Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
53-1002920-029 September 2013
®
Fabric OSAdministrator’s Guide
Supporting Fabric OS 7.2.0
Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved.ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Document History
Corporate and Latin American HeadquartersBrocade Communications Systems, Inc.130 Holger WaySan Jose, CA 95134 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: [email protected]
Asia-Pacific HeadquartersBrocade Communications Systems China HK, Ltd.No. 1 Guanghua RoadChao Yang DistrictUnits 2718 and 2818Beijing 100020, ChinaTel: +8610 6588 8888Fax: +8610 6588 9999E-mail: [email protected]
European HeadquartersBrocade Communications Switzerland SàrlCentre SwissairTour B - 4ème étage29, Route de l'AéroportCase Postale 105CH-1215 Genève 15Switzerland Tel: +41 22 799 5640Fax: +41 22 799 5641E-mail: [email protected]
Asia-Pacific HeadquartersBrocade Communications Systems Co., Ltd. (Shenzhen WFOE)Citic PlazaNo. 233 Tian He Road NorthUnit 1308 – 13th FloorGuangzhou, ChinaTel: +8620 3891 2000Fax: +8620 3891 2111E-mail: [email protected]
Title Publication number Summary of changes Date
Fabric OS Administrator’s Guide 53-1002920-01 Added Fabric OS v7.2.0 software features and support for embedded switches: Brocade 5431, M6505, and 6547.
July 2013
Fabric OS Administrator’s Guide 53-1002920-02 Corrections and additions for the Fabric OS 7.2.0a release.
September 2013
mailto:[email protected]:[email protected]:[email protected]:[email protected]://www.brocade.com/support/oscd
Contents (High Level)
Section I Standard FeaturesChapter 1 Understanding Fibre Channel Services . . . . . . . . . . . . . . . . . . . . . . . . .45
Chapter 2 Performing Basic Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Chapter 3 Performing Advanced Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .83
Chapter 4 Routing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Chapter 5 Buffer-to-Buffer Credits and Credit Recovery. . . . . . . . . . . . . . . . . . . .135
Chapter 6 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Chapter 7 Configuring Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Chapter 8 Configuring Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Chapter 9 Maintaining the Switch Configuration File . . . . . . . . . . . . . . . . . . . . . .277
Chapter 10 Installing and Maintaining Firmware . . . . . . . . . . . . . . . . . . . . . . . . . .289
Chapter 11 Managing Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Chapter 12 Administering Advanced Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Chapter 13 Traffic Isolation Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Chapter 14 Optimizing Fabric Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413
Chapter 15 Bottleneck Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
Chapter 16 In-flight Encryption and Compression . . . . . . . . . . . . . . . . . . . . . . . . .445
Chapter 17 Diagnostic Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459
Chapter 18 NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473
Chapter 19 Fabric-Assigned PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479
Chapter 20 Managing Administrative Domains . . . . . . . . . . . . . . . . . . . . . . . . . . .485
Section II Licensed FeaturesChapter 21 Administering Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515
Chapter 22 Inter-chassis Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543
Chapter 23 Monitoring Fabric Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551
Chapter 24 Managing Trunking Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569
Fabric OS Administrator’s Guide 353-1002920-02
Chapter 25 Managing Long-Distance Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . .587
Chapter 26 Using FC-FC Routing to Connect Fabrics . . . . . . . . . . . . . . . . . . . . . . .593
Appendix A Port Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641
Appendix B FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645
Appendix C Hexadecimal Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657
4 Fabric OS Administrator’s Guide53-1002920-02
Contents
About This Document
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . 35
What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Section I Standard Features
Chapter 1 Understanding Fibre Channel Services
Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46Platform services and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . 47Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Displaying the management server ACL. . . . . . . . . . . . . . . . . . .48Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . .48Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . .49Viewing the contents of the management server database . . .50Clearing the management server database . . . . . . . . . . . . . . . 51
Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . 51Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Disabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53E_Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Fabric login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54RSCNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Duplicate Port World Wide Name . . . . . . . . . . . . . . . . . . . . . . . .55
High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . .55
Fabric OS Administrator’s Guide 553-1002920-02
Chapter 2 Performing Basic Configuration Tasks
Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . .58Console sessions using the serial port. . . . . . . . . . . . . . . . . . . .58Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Viewing a history of command line entries . . . . . . . . . . . . . . . . 61
Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
The switch Ethernet interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Virtual Fabrics and the Ethernet interface . . . . . . . . . . . . . . . . .65Management Ethernet port bonding . . . . . . . . . . . . . . . . . . . . .65Displaying the network interface settings . . . . . . . . . . . . . . . . .66Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Time zone settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Fabric name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Configuring the fabric name . . . . . . . . . . . . . . . . . . . . . . . . . . . .78High availability considerations for fabric names . . . . . . . . . . .78Upgrade and downgrade considerations for fabric names. . . .78
Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . .78Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Disabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Enabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Switch and Backbone shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . .80Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . .80Powering off a Brocade Backbone . . . . . . . . . . . . . . . . . . . . . . . 81
Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
6 Fabric OS Administrator’s Guide53-1002920-02
Chapter 3 Performing Advanced Configuration Tasks
Port identifiers (PIDs) and PID binding overview . . . . . . . . . . . . . . .83Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8410-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .85WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Port Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Backbone port blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89Port identification by slot and port number . . . . . . . . . . . . . . . .89Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . .90Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90Configuring a device-switch connection . . . . . . . . . . . . . . . . . . .90Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Port activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . .92Port decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92Setting port modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Setting all ports on a switch to the same speed . . . . . . . . . . . .94Setting port speed for a port octet . . . . . . . . . . . . . . . . . . . . . . .95
Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .95CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Port and application blade compatibility . . . . . . . . . . . . . . . . . .98FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Blade swapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99How blades are swapped . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Disabling switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Verifying High Availability features (Backbones only) . . . . . . .104Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . .105Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . .105Viewing the switch status policy threshold values. . . . . . . . . .105Setting the switch status policy threshold values . . . . . . . . . .106
Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Verifying host syslog prior to configuring the audit log . . . . . .109Configuring an audit log for specific event classes . . . . . . . . .109
Fabric OS Administrator’s Guide 753-1002920-02
Duplicate PWWN handling during device login . . . . . . . . . . . . . . . .110Setting 0, First login precedence . . . . . . . . . . . . . . . . . . . . . . .110Setting 1, Second login precedence. . . . . . . . . . . . . . . . . . . . .110Setting 2, Mixed precedence . . . . . . . . . . . . . . . . . . . . . . . . . .110Setting the behavior for handling duplicate PWWNs. . . . . . . .111
Enabling forward error correction . . . . . . . . . . . . . . . . . . . . . . . . . .111FEC Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112Using the portCfgFec command . . . . . . . . . . . . . . . . . . . . . . . .112
Chapter 4 Routing Traffic
Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115Paths and route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119Congestion versus over-subscription . . . . . . . . . . . . . . . . . . . .119Virtual channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . .121
Routing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Displaying the current routing policy . . . . . . . . . . . . . . . . . . . .122Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Device-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Dynamic Path Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124AP route policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126Forcing in-order frame delivery across topology changes . . . .127Restoring out-of-order frame delivery across topology changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127Using Frame Viewer to understand why frames are dropped.127
Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . .129Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Configuring Lossless Dynamic Load Sharing . . . . . . . . . . . . . .131Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . .131
Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .132Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .133Viewing frame redirect zones . . . . . . . . . . . . . . . . . . . . . . . . . .133
8 Fabric OS Administrator’s Guide53-1002920-02
Chapter 5 Buffer-to-Buffer Credits and Credit Recovery
Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Buffer-to-buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .135Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .136Fibre Channel gigabit values reference definition. . . . . . . . . .137Buffer credit allocation based on full-size frames. . . . . . . . . .137Allocating buffer credits based on average-size frames . . . . .140Configuring buffers for a single port directly . . . . . . . . . . . . . .141Configuring buffers using frame size . . . . . . . . . . . . . . . . . . . .141Calculating the number of buffers required given the distance, speed, and frame size. . . . . . . . . . . . . . . . . . . . . . . .142Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .142Monitoring buffers in a port group . . . . . . . . . . . . . . . . . . . . . .142Buffer credits switch or blade model . . . . . . . . . . . . . . . . . . . .143Maximum configurable distances for Extended Fabrics . . . . .144Downgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .145Configuring credits for a single VC . . . . . . . . . . . . . . . . . . . . . .146
Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146Buffer credit recovery over an E_Port. . . . . . . . . . . . . . . . . . . .147Buffer credit recovery over an F_Port . . . . . . . . . . . . . . . . . . . .147Buffer credit recovery over an EX_Port. . . . . . . . . . . . . . . . . . .148Enabling and disabling buffer credit recovery . . . . . . . . . . . . .148
Credit loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Back-end credit loss detection and recovery support on Brocade 5300 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Back-end credit loss detection and recovery support on Brocade 6520 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Enabling back-end credit loss detection and recovery . . . . . .150
Chapter 6 Managing User Accounts
User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .152Management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Managing user-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . .154
Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Local user account database distribution. . . . . . . . . . . . . . . . . . . .158Distributing the local user database . . . . . . . . . . . . . . . . . . . .158Accepting distributed user databases on the local switch . . .158Rejecting distributed user databases on the local switch . . .159
Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Account lockout policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Fabric OS Administrator’s Guide 953-1002920-02
The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Setting the boot PROM password for a switch with a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Setting the boot PROM password for a Backbone with a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164Setting the boot PROM password for a switch without a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165Setting the boot PROM password for a Backbone without a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Remote authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Remote authentication configuration. . . . . . . . . . . . . . . . . . . .167Setting the switch authentication mode . . . . . . . . . . . . . . . . . 171Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Fabric OS users on the RADIUS server . . . . . . . . . . . . . . . . . . .172Setting up a RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . .175LDAP configuration and Microsoft Active Directory . . . . . . . . .181LDAP configuration and OpenLDAP . . . . . . . . . . . . . . . . . . . . .184TACACS+ service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189Remote authentication configuration on the switch . . . . . . . .192Configuring local authentication as backup. . . . . . . . . . . . . . .194
Chapter 7 Configuring Protocols
Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196Setting up SCP for configuration uploads and downloads . . .197
Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .198
Secure Sockets Layer protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . .200Browser and Java support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200SSL configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .201The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204Root certificates for the Java plugin . . . . . . . . . . . . . . . . . . . . .205
Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .206SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206Management Information Base (MIB) . . . . . . . . . . . . . . . . . . .207Basic SNMP operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207Understanding MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208Access to MIB variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208SNMP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209Loading Brocade MIBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212Access Gateway and Brocade MIBs . . . . . . . . . . . . . . . . . . . . .216Firmware upgrades and enabled traps . . . . . . . . . . . . . . . . . .216Support for Administrative Domains . . . . . . . . . . . . . . . . . . . .216Support for Role-Based Access Control . . . . . . . . . . . . . . . . . .216Support for IPv6 addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Support for Virtual Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Configuring SNMP using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . .218
10 Fabric OS Administrator’s Guide53-1002920-02
Telnet protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226Blocking Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .229Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Chapter 8 Configuring Security Policies
ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .231Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Saving changes without activating the policies . . . . . . . . . . . .233Activating ACL policy changes . . . . . . . . . . . . . . . . . . . . . . . . . .233Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Adding a member to an existing ACL policy . . . . . . . . . . . . . . .234Removing a member from an ACL policy . . . . . . . . . . . . . . . . .234Abandoning unsaved ACL policy changes . . . . . . . . . . . . . . . .234
FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .236Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .237FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Device Connection Control policies . . . . . . . . . . . . . . . . . . . . . . . . .238DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240DCC policy behavior with Fabric-Assigned PWWNs . . . . . . . . . 241
SCC Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .243E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .246AUTH policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .249FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .251Fabric-wide distribution of the authorization policy. . . . . . . . .253
Fabric OS Administrator’s Guide 1153-1002920-02
IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .254Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .255Deleting an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .258Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .259Deleting a rule from an IP Filter policy . . . . . . . . . . . . . . . . . . .259Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .259IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .261ACL policy distribution to other switches . . . . . . . . . . . . . . . . .262Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .264
Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .266Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267IPsec protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269Authentication and encryption algorithms . . . . . . . . . . . . . . . .269IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270IKE policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272Example of an end-to-end transport tunnel mode. . . . . . . . . . 274
Chapter 9 Maintaining the Switch Configuration File
Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279Uploading a configuration file in interactive mode . . . . . . . . .279
Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281Configuration download without disabling a switch . . . . . . . .282
Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284Downloading a configuration file from one switch to another switch of the same model . . . . . . . . . . . . . . . . . . . . . .284Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
Configuration management for Virtual Fabrics . . . . . . . . . . . . . . . .285Uploading a configuration file from a switch with Virtual Fabrics enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285Restoring a logical switch configuration using configDownload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287
12 Fabric OS Administrator’s Guide53-1002920-02
Chapter 10 Installing and Maintaining Firmware
Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .289Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .291Considerations for FICON CUP environments . . . . . . . . . . . . .291HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .292Obtaining and decompressing firmware . . . . . . . . . . . . . . . . .293Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .294Switch firmware download process overview. . . . . . . . . . . . . .294
Firmware download on a Backbone. . . . . . . . . . . . . . . . . . . . . . . . .296Backbone firmware download process overview. . . . . . . . . . .296
Firmware download from a USB device . . . . . . . . . . . . . . . . . . . . . .299Enabling the USB device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .299Downloading from the USB device using the relative path. . .300Downloading from the USB device using the absolute path. .300
FIPS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300Public and private key management . . . . . . . . . . . . . . . . . . . .300The firmwareDownload command . . . . . . . . . . . . . . . . . . . . . .301Power-on firmware checksum test . . . . . . . . . . . . . . . . . . . . . .302
Testing and restoring firmware on switches . . . . . . . . . . . . . . . . . .302Testing a different firmware version on a switch . . . . . . . . . . .302
Testing and restoring firmware on Backbones . . . . . . . . . . . . . . . .304Testing different firmware versions on Backbones . . . . . . . . .304
Validating a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Chapter 11 Managing Virtual Fabrics
Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .311Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .312Logical switches and connected devices . . . . . . . . . . . . . . . . .313
Management model for logical switches. . . . . . . . . . . . . . . . . . . . .314
Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315Base switch and extended ISLs . . . . . . . . . . . . . . . . . . . . . . . .316
Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .319
Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .320Supported port configurations in the fixed-port switches. . . .320Supported port configurations in Brocade Backbones . . . . . .321Virtual Fabrics interaction with other Fabric OS features . . . .322
Fabric OS Administrator’s Guide 1353-1002920-02
Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .322Restrictions on XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .324
Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324
Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Configuring logical switches to use basic configuration values. . .326
Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .326
Executing a command in a different logical switch context . . . . . .328
Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
Adding and moving ports on a logical switch . . . . . . . . . . . . . . . . .329
Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .330
Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .331
Changing a logical switch to a base switch . . . . . . . . . . . . . . . . . . .331
Setting up IP addresses for a logical switch . . . . . . . . . . . . . . . . . .333
Removing an IP address for a logical switch. . . . . . . . . . . . . . . . . .333
Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .333
Changing the context to a different logical fabric . . . . . . . . . . . . . .334
Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .334
Chapter 12 Administering Advanced Zoning
Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338Approaches to zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342Considerations for zoning architecture . . . . . . . . . . . . . . . . . .342Best practices for zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .344Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .345High availability considerations with broadcast zones . . . . . .346Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .346Broadcast zones and default zoning mode . . . . . . . . . . . . . . .346
Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . .347Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .348Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349Viewing an alias in the defined configuration . . . . . . . . . . . . .349
14 Fabric OS Administrator’s Guide53-1002920-02
Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .350Displaying existing zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .351Removing devices (members) from a zone . . . . . . . . . . . . . . .352Replacing zone members . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355Viewing a zone in the defined configuration . . . . . . . . . . . . . .356Viewing zone configuration names without case distinction .356Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358
Default zoning mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .361Viewing the current default zone access mode. . . . . . . . . . . .361
Zone database size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362
Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362Creating a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .363Adding zones to a zone configuration . . . . . . . . . . . . . . . . . . .363Removing members from a zone configuration. . . . . . . . . . . .364Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .364Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .365Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .365Abandoning zone configuration changes . . . . . . . . . . . . . . . . .366Viewing all zone configuration information . . . . . . . . . . . . . . .366Viewing selected zone configuration information . . . . . . . . . .367Viewing the configuration in the effective zone database . . .367Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .367
Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
Zone configuration management. . . . . . . . . . . . . . . . . . . . . . . . . . .370
Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Zone merging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .373Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
Concurrent zone transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Viewing zone database transactions . . . . . . . . . . . . . . . . . . . .377
Chapter 13 Traffic Isolation Zoning
Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .379
TI zone failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380Additional considerations when disabling failover . . . . . . . . .381FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .383
Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384Illegal configurations with enhanced TI zones. . . . . . . . . . . . .385
Fabric OS Administrator’s Guide 1553-1002920-02
Traffic Isolation Zoning over FC routers . . . . . . . . . . . . . . . . . . . . . .386TI zones within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . .388TI zones within a backbone fabric . . . . . . . . . . . . . . . . . . . . . .389Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .390
Fabric-Level Traffic Isolation in a backbone fabric . . . . . . . . . . . . .390Fabric-Level TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391Failover behavior for Fabric-Level TI zones . . . . . . . . . . . . . . .392Creating a separate TI zone for each path . . . . . . . . . . . . . . . .392Creating a single TI zone for all paths . . . . . . . . . . . . . . . . . . .393
General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394Traffic Isolation Zone violation handling for trunk ports . . . . .395
Supported configurations for Traffic Isolation Zoning . . . . . . . . . .396Additional configuration rules for enhanced TI zones . . . . . . .396Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397
Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .398
Admin Domain considerations for Traffic Isolation Zoning . . . . . .398
Virtual Fabrics considerations for Traffic Isolation Zoning . . . . . . .399
Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .401
Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .404
Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405
Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .406
Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407
Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407
Troubleshooting TI zone routing problems . . . . . . . . . . . . . . . . . . .408
Setting up TI zones over FCR (sample procedure) . . . . . . . . . . . . .409
Chapter 14 Optimizing Fabric Behavior
Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413
Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414Virtual Fabrics considerations. . . . . . . . . . . . . . . . . . . . . . . . . .414Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .415Disabling Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . .415
QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415License requirements for QoS. . . . . . . . . . . . . . . . . . . . . . . . . .416
CS_CTL-based frame prioritization. . . . . . . . . . . . . . . . . . . . . . . . . .416Supported configurations for CS_CTL-based frame prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417High availability considerations for CS_CTL-based frame prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417Enabling CS_CTL-based frame prioritization on ports . . . . . . . 417Disabling CS_CTL-based frame prioritization on ports . . . . . .418Using CS_CTL auto mode at the chassis level . . . . . . . . . . . . .418Considerations for using CS_CTL-based frame prioritization .418
16 Fabric OS Administrator’s Guide53-1002920-02
QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . .419
QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421Virtual Fabrics considerations for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422High-availability considerations for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422Supported configurations for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423Limitations and restrictions for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424
Setting QoS zone-based traffic prioritization. . . . . . . . . . . . . . . . . .424
Setting QoS zone-based traffic prioritization over FC routers . . . .426
Disabling QoS zone-based traffic prioritization. . . . . . . . . . . . . . . .426
Chapter 15 Bottleneck Detection
Bottleneck detection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427Types of bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . .428
Supported configurations for bottleneck detection . . . . . . . . . . . .429Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . .429High availability considerations for bottleneck detection . . . .430Upgrade and downgrade considerations for bottleneck detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430Trunking considerations for bottleneck detection . . . . . . . . . .430Virtual Fabrics considerations for bottleneck detection . . . . .430Access Gateway considerations for bottleneck detection. . . .430
Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . .431
Displaying bottleneck detection configuration details . . . . . . . . . .431
Setting bottleneck detection alerts . . . . . . . . . . . . . . . . . . . . . . . . .433Setting both a congestion alert and a latency alert . . . . . . . .434Setting a congestion alert only . . . . . . . . . . . . . . . . . . . . . . . . .434Setting a latency alert only . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
Changing bottleneck detection parameters . . . . . . . . . . . . . . . . . .435Examples of applying and changing bottleneck detection parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
Advanced bottleneck detection settings . . . . . . . . . . . . . . . . . . . . .439
Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .440
Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .442
Fabric OS Administrator’s Guide 1753-1002920-02
Chapter 16 In-flight Encryption and Compression
In-flight encryption and compression overview. . . . . . . . . . . . . . . .445Supported ports for in-flight encryption and compression . . .446In-flight encryption and compression restrictions . . . . . . . . . .446How in-flight encryption and compression are enabled . . . . .448Authentication and key generation for encryption and compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448Availability considerations for encryption and compression. .449Virtual Fabrics considerations for encryption and compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449In-flight compression on long-distance ports. . . . . . . . . . . . . .450Compression ratios for compression-enabled ports . . . . . . . .450
Configuring in-flight encryption and compression on an EX_Port .450
Configuring in-flight encryption and compression on an E_Port . .451
Viewing the encryption and compression configuration . . . . . . . .452
Configuring and enabling authentication for in-flight encryption .453
Enabling in-flight encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455
Enabling in-flight compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456
Disabling in-flight encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456
Disabling in-flight compression . . . . . . . . . . . . . . . . . . . . . . . . . . . .457
Chapter 17 Diagnostic Port
Diagnostic Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459
Supported platforms for D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . .459
Licensing requirements for D_Port . . . . . . . . . . . . . . . . . . . . . . . . .460
Understanding D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460Advantages of D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461D_Port configuration mode and nature of test . . . . . . . . . . . .461General limitations and considerations for D_Port . . . . . . . . .462
Supported topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Topology 1: ISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Topology 2: ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Topology 3: Access Gateways . . . . . . . . . . . . . . . . . . . . . . . . . .464Topology 4: HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465
Using D_Port without HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465Enabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465Disabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466
Using D_Port with HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467Automatic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . .467Dynamic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . .468BCU D_Port commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468Limitations and considerations for D_Port with HBAs. . . . . . .468
Controlling testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .469
18 Fabric OS Administrator’s Guide53-1002920-02
Example test scenarios and output . . . . . . . . . . . . . . . . . . . . . . . . .469Confirming SFP and link status with an HBA . . . . . . . . . . . . . .470Starting and stopping D_Port testing . . . . . . . . . . . . . . . . . . . .470
Chapter 18 NPIV
NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47410-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475
Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Viewing NPIV port configuration information . . . . . . . . . . . . . . . . . 476Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .478
Chapter 19 Fabric-Assigned PWWN
Fabric-Assigned PWWN overview . . . . . . . . . . . . . . . . . . . . . . . . . . .479
User- and auto-assigned FA-PWWN behavior . . . . . . . . . . . . . . . . .480
Configuring an FA-PWWN for an HBA connected to an Access Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481
Configuring an FA-PWWN for an HBA connected to an edge switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482
Supported switches and configurations for FA-PWWN. . . . . . . . . .483
Configuration upload and download considerations for FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483
Security considerations for FA-PWWN . . . . . . . . . . . . . . . . . . . . . . .483
Restrictions of FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484
Access Gateway N_Port failover with FA-PWWN . . . . . . . . . . . . . . .484
Chapter 20 Managing Administrative Domains
Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .485Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .487Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .487User-defined Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . .488System-defined Admin Domains. . . . . . . . . . . . . . . . . . . . . . . .488Home Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . .490Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .491Admin Domains and switch WWNs. . . . . . . . . . . . . . . . . . . . . .492Admin Domain compatibility, availability, and merging . . . . . .494
Fabric OS Administrator’s Guide 1953-1002920-02
Admin Domain management for physical fabric administrators . .494Setting the default zoning mode for Admin Domains . . . . . . .495Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .495User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .496Removing an Admin Domain from a user account . . . . . . . . .498Activating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . .498Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .499Adding members to an existing Admin Domain. . . . . . . . . . . .499Removing members from an Admin Domain . . . . . . . . . . . . . .500Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .500Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .501Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .502Deleting all user-defined Admin Domains non-disruptively . .502Validating an Admin Domain member list . . . . . . . . . . . . . . . .506
SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .506CLI commands in an AD context . . . . . . . . . . . . . . . . . . . . . . . .507Executing a command in a different AD context . . . . . . . . . . .507Displaying an Admin Domain configuration . . . . . . . . . . . . . . .508Switching to a different Admin Domain context. . . . . . . . . . . .508Admin Domain interactions with other Fabric OS features . . .509Admin Domains, zones, and zone databases . . . . . . . . . . . . .510Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .511Configuration upload and download in an AD context . . . . . .512
Section II Licensed Features
Chapter 21 Administering Licensing
Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515
Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . . . . .523
ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523ICL 1st POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523ICL 2nd POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524Enterprise ICL license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524
8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525
Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526Upgrade and downgrade considerations . . . . . . . . . . . . . . . . .526Assigning a license to a slot . . . . . . . . . . . . . . . . . . . . . . . . . . .526Removing a license from a slot . . . . . . . . . . . . . . . . . . . . . . . . .527
10G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527Enabling 10 Gbps operation on an FC port . . . . . . . . . . . . . . .528Enabling the 10-GbE ports on an FX8-24 blade . . . . . . . . . . .529
20 Fabric OS Administrator’s Guide53-1002920-02
Temporary licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530Restrictions on upgrading temporary slot-based licenses . . .531Date change restriction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531Configupload and download considerations . . . . . . . . . . . . . .531Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531Universal temporary licenses . . . . . . . . . . . . . . . . . . . . . . . . . .532Extending a universal temporary license . . . . . . . . . . . . . . . . .532Universal temporary license shelf life. . . . . . . . . . . . . . . . . . . .532
Viewing installed licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532
Activating a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533
Adding a licensed feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533
Removing a licensed feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534
Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535Displaying installed licenses . . . . . . . . . . . . . . . . . . . . . . . . . . .536Activating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .537Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . .537Displaying the port license assignments . . . . . . . . . . . . . . . . .538Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . .538Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . .539Reserving a port license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540Releasing a port from a POD set. . . . . . . . . . . . . . . . . . . . . . . .540
Chapter 22 Inter-chassis Links
Inter-chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543License requirements for ICLs . . . . . . . . . . . . . . . . . . . . . . . . .544
ICLs for the Brocade DCX 8510 Backbone family. . . . . . . . . . . . . .544ICL trunking on the Brocade DCX 8510-8 and DCX 8510-4 . .545
ICLs for the Brocade DCX Backbone family. . . . . . . . . . . . . . . . . . .546ICL trunking on the Brocade DCX and DCX-4S. . . . . . . . . . . . .547
Virtual Fabrics considerations for ICLs . . . . . . . . . . . . . . . . . . . . . .547
Supported topologies for ICL connections . . . . . . . . . . . . . . . . . . .547Mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547Core-edge topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549
Chapter 23 Monitoring Fabric Performance
Advanced Performance Monitoring overview . . . . . . . . . . . . . . . . .551Types of monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551Restrictions for installing monitors . . . . . . . . . . . . . . . . . . . . . .552Virtual Fabrics considerations for Advanced Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .552Access Gateway considerations for Advanced Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .553
Fabric OS Administrator’s Guide 2153-1002920-02
End-to-end performance monitoring . . . . . . . . . . . . . . . . . . . . . . . .553Maximum number of EE monitors . . . . . . . . . . . . . . . . . . . . . .553Supported port configurations for EE monitors . . . . . . . . . . . .554Adding EE monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554Setting a mask for an EE monitor . . . . . . . . . . . . . . . . . . . . . . .555Deleting EE monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556Displaying EE monitor counters . . . . . . . . . . . . . . . . . . . . . . . .557Clearing EE monitor counters . . . . . . . . . . . . . . . . . . . . . . . . . .557
Frame monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558License requirements for frame monitoring . . . . . . . . . . . . . .558Creating frame types to be monitored . . . . . . . . . . . . . . . . . . .559Creating a frame monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559Deleting frame types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .560Adding frame monitors to a port. . . . . . . . . . . . . . . . . . . . . . . .560Removing frame monitors from a port . . . . . . . . . . . . . . . . . . .560Saving a frame monitor configuration . . . . . . . . . . . . . . . . . . .560Displaying frame monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . .561Clearing frame monitor counters . . . . . . . . . . . . . . . . . . . . . . .562
Top Talker monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562Top Talker monitors and FC-FC routing. . . . . . . . . . . . . . . . . . .563Limitations of Top Talker monitors . . . . . . . . . . . . . . . . . . . . . .565Adding a Top Talker monitor to a port (port mode) . . . . . . . . .565Adding Top Talker monitors on all switches in the fabric (fabric mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .565Displaying the top n bandwidth-using flows on a port (port mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566Displaying top talking flows for a given domain ID (fabric mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566Deleting a Top Talker monitor on a port (port mode) . . . . . . .567Deleting all fabric mode Top Talker monitors. . . . . . . . . . . . . .567
Trunk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567Trunk monitoring considerations . . . . . . . . . . . . . . . . . . . . . . .567
Saving and restoring monitor configurations . . . . . . . . . . . . . . . . .567
Performance data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568
Chapter 24 Managing Trunking Connections
Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569Types of trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Masterless trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570License requirements for trunking . . . . . . . . . . . . . . . . . . . . . . 571Port groups for trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Supported platforms for trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Supported configurations for trunking . . . . . . . . . . . . . . . . . . . . . . 571High Availability support for trunking . . . . . . . . . . . . . . . . . . . .572
Requirements for trunk groups . . . . . . . . . . . . . . . . . . . . . . . . . . . .572
Recommendations for trunk groups . . . . . . . . . . . . . . . . . . . . . . . .572
Configuring trunk groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573
22 Fabric OS Administrator’s Guide53-1002920-02
Enabling trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
Disabling trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
Displaying trunking information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
Trunk Area and Admin Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . 576Example of Trunk Area assignment on port domain,index . . . 576
ISL trunking over long-distance fabrics . . . . . . . . . . . . . . . . . . . . . . 576
EX_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577Masterless EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . .577Supported configurations and platforms for EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .578Configuring EX_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . .578Displaying EX_Port trunking information . . . . . . . . . . . . . . . . .578
F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579F_Port trunking for Access Gateway . . . . . . . . . . . . . . . . . . . . .579F_Port trunking for Brocade adapters . . . . . . . . . . . . . . . . . . .581F_Port trunking considerations. . . . . . . . . . . . . . . . . . . . . . . . .582F_Port trunking in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . .584
Displaying F_Port trunking information . . . . . . . . . . . . . . . . . . . . . .585
Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585
Enabling the DCC policy on a trunk area. . . . . . . . . . . . . . . . . . . . .586
Chapter 25 Managing Long-Distance Fabrics
Long-distance fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .587
Extended Fabrics device limitations . . . . . . . . . . . . . . . . . . . . . . . .588
Long-distance link modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588
Configuring an extended ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .589Enabling long distance when connecting to TDM devices . . .590
Forward error correction on long-distance links . . . . . . . . . . . . . . .591Enabling FEC on a long-distance link . . . . . . . . . . . . . . . . . . . .591Disabling FEC on a long-distance link . . . . . . . . . . . . . . . . . . .591
Chapter 26 Using FC-FC Routing to Connect Fabrics
FC-FC routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593License requirements for FC-FC routing . . . . . . . . . . . . . . . . . .594Supported platforms for FC-FC routing. . . . . . . . . . . . . . . . . . .594Supported configurations for FC-FC routing. . . . . . . . . . . . . . .595Network OS connectivity limitations . . . . . . . . . . . . . . . . . . . . .595
Fibre Channel routing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . .596Proxy devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .599FC-FC routing topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .600Phantom domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601FC router authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603
Setting up FC-FC routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603Verifying the setup for FC-FC routing . . . . . . . . . . . . . . . . . . . .604
Fabric OS Administrator’s Guide 2353-1002920-02
Backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .605Assigning backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . .606
FCIP tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .606
Inter-fabric link configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607Configuring an IFL for both edge and backbone connections 607Configuring EX_Ports on an ICL . . . . . . . . . . . . . . . . . . . . . . . .611
FC router port cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .613Port cost considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614Setting router port cost for an EX_Port. . . . . . . . . . . . . . . . . . .614
Shortest IFL cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .615Configuring shortest IFL cost . . . . . . . . . . . . . . . . . . . . . . . . . . 617
EX_Port frame trunking configuration . . . . . . . . . . . . . . . . . . . . . . .619
LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620Use of Admin Domains with LSAN zones and FC-FC routing .620Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .620LSAN zones and fabric-to-fabric communications. . . . . . . . . .621Controlling device communication with the LSAN . . . . . . . . . .621Configuring backbone fabrics for interconnectivity . . . . . . . . .623Setting the maximum LSAN count . . . . . . . . . . . . . . . . . . . . . .624HA and downgrade considerations for LSAN zones . . . . . . . .624LSAN zone policies using LSAN tagging . . . . . . . . . . . . . . . . . .624LSAN zone binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .628
Proxy PID configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633
Fabric parameter considerations . . . . . . . . . . . . . . . . . . . . . . . . . . .633
Inter-fabric broadcast frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634Displaying the current broadcast configuration. . . . . . . . . . . .634Enabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .634Disabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .634
Resource monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634
FC-FC routing and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . .636Logical switch configuration for FC routing . . . . . . . . . . . . . . .637Backbone-to-edge routing with Virtual Fabrics . . . . . . . . . . . .638
Upgrade and downgrade considerations for FC-FC routing . . . . . .639How replacing port blades affects EX_Port configuration. . . .639
Displaying the range of output ports connected to xlate domains639
Appendix A Port Indexing
Appendix B FIPS Support
FIPS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645
Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645Power-on self-tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647Conditional tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647
24 Fabric OS Administrator’s Guide53-1002920-02
FIPS mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647LDAP in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .648LDAP certificates for FIPS mode . . . . . . . . . . . . . . . . . . . . . . . .650
Preparing a switch for FIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .651Overview of steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652Enabling FIPS mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652Zeroizing for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655Displaying FIPS configuration . . . . . . . . . . . . . . . . . . . . . . . . . .655
Appendix C Hexadecimal Conversion
Example conversion of the hexadecimal triplet Ox616000 . .657Decimal-to-hexadecimal conversion table . . . . . . . . . . . . . . . .658
Index
Fabric OS Administrator’s Guide 2553-1002920-02
26 Fabric OS Administrator’s Guide53-1002920-02
Figures
Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Figure 3 Blade swap with Virtual Fabrics during the swap. . . . . . . . . . . . . . . . . . . . . . . . 101Figure 4 Blade swap with Virtual Fabrics after the swap . . . . . . . . . . . . . . . . . . . . . . . . . 102Figure 5 Principal ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Figure 6 New switch added to existing fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Figure 7 Virtual channels on a QoS-enabled ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Figure 8 Gateway link merging SANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Figure 9 Single host and target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Figure 10 Windows 2000 VSA configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173Figure 11 Example of a brocade.dct file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Figure 12 Example of the dictiona.dcm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Figure 13 SNMP structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Figure 14 SNMP query. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Figure 15 SNMP trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Figure 16 Brocade MIB tree location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Figure 17 DH-CHAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244Figure 18 Protected endpoints configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Figure 19 Gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Figure 20 Endpoint-to-gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Figure 21 Switch before and after enabling Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . 310Figure 22 Switch before and after creating logical switches . . . . . . . . . . . . . . . . . . . . . . . 311Figure 23 Fabric IDs assigned to logical switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Figure 24 Assigning ports to logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Figure 25 Logical switches connected to devices and non-Virtual Fabrics switch . . . . . . 314Figure 26 Logical switches in a single chassis belong to separate fabrics . . . . . . . . . . . . 314Figure 27 Logical switches connected to other logical switches through physical ISLs. . 316Figure 28 Logical switches connected to form logical fabrics . . . . . . . . . . . . . . . . . . . . . . 316Figure 29 Base switches connected by an XISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317Figure 30 Logical ISLs connecting logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318Figure 31 Logical fabric using ISLs and XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318Figure 32 Example of logical fabrics in multiple chassis and XISLs . . . . . . . . . . . . . . . . . 335Figure 33 Zoning example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Figure 34 Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345Figure 35 Traffic Isolation zone creating a dedicated path through the fabric . . . . . . . . . 380Figure 36 Fabric incorrectly configured for TI zone with failover disabled . . . . . . . . . . . . 382
Fabric OS Administrator’s Guide 2753-1002920-02
Figure 37 Dedicated path is the only shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383Figure 38 Dedicated path is not the shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384Figure 39 Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384Figure 40 Illegal ETIZ configuration: two paths from one port to two devices on the
same remote domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385Figure 41 Illegal ETIZ configuration: two paths from one port . . . . . . . . . . . . . . . . . . . . . . 386Figure 42 Traffic Isolation Zoning over FCR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387Figure 43 TI zone in an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388Figure 44 TI zone in a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389Figure 45 Fabric-level traffic isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391Figure 46 TI zone misconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395Figure 47 Dedicated path with Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399Figure 48 Creating a TI zone in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400Figure 49 Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400Figure 50 Example configuration for TI zones over FC routers in logical fabrics . . . . . . . 401Figure 51 Logical representation of TI zones over FC routers in logical fabrics . . . . . . . . 401Figure 52 TI over FCR example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409Figure 53 QoS traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420Figure 54 QoS with E_Ports enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421Figure 55 Traffic prioritization in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423Figure 56 Affected seconds for bottleneck detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433Figure 57 Encryption and compression on 16 Gbps ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . 446Figure 58 Example of a basic D_Port connection between switches . . . . . . . . . . . . . . . . 460Figure 59 ISLs connecting multiple switches and chassis . . . . . . . . . . . . . . . . . . . . . . . . . 463Figure 60 ICLs connecting chassis blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463Figure 61 Single Access Gateway to switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Figure 62 Multiple Access Gateways cascaded to switch . . . . . . . . . . . . . . . . . . . . . . . . . 464Figure 63 Access Gateway to HBA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Figure 64 HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465Figure 65 Fabric-assigned port World Wide Name provisioning scenarios . . . . . . . . . . . . 480Figure 66 Fabric with two Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486Figure 67 Filtered fabric views when using Admin Domains . . . . . . . . . . . . . . . . . . . . . . . 486Figure 68 Fabric with AD0 and AD255. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490Figure 69 Fabric showing switch and device WWNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493Figure 70 Filtered fabric views showing converted switch WWNs . . . . . . . . . . . . . . . . . . . 493Figure 71 AD0 and two user-defined Admin Domains, AD1 and AD2 . . . . . . . . . . . . . . . . 504Figure 72 AD0 with three zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Figure 73 Minimum configuration for 64 Gbps ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545Figure 74 DCX-4S allowed ICL connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546Figure 75 ICL triangular topology with Brocade DCX 8510-8 chassis . . . . . . . . . . . . . . . . 548Figure 76 Full nine-mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549Figure 77 64 Gbps ICL core-edge topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
28 Fabric OS Administrator’s Guide53-1002920-02
Figure 78 Setting end-to-end monitors on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554Figure 79 Mask positions for end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556Figure 80 Fabric mode Top Talker monitors on FC router do not monitor any flows . . . . 564Figure 81 Fabric mode Top Talker monitors on FC router monitor flows over the E_Port 564Figure 82 Port group configuration for the Brocade 5100 . . . . . . . . . . . . . . . . . . . . . . . . . 571Figure 83 Switch in Access Gateway mode without F_Port masterless trunking . . . . . . . 580Figure 84 Switch in Access Gateway mode with F_Port masterless trunking . . . . . . . . . . 580Figure 85 A metaSAN with inter-fabric links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596Figure 86 A metaSAN with edge-to-edge and