Brocade 7.1.0 Fabric OS Administrator's Guide
Page 6
...port 56 Telnet or SSH sessions 57 Getting help on a command 58 Viewing a history of command line entries 59 Password modification 61 Default account passwords 61 The switch Ethernet interface 62 Virtual Fabrics and the Ethernet interface 63 Displaying the network interface settings 63 Static ... activation and deactivation 76 Disabling a switch 76 Enabling a switch 76 Switch and Backbone shutdown 76 Powering off a Brocade switch 77 Powering off a Brocade Backbone 77 Basic connections 78 Device connection 78 Switch connection 78 6 Fabric OS Administrator's Guide 53-1002745-02
...port 56 Telnet or SSH sessions 57 Getting help on a command 58 Viewing a history of command line entries 59 Password modification 61 Default account passwords 61 The switch Ethernet interface 62 Virtual Fabrics and the Ethernet interface 63 Displaying the network interface settings 63 Static ... activation and deactivation 76 Disabling a switch 76 Enabling a switch 76 Switch and Backbone shutdown 76 Powering off a Brocade switch 77 Powering off a Brocade Backbone 77 Basic connections 78 Device connection 78 Switch connection 78 6 Fabric OS Administrator's Guide 53-1002745-02
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 62
... Control-C to exit or press 'Enter' key to the currently active CP. Brocade Backbones On Brocade Backbones, you must set IP addresses for user - Configure the Ethernet interface IP address, subnet mask, and gateway addresses in using the default administrative account. 2. Password saved to stable storage successfully. (output truncated) The switch Ethernet interface The...
... Control-C to exit or press 'Enter' key to the currently active CP. Brocade Backbones On Brocade Backbones, you must set IP addresses for user - Configure the Ethernet interface IP address, subnet mask, and gateway addresses in using the default administrative account. 2. Password saved to stable storage successfully. (output truncated) The switch Ethernet interface The...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 150
... IPv4 and IPv6 address formats. Authentication server data When configured for changing switch passwords remain functional; Switch configuration By default, the remote authentication services are disabled, so AAA services default to apply a change leaves its configuration in effect. The configuration applies to... IP addresses for that contains a mix of a remote authentication service on the authentication server for a fabric that switch. Brocade recommends configuring at least two authentication servers, so that the shared secret is set up for the logical switches in a ...
... IPv4 and IPv6 address formats. Authentication server data When configured for changing switch passwords remain functional; Switch configuration By default, the remote authentication services are disabled, so AAA services default to apply a change leaves its configuration in effect. The configuration applies to... IP addresses for that contains a mix of a remote authentication service on the authentication server for a fabric that switch. Brocade recommends configuring at least two authentication servers, so that the shared secret is set up for the logical switches in a ...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 151
..." --authspec "radius;local" --authspec "radius;local" --backup --authspec "ldap" Default setting. The --backup option directs the service to LDAP. TABLE 16 Protocol LDAP options Description Channel type Default port URL Brocade supported? Authenticates management Off On connections against the local user database. If RADIUS fails...only. Fabric OS Administrator's Guide 151 53-1002745-02 Port 636 is not defined, the login fails. If the password does not match or the user is used to set the authentication mode. Authenticates management connections On Off against any ...
..." --authspec "radius;local" --authspec "radius;local" --backup --authspec "ldap" Default setting. The --backup option directs the service to LDAP. TABLE 16 Protocol LDAP options Description Channel type Default port URL Brocade supported? Authenticates management Off On connections against the local user database. If RADIUS fails...only. Fabric OS Administrator's Guide 151 53-1002745-02 Port 636 is not defined, the login fails. If the password does not match or the user is used to set the authentication mode. Authenticates management connections On Off against any ...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 153
... fails. The password expiry date must enter their assigned RADIUS, LDAP, or TACACS+ account name and password when logging in to the default Admin Domain AD0. If your RADIUS server maintains its own password expiration attributes, ...name of password expiration notifies the user. Brocade-AVPairs1 3 Brocade-AVPairs2 4 Brocade-AVPairs3 5 Brocade-AVPairs4 6 Brocade Password ExpiryDate 7 Brocade Password ExpiryWarning Vendor length 2 or higher 1 octet, calculated by the server Vendor ID 1588 4 octet, Brocade SMI Private Enterprise Code Vendor type 1 1 octet, Brocade-Auth-...
... fails. The password expiry date must enter their assigned RADIUS, LDAP, or TACACS+ account name and password when logging in to the default Admin Domain AD0. If your RADIUS server maintains its own password expiration attributes, ...name of password expiration notifies the user. Brocade-AVPairs1 3 Brocade-AVPairs2 4 Brocade-AVPairs3 5 Brocade-AVPairs4 6 Brocade Password ExpiryDate 7 Brocade Password ExpiryWarning Vendor length 2 or higher 1 octet, calculated by the server Vendor ID 1588 4 octet, Brocade SMI Private Enterprise Code Vendor type 1 1 octet, Brocade-Auth-...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 156
...and standby CP blade, and for FreeRADIUS on Solaris and Red Hat Linux. user-opr Auth-Type := Local, User-Password == "password" Brocade-Auth-Role = "operator", Brocade-AVPairs1 = "ADList=1,2;HomeAD=2", Brocade-AVPairs2 = "ADList=-4-8,20;ADList=7,9,12" In the next example, on a Linux FreeRADIUS Server, the user has the ... = "ZoneAdmin", Brocade-AVPairs1 = "ADList=1,2,6," Brocade-AVPairs2 = "ADList=4-8;ADList=7,9,12" In the next example, on a Linux FreeRADIUS Server, the user has the "zoneAdmin" permissions, with each account name, the administrator must be 1. By default, the PREFIX is...
...and standby CP blade, and for FreeRADIUS on Solaris and Red Hat Linux. user-opr Auth-Type := Local, User-Password == "password" Brocade-Auth-Role = "operator", Brocade-AVPairs1 = "ADList=1,2;HomeAD=2", Brocade-AVPairs2 = "ADList=-4-8,20;ADList=7,9,12" In the next example, on a Linux FreeRADIUS Server, the user has the ... = "ZoneAdmin", Brocade-AVPairs1 = "ADList=1,2,6," Brocade-AVPairs2 = "ADList=4-8;ADList=7,9,12" In the next example, on a Linux FreeRADIUS Server, the user has the "zoneAdmin" permissions, with each account name, the administrator must be 1. By default, the PREFIX is...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 158
this example, shortname is an alias used to easily identify the client. The Brocade Backbones send their RADIUS requests using password authentication protocol (PAP); For example, to be configured as RADIUS clients. Make sure the shared secret matches that will...server to the Microsoft website. 2. Enabling the Challenge Handshake Authentication Protocol (CHAP) 158 Fabric OS Administrator's Guide 53-1002745-02 By default, all IP addresses are to be accurate for any special needs your system administrator before proceeding with Windows 2000 The instructions for setting...
this example, shortname is an alias used to easily identify the client. The Brocade Backbones send their RADIUS requests using password authentication protocol (PAP); For example, to be configured as RADIUS clients. Make sure the shared secret matches that will...server to the Microsoft website. 2. Enabling the Challenge Handshake Authentication Protocol (CHAP) 158 Fabric OS Administrator's Guide 53-1002745-02 By default, all IP addresses are to be accurate for any special needs your system administrator before proceeding with Windows 2000 The instructions for setting...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 159
... RADIUS server and proxy. Configuring a user IAS is not the default behavior; For the Add RADIUS Client window, provide the following values, and then click OK. Select RADIUS Standard. Keep your shared secret password in this case, it is the switch. In the Internet Authentication...must be used between the client device and server to log in the switch configuration. After clicking Finish, add a new client for a Brocade switch. Apply this password in to the switch. c. d. In the Configure VSA (RFC compliant) window, enter the following : Client address (IP or DNS)...
... RADIUS server and proxy. Configuring a user IAS is not the default behavior; For the Add RADIUS Client window, provide the following values, and then click OK. Select RADIUS Standard. Keep your shared secret password in this case, it is the switch. In the Internet Authentication...must be used between the client device and server to log in the switch configuration. After clicking Finish, add a new client for a Brocade switch. Apply this password in to the switch. c. d. In the Configure VSA (RFC compliant) window, enter the following : Client address (IP or DNS)...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 171
...Sachin,dc=mybrocade,dc=com -x -w secret -f test4.ldif TACACS+ service FabricOS can configure a timeout value for user authentication: • Password Authentication Protocol (PAP) • Challenge Handshake Authentication Protocol (CHAP) TACACS+ is unreachable. Fabric OS Administrator's Guide 171 53-1002745-02 The...If authentication is required on page 174 for details about configuring the Brocade switch for each user. On the TACACS+ server, you should have access. The default timeout value is 5. The default value is 5 seconds. To enable FIPS, any TACACS+ freeware that...
...Sachin,dc=mybrocade,dc=com -x -w secret -f test4.ldif TACACS+ service FabricOS can configure a timeout value for user authentication: • Password Authentication Protocol (PAP) • Challenge Handshake Authentication Protocol (CHAP) TACACS+ is unreachable. Fabric OS Administrator's Guide 171 53-1002745-02 The...If authentication is required on page 174 for details about configuring the Brocade switch for each user. On the TACACS+ server, you should have access. The default timeout value is 5. The default value is 5 seconds. To enable FIPS, any TACACS+ freeware that...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 188
... security in the storage area network. For details on Brocade MIB files, naming conventions, loading instructions, and information about a device and makes it available to keystore In the example, changeit is the default password and RootCert is an example root certificate name. There are... two main MIB trap choices: • Brocade-specific MIB trap Associated with the Brocade-specific MIB (SW-MIB), this MIB monitors Brocade switches specifically. • FibreAlliance MIB...
... security in the storage area network. For details on Brocade MIB files, naming conventions, loading instructions, and information about a device and makes it available to keystore In the example, changeit is the default password and RootCert is an example root certificate name. There are... two main MIB trap choices: • Brocade-specific MIB trap Associated with the Brocade-specific MIB (SW-MIB), this MIB monitors Brocade switches specifically. • FibreAlliance MIB...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 190
To prevent passing clear text passwords over the network when connecting to set the security level. switch:admin> ipfilter --show command. 6 Telnet protocol SNMP security levels Use the snmpConfig --set seclevel ...:admin> ipfilter --clone BlockTelnet -from default_ipv4 3. You can block the Telnet protocol using the Brocade SNMP agent, refer to the switch, including Telnet, SSH, and management ports. Connect to the Fabric OS MIB Reference. Clone the default policy by default. Save the new policy by typing the ipFilter --show 5. switch:admin> ipfilter --addrule...
To prevent passing clear text passwords over the network when connecting to set the security level. switch:admin> ipfilter --show command. 6 Telnet protocol SNMP security levels Use the snmpConfig --set seclevel ...:admin> ipfilter --clone BlockTelnet -from default_ipv4 3. You can block the Telnet protocol using the Brocade SNMP agent, refer to the switch, including Telnet, SSH, and management ports. Connect to the Fabric OS MIB Reference. Clone the default policy by default. Save the new policy by typing the ipFilter --show 5. switch:admin> ipfilter --addrule...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 244
...in a backup: • dnsConfig command information • Passwords 244 Fabric OS Administrator's Guide 53-1002745-02 Data migration... configuration • FRAME LOG - Message of the configuration file contains information for the default switch or a switch that logical switch behavior. The switch section of the day Switch...; iSCSI • CryptoDev • FICU saved files • VS_SW_CONF • Banner Configuration file backup Brocade recommends keeping a backup configuration file. 8 Configuration file backup • LicensesLservc - Frame log configuration (enable...
...in a backup: • dnsConfig command information • Passwords 244 Fabric OS Administrator's Guide 53-1002745-02 Data migration... configuration • FRAME LOG - Message of the configuration file contains information for the default switch or a switch that logical switch behavior. The switch section of the day Switch...; iSCSI • CryptoDev • FICU saved files • VS_SW_CONF • Banner Configuration file backup Brocade recommends keeping a backup configuration file. 8 Configuration file backup • LicensesLservc - Frame log configuration (enable...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 640
... fabric-assigned PWWNs, 205 Virtual Fabric considerations, 203 deactivating Admin Domains, 447 TI zones, 368 decimal to hexadecimal conversion table, 628 decommissioning ports, 90 default account passwords, 61 accounts, listed, 61 Fabric OS roles, 134 IP Filter policy names, 218 IP Policy Rules, 222 logical switch, 276 zone access mode, ... login, 51-53 proxy devices, 575 recovery, 53 verifying connectivity, 104 device authentication policy, 210 and Virtual Fabrics considerations, 211 Device Connection Control. dictionary.brocade, 154 Diffie Hellman-Challenge Handshake Authentication Protocol.
... fabric-assigned PWWNs, 205 Virtual Fabric considerations, 203 deactivating Admin Domains, 447 TI zones, 368 decimal to hexadecimal conversion table, 628 decommissioning ports, 90 default account passwords, 61 accounts, listed, 61 Fabric OS roles, 134 IP Filter policy names, 218 IP Policy Rules, 222 logical switch, 276 zone access mode, ... login, 51-53 proxy devices, 575 recovery, 53 verifying connectivity, 104 device authentication policy, 210 and Virtual Fabrics considerations, 211 Device Connection Control. dictionary.brocade, 154 Diffie Hellman-Challenge Handshake Authentication Protocol.
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 658
... 53-1002745-02 sessions, maximum allowed, 136 setContext command, 121, 299 setting changing passwords, 62 chassis configurations, 93 chassis management IP interface, 65 date, 69 default zone mode, 443 fabric-wide consistency policy, 228 mask for end-to deploy, 178... SCP, 178 SNMPv1, 178 SNMPv2, 178 SNMPv3, 178 SSHv2, 178 Secure Shell protocol. shared secrets on switch, 39 serial port connection, 56 serial port, console session, 56 Server Application Optimization. security AUTH policy, 207 Brocade...
... 53-1002745-02 sessions, maximum allowed, 136 setContext command, 121, 299 setting changing passwords, 62 chassis configurations, 93 chassis management IP interface, 65 date, 69 default zone mode, 443 fabric-wide consistency policy, 228 mask for end-to deploy, 178... SCP, 178 SNMPv1, 178 SNMPv2, 178 SNMPv3, 178 SSHv2, 178 Secure Shell protocol. shared secrets on switch, 39 serial port connection, 56 serial port, console session, 56 Server Application Optimization. security AUTH policy, 207 Brocade...
Brocade 7.1.0 Fabric OS Administrator's Guide
Page 663
...Domains, 440 wwn command, 39 wwnAddress command, 83 WWN-based PID assignment, 82 considerations for Virtual Fabrics, 82 X XISL Brocade 7800 restriction, 286 default logical switch restriction, 287 ICL port restriction, 287 on , 174 World Wide Name command. Perf. xlate domain ID, ... logical ISL (LISL), 284 logical switch creating, 292 default, 276 deleting, 294 displaying configuration, 296 overview, 276 lossless dynamic load sharing, 127 Microsoft Active Directory service, 164 OpenLDAP server, 169 overview, 275 password database distribution restrictions, 140 permissions and Admin Domains, 133...
...Domains, 440 wwn command, 39 wwnAddress command, 83 WWN-based PID assignment, 82 considerations for Virtual Fabrics, 82 X XISL Brocade 7800 restriction, 286 default logical switch restriction, 287 ICL port restriction, 287 on , 174 World Wide Name command. Perf. xlate domain ID, ... logical ISL (LISL), 284 logical switch creating, 292 default, 276 deleting, 294 displaying configuration, 296 overview, 276 lossless dynamic load sharing, 127 Microsoft Active Directory service, 164 OpenLDAP server, 169 overview, 275 password database distribution restrictions, 140 permissions and Admin Domains, 133...
Brocade 7.1.0 Fabric OS MIB Reference Guide
Page 31
switch:admin> Create a user on the switch in FOS user database will have physical AD and admin role as the default): User (rw): [snmpadmin1] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] Priv Protocol [DES(1)/noPriv(2)/3DES(3)/AES128(4)/AES192(5)/AES256(6)]): (2..2) ..., with the required role. Loading Brocade MIBs 1 NOTE FA.mib obsoletes the use of Fabric OS support SNMPv1. switch:admin> userconfig --add fa_adm -r fabricadmin -h0 -a 0-255 Setting initial password for sa_user Enter new password:******** Re-type new password:******** Account sa_user has been successfully added...
switch:admin> Create a user on the switch in FOS user database will have physical AD and admin role as the default): User (rw): [snmpadmin1] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] Priv Protocol [DES(1)/noPriv(2)/3DES(3)/AES128(4)/AES192(5)/AES256(6)]): (2..2) ..., with the required role. Loading Brocade MIBs 1 NOTE FA.mib obsoletes the use of Fabric OS support SNMPv1. switch:admin> userconfig --add fa_adm -r fabricadmin -h0 -a 0-255 Setting initial password for sa_user Enter new password:******** Re-type new password:******** Account sa_user has been successfully added...
Brocade 7.1.0 Fabric OS MIB Reference Guide
Page 39
... in Access Gateway does support name server services. Fabric OS MIB Reference 19 53-1002750-01 Access Gateway and Brocade MIBs 1 (0 = No security, 1 = Authentication only, 2 = Authentication and Privacy, 3 = No Access... user snmpadmin1 with Authentication protocol as noAuth, Privacy protocol as noPriv, set the password and set as in Access Gateway because the conventions are set the trap port as...SET Security Level: Authentication and Privacy To set the security level to default: DCX_128:FID128:admin> snmpconfig --default seclevel GET security level = 0, SET level = 0 SNMP GET ...
... in Access Gateway does support name server services. Fabric OS MIB Reference 19 53-1002750-01 Access Gateway and Brocade MIBs 1 (0 = No security, 1 = Authentication only, 2 = Authentication and Privacy, 3 = No Access... user snmpadmin1 with Authentication protocol as noAuth, Privacy protocol as noPriv, set the password and set as in Access Gateway because the conventions are set the trap port as...SET Security Level: Authentication and Privacy To set the security level to default: DCX_128:FID128:admin> snmpconfig --default seclevel GET security level = 0, SET level = 0 SNMP GET ...
Brocade 7.1.0 Fabric OS Troubleshooting and Diagnostics Guide
Page 63
...The FTP or SCP server's IP address cannot be the relative path from /usb/usbstorage/brocade/configdownload or use absolute path. Verify that it is correct. Use your local PC to ... download without the -vf operand, to download uses incorrect syntax. • The username and password are trying to download the regular configuration data. By implementing one change corrected the problems help you... to download is not a switch configuration file. • If you selected the (default) FTP protocol, the FTP server is incorrect. Otherwise issue the command again as follows: 1. This ...
...The FTP or SCP server's IP address cannot be the relative path from /usb/usbstorage/brocade/configdownload or use absolute path. Verify that it is correct. Use your local PC to ... download without the -vf operand, to download uses incorrect syntax. • The username and password are trying to download the regular configuration data. By implementing one change corrected the problems help you... to download is not a switch configuration file. • If you selected the (default) FTP protocol, the FTP server is incorrect. Otherwise issue the command again as follows: 1. This ...
Brocade 7.1.0 Web Tools Administrator's Guide
Page 40
... confirm the new password. Home Logical Fabric is capable of supporting Virtual Fabrics, the login dialog box provides the option of logging in the security banner window, if one displays. 3. The following platforms support virtual fabrics: • Brocade DCX and DCX-4S • Brocade VA-40FC • Brocade 6510 • Brocade 6520 • Brocade DCX 8510... steps. 1. 1 Opening Web Tools 1. A warning dialog box may display. Click Run on the signed certificate applet. You are logging in to a platform that is the default.
... confirm the new password. Home Logical Fabric is capable of supporting Virtual Fabrics, the login dialog box provides the option of logging in the security banner window, if one displays. 3. The following platforms support virtual fabrics: • Brocade DCX and DCX-4S • Brocade VA-40FC • Brocade 6510 • Brocade 6520 • Brocade DCX 8510... steps. 1. 1 Opening Web Tools 1. A warning dialog box may display. Click Run on the signed certificate applet. You are logging in to a platform that is the default.
Brocade 7.1.0 Web Tools Administrator's Guide
Page 152
...the automatic transfer of the trace dump to the server. (Trace dumps overwrite each other by default; Setting up automatic trace dump transfers You can provide your FTP server. Setting up automatic ...as part of the remote directory for automatic transfer as an anonymous user. 5. The password is normally done with the most detailed information possible. Click Show Advanced Mode, if...of trace dumps on the commands, refer to your customer support representative with assistance from Brocade customer support when diagnosing switch behavior. In addition to be IPv4 or IPv6 format, ...
...the automatic transfer of the trace dump to the server. (Trace dumps overwrite each other by default; Setting up automatic trace dump transfers You can provide your FTP server. Setting up automatic ...as part of the remote directory for automatic transfer as an anonymous user. 5. The password is normally done with the most detailed information possible. Click Show Advanced Mode, if...of trace dumps on the commands, refer to your customer support representative with assistance from Brocade customer support when diagnosing switch behavior. In addition to be IPv4 or IPv6 format, ...