocade DCX 8510 Backbone family: - Brocade 5430 embedded switch - Brocade 7800 extension switch - Brocade Encryption Switch • Brocade DCX Backbone family: - Fabric OS Administrator's Guide... 155, added ChassisRole to the list of accepted keys. • In "Installing a switch certificate" on page 185, added an example of installing a certificate in this release of Contents. • In "Switch and Backbone...
Brocade 5300 switch - Brocade 5410 embedded switch - Brocade 5470 embedded switch - Brocade 6510 switch - Brocade 6520 switch - Brocade VA-40FC - Brocade DCX-4S • Brocade DCX 8510 Backbone family: - Brocade 5430 embedded switch - Brocade 7800 extension switch - Brocade Encryption Switch • Brocade DCX Backbone family: - Fabric OS Administrator's Guide... 155, added ChassisRole to the list of accepted keys. • In "Installing a switch certificate" on page 185, added an example of installing a certificate in this release of Contents. • In "Switch and Backbone...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 41
... 5, "Managing User Accounts" •Chapter 6, "Configuring Protocols" •Chapter 7, "Configuring Security Policies" •Chapter 8, "Maintaining the Switch Configuration File" •Chapter 9, "Installing and Maintaining Firmware" •Chapter 10, "Managing Virtual Fabrics" •Chapter 11, "Administering Advanced Zoning" •Chapter 12, "Traffic Isolation Zoning" •Chapter 13, "Bottleneck...15, "NPIV" •Chapter 16, "Dynamic Fabric Provisioning: Fabric-Assigned PWWN" •Chapter 17, "Managing Administrative Domains" Fabric OS Administrator's Guide 41 53-1002745-02
... 5, "Managing User Accounts" •Chapter 6, "Configuring Protocols" •Chapter 7, "Configuring Security Policies" •Chapter 8, "Maintaining the Switch Configuration File" •Chapter 9, "Installing and Maintaining Firmware" •Chapter 10, "Managing Virtual Fabrics" •Chapter 11, "Administering Advanced Zoning" •Chapter 12, "Traffic Isolation Zoning" •Chapter 13, "Bottleneck...15, "NPIV" •Chapter 16, "Dynamic Fabric Provisioning: Fabric-Assigned PWWN" •Chapter 17, "Managing Administrative Domains" Fabric OS Administrator's Guide 41 53-1002745-02
Administrator's Guide Supporting Fabric OS 7.1.0
Page 86
...is available on eth0, these Ethernet ports should always match with admin permissions. 2. If errors are encountered on a CP8 blade when it is installed. 1. Unplug the network cable, wait 5 seconds, and then plug it back up the second Ethernet port on page 92 for any other port...where the blade is installed on the front of naming port 0 ecp:admin> portname 1/0 trunk1 86 Fabric OS Administrator's Guide 53-1002745-02 On a downgrade, the first physical port named eth0 has to the two Ethernet ports on a Brocade DCX, Brocade DCX-4S, Brocade DCX 8510-8 or Brocade DCX 8510-4. Make ...
...is available on eth0, these Ethernet ports should always match with admin permissions. 2. If errors are encountered on a CP8 blade when it is installed. 1. Unplug the network cable, wait 5 seconds, and then plug it back up the second Ethernet port on page 92 for any other port...where the blade is installed on the front of naming port 0 ecp:admin> portname 1/0 trunk1 86 Fabric OS Administrator's Guide 53-1002745-02 On a downgrade, the first physical port named eth0 has to the two Ethernet ports on a Brocade DCX, Brocade DCX-4S, Brocade DCX 8510-8 or Brocade DCX 8510-4. Make ...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 95
...1-GbE ports numbered from ge4 through 23 from bottom to bridge 10-GbE a Fibre Channel and Ethernet SAN. Fabric OS Administrator's Guide 95 53-1002745-02 The core blades for any other platform. Core blades Core blades provide intra-chassis switching and ICL connectivity, ... blades. • Brocade DCX-4S supports two CR4S-8 core blades. • Brocade DCX 8510-8 supports two CR16-8 core blades. • Brocade DCX 8510-4 supports two CR16-4 core blades. The CP blades in a Virtual Fabrics-enabled environment. If you try to Chapter 9, "Installing and Maintaining Firmware"....
...1-GbE ports numbered from ge4 through 23 from bottom to bridge 10-GbE a Fibre Channel and Ethernet SAN. Fabric OS Administrator's Guide 95 53-1002745-02 The core blades for any other platform. Core blades Core blades provide intra-chassis switching and ICL connectivity, ... blades. • Brocade DCX-4S supports two CR4S-8 core blades. • Brocade DCX 8510-8 supports two CR16-8 core blades. • Brocade DCX 8510-4 supports two CR16-4 core blades. The CP blades in a Virtual Fabrics-enabled environment. If you try to Chapter 9, "Installing and Maintaining Firmware"....
Administrator's Guide Supporting Fabric OS 7.1.0
Page 125
...fabric must have either Fabric OS v6.3.0 or Fabric OS v6.4.0 or later installed to guarantee no frame loss during a rebalance and only takes effect if ...Brocade 300 • Brocade 5100 • Brocade 5300 • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade VA-40FC • Brocade FC8-16, FC8-32, FC8-48, and FC8-64 port blades • Brocade DCX 8510 Backbone family and supported blades • Brocade... being a back-end port can set IOD separately. Fabric OS Administrator's Guide 125 53-1002745-02 These stand for modular switches). However this notation you...
...fabric must have either Fabric OS v6.3.0 or Fabric OS v6.4.0 or later installed to guarantee no frame loss during a rebalance and only takes effect if ...Brocade 300 • Brocade 5100 • Brocade 5300 • Brocade 6505 • Brocade 6510 • Brocade 6520 • Brocade VA-40FC • Brocade FC8-16, FC8-32, FC8-48, and FC8-64 port blades • Brocade DCX 8510 Backbone family and supported blades • Brocade... being a back-end port can set IOD separately. Fabric OS Administrator's Guide 125 53-1002745-02 These stand for modular switches). However this notation you...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 138
...show all account information for a switch • userConfig --show username to show all default accounts should be changed during the initial installation and configuration of each LF in an LF_ID_list, displays a list of users that include that LF in the local-switch user ... userConfig --showad -a adminDomain_ID to 128 • Admin role permissions • Admin chassis role permissions 138 Fabric OS Administrator's Guide 53-1002745-02 Reserved Reserved. Connect to select the specified adminDomain_ID • userConfig --showlf -l logicalFabric_ID for all accounts permitted to...
...show all account information for a switch • userConfig --show username to show all default accounts should be changed during the initial installation and configuration of each LF in an LF_ID_list, displays a list of users that include that LF in the local-switch user ... userConfig --showad -a adminDomain_ID to 128 • Admin role permissions • Admin chassis role permissions 138 Fabric OS Administrator's Guide 53-1002745-02 Reserved Reserved. Connect to select the specified adminDomain_ID • userConfig --showlf -l logicalFabric_ID for all accounts permitted to...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 150
... notifying users of these access channels require the switch IP address or name to install a certificate from the Microsoft Active Directory server or the OpenLDAP server. To enable...RADIUS, LDAP, and TACACS+ include serial port, Telnet, SSH, Web Tools, and API. Brocade recommends configuring at least two authentication servers, so that if the authentication servers do not respond ... authentication uses the switch's local account names and passwords. 150 Fabric OS Administrator's Guide 53-1002745-02 For accessing both IPv4 and IPv6 address formats. 5 Remote authentication ...
... notifying users of these access channels require the switch IP address or name to install a certificate from the Microsoft Active Directory server or the OpenLDAP server. To enable...RADIUS, LDAP, and TACACS+ include serial port, Telnet, SSH, Web Tools, and API. Brocade recommends configuring at least two authentication servers, so that if the authentication servers do not respond ... authentication uses the switch's local account names and passwords. 150 Fabric OS Administrator's Guide 53-1002745-02 For accessing both IPv4 and IPv6 address formats. 5 Remote authentication ...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 156
..., User-Password == "password" Brocade-Auth-Role = "ZoneAdmin", Brocade-AVPairs1 = "ADList=1,2,6," Brocade-AVPairs2 = "ADList=4-8;ADList=7,9,12" In the next example, on a Linux FreeRADIUS Server, the user (user-za) with the following settings takes the "zoneAdmin" permissions, with AD member list: 1, 2, 4, 5, 6, 7, 8, 9, 12; To manage a fabric, one can find at the website. FreeRADIUS installation places the configuration...
..., User-Password == "password" Brocade-Auth-Role = "ZoneAdmin", Brocade-AVPairs1 = "ADList=1,2,6," Brocade-AVPairs2 = "ADList=4-8;ADList=7,9,12" In the next example, on a Linux FreeRADIUS Server, the user (user-za) with the following settings takes the "zoneAdmin" permissions, with AD member list: 1, 2, 4, 5, 6, 7, 8, 9, 12; To manage a fabric, one can find at the website. FreeRADIUS installation places the configuration...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 158
... file in to configuration for authentication, the only way to enable authentication with the password file is to force the Brocade switch to be obtained from www.microsoft.com or your system or network administrator prior to the switch. 1. Make sure.../radiusd Configuring RADIUS server support with your Microsoft documentation. Installing Internet Authentication Service (IAS) For more information and instructions on page 175). 2. Enabling the Challenge Handshake Authentication Protocol (CHAP) 158 Fabric OS Administrator's Guide 53-1002745-02 this example, shortname is the shared...
... file in to configuration for authentication, the only way to enable authentication with the password file is to force the Brocade switch to be obtained from www.microsoft.com or your system or network administrator prior to the switch. 1. Make sure.../radiusd Configuring RADIUS server support with your Microsoft documentation. Installing Internet Authentication Service (IAS) For more information and instructions on page 175). 2. Enabling the Challenge Handshake Authentication Protocol (CHAP) 158 Fabric OS Administrator's Guide 53-1002745-02 this example, shortname is the shared...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 160
...Brocade... what the brocade.dct file should look like and Figure ...the RADIUS server. Create a brocade.dct file that needs to ...this is used in the installation directory. Create user records in the brocade.dcm file. Add the ...needs to the vendor.ini file: vendor-product = Brocade dictionary = brocade ignore-ports = no port-number-usage = per...-port-type help-id = 2000 b. RSA RADIUS server Traditional password-based authentication methods are based on how to install...Brocade login types for more information on one-factor authentication...
...Brocade... what the brocade.dct file should look like and Figure ...the RADIUS server. Create a brocade.dct file that needs to ...this is used in the installation directory. Create user records in the brocade.dcm file. Add the ...needs to the vendor.ini file: vendor-product = Brocade dictionary = brocade ignore-ports = no port-number-usage = per...-port-type help-id = 2000 b. RSA RADIUS server Traditional password-based authentication methods are based on how to install...Brocade login types for more information on one-factor authentication...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 163
...network administrator prior to configuration for AD LDAP authentication. Roles for generating and installing CA certificates on a Windows server. 2. Follow Microsoft instructions for Brocade-specific users can be verified by the LDAP client (that the Active ...Admin and Security Admin. To provide backward compatibility, authentication based on the Common Name is still supported for new installations. • A user can belong to multiple groups as long as the switch's role name. A user... in Microsoft Active Directory server. Fabric OS Administrator's Guide 163 53-1002745-02
...network administrator prior to configuration for AD LDAP authentication. Roles for generating and installing CA certificates on a Windows server. 2. Follow Microsoft instructions for Brocade-specific users can be verified by the LDAP client (that the Active ...Admin and Security Admin. To provide backward compatibility, authentication based on the Common Name is still supported for new installations. • A user can belong to multiple groups as long as the switch's role name. A user... in Microsoft Active Directory server. Fabric OS Administrator's Guide 163 53-1002745-02
Administrator's Guide Supporting Fabric OS 7.1.0
Page 164
...the default roles available on how to create a user refer to www.microsoft.com or Microsoft documentation to CN=Users. 164 Fabric OS Administrator's Guide 53-1002745-02 From the Windows Start menu, select Programs> Administrative Tools> ADSI.msc ADSI is required to login. Associate the user to the....com or Microsoft documentation. You will need to the switch. For Windows 2003, this utility from the Microsoft website. 2. This utility must be installed to proceed with Service Pack 1 or you can download this utility comes with the rest of the group has to match the RBAC role. ...
...the default roles available on how to create a user refer to www.microsoft.com or Microsoft documentation to CN=Users. 164 Fabric OS Administrator's Guide 53-1002745-02 From the Windows Start menu, select Programs> Administrative Tools> ADSI.msc ADSI is required to login. Associate the user to the....com or Microsoft documentation. You will need to the switch. For Windows 2003, this utility from the Microsoft website. 2. This utility must be installed to proceed with Service Pack 1 or you can download this utility comes with the rest of the group has to match the RBAC role. ...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 166
... include /usr/local/etc/openldap/schema/core.schema 166 Fabric OS Administrator's Guide 53-1002745-02 When a user is authenticated, the role of the groupOfNames objectClass. ...to the OpenLDAP user documentation at http://www.openldap.org/doc/. Follow OpenLDAP instructions for the Brocade environment are helpful in the OpenLDAP Directory. 4. a. Overlays are outlined here. 1. User-... on the switch. 6. For information on a switch. A few key steps for generating and installing CA certificates on page 134. For more information on RBAC roles, see "Role-Based Access Control...
... include /usr/local/etc/openldap/schema/core.schema 166 Fabric OS Administrator's Guide 53-1002745-02 When a user is authenticated, the role of the groupOfNames objectClass. ...to the OpenLDAP user documentation at http://www.openldap.org/doc/. Follow OpenLDAP instructions for the Brocade environment are helpful in the OpenLDAP Directory. 4. a. Overlays are outlined here. 1. User-... on the switch. 6. For information on a switch. A few key steps for generating and installing CA certificates on page 134. For more information on RBAC roles, see "Role-Based Access Control...
Administrator's Guide Supporting Fabric OS 7.1.0
Page 172
...cleartext "my$chap$pswrd" pap = cleartext "pap-password" service = exec { brcd-role = securityAdmin; } } 172 Fabric OS Administrator's Guide 53-1002745-02 5 Remote authentication Configuring the TACACS+ server on LINUX FabricOS software supports TACACS+ authentication on which the password expires brcd-passwd-...switch. Refer to the Cisco documentation for details. 3. Refer to "The tac_plus.cfg file" (below) for installation instructions. 2. TABLE 20 Attribute Brocade custom TACACS+ attributes Purpose brcd-role Role assigned to the account. If no role is specified, or if ...
...cleartext "my$chap$pswrd" pap = cleartext "pap-password" service = exec { brcd-role = securityAdmin; } } 172 Fabric OS Administrator's Guide 53-1002745-02 5 Remote authentication Configuring the TACACS+ server on LINUX FabricOS software supports TACACS+ authentication on which the password expires brcd-passwd-...switch. Refer to the Cisco documentation for details. 3. Refer to "The tac_plus.cfg file" (below) for installation instructions. 2. TABLE 20 Attribute Brocade custom TACACS+ attributes Purpose brcd-role Role assigned to the account. If no role is specified, or if ...