Web Tools Administrator'

53-1000606-01
Oct 2007
y
Web Tools
Administrator’s Guide
Supporting Fabric OS v6.0.0
Copyright © 2007, Brocade Communications Systems, Incorporated. All Rights Reserved.
Brocade, the Brocade B-weave logo, Fabric OS, File Lifecycle Manager, MyView, SilkWorm, and StorageX are registered
trademarks and the Brocade B-wing symbol, SAN Health, and Tapestry are trademarks of Brocade Communications Systems,
Inc., in the United States and/or in other countries. FICON is a registered trademark of IBM Corporation in the U.S. and other
countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify,
products or services of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with
respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that
accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other
open source license agreements. To find-out which open source software is included in Brocade products, view the licensing
terms applicable to the open source software, and obtain a copy of the programming source code, please visit
http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Corporate Headquarters
Brocade Communications Systems, Inc.
1745 Technology Drive
San Jose, CA 95110
Tel: 1-408-333-8000
Fax: 1-408-333-8101
Email: info@brocade.com
European and Latin American Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour A - 2ème étage
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 56 40
Fax: +41 22 799 56 41
Email: emea-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Singapore Pte. Ltd.
9 Raffles Place
#59-02 Republic Plaza 1
Singapore 048619
Tel: +65-6538-4700
Fax: +65-6538-0302
Email: apac-info@brocade.com
Document History
The following table lists all versions of the Web Tools Administrator’s Guide.
Document Title
Publication
Number
Summary of Changes
Publication
Date
Web Tools User’s Guide v2.0 53-0001536-01
N/A
September 1999
Web Tools User’s Guide v2.2 53-0001558-02
N/A
May 2000
Web Tools User’s Guide v2.3 53-0000067-02
N/A
December 2000
Web Tools User’s Guide v3.0 53-0000130-03
N/A
July 2001
Web Tools User’s Guide v2.6 53-0000197-02
N/A
December 2001
Advanced Web Tools User’s
Guide
v3.0 / v4.0
53-0000185-02
N/A
March 2002
Advanced Web Tools User’s
Guide v4.0.2
53-0000185-03
N/A
September 2002
Advanced Web Tools User’s
Guide v3.1.0
53-0000503-02
N/A
April 2003
Advanced Web Tools User’s
Guide v4.1.0
53-0000522-02
N/A
April 2003
Advanced Web Tools User’s
Guide v4.1.2
53-0000522-04
Insistent Domain ID Mode.
October 2003
Port Swapping information. Minor
editorial changes
Advanced Web Tools
Administrator’s Guide,
v4.2.0
53-0000522-05
Updates to support new switch
types: Brocade 3250, 3850,
24000. Structural changes,
Support changes, Installation
changes.
Advanced Web Tools User’s
Guide
53-0000522-06
March 2004
Clarifications on software and
hardware support, minor
enhancements in procedure text,
minor rearranging of content.
Advanced Web Tools
Administrator’s Guide
53-0000522-07
September 2004
Updates to support new switch
types (3016, 4100) and Fabric OS
v4.4.0, including Ports on
Demand, user administration,
and zoning wizards.
Web Tools Administrator’s
Guide
53-0000522-08
April 2005
Updates to support new switch
types (200E, 48000) and Fabric
OS v5.0.1, including switchAdmin
role, upfront login, and Web Tools
EZ.
Web Tools Administrator’s
Guide
53-0000522-09
Updates to add additional
information about refresh and
polling rates.
December 2003
July 2005
Document Title
Publication
Number
Summary of Changes
Publication
Date
Web Tools Administrator’s
Guide
53-1000049-01
Updates to support new switch
types (4900, 7500) and Fabric
OS v5.1.0, including FCR, FCIP,
and the FR4-18i port blade. Web
Tools EZ information is moved to
a separate book.
January 2006
Web Tools Administrator’s
Guide
53-1000049-02
Updates to the FCIP chapter to
clarify how to configure tunnels.
April 2006
Web Tools Administrator’s
Guide
53-1000194-01
Updates for Fabric OS v5.2.0 and September 2006
the FC4-16IP blade. Also new
security for Web Tools, including
Role-Based Access Control and
administrative domains.
Web Tools Administrator’s
Guide
53-1000435-01
Updates to reflect interface
enhancements, support for new
switch types, IPv6 support, and
other enhancements.
June 2007
Web Tools Administrator’s
Guide
53-1000606-01
Updates to reflect updates to
enhanced Access Gateway
support, changes to FCIP
tunneling wizard, and other
enhancements.
October 2007
Contents
About This Document
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xii
What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Other industry resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Chapter 1
Introducing Web Tools
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Setting Refresh Frequency for Internet Explorer . . . . . . . . . . . . . 2
Deleting temporary internet files used by Java applications . . . 3
Installing Java on the workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Installing the JRE on your Solaris or Linux client workstation. . . 4
Installing patches on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Installing the Java plug-in on Windows. . . . . . . . . . . . . . . . . . . . . 5
Configuring the Java plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Configuring the Java plug-in for Windows. . . . . . . . . . . . . . . . . . . 5
Configuring the Java plug-in for Mozilla family browsers . . . . . . 6
Installing a Web Tools license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Installing a Web Tools license through telnet. . . . . . . . . . . . . . . . 7
Installing a Web Tools license through a Web site. . . . . . . . . . . . 8
Installing other licenses through the Web . . . . . . . . . . . . . . . . . . 8
Value line licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Opening Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Logging in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Logging out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Administrative domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Admin Domains and switch WWN. . . . . . . . . . . . . . . . . . . . . . . . 14
Admin Domains and zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Role-Based Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Session management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Ending a Web Tools session . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Requirements for IPv6 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Web Tools Administrator’s Guide
53-1000606-01
i
Chapter 2
Using the Web Tools Interface
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Viewing Switch Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Fabric Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Changing the Admin Domain context . . . . . . . . . . . . . . . . . . . . . 20
Switch View buttons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Switch View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Switch Events and Switch Information . . . . . . . . . . . . . . . . . . . . 22
Displaying tool tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Refresh rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Displaying switches in the fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Working with Web Tools: recommendations . . . . . . . . . . . . . . . . . . . 25
Chapter 3
Managing Fabrics and Switches
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Managing fabrics and switches using Web Tools . . . . . . . . . . . . . . . 27
Opening the Switch Administration window . . . . . . . . . . . . . . . . 29
Refreshing the Switch Administration window. . . . . . . . . . . . . . 29
Opening the telnet window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring IP and netmask information. . . . . . . . . . . . . . . . . . . . . . 30
Configuring a syslog IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Removing a syslog IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Setting Up IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Managing blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Enabling or disabling a blade . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configuring a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Enabling and disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . 34
Changing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Changing the switch domain ID . . . . . . . . . . . . . . . . . . . . . . . . . 35
Viewing and printing a switch report . . . . . . . . . . . . . . . . . . . . . 35
Rebooting the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Performing a fast boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Performing a reboot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Changing system configuration parameters . . . . . . . . . . . . . . . . . . . 36
Configuring fabric settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Enabling insistent domain ID mode . . . . . . . . . . . . . . . . . . . . . . 38
Configuring virtual channel settings. . . . . . . . . . . . . . . . . . . . . . 38
Configuring arbitrated loop parameters . . . . . . . . . . . . . . . . . . . 39
Configuring system services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring signed firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Managing licensed features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Activating a license on a switch . . . . . . . . . . . . . . . . . . . . . . . . . 41
Removing a license from a switch . . . . . . . . . . . . . . . . . . . . . . . 41
Administering High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Launching the High Availability Window . . . . . . . . . . . . . . . . . . . 42
Synchronizing Services on the CP. . . . . . . . . . . . . . . . . . . . . . . . 43
Initiating a CP Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
ii
Web Tools Administrator’s Guide
53-1000606-01
Monitoring events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Displaying Fabric Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Displaying Switch Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Filtering Fabric and Switch Events . . . . . . . . . . . . . . . . . . . . . . . 46
Filtering events by event severity levels . . . . . . . . . . . . . . . . . . . 47
Filtering events by message ID . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Filtering events by service component . . . . . . . . . . . . . . . . . . . . 48
Displaying a fabric summary report. . . . . . . . . . . . . . . . . . . . . . . . . . 48
Displaying the Name Server entries . . . . . . . . . . . . . . . . . . . . . . . . . 49
Printing the Name Server entries . . . . . . . . . . . . . . . . . . . . . . . . 50
Displaying detailed Name Server information for a particular device
50
Displaying the zone members of a particular device . . . . . . . . 51
Physically locating a switch using beaconing . . . . . . . . . . . . . . . . . . 51
Chapter 4
Maintaining Configurations and Firmware
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Maintaining configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Creating a backup of a configuration file . . . . . . . . . . . . . . . . . . 54
Restoring a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Performing a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuring interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 5
Managing Your Ports
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Viewing and managing ports using Web Tools . . . . . . . . . . . . . . . . . 61
Opening the Port Administration window . . . . . . . . . . . . . . . . . . 61
Port Administration window components. . . . . . . . . . . . . . . . . . 63
Identifying controllable ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring FC ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring FCIP ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring GbE ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Assigning a name to a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Enabling and disabling a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Persistent enabling and disabling ports . . . . . . . . . . . . . . . . . . . . . . 70
Enabling and disabling NPIV ports. . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Enabling NPIV ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Disabling NPIV ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Enabling and disabling QoS ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Enabling QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Disabling QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Activating ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Enabling Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . 73
Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . . . 73
Reserving and releasing licenses on a port basis . . . . . . . . . . . 73
Web Tools Administrator’s Guide
53-1000606-01
iii
Swapping port index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Swapping ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Determining if a port index has been swapped with another switch
port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Chapter 6
Administering ISL Trunking
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
About Interswitch Link Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Viewing trunk group information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Disabling or reenabling trunking mode on a port . . . . . . . . . . . . . . . 78
Chapter 7
Managing Administrative Domains
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
About administrative domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . . . 81
User-defined Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
System-defined Admin Domains. . . . . . . . . . . . . . . . . . . . . . . . . 82
Admin Domain membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Enabling administrative domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Using the Admin Domain window. . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Opening the Admin Domain window. . . . . . . . . . . . . . . . . . . . . . 86
Refreshing fabric information . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Refreshing Admin Domain information . . . . . . . . . . . . . . . . . . . 86
Saving local admin domain changes . . . . . . . . . . . . . . . . . . . . . 87
Closing the Admin Domain window . . . . . . . . . . . . . . . . . . . . . . 87
Creating and populating domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Activating or deactivating an Admin Domain . . . . . . . . . . . . . . . 90
Managing administrative domains . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Adding and removing members . . . . . . . . . . . . . . . . . . . . . . . . . 91
Renaming Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Deleting Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Chapter 8
Administering Zoning
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Introducing zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configuring zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Opening the Zone Administration window . . . . . . . . . . . . . . . . . 96
Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . . . 96
Managing zoning with Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Refreshing fabric information . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Refreshing Zone Administration window information . . . . . . . . 99
Saving local zoning changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Closing the Zone Administration window . . . . . . . . . . . . . . . . .100
Select a zoning view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
iv
Web Tools Administrator’s Guide
53-1000606-01
Managing zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Creating and populating zone aliases . . . . . . . . . . . . . . . . . . .101
Adding and removing members of a zone alias. . . . . . . . . . . .102
Renaming zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Deleting zone aliases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Managing zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Creating and populating zones . . . . . . . . . . . . . . . . . . . . . . . . .103
Adding and removing members of a zone . . . . . . . . . . . . . . . .104
Renaming zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Copying zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Deleting zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Managing zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Creating zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . .106
Adding or removing zone configuration members. . . . . . . . . . 107
Renaming zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . 107
Copying zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Deleting zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . .108
Enabling zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . .108
Disabling zone configurations. . . . . . . . . . . . . . . . . . . . . . . . . .109
Displaying enabled zone configurations. . . . . . . . . . . . . . . . . .109
Displaying zone configuration summaries . . . . . . . . . . . . . . . .110
Creating configuration analysis reports . . . . . . . . . . . . . . . . . .111
Displaying zones Initiator/Target accessibility . . . . . . . . . . . . .112
Managing the zoning database . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Adding a WWN to multiple aliases and zones . . . . . . . . . . . . .113
Removing a WWN from multiple aliases and zones . . . . . . . .113
Replacing a WWN in Multiple Aliases and Zones . . . . . . . . . .114
Searching for zone members . . . . . . . . . . . . . . . . . . . . . . . . . .114
Clearing the Zoning Database. . . . . . . . . . . . . . . . . . . . . . . . . .114
Using Zoning Wizards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Best practices for zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Interoperability considerations for zoning . . . . . . . . . . . . . . . . . . . . 117
Chapter 9
Monitoring Performance
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Monitoring performance using Web Tools. . . . . . . . . . . . . . . . . . . .119
Predefined performance graphs. . . . . . . . . . . . . . . . . . . . . . . .120
User-defined graphs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Canvas configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Opening the Performance Monitoring window . . . . . . . . . . . . . . . .123
Creating basic performance monitor graphs . . . . . . . . . . . . . . . . .124
Customizing basic monitoring graphs . . . . . . . . . . . . . . . . . . . . . . .124
Creating advanced performance monitoring graphs . . . . . . . . . . .126
Creating SID-DID Performance Graphs . . . . . . . . . . . . . . . . . .126
Creating an SCSI vs. IP Traffic Graph . . . . . . . . . . . . . . . . . . . .127
Creating SCSI Command Graphs . . . . . . . . . . . . . . . . . . . . . . .128
Creating AL_PA Error Graphs. . . . . . . . . . . . . . . . . . . . . . . . . . .129
Web Tools Administrator’s Guide
53-1000606-01
v
Managing performance graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Saving graphs to a canvas. . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Adding graphs to an existing canvas . . . . . . . . . . . . . . . . . . . .130
Printing a single graph. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Printing all graphs in a canvas . . . . . . . . . . . . . . . . . . . . . . . . .130
Modifying graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Chapter 10
Using the FC-FC Routing Service
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Supported switches for fibre channel routing . . . . . . . . . . . . . . . . .133
About fibre channel routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Setting up FC-FC routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Managing FC-FC routing with Web Tools . . . . . . . . . . . . . . . . . . . . .135
Opening the FC Routing module . . . . . . . . . . . . . . . . . . . . . . . .135
Viewing and managing LSAN fabrics . . . . . . . . . . . . . . . . . . . .136
Viewing and configuring EX_Ports . . . . . . . . . . . . . . . . . . . . . . . . . .137
Configuring an EX_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Editing the configuration of an EX_Port . . . . . . . . . . . . . . . . . .139
Configuring FCR router port cost . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Viewing and configuring LSAN zones. . . . . . . . . . . . . . . . . . . . . . . .139
Viewing LSAN Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Configuring the backbone fabric ID . . . . . . . . . . . . . . . . . . . . . . . . .140
Chapter 11
Working With Diagnostic Features
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Managing trace dumps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
How a trace dump is used. . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Setting up automatic trace dump transfers . . . . . . . . . . . . . . .144
Specifying a remote server . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Enabling automatic transfer of trace dumps . . . . . . . . . . . . . .145
Disabling automatic trace uploads. . . . . . . . . . . . . . . . . . . . . .145
Displaying switch information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Viewing detailed fan hardware status . . . . . . . . . . . . . . . . . . .146
Viewing the temperature status . . . . . . . . . . . . . . . . . . . . . . . . 147
Viewing the power supply status. . . . . . . . . . . . . . . . . . . . . . . .148
Checking the physical health of a switch . . . . . . . . . . . . . . . . .148
Interpreting port LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Port icon colors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
LED representations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Brocade 48000 Director LEDs . . . . . . . . . . . . . . . . . . . . . . . . .151
Chapter 12
Administering Fabric Watch
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Introduction to Fabric Watch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Using Fabric Watch with Web Tools . . . . . . . . . . . . . . . . . . . . . . . . .154
Opening the Fabric Watch window . . . . . . . . . . . . . . . . . . . . . .155
vi
Web Tools Administrator’s Guide
53-1000606-01
Configuring Fabric Watch thresholds. . . . . . . . . . . . . . . . . . . . . . . .155
Configuring threshold traits. . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Configuring threshold alarms . . . . . . . . . . . . . . . . . . . . . . . . . .157
Enabling or disabling threshold alarms for individual elements157
Configuring alarms for FRUs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Displaying Fabric Watch alarm information. . . . . . . . . . . . . . . . . . .159
Viewing an alarm configuration Report . . . . . . . . . . . . . . . . . .159
Displaying alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Configuring email notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Configuring the email server on a switch . . . . . . . . . . . . . . . . .160
Configuring the email alert . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Chapter 13
Administering Extended Fabrics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
About extended link buffer allocation . . . . . . . . . . . . . . . . . . . . . . .163
Configuring a port for long distance . . . . . . . . . . . . . . . . . . . . . . . .165
Chapter 14
Administering the iSCSI Target Gateway
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Supported platforms for iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
About the iSCSI service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Common Functions in the iSCSI Target Gateway Admin module168
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Saving Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Setting up iSCSI Target Gateway Services. . . . . . . . . . . . . . . . . . . .170
Launching the iSCSI Target Gateway Admin Module. . . . . . . . 171
Launching the iSCSI Setup wizard . . . . . . . . . . . . . . . . . . . . . .172
Activating the iSCSI Feature . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Configuring the IP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Managing the iSCSI Virtual Targets . . . . . . . . . . . . . . . . . . . . .175
Viewing iSCSI Initiators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Managing Discovery Domains. . . . . . . . . . . . . . . . . . . . . . . . . .178
Configuring CHAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Configuring an iSCSI Fibre Channel Zone . . . . . . . . . . . . . . . .184
Managing and Troubleshooting Accessibility . . . . . . . . . . . . . .186
Chapter 15
Using the Access Gateway
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Introduction to Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Enabling Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Viewing the Access Gateway settings . . . . . . . . . . . . . . . . . . . . . . .188
Modifying the port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Creating port groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Defining custom primary and secondary mapping . . . . . . . . .190
Changing Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . .191
Path Failover and failback policies . . . . . . . . . . . . . . . . . . . . . .192
Modifying Path Failover and failback policies . . . . . . . . . . . . .192
Enabling Automatic Port Configuration (APC) . . . . . . . . . . . . .192
Web Tools Administrator’s Guide
53-1000606-01
vii
Chapter 16
Routing Traffic
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
About routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Viewing FSPF routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Configuring dynamic load sharing . . . . . . . . . . . . . . . . . . . . . . . . . .194
Specifying frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Configuring the link cost for a port . . . . . . . . . . . . . . . . . . . . . . . . .195
Chapter 17
Using the FCIP Tunneling Service
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Understanding the FCIP Tunneling Service . . . . . . . . . . . . . . . . . . .197
FCIP Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
FCIP-related features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
IKE/IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Configuring an FCIP interswitch/interfabric link . . . . . . . . . . . . . . .199
Configuring an IKE or IPSEC Policy . . . . . . . . . . . . . . . . . . . . . .199
Configuring Virtual Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Interfaces, Routes, and Tunnels . . . . . . . . . . . . . . . . . . . . . . . .201
Enabling Persistently Disabled Ports . . . . . . . . . . . . . . . . . . . .203
Managing the FCIP tunneling service . . . . . . . . . . . . . . . . . . . . . . .203
Managing IP Interfaces for a GbE Port . . . . . . . . . . . . . . . . . . .203
Managing IP Routes for a GbE Port . . . . . . . . . . . . . . . . . . . . .205
Managing FCIP Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
Chapter 18
Configuring Standard Security Features
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Creating and maintaining user-defined accounts. . . . . . . . . . . . . .209
Viewing account information. . . . . . . . . . . . . . . . . . . . . . . . . . .211
Creating user-defined accounts . . . . . . . . . . . . . . . . . . . . . . . .211
Deleting user-defined accounts . . . . . . . . . . . . . . . . . . . . . . . .213
Changing account parameters . . . . . . . . . . . . . . . . . . . . . . . . .213
Maintaining passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Configuring access control list policies . . . . . . . . . . . . . . . . . . . . . . 217
Creating an SCC, DCC, or FCS policy . . . . . . . . . . . . . . . . . . . . 217
Editing an SCC, DCC, or FCS policy. . . . . . . . . . . . . . . . . . . . . .218
Deleting an SCC, DCC, or FCS policy . . . . . . . . . . . . . . . . . . . .218
Activating an SCC, DCC, or FCS policy . . . . . . . . . . . . . . . . . . .219
Distributing an FCS policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
Moving an FCS policy switch position. . . . . . . . . . . . . . . . . . . .219
Configuring an authentication policy . . . . . . . . . . . . . . . . . . . . . . . .219
Configuring authentication policies for E-Ports . . . . . . . . . . . .220
Configuring authentication policies for F-Ports . . . . . . . . . . . .220
Distributing authentication policies . . . . . . . . . . . . . . . . . . . . .220
Re-authenticating policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . .221
Setting a shared secret key pair . . . . . . . . . . . . . . . . . . . . . . . .221
Modifying a shared secret key pair . . . . . . . . . . . . . . . . . . . . . .222
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Setting SNMP Trap Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Configuring SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . .223
viii
Web Tools Administrator’s Guide
53-1000606-01
Managing RADIUS service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Enabling and Disabling RADIUS Service . . . . . . . . . . . . . . . . .226
Configuring the RADIUS Service . . . . . . . . . . . . . . . . . . . . . . . .227
Modifying the RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . .227
Modifying the RADIUS Server Order . . . . . . . . . . . . . . . . . . . . .228
Removing a RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Managing Active Directory service . . . . . . . . . . . . . . . . . . . . . . . . . .228
Enabling Active Directory service . . . . . . . . . . . . . . . . . . . . . . .228
Modifying Active Directory service . . . . . . . . . . . . . . . . . . . . . .229
Removing Active Directory service . . . . . . . . . . . . . . . . . . . . . .229
Chapter 19
Administering FICON CUP Fabrics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
About FICON CUP fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Enabling port-based routing on the Brocade 4100, 5000, and 48000
232
Enabling or disabling FMS mode . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Configuring FMS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Displaying code page information . . . . . . . . . . . . . . . . . . . . . . . . . .234
Viewing the control device state. . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Configuring CUP port connectivity . . . . . . . . . . . . . . . . . . . . . . . . . .236
Viewing CUP Port Connectivity Configurations. . . . . . . . . . . . .236
Creating or Editing CUP Port Connectivity Configurations. . . .237
Activating a CUP Port Connectivity Configuration . . . . . . . . . .238
Copying a CUP Port Connectivity Configuration . . . . . . . . . . . .238
Deleting a CUP Port Connectivity Configuration . . . . . . . . . . .239
Chapter 20
Limitations
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
General Web Tools limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Index
Web Tools Administrator’s Guide
53-1000606-01
ix
x
Web Tools Administrator’s Guide
53-1000606-01
About This Document
In this chapter
• Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii
xiii
xiii
xiv
xvi
How this document is organized
This document is organized to help you find the information that you want as quickly and easily as
possible.
The document contains the following components:
• Chapter 1, “Introducing Web Tools”, provides some basic information about the Web Tools
interface, including system requirements and installation instructions.
• Chapter 2, “Using the Web Tools Interface”, describes the components of the Web Tools
interface.
• Chapter 3, “Managing Fabrics and Switches”, provides information on how to manage your
fabric and switches using the Web Tools interface.
• Chapter 4, “Maintaining Configurations and Firmware”, provides information about uploading
and downloading configuration files and downloading firmware.
• Chapter 5, “Managing Your Ports”, provides information about managing FC and GbE ports.
• Chapter 6, “Administering ISL Trunking”, provides information on managing the optionally
licensed ISL Trunking feature.
• Chapter 7, “Managing Administrative Domains”, provides information on managing Admin
Domains.
• Chapter 8, “Administering Zoning”, provides information on how to use the Brocade Advanced
Zoning feature to partition your storage area network (SAN) into logical groups of devices that
can access each other.
• Chapter 9, “Monitoring Performance”, provides information on how to use the Brocade
Advanced Performance Monitoring feature to monitor your fabric performance.
• Chapter 10, “Using the FC-FC Routing Service,” provides information on using the FC-FC
Routing Service to share devices between fabrics without merging those fabrics.
• Chapter 11, “Working With Diagnostic Features,” provides information about trace dumps,
viewing switch health, and interpreting the LEDs.
Web Tools Administrator’s Guide
53-1000606-01
xi
• Chapter 12, “Administering Fabric Watch,” provides information on how to use the Fabric
Watch feature to monitor the performance and status of switches and alert you when problems
arise.
• Chapter 13, “Administering Extended Fabrics,” provides information on how to configure a port
for long distance.
• Chapter 14, “Administering the iSCSI Target Gateway,” provides information on how to
configure and manage the iSCSI Target Gateway.
• Chapter 15, “Using the Access Gateway,” provides information on how to configure and
manage the Brocade Access Gateway.
• Chapter 16, “Routing Traffic,” provides information on how to configure routes.
• Chapter 17, “Using the FCIP Tunneling Service,” provides information on setting up a Fibre
Channel over Internet Protocol (FCIP) Tunneling Service.
• Chapter 18, “Configuring Standard Security Features,” provides information on managing user
accounts, SNMP, and RADIUS server.
• Chapter 19, “Administering FICON CUP Fabrics,” provides information on how to administer
and manage FICON CUP fabrics. You can enable FMS mode, edit and create configurations,
and edit FMS parameters.
• Chapter 20, “Limitations,” discusses limitations of and provides workarounds for using Web
Tools.
Supported hardware and software
In those instances in which procedures or parts of procedures documented here apply to some
switches but not to others, this guide identifies exactly which switches are supported and which are
not.
Although many different software and hardware configurations are tested and supported by
Brocade Communications Systems, Inc. for 6.0.0, documenting all possible configurations and
scenarios is beyond the scope of this document.
The following hardware platforms are supported by this release of Web Tools:
•
•
•
•
•
•
•
•
•
•
•
•
•
xii
Brocade 200E switch
Brocade 4012
Brocade 4016
Brocade 4018
Brocade 4020
Brocade 4024
Brocade 4100 switch
Brocade 5000 switch
Brocade 4900 switch
Brocade 7500 switch
Brocade 7600 switch
Brocade 48000 director
Brocade DCX Director
Web Tools Administrator’s Guide
53-1000606-01
What’s new in this document
The following changes have been made since this document was last released:
• Information that was added:
- The Access Gateway chapter was updated to provide information about Web Tools support
of Port Group Policy configurations.
-
Support for Active Directory (LDAP) security.
• Information that was changed:
- Screens and procedures were changed to reflect the changes to the interface.
- Various grammatical and typographical changes were made to improve quality
• Information that was removed:
- Information in this guide that was unnecessarily duplicated from Fabric OS Administrator’s
Guide.
For further information, refer to the release notes.
Document conventions
This section describes text formatting conventions and important notice formats used in this
document.
Text formatting
The narrative-text formatting conventions that are used are as follows:
bold text
Identifies command names
Identifies the names of user-manipulated GUI elements
Identifies keywords and operands
Identifies text to enter at the GUI or CLI
italic text
Provides emphasis
Identifies variables
Identifies paths and Internet addresses
Identifies document titles
code text
Identifies CLI output
Identifies command syntax examples
For readability, command names in the narrative portions of this guide are presented in mixed
lettercase: for example, switchShow. In actual examples, command lettercase is often all
lowercase. Otherwise, this manual specifically notes those cases in which a command is case
sensitive.
Notes, cautions, and warnings
The following notices and statements are used in this manual. They are listed below in order of
increasing severity of potential hazards.
Web Tools Administrator’s Guide
53-1000606-01
xiii
NOTE
A note provides a tip, guidance or advice, emphasizes important information, or provides a reference
to related information.
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.
Key terms
For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary.
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online
dictionary at:
http://www.snia.org/education/dictionary
Additional information
This section lists additional Brocade and industry-specific documentation that you might find
helpful.
Brocade resources
To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com
and click Brocade Connect to register at no cost for a user ID and password.
For practical discussions about SAN design, implementation, and maintenance, you can obtain
Building SANs with Brocade Fabric Switches through:
http://www.amazon.com
For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource
Library location:
http://www.brocade.com
Release notes are available on the Brocade Connect Web site and are also bundled with the Fabric
OS firmware.
xiv
Web Tools Administrator’s Guide
53-1000606-01
Other industry resources
• White papers, online demos, and data sheets are available through the Brocade Web site at
http://www.brocade.com/products/software.jhtml.
• Best practice guides, white papers, data sheets, and other documentation is available through
the Brocade Partner Web site.
For additional resource information, visit the Technical Committee T11 Web site. This Web site
provides interface standards for high-performance and mass storage applications for Fibre
Channel, storage management, and other applications:
http://www.t11.org
For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web
site:
http://www.fibrechannel.org
Getting technical help
Contact your switch support supplier for hardware, firmware, and software support, including
product repairs and part ordering. To expedite your call, have the following information available:
1. General Information
•
•
•
•
•
Switch model
Switch operating system version
Error numbers and messages received
supportSave command output
Detailed description of the problem, including the switch or fabric behavior immediately
following the problem, and specific questions
• Description of any troubleshooting steps already performed and the results
• Serial console and Telnet session logs
• syslog message logs
2. Switch Serial Number
The switch serial number and corresponding bar code are provided on the serial number label,
as illustrated below.:
*FT00X0054E9*
FT00X0054E9
The serial number label is located as follows:
• Brocade 200E—On the nonport side of the chassis
• Brocade 4100, 4900, and 7500—On the switch ID pull-out tab located inside the chassis
on the port side on the left
• Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the
switch
Web Tools Administrator’s Guide
53-1000606-01
xv
• Brocade 7600—On the bottom of the chassis
• Brocade 48000—Inside the chassis next to the power supply bays
• Brocade DCX—On the bottom right on the port side of the chassis
3. World Wide Name (WWN)
Use the wwn command to display the switch WWN.
If you cannot use the wwn command because the switch is inoperable, you can get the WWN
from the same place as the serial number, except for the Brocade DCX. For the Brocade DCX,
access the numbers on the WWN cards by removing the Brocade logo plate at the top of the
nonport side of the chassis.
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and
completeness of this document. However, if you find an error or an omission, or you think that a
topic needs further development, we want to hear from you. Forward your feedback to:
documentation@brocade.com
Provide the title and version number of the document and as much detail as possible about your
comment, including the topic heading and page number and your suggestions for improvement.
xvi
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Introducing Web Tools
1
Brocade Web Tools is a graphical user interface (GUI) that enables administrators to monitor and
manage single or small fabrics, switches, and ports from a standard workstation. It is an
optionally-licensed product that runs on Brocade Fabric OS.
Web Tools provides the administrative control point for Brocade Advanced Fabric Services,
including Advanced Zoning, ISL Trunking, Advanced Performance Monitoring, and Fabric Watch.
Web Tools also provides an interface to telnet commands to perform special switch functions and
diagnostics that are available only through the telnet interface.
For some switch models, Web Tools provides a simplified interface, EZSwitchSetup, that allows
less-experienced users to perform basic management tasks. See the EZSwitchSetup
Administrator’s Guide for information about the EZSwitchSetup interface.
In this chapter
This chapter contains the following information:
• System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
• Installing Java on the workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
• Configuring the Java plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
• Installing a Web Tools license. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
• Value line licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
• Opening Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
• Administrative domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
• Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
• Session management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
• Requirements for IPv6 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
System requirements
Before you install Web Tools on your workstation, verify that your switches and workstation meet
the Web Tools requirements listed in this chapter.
Web Tools requires any browser that conforms to HTML version 4.0, JavaScript version 1.0, and
Java Plug-in 1.6.0 or higher.
Web Tools Administrator’s Guide
53-1000606-01
1
1
System requirements
Brocade has certified and tested Web Tools on the platforms shown in Table 1.
TABLE 1
Certified and tested platforms
Operating System
Browser
Java Plug-In
Solaris 10
Firefox 2.0
1.6.0
Linux Red Hat AS4
Firefox 2.0
1.6.0
Windows 2003 Server, SP1
Internet Explorer 7.0
1.6.0
Windows XP, SP2
Internet Explorer 7.0
1.6.0
Operating System
Browser
Java Plug-In
RH Enterprise Linux AS3
Firefox 2.0
1.6.0
Windows 2000, SP4
Firefox 2.0, Internet Explorer 6.0
1.6.0
Windows 2003 Server, SP1
Firefox 2.0, Internet Explorer 6.0
1.6.0
Windows XP, SP2
Firefox 2.0, Internet Explorer 6.0
1.6.0
TABLE 2
Supported platforms
NOTE
Some browsers must be configured to work with Web Tools.
Adequate RAM is required on Windows systems:
• 256 MB or more RAM for fabrics comprising 15 switches or less
• 512 MB or more RAM for fabrics comprising more than 15 switches
A minimum of 8 MB of video RAM is also recommended.
Setting Refresh Frequency for Internet Explorer
Correct operation of Web Tools with Internet Explorer requires specifying the appropriate settings
for browser refresh frequency and process model. Browser pages should be refreshed frequently to
ensure the correct operation of Web Tools.
1. Click Tools > Internet Options in the browser.
2. Click the General tab and click Settings under “Temporary Internet Files.”
3. Click Every visit to the page under “Check for newer versions of stored pages,” as shown in
Figure 1 on page 3.
2
Web Tools Administrator’s Guide
53-1000606-01
System requirements
1
Configure your browser to check
for newer versions of stored pages
every visit to the page.
FIGURE 1
Configuring Internet Explorer
Deleting temporary internet files used by Java applications
For Web Tools so operate correctly, you must delete the temporary internet files used by Java
applications.
1. From the Control Panel, open Java.
2. Click the General tab and click Settings.
FIGURE 2
Temporary Internet Settings dialog box
3. Click the Delete Files button to delete the temporary files used by Java applications.
4. Click OK on the confirmation dialog box.
You can clear the Trace and Log files check box if you want to keep those files.
Web Tools Administrator’s Guide
53-1000606-01
3
1
Installing Java on the workstation
5. Click OK.
6. On the Java Control Panel, click the View button to review the files that are in the Java cache.
If you have deleted all the temporary files, the list is empty.
Installing Java on the workstation
Java Plug-in must be installed on the workstation. If you try to open Web Tools without any Java
Plug-in installed:
• Internet Explorer automatically prompts and downloads the proper Java Plug-in.
• Firefox downloads the most recently released Java Plug-in.
If you try to open Web Tools with an earlier version Java Plug-in installed:
• Internet Explorer might prompt for an upgrade, depending on the existing Java Plug-in version.
• Firefox uses the existing Java Plug-in.
Installing the JRE on your Solaris or Linux client workstation
1. Locate the JRE on the Internet, at the following URL:
http://java.sun.com/products/archive/j2se/5.0_06/index.html
NOTE
This URL points to a non-Brocade Web site and is subject to change without notice.
2. Select JRE 5.0 Update 6.
3. Follow the instructions to install the JRE.
4. Create a symbolic link from this location:
$FIREFOX/plugins/libjavaplugin_oji.so
To this location:
$JRE/plugin/$ARCH/ns600/libjavaplugin_oji.so
Installing patches on Solaris
1. Search for any required patches for your current version of the JRE at the following Web site:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage
NOTE
This URL points to a non-Brocade Web site and is subject to change without notice.
2. Follow the link to download the patch, and exit the browser when done.
3. Install the patch and reboot the system.
4
Web Tools Administrator’s Guide
53-1000606-01
Configuring the Java plug-in
1
Installing the Java plug-in on Windows
1. Click Start Menu > Settings > Control Panel and select the Java Plug-in Control Panel.
2. Click the About tab.
3. Determine whether the correct Java Plug-in version is installed:
• If the correct version is installed, Web Tools is ready to use.
• If no Java Plug-in is installed, point the browser to a switch running Fabric OS 5.2.0 or later
to install JRE 1.5.0_06. Web Tools will guide you through the steps to download the proper
Java Plug-in.
• If an outdated version is currently installed, uninstall it, reboot your personal computer,
re-open the browser, and enter the address of a switch running Fabric OS 5.2.0 or later to
install JRE 1.5.0_06. Web Tools will guide you through the steps to download the proper
Java Plug-in.
Configuring the Java plug-in
If you are managing fabrics with more than 10 switches or 1000 ports, or if you are using the iSCSI
Gateway module extensively, you should increase the default heap size to 256 MB to avoid
out-of-memory errors.
If you are using a Mozilla family browser (Firefox, Netscape), you should set the default browser in
the Java control panel.
The following procedures instruct you in increasing the default heap size in the Java Control Panel
and in setting the default browser.
Configuring the Java plug-in for Windows
1. From the Start menu button, select Settings > Control Panel > Java.
2. Click the Java tab.
Web Tools Administrator’s Guide
53-1000606-01
5
1
Configuring the Java plug-in
FIGURE 3
Java Control Panel
3. In the section Java Applet Runtime Settings, click View
The Java Runtime Settings dialog box appears.
FIGURE 4
Java Runtime Settings
4. Double-click in the Java Runtime Parameters field and type the following information to set the
minimum and maximum heap size:
-Xms256m -Xmx256m
In this example, the minimum and maximum sizes are both 256 MB.
5. Click Apply to apply your settings and close the Java Control Panel.
Configuring the Java plug-in for Mozilla family browsers
1. From the Start menu button, select Settings > Control Panel
2. Click the Advanced tab and expand the Default Java for browsers option.
6
Web Tools Administrator’s Guide
53-1000606-01
Installing a Web Tools license
FIGURE 5
1
Default Java for browsers option
3. Select Mozilla family and click OK.
4. Click Apply to apply your settings and close the Java Control Panel.
Installing a Web Tools license
You can install a Web Tools license either through telnet or over the Web. License keys are provided
on a per-chassis basis, so for products that support multiple logical switches (domains), a license
key applies to all domains within the chassis.
Use the instructions in “Installing a Web Tools license through telnet” to determine whether a
license is already installed on a switch. If a license is not installed, contact your switch supplier to
obtain a license key.
Installing a Web Tools license through telnet
Use the following procedure to determine whether a Web Tools license is installed on your switch
and, if not, install it.
1. Log in to the switch via telnet (see the Fabric OS Administrator’s Guide for more information),
using an account that has administrative privileges.
2. To determine whether a Web Tools license is already installed on the switch, type licenseShow
on the telnet command line.
Web Tools Administrator’s Guide
53-1000606-01
7
1
Installing a Web Tools license
A list displays all the licenses currently installed on the switch:
switch:admin> licenseshow
1A1AaAaaaAAAA1a: ]—This is the license key (excluding the colon). The installed feature is listed below.
Zoning license
1A2AaAbbbBBBA1a:
SES license
1A3AaAbcbBBCC1d:
QuickLoop license
If the Web Tools license is not included in the list or is incorrect, continue with step 3.
3. On the command line, type the following command:
licenseadd key
Where key is the license key value, is case-sensitive, and must be entered exactly as given.
4. Verify that the license was added by typing the following command:
licenseshow
If the Web Tools license is listed, the feature is available. If the license is not listed, repeat
step 3.
Installing a Web Tools license through a Web site
If you open Web Tools from any nonlicensed switch, the software automatically displays the license
dialog box. If the fabric already contains at least one licensed switch, you can use Web Tools to view
and license other switches from the licensed switch.
If you do not have a switch that has a Web Tools license installed on it, Web Tools is active for only
30 days from the date that the switch is activated. After the 30 day period, the Web Tools
functionality is disabled, and error messages appear in the logs and on the console to inform you
that you must have a Web Tools license to access the feature.
1. Open the Web browser and type the IP address of the switch in the Location/Address field:
http://10.77.77.77
2. Press Enter.
If a Web Tools license is already installed on the switch, Web Tools opens. If no license is
installed, a license dialog box appears.
3. If the license dialog box appears, follow the instructions provided.
Installing other licenses through the Web
1. Open the Web browser and type the IP address of the licensed switch in the Location/Address
field:
http://10.77.77.77
2. Press Enter.
3. On Web Tools Switch Explorer, click the switch to which you want to add a license.
4. On the licensing window, follow the instructions that are provided.
8
Web Tools Administrator’s Guide
53-1000606-01
Value line licenses
1
Value line licenses
If your fabric includes a switch with a limited switch license and you are opening Web Tools using
that switch, if the fabric exceeds the switch limit indicated in the license, Web Tools allows a 30-day
“grace period” in which you can still monitor the switch through Web Tools. However, Web Tools will
display warning messages periodically.
These messages warn you that your fabric size exceeds the supported switch configuration limit
and tells you how long you have before Web Tools will be disabled. After the 30-day grace period,
you will no longer be able to open Web Tools from the switch with the limited switch license if that
switch is still exceeding the switch limit.
Web Tools is part of the Fabric OS of a switch. When you open Web Tools on a switch, you can
manage other switches in the fabric that have lower or higher firmware versions. It is important to
note that when accessing these switches you are opening the remote switch’s version of Web
Tools, and the functionality available for those switches might vary.
Opening Web Tools
You can open Web Tools on any workstation with a compatible Web browser installed. For a list of
Web browsers compatible with Fabric OS 6.0.0, see Table 1. Web Tools also supports HTTPS
protocol, if that protocol is enabled for the switch. For more information on enabling the HTTPS
protocol on your switch, see the Fabric OS Administrator’s Guide.
1. Open the Web browser and type the IP address of the licensed switch in the Address field:
http://10.77.77.77
or
https://10.77.77.77
2. Press Enter.
A browser window opens to open Web Tools. A Login dialog box opens. See “Logging in” on
page 10 for more information. The browser window is left open. You can close it anytime after
the Login dialog box appears.
What happens next depends on the switch type:
• For the Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, and 5000 switches, one
of the following opens, depending on the switch configuration:
-
EZSwitchSetup Switch Manager
This interface opens if the switch has already been set up and is configured with
EZSwitchSetup. See the EZSwitchSetup Administrator’s Guide for information about the
EZSwitchSetup interface.
If you want to use Web Tools instead of EZSwitchSetup, click Advanced Management in the
lower-left corner of the window to open the Web Tools interface.
-
Web Tools (see Figure 6 on page 10)
The interface opens if the switch is configured with the command line interface (CLI) or
Web Tools.
Web Tools Administrator’s Guide
53-1000606-01
9
1
Opening Web Tools
• For the Brocade AP7420, the Web Tools—AP Edition interface opens. See the Web Tools—AP
Edition Administrator’s Guide for information on using the Web Tools—AP Edition interface for
the Brocade AP7420.
• For all other switches, the Web Tools interface opens.
This book describes only the Web Tools interface.
FIGURE 6
Web Tools interface
Logging in
When you use Web Tools, you must log in before you can view or modify any switch information.
This section describes the login process.
Prior to displaying the login window, Web Tools displays a security banner (if one is configured for
your switch), which you must accept before logging in. The security banner displays every time you
access the switch.
When you are presented with the login screen you must provide a user name and a password. Your
home Admin Domain is automatically selected. You can choose to log into an Admin Domain other
than your home domain.
NOTE
You must log in before you can view Switch Explorer (shown in Figure 6 on page 10).
1. Click Run on the signed certificate applet
If you select the check box Always trust content from this publisher, the dialog box is not
displayed when you open Web Tools again.
10
Web Tools Administrator’s Guide
53-1000606-01
Opening Web Tools
FIGURE 7
1
Signed applet certificate
2. Click OK in the security banner window, if one appears.
FIGURE 8
Login dialog box
3. On the login dialog box, type your user name.
4. Type the password.
If your current password has expired, you must also provide a new password and confirm the
new password.
Optional: Click Options to select an Admin Domain other than your default home domain.
The Login dialog box displays the Admin Domain options. You do not have an Admin Domain
option if the Access Gateway or Interoperability mode is enabled.
• Click the Home Domain radio button to log in to your default Admin Domain.
• Click the User Specified Domain radio button to log in to another Admin Domain instead of
your home domain. Type the Admin Domain name or number.
Web Tools Administrator’s Guide
53-1000606-01
11
1
Opening Web Tools
FIGURE 9
Login dialog box with Admin Domain options
5. Click OK.
If the user name or password is incorrect, a dialog box displays indicating an authentication
failure.
If you entered valid credentials, but specified an invalid Admin Domain, a dialog box displays
from which you can choose a valid Admin Domain or click Cancel to log in to your home
domain.
FIGURE 10
12
Invalid Admin Domain dialog box
Web Tools Administrator’s Guide
53-1000606-01
Administrative domains
1
Logging out
You can end a Web Tools session either by logging out or by closing Switch Explorer window.
You might be logged out of a session involuntarily, without explicitly clicking the Logout button,
under the following conditions:
•
•
•
•
A physical fabric administrator changes the contents of your currently selected Admin Domain.
Your currently selected Admin Domain is removed or invalidated.
Your currently selected Admin Domain is removed from your Admin Domain list.
You initiate a firmware download from the Web Tools Switch Administration window. In this
case, you are logged out a few minutes later when the switch reboots.
• Your session times out.
Administrative domains
An “administrative domain” (Admin Domain or AD) is a logical grouping of fabric elements that
defines what switches, ports, and devices you can view and modify. An Admin Domain is a filtered
administrative view of the fabric. The logical view presented within an Admin Domain does not hide
fabrics, chassis, switches, and slots; however, the attributes of switch ports and end devices are
filtered based on Admin Domain membership.
Admin Domains permit access to a configured set of users. If a switch is part of an Admin Domain,
then when you log in with an account that has an administrator role, you can perform switch enable
and disable functions and all switch port-level functions such as port enable and port disable. You
cannot perform fabric-wide management, as switch membership within a zone does not provide
zoning rights on the switch ports.
NOTE
Do not confuse an Admin Domain with the domain ID of a switch. They are two different identifiers.
Admin Domains are identified by a numeric ID (0–255) and also by name. This name can be
autogenerated based on the ID (for example AD1 or AD5) or you can specify a more informative
name such as Accounting or Engineering.
AD0 is a special Admin Domain that contains all switches, ports, and devices that have not been
put into other Admin Domains. AD255, another special domain, is an unfiltered view of the entire
physical fabric.
NOTE
Some features work only in AD255 when user-defined domains are present, such as ACL
management.
By default, all fabric elements belong to AD0. In Fabric OS v5.2.0 and higher, a physical fabric
administrator with appropriate permissions can create up to 254 additional Admin Domains and
assign fabric resources to them (see Chapter 7, “Managing Administrative Domains”). Only users
who have been specifically assigned to those domains can view and modify the resources they
contain.
Web Tools Administrator’s Guide
53-1000606-01
13
1
Administrative domains
Admin Domains and login
You are always logged in to an Admin Domain, and you can view and modify only the devices in that
Admin Domain.
You can log in to only one Admin Domain at a time. When you log in, you select the Admin Domain
that you want to manage. You can later change the Admin Domain to which you are logged in.
If you have more than one Admin Domain, one of them will have been specified as your “home
Admin Domain.” Your home Admin Domain is the one you are automatically logged in to unless you
explicitly select a different one. If a home Admin Domain is deleted or deactivated, then by default
you will be logged in to the lowest numbered Admin Domain in your Admin Domain list. A home
Admin Domain, like the Admin Domain list, is a configurable property of a non-default user account.
For default accounts such as admin and user, the home Admin Domain defaults to AD0 and cannot
be changed. For user-defined accounts, the home Admin Domain also defaults to 0 but an
administrator can set the home Admin Domain to any Admin Domain to which the account has
been given access. The Admin Domain list for default admin accounts is 0–255, which gives
automatic access to any Admin Domain as soon as it is created, and makes them physical fabric
administrators. The Admin Domain list for the default user account is AD0 only. The Admin Domain
list property for default accounts also cannot be changed.
A “physical fabric administrator” is an admin role user whose account has access to all Admin
Domains (AD0-255) as soon as they are created. Only physical fabric administrators can create,
modify, delete, and activate or deactivate Admin Domains.
Admin Domains and switch WWN
Admin Domains are treated as fabrics. Because switches cannot belong to more than one fabric,
switch WWNs (world-wide names) are converted so that they appear as unique entities in different
Admin Domains (fabrics).
The switch WWN is in the following format:
10:00:nn:nn:nn:nn:nn:nn
In an Admin Domain context, the switch WWN is converted from NAA=1 to NAA=5 format, with the
Admin Domain number added, using the following syntax:
5n:nn:nn:nn:nn:nn:n9:xx
where xx is the AdminDomain_number.
For example, if the switch WWN is:
10:00:00:60:69:e4:24:e0
then the converted WWN for that switch in AD1 is:
50:06:06:9e:42:4e:09:01
Admin Domains and zoning
Each Admin Domain has its own zone database, with both defined and effective zone
configurations and all related zone objects (zones, zone aliases, and zone members). Within an
Admin Domain, you can configure zoning only with the devices that are present in that Admin
Domain.
14
Web Tools Administrator’s Guide
53-1000606-01
Role-Based Access Control
1
Before you implement Admin Domains, you must set the default zoning mode. See “Enabling
administrative domains” on page 83 for additional information.
You cannot perform any zoning operations from AD255.
Role-Based Access Control
Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the
role the account has been assigned. For each role, there is a set of pre-defined permissions on the
jobs and tasks that can be performed on a fabric and its associated fabric elements.
When you log in to a switch, your user account is associated with a pre-defined role. The role that
your account is associated with determines the level of access you have on that switch and in the
fabric. Following is a description of each of the roles:
admin
You have full access to all of the Web Tools features.
operator
You can perform any actions on the switch that do not affect the stored configuration.
securityadmin
You can perform actions that do not affect the stored configuration.
switchadmin
You can perform all actions on the switch, except the following:
• You cannot modify zoning configurations.
• You cannot create new accounts.
• You cannot view or change account information for any accounts. You can only view
your own account and change your account password.
zoneadmin
You can only create and modify zones.
fabricadmin
You can do everything the Admin role can do except create new users.
basicswitchadmin
You have a subset of Admin level access.
user
You have nonadministrative access and can perform tasks such as monitoring system
activity.
For information about changing user account roles, see “Creating and maintaining user-defined
accounts” on page 209.
Session management
A Web Tools session is the connection between the Web Tools client and its managed switch. A
session is established when you log in to a switch through Web Tools. When you close Switch
Explorer, Web Tools ends the session.
A session remains in effect until one of the following happens:
• You log out
• You close the Switch Explorer window
• The session ends due to inactivity (time out)
A session automatically ends if there has been no information sent to the switch for more than two
hours. Because user key strokes are not sent to the switch until you apply or save the information,
it is possible for your session to end while you are entering information in the interface. For
example, entering a zoning scheme in the Zoning module does not require you to send information
to the switch until you save the scheme.
Web Tools Administrator’s Guide
53-1000606-01
15
1
Requirements for IPv6 support
Web Tools does not display a warning when the session is about to time out. If your session ends
due to inactivity, all Web Tools windows become invalid and you must restart Web Tools and log in
again.
Web Tools enables sessions to both secure and nonsecure switches.
Access rights for your session are determined by your role-based access rights and by the contents
of your selected Admin Domain. After you log in, you can change to a different Admin Domain at any
time; however, you cannot change your role-based permissions.
Ending a Web Tools session
To end a Web Tools session, perform one of the following actions:
• Click Logout in Switch Explorer.
• Click the X in the upper-right corner of Switch Explorer window to close it.
• Close all open Web Tools windows.
NOTE
If you click the Logout button in Switch Explorer, and Web Tools leaves the Temperature, Fan, Power,
or Fabric Event windows open, you must manually close them.
Requirements for IPv6 support
The following list provides requirements for Web Tools IPv6 support:
• In pure IPv6 environment, you must configure DNS maps to IPv6 address of the switch.
• The switch name is required to match DNS name that is mapped to IPv6 address.
• If both IPv4 and IPv6 addresses have been configured, Web Tools uses the IPv4 address to
launch the switch.
• Use a switch that has v5.3.0 or later release firmware to manage a mixed fabric of IPv4 and
IPv6 switches.
• Switches running on version 5.2.0 do not discover IPv6 address-only switches in the same
fabric, until the IPv4 address has been configured.
• An IPv6 address cannot be used to directly launch a switch from a Windows environment; it
can be used in Unix and Linux environment.
• The FCIP wizard does not support IPv6. If IPv6 interfaces, routes, and tunnels are configured
on the switch, the wizard displays them, but does not allow the user to modify them.
16
Web Tools Administrator’s Guide
53-1000606-01
Chapter
2
Using the Web Tools Interface
In this chapter
This chapter contains the following information:
• Viewing Switch Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Displaying tool tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Refresh rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Displaying switches in the fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Working with Web Tools: recommendations . . . . . . . . . . . . . . . . . . . . . . . . .
17
22
24
25
25
Viewing Switch Explorer
The first thing you see when you log in to a switch with Web Tools is Switch Explorer, shown in
Figure 11 on page 18. Switch Explorer is divided into areas that provide access to, and information
about, the switch and fabric:
• The Left Pane provides Tasks and Fabric Tree areas.
The Tasks area lets you perform management, monitoring, and other tasks. The Fabric Tree
displays a list of all the switches in the fabric.
• A menu bar, at the top of the window, provides access to commands and actions. The menu
bar displays the same commands as the left pane of Switch Explorer. If you choose to collapse
the left pane, you still have access to:
• Management tasks, such as zone administration, switch administration, and port
administration.
• Reporting tasks, such as viewing a fabric summary or the status of a switch
• Monitoring tasks, such as viewing fabric events, performance monitoring, and viewing the
temperature or power status.
• Tools tasks, such as opening the telnet window.
• Switch View buttons above Switch View provides access to switch information: status,
temperature, power, and fan data, beaconing, and the legend for the Switch View.
Although clicking a button can open a separate dialog or window which you can perform
management tasks, all access control is established when you first log in to the switch.
Buttons in Switch Explorer are unavailable for two reasons: your account does not have
sufficient privileges to access this feature, or your currently selected Admin Domain does not
meet some condition to access the feature.
• Changing the Admin Domain context is a drop-down field which indicates the administrative
domain you are viewing and allows you to change it.
• Switch View displays an interactive graphic of the switch.
Web Tools Administrator’s Guide
53-1000606-01
17
2
Viewing Switch Explorer
• Switch Events and Switch Information are tabs that allow you to view event information and
switch information, including connectivity, port, zone and other information.
• An indicator bar in the lower-right corner of every module window contains the Admin Domain
you are currently in, the user name with which you logged in to the switch, and the role
associated with your user account.
Use this table with Figure 11 to identify the areas of Switch Explorer.
1
2
3
4
5
6
7
Tasks and Fabric Tree
Menu bar
Switch View buttons
Changing the Admin Domain context
Switch View
Switch Events and Switch Information
Indicator bar
2
1
3
4
5
6
7
FIGURE 11
18
Switch Explorer
Web Tools Administrator’s Guide
53-1000606-01
Viewing Switch Explorer
2
Tasks
The Tasks menu lets you manage, monitor, and perform other tasks.
Management section provides access to:
• Zone administration
Zone information is collected from the selected switch. The icon is displayed only if a Brocade
Advanced Zoning license is installed on the switch. If an ACL-based FCS policy is in effect,
zoning can be administered only from the primary fabric configuration server (FCS) switch. If
the selected switch has a zoning license installed but is not the primary switch, the Zone
Admin icon is displayed but not activated. See “Managing zoning with Web Tools” on page 97
for more information.
•
•
•
•
Switch administration
Port administration
Admin Domain administration
Fabric Watch
NOTE
Some of these functions require a license key to activate them.
Monitor section provides access to
• Fabric events
Fabric events information is collected from the launch switch. See “Monitoring events” on
page 44 for more information.
• Performance monitoring
• Name Server information
Name Server information is collected from the selected switch. See “Displaying the Name
Server entries” on page 49 for more information.
Other section provides access to:
• Fabric summary
Fabric summary information is collected from the selected switch. See “Displaying a fabric
summary report” on page 48 for more information.
• Telnet tools
NOTE
It is important to note that certain Fabric OS features are available only on particular switch types,
and the system displays only the icons that are appropriate for the switch type.
Fabric Tree
Fabric Tree displays all switches in the fabric, even those that do not have a Web Tools license and
that are not owned by your selected Admin Domain. Switches that are not owned by the Admin
Domain are shown in the Fabric Tree with switch status. Fabric Tree does not display switches
segmented before Web Tools was opened.
Web Tools Administrator’s Guide
53-1000606-01
19
2
Viewing Switch Explorer
Use the drop-down menu at the top of the Fabric Tree area to view switches in the Fabric Tree by
switch name, IP address, or WWN. The background color of the switch icon indicates the current
status of the switch. You can hover the cursor over a switch to display the IP address and current
status. To manually refresh the status of a switch within the fabric, right-click the switch in the
Fabric Tree and choose Refresh.
Although Fabric Tree displays all the switches in the fabric, you can manage only the switches that
have a Web Tools license installed. Other switches must be managed through the Fabric OS
command line interface (CLI) or another management application. For information on adding a
Web Tools license to a switch, see “Installing a Web Tools license” on page 7.
Changing the Admin Domain context
The Admin Domain field displays the currently selected Admin Domain and allows you to change to
a different one. All the Admin Domains assigned to you are available in the drop-down menu.
For most administrative tasks you must be in either AD0 or the physical fabric. The following
procedure describes how to change the Admin Domain. This action is referred to as “changing the
Admin Domain context.”
1. Select an Admin Domain from the Admin Domain drop-down menu.
FIGURE 12
Changing the Admin Domain
2. Click OK in the confirmation window.
Switch Explorer refreshes to display the new Admin Domain context. You can monitor progress
using the progress bar.
If there are other windows open, the system displays a list of the open windows. You can
choose to change the Admin Domain which will close all the open windows, or cancel the
action and return to Switch Explorer.
NOTE
The Telnet window, the Fabric Details, and Fabric Events windows are not AD-filtered and do
not need to be closed.
20
Web Tools Administrator’s Guide
53-1000606-01
Viewing Switch Explorer
2
Switch View buttons
The Switch View buttons let you access the following switch information:
•
•
•
•
•
•
Status - click the button to view the status of the switch.
Temperature - click the button to view temperature monitors.
Power - click the button to view power supply information.
Fan - click the button to view the status of the switch fans.
Beaconing.
Legend - click the button to view the legend for the Switch View.
NOTE
For all status displays based on errors per time interval, any errors cause the status to show
faulty until the entire sample interval has passed.
Switch View
The Switch View displays a graphical representation of the selected switch, including a real-time
view of switch and port status. Select a switch in the Fabric Tree to access the Switch View for that
switch. Figure 13 shows an example of a Switch View.
FIGURE 13
Example of a Switch View
Port representations
The ports in the Switch View show the port type. Borders around the accessible ports indicate that
SFP modules are present. A colored border indicates the status of the port; for example, a green
border indicates that the port is connected and traffic is flowing. For example, in Figure 13, port 20
has a border, 21 does not have a border, and 22 has a colored border. Ports that are not accessible
do not display the port type and do not have borders.
The port LEDs in the Switch View match the LEDs on the physical switch; however, the blink rate of
the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical
switch. See “Interpreting port LEDs” on page 150 for more information. Ethernet ports have 2
LEDs.
Right-click a port in Switch View to get a menu from which you can open the Port Administration
window and view detailed information about the port. From Port Administration, you can access
information on all other ports. See Chapter 5, “Managing Your Ports” for more information.
Web Tools Administrator’s Guide
53-1000606-01
21
2
Displaying tool tips
If the selected Admin Domain does not include ownership of some ports that are physically present
on the switch, these ports are represented as black rectangles with horizontal gray bars indicating
they are not accessible. E_Ports are visible in all domains. You cannot open the Port Administration
window by clicking these ports. In Figure 13, only ports 16 through 31 (and not the switch) are
owned by the current Admin Domain, as shown in the figure:
• E_Ports 0, 1, 14, 24, and 25 are shown as online and accessible.
• All other ports in the range from 0 through 15 are shown as inaccessible, with no type
information displayed. If you click the E_Ports in this range, the Port Management module
opens in read-only mode.
• Ports in the range from 16 through 31 are both accessible and controllable. When these ports
(including E_Ports) are clicked, the Port Administration window opens.
NOTE
For the Brocade DCX Director, the Switch View displays the USB and ISL ports and lets you launch
the appropriate applications for them.
Switch View refresh rates
The Switch View display is refreshed at 15 second intervals. However, the initial display of Switch
Explorer might take from 30 to 60 seconds after the switch is booted. Refresh rates are fabric-size
dependent. The larger the fabric, the longer it takes to poll the fabric and refresh the view. F_Port
and L_Port connection changes refresh immediately.
Autorefresh intervals may be not be exactly 15 seconds. The refresh rate varies depending on the
activity in the fabric and on the host system you are using.
Switch Events and Switch Information
Switch Events and Switch Information appear as tab forms under Switch View.
Switch Information View displays switch information such as switch name, status, Fabric OS
version, domain ID, IP address, WWN, and current zone configuration. The information in the
Switch Information View is polled every 60 seconds.
For more information, see “Displaying switch information” on page 146.
Displaying tool tips
If you hover the cursor over most components, the system displays tool tip information about the
component. Figure 14 shows several examples of tool tips.
In Fabric Tree you can hover over a switch to view its type, Ethernet IP, Fibre Channel IP, and status
of the switch.
In Switch View, you can hover over a blade to view the blade ID and its status. It is easier to use the
top of the blade to display the tool tip so that you do not inadvertently display the port tool tips.
When you hover over a port, you can view the port number, port index, port type (E, F, L, or U_Port),
port status (online or offline), and port state (in-sync, no_sync, no light, or no module). If you
right-click the port, the system displays the tool tip information as well as the port world-wide name.
For example, Figure 14 displays the mouseover tool tip for port 19 and the right-click tool tip for
port 30.
22
Web Tools Administrator’s Guide
53-1000606-01
Displaying tool tips
2
When you hover over the Web Tools buttons, the system displays a brief description of the button.
FIGURE 14
Mouseover view of switch information
You can right-click a port to quickly perform some basic port administration tasks, as shown in
Figure 15.
FIGURE 15
Web Tools Administrator’s Guide
53-1000606-01
Right-click menu for ports (from Switch Explorer)
23
2
Refresh rates
• The Port Admin option opens the Port Administration window
• The Port Details option displays read-only information about a port, without opening the Port
Administration window. You can export and copy the information from the Port Details window.
• The Configure option provides another menu of options to allow you to rename, enable, disable
ports, and set persistent enable/disable without opening the Port Administration window.
Refresh rates
Different panels of Web Tools refresh at different rates.
The refresh, or polling, rates listed in this section and throughout the book indicate the time
between the end of one polling and the start of the next, and not how often the screen is refreshed.
A refresh rate of 15 seconds does not ensure that a refresh occurs every 15 seconds. It ensures
that the time between each refresh activity is no more than 15 seconds.
Autorefresh intervals might be not be exactly 15 seconds. The refresh rate varies depending on the
activity in the fabric and on the host system you are using. Following are some variables you should
consider when refreshing the fabric:
• Retrieval time increases when you are in a large fabric as there is more data to fetch from the
switch(s).
• Processor speed of the system you are using may slow down the refresh rate.
• OS-Job Scheduling if you are using a host-system in the data center impacts the refresh rate.
• JVM-Performance can contribute to causing interval differences between what is on-screen
and how long it is actually taking.
For these reasons, the time displayed in the port statistics tab might not be refreshed as expected.
The counter time indicates only that “this statistics data is retrieved from the switch in this time.”
To ensure the correct information, the time field is updated along with the port statistics data after
every refresh.
The refresh rates are different for each module. Table 3 lists polling rates by module. Though these
rates are sample rates, they correctly illustrate variance in the refresh rates throughout Web Tools.
TABLE 3
24
Polling rates
Module
Polling Rate
Name Server
User-defined; 15 sec minimum
Zoning Database
60 sec
Fabric Watch
15 sec
Performance Monitor
30 sec
Port Management
60 sec
FC Routing
30–90 sec, depending on network traffic
Web Tools Administrator’s Guide
53-1000606-01
Displaying switches in the fabric
2
Displaying switches in the fabric
If your fabric has more than one switch, you can open Web Tools from one switch and then access
other switches.
If you open switches running Fabric OS v4.4.x or higher from a fabric tree displayed for a pre-v4.4.x
switch, some features might be disabled.
1. Open Web Tools as described in “Opening Web Tools” on page 9 and log in to the switch.
Switch Explorer is displayed for the switch you logged in to.
2. If the Fabric Tree is not expanded, click the plus sign (+) in the Fabric Tree to view all the
switches in the fabric.
3. Click a switch in the Fabric Tree.
A separate browser window opens and displays the selected switch. (If the launch switch is
running a Fabric OS version earlier than v5.0.1, the selected switch displays in the same
browser window.)
The graphic of the selected switch is displayed in Switch View. Additional switch information is
displayed in the Switch Events and Switch Information.
Working with Web Tools: recommendations
This section lists recommendations for working with Web Tools:
• If you receive an error when saving changes in the Switch Administration window, note the
error messages, refresh the window, and make your changes again. Do not continue making
changes without refreshing the window and determining which changes were saved correctly.
• In a mixed fabric—that is a fabric containing switches and directors running v5.x, v4.x, v3.x, and
v2.x firmware—use the most advanced switches or directors to control the fabric. For example,
use the v5.2.0 switches or directors as the primary FCS, the location to perform zoning tasks,
and the time server (CLI). You should use the most recently released firmware on your
switches.
• If switches are accessed simultaneously from different connections (for example, Web Tools,
CLI, and API), changes from one connection might not be updated to the other, and some
modifications might be lost. Make sure that, when you connect with simultaneous multiple
connections, you do not overwrite the work of another connection.
• Several tasks in Web Tools make fabric-level changes: for example, the tasks in Zone
Administration. When executing fabric-level configuration tasks, wait until you have received
confirmation that the changes are implemented before executing any subsequent tasks. For a
large fabric, this can be up to a few minutes.
• Some data collection and processing operations in the iSCSI Gateway module might take a
long time to complete, especially in large fabrics or fabrics with large numbers of Discovery
Domains and Discovery Domain Sets defined. In most cases, progress bars are provided. Allow
the application a sufficient amount of time (30-40 seconds) to collect and display data before
taking any action or assuming the application is “hanging.”
• A maximum of five simultaneous HTTP sessions to any one switch is recommended. An HTTP
session is considered a Fabric Manager or Web Tools connection to the switch.
Web Tools Administrator’s Guide
53-1000606-01
25
2
26
Working with Web Tools: recommendations
Web Tools Administrator’s Guide
53-1000606-01
Chapter
3
Managing Fabrics and Switches
In this chapter
This chapter contains the following sections:
• Managing fabrics and switches using Web Tools . . . . . . . . . . . . . . . . . . . . .
• Opening the telnet window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring IP and netmask information . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring a syslog IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Managing blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Rebooting the switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Changing system configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . .
• Managing licensed features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Administering High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Monitoring events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Displaying a fabric summary report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Displaying the Name Server entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Physically locating a switch using beaconing . . . . . . . . . . . . . . . . . . . . . . . .
27
29
30
31
32
34
36
36
40
41
44
48
49
51
Managing fabrics and switches using Web Tools
You can perform most of the management tasks described in this chapter through the Switch
Administration window. Information in the Switch Administration window is retrieved from the
selected switch.
If the switch is not a member of the selected Admin Domain, most tabs in the Switch
Administration window display in read-only mode, regardless of what permission level you have.
The User tab is editable because most of the information on it does not require switch membership
in the current Admin Domain.
Web Tools Administrator’s Guide
53-1000606-01
27
3
Managing fabrics and switches using Web Tools
FIGURE 16
Switch Administration window, Switch tab
With the exception of switch time, information displayed in the Switch Administration window is not
updated automatically by Web Tools. To update the information displayed in the Switch
Administration window, see “Refreshing the Switch Administration window” on page 29.
ATTENTION
Most changes you make in the Switch Administration window are buffered, and are not applied to
the switch until you save the changes. If you close the Switch Administration window without saving
your changes, your changes are lost. To save the buffered changes you make in the Switch
Administration window to the switch, click Apply before closing the module or before switching to
another tab. The License tab and the Security Policies tab are exceptions. The changes you make
on these tabs are applied immediately and there is no Apply button.
Some of the management tasks for the Brocade 48000 and Brocade DCX Director are performed
through the High Availability window. This module and the associated tasks are described in
“Administering High Availability” on page 41.
You can also use telnet commands to perform management tasks. See “Opening the telnet
window” on page 29 for information on how to launch a telnet window using Web Tools.
The remainder of this section describes basic Switch Administration window procedures that are
useful for many switch management operations.
28
Web Tools Administrator’s Guide
53-1000606-01
Opening the telnet window
3
Opening the Switch Administration window
Most of the management procedures in this chapter are performed from the Switch Administration
window.
1. Select a switch in Fabric Tree.
The switch is displayed in Switch View.
2. Click Switch Admin in the Manage section of the Tasks menu.
The Switch Administration window opens in basic mode, as shown in Figure 16 on page 28.
The basic mode displays the “basic” tabs and options.
3. To see all the tabs and options, click the Show Advanced Mode button.
Refreshing the Switch Administration window
You can refresh the fabric element information displayed at any time using the following procedure.
Note that when you click a different tab in the Switch Administration window, the information in the
newly selected tab is automatically refreshed.
1. Click the Refresh button on any tabbed page of the Switch Administration window.
Opening the telnet window
When you open a telnet window, the connection is to the IP interface of the switch. For each switch,
you must open a telnet window.
You cannot connect to CP blades that do not have separate IP addresses. Also, you cannot connect
using Web Tools to a CP blade on a director switch even when the blade has an IP address and
supports telnet sessions. See the Fabric OS Command Reference for information about the telnet
commands.
NOTE
Internet Explorer 7.0 default settings disable telnet functionality. If you are using Internet Explorer
7.0, you must make the appropriate changes in the registry to open the telnet window.
1. Select a switch in Fabric Tree.
You are prompted to log in if the OS is version 5.3.0 or greater. Otherwise, the selected switch
appears in the Switch View.
2. Click the Telnet button in the Other section of the Tasks menu.
Web Tools opens two windows: the Telnet window and another HTML-based window which is
used to launch the Telnet window. Click OK to close the HTML-based window. The Telnet
window remains open.
3. In the telnet window, enter your user credentials at the login prompt.
4. To close the session, type exit at the prompt.
Web Tools Administrator’s Guide
53-1000606-01
29
3
Configuring IP and netmask information
Configuring IP and netmask information
When you configure IP and netmask information for the Brocade 48000 and Brocade DCX Director,
you must configure IP and subnet mask information individually.
When you change the Ethernet IP, subnet mask, gateway IP, or Fibre Channel IP and subnet mask
from Web Tools, there is a normal loss of network connection to the switch. If the IP properties have
changed, you must close all current windows and restart Web Tools with the new IP address.
1. Open the Switch Administration window as described on page 29.
2. Click the Network tab.
FIGURE 17
Network tab
3. In the appropriate IP address section, enter an IP address (for example, 10.77.77.77).
Use the IPv4 Address section and/or the IPv6 Address section to specify IP addresses.
4. For the Brocade 48000 directors only:
In the Advanced Configuration area, type valid IP addresses for the Ethernet IP and subnet
mask for CP0 and CP1.
If the Advanced Configuration area is not visible, click the expand arrows
expand the area.
on the right, to
5. Click Apply.
6. Click Close to exit, and then restart Web Tools to continue working.
30
Web Tools Administrator’s Guide
53-1000606-01
Configuring a syslog IP address
3
Configuring a syslog IP address
The syslog IP represents the IP address of the server that is running the syslog process. The syslog
daemon reads and forwards system messages to the appropriate log files and/or users, depending
on the system configuration. When one or more IP addresses are configured, the switch forwards
all error log entries to the syslog on the specified servers. Up to six servers are supported. See
Fabric OS Administrator’s Guide for more information on configuring the syslog daemon.
1. Open the Switch Administration window as described on page 29.
2. Click the Network tab (see Figure 17).
3. In the New IP field, enter an IP address in either IPv4 or IPv6 format, or enter a DNS name.
4. Click Add.
The new IP address is displayed in the Syslog IP area.
5. Click Apply.
Removing a syslog IP address
1. Open the Switch Administration window as described on page 29.
2. Click the Network tab.
3. Select a syslog IP in the table and click Remove.
You can click Clear All to remove all of the syslog IP addresses from the table.
4. Click Apply.
Setting Up IP Filtering
Web Tools provides the ability to control what client IP addresses may connect to a switch or fabric.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Click IPFilter on the Security Policies menu.
4. Click Create Policy.
The Create IP Filter Policy window opens.
5. Enter a policy name, choose a policy type, and then click the Add Rule button.
6. Enter the rule order and source IP address, and modify the service/destination port, protocol,
and action as necessary.
7.
Click OK.
After you create a policy, you can use the controls on this tab to manage the policies:
• The Edit Policy button lets you select an existing policy and make changes to it.
• The Show Policy button lets you view the details of the policy in a read-only window.
• The Delete Policy button lets you delete a policy.
Web Tools Administrator’s Guide
53-1000606-01
31
3
Managing blades
• The Clone Policy button lets you copy a policy. Use this feature when you want to create
similar policies. After you create a clone, you can edit the policy to make the appropriate
changes.
• The Activate Policy button lets you make an existing policy active.
• The Distribute Policy button lets you distribute a policy to various switches.
• The Accepts Distribution check box lets you set the policy to accept or reject distributions.
Managing blades
Web Tools provides the ability to enable and disable blades, and to set slot-level IP addresses for
blades. The procedure in this section applies only to the Brocade 48000 and Brocade DCX Director.
Enabling or disabling a blade
1. Open the Switch Administration window as described on page 29.
2. Click the Blade tab.
The Firmware Version columns display the firmware loaded onto each blade. A blade can have
more than one firmware image loaded onto it.
The Enable Blade column in the Blade tab pane indicates whether the blade is enabled.
FIGURE 18
Blade tab
3. Select the Enable Blade check box for each blade you want to enable. Clear the check box to
disable the blade. You cannot enable or disable the CP blades.
32
Web Tools Administrator’s Guide
53-1000606-01
Managing blades
3
4. Click Apply.
Setting a slot-level IP address
1. Open the Switch Administration window as described on page 29.
2. Click the Blade tab.
3. Click the Set IP address button.
FIGURE 19
Set IP Address dialog box
4. Select a slot number from the drop-down list.
5. Enter the IP address, subnet mask, and Gateway IP address.
6. Select a type from the drop-down list.
7.
Click Add to add the new entry to the table.
When you click the Add button, the values remain in the fields.
8. To delete a configuration, select a row in the table and click the Delete button.
NOTE
Clicking the Add or Delete buttons update the table in the Set IP Address dialog box, but does
not send values to the switch.
9. Click the Apply button to save the values currently shown in the table to the switch or click
Cancel to close the dialog box without saving any of your changes.
To update the switch with your changes, you must update the table using the Add and Delete
buttons, and then click Apply.
Viewing IP addresses
If you want to view the IP addresses configured on the switch for the currently populated slots, use
the Show IP Address button.
Web Tools Administrator’s Guide
53-1000606-01
33
3
Configuring a switch
1. Open the Switch Administration window as described on page 29.
2. Click the Blade tab.
3. Click the Show IP Address button.
FIGURE 20
Show IP Address dialog box
4. Scroll through the list to view all the information.
5. When you are done, click Close.
Configuring a switch
Use the Switch tab of the Switch Administration window to perform basic switch configuration.
Figure 16 on page 28 shows an example of the Switch tab.
Enabling and disabling a switch
You can identify if a switch is enabled or disabled in the Switch Administration window by looking at
the lower-right corner: the
icon means that the switch is enabled, and the
icon means that
the switch is disabled. If you hover the cursor over the icon, the system displays text that indicates
the status of the switch.
1. Open the Switch Administration window as described on page 29.
2. Click the Switch tab.
3. In the Switch Status section, click the Enable radio button to enable the switch or click the
Disable radio button to disable the switch.
4. Click Apply.
The system displays a confirmation window that asks if you want to save the changes to the
switch. You must click Yes to save the changes.
Changing the switch name
Switches can be identified by IP address, domain ID, World Wide Name (WWN), or customized
switch names that are unique and meaningful.
Switch names can be a maximum of 15 characters for Fabric OS v6.0.0. Names must begin with an
alphabetic character, but otherwise can consist of alphanumeric, hyphen, and underscore
characters.
34
Web Tools Administrator’s Guide
53-1000606-01
Configuring a switch
3
NOTE
It is recommended that you customize the chassis name for each switch. Some system messages
identify a switch service by the chassis name, so if you assign meaningful chassis names in addition
to meaningful switch names, logs will be more useful. You change the chassis name using the CLI.
See the Fabric OS Administrator’s Guide for instructions on changing the chassis name.
1. Open the Switch Administration window as described on page 29.
2. Click the Switch tab.
3. Type a new name in the Name field and click Apply.
Changing the switch domain ID
Although domain IDs are assigned dynamically when a switch is enabled, you can request a
specific ID to resolve a domain ID conflict when you merge fabrics.
1. Open the Switch Administration window as described on page 29.
2. Disable the switch, as described in “Enabling and disabling a switch” on page 34.
3. Click the Switch tab.
4. Type a new domain ID in the Domain ID field.
The domain ID is an integer between 1 and 239.
5. Click Apply.
6. Enable the switch, as described in “Enabling and disabling a switch” on page 34.
Viewing and printing a switch report
The switch report includes the following information:
•
•
•
•
•
•
A list of switches in the fabric
Switch configuration parameters
A list of ISLs and ports
Name Server information
Zoning information
SFP serial ID information
To view or print a report:
1. Open the Switch Administration window as described on page 29.
2. Click the Switch tab.
3. Click View Report.
4. In the new window that displays the report, view or print the report using your browser.
Web Tools Administrator’s Guide
53-1000606-01
35
3
Rebooting the switch
Rebooting the switch
When you reboot the switch, the reboot takes effect immediately. Ensure that there is no traffic or
other management on the switch, as traffic is interrupted during the reboot; however, frames are
not dropped. Be sure to save your changes before the reboot, as any changes that were not saved
are lost.
Performing a fast boot
A fast boot reduces boot time significantly by bypassing the power-on self test (POST).
1. Open the Switch Administration window as described on page 29.
2. Click the Fastboot button.
3. On the Fastboot Confirmation window, click Yes to continue.
4. Click Apply.
Performing a reboot
Use the following procedure to reboot the CP and execute the normal power-on booting sequence.
1. Open the Switch Administration window as described on page 29.
2. Click the Reboot button.
3. On the Reboot Confirmation window, click Yes to continue.
4. Click Apply.
Changing system configuration parameters
You must disable the switch before you can configure fabric parameters.
You can change the following system configuration parameters:
•
•
•
•
•
Switch fabric settings
Virtual channel settings
Arbitrated loop parameters
System services
Signed firmware
Configuring fabric settings
1. Open the Switch Administration window as described on page 29.
2. Disable the switch as described in “Enabling and disabling a switch” on page 34.
3. Click the Configure tab.
4. Click the Fabric subtab.
36
Web Tools Administrator’s Guide
53-1000606-01
Changing system configuration parameters
FIGURE 21
3
Configure tab, Fabric subtab
5. Make the fabric parameter configuration changes.
6. Click Apply.
7.
Enable the switch as described in “Enabling and disabling a switch” on page 34.
Fabric settings
Configure the following fabric settings on the Fabric subtab of the Configure tab:
BB Credit
The buffer-to-buffer credit is the number of buffers available to attached devices for frame
receipt. The default BB Credit is 16. The range is 1–27.
R_A_TOV
Resource allocation timeout value (in milliseconds). This variable works with the E_D_TOV
to determine switch actions when presented with an error condition. The default is 10000.
The possible range is (2*E_D_TOV) –120000. Values must be multiples of 1000.
E_D_TOV
Error detect timeout value (in milliseconds). This timer is used to flag a potential error
condition when an expected response is not received within the set time. The valid range
is 1000 - (R_A_TOV/2)
Datafield size
The largest possible data field size (in bytes). The valid range is 256–2112.
Switch PID Format
Sequence Level
Switching
Web Tools Administrator’s Guide
53-1000606-01
Select a switch PID format from one of the following:
Format 1 (0-base, 256 encoding)
Format 2 (16-base, 256 encoding)
•
•
Select this box to enable frames of the same sequence from a particular group to be
transmitted together. When this option is not selected, frames are transmitted interleaved
among multiple sequences. Under normal circumstances, sequence-level switching
should be disabled for better performance. However, some host adapters have issues
when receiving interleaved frames among multiple sequences.
37
3
Changing system configuration parameters
Disable Device Probing Set this mode only if the switch N_Port discovery process (PLOGI, PRLI, INQUIRY) causes
an attached device to fail. When set, devices that do not register with the Name Server are
not present in the Name Server database.
Per-Frame Routing
Priority
Choose whether to select per-frame routing priority. When enabled, the virtual channel ID
is used in conjunction with a frame header to form the final virtual channel ID.
Suppress Class F Traffic Applies only if VC-encoded address mode is also set. When selected, translative
addressing (which allows private devices to communicate with public devices) is disabled.
Insistent Domain ID
Mode
Set this mode to make the current domain ID insistent across reboots, power cycles, and
failovers. This mode is required fabric wide to transmit FICON data.
Enabling insistent domain ID mode
1. Open the Switch Administration window as described on page 29.
2. Disable the switch as described in “Enabling and disabling a switch” on page 34.
3. Click the Configure tab.
4. Click the Fabric subtab.
5. Select the Insistent Domain ID Mode check box.
6. Click Apply.
7.
Enable the switch as described in “Enabling and disabling a switch” on page 34.
Configuring virtual channel settings
You can configure parameters for eight virtual channels (VC) to enable fine-tuning for a specific
application. You cannot modify the first two virtual channels, which are reserved for switch internal
functions.
ATTENTION
The default virtual channel settings have already been optimized for switch performance. Changing
the default values can improve switch performance but can also degrade performance. Do not
change these settings without fully understanding the effects of the changes.
VC Priority specifies the class of frame traffic given priority for a virtual channel.
1. Open the Switch Administration window as described on page 29.
2. Disable the switch as described on page 34.
3. Click the Configure tab.
4. Click the Virtual Channel subtab.
5. Type a value in the VC Priority field you want to change. Valid values for all fields are 2 or 3.
6. Click Apply.
7.
38
Enable the switch as described on page 34.
Web Tools Administrator’s Guide
53-1000606-01
Changing system configuration parameters
3
Configuring arbitrated loop parameters
1. Open the Switch Administration window as described on page 29.
2. Disable the switch as described in “Enabling and disabling a switch” on page 34.
3. Select the Configure tab.
4. Select the Arbitrated Loop subtab.
5. Select or clear the check boxes to enable or disable the corresponding arbitrated loop
parameters.
6. Click Apply.
7.
Enable the switch as described in “Enabling and disabling a switch” on page 34.
Arbitrated loop parameters
Configure the following arbitrated loop parameters on the Arbitrated Loop subtab of the Configure
tab:
Send Fan Frames
Select this check box to specify that fabric address notification (FAN)
frames are sent to public loop devices to notify them of their node ID
and address.
Always Send RSCN
Following the completion of loop initialization, a remote state change
notification (RSCN) is issued when FL_Ports detect the presence of
new devices or the absence of pre-existing devices. Select this check
box to issue an RSCN upon completion of loop initialization, regardless
of the presence or absence of new or pre-existing devices.
Do Not Allow AL_PA 0x00 Select this box to disable 0x00 as an AL_PA value.
Configuring system services
You can enable or disable FCP read link status (RLS) probing for F_Ports and FL_Ports. It is
disabled by default.
1. Open the Switch Administration window as described on page 29.
2. Disable the switch as described in “Enabling and disabling a switch” on page 34.
3. Click the Configure tab and click the System subtab.
4. Select the Disable RLS Probing check box to disable RLS probing. Clear the check box to
enable RLS probing.
5. Click Apply.
6. Enable the switch as described in “Enabling and disabling a switch” on page 34.
Configuring signed firmware
When the firmware is downloaded to a device, the system can validate the firmware based on a
configuration setting. By default, the signed firmware download is not validated.
Web Tools Administrator’s Guide
53-1000606-01
39
3
Managing licensed features
NOTE
During the first download, the system ignores the signed firmware. After the first download, the
public key is downloaded and then, in subsequent downloads, you can turn on the feature.
You can view the public key on the Firmware Download tab in the Switch Administration window.
1. Open the Switch Administration window as described on page 29.
2. Click the Configure tab and click the Firmware subtab.
3. Select the Enable Signed Firmware Download check box.
4. Click Apply.
Managing licensed features
The licensed features currently installed on the switch are listed in the License tab of the Switch
Administration window, as shown in Figure 22. If the feature is listed, it is installed and
immediately available. When you enable some licenses, such as ISL Trunking, you might need to
change the state of the port to enable the feature on the link.
FIGURE 22
License tab
Use the links above the table to export data, copy data, or search the table.
40
Web Tools Administrator’s Guide
53-1000606-01
Administering High Availability
3
Activating a license on a switch
Before you can unlock a licensed feature, you must obtain a license key. You can either use the
license key provided in the paperpack document supplied with switch software or see the Fabric
OS Administrator’s Guide for instructions on how to obtain a license key at the Brocade Web site
(www.brocade.com).
NOTE
Some licenses (for example, Trunking) do not take effect until the switch is rebooted.
1. Open the Switch Administration window as described on page 29.
2. Click the License tab and click Add.
The Add License dialog box displays.
3. Paste or type a license key in the field.
4. Click Add License.
5. Click Refresh to display the new licenses in the License tab.
Removing a license from a switch
You can remove a license from a switch in the Switch Administration window.
ATTENTION
Use care when removing licenses. If you remove a license for a feature, that feature will no longer
work. Removing the Web Tools license from a switch makes that switch unavailable from Web Tools.
1. Open the Switch Administration window as described on page 29.
2. Click the License tab.
3. Click the license you want to remove.
4. Click Remove.
Administering High Availability
High-Availability (HA) features provide maximum reliability and nondisruptive replacement of key
hardware and software modules. High Availability is available only on the Brocade 48000 and
Brocade DCX Director. See the Fabric OS Administrator’s Guide for additional information about
High Availability.
The High Availability module (see Figure 23 on page 42) displays information about the status of
the HA feature on the Brocade 48000 and Brocade DCX Director and each CP, and enables you to
perform CP failover.
The background color of the HA button indicates the overall status of high availability on the switch.
The colors and their meanings are as follows:
• Green—Healthy: HA Status is “Non-Disruptive Failover Ready”
• Yellow—Disruptive mode HA Status is “Disruptive Failover Ready”
• Red—HA is unavailable: HA Status is “Non-Redundant”
Web Tools Administrator’s Guide
53-1000606-01
41
3
Administering High Availability
Admin Domain considerations
HA is possible if the switch is a member of the current Admin Domain. If switch is not a member of
current Admin Domain, the Synchronize Services and Initiate Failover buttons are unavailable.
Launching the High Availability Window
1. Select a Brocade 48000 or Brocade DCX Director from the Fabric Tree.
The selected director appears in the Switch View.
2. Click the HA button in the Switch View.
The High Availability window opens.
FIGURE 23
High Availability window, CP tab
Note that the highlight color of the HA Status at the top of the module is the same as the
background color of the HA button.
The High Availability window contains two tabs:
• The Service tab displays information about the switch. When the hardware is configured as a
dual switch, the Service tab displays information about both switches.
• The CP tab displays information about slot 5 and slot 6.
In the Service tab, you can click the Detail button for the standby CP to get additional status.
The High Availability window is not refreshed automatically. Click Refresh to update the information
displayed in the High Availability window.
42
Web Tools Administrator’s Guide
53-1000606-01
Administering High Availability
3
Admin Domain considerations
To open the High Availability window, the switch has to be a member of the Admin Domain you are
currently logged in to. If the switch is not a member of the current Admin Domain, the Synchronized
Services and Initiate Failover buttons are unavailable.
Synchronizing Services on the CP
A nondisruptive CP failover is only possible when all the services have been synchronized between
both CPs.
1. Open the High Availability window as described in “Launching the High Availability Window” on
page 42.
2. Verify that HA Summary field displays Non-Disruptive Failover Ready.
If the HA Status field displays Non-Disruptive Failover Ready, you are done.
If the HA Status field displays Disruptive Failover Ready, continue with step 3.
3. Click the Synchronize Services button.
The Warning dialog box displays.
4. Click Yes and wait for the CPs to complete a synchronization of services, so that a
nondisruptive failover is ready.
5. Click Refresh to update the HA Status field.
When the HA Status field displays Non-Disruptive Failover Ready, a failover can be initiated
without disrupting frame traffic on the fabric.
Initiating a CP Failover
A nondisruptive failover might take about 30 seconds to complete. During the failover, all of the
Web Tools windows and all associated child-windows are invalidated. You must close all Web Tools
windows and open Web Tools again.
1. Open the High Availability window as described in “Launching the High Availability Window” on
page 42.
2. Verify that the HA Status field displays Non-Disruptive Failover Ready or Disruptive Failover
Ready.
3. Click Initiate Failover.
The Warning dialog box displays.
4. Click Yes to initiate a nondisruptive failover.
5. When prompted, close the Web Tools Switch Explorer window and all associated windows, and
re-open Web Tools.
Web Tools Administrator’s Guide
53-1000606-01
43
3
Monitoring events
Monitoring events
Web Tools displays fabric-wide and switch-wide events. Event information includes sortable fields
for the following:
•
•
•
•
•
•
•
•
Switch name
Message number
Time stamp
Indication of whether the event is from a logical switch or a chassis
The number of successive events of the same kind
Severity level
Unique message identifier (in the form moduleID-messageType)
Detailed error message for root cause analysis
There are four message severity levels: Critical, Error, Warning, and Info. Table 4 lists the event
message severity levels displayed on the Switch Events tab and in the Fabric Events window, and
explains what qualifies event messages to be certain levels.
On the Switch Events tab and in the Fabric Events window, you can click the Filter button to launch
the Filter Events dialog box. The Filter Events dialog box allows you to define which events should
be displayed on the Switch Events tab or in the Fabric Events window. For more information on
filtering events, see “Filtering Fabric and Switch Events” on page 46.
TABLE 4
Event Severity Levels
Icon and Level Description
Critical
Critical-level messages indicate that the software has detected serious
problems that will eventually cause a partial or complete failure of a subsystem
if not corrected immediately; for example, a power supply failure or rise in
temperature must receive immediate attention.
Error
Error-level messages represent an error condition that does not impact overall
system functionality significantly. For example, error-level messages might
indicate timeouts on certain operations, failures of certain operations after
retries, invalid parameters, or failure to perform a requested operation.
Warning
Info
Warning-level messages highlight a current operating condition that should be
checked or it might lead to a failure in the future. For example, a power supply
failure in a redundant system relays a warning that the system is no longer
operating in redundant mode and that the failed power supply needs to be
replaced or fixed.
Information-level messages report the current nonerror status of the system
components; for example, the online and offline status of a fabric port.
Displaying Fabric Events
Events are displayed for all switches in the fabric in the Fabric Events window. Fabric events are not
automatically polled. You must click Refresh in the Fabric Events window to poll fabric events.
44
Web Tools Administrator’s Guide
53-1000606-01
Monitoring events
3
Fabric Events can be collected only for switches that have the same security level (http or https) as
the launch switch. For switches with a different level of security from the launch switch, a message
at the top of the window indicates how many switches have no events reported from the last
polling.
1. Click a fabric in the Fabric Tree.
2. Click Fabric Events in the Monitor area under Tasks.
The Fabric Events window opens.
FIGURE 24
Fabric Events window
You can click the column head to sort the events by a particular column, and drag the column
divider to resize a column. You can also right-click a column heading to resize one or all
columns, sort the information in ascending or descending order, or choose which columns are
displayed.
You can also filter events, as described in “Filtering Fabric and Switch Events” on page 46.
Displaying Switch Events
The Switch Events tab displays a running log of events for the selected switch (see Figure 25 on
page 46). Switch events are polled and updated every 15 seconds, so there is no
refresh-on-demand option for switch events, as there is for the fabric events.
For two-switch configurations, all chassis-related events are displayed in the event list of each
logical switch for convenience.
1. Click the switch from the Fabric Tree.
The Switch View appears.
2. Click the Switch Events tab, if necessary.
Web Tools Administrator’s Guide
53-1000606-01
45
3
Monitoring events
FIGURE 25
Switch Events tab
You can click the column head to sort the events by a particular column, and drag the column
divider to resize a column. You can also right-click a column heading to resize one or all
columns, sort the information in ascending or descending order, or choose which columns are
displayed.
Filtering Fabric and Switch Events
You can filter the fabric and switch events by time, severity, message ID, and service. You can apply
either one type of filter at a time or multiple types of filters at the same time. Click the Filter button
to display the Event Filter dialog box (see Figure 26 on page 47).
When a filter is applied, the filter information appears at the bottom of the filtered information and
the Show All link is available to allow you to view the information unfiltered.
NOTE
For two-switch configurations, click the Events button for a given switch to automatically filter out the
switch service events from the other switch. Chassis service is shown in both events lists.
1. Open the Fabric Events window or the Switch Events tab as described in “Displaying Fabric
Events” on page 44 or “Displaying Switch Events” on page 45.
2. Click Filter.
46
Web Tools Administrator’s Guide
53-1000606-01
Monitoring events
3
The Event Filter dialog box appears.
FIGURE 26
Event Filter dialog box
3. To filter events within a certain time period:
a.
Select the From check box and enter the start time and date in the fields.
b.
Select the To check box and enter the finish time and date in the fields.
4. To filter events beginning at a certain date and time, select the From check box and enter the
start time and date.
5. To filter events up until a certain date and time, select the To check box and enter the finish
time and date.
6. Click OK.
The filter is enabled and the window is refreshed to show the filtered information.
Filtering events by event severity levels
1. Open the Fabric Events window or the Switch Events tab as described in “Displaying Fabric
Events” on page 44 or “Displaying Switch Events” on page 45.
2. Click Filter.
The Event Filter dialog box appears.
3. Check Level.
4. Check the event levels you want to display.
5. Click OK.
The filter is enabled and the window is refreshed to show the filtered information.
Web Tools Administrator’s Guide
53-1000606-01
47
3
Displaying a fabric summary report
Filtering events by message ID
1. Open the Fabric Events window or the Switch Events tab as described in “Displaying Fabric
Events” on page 44 or “Displaying Switch Events” on page 45.
2. Click Filter.
The Event Filter dialog box appears.
3. Select Message ID.
4. Type the message IDs in the associated field.
You can enter multiple message IDs as long as you separate them by commas. You can type
either the full message ID (moduleID-messageType) or a partial ID (moduleID only). The
message ID filtering is case-sensitive.
5. Click OK.
The filter is enabled and the window is refreshed to show the filtered information.
Filtering events by service component
1. Open the Fabric Events window or the Switch Events tab as described in “Displaying Fabric
Events” on page 44 or “Displaying Switch Events” on page 45.
2. Click Filter.
The Event Filter dialog box appears.
3. Check Service.
The event service drop-down menu is enabled.
4. Select either Switch or Chassis from the drop-down menu to show only those messages from
the logical switch or from the chassis.
5. Click OK.
The filter is enabled and the window is refreshed to show the filtered information.
Displaying a fabric summary report
A fabric summary report lists all of the domains in the fabric and the active paths for each domain.
A sample fabric summary report is shown in Figure 27 on page 49.
1. Click Fabric Summary in the Other section of the Tasks menu.
The Fabric Summary window appears.
2. Click the Print button to print a topology report.
A Print button is located at the top and bottom of the report. Both buttons have the same
function.
48
Web Tools Administrator’s Guide
53-1000606-01
Displaying the Name Server entries
FIGURE 27
3
Fabric Summary report
Displaying the Name Server entries
Web Tools displays Name Server entries listed in the Simple Name Server database (see Figure 28
on page 50). This includes all Name Server entries for the fabric, not only those related to the local
domain. Each row in the table represents a different device.
Admin Domain considerations: The Name Server table is filtered based on Admin Domain
membership of the fabric devices. The Name Server table shows only devices that are part of the
Admin Domain you are currently logged in to. This includes devices that are direct members of the
Admin Domain and devices that are attached to ports that are direct members of the Admin
Domain. All other fabric devices are filtered out of the Name Server view for the current Admin
Domain. See “Admin Domain membership” on page 83 for information about direct and indirect
members.
1. Click Name Server in the Monitor section of the Tasks menu.
The Name Server window appears.
Web Tools Administrator’s Guide
53-1000606-01
49
3
Displaying the Name Server entries
FIGURE 28
Name Server window
You can click the column head to sort the events by a particular column, and drag the column
divider to resize a column. You can also right-click a column heading to resize one or all
columns, sort the information in ascending or descending order, or choose which columns are
displayed.
2. To set an autorefresh rate, select the Auto Refresh check box in the Name Server window, and
type an auto-refresh interval (in seconds).
The minimum (and default) interval is 15 seconds.
The Name Server entries will refresh at the rate you set.
Printing the Name Server entries
1. Click Name Server in the Monitor section of the Tasks menu.
The Name Server window appears.
2. Click Print.
3. On the Page Setup dialog box, make the changes specific to your printing preferences and click
OK.
The Print dialog box appears.
4. Select a printer and click OK.
Displaying detailed Name Server information for a particular device
1. Click Name Server in the Monitor section of the Tasks menu.
The Name Server window appears.
50
Web Tools Administrator’s Guide
53-1000606-01
Physically locating a switch using beaconing
3
2. Click a device from the Domain column.
3. Click Detail View.
The Name Server Information dialog box displays the information specific to that device.
Displaying the zone members of a particular device
1. Click Name Server in the Monitor section of the Tasks menu.
The Name Server window appears.
2. Click a device from the Domain column.
3. Click Accessible Devices.
The Zone Accessible Devices window displays accessible zone member information specific to
that device.
Physically locating a switch using beaconing
Use the Beacon button to physically locate a switch in a fabric. The beaconing function helps to
physically locate a switch by sending a signal to the specified switch, resulting in an LED light
pattern that cycles through all ports for each switch (from left to right).
NOTE
Switch beaconing is enabled when the switch is owned by the current Admin Domain you are logged
in to or if the account you are logged in with is associated with an administrator role; otherwise,
switch beaconing is disabled.
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View.
2. Click the Beacon button on the Switch View.
The LED lights on the actual switch (selected in the GUI) light up on the physical switch in a
pattern running back and forth across the switch itself. In chassis-based switches, the LED
glows across all the blades. The beaconing is not shown in the GUI.
3. Look at the physical switches in your installation location to identify the switch.
Web Tools Administrator’s Guide
53-1000606-01
51
3
52
Physically locating a switch using beaconing
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Maintaining Configurations and Firmware
4
In this chapter
This chapter contains the following information:
• Maintaining configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
• Performing a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
• Interoperability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Maintaining configurations
This section contains procedures for basic switch configuration maintenance. To perform these
tasks, use the Configure tab and Upload/Download subtab of the Switch Administration window,
shown in Figure 29.
FIGURE 29
Web Tools Administrator’s Guide
53-1000606-01
Configure tab, Upload/Download subtab
53
4
Maintaining configurations
NOTE
USB download is an option only on the Brocade DCX Director.
Admin Domain considerations
When you log in to the switch as a physical fabric administrator and back up a configuration, all
local switch configuration parameters are saved, as well as all Admin Domain membership
information and Admin Domain zone databases.
You should perform these tasks in AD255 or AD0, when no other user-defined Admin Domains
exist, to perform a config upload/download to gather all the configuration files for the fabric,
including Admin Domains and iSCSI Target Gateway information.
When the configuration is backed up one of the following scenarios are possible:
• If the current Admin Domain does not own the switch and you are logged in with any role that
allows config upload/download, the following will be saved in the config file:
• Local zone configuration
• iSCSI configuration (if any)
• No other configuration information
• If the current Admin Domain owns the switch and you are logged in with any role that allows
config upload/download, the following will be saved in the configuration file:
• Local zone configuration
• iSCSI config (if any)
• All other config information except Admin Domain configuration information
• If you invoke it from AD255 and you are logged in with any role that allows config
upload/download), the following will be saved in the configuration file:
• Configuration information for zones in all Admin Domains
• iSCSI configuration (if any)
• All other configuration information, including zoning from all Admin Domains
The filtering depends on the Admin Domain switch ownership, with additional access if you are in
AD255. Access to the command itself is limited by Role-Based Access (RBAC), and not by whether
the current user is a Physical Fabric Administrator or an admin user with enumerated access to the
relevant domains.
Creating a backup of a configuration file
Keep a backup copy of the configuration file in case the configuration is lost or unintentional
changes are made. You should keep individual backup files for all switches in the fabric. You should
avoid copying configurations from one switch to another.
1. Open the Switch Administration window as described on page 29.
2. Click the Configure tab.
3. Click the Upload/Download subtab (see Figure 29).
4. Click the Config Upload radio button.
5. Choose whether the download source is located on the network or a USB device.
54
Web Tools Administrator’s Guide
53-1000606-01
Maintaining configurations
4
When you select the USB radio button, you can specify a firmware path. The USB radio button
is available if the USB is present on the switch.
6. If you selected the network as the configuration file source, type the host IP, user name, file
name, and password.
You can enter the IP address in either IPv4 or IPv6 format.
7.
Type the configuration file with a fully-qualified path.
8. Select a protocol to use to transfer the file.
9. Click Apply.
You can monitor the progress by looking at the Upload/Download progress bar.
Restoring a configuration
Restoring a configuration involves overwriting the configuration on the switch by downloading a
previously saved backup configuration file. Perform this procedure during a planned down time.
Make sure that the configuration file you are downloading is compatible with your switch model.
Configuration files from other model switches might cause your switch to fail.
1. Open the Switch Administration window as described on page 29.
2. Disable the switch, as described in “Enabling and disabling a switch” on page 34.
You can download configurations only to a disabled (offline) switch. You will only be able to
disable the switch if the Admin Domain you are logged into owns the switch.
3. Click the Configure tab.
4. Click the Upload/Download subtab (see Figure 29 on page 53).
5. Click the Config Download to Switch radio button.
6. Choose whether the download source is located on the network or a USB device.
When you select the USB radio button, you can specify only a firmware path. The USB radio
button is available if the USB is present on the switch.
7.
If you selected the network as the configuration file source, type the host IP, user name, file
name, and password.
You can enter the IP address in either IPv4 or IPv6 format.
8. Type the configuration file with a fully-qualified path.
9. Select a protocol to use to transfer the file.
10. Click Apply.
You can monitor the progress by looking at the Upload/Download progress bar.
11. Enable the switch, as described in “Enabling and disabling a switch” on page 34.
Web Tools Administrator’s Guide
53-1000606-01
55
4
Performing a firmware download
Performing a firmware download
During a firmware download, the switch reboots and the browser temporarily loses connection with
the switch. When the connection is restored, the version of the software running in the browser is
different from the new software version that has been installed and activated on the switch. You
will need to close all of the Web Tools windows and log in again to avoid a firmware version
mismatch. Note that for chassis-based switches, you might get popup messages that imply the loss
of connection is temporary and will soon be resolved. You still need to close all windows and re-log
in.
When you request a firmware download, the system first checks the file size that is to be
downloaded. If the compact flash does not have enough space, Web Tools displays a message and
the download does not occur. If this happens, contact your switch support supplier.
NOTE
You can perform a firmware download only when the current Admin Domain owns the switch.
1. Open the Switch Administration window as described on page 29.
2. Click the Firmware Download tab.
FIGURE 30
Firmware Download tab
3. Choose whether you are downloading the firmware or the firmware key.
4. Choose whether the download source is located on the network or a USB device.
56
Web Tools Administrator’s Guide
53-1000606-01
Performing a firmware download
4
When you select the USB radio button, you can specify only a firmware path or directory name.
No other fields on the tab are available. The USB radio button is available if the USB is present
on the switch.
5. Type the host name or IP address, user name, password, and fully qualified path to the file
release.plist.
You can enter the IP address in either IPv4 or IPv6 format.
The path name should follow the structure below:
//<directory>/<fos_version_directory>/release.plist
where the <directory> is the path up to the entry point of <fos_version_directory> and
<fos_version_directory> is where the unzipped version of Fabric OS has been put. For
example:
//directory_1/my_directory/v5.2.0/release.plist
6. Select the protocol type in the Protocol Type field.
If you choose “Secure Copy Protocol (SCP),” you cannot specify “anonymous” in the User field.
7.
Click Apply.
The firmware download begins. You can monitor the progress by looking at the Firmware
Download progress bar.
About halfway through the download process, connection to the switch is lost and Web Tools
invalidates the current session. (Web Tools invalidates all windows if upfront login is enabled.)
8. Close all Web Tools windows and log in again.
If the firmware download is in progress when you log in, you can continue to monitor its
progress.
SAS and SA firmware download for SW7600 and FC4-18 blade platforms
If you are downloading SAS and DMM firmware directly to the blade, you have more options on
the Firmware Download tab, as shown inFigure 31. Also, for Brocade 7600, a collapsible area
appears on the Firmware Download tab to show application firmware information
In addition to specifying the information described in the steps on page 56, you can choose:
•
•
•
•
•
•
•
Whether to download the firmware or the firmware key.
The source of the firmware, network or USB.
The type of firmware you want to be downloaded.
The firmware path. Web Tools displays up to 15 path entries in the Specify Firmware Path field.
To download the firmware even if it is not compatible (skip version check).
To enable removal of application firmware (erase SA).
The blade to be upgraded (by slot).
Web Tools Administrator’s Guide
53-1000606-01
57
4
Interoperability
FIGURE 31
Firmware Download tab for bladed switches
Interoperability
You can use Web Tools configure interoperability. When you turn on interoperability modes, Zone
DB is cleared.
When you turn on McDATA Fabric Mode:
• Switch View displays "McDATA Fabric" in the Interoperability Mode field.
• Brocade FOS switch uses McDATA OUI in the WWN
• For configuration download:
• When downloaded config file has different interoperability mode from what switch has, the
download process will check compatibility on the allergy fields, such as Admin Domain,
SCC/DCC policy, domain ID and zoning.
• Incompatible fields affect the download and Web Tools will issue error messages.
• Domain ID only accepts 1-31
When you turn on McDATA Open Fabric Mode, the following features are not available:
•
•
•
•
58
The FICON CUP tab in the Switch Administration window
Virtual Channel under Configuration tab in the Switch Administration window
Trunking Tab in the Switch Administration window
Port level trunking enable/disable buttons
Web Tools Administrator’s Guide
53-1000606-01
Interoperability
4
• FC Fastwrite feature
• Zone / alias/ cfg operations
Configuring interoperability
When you configure interoperability, Web Tools verifies that the domain ID of the switch fits in the
range for the interoperability mode you choose. The domain ranges are:
•
•
•
•
The normal domain ID range is 1-239.
The McDATA Fabric Mode supports domain ID range is 1-31.
The Open Fabric Mode range is 97-131.
Before making change to the Interoperability mode, Web Tools will check to see if the switch's
domain ID does in fit in the range. If not, there is warning message to ask user to change
Domain ID first when users enable Interoperability Mode.
1. Open the Switch Administration window.
2. Disable the switch, as described in “Enabling and disabling a switch” on page 34.
You can change the interoperability configurations only to a disabled (offline) switch. You will
only be able to disable the switch if the Admin Domain you are logged into owns the switch.
3. Click the Configure tab, and then click the Interoperability subtab.
FIGURE 32
Configure tab, Interoperability tab
4. Select the mode and click Apply.
5. Enable the switch.
Web Tools Administrator’s Guide
53-1000606-01
59
4
60
Interoperability
Web Tools Administrator’s Guide
53-1000606-01
Chapter
5
Managing Your Ports
This chapter describes how to manage FC and gigabit Ethernet (GbE) ports. See “Viewing and
configuring EX_Ports” on page 137 for information on how to view and configure EX_Ports.
In this chapter
This chapter contains the following sections:
• Viewing and managing ports using Web Tools . . . . . . . . . . . . . . . . . . . . . . .
• Configuring ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Assigning a name to a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Enabling and disabling a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Persistent enabling and disabling ports . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Enabling and disabling NPIV ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Activating ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Swapping port index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
65
68
69
70
70
71
74
Viewing and managing ports using Web Tools
You can view and manage ports through the Port Administration window, shown in Figure 33 on
page 62. You access the Port Administration window through the Switch View, by clicking an
accessible port. See “Switch View” on page 21 for information about accessible ports.
The Port Administration window is refreshed automatically every two minutes and is refreshed
immediately when you make any port changes through Web Tools.
To manage ports, you must be logged in with the role of switchadmin, admin, basicswitchadmin,
operator, or fabricadmin. If you are logged in with a user, securityadmin, or zoneadmin role, you can
only view the port information.
Opening the Port Administration window
1. Click an accessible port in the Switch View to open the Port Administration window.
The window opens in basic mode (see Figure 33).
Web Tools Administrator’s Guide
53-1000606-01
61
5
Viewing and managing ports using Web Tools
Click here to display either
FC Ports or GbE Ports
FIGURE 33
Click here to display either
Basic or Advanced Mode
Port Administration window, GigE Ports, Basic mode
The Port Administration window displays information about the ports on the switch. Click the Show
Advanced Mode button in the upper-right corner of the window to see more port management
options (see Figure 33).
FIGURE 34
Port Administration window, FC Ports General tab, Advanced mode
Admin Domain considerations
In fabrics where there are user-defined Admin Domains, the Port Administration window is filtered
to show only ports that are direct or indirect members of the currently selected Admin Domain.
• Direct members are ports that have been directly added to the Admin Domain as members.
62
Web Tools Administrator’s Guide
53-1000606-01
Viewing and managing ports using Web Tools
5
• Indirect members are:
- non-owned ports on a member switch
- non-owned ports to which member devices are attached
• All active ports, as well as any inactive EX_ports are shown.
Port Administration window components
The Port Administration window (shown in Figure 33) has the following components:
• Two tabs on the top left: FC Ports and GigE Ports. If the switch does not have GbE ports, the
GigE Ports tab does not appear.
-
To display all of the FC ports on the switch (physical FC ports and logical FCIP ports), click
the FC Ports tab.
-
To display all of the GbE ports, click the GigEPorts tab.
On the FR4-18i blade, each GbE port can have up to eight logical FCIP ports. These FCIP
ports are displayed in the FC Ports subtab. FC4-16IP GigE ports are also displayed.
• A Ports Explorer tree on the left side. Items in the tree are displayed as follows:
- Switches—Switch ID, with switch name in parentheses; for example, 3(MapsSW_202)
- Blades—Slot number of the blade, with blade ID in parentheses; for example, Slot 7(24)
- Ports—Port number; for example, Port 2
• Button area. The button area contains buttons for all the tasks you can perform on the
selected port. If you select more than one port, buttons are available for only the tasks that you
can perform on all of the selected ports. Buttons are grayed (unavailable) if they are not
applicable to the selected ports.
-
Port information appears in either a table of ports or information about a specific port,
depending on your selection:
-
If you select a slot or switch, the system displays a table of all the ports for the slot or
switch (see Figure 35 on page 65).
-
If you select a port, the system displays detailed information about the port (see
Figure 34).
You can choose to view either Basic mode or Advanced mode, and to view the subtabs
which contain additional information about the port. The available subtabs depend on the
type of port selected.
• When viewing detailed information about a port, Basic mode provides these subtabs:
- General—All ports
• Rename
• Edit Configuration
• Enable/Disable (port)
• Persistent Enable/Persistent Disable (port)
- SFP—Physical ports only (FC and GbE)
• Basic information about the port equipment
Web Tools Administrator’s Guide
53-1000606-01
63
5
Viewing and managing ports using Web Tools
-
Port Statistics—All ports
• Basic port information and statistics
• Advanced port information
Note that on the Port Statistics subtab, you can view either absolute values or deltas for
port statistics. Viewing the deltas is useful if you want to view current port trends. To reset
the counters on the port statistics. click the Clear Counters button.
FCIP statistics for a GbE port are the accumulated statistics of all the FCIP tunnels for that
GbE port.
-
IP Interfaces—GbE ports only
IP Routes—GbE ports only
• When viewing detailed information about a port, the Advanced mode provides these additional
subtabs:
-
General—All ports
•
•
•
•
•
-
Enable/Disable Trunking
Enable/Disable NPIV
Port Swap
Reserve License
Release License
SFP—Physical ports only (FC and GbE)
• Advanced information about the port equipment
-
Port Statistics
• Advanced port statistics
• Error details
• FCIP Tunnels—GbE ports and logical FCIP ports only (not available for the FR4-16IP)
Identifying controllable ports
All ports have a “Controllable” attribute visible from the Advanced Mode, which represents a
combination of the RBAC and Admin Domain permissions. Figure 35 shows the Controllable
attribute.
The Controllable attribute is No in the following situations:
• If your account has read-only permission, all accessible ports display in read-only mode,
regardless of the Admin Domain context. All configuration functionality is disabled.
• Non-owned E_Ports and indirect member ports on non-owned switches are accessible in
read-only mode and are not controllable, regardless of RBAC permissions.
The Controllable attribute is Yes for ports that are directly owned by the current Admin Domain and
for all ports on switches that are owned by the current Admin Domain, if your role gives you Modify
permission for ports. If a port is controllable, all configuration functionality is enabled.
Ports on a non-owned switch that are not E_Ports and are neither direct nor indirect members of
the current Admin Domain are inaccessible and are not displayed in the Port Administration
window.
64
Web Tools Administrator’s Guide
53-1000606-01
Configuring ports
FIGURE 35
5
Port Administration window, Table view
Configuring ports
Web Tools provides wizards to assist you in configuring ports. This section describes how you can
configure FC ports, logical FCIP ports, GbE ports, ICL ports, and NPIV ports.
Configuring FC ports
With the FC Port Configuration wizard, you can configure allowed port types, port speed, and long
distance mode for physical ports.
The following procedure describes how to open the FC Port Configuration wizard. The wizard is
self-explanatory, so the explicit steps are not documented here.
1. Click a port in the Switch View to open the Port Administration window (see Figure 33 on
page 62).
2. Click the FC Ports tab.
Web Tools Administrator’s Guide
53-1000606-01
65
5
Configuring ports
FIGURE 36
FC Port Configuration Wizard, FC ports
3. From the tree on the left, select the port you want to configure.
4. Click the General subtab.
5. Click the Edit Configuration button.
The FC Port Configuration wizard opens. The fields are populated with the current
configuration values.
6. Follow the steps in the wizard.
If you configure a disabled port as an EX_Port, the wizard displays the Enable Port after
configuration check box. If you select the check box, the disabled port is automatically enabled
after configuration; otherwise, the port remains in the same state after configuration.
Allowed Port Types
For FC ports, the Port Administration window displays the following values relating to port type:
Port Type
This is the actual or current port type. If the port is offline, this value is the
allowed types (or U_Port, if no type constraint has been specified). If the port
is online, this value is the type the port has actually negotiated to.
Allowed Port Type
The allowed or configured port type.
The allowed port types indicate any constraints on what types the port can negotiate to when it
comes up. For normal (that is, non-EX_Port) ports, the following are the allowed port types:
66
L_Port
The port can be used to connect a loop device.
F_Port
The port can be used to connect a non-loop device.
E_Port
The port can be used to connect to another switch.
U_Port
For a physical FC port: the port can be any one of E_Port, F_Port, or L_Port.
For a logical FC port: the port can be either VE_Port or VEX_Port.
Web Tools Administrator’s Guide
53-1000606-01
Configuring ports
5
When the wizard prompts you to select allowed port types, if all of these boxes are selected, there
are no constraints on port type. The port will negotiate to its preferred type when the switch comes
up, depending on what type of device or switch it is connected to.
Clearing a check box guarantees that the port will not attempt to function as a port of the
unchecked type. At least one type must remain selected. L-Port and F-Port cannot both be cleared.
An FC port cannot be configured only to an E-Port and L-Port.
NOTE
To configure a port as an EX_Port, the switch must be capable of supporting FCR/FCIP features. The
EX_Port option is disabled in the wizard if the switch does not meet these requirements.
Long distance mode
Port long distance configuration can be performed here and in the Switch Admin Extended Fabric
tab. For information about long distance mode settings, see Chapter 13, “Administering Extended
Fabrics”.
FC Fastwrite
FC Fastwrite reduces the number of round-trip times required to write data.
For Brocade 48000 with FC4-18i, Brocade DCX Director, and 7500 switches, you can enable FC
Fastwrite. When FC Fastwrite is enabled, all GigE port, and FCIP features are disabled.
Configuring FCIP ports
With the FC Port Configuration wizard, you can configure the port type for logical FCIP ports.
Configure the port to be a VE_Port if you want to merge with the remote fabric with which you are
communicating. Configure the port to be a VEX_Port if you want to communicate with a remote
fabric without merging with it.
Admin Domain considerations: You can configure FCIP ports only when the current Admin Domain
owns the switch.
The following procedure describes how to open the FC Port Configuration wizard. The wizard is
self-explanatory, so the explicit steps are not documented here.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. From the tree on the left, select the logical port you want to configure.
4. Click the General subtab.
5. Click the Edit Configuration button.
The FC Port Configuration wizard opens. The fields are populated with the current
configuration values.
6. Follow the steps in the wizard.
For VEX_Ports, you will need to specify the Fabric ID. You can choose any unique fabric ID as
long as it is consistent for all VEX_Ports that connect to the same edge fabric.
Web Tools Administrator’s Guide
53-1000606-01
67
5
Assigning a name to a port
If you configure a disabled port as a VEX_Port, the wizard provides the Enable Port after
configuration check box. If you select this check box, the disabled port is automatically
enabled after configuration. If you leave this check box cleared, the port remains in the same
state after configuration.
Configuring GbE ports
With the GigE Port Configuration wizard, you can configure IP interfaces and IP routes.
For information about setting up iSCSI Target Gateway, see Chapter 14, “Administering the iSCSI
Target Gateway”.
Admin Domain considerations: You can configure GbE ports only when the current Admin Domain
owns the switch.
The following procedure describes how to open the GigE Port Configuration wizard. The wizard is
self-explanatory, so the explicit steps are not documented here.
1. Click a port in the Switch View to open the Port Administration window (see Figure 33 on
page 62).
2. Click the GigE Ports tab.
3. Select the port you want to configure in the tree on the left side of the window.
4. Click Edit Configuration in the task bar.
The GigE Port Configuration wizard opens. The wizard fields are populated with the current
configuration values.
5. Follow the steps in the wizard.
Assigning a name to a port
Port names are optional. You can assign a name to an FC or FCIP port to make port grouping
easier. You can rename FC and FCIP ports too. You cannot rename GbE ports. The Port Name
column in the Ports tab displays the port name, if one exists.
Port names can be from 1 through 32 alphanumeric characters, unless Ficon Management
Server (FMS) mode is enabled; if FMS mode is enabled, port names should be limited from 1
through 24 alphanumeric characters. The comma (,), semicolon (;), and “at” symbol (@) are not
allowed.
NOTE
Although it is not required, it is recommended that port names be unique.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. From the tree on the left, click the switch or slot that contains the port you want to rename.
4. From the table, select the port you want to rename.
5. Click the Rename button.
6. Type a name for the port and click Rename.
68
Web Tools Administrator’s Guide
53-1000606-01
Enabling and disabling a port
5
To delete the existing port name, leave the field blank and click Rename.
Enabling and disabling a port
Use the following procedure to enable or disable a port.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports or GigE Ports tab.
3. From the tree on the left, click the switch or slot that contains the port you want to enable or
disable.
4. From the table, select one or more ports.
Use Shift-click and Ctrl-click to select multiple ports. You can select multiple ports from the
table. You cannot select multiple ports from the tree.
5. Click the Enable or Disable button.
If the button is gray (unavailable), the port is already in the enabled or disabled state. For
example, if the Enable button is unavailable, the port is already enabled.
If you select multiple ports in both enabled and disabled states, both buttons are active. When
you click either button, the action is applied to all selected ports.
6. Click Yes in the confirmation window.
Considerations
You should understand the following limitations and conditions when you are enabling or disabling
a port:
• On FR4-18i and FC4-16IP port blades, all ports are disabled by default. You can disable and
reenable them as needed.
• If FC Routing is disabled, all EX_Ports are automatically disabled and you cannot enable them
until FC Routing is enabled.
• If a port is not licensed you cannot enable it until you install the appropriate license, such as a
Ports on Demand or N-Port ID Virtualization license (see “Activating ports” on page 71 for more
information). The Licensed field located in the General tab in the Port Administration window
indicates whether a port is licensed.
• If you disable a principal ISL port (an ISL port that has been designated by the fabric to be a
part of the path to communicate with the principal switch), the fabric reconfigures.
• If you disable a port that was connected to a device, that device is no longer accessible from
the fabric. For more information, see the Fabric OS Administrator’s Guide.
Web Tools Administrator’s Guide
53-1000606-01
69
5
Persistent enabling and disabling ports
Persistent enabling and disabling ports
Use the following procedure to enable or disable an FC port so that it remains enabled or disabled
across switch reboots.
NOTE
Ports cannot be persistently enabled or disabled when FMS is enabled.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports or GigE Ports tab.
3. From the tree on the left, click the switch or slot that contains the port.
4. From the table, select one or more ports.
Use Shift-click and Ctrl-click to select multiple ports. You can select multiple ports from the
table. You cannot select multiple ports from the tree.
5. Click the Persistent Enable or Persistent Disable button.
If the button is gray (unavailable), the port is already in that state. For example, if the Persistent
Enable button is unavailable, the port or ports are already persistently enabled over reboots.
If you select multiple ports in both enabled and disabled states, both buttons are active. When
you click either button, the action is applied to all selected ports.
6. Click Yes in the confirmation window.
Enabling and disabling NPIV ports
The NPIV license must be installed on a switch before NPIV functionality can be enabled on any
port.
NOTE
NPIV enable/disable is not supported on EX_Ports.
For detailed information about understanding and configuring NPIV ports, see the Fabric OS
Administrator’s Guide. With Web Tools, you can only enable or disable the NPIV functionality on a
port.
Enabling NPIV ports
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. From the tree on the left, select the logical port you want to enable.
4. Click the Enable NPIV button.
The button is unavailable if NPIV is already enabled on the port.
70
Web Tools Administrator’s Guide
53-1000606-01
Enabling and disabling QoS ports
5
Disabling NPIV ports
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. From the tree on the left, select the logical port you want to disable.
4. Click the Disable NPIV button.
The button is unavailable if NPIV is already disabled on the port.
Enabling and disabling QoS ports
For detailed information about understanding and configuring QoS ports, see the Fabric OS
Administrator’s Guide. With Web Tools, you can only enable or disable the QoS functionality on a
port.
Enabling QoS
1. Click a port in the Switch View to open the Port Administration window.
2. Click the Show Advanced Mode button.
3. From the tree on the left, select the logical port you want to disable.
4. Click the Enable QoS button.
The button is unavailable if QoS is already enabled on the port.
5. Click Yes on the confirmation window.
Disabling QoS
1. Click a port in the Switch View to open the Port Administration window.
2. Click the Show Advanced Mode button.
3. From the tree on the left, select the logical port you want to disable.
4. Click the Disable QoS button.
The button is unavailable if QoS is already disabled on the port.
5. Click Yes on the confirmation window.
Activating ports
Brocade switches come with a preset number of ports enabled. Additional ports can be enabled
using the Ports on Demand (POD) licenses and the Dynamic Ports on Demand (DPOD) feature (for
supported switches only).
Web Tools Administrator’s Guide
53-1000606-01
71
5
Activating ports
Ports on Demand is ready to be unlocked in the switch firmware. The license might be part of the
licensed Paper Pack supplied with switch software, or you can purchase the license separately
from your switch vendor, who will provide you with a key to unlock it. You can install up to two Ports
on Demand licenses on each switch.
Table 5 shows the ports that are enabled by default and the ports that can be enabled after you
install the first and second Ports on Demand licenses for each switch type, and the ports that can
be enabled with the Dynamic PODs feature.
TABLE 5
Ports Enabled with POD Licenses and DPOD Feature
Switch Name
Enabled by
Default
Enabled with Ports on Demand
License(s)
Enabled with the Dynamic Ports on
Demand Feature
Brocade 200E
0–7
8–11
12–15
Not supported
Brocade 5000
Brocade 4100
0–15
16–23
24–31
Not supported
Brocade 4016
0-7, 10-13
8, 9, 14, 15
Any available ports
Brocade 4018
2-11
12-17
Any available ports
Brocade 4020
0-7, 15, 16
8, 9, 17-19
10-14
Any available ports
Brocade 4024
1-8, 17-20
9-12, 21, 22
0, 13-16, 23
Any available ports
Brocade 4900
0–31
32–47
48–63
Not supported
For the Brocade 4016, 4018, 4020, and 4024 switches only, you can use the Dynamic Ports on
Demand (DPOD) feature, which allows you to choose which ports to enable (instead of predefined
sets of ports) after the POD license(s) is installed. Web Tools allows you only to enable or disable
the DPOD functionality on a port. To configure DPOD, see the Fabric OS Administrator’s Guide.
In the Port Administration window, the Licensed attribute indicates whether a port is licensed (yes),
whether it can be license (possible) because there are free licenses available (only applicable with
the Dynamic POD feature), or whether it is not licensed and cannot be licensed because there is no
available license.
After the license keys are installed, you must enable the ports. You can do so without disrupting
switch operation, as described in “Enabling and disabling a port” on page 69. Alternatively, you can
disable and reenable the switch to activate all ports as described in “Enabling and disabling a
switch” on page 34.
To unlock a Ports on Demand license, you can use the supplied license key or generate a license
key. If you need to generate a key, open an Internet browser and go to the Brocade Web site at
www.brocade.com. Click Products > Software License Keys and follow the instructions to generate
the key.
Enabling Ports on Demand
1. Install the Brocade Ports on Demand licensed product. For instructions, see “Activating a
license on a switch” on page 41.
2. Enable the ports as described in “Enabling and disabling a port” on page 69.
72
Web Tools Administrator’s Guide
53-1000606-01
Activating ports
5
If you remove a Ports on Demand license, the licensed ports are disabled after the next platform
reboot or the next port deactivation.
Enabling Dynamic Ports on Demand
You must be logged in as Admin to enable or disable the Dynamic PODs feature.
NOTE
The Dynamic PODs feature is supported on the Brocade 4018, 4020, and 4024 switches only. If you
click the Enable DPOD button on an unsupported switch, an error message displays.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports or GigE Ports tab.
3. From the tree on the left, click the switch or the slot that contains the port.
4. Click the Enable DPOD button to enable the licensing mechanism to be dynamic. If the button
says Disable DPOD, the licensing mechanism is already set to dynamic.
The existing POD associations and assignments are set as the initial Dynamic POD
associations.
Two fields are displayed:
• Available Licenses indicate the number of free licenses. These can be allocated for
any port.
• Total Licenses indicate the total number of licenses.
Disabling Dynamic Ports on Demand
NOTE
Disabling DPODs causes traffic disruption. Any prior port associations and assignments are lost the
next time the switch is rebooted.
You must be logged in as Admin to enable or disable the Dynamic PODs feature.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports or GigE Ports tab.
3. From the tree on the left, click the switch or the slot that contains the port.
4. Click the Disable DPOD button to set the licensing mechanism to static. If the button displays
Enable DPOD, the licensing mechanism is already set to static.
Reserving and releasing licenses on a port basis
You must be logged in as Admin to reserve and release licenses.
NOTE
If the Admin Domains feature is enabled, the Dynamic POD configuration is only applied to the ports
if the switch is a member of the current Admin Domain.
The Dynamic PODs feature is supported on the Brocade 4018, 4020, and 4024 switches only.
Web Tools Administrator’s Guide
53-1000606-01
73
5
Swapping port index
You must disable the port or switch before reserving or releasing a license.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports or GigE Ports tab.
3. From the tree on the left, click the switch or the slot that contains the port.
The License column identifies the port license status:
• If the port has a license allocated, the License field contains the value Yes.
• If the port does not have a license allocated and there are no free licenses that can be
allocated, the License field contains the value No.
• If the port does not have a license allocated and there are licenses that can be
allocated to the port, the License field contains the value Possible.
You can reserve or release a license on any port that has a license allocated.
To reserve a license, click Reserve License in the Port Administration window.
To release a license, click Release License in the Port Administration window.
Swapping port index
If a port malfunctions, or if you want to connect to different devices without having to re-wire your
infrastructure, you can move traffic from one port to another (swap ports) without changing the I/O
Configuration Data Set (IOCDS) on the mainframe computer.
When you perform a port swap, Web Tools automatically disables the two ports, swaps the area
IDs, and enables the ports.
Swapping ports
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. Click the Advanced button.
4. From the tree on the left, select the port you want to swap.
5. Click the Port Swap button.
6. Type the number of the port with which you want to swap the current port. If the port is on a
blade, you must also provide the slot number.
7.
Click Swap.
Determining if a port index has been swapped with another switch port
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. Click the Advanced button.
4. From the tree on the left, select the port you want to swap.
5. Click the General tab.
74
Web Tools Administrator’s Guide
53-1000606-01
Swapping port index
5
The Port Index attribute on the General tab indicates whether a port has been swapped. For
ports that have been swapped, the attribute name displays as Port Index (Swapped), as shown
in Figure 37. The value indicates with which port index the port has been swapped.
FIGURE 37
Web Tools Administrator’s Guide
53-1000606-01
Swapping a Port Index
75
5
76
Swapping port index
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Administering ISL Trunking
6
In this chapter
This chapter contains the following information:
• About Interswitch Link Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
• Viewing trunk group information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
• Disabling or reenabling trunking mode on a port . . . . . . . . . . . . . . . . . . . . . 78
About Interswitch Link Trunking
Interswitch link (ISL) trunking optimizes network performance by forming trunking groups that can
distribute traffic across a shared bandwidth.
A trunking license is required on each switch that participates in the trunk. For details on obtaining
and installing licensed features, see “Managing licensed features” on page 40. For additional
information about ISL Trunking, see the Fabric OS Administrator’s Guide.
Use the Trunking tab of the Switch Administration window to view trunks through Web Tools (see
Figure 38).
Web Tools Administrator’s Guide
53-1000606-01
77
6
Viewing trunk group information
FIGURE 38
Trunking tab
Viewing trunk group information
Use this procedure to display the following information about ISL Trunking groups:
• Trunk group number identifier
• Master port
• Member ports
1. Open the Switch Administration window as described on page 29.
2. Click the Trunking tab.
3. Optional: Click Refresh to refresh the information.
Disabling or reenabling trunking mode on a port
When the trunking license is activated, trunks are automatically established on eligible ISLs and
trunking capability is enabled by default on all ports. Use the following procedure to disable
trunking on a port or to reenable trunking if it has been disabled.
Trunking is not supported on logical ports, GbE ports, or EX_Ports.
78
Web Tools Administrator’s Guide
53-1000606-01
Disabling or reenabling trunking mode on a port
6
1. Click a port in the Switch View to open the Port Administration window (see Figure 33 on
page 62).
2. Click the FC Ports tab.
Trunking mode does not apply to GbE ports.
3. From the tree on the left, click the switch name or slot name.
4. From the table, select the port that you want to trunk.
You can select multiple ports from the table. You cannot select multiple ports from the tree.
Trunking mode does not apply to logical ports.
5. Choose the Advanced Mode of Ports Admin.
If the button is unavailable, the port is already in that state.
6. Click Yes in the confirmation window.
Admin Domain considerations
You can enable and disable trunking for a port only when the current Admin Domain owns the
switch. You can log into a switch that is not in your Admin Domain, but most of the functionality will
be unavailable.
Web Tools Administrator’s Guide
53-1000606-01
79
6
80
Disabling or reenabling trunking mode on a port
Web Tools Administrator’s Guide
53-1000606-01
Chapter
7
Managing Administrative Domains
In this chapter
This chapter contains the following information:
• About administrative domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Enabling administrative domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Using the Admin Domain window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Creating and populating domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Managing administrative domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
81
83
83
88
91
About administrative domains
Using administrative domains (Admin Domains or ADs), you can partition the fabric into logical
groups and allocate administration of these groups to different user accounts so that these
accounts manage only the Admin Domains assigned to them and do not make changes to the rest
of the fabric. The ability to assign an Admin Domain to a specific user account is performed in the
User tab of the Switch Administration window and not in the Admin Domain window.
You can create domains that are grouped together based on the type of members in the domain.
For example, you can create Admin Domains based on the type of switches in your fabric using the
WWN (not to be confused with the Admin Domain number) or put all the devices in a particular
department in the same Admin Domain for ease of administering those devices.
You can have up to 256 Admin Domains in a fabric (254 user-defined and 2 system-defined),
numbered from 0 through 255. Admin Domains are designated by a name and a number. This
document refers to specific Admin Domains using the format “ADn” where n is a number between
0 and 255.
Requirements for Admin Domains
The following are requirements for using administrative domains:
• Admin Domains are supported on fabrics with switches running Fabric OS 5.2.0 or higher.
• You must have a valid Advanced Zoning license to use Admin Domains.
• A fabric running Fabric OS 5.2.0 or higher with a valid zoning license is called an “AD-capable”
fabric.
• To manage Admin Domains, you must be a physical fabric administrator. A physical fabric
administrator is a user with the Admin role and access to all Admin Domains (AD0 through
AD255).
• The default zone mode setting must be set to No Access (see “Enabling administrative
domains” on page 83).
Web Tools Administrator’s Guide
53-1000606-01
81
7
About administrative domains
User-defined Admin Domains
AD1 through AD254 are user-defined Admin Domains. These user-defined Admin Domains can be
created only by a physical fabric administrator in AD255.
System-defined Admin Domains
AD0 and AD255 are special Admin Domains and are present in every AD-capable fabric.
AD0
AD0 is a system-defined Admin Domain that, in addition to containing members you explicitly
added (similar to user-defined Admin Domains), it contains all online devices, switches, and switch
ports that have not been assigned to any user-defined Admin Domain.
AD0 also implicitly contains all devices from switches running Fabric OS versions earlier than 5.2.0,
as they can never be part of an Admin Domain unless and until they are upgraded to v5.2.0 or
higher.
Unlike user-defined Admin Domains, AD0 has an automatic and a fixed membership list.
User-defined Admin Domains have only fixed members.
• Automatic membership list—Contains all devices and switches that have not been assigned to
any other Admin Domain.
• Fixed membership list—Contains all devices and switches that you explicitly add to AD0 and
can be used to force device and switch sharing between AD0 and other Admin Domains.
The Admin Domain window displays the fixed members and not the automatic members, you can
use the View menu to display a list of the automatic members.
AD0 can be managed like any user-defined Admin Domain. The only difference between AD0 and
user-defined Admin Domains is the automatic membership list.
In filtered views, the automatic members of AD0 are considered direct members.
The automatic members of AD0 change dynamically as the membership of other Admin Domains
changes. The fixed members of AD0 are not deleted unless you explicitly remove them.
For example, if you explicitly add DeviceA to AD0 and it is not a member of any other Admin
Domain, then DeviceA is both an automatic and a fixed member of AD0. If you add DeviceA to AD2,
then DeviceA is deleted from the AD0 automatic membership list, but is not deleted from the AD0
fixed membership list. If you then remove DeviceA from AD2, DeviceA is added back to the AD0
automatic membership list (assuming DeviceA is not in any other Admin Domains).
AD0 is useful if you want to share its zone database (called “root zone database”) with a legacy
fabric.
AD255 or physical fabric
AD255 is a virtual domain that contains all devices, switches, and switch ports in the fabric. AD255
presents an unfiltered view of the fabric and is also referred to as the physical fabric. The term
“physical fabric” is used in Web Tools only.
82
Web Tools Administrator’s Guide
53-1000606-01
Enabling administrative domains
7
You can use AD255 to:
•
•
•
•
Manage other Admin Domains.
Get an unfiltered view of the fabric.
Manage ACL and distribution (can be managed in AD0 if no other Admin Domains are present).
Advanced Performance Monitoring (can be managed in AD0 if no other Admin Domains are
present).
You cannot manage zones with AD255, because AD255 does not have a zone database associated
with it.
Admin Domain membership
Switches, ports, and devices can be members of an Admin Domain. Admin Domain members can
be either direct or indirect members.
• Direct members—Devices, switches, and ports that you explicitly add to an Admin Domain.
Direct members are listed in the Admin Domain membership list.
• Indirect port members—Ports that are implicitly added as part of an Admin Domain when any
of the following occurs:
• A device that is connected to a port has been added to the Admin Domain.
• A switch to which the port belongs is a member of the Admin Domain.
• Indirect device members—Devices that are connected to ports that are direct members of an
Admin Domain.
Enabling administrative domains
The default zone mode setting gives your attached devices either All Access to all devices or No
Access to all devices. To begin implementing an Admin Domain structure within a SAN, you must
set the default zone mode to No Access. You must be in AD0 to change the default zone mode.
After the default zone mode has been set to No Access, you cannot change it from the physical
fabric.
Even though the default zone mode access is set to No Access, you can still create and enable
zones within each Admin Domain. These zones are configurable only from the Admin Domain in
which they were created. Indirect port members cannot be zoned.
1. Change the Admin Domain context to AD0. See “Changing the Admin Domain context” on
page 20.
2. Change the Default Zone mode to No Access. See “Setting the default zoning mode” on
page 96.
3. Navigate to AD255 or the physical fabric and begin managing the Admin Domains.
Using the Admin Domain window
You can view and manage Admin Domains through the Admin Domain window, shown in Figure 39.
You access the Admin Domain window by clicking Admin Domain in the Manage section of the
Tasks menu.
Web Tools Administrator’s Guide
53-1000606-01
83
7
Using the Admin Domain window
FIGURE 39
Admin Domain window, summary view
The Admin Domain window displays information about the Admin Domains defined in the fabric. If
you launch the Admin Domain window from AD255 (physical fabric), the window contains
information about the current content of all Admin Domains. If you launch the Admin Domain
window from any other Admin Domain, the module displays the current Admin Domain only.
To manage Admin Domains, you must be logged in with the role of Admin.
ATTENTION
Any changes you make in the Admin Domain window are held in a buffered environment and are not
saved to persistent storage until you explicitly save the changes. If you close the Admin Domain
window without saving your changes, your changes are lost. To save the buffered changes you make
in the Admin Domain window to persistent storage, see “Saving local admin domain changes” on
page 87.
When you are logged into AD0, if a physical fabric administrator modifies the AD configuration from
another session, the changes in the membership might not be visible to you.
When you launch the Admin Domain window and select the parent Admin Domains node in the tree
on the left side of the module, the Admin Domain window displays summary information about all
of the Admin Domains, as shown in Figure 39. You can also select a specific Admin Domain from
the tree to display detailed information about that Admin Domain, as shown in Figure 40. The
detailed view displays summary information as well as information about the online switch, port,
and device members of the selected Admin Domain.
84
Web Tools Administrator’s Guide
53-1000606-01
Using the Admin Domain window
FIGURE 40
7
Admin Domain window, single Admin Domain detail
The Admin Domain window has buttons in a task bar at the top of the window:
•
•
•
•
•
•
New lets you create a new Admin Domain.
Print lets you print the current or effective configuration.
Refresh lets you refresh the information for the entire fabric or a specific Admin Domain.
Apply lets you apply a configuration.
Save lets you save a configuration.
Clear lets you clear the configuration.
The Admin Domain window also contains Export, Copy, and Search links at the top of the each
table. The options are not available if the table does not have any content.
NOTE
You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the
functionality of Export and Copy.
• Click Export to save the contents of the table to a tab-delimited file.
• Click Copy to copy the contents of the table in tab-delimited text format to a file.
• Click Search to search for a specific text string in the table.
A pop-up box appears, as shown in Figure 41.
Web Tools Administrator’s Guide
53-1000606-01
85
7
Using the Admin Domain window
In the pop-up box, type the text string and press Enter. This is an incremental search and allows
24 maximum characters including the wildcards question mark (?) and asterisk (*). The first
row containing the text string is highlighted. To find the next match, press the down arrow. To
find the previous match, press the up arrow. If the text is not found in the table, the text turns
red.
FIGURE 41
Search for a text string in a table
Opening the Admin Domain window
This section describes how to open the Admin Domain window. You use the Admin Domain window
to perform all Admin Domain configuration procedures.
If you want to configure Admin Domains, you must launch the Admin Domain window from the
physical fabric context. If you are in any Admin Domain other than the physical fabric, the module
launches in read-only mode.
1. Select a switch from the Fabric Tree and log in when prompted. The switch must be running
Fabric OS 5.2.0 or higher.
Switch View displays information for the selected switch.
2. If you plan to modify the Admin Domain configuration, from the Admin Domain drop-down
menu, select Physical Fabric.
3. Click Admin Domain in the Manage section of the Tasks menu.
The Admin Domain window opens (see Figure 39).
Refreshing fabric information
When you refresh, the system updates the display of fabric elements only (switches, ports, and
devices). It does not update Admin Domain changes in the Admin Domain window.
This option allows you to refresh the fabric element information displayed at any time.
1. In the Admin Domain window, click Refresh.
The status for the fabric, including switches, ports, and devices is refreshed.
Refreshing Admin Domain information
Any changes you make in the Admin Domain window are saved to a local buffer; they are not
applied to persistent storage until you invoke one of the transactional operations listed in the
Actions menu.
86
Web Tools Administrator’s Guide
53-1000606-01
Using the Admin Domain window
7
You can refresh the Admin Domain information at any time to reflect changes that might have been
made by other users or to back out of current, unsaved work and start again.
ATTENTION
When you refresh the buffered information in the Admin Domain window, any Admin Domain
configuration changes you have made and not yet saved are erased from the buffer and replaced
with the currently enabled Admin Domain information that is saved on the switch.
Use the following procedure to update the information in the Admin Domain window with the
information saved on the switch.
1. In the Admin Domain window, click the drop-down arrow on the Refresh button, and then click
Refresh Admin Domains.
The information in the Admin Domain window is updated with the saved information on the
switch. This action also refreshes the fabric information as described in “Refreshing fabric
information” on page 86. Any unsaved Admin Domain changes are deleted.
Saving local admin domain changes
All information displayed and all changes made in the Admin Domain window are buffered until you
save the changes. That means that any other user looking at the Admin Domain information for the
switch will not see the changes you have made until you save them.
Click Actions> Save AD Configuration to save your changes to persistent storage as the defined
Admin Domain configuration. Click Actions> Apply AD Configuration to save your changes to
persistent storage and make your changes effective in the fabric. These options are not enabled
until you make a change to the Admin Domain configuration.
If another user has an Admin Domain operation in progress at the time that you attempt to save
changes, Web Tools displays a warning to indicate that another Admin Domain transaction is in
progress on the fabric. You can select to abort the other transaction and override it with yours.
This action updates the entire contents of the Admin Domain window, not just the selected Admin
Domain. You can save your changes at any time during the Admin Domain configuration session.
Closing the Admin Domain window
It is very important to remember that any changes you make in the Admin Domain window are not
saved automatically.
1. In the Admin Domain window, click File > Close.
If there are changes in the buffer that have not been saved, a warning appears. Confirm that
you want to close the Admin Domain session without saving the changes.
2. Click Yes to close without saving changes or click No to go back to the Admin Domain window
to save the changes (see “Saving local admin domain changes” on page 87).
Web Tools Administrator’s Guide
53-1000606-01
87
7
Creating and populating domains
Creating and populating domains
Setting up an Admin Domain involves the following steps:
1. Create and activate an Admin Domain.
2. Assign one or more administrators to the Admin Domain. The Admin account always has
access to administer the Admin Domains, even if no other users are assigned (see “Changing
account parameters” on page 213).
When you create an Admin Domain, you can activate the Admin Domain after you finish creating it.
If you activate the Admin Domain, you must click Apply to transfer your changes from the Web Tools
database to the fabric database so that your changes are applied to the fabric.
You can log in to an active Admin Domain. You cannot log in to an Admin Domain that has been
deactivated.
The following procedures provide detailed instructions for creating an Admin Domain and for
activating or deactivating an existing Admin Domain.
Creating an Admin Domain
1. Open the Admin Domain window, as described on page 86.
2. Click New.
The Create Admin Domain wizard opens.
FIGURE 42
Create Admin Domain wizard
3. In the Name area, assign an Admin Domain name.
You can specify a name or let the system assign the name for you.
88
Web Tools Administrator’s Guide
53-1000606-01
Creating and populating domains
7
4. In the ID area, assign an Admin Domain ID.
You can specify an ID or let the system assign the ID for you.
5. In the State area. select the Active check box to activate the Admin Domain when you finish
creating it. This is the default setting.
Clear the Active check box if you want the Admin Domain deactivated when you finish creating
it.
6. Click Next.
7.
In the Membership area, assign members to the Admin Domain by selecting them in the
Available Members section and clicking Add, Add Ports, or Add Devices.
• Select a switch, port, or device in the Available Members tree and click Add to add the
selected element.
Alternatively, you can press the Insert key to add your selections.
• Select a switch or slot and click Add Ports to add all of the ports in the selected switch or
slot.
• Select a switch, slot, or port and click Add Devices to add all of the devices for the selected
element.
Optional: Click the Manual button to add offline devices.
FIGURE 43
Adding members to an Admin Domain
8. Click Next.
The wizard displays a summary of the Admin Domain. Read the summary to verify the Admin
Domain setup is correct.
Web Tools Administrator’s Guide
53-1000606-01
89
7
Creating and populating domains
FIGURE 44
Summary view
9. Click Finish to close the wizard.
10. Click Save to save the new Admin Domain configuration to persistent storage.
11. Click Apply to enforce the new Admin Domain configuration as the effective configuration.
Activating or deactivating an Admin Domain
1. Open the Admin Domain window.
2. From the tree on the left, select the Admin Domain you want to activate or deactivate.
3. Click the Activate button to activate the Admin Domain.
Click the Deactivate button to deactivate the Admin Domain.
4. Click Actions> Save AD Configuration to save the new Admin Domain configuration to
persistent storage.
5. Click Actions> Apply AD Configuration to enforce the new Admin Domain configuration as the
effective configuration.
ATTENTION
When you deactivate an Admin Domain, the members or devices assigned to the domain can
no longer access their hosts or storage unless those devices are part of another Admin
Domain.
When you deactivate an Admin Domain no one can use this Admin Domain to log in to a switch.
90
Web Tools Administrator’s Guide
53-1000606-01
Managing administrative domains
7
Managing administrative domains
This section provide information on how to manage Admin Domains after they have been created.
Adding and removing members
Use the following procedure to add or remove members from an Admin Domain.
1. Open the Admin Domain window.
2. From the tree on the left, select the Admin Domain you want to modify.
3. Click Modify.
The Modify Admin Domain wizard opens on the Membership step.
FIGURE 45
Modify Admin Domain wizard
4. Assign members to the Admin Domain by selecting them in the Available Members section and
clicking Add, Add Ports, or Add Devices.
• Select a switch, port, or device in the Available Members tree and click Add to add the
selected element.
Alternatively, you can press the Insert key to add your selections.
• Select a switch or slot and click Add Ports to add all of the ports in the selected switch or
slot.
• Select a switch, slot, or port and click Add Devices to add all of the devices for the selected
element.
Optional: Click Manual to add offline switches and devices.
Web Tools Administrator’s Guide
53-1000606-01
91
7
Managing administrative domains
5. Remove members from the Admin Domain by selecting them in the Selected Members section
and clicking Remove.
Alternatively, you can press the Delete key to remove selected items.
6. Click Next.
Use the summary to verify that the Admin Domain setup is correct.
7.
Click Finish.
8. Click Actions> Save AD Configuration to save the new Admin Domain configuration to
persistent storage.
9. Click Actions> Apply AD Configuration to enforce the new Admin Domain configuration as the
effective configuration.
Renaming Admin Domains
You can change the name of an Admin Domain, including an auto-assigned ID name.
The Admin Domain name cannot exceed 63 chars and can contain alphabetic and numeric
characters. The only special character allowed is an underscore ( _ ).
NOTE
You cannot rename AD0 or AD255.
1. Open the Admin Domain window.
2. From the tree on the left, select the Admin Domain.
3. Click the Rename button.
4. Enter the new name.
5. Click OK.
6. Click Actions> Save AD Configuration to save the new Admin Domain configuration to
persistent storage.
7.
Click Actions> Apply AD Configuration to enforce the new Admin Domain configuration as the
effective configuration.
Deleting Admin Domains
When you delete an Admin Domain its devices no longer have access to the members of the zones
with which it was associated.
1. Open the Admin Domain window.
2. From the tree on the left, select the Admin Domain.
3. Click Delete.
4. In the confirmation box, click Yes to delete the domain.
The system deletes the Admin Domain.
5. Click Actions> Save AD Configuration to save the new Admin Domain configuration to
persistent storage.
92
Web Tools Administrator’s Guide
53-1000606-01
Managing administrative domains
7
6. Click Actions> Apply AD Configuration to enforce the new Admin Domain configuration as the
effective configuration.
Clearing the Admin Domain configuration
When you clear the Admin Domain configuration, all user-defined Admin Domains are deleted and
all fabric resources (switches, ports, and devices) are returned to AD0.
You cannot clear the Admin Domain configuration if zone configurations exist in any of the
user-defined Admin Domains.
1. Open the Admin Domain window.
2. Click Actions> Clear AD Configuration.
3. In the confirmation dialog box, click Yes to clear the Admin Domain configuration.
Click No to cancel the action.
Web Tools Administrator’s Guide
53-1000606-01
93
7
94
Managing administrative domains
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Administering Zoning
8
This chapter briefly describes zoning and provides the procedures for managing zoning using
Brocade Web Tools.
In this chapter
This chapter contains the following information:
• Introducing zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
• Configuring zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
• Managing zoning with Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
• Managing zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
• Managing zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
• Managing zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
• Managing the zoning database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
• Best practices for zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Introducing zoning
Zoning enables you to partition a storage area network (SAN) into logical groups of devices that can
access each other. For example, you can partition a SAN into two zones, winzone and unixzone, so
that the Windows servers and storage do not interact with UNIX servers and storage.
Zones can be configured dynamically. They can vary in size, depending on the number of
fabric-connected devices, and devices can belong to more than one zone. Because zone members
can access only other members of the same zone, a device not included in a zone is not available
to members of that zone.
When using a mixed fabric—that is, a fabric containing two or more switches running different
fabric operating systems—you should use the switch with the highest Fabric OS level to perform
zoning tasks. See “Best practices for zoning” on page 117 for more recommendations about
zoning.
When zone members are specified by fabric location (domain, area) and other members of the
same zone are specified by device name (node name or port WWN), zone enforcement depends on
Name Server lookups, and the zone is referred to as a “soft zone.”
For more specific information about zoning concepts, see the Fabric OS Administrator’s Guide.
Web Tools Administrator’s Guide
53-1000606-01
95
8
Configuring zoning
Configuring zoning
This section outlines the basic steps for configuring zoning as shown below.
•
•
•
•
•
“Creating and populating zone aliases” on page 101
“Creating and populating zones” on page 103
“Creating zone configurations” on page 106
“Saving local zoning changes” on page 99
“Enabling zone configurations” on page 108
The next section describes the Zone Administration window, in which all of the zoning tasks are
performed. The remainder of this chapter provides procedures for managing zones, zone aliases,
zone configurations, and zone server information.
Opening the Zone Administration window
This section describes how to launch the Zone Administration window, from which all zoning
procedures are performed. You cannot open the Zone Administration window from AD255 (physical
fabric).
1. Select a switch from the Fabric Tree.
2. Click Zone Admin in the Manage section of the Tasks menu.
The Zone Administration window opens (see Figure 46).
Setting the default zoning mode
The default zoning mode defines the device accessibility behavior if zoning is not implemented or if
there is no effective zone configuration. The default zoning mode has two options:
• All Access—All devices within the fabric can communicate with all other devices.
• No Access—Devices in the fabric cannot access any other device in the fabric.
Web Tools supports default zoning on switches running firmware v5.1.0 or higher. Default zoning
on legacy switches (switches running firmware versions prior to v 5.1.0) are not supported. Legacy
switches can use default zoning; however, they cannot manipulate the default zone or default
configuration.
NOTE
If you want to use Admin Domains, you must set the default zoning mode to No Access prior to
setting up the Admin Domains. You cannot change the default zoning mode to All Access if
user-specified Admin Domains are present in the fabric.
1. Open the Zone Administration window (see “Opening the Zone Administration window” on
page 96).
2. Click Zoning Actions> Set Default Mode, and then select the access mode.
96
Web Tools Administrator’s Guide
53-1000606-01
Managing zoning with Web Tools
8
Managing zoning with Web Tools
You can monitor and manage zoning through the Web Tools Zone Administration. Click Zone Admin
to access the Zone Administration window, shown in Figure 46. Zone Administration appears only if
an Advanced Zoning license is installed on the switch.
The information in the Zone Administration window is collected from the selected switch.
If FCS policy is activated in the fabric, zoning can be administered only from the primary FCS
switch. If the selected switch has an Advanced Zoning license installed but is not the primary FCS
switch, the Zone Admin option is displayed but not activated. For specific information on secure
fabrics, see the Secure Fabric OS Administrator’s Guide.
You must be logged into the switch using a user name with one of the following roles associated
with it to make changes to the zoning: zoneAdmin, admin, or fabricAdmin. All other roles allow only
a view or read-only access. Most of the zoning operations are disabled in read-only mode.
A snapshot is taken of all the zoning configurations at the time you launch the Zone Administration
window; this information is not updated automatically by Web Tools. To update this information, see
“Refreshing Zone Administration window information” on page 99.
FIGURE 46
Web Tools Administrator’s Guide
53-1000606-01
Zone Administration window
97
8
Managing zoning with Web Tools
ATTENTION
Any changes you make in the Zone Administration window are held in a buffered environment and
are not updated in the zoning database until you save the changes. If you close the Zone
Administration window without saving your changes, your changes are lost. To save the buffered
changes you make in the Zone Administration window to the zoning database on the switch, see
“Saving local zoning changes” on page 99.
Note the following:
• “Saving” means updating the zoning database on the switch with the local changes from the
Web Tools buffer.
• “Refreshing” means copying the current state of the zoning database on the switch to the Web
Tools buffer, overwriting its current contents.
In the Zone Administration window, all WWNs also display vendor names. In the Member Selection
List panel (see Figure 46), you can right-click port and device nodes to display which aliases the
port or device is a member of. In addition, you can right-click the device nodes and click View
Device Detail to display detailed information about the selected device.
The Member Selection List panel displays both physical and logical FC ports; however, GbE ports
are not supported for zoning. To verify whether you have any unzoned devices, analyze the current
configuration for unzoned and offline devices (for more information see “Creating configuration
analysis reports” on page 111).
The Member Selection List displays virtual initiators if the chassis has an FC4-16IP blade in it; they
are shown under a separate folder icon called Virtual Initiators.
NOTE
TI Zones are not displayed in Web Tools.
Admin Domain considerations: The Member Selection List panel displays a filtered list of ports.
• Direct port members are zoneable and are displayed in the tree.
• Indirect port members to which owned devices are attached are displayed in the tree, but
cannot be added to a zone or alias.
• Direct device members are zoneable and are displayed in the tree.
• Indirect device members (devices that are currently attached to owned ports) are also
zoneable and displayed in the tree. But if such a device is later moved to a non-owned port it
will no longer be displayed or zoneable.
• Switches and blades are displayed only if they contain owned ports or devices, regardless of
switch ownership.
• Ports that are indirect members only because the switch is owned are not displayed.
• When no user- defined Admin Domains are present on the switch, AD0 will show the port
count. If there are user-defined Admin Domains, AD0 does not show port count and the
user-defined AD shows port count.
Refreshing fabric information
This function refreshes the display of fabric elements only (switches, ports, and devices). It does
not affect any zoning element changes or update zone information in the Zone Administration
window. You can refresh the fabric element information displayed at any time.
98
Web Tools Administrator’s Guide
53-1000606-01
Managing zoning with Web Tools
8
1. In the Zone Administration window, click View> Refresh From Live Fabric.
This refreshes the status for the fabric, including switches, ports, and devices.
NOTE
Depending on the role associated with your user name or if the switch is owned by the current
Admin Domain you are logged in to, you may not be able to modify zones or ports in other
Admin Domains.
Refreshing Zone Administration window information
The information displayed in the Zone Administration window is initially a snapshot of the contents
of the fabric zoning database at the time the window is launched. Any changes you make to this
window are saved to a local buffer; but they are not applied to the fabric zoning database until you
invoke one of the transactional operations listed in the Zoning Actions menu.
Any local zoning changes are buffered by the Zone Administration window until explicitly saved to
the fabric. If the fabric zoning database is independently changed by another user or from another
interface (for example, the CLI) while Web Tools zoning changes are still pending, the refresh icon
starts to blink (after a 15–30 second polling delay). You can then choose to refresh the current
Web Tools zoning view to reflect the new, externally changed contents of the fabric zoning
database, in which case any pending local changes are lost, or you can ignore the blinking refresh
icon and save your local changes, overwriting the external changes that triggered the icon to blink.
You can refresh zoning to back out current, unsaved work and start over.
You can refresh the zoning information at any time, either using the refresh icon (whether it is
flashing or not) or from the View menu.
The following procedure updates the information in the Zone Administration window with the
information saved in the zoning database on the switch.
ATTENTION
When you refresh the buffered information in the Zone Administration window, any zoning
configuration changes you have made and not yet saved are erased from the buffer and replaced
with the currently enabled zone configuration information that is saved on the switch.
1. Launch the Zone Administration window as described on page 96.
2. Click View> Refresh Zoning or click the Refresh button.
This refreshes the information in the Zone Administration window with the information in the
switch’s zoning database. This action also refreshes the fabric information as described in
“Refreshing fabric information” on page 98. Any unsaved zoning changes are deleted.
Saving local zoning changes
All information displayed and all changes made in the Zone Administration window are buffered
until you save the changes. That means that any other user looking at the zone information for the
switch will not see the changes you have made until you save them.
Web Tools Administrator’s Guide
53-1000606-01
99
8
Managing zoning with Web Tools
Saving the changes propagates any changes you have made in the Zone Administration window
(buffered changes) to the zoning database on the switch. If another user has a zoning operation in
progress at the time that you attempt to save changes, a warning is displayed that indicates that
another zoning transaction is in progress on the fabric. You can select to abort the other
transaction and override it with yours.
If the zoning database size exceeds the maximum allowed, you cannot save the changes. The
zoning database summary displays the maximum zoning database size (see “Displaying zone
configuration summaries” on page 110).
This action updates the entire contents of the Zone Administration window, not just the selected
zone, alias, or configuration. You can save your changes at any time during the Zone Administration
session.
1. Make the zoning changes in the Zone Administration window.
2. Click Zoning Actions> Save Config Only.
NOTE
If you have made changes to a configuration, you must enable the configuration before the changes
will be effective. To enable the configuration, see “Enabling zone configurations” on page 108.
Closing the Zone Administration window
It is very important to remember that any changes you make in the Zone Administration window are
not saved automatically. It is recommended that you always close the Zone Administration window
from the File menu, as described in the procedure below.
1. From the Zone Administration window, click File> Close.
If any changes exist in the buffer that have not been saved, a warning message dialog box
provides you with the option of saving your changes.
2. Click Yes to close without saving changes, or click No to go back to the Zone Administration
window to save the changes as described in “Saving local zoning changes” on page 99.
Select a zoning view
You can choose how zoning elements are displayed in the Zone Administration window. The zoning
view you select determines how members are displayed in the Member Selection List panel (see
Figure 46). The views filter the fabric and device information displayed in the Member Selection
List for the selected view, making it easier for you to create and modify zones, especially when
creating “hard zones.”
Depending on the method you use to zone, certain tabs might or might not be available in the Zone
Administration window.
There are two views of defining members for zoning:
• Fabric View—Displays the physical hierarchy of the fabric, a list of the attached and imported
physical devices (by WWN), and a list of the FC Virtual Initiators on switches that support iSCSI.
In the Fabric View, you can select ports for port-based zoning or devices for WWN-based
zoning.
100
Web Tools Administrator’s Guide
53-1000606-01
Managing zone aliases
8
• Devices Only—Displays a list of the attached and imported physical devices by WWN. You
cannot select ports for port-based or mixed zoning schemes, nor can you select virtual
initiators for iSCSI FC Zone creation.
1. Launch the Zone Administration window as described on page 96.
2. Click View> Choose Fabric Resources View.
3. Choose the way you want to view the fabric resource and click OK.
Managing zone aliases
An alias is a logical group of port index numbers and WWNs. Specifying groups of ports or devices
as an alias makes zone configuration easier, by enabling you to configure zones using an alias
rather than inputting a long string of individual members. You can specify members of an alias
using the following methods:
• A switch domain and port index number pair, for example, 2, 20
• Device node and device port WWNs
Creating and populating zone aliases
Use the following procedure to create a zone alias.
1. Open the Zone Administration window as described on page 96.
2. Select a format to display zoning members in the Member Selection List as described in
“Select a zoning view” on page 100.
3. Click the Alias tab and click New Alias.
The Create New Alias dialog box displays.
4. On Create New Alias, type a name for the new alias and click OK.
The new alias is displayed in the Name drop-down list.
5. Expand the Member Selection List to view the nested elements.
The choices available in the Member Selection List depend on the selection in the View menu.
6. Click elements in the Member Selection List that you want to include in the alias.
The Add Member button becomes active.
7.
Click Add Member to add alias members.
Selected members move to the Alias Members window.
8. Optional: Repeat steps 6 and 7 to add more elements to the alias.
9. Optional: Click Add Other to include a WWN or port that is not currently a part of the fabric.
10. Click Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Web Tools Administrator’s Guide
53-1000606-01
101
8
Managing zone aliases
Adding and removing members of a zone alias
Use the following procedure to add or remove zone alias members.
1. Open the Zone Administration window as described on page 96.
2. Click the Alias tab.
3. Select the alias you want to modify from the Name drop-down list.
4. Select an element in the Member Selection List that you want to add to the alias, or select an
element in the Alias Members list that you want to remove.
5. Click Add Member to add the selected alias member, or click Remove Member to remove the
selected alias member.
The alias is modified in the Zone Admin buffer. At this point you can either save your changes
or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Renaming zone aliases
The new alias name cannot exceed 64 characters and can contain alphabetic, numeric, and
underscore characters. Use the following procedure to change the name of a zone alias.
1. Open the Zone Administration window as described on page 96.
2. Click the Alias tab and select the alias you want to rename from the Name drop-down list.
3. Click Rename.
The Rename an Alias dialog box appears.
4. Type a new alias name and click OK.
The alias is renamed in the Zone Admin buffer. At this point you can either save your changes
or save and enable your changes.
5. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Deleting zone aliases
You can remove a zone alias from the Zone Admin buffer. When a zone alias is deleted, it is no
longer a member of the zones of which it was once a member.
NOTE
If you delete the only member zone alias, an error message is issued when you attempt to save the
configuration.
1. Open the Zone Administration window as described on page 96.
2. Click the Alias tab.
3. Select the alias you want to delete from the Name drop-down list.
102
Web Tools Administrator’s Guide
53-1000606-01
Managing zones
8
4. Click Delete.
The Confirm Deleting Alias dialog box opens.
5. Click Yes.
The selected alias is deleted from the Zone Admin buffer. At this point you can either save your
changes or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Managing zones
A zone is a region within the fabric in which specified switches and devices can communicate. A
device can communicate only with other devices connected to the fabric within its specified zone.
You can specify members of a zone using the following methods:
• Alias names
• Switch domain and port index number pair, for example, 2, 20
• WWN (device)
Creating and populating zones
Use the following procedure to create a zone.
1. Open the Zone Administration window as described on page 96.
2. Select a format to display zoning members in the Member Selection List as described in
“Select a zoning view” on page 100.
3. Click the Zone tab.
4. Click New Zone.
The Create New Zone dialog box displays.
5. On Create New Zone, enter a name for the new zone, and click OK.
If you are creating an LSAN zone, the zone name must begin with “LSAN_”.
The new zone appears in the Name drop-down list.
6. Expand the Member Selection List to view the nested elements.
The choices available in the list depend on the selection made in the View menu.
7.
Select an element in the Member Selection List that you want to include in your zone. Note that
LSAN zones should contain only port WWN members.
The Add Member button becomes active.
8. Click Add Member to add the zone member.
The selected member is moved to the Zone Members window.
9. Optional: Repeat steps 7 and 8 to add more elements to your zone.
Web Tools Administrator’s Guide
53-1000606-01
103
8
Managing zones
10. Optional: Click Add Other to include a WWN or port that is not currently a part of the fabric.
At this point you can either save your changes or save and enable your changes.
11. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Adding and removing members of a zone
Use the following procedure to add or remove zone members.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone tab.
3. Select the zone you want to modify from the Name drop-down list.
The zone members for the selected zone are listed in the Zone Members list.
4. Highlight an element in the Member Selection List that you want to include in your zone, or
highlight an element in the Zone Members list that you want to delete.
5. Click Add Member to add a zone member, or click Remove Member to remove a zone member.
The zone is modified in the Zone Admin buffer. At this point you can either save your changes
or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Renaming zones
Use the following procedure to change the name of a zone.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone tab.
3. Select the zone you want to rename from the Name drop-down list.
4. Click Rename.
5. On Rename a Zone, type a new zone name and click OK.
The zone is renamed in the Zone Admin buffer. At this point you can either save your changes
or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Copying zones
Use the following procedure to copy a zone configuration.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone tab.
3. Select the zone you want to delete from the Name drop-down list.
104
Web Tools Administrator’s Guide
53-1000606-01
Managing zone configurations
8
4. Click Copy.
5. On Copy an Existing Zone, enter a name for the copied zone.
6. Click OK.
The selected zone is copied from the Zone Admin buffer.
7.
Click Zoning Actions> Save Config Only to save the configuration changes.
Since no changes were made to the effective configuration, you do not need to enable the
configuration.
Deleting zones
Use the following procedure to delete a zone.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone tab.
3. Select the zone you want to delete from the Name drop-down menu and click Delete.
4. On the confirmation dialog box, click Yes.
The selected zone is deleted from the Zone Admin buffer. At this point you can either save your
changes or save and enable your changes.
5. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Managing zone configurations
A zone configuration is a group of zones; zoning is enabled on a fabric by enabling a specific
configuration. You can specify members of a configuration using zone names.
Figure 47 shows a sample zoning database and the relationship between the zone aliases, zones,
and zoning configuration. The database contains one zoning configuration, myconfig, which
contains two zones: Zone A and Zone B. The database also contains four aliases, which are
members of Zone A and Zone B. Zone A and Zone B also have additional members other than the
aliases.
Web Tools Administrator’s Guide
53-1000606-01
105
8
Managing zone configurations
Zone Configuration: myconfig
Zone A
Alias 1
Alias 2
WWN 1; WWN 2; WWN 3
WWN 4; <domain, portarea>
Other Elements
<domain, portarea>
Zone B
Alias 3
Alias 4
WWN 5
WWW 5; WWN 6; WWN7
Other Elements
WWW 9
FIGURE 47
Sample zoning database
Creating zone configurations
Use the following procedure to create a zone configuration. After creating a zone configuration, you
must explicitly enable it for it to take effect.
NOTE
Any changes made to the currently enabled configuration will not appear until you reenable the
configuration.
1. Open the Zone Administration window as described on page 96.
2. Select a format to display zoning members in the Member Selection List as described in
“Select a zoning view” on page 100.
3. Click the Zone Config tab and click New Zone Config.
4. On Create New Config, type a name for the new configuration and click OK.
The new configuration appears in the Name drop-down list.
5. Expand the Member Selection List to view the nested elements.
The choices available in the list depend on the selection made in the View menu.
6. Select an element in the Member Selection List that you want to include in your configuration.
The Add Member button becomes active.
106
Web Tools Administrator’s Guide
53-1000606-01
Managing zone configurations
7.
8
Click Add Member to add configuration members.
Selected members are moved to the Config Members Window.
8. Repeat steps 6 and 7 to add more elements to your configuration.
9. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Adding or removing zone configuration members
Use the following procedure to add or remove members of a zone configuration.
NOTE
You can make changes to a configuration that is currently enabled; however, changes will not appear
until you reenable the configuration.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone Config tab.
3. Select the configuration you want to modify from the Name drop-down list.
4. Click an element in the Member Selection List that you want to include in your configuration or
click an element in the Config Members that you want to delete.
5. Click Add Member to add a configuration member or Remove Member to remove a
configuration member.
6. Click Zoning Actions> Save Config Only to save the configuration changes.
To enable the configuration, see “Enabling zone configurations” on page 108.
Renaming zone configurations
The new name cannot exceed 64 characters and can contain alphabetic, numeric, and underscore
characters. Use the following procedure to change the name of a zone configuration.
NOTE
You cannot rename the currently enabled configuration.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone Config tab.
3. Select the configuration you want to rename from the Name drop-down list and click Rename.
4. On Rename a Config, type a new configuration name and click OK.
The configuration is renamed in the configuration database.
5. Click Zoning Actions> Save Config Only to save the configuration changes.
Web Tools Administrator’s Guide
53-1000606-01
107
8
Managing zone configurations
Copying zone configurations
Use the following procedure to copy a zone configuration.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone Config tab.
3. Select the zone configuration you want to delete from the Name drop-down list.
4. Click Copy.
5. On Copy An Existing Zone Config, enter a name for the copied zone and click OK.
The selected zone is copied from the Zone Admin buffer.
6. Click Zoning Actions> Save Config Only to save the configuration changes.
Since no changes were made to the effective configuration, you do not need to enable the
configuration.
Deleting zone configurations
Use the following procedure to delete a zone configuration.
NOTE
You cannot delete a currently enabled configuration.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone Config tab.
3. Select the configuration you want to delete from the Name drop-down list and click Delete.
4. On the confirmation dialog box, click Yes.
The selected configuration is deleted from the configuration database.
5. Click Zoning Actions> Save Config Only to save the configuration changes.
Enabling zone configurations
Several zone configurations can reside on a switch at once, and you can quickly alternate between
them. For example, you might want to have one configuration enabled during the business hours
and another enabled overnight. However, only one zone configuration can be enabled at a time.
When you enable a zone configuration from Web Tools, the entire zoning database is automatically
saved, and then the selected zone configuration is enabled.
If the zoning database size exceeds the maximum allowed, you cannot enable the zone
configuration. The zoning database summary displays the maximum zoning database size (see
“Displaying zone configuration summaries” on page 110).
1. Open the Zone Administration window as described on page 96.
2. Click Zoning Actions> Enable Config.
3. On Enable Config, select the configuration to be enabled from the menu.
4. Click OK to save and enable the selected configuration.
108
Web Tools Administrator’s Guide
53-1000606-01
Managing zone configurations
8
Disabling zone configurations
When you disable the active configuration, the Advanced Zoning feature is disabled on the fabric,
and all devices within the fabric can communicate with all other devices. This does not mean that
the zoning database is deleted, however, only that there is no configuration active on the fabric.
When you disable a zone configuration from Web Tools, keep in mind that the entire zoning
database is automatically saved, and then the selected zone configuration is disabled.
NOTE
When you disable the active configuration, Advanced Zoning is disabled on the fabric, and according
to the 'default zone' set, devices within the fabric can or cannot communicate with other devices.
1. Open the Zone Administration window as described on page 96.
2. Click Zoning Actions> Disable Zoning.
The Disable Config warning appears.
3. Click Yes to save and disable the current configuration.
Displaying enabled zone configurations
The enabled zone configuration screen displays the actual content of the single zone configuration
that is currently enabled on the fabric, whether it matches the configuration that was enabled
when the current Zone Administration session was launched or last refreshed (see Figure 48 on
page 109). The zones are displayed, and their contents (ports, WWNs) are displayed next to them.
Aliases are not displayed in the enabled zone configuration. If there is no active zone configuration
enabled on the switch, a message is displayed to that effect.
NOTE
The enabled configuration is listed in the lower-right corner of the Zone Administration window.
FIGURE 48
Web Tools Administrator’s Guide
53-1000606-01
Effective Configuration window
109
8
Managing zone configurations
Viewing the enabled zone configuration name without opening the Zone
Administration window
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View.
The current zone configuration name (if one is enabled) is displayed in the lower portion of the
Switch Events and Switch Information. If no zone configuration is enabled, the field displays
“No configuration in effect”.
Viewing detailed information about the enabled zone configuration
1. Open the Zone Administration window, as described on page 96.
The zone configuration in effect at the time you launched the Zone Administration window is
identified in the lower-right corner. This information is automatically updated every 15 seconds.
It is also updated if you manually refresh the Zone Administration window contents by clicking
the refresh icon at the lower-right corner of the Zone Administration window, or when you
enable a configuration through the Zone Administration window.
Clicking the refresh icon overwrites all local unsaved zoning changes. If anyone has made any
changes to the zones outside of your Zone Admin session, those changes will be applied.
2. To identify the most recently effective zone configuration without saving or applying any
changes you have made in the Zone Administration window, click File> Print Effective Zone
Configuration in the Zone Administration window.
If no zone is enabled, a message is displayed, indicating that there is no active zoning
configuration on the switch.
3. Optional: Click Print located in the Print Effective Zone Configuration dialog box to print the
enabled zone configuration details. This launches the print dialog box.
Displaying zone configuration summaries
The zone configuration summary hierarchically lists all defined zoning elements known to the
current Zone Admin session, whether any of the listed configurations has been enabled, and
whether any of the lower level elements has been added as members of the higher level (aliases
and zones) structures.
The zone configuration summary displays the entire contents of the fabric zoning database as it
was at the time the Zone Admin session was launched, or the most recently saved or refreshed
information, and any unsaved changes you make since the time the Zone Admin session is
launched. It provides the name of the zone configuration that was enabled at the time you
launched the Zone Admin session; however, keep in mind that the enabled configuration might
have changed since then and that this screen will not reflect those changes.
1. Open the Zone Administration window as described on page 96.
2. Click File> Print Zone Database Summary.
The Zone Configuration Summary window opens, as shown in Figure 49.
110
Web Tools Administrator’s Guide
53-1000606-01
Managing zone configurations
8
The summary displays the information based on the changes just made. If current session
changes have not yet been saved to the fabric, the information displayed here is different from
what is seen from the switch.
3. Optional: Click Print to print the zone configuration summary.
T
FIGURE 49
Zoning Configuration summary
Creating configuration analysis reports
The configuration analysis report lists the following:
• SAN components that are not included in the configuration.
• SAN components that are in the configuration but not in the fabric.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone Config tab.
3. Select a configuration to be analyzed from the Name drop-down list and click Analyze Zone
Config.
A message opens to you if you want to refresh the fabric before running the analysis.
4. Click Yes or No.
Web Tools Administrator’s Guide
53-1000606-01
111
8
Managing zone configurations
The configuration analysis window displays.
FIGURE 50
Configuration Analysis window
Displaying zones Initiator/Target accessibility
The Initiator/Target Accessibility Matrix shows a list of initiators and a list of targets and indicates
which initiator can access which target.
1. Open the Zone Administration window as described on page 96.
2. Click the Zone Config tab.
3. Select a configuration to be analyzed for device accessibility from the Name drop-down list.
4. Click Device Accessibility.
The Initiator/Target Accessibility Matrix for Config- Device Selection dialog box opens.
5. Select devices you want displayed in the accessibility matrix; click the radio button to select all
devices in the fabric or to select a subset of the devices.
If you select a subset, you must click the devices from the Select Devices list and click Add to
move them to the Evaluate for Accessibility list.
6. Click OK.
The Initiator/Target Accessibility Matrix displays. You can mouse over a target to display the
symbolic name of the device. In addition, you can right-click the device nodes and click View
Device Detail to display detailed information about the selected device.
112
Web Tools Administrator’s Guide
53-1000606-01
Managing the zoning database
8
Managing the zoning database
This section contains the following procedures for managing the zoning database:
•
•
•
•
•
•
•
•
•
“Adding a WWN to multiple aliases and zones,” next
“Removing a WWN from multiple aliases and zones” on page 113
“Replacing a WWN in Multiple Aliases and Zones” on page 114
“Searching for zone members” on page 114
“Clearing the Zoning Database” on page 114
“Adding Unzoned Online Devices to a Zone or Alias” on page 115
“Removing offline devices from the zoning database” on page 116
“Replacing offline devices” on page 116
“Defining device aliases” on page 117
Adding a WWN to multiple aliases and zones
This procedure enables you to configure a WWN as a member in a zone configuration prior to
adding that device to the fabric. Specifically, it is useful if you want to add a WWN to all or most
zoning entities. The added WWN does not need to currently exist in the fabric.
1. Open the Zone Administration window as described on page 96.
2. Click Edit> Add WWN.
The Add WWN dialog box opens.
3. Type a WWN value in the WWN field and click OK.
The Add WWN dialog box displays all the zoning elements that will include the new WWNs. All
of the elements are selected by default.
4. Click items in the list to select or unselect, and click Add to add the new WWN to all the
selected zoning elements.
The WWN is added to the Zone Admin buffer and can be used as a member.
Removing a WWN from multiple aliases and zones
Use this procedure if you want to remove a WWN from all or most zoning entities.
1. Open the Zone Administration window as described on page 96.
2. Click Edit> Delete WWN.
The Delete WWN dialog box opens.
3. Type a WWN value in the WWN field and click OK.
The Delete WWN dialog box displays all the zoning elements that include the WWN.
4. Click items in the list to select or unselect, and click Delete to delete the WWN from all the
selected zoning elements.
The WWN is deleted from the selected items in the Zone Admin buffer.
Web Tools Administrator’s Guide
53-1000606-01
113
8
Managing the zoning database
Replacing a WWN in Multiple Aliases and Zones
This procedure enables you to replace a WWN throughout the Zone Admin buffer. This is helpful
when exchanging devices in your fabric and helps you to maintain your current configuration.
1. Launch the Zone Administration window as described on page 96.
2. Click Edit> Replace WWN.
The Replace WWN dialog box opens.
3. Type the WWN to be replaced in the Replace field.
4. Type the new WWN in the By field and click OK.
The Replace WWN dialog box is displayed. It lists all the zoning elements that include the
WWN.
5. Click an item in the list to select or unselect, and click Replace to replace the WWN in all the
selected zoning elements.
The former WWN is replaced in the Zone Admin buffer by the new WWN, including within any
alias or zone in which the old WWN was a member.
Searching for zone members
You can search zone member selection lists for specified strings of text. If you know some
identifying information about a possible member of a zoning entity, you can select the tab and view
for that entity and then search through its member selection list using the Search for Zone Member
option. If the target entity is an alias or zone, then the search domain includes elements like switch
names and domain numbers, port names and “domain, port” addresses, device WWNs and
manufacturer names, and also any aliases that might already have been defined. If the target
entity is a configuration, then zones are also included, along with the elements they contain.
The search starts from the top of the list, and when the target element is found, it is also selected
in the Member Selection List so it can be added or its parent or children can be found. By default,
the Member Selection List is searched from beginning to end one time. If you select the
wraparound option, the search will continue to loop from the beginning to the end of the Member
Selection List.
1. Open the Zone Administration window as described on page 96.
2. Click Edit> Search Member.
3. Type the zone member name in the Member Name field.
Optional: Narrow the search by selecting one or more of the check boxes, such as Match Case.
4. Click Next to begin the zone member search.
Clearing the Zoning Database
Use the following procedure to disable the active zoning configuration, if one exists, and delete the
entire zoning database. You must disable any active configuration before you can delete the zoning
database.
114
Web Tools Administrator’s Guide
53-1000606-01
Managing the zoning database
8
ATTENTION
This action not only disables zoning on the fabric but also deletes the entire zoning database. This
results in all devices being able to communicate with each other.
1. Open the Zone Administration window as described on page 96.
2. Click Actions> Clear All.
The Disable Config warning opens.
3. Click Yes to do all of the following:
• Disable the current configuration.
• Clear the entire contents of the current Web Tools Zone Admin buffer.
• Delete the entire persistent contents of the fabric zoning database.
ATTENTION
This action is not recoverable.
Using Zoning Wizards
The Zone Administration window contains the following wizards to help you perform the following
zoning tasks:
•
•
•
•
Add unzoned devices
Remove offline devices
Replace offline devices
Define device alias
Access the wizards through the Tools menu in the Zone Administration window. The following
sections describe the zoning tasks and the procedure for accessing the wizards for each task. The
wizards are self-explanatory, so the specific steps are not documented here.
NOTE
The left side of each wizard window lists the steps you need to take to complete the task. The current
step is in blue, as shown in Figure 51 on page 116. Some of the wizards allow you to loop and repeat
the task multiple times; as a result, each step is listed in this panel, so that you not only see the steps
that you still need to perform, but also the steps that you have already performed.
The step numbers do not necessarily match the overall numbering in this panel.
Adding Unzoned Online Devices to a Zone or Alias
When zoning is enabled, devices that are not included in a zone configuration are inaccessible to
other devices in the fabric. Use the following procedure to identify online devices that are not zoned
in any zone configuration and add them to a zone or alias.
1. Open the Zone Administration window as described on page 96.
2. Click Tools> Add Unzoned Devices.
The Add Unzoned Devices wizard opens.
Web Tools Administrator’s Guide
53-1000606-01
115
8
Managing the zoning database
FIGURE 51
Add Unzoned Devices wizard
3. Follow the steps outlined in the wizard.
The wizard displays unzoned devices and prompts you to select them and add them to an alias
or a zone.
When you have finished the steps for adding a device to a zone or alias, if there are any more
unzoned devices, you can either continue to add those unzoned devices or exit the wizard. If
there are no more unzoned devices, you must exit the wizard.
Removing offline devices from the zoning database
Removing offline devices (WWNs) helps clean the zoning database to save more space for new
entries. Use the following procedure to view all devices that are no longer online and remove all or
selected offline devices from the zoning database.
1. Open the Zone Administration window as described on page 96.
2. Click Tools> Remove Offline Devices.
The Remove Offline Devices wizard opens.
3. Follow the steps outlined in the wizard.
The wizard allows you to view all devices that are no longer online, and remove all or selected
offline devices from the zoning database.
Replacing offline devices
Replacing an offline device replaces its WWN with a new given WWN in all of its containing aliases
and zones. Use the following procedure to view offline devices and replace them with new ones in
the zoning database.
1. Open the Zone Administration window as described on page 96.
2. Click Tools> Replace Offline Devices.
The Replace Offline Devices wizard opens.
116
Web Tools Administrator’s Guide
53-1000606-01
Best practices for zoning
8
3. Follow the steps outlined in the wizard.
The wizard allows you to view all devices that are no longer online, and replace all or selected
offline devices with new ones (WWNs) in the zoning database.
Defining device aliases
Use the following procedure to define zone alias names for devices in a single process. This
procedure is especially useful if you use one unique zone alias to name each device port.
The alias definitions of the devices are saved in the zoning database on the switch, which has a
size limit. If database size becomes a concern, reconsider your use of alias definitions.
1. Open the Zone Administration window as described on page 96.
2. Click Tools> Define Device Alias.
The Define Device Alias wizard opens.
3. Follow the steps outlined in the wizard.
The wizard allows you to define one and only one name for each device port (WWN). Devices
with one or more aliases are considered already named and are not displayed.
NOTE
To enter a zone alias name, double-click the Zone Alias field for each device, and type the
name.
After typing each alias name, you must press Enter or click another zone alias field, or the
wizard does not accept the name.
Best practices for zoning
The following are recommendations for using zoning:
• Always zone using the highest Fabric OS-level switch.
Switches with lower Fabric OS versions do not have the capability to view all the functionality
that a newer Fabric OS provides as functionality is backwards compatible but not forwards
compatible.
• Zone using the core switch versus an edge switch.
• Zone using a director over a switch.
A director has more resources to handle zoning changes and implementations.
• Zone on the switch you connect to when bringing up Web Tools (the proxy switch).
Interoperability considerations for zoning
• In McDATA Fabric mode, Brocade Default Zoning will be replaced with McDATA Default Zone
and McDATA Save Zone.
• You can only enable either McDATA Default Zone or McDATA safe zone, but not both.
• You cannot enable McDATA Default Zone when you are using McDATA Open Fabric
Web Tools Administrator’s Guide
53-1000606-01
117
8
118
Interoperability considerations for zoning
Web Tools Administrator’s Guide
53-1000606-01
Chapter
9
Monitoring Performance
In this chapter
This chapter contains the following sections:
• Monitoring performance using Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . .
• Opening the Performance Monitoring window . . . . . . . . . . . . . . . . . . . . . .
• Creating basic performance monitor graphs. . . . . . . . . . . . . . . . . . . . . . . .
• Customizing basic monitoring graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Creating advanced performance monitoring graphs . . . . . . . . . . . . . . . . .
• Managing performance graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
119
123
124
124
126
129
Monitoring performance using Web Tools
The Web Tools Performance Monitoring window graphically displays throughput (in megabytes per
second) for each port and for the entire switch.
The basic-mode Performance Monitor is standard in the Web Tools software. Any user logged into
Web tools with an associated role of zoneadmin or securityadmin cannot open performance
monitor. The roles user, operator, and basicswitchadmin are allowed to perform basic-mode
performance monitor tasks except save or display canvas operations in any Admin Domain context.
Only users with the admin, switchadmin and fabricadmin roles associated with their login accounts
are able to save or display a canvas.
The Advanced Monitoring menu in performance monitor is an optionally licensed feature. To utilize
the Advanced Monitoring feature you must have a license installed and you must log in using an
account that has an admin, switchadmin, or fabricadmin role.
Use the basic-mode Performance Monitoring window to:
• Create user-definable reports.
• Display a performance canvas for application-level or fabric-level views.
• Save persistent graphs across reboots (saves parameter data across reboots).
Using Brocade Advanced Performance Monitoring, you can display predefined reports and
filter-based performance monitoring. You can track:
• The number of words received and transmitted in Fibre Channel frames with a defined
S_ID/D_ID pair.
• The number of times a particular filter pattern in a frame is transmitted by a port.
For detailed information on performance monitoring, see the Fabric OS Administrator’s Guide.
Each graph is displayed individually in a window, so it can be minimized, maximized, resized, and
closed.
Web Tools Administrator’s Guide
53-1000606-01
119
9
Monitoring performance using Web Tools
Graphs within the Performance Monitoring window are updated every 30 seconds. When you first
display the graph or if you modify the graph (such as to add additional ports), you might have to
wait up to 30 seconds before the new values are shown.
When you have multiple graphs open in the Performance Monitoring window, you can:
• Click Window> Tile to view all graphs at once, tiled in the Performance Monitoring window.
• Select Window> Cascade to view one graph at a time.
• Select Window> Close All to close all open Performance Monitor graphs in the Performance
Monitoring window.
In addition, the Window menu lists all open graphs. You can click Window, and then select a graph
name to view that graph.
Admin Domain considerations:
• If you are not the switch owner, you will see the following ports:
• E_ports, including EX_Ports
• directly owned ports
• indirect ports
• You can use the Advanced Performance Monitoring feature only in AD255 or in AD0 if there are
no other user-defined Admin Domains. Otherwise, access to Advanced Monitoring features in
the Performance Graphs menu will be unavailable.
• It is recommended that you define a user with a switchadmin role and give that user access to
AD255 for the purpose of data collecting using the Advanced Performance Monitor.
Predefined performance graphs
Web Tools predefines basic graph types, to simplify performance monitoring. A wide range of
end-to-end fabric, LUN, device, and port metrics graphs are included.
Table 6 lists the basic monitoring graphs available. Table 7 on page 121 lists the advanced
monitoring graphs.
The advanced monitoring graphs give more detailed performance information to help you manage
your fabric. You can access the basic monitoring graphs on all switches; advanced monitoring
graphs are available only on switches that have a Brocade Advanced Performance Monitoring
license activated.
TABLE 6
120
Basic performance graphs
Graph Type
Displays
Port Throughput
The performance of a port, in bytes per second, for frames received and
transmitted.
Switch Aggregate Throughput
The aggregate performance of all ports on a switch.
Blade Aggregate Throughput
The aggregate performance of all ports on a port card. This graph is
available only for the Brocade 48000 and Brocade DCX Director.
Switch Throughput Utilization
The port throughput, in Gbit/sec, at the time the sample is taken. For the
Brocade 48000 and Brocade DCX Director, this graph displays the
throughput for each slot. You can customize this graph to display
information for particular ports.
Port Error
CRC errors for a given port.
Web Tools Administrator’s Guide
53-1000606-01
Monitoring performance using Web Tools
TABLE 6
9
Basic performance graphs (Continued)
Graph Type
Displays
Switch Percent Utilization
The percentage utilization for each port in a switch. For the Brocade 48000
and Brocade DCX Director, this graph displays the percent utilization for
each slot. You can customize this graph to display information for particular
ports.
Port Snapshot Error
The CRC error count between sampling periods for all the ports on a switch.
For the Brocade 48000 and Brocade DCX Director, this graph displays the
CRC error rate for each slot. You can customize this graph to display
information for particular ports.
TABLE 7
Advanced performance monitoring graphs
Graph Type
Displays
SID/DID Performance
The traffic between the SID-DID pair on the switch being managed. For
more information, see “Creating SID-DID Performance Graphs” on
page 126.
SCSI vs. IP Traffic
The percentage of SCSI versus IP frame traffic on each individual port. For
more information, see “Creating an SCSI vs. IP Traffic Graph” on page 127.
AL_PA Errors
CRC errors for a given port and a given AL_PA. For more information, see
“Creating AL_PA Error Graphs” on page 129.
SCSI Commands by port and LUN
(R, W, R/W)
The total number of read/write commands on a given port to a specific LUN.
For more information, see “Creating SCSI Command Graphs” on page 128.
The Brocade 48000 with an FC4-18i and the Brocade 7500 include physical FC ports, logical FC
ports, and GbE ports. The Brocade 48000 with a or FC4-16IP blade includes physical FC ports and
GbE ports. Not all of the performance monitoring graphs support the logical FC ports and GbE
ports.
Table 8 lists each graph and indicates the supported port types for each. The port selection lists for
each graph display the supported ports for that graph.
TABLE 8
Supported port types for Brocade 7500, 48000 and Brocade DCX Director
Graph Type
Physical FC_Ports
Logical FC_Ports
GbE Ports
Port Throughput
P
P
P
Switch Aggregate
Throughput
N/A
N/A
N/A
Blade Aggregate
Throughput1
N/A
N/A
N/A
Switch Throughput
Utilization
P
Port Error
P
Switch Percent Utilization
P
Port Snapshot Error
P
P
SID/DID Performance
P
P
SCSI Commands
P
SCSI vs. IP Traffic
P
ALPA Error
Web Tools Administrator’s Guide
53-1000606-01
2
P
P
P
P
P
121
9
Monitoring performance using Web Tools
1.
Blade Aggregate Throughput graph is not supported on the Brocade 7500 switch.
2. ALPA Error graph is not supported on the Brocade 7500, Brocade 7600, or on the Brocade 48000 director with
an FC4-18i, FC4-16IP, or FC4-18, FC4-48 blade.
The labeling of axes in the graphs depends on the switch type.
• For the Brocade 48000 directors, slot numbers are displayed with expansion arrows next to
them, as shown in Figure 52 on page 122. Click the arrows to expand and contract the list of
ports per slot.
• For the Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, and 7500
switches, slot numbers are not identified.
For the Switch Throughput Utilization graph, the X-axis depends on the switch type.
• For Brocade 48000 director, the X-axis scales up to 102.4 Gbit/sec in multiples of 2.
• For Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, 7500, and 7600
switches, the X-axis scales up to 4.0 Gbit/sec in increments of 0.4 Gbps.
Port throughput utilization is represented by a horizontal bar for each selected port, which gets
longer or shorter depending on the percent utilization for that port at the last poll time. Thin short
vertical intersecting bars give a historical perspective by representing the highest and lowest
values reached for each selected port since the graph was opened. A third bar between them
represents the average of all values polled (see Figure 52).
Figure 52 shows how to access the list of Advanced Performance Monitoring graphs using Web
Tools. This example displays the graphs available in the Performance Monitoring window for a
Brocade 48000 director with the Advanced Performance Monitoring license installed. Note that the
slot number is identified.
FIGURE 52
122
Accessing performance graphs
Web Tools Administrator’s Guide
53-1000606-01
Opening the Performance Monitoring window
9
User-defined graphs
You can modify the predefined graphs to create your own customized graphs (see “Customizing
basic monitoring graphs” on page 124 for more information). These user-defined graphs can be
added and saved to canvas configurations.
Canvas configurations
A “canvas” is a saved configuration of graphs. The graphs can be either the Web Tools predefined
graphs or user-defined graphs. Each canvas can hold up to eight graphs per window, with six shown
in Figure 53. Up to 20 canvases can be set up for different users or different scenarios. Each
canvas is saved with a name and an optional brief description.
FIGURE 53
Canvas of six performance monitoring graphs
Opening the Performance Monitoring window
Use the following procedure to open the Web Tools Performance Monitoring window.
1. Select a switch from the Fabric Tree and log in when prompted.
2. In the Monitor area under Tasks, click Performance Monitor.
The Performance Monitoring window opens.
Web Tools Administrator’s Guide
53-1000606-01
123
9
Creating basic performance monitor graphs
Creating basic performance monitor graphs
Use the following procedure to create the basic performance monitor graphs listed in Table 6 on
page 120.
1. Open the Performance Monitor window.
2. Click Performance Graphs> Basic Monitoring> Graph Type.
Depending on the type of graph you select, you might be prompted to select a slot or port for
which to create a graph (see Figure 55).
FIGURE 54
Creating a basic performance monitor graph
3. If prompted, drag the port into the Enter/drag slot,port field, or manually type the slot and port
information in the field, in the format slot,port.
For Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, 7500, and 7600
switches enter only a port number.
4. Click OK.
The graph is displayed in a window in the Performance Monitoring window. The following
section explains how you can customize some of these graphs.
Customizing basic monitoring graphs
You can customize some of the basic performance monitoring graphs to display information for
particular ports. For the Brocade 48000 directors, you can also customize these graphs to display
information for a slot.
You can customize the following graphs:
• Switch Throughput Utilization
• Switch Percent Utilization
• Port Snapshot Error
124
Web Tools Administrator’s Guide
53-1000606-01
Customizing basic monitoring graphs
9
The following procedure assumes that you have already created one of these customizable graphs.
1. Create or access the graph you want to customize. See “Creating basic performance monitor
graphs” on page 124 for instructions on creating a graph.
2. For Brocade 48000 directors, to display detailed port throughput utilization rates for each port
in a slot, click the arrows next to a slot. Port information for that slot is displayed in the graph.
For Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, 7500, and 7600
switches, proceed to step 3.
3. To display detailed port throughput utilization rates for particular ports only, right-click
anywhere in the graph.and click Select Ports.
The setup dialog box displays, as shown in Figure 55. The title of the dialog box varies,
depending on the type of graph you are customizing, but the layout of the dialog box is the
same. Figure 55 shows an example of the setup dialog box for the Switch Throughput
Utilization graph.
FIGURE 55
Select Ports dialog box for customizing Switch Throughput Utilization graph
You can perform the following in the dialog box:
a.
Double-click the domain to expand the slot/port list.
For the Brocade 48000 directors, click the + signs to expand the ports under each slot, as
shown in Figure 55.
b.
Click the port you want to monitor in the graph in the Port Selection List. Use Shift-click
and Ctrl-click to select multiple ports.
c.
Click Add to move the selected ports to the Selected Ports list.
Web Tools Administrator’s Guide
53-1000606-01
125
9
Creating advanced performance monitoring graphs
d.
Optional: Click ADD ALL Ports to add all of the ports in the Port Selection List to the
Selected Ports list.
e.
Optional: Click Search to open the Search Port Selection List dialog box, from which you
can search for all E_Ports, all F_Ports, or all port names with a defined string. Select the
ports you want to add and click Search in the Search Port Selection List dialog box.
f.
Click Apply.
Only the selected ports are displayed in the graph.
Creating advanced performance monitoring graphs
This section describes how to create the advanced performance monitor graphs listed in Table 7 on
page 121. Because the procedure for creating these graphs differs depending on the type of graph,
each type is described separately in the sections that follow.
The advanced monitoring graphs are not supported for GbE ports.
NOTE
You must have an Advanced Performance Monitoring license installed to use the Advance
Performance Monitor features. If user-defined Admin Domains have been configured, Advanced
Performance Monitoring works only in AD255.
Creating SID-DID Performance Graphs
The SID/DID Performance graph displays the traffic between a SID-DID pair on the switch being
managed.
1. Open the Performance Monitoring window.
2. Click Performance Graphs> Advanced Monitoring> SID/DID Performance.
The SID/DID Performance Setup dialog box displays (see Figure 56 on page 127).
• To see which end-to-end (EE) monitors are currently set up on a particular port, proceed to
step 3.
• To specify the port, Source ID and Domain ID, skip to step 4.
126
Web Tools Administrator’s Guide
53-1000606-01
Creating advanced performance monitoring graphs
FIGURE 56
9
Creating an SID/DID performance graph
3. Click a port from the Slot/Port or Sid/Did Selection List.
a.
Drag the selected port into the Enter/drag slot, port number field.
b.
Click Retrieve preset EE monitors.
The current end-to-end monitors for that port are displayed in the “Current EE monitors set
for selected port” table.
c.
Optional: To display a performance graph for the current EE monitors set for the selected
port, click a SID-DID pair in the table. You can select multiple source ID and Destination
IDs. Click Select. If you selected multiple SID/DID monitors, click OK in the confirmation
dialog box that appears. Skip to step 6.
If you do not want to display a performance graph for the current EE monitors set for the
selected port, continue with step 4.
4. Click a source ID from the “Port or Sid/Did Selection List,” and click Add Sid. You can also type
a source ID in the Enter/drag SID number field.
5. Click a destination ID from the Port or Sid/Did Selection List, and click Add Did. You can also
type a destination ID in the Enter/drag DID number field.
6. Click OK.
If you selected multiple EE monitors, SIDs, or PIDs, a confirmation dialog box displays,
reminding you that one graph will be opened for each selection. Click Yes to display the graphs.
Creating an SCSI vs. IP Traffic Graph
The SCSI vs. IP Traffic graph displays the SCSI versus IP traffic for selected ports. For Brocade
48000 directors, the slot and port name is identified in the graph.
In a trunk group, the SCSI vs. IP Traffic graph displays only the master port and not the slave ports.
Web Tools Administrator’s Guide
53-1000606-01
127
9
Creating advanced performance monitoring graphs
1. Open the Performance Monitoring window.
2. Click Performance Graphs> Advanced Monitoring> SCSI vs. IP Traffic.
The SCSI vs. IP Traffic Setup dialog box opens. This dialog box is similar to that shown in Figure
55 on page 125.
3. Double-click the domain to expand the slot/port list.
For Brocade 48000 directors, click the + signs to expand the ports under each slot, as shown
in Figure 55.
4. Click the port you want to monitor in the graph in the Port Selection List. Use Shift-click and
Ctrl-click to select multiple ports.
5. Click Add to move the selected ports to the Selected Ports list.
6. Optional: Click ADD ALL Ports to add all of the ports in the Port Selection List to the Selected
Ports list.
7.
Optional: Click Search to open the Search Port Selection List dialog box, from which you can
search for all E_Ports, all F_Ports, or all port names with a defined string. Select the ports you
want to add and click Search in the Search Port Selection List dialog box.
8. Click Apply in the SCSI vs. IP Traffic Setup dialog box.
Only the selected ports are displayed in the SCSI vs. IP traffic graph.
Creating SCSI Command Graphs
This graph displays the total number of read or write (or both) commands on a given port or to a
specific LUN on a given port.
1. Open the Performance Monitoring window.
2. Click Performance Graphs> Advanced Monitoring> SCSI Commands> Graph Type.
The applicable setup dialog box opens. Figure 57 on page 128 shows the “SCSI Read/Write on
a LUN per port Setup” dialog box.
FIGURE 57
Creating a SCSI command graph
3. Navigate to a switch> slot> port in the Slot/Port Selection List.
4. Click the port from the Slot/Port Selection List and drag it into the Enter/drag slot,port field.
5. Optional: For the LUN per port graphs, type a LUN number, in hexadecimal notation.
128
Web Tools Administrator’s Guide
53-1000606-01
Managing performance graphs
9
For the Brocade 4100 or 5000 switch, you can enter up to eight LUN masks.
For the Brocade 48000 director, you can enter up to four LUN masks.
For all other switches running Fabric OS 4.x or v5.x, you can enter up to two LUN masks.
For switches running Fabric OS 3.x, you can enter up to three LUN masks.
6. Click OK.
The selected graph is displayed in the canvas.
Creating AL_PA Error Graphs
The AL_PA Error graph displays CRC errors for a given port and a given AL_PA. The AL_PA Error
graph is not supported on the following:
• Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, 7500, and 7600
• Brocade 48000 with an FR4-18i, FC4-16IP, FC-18 or FC4-48 blade(s) installed
1. Open the Performance Monitoring window.
2. Click Performance Graphs> Advanced Monitoring> ALPA Error.
The ALPA Error Setup dialog box opens.
3. Navigate to a switch> slot> port in the Slot/Port or Alpa Selection List.
4. Click the port from the Slot/Port Selection List or an AL_PA from the Slot/Port Selection List,
and drag it into the “Enter/drag slot,port” field. You can also manually type the slot and port
number, in the format slot,port.
5. Click OK.
The AL_PA Error graph opens on the canvas.
Managing performance graphs
This section provides the following procedures for managing performance graphs:
• Saving graphs to a canvas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Adding graphs to an existing canvas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Printing a single graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Modifying graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
129
130
130
131
Saving graphs to a canvas
Saving graphs is especially useful when you create customized graphs and do not want to re-create
them every time you access the Performance Monitoring window.
When you save graphs, you must save them to a canvas. The following procedure describes how to
save graphs to a new canvas.
1. Open the Performance Monitoring window.
2. Create basic or advanced Performance Monitor graphs, as described in “Creating basic
performance monitor graphs” on page 124 and “Creating advanced performance monitoring
graphs” on page 126.
Web Tools Administrator’s Guide
53-1000606-01
129
9
Managing performance graphs
The graphs are displayed in the Performance Monitor window.
3. Click File> Save Current Canvas Configuration.
The Save Canvas Configuration dialog box opens.
4. Type a name and description for the configuration and click Save Canvas.
A message displays, confirming that the configuration was successfully saved to the switch.
Adding graphs to an existing canvas
The following procedure assumes that a canvas is already created.
To create a new canvas, you must first create graphs, as described in “Creating basic performance
monitor graphs” on page 124 and “Creating advanced performance monitoring graphs” on
page 126, and then save those graphs to a canvas, as described in “Saving graphs to a canvas” on
page 129.
1. Click File> Display Canvas Configurations.
The Canvas Configuration List displays. A message “No Canvas configuration to display” will
display if there are no saved canvas configurations.
2. Click a canvas in the list.
3. Click Edit.
The Edit Canvas dialog box displays.
4. Click Add.
A list of graphs displays.
5. Click a graph to add it to the canvas, and click Save.
Printing a single graph
You can print a single graph or all the graphs displayed on the selected canvas configuration. Only
one canvas configuration can be opened at a time.
1. Open the Performance Monitoring window.
2. Create a basic or advanced Performance Monitor graph as described in “Creating basic
performance monitor graphs” on page 124 and “Creating advanced performance monitoring
graphs” on page 126.
3. Right-click the graph and choose Print.
4. In the print dialog box, click OK.
Printing all graphs in a canvas
1. Open the Performance Monitoring window.
2. Click File> Print All Graphs.
3. In the print dialog box, click OK.
130
Web Tools Administrator’s Guide
53-1000606-01
Managing performance graphs
9
Modifying graphs
Use the following procedure to modify an existing graph that is saved in a canvas.
1. Open the Performance Monitoring window.
2. Click File> Display Canvas Configurations.
The Canvas Configuration List opens. A message “No Canvas configuration to display” opens if
there are no saved canvas configurations.
3. Select a canvas from the list and click Edit.
The Performance Monitor Canvas: Canvas Name dialog box displays.
4. Select a graph from the list and click Edit.
NOTE
The Edit button is enabled only for the graphs that are configurable or editable.
5. Make changes in the Edit dialog box, as necessary.
6. Click OK to close the Edit dialog box.
7.
Click Save to save the changes and close the Performance Monitor Canvas dialog box.
8. Click Close to close the Canvas Configuration List.
Web Tools Administrator’s Guide
53-1000606-01
131
9
132
Managing performance graphs
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Using the FC-FC Routing Service
10
In this chapter
This chapter describes how to use the FC-FC Routing Service to share devices between fabrics
without merging the fabrics. It contains the following information:
•
•
•
•
•
•
•
“Supported switches for fibre channel routing,” next
“About fibre channel routing” on page 133
“Setting up FC-FC routing” on page 134
“Managing FC-FC routing with Web Tools” on page 135
“Viewing and configuring EX_Ports” on page 137
“Viewing and configuring LSAN zones” on page 139
“Configuring the backbone fabric ID” on page 140
Supported switches for fibre channel routing
The FC-FC Routing Service is supported only on the following switch models:
• Brocade 7500 switch
• Brocade 48000 director, when configured with an FR4-18i blade (see the Fabric OS
Administrator’s Guide for more information)
• Brocade AP7420
Any of the supported switches listed above are considered FC Router-capable. If an EX_Port is
configured for that switch, the switch is FC-Router enabled.
See the Web Tools—AP Edition Administrator’s Guide for information on setting up the FC-FC
Routing Service on the Brocade AP7420.
About fibre channel routing
Fibre Channel routing provides connectivity to devices in different fabrics without merging the
fabrics.
For example, using Fibre Channel routing you can share tape drives across multiple fabrics without
the administrative problems, such as change management, network management, scalability,
reliability, availability, and serviceability, that might result from merging the fabrics.
Fibre Channel routing allows you to create logical storage area networks (LSANs) that can span
fabrics. These LSANs allow Fibre Channel zones to cross physical SAN boundaries without merging
the fabrics and while maintaining the access controls of zones.
Descriptions of Fibre Channel routing includes some specific terminology:
Web Tools Administrator’s Guide
53-1000606-01
133
10
Setting up FC-FC routing
backbone fabric
An FC Router can connect two edge fabrics; a backbone fabric connects FC
Routers. The backbone fabric is the fabric to which the FC Router switch
belongs. A backbone fabric consists of at least one FC Router and possibly a
number of Fabric OS-based Fibre Channel switches. Initiators and targets in
the edge fabric can communicate with devices in the backbone fabric through
the FC Router.
edge fabric
A standard Fibre Channel fabric with targets and initiators connected through
an FC Router to another Fibre Channel fabric.
EX_Port
A type of port that functions somewhat like an E_Port, but does not propagate
fabric services or routing topology information from one fabric to another.
FC Router
A switch running FC-FC Routing Service.
interfabric link (IFL)
The link between an E_Port and an EX_Port, or a VE_Port and a VEX_Port.
metaSAN
The collection of all SANs interconnected with FC Routers.
VEX_Port
A virtual port that enables routing functionality via an FCIP tunnel. A
VEX_Port is similar to an EX_Port.
NOTE
Devices on edge fabrics that are connected to a Brocade AP7420 Multiprotocol Router cannot
communicate with devices in the backbone fabric.
A device is shared between:
• The backbone fabric and edge fabric 1
• Edge fabric 1 and edge fabric 2
• Edge fabric 2 and edge fabric 3
Setting up FC-FC routing
The following procedure provides the basic steps for setting up FC-FC Routing using an FC Router.
1. Ensure that the backbone fabric ID of the FC Router is the same as that of other FC Routers in
the backbone fabric. See “Configuring the backbone fabric ID” on page 140.
2. On the FC Router, ensure that the ports to be configured as EX_Ports are either not connected
or are disabled.
3. Configure EX_Ports by clicking the EX Ports tab and then clicking New. Follow the instructions
in the wizard. See “Viewing and configuring EX_Ports” on page 137.
4. Connect the cables from the EX_Ports on the FC Router to the edge fabrics, if they were not
connected before.
For a multi-FC Router backbone fabric, make sure that each FC Router is connected to a switch
in the backbone fabric.
5. Configure LSAN zones on the fabrics that will share devices. See “Viewing and configuring
LSAN zones” on page 139.
6. View the information in the EX Ports, LSAN Fabrics, LSAN Zones, and LSAN Devices tabs to
make sure that your configuration has succeeded.
134
Web Tools Administrator’s Guide
53-1000606-01
Managing FC-FC routing with Web Tools
10
Managing FC-FC routing with Web Tools
You manage FC-FC routing through the FC Routing module, shown in Figure 58 on page 136. The
FC Routing module has tabbed panes that display EX_Ports, LSAN fabrics, LSAN zones, LSAN
devices, and general FCR information.
The FC Routing module provides a dynamic display. Any changes in the FCR configuration on the
switch are automatically updated in the FC Routing module within 30 to 90 seconds, depending on
the network traffic.
The switch must be FC Router-capable, as described in “Supported switches for fibre channel
routing” on page 133.
The only things you need to configure on the FC Router are the EX_Ports and the backbone fabric
ID. You configure LSAN zones on the fabrics from where devices need to be shared. You can
configure LSAN zones on the backbone fabric to allow edge fabrics to share devices in the
backbone fabric.
You must be logged in as admin or switchadmin to launch the FC Routing module. If you are logged
in as a user role, you cannot access the FC Routing module.
If the FC-FC Routing service is disabled, the LSAN zones, LSAN fabric, and devices tabs will
continue to show the existing entries but it will show the entries related to the backbone fabric only.
All of the EX_Ports are disabled and you cannot enable them until FC-FC routing is enabled.
Opening the FC Routing module
The FCR button in the Switch View launches the FC Routing module. This button is displayed only
for the following switches:
• Brocade 7500 switch
• Brocade 48000 director configured with an FR4-18i blade
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View.
2. Click FCR in the Manage section of the Tasks menu.
The FC Routing module displays (as shown in Figure 58). If FC-FC Routing is disabled, a
message to that effect displays on all the tabs in the module.
Web Tools Administrator’s Guide
53-1000606-01
135
10
Managing FC-FC routing with Web Tools
FIGURE 58
FC Routing module in Disabled mode with General tab selected
Viewing and managing LSAN fabrics
The LSAN Fabric tab (see Figure 59 on page 137) displays all the LSAN fabrics visible to your
switch, in both a tabular and tree form. (If FC-FC Routing is disabled, the tables and tree nodes in
this tab are empty and the tree displays only the backbone switch.)
For more detailed information about a specific LSAN fabric, click a fabric name in the table and
then click View Details in the task bar. You can also click the fabric name in the tree on the left side
of the window.
When there is more than one router present in the backbone fabric with different backbone Fabric
IDs, the routers with the conflicting IDs are shown in a separate table on the LSAN Fabric tab.
To manage an LSAN fabric, select the fabric to manage and click Manage LSAN Fabric in the task
bar. A browser window is launched with the following url:
http://ip-address-of-lsan-fabric-switch
136
Web Tools Administrator’s Guide
53-1000606-01
Viewing and configuring EX_Ports
10
For Brocade switches, this launches Web Tools. For non-Brocade fabrics, this launches the element
manager for that switch.
FIGURE 59
FC Routing module with LSAN Fabrics tab selected
Viewing and configuring EX_Ports
The EX_Ports tab (see Figure 60 on page 138) displays all of the EX_Ports on the switch, including
configuration and status information. The ports are sorted by slot number, and then by row number
within each slot. IP addresses information is displayed in both IPv4 and IPv6 format.
NOTE
If FC Routing is disabled, then you have to disable all of the EX_Ports and you cannot enable them
until FC Routing is enabled.
For more detailed information about a specific port, click a port name in the table and then click
View Details in the task bar. You can also click the port name in the tree on the left side of the
window.
From the EX_Ports tab, you can perform the following port management tasks by selecting a port in
the table and then clicking a task in the task bar:
•
•
•
•
“Configuring an EX_Port” on page 138
“Editing the configuration of an EX_Port” on page 139
Rename an EX_Port.
Swap the Port Index of an EX_Port (described in “Swapping port index” on page 74).
Web Tools Administrator’s Guide
53-1000606-01
137
10
Viewing and configuring EX_Ports
• Enable or disable an EX_Port.
• Persistently enable or disable an EX_Port.
ATTENTION
During EX_Port configuration, the port is automatically disable, and then reenabled when the
changes are applied. Be sure that you do not physically connect a port to a remote fabric before
configuring it as an EX_Port; otherwise, the two fabrics merge and you lose the benefit of Fibre
Channel routing.
You can enable or disable multiple ports at one time. Use Shift-click and Ctrl-click to select multiple
ports in the table, and then click one of the enable or disable tasks in the task bar.
You can select multiple ports in the table, but you can select only one port at a time in the tree.
FIGURE 60
FC Routing module with EX_Ports tab selected
Configuring an EX_Port
1. Opens the FC Routing module (click the FCR button).
2. Click the EX_Ports tab.
3. Click New in the task bar to configure one or more EX_Ports.
This opens the port configuration wizard, which guides you through the port configuration
process.
4. Follow the instructions in the wizard to configure the EX_Port.
138
Web Tools Administrator’s Guide
53-1000606-01
Configuring FCR router port cost
10
You will need to specify the Fabric ID and, if configuring an FC port, the speed and long
distance mode. You can choose any unique fabric ID as long as it is consistent for all EX_Ports
that connect to the same edge fabric.
Editing the configuration of an EX_Port
1. Opens the FC Routing module.
2. Click the EX_Ports tab.
3. Select a port to configure, by clicking in the row.
4. Click Edit Configuration in the task bar.
This opens the port configuration wizard, which guides you through the port configuration
process.
The current configuration values are displayed in the wizard steps.
If you choose to configure a disabled port, the wizard provides the Enable Port after
configuration check box. If you select this check box, the disabled port is automatically
enabled after configuration. If you leave this box cleared, the port remains in the same state
after configuration.
Configuring FCR router port cost
In FCR, EX_Ports can be assigned router port cost. The cost of the link is a positive number. The
router port path or tunnel path is chosen based on the minimum cost per connection. If multiple
paths exist with the same minimum cost, there will be load sharing over these paths. If multiple
paths exist where one path costs lower than the others, then the lowest cost path is used.
Every link has a default cost. For an EX_Port 2Gb/sec link, the default cost is 500. For an EX_Port
1Gb/sec link, the default cost is 1000. For a VEX_Port, the default cost is 2000. If the cost is set to
0, the default cost will be used for that link.
1. Open the Switch Administration window.
2. Click FCR in Manage section of the Tasks menu.
3. Click the Ex Ports tab.
Viewing and configuring LSAN zones
The LSAN Zones tab displays all the LSAN zones, in both a tabular and tree form. (If FC-FC Routing
is disabled, the tables and tree nodes in this tab are empty.)
For more detailed information about a specific LSAN zone, click a zone name in the table and then
click the View Details button in the task bar. You can also click the zone name in the tree on the left
side of the window.
The LSAN matrix is mapping of LSAN Zones with the edge fabric they are going to communicate
with. When an LSAN matrix is created in the backbone fabric, only the LSAN zones mapped in the
edge fabrics are displayed in the LSAN Zones tab.
Web Tools Administrator’s Guide
53-1000606-01
139
10
Configuring the backbone fabric ID
Follow the procedure described in “Creating and populating zones” on page 103 to create LSAN
zones.
Viewing LSAN Devices
The LSAN Devices tab displays information about the physical and proxy devices and displays these
devices in a tree on the left side of the window. (If FC-FC Routing is disabled, the tables and tree
nodes in this tab are empty.)
Click the LSAN Devices element in the tree to display a count of all the physical and proxy LSAN
devices. Note that this count is for all of the LSAN fabrics.
Click the Physical Devices or Proxy Devices element in the tree to see a detailed list of the physical
or proxy devices. Click the device name in the tree for more detailed information about a specific
device, as shown in Figure 61.
FIGURE 61
FC Routing module with LSAN Devices tab selected
Configuring the backbone fabric ID
The FC-FC Routing Service must be disabled when configuring the backbone fabric ID. Web Tools
automatically disables FC-FC Routing before setting the fabric ID and then reenables it afterwards;
however, you must first disable all of the EX_Ports before you invoke this operation. After the fabric
ID has been changed, you can enable these ports again manually.
The fabric ID for a backbone fabric must be different than the fabric IDs of all other edge fabrics;
otherwise, a fabric ID conflict error could occur.
140
Web Tools Administrator’s Guide
53-1000606-01
Configuring the backbone fabric ID
10
Make sure that all switches in the backbone fabric have the same fabric ID.
1. Open the Switch Administration window.
2. Click FCR in the Manage section of the Tasks menu.
3. Click the EX-Ports tab.
4. Disable all of the EX_Ports by selecting all of the ports in the table and then clicking Disable.
5. Click the General tab.
6. Click Set Fabric ID in the task bar.
The Configure Backbone Fabric ID window appears.
7.
Select a fabric ID from the drop-down menu.
The fabric ID is a number from 1 through 128. Web Tools warns you if you select a fabric ID that
is already in use.
8. Click OK.
9. Reenable all of the EX_Ports after Web Tools automatically reenables the FC-FC Routing
Service.
Web Tools Administrator’s Guide
53-1000606-01
141
10
142
Configuring the backbone fabric ID
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Working With Diagnostic Features
11
In this chapter
This chapter contains the following information:
• Managing trace dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
• Displaying switch information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
• Interpreting port LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Managing trace dumps
A trace dump is a snapshot of the running behavior within the Brocade switch. The dump can be
used by developers and troubleshooters at Brocade to help understand what might be contributing
to a specific switch behavior when certain internal events are seen. For example, a trace dump can
be created each time a certain error message is logged to the system error log. Developers can
then examine what led up to the message event by studying the traces.
Tracing is always “on.” As software on the switch executes, the trace information is placed into a
circular buffer in system RAM. Periodically, the trace buffer is “frozen” and saved. This saved
information is a “trace dump.”
A trace dump is generated when:
•
•
•
•
•
It is triggered manually (use the traceDump command).
A critical-level LOG message occurs.
A particular LOG message occurs (use the traceTrig command to set up the conditions for this).
A kernel panic occurs.
The hardware watchdog timer expires.
(For information about the traceDump and traceTrig commands, see the Fabric OS Command
Reference.)
The trace dump is maintained on the switch until either it is uploaded to the FTP host or another
trace dump is generated. If another trace dump is generated before the previous one is uploaded,
the previous dump is overwritten.
When a trace dump is generated, it is automatically uploaded to an FTP host if automatic FTP
uploading is enabled.
Web Tools Administrator’s Guide
53-1000606-01
143
11
Managing trace dumps
Using the Trace tab of the Switch Administration window, you can view and configure the trace FTP
host target and enable or disable automatic trace uploads.
FIGURE 62
Trace tab
How a trace dump is used
The generation of a trace dump causes a CRITICAL message to be logged to the system error log.
When a trace dump is detected, issue the supportSave command on the affected switch. This
command packages all error logs, the supportShow output, and trace dump, and moves these to
your FTP server. You can also configure your switch to automatically copy trace dumps to your FTP
server (see “Setting up automatic trace dump transfers,” next).
In addition to automatic generation of trace dumps on faults, you can also generate a trace dump
manually or when certain system error messages are logged. This is normally done with assistance
from Brocade customer support when diagnosing switch behavior.
For details on the commands, see the Fabric OS Command Reference.
Setting up automatic trace dump transfers
You can set up a switch so that diagnostic information is transferred automatically to a remote
server. Then, if a problem occurs you can provide your customer support representative with the
most detailed information possible. To ensure the best service, you should set up for automatic
transfer as part of standard switch configuration, before a problem occurs.
144
Web Tools Administrator’s Guide
53-1000606-01
Managing trace dumps
11
Setting up for automatic transfer of diagnostic files involves the following tasks:
• Specify a remote server to store the files.
• Enable the automatic transfer of trace dumps to the server. (Trace dumps overwrite each other
by default; sending them to a server preserves information that would otherwise be lost.)
You should also set up a periodic checking of the remote server so that you are alerted if the server
becomes unavailable and you can correct the problem. See the Fabric OS Administrator’s Guide for
additional information. The following procedures describe in detail the tasks for setting up
automatic transfer.
Specifying a remote server
You can perform this task only if the switch belongs to Admin Domain you are logged into.
1. Open the Switch Administration window.
2. Click the Trace tab.
3. Type the FTP host IP address, path of the remote directory in which to store the trace dump
files, FTP user name, and FTP password in the appropriate fields.
The IP address can be IPv4 or IPv6 format, or a DNS name.
The password is optional if you log in as an anonymous user.
4. Click Apply.
Enabling automatic transfer of trace dumps
You can perform this task only if the switch belongs to Admin Domain you are logged into.
1. Open the Switch Administration window.
2. Click the Trace tab.
3. Select Enable in the Auto FTP Upload section to enable automatic uploading of the trace dump
to the FTP host.
4. Click Apply.
Disabling automatic trace uploads
If automatic uploading of a trace dump is disabled, you must manually upload the trace dump or
else the information is overwritten when a subsequent trace dump is generated.
You can perform this task only if the switch belongs to Admin Domain you are logged into.
1. Open the Switch Administration window.
2. Click the Trace tab.
3. Select Disable in the Auto FTP Upload section to disable automatic uploading of the trace
dump to the FTP host.
4. Click Apply.
Web Tools Administrator’s Guide
53-1000606-01
145
11
Displaying switch information
Displaying switch information
This section describes how to display information about the physical components of the switch
(such as fan, temperature, and power supply) as well as how to display other detailed switch
information (such as firmware and IP address).
The Fan, Temperature, and Power Status windows have Export, Copy, and Search options at the top
of the tables. These options are not available if the table does not have any content.
You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the
functionality of Export and Copy.
• Click Export to save the contents of the table to a tab-delimited file.
• Click Copy to copy the contents of the table in tab-delimited text format to a file.
• Click Search to search for a specific text string in the table.
Type the text string in the box that displays on the table, as shown in Figure 63, and press Enter.
This is an incremental search and allows 24 maximum characters including wildcards question
mark (?) and asterisk (*). The first row containing the text string is highlighted. To find the next
match, hit the down arrow. To find the previous match, hit the up arrow. If the text is not found in
the table, the text turns red.
FIGURE 63
Temperature Sensor States window
Viewing detailed fan hardware status
The icon on the Fan button indicates the overall status of the fans. For more information about the
switch fan, refer to the appropriate hardware documentation.
You can display status information about the fans, as shown in Figure 64.
146
Web Tools Administrator’s Guide
53-1000606-01
Displaying switch information
FIGURE 64
11
Fan States window
The Fan No. column indicates either the fan number or the fan FRU number, depending on the
switch model. A fan FRU can contain one or more fans.
• For Brocade 48000 directors and Brocade 4100, 4900, 5000, and 7500 switches, the Fan
No. column indicates the fan FRU number.
• The Brocade 200E, 4012, 4016, 4018, 4020, and 4024 switches do not contain fan FRUs, so
for these switch models, the Fan No. column indicates the fan number.
NOTE
For these switches, if the Fan Status window has no “Fan Speed” column, the speed is not
monitored.
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View. The icon on the Fan button indicates the
overall status of the fan.
2. Click the Fan button.
The detailed fan status for the switch is displayed, as shown in Figure 64.
Viewing the temperature status
The icon on the Temp button indicates the overall status of the temperature. For more information
regarding switch temperature, refer to the appropriate hardware documentation.
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View. The icon on the Temp button indicates the
overall status of the temperature.
2. Click the Temp button on the Switch View.
The detailed temperature sensor states for the switch are displayed, as shown in Figure 65.
Web Tools Administrator’s Guide
53-1000606-01
147
11
Displaying switch information
FIGURE 65
Temperature Sensor States window
Viewing the power supply status
The icon on the Power button indicates the overall status of the power supply status. For more
information regarding switch power modules, refer to the appropriate hardware documentation.
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View. The icon on the Power button indicates the
overall status of the power supply.
2. Click the Power button on the Switch View.
The detailed power supply states are displayed.
FIGURE 66
Power Status window
Checking the physical health of a switch
The Status button displays the operational state of the switch. The icon on the button displays the
real-time status of the switch.
If no data is available from a switch, the most recent background color remains displayed.
For all statuses that are based on errors per time interval, any errors cause the status to show
faulty until the entire sample interval has passed.
If the switch status is marginal or critical, information on the trigger that caused that status is
displayed in the Switch Information view.
148
Web Tools Administrator’s Guide
53-1000606-01
Displaying switch information
11
Click the Status button to display a detailed, customizable switch status report, shown in Figure 67.
Note that this is a static report and not a dynamic view of the switch.
FIGURE 67
Switch Report window
1. Select a switch from the Fabric Tree.
The selected switch appears in the Switch View. The icon on the Status button indicates the
overall status of the switch.
2. Click the Status button on the Switch View.
The detailed switch health report is displayed, as shown in Figure 67.
3. Optional: Click the underlined links in the left panel to display detailed information about ports
and Switch Availability Monitoring (SAM).
NOTE
The Port Detail Report and Switch Availability Monitor (SAM) reports display the details of only
those ports which are members of the current Admin Domain context and the E_Ports of the
switch.
4. Optional: Hover the cursor over the Action bar (see Figure 68) and click an action to:
• Refresh the information displayed in the report
• Customize the report
• View the data in raw XML format
Web Tools Administrator’s Guide
53-1000606-01
149
11
Interpreting port LEDs
• View the style sheet for the report
• View the XML schema for the report
FIGURE 68
Switch Report Action menu
Interpreting port LEDs
The Switch View displays port graphics with blinking LEDs, simulating the physical appearance of
the ports. One of the LEDs indicates port status; the other indicates port speed. For LED
information, refer to the hardware documentation for the switch you are viewing. (The blink rate of
the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical
switch.)
NOTE
Some Brocade switches and port blades do not have port speed LEDs, but only port status LEDs.
150
Web Tools Administrator’s Guide
53-1000606-01
Interpreting port LEDs
11
Port icon colors
The background color of the port icon indicates the port status, as follows:
•
•
•
•
•
•
Green (healthy)
Yellow (marginal)
Red (critical)
Gray (unmonitored)
If the entire port icon is blue, the port is buffer-limited.
If a group of port icons appears dimmed, those ports are not licensed.
LED representations
The port icons are different for different switch models. Figure 69 shows E_Port port icons and
associated LEDs from a Brocade 4100 switch.
For the Brocade 4100, the top row of LEDs corresponds to the upper port, and the bottom row of
LEDs corresponds to the lower port.
Brocade 4100
FIGURE 69
Port and LED status color-coded information in the Port icon in Switch View
Brocade 48000 Director LEDs
For the Brocade 48000 director, the representation of the port LEDs on the FC4-32 port blade is
not the same as the LEDs on the physical blade. Figure 70 on page 152 compares the LEDs on the
physical port card and the Web Tools display.
Web Tools Administrator’s Guide
53-1000606-01
151
11
Interpreting port LEDs
Web Tools Representation
Physical Port Card
3
1
!
2
1
!
2
4
3
4
FC4
32
1. Port Speed LED for the right port
2. Port Status LED for the right port
3. Port Speed LED for the left port
4. Port Status LED for the left port
FIGURE 70
152
Port LEDs for the FC4-32 port blade in the Brocade 48000
Web Tools Administrator’s Guide
53-1000606-01
Chapter
12
Administering Fabric Watch
In this chapter
This chapter contains the following sections:
• Introduction to Fabric Watch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Using Fabric Watch with Web Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring Fabric Watch thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring alarms for FRUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Displaying Fabric Watch alarm information . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring email notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
153
154
155
158
159
160
Introduction to Fabric Watch
Fabric Watch is a Brocade optionally-licensed feature that monitors the performance and status of
switches. Fabric Watch can automatically alert you when problems arise, before they become costly
failures.
NOTE
Fabric Watch is view-only if you do not own the switch. Owning ports on a switch is not enough to
enable Fabric Watch on that switch.
To use Fabric Watch, you must have a Fabric Watch license installed on the switch.
Fabric Watch tracks a number of SAN fabric elements, events, and counters. For example, Fabric
Watch monitors:
• Fabric resources, including fabric reconfigurations, zoning changes, and new logins.
• Switch environmental functions, such as temperature, power supply, and fan status, along with
security violations.
• Port state transitions, errors, and traffic information for multiple port classes as well as
operational values for supported models of Finisar “Smart” GBICs/SFPs.
• Performance information for AL_PA, end-to-end, and SCSI command metrics.
Fabric Watch lets you define how often to measure each switch and fabric element and allows you
to specify notification thresholds. Whenever fabric elements exceed these thresholds, Fabric Watch
automatically provides notification using several methods, including email messages, SNMP traps,
and log entries.
For detailed information regarding Fabric Watch, see the Fabric Watch Administrator’s Guide.
Web Tools Administrator’s Guide
53-1000606-01
153
12
Using Fabric Watch with Web Tools
Using Fabric Watch with Web Tools
To administer Fabric Watch operations through the Web Tools Fabric Watch feature, click the Fabric
Watch link in the Manage section of the Tasks menu.
NOTE
Unless the switch is a member of the current Admin Domain context, Fabric Watch is view-only.
FIGURE 71
The Fabric Watch window
Fabric Watch Explorer, on the left side of the window, displays the available classes. Not all classes
are available for all switches. The status bar at the bottom of the window provides you with a
summary of the actions, and the date and time the module was last updated.
You should use Fabric Watch to:
• Configure custom threshold values on particular elements.
• Place limits on the acceptable values of those elements and enable the custom limits
(configure threshold boundaries).
• Configure Fabric Watch to alert you to errant values.
• Configure Fabric Watch to identify unacceptable values (threshold traits).
154
Web Tools Administrator’s Guide
53-1000606-01
Configuring Fabric Watch thresholds
12
Opening the Fabric Watch window
1. Select a switch from the Fabric Tree and log in if necessary.
2. Click Fabric Watch in the Manage section of the Tasks menu.
The Fabric Watch window opens, as shown in Figure 71.
Configuring Fabric Watch thresholds
The Threshold Configuration tab enables you to configure event conditions. From this tab, you
configure threshold traits, alarms, and email configuration.
Use the procedures in this section to configure threshold traits for all classes except for the FRU
class. Use the procedure described in “Configuring alarms for FRUs” on page 158 for the FRU
class.
Configuring threshold traits
Configure threshold traits to define a threshold for a particular class and area. You can configure
the following traits for a threshold:
•
•
•
•
•
Unit—The string used to define the units of measurement for the area
Time Base—The time base (second, minute, hour, day) for the area
Low Boundary—The low threshold for the event-setting comparisons
High Boundary—The high threshold for the event-setting comparisons
Buffer Size—The size of the buffer zone used in event-setting comparisons
1. Open Fabric Watch window.
2. Click the Threshold Configuration tab.
Web Tools Administrator’s Guide
53-1000606-01
155
12
Configuring Fabric Watch thresholds
FIGURE 72
Threshold configuration in Fabric Watch
3. Click the Trait Configuration subtab.
4. In Fabric Watch Explorer, click a class.
5. Under Area Selection, choose an area from drop-down list.
This sets the units in the Units field.
The module displays two columns of trait information, labeled System Default and Custom
Defined. You cannot modify the information in the System Default column.
6. In the Activate Level area:
• Click the System Default radio button to use the system default settings and proceed to
step 11.
or
• Click the Custom Defined radio button to specify new settings and proceed to the next
step.
7.
If necessary, select a time to record the event in the Time Base field.
8. Type the lowest boundary of the normal zone in the Low Boundary field.
9. Type the highest boundary of the normal zone in the High Boundary field.
10. Type the size of the buffer zone in the Buffer Size field.
11. Click Apply.
156
Web Tools Administrator’s Guide
53-1000606-01
Configuring Fabric Watch thresholds
12
Configuring threshold alarms
After you update the threshold information, use the Alarm Configuration subtab to customize the
notification settings for each event setting.
1. Open the Fabric Watch window.
2. Click the Threshold Configuration tab.
3. Click the Alarm Configuration subtab.
4. In Fabric Watch Explorer, click a class.
5. Under Area Selection, choose an area from drop-down list.
The module displays two tables of alarm configuration information, labeled System Default
and Custom Defined. You cannot modify the information in the System Default table.
6. In the Activate Level area:
• Click the System Default radio button to use the system default settings and proceed to
step 11.
or
• Click the Custom Defined radio button to specify new settings and proceed to the next
step.
7.
Select the check box for the type of notification method you want to use for each event type
(Changed, Below, Above, Inbetween). The available alarm actions are ERROR_LOG,
SNMP_TRAP, RAPI_TRAP, PORT_LOG_LOCK, and EMAIL_ALERT.
8. Click Apply.
Enabling or disabling threshold alarms for individual elements
Use the Element Configuration subtab to configure element-specific alarm settings.
1. Open the Fabric Watch window.
2. In Fabric Watch Explorer, select a class.
You can set alarms for information on a switch only if that information is monitored by Fabric
Watch for that switch; not all alarm options are available for all switches. For more information,
see the Fabric Watch Administrator’s Guide.
3. Click the Threshold Configuration tab.
4. Under Area Selection, choose the area with the alarms that you want to enable or disable.
5. Click the Element Configuration subtab.
6. Click an element from the Element Selection menu.
7.
In the Status area:
• To disable threshold alarms, click Disabled and click Apply. The threshold alarms are
disabled and you do not need to continue with this procedure.
• To enable threshold alarms, click Enabled and continue with the next step.
8. Select a behavior type for the threshold alarms:
Web Tools Administrator’s Guide
53-1000606-01
157
12
Configuring alarms for FRUs
• Click Triggered to receive threshold alarms only when they are triggered by events that you
have defined.
• Click Continuous to receive threshold alarms at a continuous interval. Select a time
interval in which to receive the threshold alarms from the Time Interval menu.
9. Click Apply.
10. Optional: Apply the selections on this panel to multiple elements simultaneously.
a.
Click Apply More.
The Multiple Selection dialog box displays.
b.
Click the boxes next to the indices of all applicable elements.
c.
Click OK.
Configuring alarms for FRUs
Configuration for the FRU class is different than configuration for the other classes. Because FRUs
are not monitored through a threshold-based system, they have a simpler interface for
configuration. For FRUs, you configure the states for which an event occurs, as described in the
following procedure.
1. Open the Fabric Watch window.
2. Click the Threshold Configuration tab.
3. In Fabric Watch Explorer, click a FRU class.
4. Under Area Selection, choose a FRU type from the drop-down list.
5. Click the alarm states for which you want an event to register. Whenever a FRU of the selected
type is detected to be in one of the selected states, an event will occur.
6. Click the methods by which you want to be notified about the FRU alarms. For FRUs, the only
options are error log and email alert.
7.
Click Apply to apply the changes to the switch.
A confirmation dialog box displays, asking if you want to apply the changes to the switch.
8. Click OK in the confirmation dialog box to save the changes to the switch.
158
Web Tools Administrator’s Guide
53-1000606-01
Displaying Fabric Watch alarm information
12
Displaying Fabric Watch alarm information
From Fabric Watch, you can view two types of reports:
• Alarm notifications—Displays the alarms that have occurred for a selected class/area
• Alarm configuration—Displays threshold and alarm configurations for a selected class/area
Viewing an alarm configuration Report
Use the Threshold Configuration tab, Configuration Report subtab to display a report of the
configuration for a selected class/area with the following information:
• Threshold settings (labeled Threshold Configuration)
• Notification settings (labeled Action Configuration)
• Element settings (not labeled)
You can scroll through this information but cannot make changes.
1. Open the Fabric Watch window.
2. Click the Threshold Configuration tab.
3. Click a previously configured element from Fabric Watch Explorer (see “Enabling or disabling
threshold alarms for individual elements” on page 157).
4. Under Area Selection, click the alarm area report to be viewed.
5. Click the Configuration Report subtab.
This tab displays a report of the configuration for the selected area.
Displaying alarms
Using the Alarm Notification tab, you can view a list of all alarms that have occurred for a selected
class/area (see Figure 71 on page 154). Table 9 describes the columns in this report. You can click
the header of each column to change the way the information is sorted in your view. You can also
right-click the column header and choose sort options from a menu.
NOTE
Note that for the FRU class, only the Name, State, and Time columns are displayed. In addition, if
the FRU area is Fan, the Name column refers to either a fan or a fan FRU, depending on the switch
model. See “Viewing detailed fan hardware status” on page 146 for more information.)
TABLE 9
Alarm notification table fields
Field
Description
Name
The string assigned to the element that had an event
State
The current state of the element
Reason
The event type that was triggered
Last Value
The data value of the element when the event was triggered
Current Value
The current data value of the element
Time
Time when the event occurred
Web Tools Administrator’s Guide
53-1000606-01
159
12
Configuring email notifications
1. Open the Fabric Watch window.
2. In Fabric Watch Explorer, select the class that you want to check for alarms.
3. Click the Alarm Notification tab.
4. In Area Selection, select the area that you want to check for alarms from the drop-down list.
All alarms for that area display.
For troubleshooting responses to alarms, see the Fabric Watch Administrator’s Guide.
Configuring email notifications
You can be notified of an alarm condition through an email alert. If you have configured alarms to
send an email notification, you must also configure the email server and the email recipient, as
described in the following sections.
Configuring the email server on a switch
You must set up the email notification recipient’s DNS server and domain name on each switch for
which email notification is enabled.
When you set up the email notification local network’s DNS server and domain name for the
Brocade 48000 directors, it is on a logical-switch basis. This means that for each logical switch, you
must set up the email notification recipient’s DNS server and domain name individually.
1. Open the Switch Administration window as described on page 29.
2. Click the Switch tab.
3. In the DNS Configuration area, in the DNS Server 1 field, type the primary domain Name
Server IP address.
You can enter the IP address in IPv4 or IPv6 format.
4. In the DNS Server 2 field, type the secondary domain server IP address.
You can enter the IP address in IPv4 or IPv6 format.
5. In the Domain Name field, type the domain name (between 4 and 32 characters).
6. Click Apply.
Configuring the email alert
You can set a different email alert configuration for each class. For example, you can set one email
notification for SFPs and another for E_Ports. Before configuring email alert recipients, you must
set up the email notification recipient’s DNS server and domain name.
1. Open the Fabric Watch window.
2. Click the Email Configuration tab.
3. Click the Enable or Disable radio button to enable or disable the email alert status.
When you disable email alerts, Fabric Watch does not send email notification even if the email
notification method is assigned to monitored areas.
160
Web Tools Administrator’s Guide
53-1000606-01
Configuring email notifications
12
4. Type the email address of the recipient in the Recipient Email Address text box. Messages are
sent to this address when email notification is enabled.
NOTE
Email addresses must not exceed 128 characters.
5. Click Apply.
6. Optional: Click Send Test Email to receive a test email so you can verify the email notification is
working correctly. You can send a test email only after you have applied your settings.
FIGURE 73
Web Tools Administrator’s Guide
53-1000606-01
Fabric Watch Email Configuration tab
161
12
162
Configuring email notifications
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Administering Extended Fabrics
13
In this chapter
This chapter contains the following information:
• “About extended link buffer allocation,” next
• “Configuring a port for long distance” on page 165
About extended link buffer allocation
The Extended Fabric tab of the Switch Administration window displays information about the port
speed, long-distance setting, and buffer credits, as shown in Figure 74 on page 164. Use this tab to
configure the long-distance setting of a port. Because buffer credits are a switch resource, you
must own the switch in order to modify Extended Fabric settings on a port.
For detailed information on managing extended fabrics, see the Fabric OS Administrator’s Guide.
NOTE
You do not need to use the Extended Fabrics feature unless the link is used over long distances.
The Extended Fabric tab displays the following information:
• Port Number
• Buffer Limited—Indicates whether the port is buffer limited. A buffer-limited port can come
online with fewer buffer credits allocated than its configuration specifies, allowing it to operate
at a reduced bandwidth instead of being disabled for lack of buffers.
Buffer-limited operation is supported for the L0 and LD extended ISL modes only and is
persistent across reboots, switch disabling and enabling, and port disabling and enabling.
• Port Speed—The port speed is displayed as follows:
• 1G—1 Gbit/sec
• 2G—2 Gbit/sec
• 4G—4 Gbit/sec
• 8G—8 Gbit/sec
• N1—Negotiated 1 Gbit/sec
• N2—Negotiated 2 Gbit/sec
• N4—Negotiated 4 Gbit/sec
• Auto-Negotiation
• Buffer Needed/Allocated—The number of buffers needed and the number of buffers that are
actually allocated.
• Actual Distance (km)—The actual distance for the link in kilometers.
Web Tools Administrator’s Guide
53-1000606-01
163
13
About extended link buffer allocation
• Desired Distance (km)—Required for a port configured in LD or LS mode (see Table 10 on
page 164), the desired distance, in kilometers, for the link.
For an LD-mode link, the desired distance is used as the upper limit of the link distance to
calculate buffer availability for other ports in the same port group. If the measured distance is
more than the desired distance, the desired distance is used to allocate the buffers. In this
case, the port operates in degraded mode instead being disabled due to insufficient buffers.
For an LS-mode link, the actual distance is not measured; instead the desired distance is used
to calculate the buffers required for the port.
• Long Distance—Table 10 describes the long-distance settings and identifies which settings
require a Brocade Extended Fabrics license.
FIGURE 74
Extended Fabric tab
For Brocade DCX Director, the slots for CP are not available.
TABLE 10
164
Long-distance settings and license requirements
Value
Description
Extended Fabrics License
Required?
L0
No long-distance setting is enabled. The maximum supported link distance is
10 km, 5 km, or 2.5 km for ports at speeds of 1 Gbit/sec, 2 Gbit/sec, and 4
Gbit/sec, respectively.
No
LE
Extended normal setting is enabled, 10 km (6 miles) or less.
No
Web Tools Administrator’s Guide
53-1000606-01
Configuring a port for long distance
TABLE 10
13
Long-distance settings and license requirements (Continued)
Value
Description
Extended Fabrics License
Required?
LD
Dynamic setting is enabled. Buffer credits for the given E_Port are
dynamically configured based on the actual link distance, as long as this is
less than the desired distance. If the actual link distance exceeds the
desired distance, the desired distance is used to allocate the buffers.
The LD-level link can operate at distances up to 500 km at 1 Gbit/sec, 250
km at 2 Gbit/sec, or 125 km at 4 Gbit/sec, depending on the switch platform
and the availability of frame buffers within the port group.
Yes
LS
Static setting is enabled. Buffer credits for the given E_Port are statically
configured based on the desired link distance.
The LS-level link can operate at distances up to 500 km at 1 Gbit/sec, 250
km at 2 Gbit/sec, or 125 km at 4 Gbit/sec, depending on the switch platform
and the availability of frame buffers within the port group
Yes
NOTE
Because buffer credits are a switch resource, you must own the switch in order to modify Extended
Fabric settings on a port.
Configuring a port for long distance
When you configure a long-distance ISL, ensure that the ports on both sides of the ISL have the
same configuration, to avoid fabric segmentation.
1. Open the Switch Administration window as described on page 29.
2. Click the Extended Fabric tab.
3. This step is switch-specific:
For Brocade 48000 directors, click the slot subtab that corresponds to the correct slot for the
logical switch.
For Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, and 7500 switches,
proceed directly to the next step.
4. Select a distance that corresponds to the port from the Long Distance drop-down menu.
Depending on the distance selected, this might require an optional license. For information
about the various distances, see Table 10.
If you select a long-distance setting of LD or LS, you must also type a value in the Desired
Distance column for that port number:
a.
Double-click the Desired Distance field for the port, as shown in Figure 74.
b.
Type a number in the field to indicate the distance in kilometers. The allowed values
depend on the port capability:
• If the port capability is 4 GB, type a number between 10 and 125, inclusive.
• If the port capability is 2 GB, type a number between 10 and 250, inclusive.
• If the port capability is 1 GB, type a number between 10 and 500, inclusive.
Web Tools Administrator’s Guide
53-1000606-01
165
13
Configuring a port for long distance
This value is the upper limit for calculating buffer availability for other ports in the same
port group. If the actual distance is more than the desired distance, the port operates in
buffer-limited mode.
c.
Press Enter or click another port entry for the value to be accepted.
5. Click Apply.
166
Web Tools Administrator’s Guide
53-1000606-01
Chaptery
Administering the iSCSI Target Gateway
14
This chapter describes how to use the iSCSI Target Gateway. The gateway is an intermediate device
in the network, allowing iSCSI initiators in an IP SAN to access and utilize storage in a Fibre Channel
SAN.
In this chapter
• Supported platforms for iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
• About the iSCSI service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
• Setting up iSCSI Target Gateway Services . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Supported platforms for iSCSI
The iSCSI target gateway service is supported only on the Brocade 48000 director with CP blades
running Fabric OS 6.0.0 and configured with an FC4-16IP blade (see the Fabric OS Administrator’s
Guide for more information).
About the iSCSI service
The Web Tools iSCSI Target Gateway Admin module conducts all management tasks related to the
iSCSI target gateway service. Although iSCSI service is fabric wide, you can manage the iSCSI target
gateway service through any iSCSI-capable switch in a fabric. Any applied iSCSI target gateway
change is propagated and enforced to the whole fabric. Web Tools, as an element management
tool, allows you to manage iSCSI target gateway service through one switch.
Through the iSCSI Target Gateway Admin module, you are able to conduct iSCSI target
gateway-related management tasks, such as creating and managing iSCSI virtual targets,
managing iSCSI sessions and iSCSI authentications, and editing discovery domains sets that
enforce iSCSI device access control. The iSCSI port configuration is available to both the iSCSI
Target Gateway Admin module and the port management module.
Web Tools, as a GUI-based SAN element management tool, can recognize and manage the
FC4-16IP port blade in the Brocade 48000 director chassis and all Fibre Channel ports and GbE
ports on the blade.
When a GbE port is configured to support iSCSI, it can transport SCSI traffic over an IP network.
Each GbE port has a unique IP address called an “iSCSI target portal” and each port supports 64
iSCSI sessions. The TCP/IP stack at the port provides support for multiple TCP connections over a
single GbE port.
In Web Tools, ports are addressed using slot number and port number notation (for example, 2,16).
• For Fibre Channel ports on the FC4-16IP blade, the range of ports will be 0 through 7.
Web Tools Administrator’s Guide
53-1000606-01
167
14
About the iSCSI service
• For GbE ports on the FC4-16IP blade, the port numbers shall range from ge0 through ge7. The
FC4-16IP blade does not support FCIP functionality.
The iSCSI standard defines several naming conventions to enable location-independent device
identification of storage resources. The FC4-16IP blade recognizes the IQN (iSCSI Qualified Name)
formatted iSCSI initiator node name. For example, an iSCSI target name of “iSCSI tgt” will be
presented as follows:
iqn.2002-12.com.brocade:ISCSItgt
Once an IQN is defined, you can then map LUN devices to the IQN name.
Common Functions in the iSCSI Target Gateway Admin module
Export, Copy, and Search links are displayed at the top of each tab.
NOTE
You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the
functionality of Export and Copy.
• Click Export to save the contents of the table to a tab-delimited file. For CHAP, the secret is still
encrypted.
• Click Copy to copy the contents of the table in tab-delimited text format to a file.
• Click Search to search for a specific text string in the table.
Type a text string in the box that displays on the table, as shown in Figure 75, and press Enter.
This is an incremental search and allows 24 maximum characters including the wildcard
characters: question mark (?) and asterisk (*). The first row containing the text string is
highlighted. To find the next match, press the down arrow. To find the previous match, press
the up arrow.
If the text is not found in the table, the text appears in red.
FIGURE 75
168
Search screen
Web Tools Administrator’s Guide
53-1000606-01
About the iSCSI service
14
Terminology
iSCSI target gateway services requires you to understand some additional terminology. Following
are terms that will be used in this document to explain how the iSCSI target gateway is
implemented.
TABLE 11
iSCSI gateway services terminology
Term
Definition
iSCSI
Internet-SCSI. A transport carrier of the SCSI protocol over IP.
iSCSI target gateway
An intermediate device in the network that allows the iSCSI initiators in an IP SAN to
access and utilize storage in a Fibre Channel SAN. the FC4-16IP AP blade in a
Brocade 48000 director functions as an iSCSI target gateway.
iSCSI port
A special GbE port used for iSCSI only. A Fibre Channel virtual initiator is created
behind each iSCSI port running as a proxy Fibre Channel initiator.
iSCSI virtual target
A unique target device in the IP SAN that contains LUNs from the real Fibre Channel
targets and is identified by an IQN.
iSCSI initiator
A device that begins an iSCSI transaction by issuing a command to another device
(the iSCSI target), giving it a task to perform. Typically, an iSCSI host adapter is the
initiator but targets can also become initiators.
iSCSI session
An iSCSI session is the basic communication “pipe” from an iSCSI initiator to an
iSCSI target. A session is a group of TCP/IP connections that link an initiator with a
target (loosely equivalent to a SCSI I-T nexus).
LUN mapping
Logical Unit Number mapping. The mapping of the virtual iSCSI target and the
physical Fibre Channel target One frontend LUN (VT LUN) maps to a backend LUN
(Fibre Channel LUN). The frontend LUN numbers can be different from the backend
LUN numbers.
Fibre Channel LUN
The LUN identifier of the Fibre Channel target.
VT LUN
Virtual target LUN. The LUN identifier of the iSCSI virtual target.
Fibre Channel virtual
initiator
(FC-VI) The iSCSI port looks like an F_Port to the rest of the system. There is one
Fibre Channel virtual initiator per iSCSI. The Fibre Channel proxy initiator solution is
used. FC-VI registers to the Name Server with its symbolic port name (PWWN) and
node name (NWWN). The FC-VI in the Name Server entry is created irrespective of
the host connectivity.
discovery domain (DD)
Created between and iSCSI host and iSCSI targets using their IQN for the purpose of
iSCSI device access control.
discovery domain set
(DDSet)
Created using DDs. Can be configured to enable or disable the configuration for the
purpose of iSCSI device access control.
CHAP authentication
Authenticates the initiators against a list of user names and passwords with CHAP
(Challenge Handshake Authentication Protocol) authentication in either one-way or
mutual.
IQN
An iSCSI Qualified Name that indicates an iSCSI node name in a form that is of
human readable notation using the following syntax:
iqn.yyyy-mm.<reverse of DNS>:<optional iSCSI unique string>
GbE port
Gigabit Ethernet port. Uses a copper CAT-5e cable for an IP connection to an RJ-45
copper connector. FC4-16IP has 8 ports of this type that support 1 Gbps speed.
PDU
Protocol Data Unit. A unit of data with a header and an optional data section.
For additional information about iSCSI target gateway, see the Fabric OS Administrator’s Guide.
Web Tools Administrator’s Guide
53-1000606-01
169
14
Setting up iSCSI Target Gateway Services
Saving Changes
There are several ways to save changes on the switch and apply them to the fabric (applies to the
iSCSI Target Gateway Admin module only):
• Apply—Click Apply and your changes will be transfered from the Web Tools database to the
switches database and distributed throughout the fabric.
• Abort—Click Abort to cancel the changes before saving them. The configuration is restored to
the last saved data point.
• Clear All—The Clear All button, located in the menu bar of the iSCSI module, has the ability to
clear all parameters of the iSCSI target gateway databases, including virtual targets, iSCSI
initiators, discovery domains, discovery domain sets, and all CHAP users and associated
secrets. The IP interface information, however, is not deleted.
The Clear All button deletes the information from the database. Before you use the Clear All
function, perform a configUpload and save a backup of the iSCSI target gateway database.
Setting up iSCSI Target Gateway Services
The following procedure provides an overview of the basic steps for setting up iSCSI target gateway
services. The iSCSI Setup wizard guides you through the steps to set up iSCSI connectivity between
IP networks and your Fibre Channel SAN.
Click the Launch Usability Wizard button on the iSCSI Administration window to use the iSCSI Setup
wizard to perform all setup tasks.
You can also perform these tasks from the iSCSI Administration window:
• “Activating the iSCSI Feature” on page 172
• “Configuring the IP Interface” on page 172
• “Managing the iSCSI Virtual Targets” on page 175 (to create iSCSI virtual targets from physical
Fibre Channel targets)
• “Managing Discovery Domains” on page 178 (to allow all iSCSI ports to access to Fibre
Channel physical targets)
• “Managing Discovery Domains” on page 178 (to manage iSCSI device access control through
creating and enabling discovery domain sets)
• “Configuring CHAP” on page 183 (to define access to log in to virtual targets through the
Microsoft iSCSI Initiator.)
• “Configuring an iSCSI Fibre Channel Zone” on page 184)
ATTENTION
After mapping iSCSI targets, do not move the targets out of AD0 by adding them to other Admin
Domains unless you first explicitly add them back to AD0.
170
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
14
Launching the iSCSI Target Gateway Admin Module
When you click iSCSI in the Manage section of the Tasks menu, the iSCSI Administration window
opens. This option is available on all Brocade 48000 switches with option 5 configured and with a
FC4-16IP blade.
NOTE
Since the entire fabric is scanned when you open the iSCSI Administration window, larger fabrics
may take longer to load.
The Target Group is the first pane that comes up and presents all the iSCSI virtual targets and their
mapping to the Fibre Channel targets (physical and virtual) from the fabric. You can create and add
LUNs to the existing iSCSI virtual targets from this group.
When you select an IQN you have the ability to edit or delete virtual targets associated with that
IQN. You can view current sessions and discovery domain accessibility.
FIGURE 76
iSCSI Target Gateway Admin with the Targets tab selected
1. Select a switch from the Fabric Tree and log in, if necessary.
The selected switch appears in Switch View.
Make sure that your Admin Domain Context is either AD0 or AD255.
Generally, the default user Admin Domain is AD0. The recommended practice is to perform all
iSCSI management from AD0; you can make changes from AD255 but you will not be able to
make any zoning changes.
2. Click iSCSI in the Manage section of the Tasks menu.
Web Tools Administrator’s Guide
53-1000606-01
171
14
Setting up iSCSI Target Gateway Services
iSCSI Administration window opens.
NOTE
If the iSCSI Target Gateway Services is disabled, you must click the Enable iSCSI button at the
top of the window to enable the services.
Launching the iSCSI Setup wizard
1. Select a switch from the Fabric Tree and log in, if necessary.
The selected switch appears in Switch View.
Make sure that your Admin Domain Context is either AD0 or AD255.
Generally, the default user Admin Domain is AD0. The recommended practice is to perform all
iSCSI management from AD0; you can make changes from AD255 but you will not be able to
make any zoning changes.
2. Click iSCSI in the Manage section of the Tasks menu.
iSCSI Administration window opens.
3. Click the Launch Usability Wizard button.
Follow the steps in the wizard to complete all the setup tasks.
Activating the iSCSI Feature
A director by default has iSCSI disabled. If a switch has iSCSI disabled or there is no iSCSI virtual
target created yet, WebTools assumes that iSCSI has not been activated.
1. Ensure that the blade is inserted in the director and powered on.
2. Open iSCSI Target Gateway Admin as described on page 171.
3. Click Enable iSCSI.
4. Click Apply.
Configuring the IP Interface
This step configures iSCSI ports (GbE Ports) found on the FC4-16IP. You must have at least one
iSCSI port configured to log into the iSCSI target.
There are two steps in this process:
•
Configure the IP interface for iSCSI port.
•
Configure the IP route for the iSCSI port.
The iSCSI Port Group tab allows you to configure iSCSI ports, displays session details on a port, and
shows the port statistics. It also allows you to view and configure the IP interface and routes that
are located on the IP Interface tab. You can edit or delete the IP address, but you cannot add any
additional IP addresses to this interface.
When you select the switch in the left pane, the right pane lists the tasks you can perform on that
switch in relation to one of the GbE ports.
172
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
14
When you select one of the GbE ports, you can perform the same tasks listed previously: view and
capture statistics related to the port, add or delete IP addresses, add or delete IP routes, view
current sessions, and view the iSCSI statistics in brief.
FIGURE 77
iSCSI Port tab
If an IP address or IP route is already configured on the GbE port, then it will not be editable as any
edits will disrupt any iSCSI traffic.
Configuring the IP route is optional because when an IP address is set up, a route is automatically
set up as well.
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the iSCSI Port tab.
3. In the left pane, select the GbE port that will be used.
4. Select the IP Interface subtab and click Add.
5. Enter the IP address and subnet mask.
6. Enter the MTU size or accept the default MTU size and click Add.
Editing an IP Address
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Select the iSCSI Port tab.
3. From the left pane, select the GbE port that will be used.
Web Tools Administrator’s Guide
53-1000606-01
173
14
Setting up iSCSI Target Gateway Services
4. Select the IP Interface subtab and select the item on the tab.
5. Click Edit.
6. Click OK when you receive the Warning dialog box.
FIGURE 78
7.
Edit IP Interface dialog box
Enter the subnet mask.
8. Enter the MTU size or accept the default MTU size and click OK.
NOTE
To change the IP address, delete the current IP address and re-create it. You will not be allowed
to create an additional IP address for this interface, as there can be only one IP address per
interface.
Configuring the IP route (optional)
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Select the iSCSI Port tab.
3. From the left pane, select the GbE port that will be used.
4. Select the IP Routes tab.
5. Click Add.
FIGURE 79
Add IP Route dialog box
6. Enter the IP address, subnet mask, and gateway IP address, and the metric.
7.
174
Click Add.
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
14
Editing the IP route
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the iSCSI Port tab.
3. From the left pane, select the GbE port that will be used.
4. Select the IP Routes tab.
5. Click Edit.
A warning dialog box appears.
6. Click OK.
7.
Enter a new value for the metric.
8. Click OK.
If you want to change a value other than the metric, you will need to delete this route and create
another in its place.
Managing the iSCSI Virtual Targets
iSCSI virtual target creation is the first pane in the iSCSI Target Gateway Admin module. The iSCSI
Virtual Target wizard provides two ways to create iSCSI targets: Create and Easy Create. Both
procedures are simple to use, but Create allows you to double check your work several times before
committing the changes.
You can edit a virtual target even when there is an active iSCSI session.
Creating iSCSI virtual targets
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the Targets tab.
3. Click Create.
The VT Configuration Wizard opens.
Web Tools Administrator’s Guide
53-1000606-01
175
14
Setting up iSCSI Target Gateway Services
FIGURE 80
VT Configuration Wizard
4. Enter an IQN.
The text field will display the value “iqn” and you need to enter the remaining data.
5. Click Add LUNs.
6. On LUN Addition Dialog, select LUNs to add.
You will need to expand each unit until you get to the actual LUN.
7.
Click Add LUN(s).
This will add the selected LUNs to your virtual target.
8. Click Next and click Finish.
Using Easy Create
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the Targets tab.
3. Click Easy Create.
176
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
FIGURE 81
14
Easy VT Creation Dialog
4. Follow the instructions in the wizard to create a virtual target in iSCSI.
The wizard is self-explanatory, so the individual steps are not described in this document.
NOTE
When you click Add in the Easy VT Creation dialog, virtual targets are created for all the
available physical targets in a 1:1 combination. If you add the virtual target using the Add
button and click OK, the virtual target will be created for only the physical targets that were
selected.
Editing an iSCSI Target
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the Targets tab.
3. Select the IQN in the left pane of where you want to edit the targets.
4. Click Edit.
The VT Configuration wizard opens.
5. Follow the instructions in the wizard to edit an iSCSI virtual target.
The wizard is self-explanatory, so the individual steps are not described in this document.
NOTE
The Remove LUN(s) button is available only for virtual targets that have not been fully
initialized as a target.
Web Tools Administrator’s Guide
53-1000606-01
177
14
Setting up iSCSI Target Gateway Services
Searching for a specific Fibre Channel target in the Creation wizard
1. Click the Search link.
2. Input the <domain,port>, partial WWN, or vendor name, or a combination of these values.
3. Click Next.
The search result will be shown as selected nodes in the Fibre Channel target tree. No changes
will be made if search criteria do not match.
Viewing iSCSI Initiators
When you set up the iSCSI target gateway on a switch, all initiators may not be online yet, but the
initiators will automatically be picked up and displayed in the Initiators tab. The table size grows
automatically to show the initiators.
This view presents all iSCSI initiators (hosts) and their associated mappings. You can view iSCSI
initiator sessions here.
FIGURE 82
Initiator group
Managing Discovery Domains
In this step, you configure discovery domains and discovery domain sets for managing iSCSI device
access control. The Discovery Domains pane displays all discovery domains and discovery domain
sets and allows you to manage them.
When you select DDInfo in the tree in the left pane, you can create a discovery domain. If you select
an object in the discovery domain set listed you can view, create, edit, delete, enable, or disable
any of the discovery domain information contained in each object. If you select a discovery domain
object, you can edit or delete the data contained in the object.
Discovery domains are placed in a discovery domain set.
178
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
FIGURE 83
14
Discovery Domain group
About Discovery Domains (DD)
In the Create DD wizard you can configure the DD, add DDs to DDSets, and view the confirmation
report.
NOTE
When you create new DDs, you specify a DD name, but you cannot edit or change the name when
you edit the DDs.
When you launch the DD or DDSet wizard, you can add or remove virtual targets to the selected DD
or DDSet. The wizard displays all available initiators and targets grouped by initiators and targets
on the left side. Depending on how the wizard is launched, the right side will be blank or list current
members of the DD being used:
• When the wizard is launched using Create, the list at the right is blank.
• When the wizard is launched using Edit, the list at the right displays current members of the
DD being viewed.
Discovery domains can be created with virtual targets, iSCSI initiators, or both.
Web Tools Administrator’s Guide
53-1000606-01
179
14
Setting up iSCSI Target Gateway Services
In the wizard:
• You can configure the DD. You specify the DD name, and then you can add or remove initiators
and targets. You can also add any offline device(s) by entering the IQN name in the IQN name
field and clicking Add Offline Devices under the list on the right. The offline device name will be
added to the Selected List.
• You can also filter out initiator and targets from the tree in the Selection List by using the Filter
button. You can enter the full or partial name of an iSCSI member in the IQN Name text box and
clicking the Filter button. Based on the filter criteria, the tree will display only those members
satisfying the filter criteria. You then add the device by selecting the device and clicking the
Add button. In order to view the all available initiators and targets, click Show All.
Creating a discovery domain
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the Discovery Domains tab.
3. Click Create DD.
The Create DD wizard opens.
FIGURE 84
Create DD wizard
4. Follow the instructions in the wizard to create an iSCSI discovery domain.
The wizard is self-explanatory, so the individual steps are not described in this document.
Editing a discovery domain
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the Discovery Domains tab.
180
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
14
3. Select a DD in the left pane and click Edit.
4. Select virtual targets and use the buttons to add or remove them from the DD.
5. Click Next.
The opening screen with a list of virtual targets that you added to your DDs is displayed.
6. Click Next.
You can verify the virtual targets that you added to your DDs.
7.
Click Finish.
You can confirm the changes that you made before committing them.
About discovery domain sets (DDSet)
The iSCSI Target Gateway Admin module provides you with the flexibility to create discovery domain
sets (DDSet) that define the host target access. (This functionality is similar to Fibre Channel
zoning.) Use the Discovery Domains tab to view and manage access from iSCSI initiators to iSCSI
virtual targets.
The DD view displays all DDSets created and allows you to create, edit, enable, or disable a
discovery domain set. Select a DDSet from the left pane to view the contents of the set.
Discovery domains can be created but they do not have to be associated with a DDSet. However, a
DDSet cannot be created without having at least one discovery domain associated in it. Only
floating discovery domains are allowed.
NOTE
You can only rename a discovery domain or discovery domain set from the iSCSI Usability wizard.
Creating a discovery domain set
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Select the Discovery Domains tab
3. Click Create DDSet
The Create DDSet wizard opens.
Web Tools Administrator’s Guide
53-1000606-01
181
14
Setting up iSCSI Target Gateway Services
FIGURE 85
Create DDSet wizard
4. Follow the instructions in the wizard to create an iSCSI discovery domain set
The wizard is self-explanatory, so the individual steps are not described in this document.
Editing a Discovery Domain Set
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Select the Discovery Domains tab.
3. Select a DDSet in the left pane and click Edit.
4. Select the discovery domains to add to or remove from the DDSet.
5. Click Finish.
You can confirm the changes that you made.
182
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
14
Configuring CHAP
This view allows you to define access to login to that virtual target through the Microsoft iSCSI
Initiator. You can create, view, and change CHAP users and their associated secrets. Once a CHAP
user is created, you can modify only the CHAP secret.
The CHAP module pane lists CHAP secrets in a table with the user name and chap secret in
encrypted format (*). You can add, delete, or modify CHAP entries. Each CHAP secret has:
• User name maximum length of 255 characters
• CHAP secret of maximum length of 63 characters
FIGURE 86
CHAP tab
Creating a CHAP user
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Select the CHAP tab.
3. Click Create.
4. Enter the CHAP user name.
Optional: To add more than one user at a time, click Add.
5. Enter a CHAP secret and click Apply.
Web Tools Administrator’s Guide
53-1000606-01
183
14
Setting up iSCSI Target Gateway Services
Editing a CHAP secret
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Select the CHAP tab.
3. Click Change CHAP Secret.
You can edit the CHAP secret but not the CHAP user name.
4. Fill in the fields in the dialog box to edit a CHAP secret.
Binding or Removing CHAP users
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Select the CHAP tab.
3. Click Bind/Remove Chap(s).
4. Select a virtual target
5. Enter a new CHAP user, if necessary.
6. Select the CHAP users and click Add or Remove to move them into the appropriate list
(unassociated or associated CHAP users).
7.
Click Apply.
Configuring an iSCSI Fibre Channel Zone
After you have finished setting up the iSCSI target gateway and whenever you later modify the iSCSI
virtual target mappings, you must create an iSCSI Fibre Channel zone to allow the system’s virtual
initiators (logical FC devices that represent iSCSI initiators) to communicate in a zoned FC
environment with the physical devices to which you have mapped the iSCSI virtual targets.
The procedures in this section show you how to create this zone and add it to the fabric’s zone
database.
• If you already have zone configurations defined in your fabric, you will also be able to add the
zone that you create here to some or all of these configurations by selecting them from a list.
• If a defined configuration is currently effective in the fabric and you add your iSCSI FC zone to
that configuration, the configuration is automatically re-enabled to include this zone.
NOTE
If you do not have a zoning license or no zoning implemented, you do not need to create one for iSCSI
target gateway service.
The following default zoning conditions apply:
• If default zoning is set to No Access, then creating an iSCSI Fibre Channel zone is mandatory
as there is no way for the devices to talk to each other without one.
• If default zoning is set to All Access and no effective zone configuration, then you can create an
iSCSI Fibre Channel zone and add it to a defined configuration, but you do not need to enable
the defined configuration. Since your default zoning is All Access with no effective zone
configuration, all devices can already talk to each other. However, to avoid SAN congestion in
the future, you should implement a zoning plan for your devices.
184
Web Tools Administrator’s Guide
53-1000606-01
Setting up iSCSI Target Gateway Services
14
Use the Zone Admin module to create zoning or remove or add zone members to reflect your iSCSI
devices.
For more information about configuring zones, see “Configuring zoning” on page 96.
Creating an iSCSI Fibre Channel zone with no effective zone configuration
1. Open iSCSI Target Gateway Admin as described on page 171.
2. Click Create iSCSI Zone.
The following dialog box is displayed.
FIGURE 87
Create an iSCSI FC zone dialog box
3. Click Yes.
The Create iSCSI Zone wizard creates a zone called “ISCSI FC ZONE,” which will not be placed
into a defined configuration or automatically enabled.
4. Add the ISCSI FC ZONE into a configuration.
See “Creating zone configurations” on page 106.
Creating an iSCSI Fibre Channel zone with an effective zone configuration
1. Launch the iSCSI Target Gateway Admin module as described on page 171.
2. Click Create iSCSI Zone.
3. Click Yes.
4. Select a configuration in the dialog box.
• If you select a non-effective configuration, the iSCSI Fibre Channel zone will be added into
that configuration. The configuration will not be re-enabled and will remain in the defined
configuration until you enable it. You will need to add the iSCSI Fibre Channel zone to the
effective configuration at a later date or iSCSI target gateway will not work.
• If you select an effective configuration, the iSCSI Fibre Channel zone will be added into the
effective configuration and then the configuration will be re-enabled. This affects the
entire SAN; the zoning database needs to update itself and then replicate its changes into
the fabric.
Web Tools Administrator’s Guide
53-1000606-01
185
14
Setting up iSCSI Target Gateway Services
ATTENTION
Schedule your changes during a maintenance cycle if you decide to add the iSCSI Fibre Channel
zoning members to an effective configuration. Reenabling the effective configuration will affect the
entire fabric.
5. Click OK.
The effective configuration is modified and reenabled.
Managing and Troubleshooting Accessibility
The Web Tool iSCSI accessibility feature helps you:
•
•
•
•
•
186
Verify that both host and target are online.
Verify that the effective discovery domain set has both host and target.
Allow an initiator or target to access the other.
Deny an initiator or target to access the other.
Verify that the iSCSI Fibre Channel zone has been set up and, if appropriate, enable the
defined configuration. See “Creating an iSCSI Fibre Channel zone with an effective zone
configuration” on page 185
Web Tools Administrator’s Guide
53-1000606-01
Chapter
15
Using the Access Gateway
In this chapter
This chapter contains the following information:
• Introduction to Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Enabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Viewing the Access Gateway settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Modifying the port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Changing Access Gateway policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
187
187
188
188
189
191
Introduction to Access Gateway
Brocade Access Gateway allows multiple host bus adapters (HBAs) to access the fabric using fewer
physical ports. Access Gateway mode transforms the 4012, 4016, 4018, 4020, 4024, and 200E
into a device management tool that is compatible with different types of fabrics, including
Brocade-, Brocade Enterprise OS (EOS), and Cisco-based fabrics.
When a switch is in Access Gateway mode, it is logically transparent to the host and the fabric.
Brocade Access Gateway mode allows hosts to access the fabric without increasing the number of
switches and simplifies configuration and management in a large fabric by reducing the number of
domain IDs and ports.
For detailed descriptions of the Access Gateway, see Brocade Access Gateway Administrator’s
Guide.
NOTE
When Access Gateway mode is enabled on switches managed through Web Tools, only a limited
subset of menus and options related to device management are available. A switch in Access
Gateway mode is considered a device management tool and not a fabric switch, therefore fabric
related options are disabled, fabric management menus are unavailable, and fabric-related service
requests are forwarded to the fabric switches.
Enabling Access Gateway mode
When you enable Access Gateway mode some fabric information, such as the zone and security
databases, is erased. To recover this information, save the switch configuration before enabling
Access Gateway mode.
To save the switch configuration using Web Tools, go to the Configure > Upload/Download subtab
and upload the configuration file.
Web Tools Administrator’s Guide
53-1000606-01
187
15
Disabling Access Gateway mode
NOTE
You cannot enable Access Gateway mode if Management Server is enabled. To disable Management
Server, use the MsplmgmtDeactivate command.
1. Select a switch.
2. Click Switch Admin in the Manage section under Tasks.
The Switch Administration window opens.
3. Save the switch configuration.
4. Click the Enable radio button in the Access Gateway Mode section.
5. Click Apply.
6. Click Yes to restart the switch in Access Gateway mode.
Disabling Access Gateway mode
1. Select a switch.
2. Click Switch Admin in the Manage section under Tasks.
The Switch Administration window opens.
3. Save the switch configuration.
4. Click the Disable radio button in the Access Gateway Mode section.
5. Click Apply.
6. Click Yes to restart the device in native switch mode.
Viewing the Access Gateway settings
You can view the effective Access Gateway settings for the selected switch. The view can be
customized.
1. Click Access Gateway Devices in the Monitor section under Tasks.
The Access Gateway Device Display window opens.
188
Web Tools Administrator’s Guide
53-1000606-01
Modifying the port configuration
FIGURE 88
15
Access Gateway Device Display
Modifying the port configuration
You can configure the port types (N_Port, F_Port) on each individual port on an Access Gateway
enabled module.
When you configure ports, you can specify a global configuration policy using the Port Configuration
Policy button. By default, Advanced is selected and sets the initial defaults for port types, groups,
and the F-port to N-port mappings. When the policy is Automatic, the port type assignments and
mappings are configured automatically based on device and switch connections and internal
load-balancing, and grouping and user controls are disabled.
When you configure ports, perform the tasks in the following order:
• Configure N-Ports, if necessary.
Use the Edit Configuration button to configure a port.
• Configure N-Port groups
• Configure F-Port to N-Port mappings
You can set up primary and secondary mappings. The secondary mapping is the N-Port to
which an F-Port is mapped when the primary N-Port mapping goes offline.
Creating port groups
You can group a number of N_ports (and their mapped F_ports) together to connect to multiple
independent fabrics or to create performance optimized ports. To group a number of ports, you
must create a new port group and assign desired N_ports to it. The N_port grouping option is
enabled by default, and all N_ports are members of a default port group 0 (pg0). Access Gateway
prevents failover of F_ports across N_port groups
Web Tools Administrator’s Guide
53-1000606-01
189
15
Modifying the port configuration
NOTE
If you want to distribute F-ports among groups, you can leave all ports in the default port group 0, or
you can disable N-Port grouping.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the Configure N-Port Groups button.
FIGURE 89
Port Group Configuration dialog box
3. On Port Group Configuration, you can:
•
•
•
•
Disable N-port grouping
Add a port group
Edit a port group
Delete a port group
4. Make the appropriate changes and click Close.
Defining custom primary and secondary mapping
You can also manually change port mappings.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the FC Ports tab.
3. Click the Configure F-N Port Mappings button.
190
Web Tools Administrator’s Guide
53-1000606-01
Changing Access Gateway policies
FIGURE 90
15
F-N Port Mapping Configuration dialog box
4. In the Primary Mappings area, select ports and use the Add button to map F-Ports or U-Ports to
N-Ports.
Use the Remove button to remove an F-Port mapping from an N-Port.
5. To define a Secondary N_port in the Secondary Failover Mappings area, select the ports and
use the Add and Remove buttons to set up the secondary mappings.
The F_Port will be fail over to the Secondary N_Port if the primary mapped N_Port is offline.
This step is optional. You do not have to define a secondary failover mapping for each F_Port.
The secondary mappings must be to a different N-Port in the same group as the primary
mapping. If a Secondary N_Port is not defined, the F_Port failover is to any online N_Port.
6. When you have made the appropriate changes, click Save.
Changing Access Gateway policies
Although you can control a number of policies in Access Gateway mode, Web Tools only provides
the ability to enable and disable the policies. For more information on these policies please refer to
Brocade Access Gateway Administration Guide.
Web Tools Administrator’s Guide
53-1000606-01
191
15
Changing Access Gateway policies
Path Failover and failback policies
The Path Failover and failback policies determine the behavior of the F_Port if the primary mapped
N_Port they are mapped to goes offline or is disabled. The Path Failover and failback policies are
attributes of N_Port. By default, the Path Failover and failback policies are enabled for all N_Ports.
Modifying Path Failover and failback policies
1. Click a port in the Switch View to open the Port Administration window.
2. Select the N-port you want to modify the policy on.
3. Click the Edit Configuration button.
FIGURE 91
N Port Configuration dialog box
4. Select the appropriate check box to modify the policy.
5. Click Save.
Enabling Automatic Port Configuration (APC)
APC is a global configuration policy for a switch operating in Access Gateway mode. The default
setting for this policy is disabled. You cannot enable this policy if you have created N_Port grouping.
After you enable APC, you cannot define custom port type configuration, port mapping, Path
Failover, and failback settings.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the Port Configuration Policy drop-down menu and select Automatic.
FIGURE 92
Port Administration window, enabling APC
3. Click Yes in the confirmation window.
192
Web Tools Administrator’s Guide
53-1000606-01
Chapter
16
Routing Traffic
In this chapter
This chapter contains the following information:
• About routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Viewing FSPF routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring dynamic load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Specifying frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring the link cost for a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
193
194
194
195
195
About routing
For Fabric OS 6.0.0, the supported routing policies are:
• Port-based routing
Port-based routing assigns a “static route,” in which the path chosen for traffic never changes.
• Exchanged-based routing.
Exchange-based routing policy is the default. Exchange-based routing policy always employs
“dynamic path selection,” in which the software chooses a path based on current traffic
conditions.
See the Fabric OS Administrator’s Guide for more information.
To optimize port-based routing, the dynamic load sharing feature (DLS) can be enabled to balance
the load across the available output ports within a domain. Exchange-based routing requires the
use of DLS; when this policy is in effect, you cannot disable the DLS feature.
Use the Routing tab of the Switch Administration window to view and modify routing information.
Figure 93 on page 194 shows the Routing tab.
Web Tools Administrator’s Guide
53-1000606-01
193
16
Viewing FSPF routing
FIGURE 93
Routing tab
Viewing FSPF routing
The Routing tab of the Switch Administration window displays information about routing paths.
1. Open the Switch Administration window as described on page 29.
2. Click the Routing tab.
3. This step is switch-type specific:
For the Brocade 48000 director and Brocade DCX Director, click a slot number under the FSPF
Route category in the navigation tree.
For Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, and 7500 switches,
click the FSPF Route category in the navigation tree.
Configuring dynamic load sharing
The exchange-based routing policy depends on the Fabric OS dynamic load sharing feature (DLS)
for dynamic routing path selection. When this policy is in force, DLS is always enabled and cannot
be disabled.
When the port-based policy is in force, you can enable DLS to optimize routing. When DLS is
enabled, it shares traffic among multiple equivalent paths between switches. DLS recomputes load
sharing either when a switch boots up or each time an E_Port or Fx_Port goes online or offline.
Enabling this feature allows a path to be discovered automatically by the FSPF path-selection
protocol.
194
Web Tools Administrator’s Guide
53-1000606-01
Specifying frame order delivery
16
For more information regarding DLS, see the dlsset command in the Fabric OS Command
Reference.
1. Open the Switch Administration window as described on page 29.
2. Click the Routing tab.
3. Click On in the Dynamic Load Sharing (DLS) area to enable dynamic load sharing or click Off
to disable dynamic load sharing.
When the exchange-based routing policy is in effect, the DLS radio buttons appear on the
Routing tab
4. Click Apply.
Specifying frame order delivery
In a stable fabric, frames are always delivered in order, even when the traffic between switches is
shared among multiple paths. However, when topology changes occur in the fabric (for example, if
a link goes down), traffic is rerouted around the failure, and some frames could be delivered out of
order.
By default, frame delivery is out-of-order across topology changes. However, if the fabric contains
destination devices that do not support out-of-order delivery, you can force in-order frame delivery
across topology changes.
Enabling in-order delivery (IOD) guarantees that frames are either delivered in order or dropped.
For more information regarding IOD, see the Fabric OS Administrator’s Guide.
NOTE
Enabling in-order delivery can cause a delay in the establishment of a new path when a topology
change occurs, and therefore should be used with care.
1. Open the Switch Administration window as described on page 29.
2. Click the Routing tab.
3. Click On in the In-Order Delivery (IOD) area to force in-order frame delivery across topology
changes or click Off to restore out-of-order frame delivery across topology changes.
4. Click Apply.
Configuring the link cost for a port
This section describes how to set the cost of an interswitch link (ISL). The cost of a link is a
dimensionless positive number. The fabric shortest path first (FSPF) protocol compares the cost of
various paths between a source switch and a destination switch by adding the costs of all the ISLs
along each path. FSPF chooses the path with minimum cost. If multiple paths exist with the same
minimum cost, FSPF employs load sharing over these paths.
Every ISL has a default cost that is inversely proportional to its bandwidth. For a 1-Gbit/sec ISL, the
default cost is 1000. For a 2-Gbit/sec ISL, the default cost is 500.
Use this procedure to set a non-default, “static” cost for any port.
Web Tools Administrator’s Guide
53-1000606-01
195
16
Configuring the link cost for a port
When you configure link cost for a Brocade 48000 configured for two logical switches, it is on a
logical-switch basis. This means that for each logical switch, you configure link cost individually.
1. Open the Switch Administration window as described on page 29.
2. Click the Routing tab.
3. This step is switch-specific:
For the Brocade 48000 director and Brocade DCX, click the slot number of the logical switch
under Link Cost in the navigation tree.
For Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, and 7500 switches,
click Link Cost in the navigation tree.
4. Double-click in the row in the Cost column that corresponds to the appropriate port.
5. Type the link cost.
Valid values for link cost are from 1 through 65535. Setting the value to 0 sets the link cost to
the default value for that port.
6. Click Apply.
196
Web Tools Administrator’s Guide
53-1000606-01
Chapter
Using the FCIP Tunneling Service
17
In this chapter
This chapter describes how to set up Fibre Channel over Internet Protocol (FCIP) Tunneling Service
through Web Tools. It contains the following information:
• “Understanding the FCIP Tunneling Service” on page 197
• “Configuring an FCIP interswitch/interfabric link” on page 199
• “Managing the FCIP tunneling service” on page 203
For detailed information about the FCIP Tunneling Service, see the Fabric OS Administrator’s
Guide.
Understanding the FCIP Tunneling Service
The FCIP Tunneling Service is an optional feature that enables you to use the Fibre Channel
“tunnels” to connect SANs over IP-based networks. An FCIP tunnel transports data between a pair
of Fibre Channel switches, and can have more than one TCP connection between the pair of IP
nodes. However, from the Fibre Channel fabric point of view, the FCIP tunnel is just a connection
between switches, and all the IP network and protocols remain invisible.
NOTE
You must have an FCIP license installed on the switch to use the FCIP Tunneling Service.
FCIP Wizard
Web Tools provides a wizard to assist you in configuring an FCIP interswitch/interfabric link
(ISL/IFL). In addition to configuration tasks, the wizard provides the following capabilities:
•
•
•
•
The ability to export data, search for data, and copy and paste data in the displayed tables.
IP field validation during user input to detect errors.
Value range fields that ensure that user input is within the acceptable range.
FCIP tunnel QoS statistics and TCP statistics.
This document describes how to open the wizard. However, the wizard is self-explanatory, so the
explicit steps are not described here.
NOTE
The FCIP wizard does not support IPv6. If IPv6 interfaces, routes, and tunnels are configured on the
switch, the wizard displays them, but does not allow the user to modify them. You can, however,
modify IPv6 interfaces, routes, and tunnels through the appropriate tabs in the Port Administration
window.
Web Tools Administrator’s Guide
53-1000606-01
197
17
Understanding the FCIP Tunneling Service
FCIP-related features
Web Tools provides or supports these related features:
• A per-tunnel compression feature that allows the Fibre Channel data frames to be compressed
before they are sent over the tunnel as FCIP frames.
• Fastwrite, which is a feature that reduces the number of round-trip times required to complete
a SCSI write I/O and increases performance.
• Tape pipelining which reduces the number of round trip times required to complete a SCSI
write I/O and eliminates the sequential nature of the SCSI I/O.
• IKE/IPSec Policy, which is a framework of open standards to ensure private, secure
communications over IP networks through the use of cryptographic security services. IKE
(Internet Key Exchange) is the protocol used to set up a Security Association in the IPSec
protocol suite.
NOTE
You need an IPSec license to enable and use this feature.
IKE/IPSec
IKE/IPSec is not supported with the following protocols:
• IPv6
• ESP in transport mode
• NAT Traversal
Table 12 explains the fields and related choices to create an IKE/IPSec policy.
TABLE 12
198
IKE/IPSec Configuration Choices
Field
Description
Choices
Policy Type
You can create either an IKE policy or an IPSec policy
IKE
IPSec
Policy Number
This parameter helps you keep track of the number of
policies you have created on your switch. You can
choose any number from 1 through 32. You can define
up to 32 IKE and 32 IPSec policies per switch.
1 through 32
Encryption Algorithm
A mathematical procedure for performing encryption on 3DES
AES-128
data. Through the use of an algorithm, information is
made into meaningless cipher text and requires the use AES-256
of a key to transform the data back into its original form.
Authentication Algorithm
An encryption process or tool in which the results of text
encryption depend on all relevant authentication
elements.
SHA-1
MD5
AES-XCBC
Perfect Forward Secrecy
(PFS)
In an authenticated key agreement protocol that uses
public key cryptography, PFS is the property of
disclosure of the long-term secret keying material that is
used to derive an agreed ephemeral key that does not
compromise the secrecy of the agreed keys from earlier
runs.
IKE on/off
IPSec disabled
Web Tools Administrator’s Guide
53-1000606-01
Configuring an FCIP interswitch/interfabric link
TABLE 12
17
IKE/IPSec Configuration Choices (Continued)
Field
Description
Choices
Diffie-Hellman (D-H)
Diffie-Hellman key exchange is a cryptographic protocol
that allows two parties that have no prior knowledge of
each other to jointly establish a shared secret key over
an insecure communications channel. This key can then
be used to encrypt subsequent communications using a
symmetric key cipher
IKE 1 or 14
IPSec disabled
Security Association Lifetime
This specifies the lifetime in seconds of the security
association and a new key will be renegotiated before
this value expires if PFS is on. The security association
will expire when either this value or the value lifetime is
reached.
Specify the number of
seconds
Configuring an FCIP interswitch/interfabric link
Perform the following tasks in the order indicated to configure FCIP interswitch/interfabric link:
1. (Optional) “Configuring an IKE or IPSEC Policy” on page 199.
If you are planning to use IPSec, you must configure the policies first.
2. “Configuring Virtual Ports” on page 200.
3. “Interfaces, Routes, and Tunnels” on page 201.
Use the wizard to perform the following tasks:
a.
Defining the IP interfaces of the GbE port.
b.
Adding IP routes on the GbE port (optional).
c.
Configuring FCIP tunnels.
4. “Enabling Persistently Disabled Ports” on page 203.
Enabling the two VE_ports at this juncture will merge the two fabrics. You must configure and
enable both the local and remote switch ports to use the FCIP ISL/IFL.
NOTE
Admin Domain membership is required to configure IP interfaces, routes, and tunnels.
Configuring an IKE or IPSEC Policy
Before you begin to create an FCIP interswitch/interfabric link, you need to determine whether to
implement an IKE/IPSec policy. Once you begin to create the tunnels with the wizard, you must
provide the IKE/IPSec policy information. If you choose not to implement an IKE/IPSec policy, you
can always choose No Policy from the drop-down menu in the FCIP tunnel wizard. You must create
an IKE policy and an IPSec policy to apply IPSec to an FCIP tunnel.
1. Open the Switch Administration window.
2. Select the Security Policies tab.
3. Click IPSec Policies on the Security Policies menu.
Web Tools Administrator’s Guide
53-1000606-01
199
17
Configuring an FCIP interswitch/interfabric link
4. Select IKE or IPSEC subtab and click Create.
5. Select a policy type from the drop-down menu.
FIGURE 94
Create an IKE/IPSec policy
6. Choose a policy number.
7.
Select an Encryption Algorithm.
8. Select an Authentication Algorithm.
9. (IKE only) Select a Perfect Forward Secrecy.
10. (IKE only) Select a Diffie-Hellman Group.
11. Enter a value for the Security Association Lifetime in number of seconds.
Configuring Virtual Ports
Each GbE port supports up to eight virtual ports. To enable FCIP on these ports, you must configure
them as either VE_Port-to-VE_Port or VE_Port-to-VEX_Port, depending on whether you want to
merge the connected fabrics. Two fabrics connected with VE_Ports will merge. Two fabrics
connected with a VE_Port on one end and a VEX_Port on the other end will not merge. See the
Fabric OS Administrator’s Guide for more information on Fibre Channel routing.
By default, all tunnels are created as VE_Port-to-VE_Port. If you do not want to merge the fabrics,
you must explicitly configure the port at one end of the tunnel to be a VEX_Port before you
configure the tunnel.
See “Configuring FCIP ports” in Web Tools Administrator’s Guide for instructions on configuring the
virtual ports. You must configure and enable the ports on both the local and remote switches to
utilize an FCIP ISL/IFL.
200
Web Tools Administrator’s Guide
53-1000606-01
Configuring an FCIP interswitch/interfabric link
17
Interfaces, Routes, and Tunnels
Web Tools provides a wizard to assist you in configuring an FCIP interswitch/interfabric link. Using
the GigE Port Configuration wizard, you can add IP interfaces, add IP routes, and configure FCIP
tunnels. An IPInterface is the IPaddress assigned to the GigE port to communicate in the IP
network. IPRoutes are the gateway through which the IPInterface communicate in the IP network.
The following procedure describes how to open the GigE Port Configuration wizard. Follow the
steps in the wizard to complete the necessary tasks.
Note that when you come to the step in the wizard where you select tunnels (see Figure 95 on
page 202), you must select tunnels that correspond to the VE_Ports or VEX_Ports that you
configured earlier. Tunnels 0–7 correspond to logical ports 16–23 on GbE port 0 and to logical
ports 24–31 on GbE port 1, as shown in Table 13.
TABLE 13
Tunnels and Logical Port Numbering for GbE Ports
GbE Port Number
Logical FC_Port Number
Virtual Tunnel ID
ge0
16
0
ge0
17
1
ge0
18
2
ge0
19
3
ge0
20
4
ge0
21
5
ge0
22
6
ge0
23
7
ge1
24
0
ge1
25
1
ge1
26
2
ge1
27
3
ge1
28
4
ge1
29
5
ge1
30
6
ge1
31
7
Web Tools Administrator’s Guide
53-1000606-01
201
17
Configuring an FCIP interswitch/interfabric link
FIGURE 95
GigE Port Configuration wizard
Configuring the FCIP interfaces, routes, and tunnels
The buttons and options you need to perform configuration tasks are available in Advanced Mode.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports tab.
3. From the tree on the left, select the port you want to configure.
4. Click the General subtab.
5. Click the Edit Configuration button.
The GigE Port Configuration wizard opens. The fields are populated with the current
configuration values.
6. Follow the steps in the wizard.
The wizard guides you through the process of creating an IP interface, an IP route, and the
FCIP tunnel.
7.
After you complete the steps in the wizard, verify the setup.
a.
Click the IP Interfaces subtab to verify the IP interfaces.
b.
Click the IP Routes subtab to verify the IP routes.
c.
Click the FCIP Tunnels subtab to verify the FCIP tunnels.
If there is something missing from the setup, see the tasks in “Managing the FCIP tunneling
service” on page 203 for detailed instructions for adding or editing the components.
8. Repeat the above steps on the remote switch.
202
Web Tools Administrator’s Guide
53-1000606-01
Managing the FCIP tunneling service
17
9. Enable the ports on both ends of the tunnel to use the link.
Enabling Persistently Disabled Ports
Ports on the Brocade 7500 and FR4-18i are, by default, persistently disabled. Before you can
successfully configure FCIP interswitch links, you must enable the ports.
VEX_Port Users: If the fabric is already connected, leave the ports disabled until after you have
configured the VEX_Port; this will prevent unintentional merging of the two fabrics.
Managing the FCIP tunneling service
This section describes how you can add, edit, and delete individual IP interfaces, IP routes, and
FCIP tunnels. To set up a complete FCIP interswitch/interfabric link, see “Configuring an FCIP
interswitch/interfabric link” on page 199.
NOTE
Although you can add and edit IP interfaces, IP routes, and FCIP tunnels at any time. You must delete
the components of the FCIP link in exactly the reverse order they were created. That is, first delete
the tunnels, then the IP routes, then the IP interfaces, and finally the port configuration.
Managing IP Interfaces for a GbE Port
You can configure a new IP interface, edit an existing IP interface, or delete an IP interface by
clicking the Add, Edit, and Delete tasks respectively on the IP Interfaces tab for a GbE port.
Before you can delete an IP interface, you must first delete the corresponding FCIP tunnel.
Adding a new IP interface
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports subtab.
3. From the tree on the left, select the port you want to modify.
4. Click the IP Interfaces subtab.
Web Tools Administrator’s Guide
53-1000606-01
203
17
Managing the FCIP tunneling service
FIGURE 96
IP Interfaces tab for GbE ports
5. Click Add.
6. Type the IP address, subnet mask, and MTU size for the new IP interface.
7.
Click Add.
Editing an IP interface
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports subtab.
3. From the tree on the left, select the port you want to modify.
4. Click the IP Interfaces subtab.
5. From the table, select the IP interface.
6. Click Edit.
The Edit IP Interface dialog box opens with values for the current configuration.
7.
Retype the subnet mask and MTU size for the IP interface and click OK.
Deleting an IP interface
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports subtab.
3. Click the IP Interfaces subtab.
204
Web Tools Administrator’s Guide
53-1000606-01
Managing the FCIP tunneling service
17
4. Select the IP interface to delete in the table on the right side of the window. Use Shift-click and
Ctrl-click to select multiple IP interfaces.
5. Click Delete.
NOTE
You cannot delete an IP interface associated with an active tunnel.
6. Click Yes in the confirmation window.
Managing IP Routes for a GbE Port
You can configure a new IP route, edit an existing user-defined IP route, or delete an IP route by
clicking the Add, Edit, and Delete tasks respectively on the IP Routes tab for a GbE port.
NOTE
For each IP interface created in the GbE port, one default IP route is automatically created.
Adding a new IP route
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports subtab.
3. From the tree on the left, select the port you want to modify.
4. Click the IP Routes subtab.
FIGURE 97
IP Routes tab
5. Click Add.
Type the destination IP address, subnet mask, gateway IP address, and metric for the new IP
route.
6. Click Add.
Web Tools Administrator’s Guide
53-1000606-01
205
17
Managing the FCIP tunneling service
ATTENTION
If IPSec is enabled, you are allowed only one static route per GbE port.
Editing an IP route
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports subtab.
3. From the tree on the left, select the port you want to modify.
4. Click the IP Routes subtab.
5. From the table, select the IP route you want to modify.
6. Click Edit.
The Edit IP Route dialog box opens with the current configuration values. Retype the metric for
the IP Route.
7.
Click OK.
Deleting an IP route
Before you can delete an IP route, you must first delete the corresponding FCIP tunnel.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports tab
3. From the tree on the left, select the port you want to modify.
4. Click the IP Routes subtab.
5. From the table, select the IP route you want to delete. Use Shift-click and Ctrl-click to select
multiple IP routes.
6. Click Delete.
7.
Click Yes in the confirmation window.
Managing FCIP Tunnels
To configure FCIP tunnels, you must specify the following attributes:
• IP address of the remote interface.
• IP address of the local interface.
• Whether the tunnel rate is uncommitted or committed and, if committed, the committed rate
for the tunnel.
Uncommitted rate tunnels use a minimum of 1000 Kb/sec, up to a maximum of the available
uncommitted bandwidth on the GbE port.
• (Optional) WWN of the remote switch.
• Whether compression, Fastwrite, tape pipelining, or an IKE/IPSec policy is enabled or
disabled. These are all features of FCIP.
206
Web Tools Administrator’s Guide
53-1000606-01
Managing the FCIP tunneling service
17
ATTENTION
Both ends of the tunnel must be identically configured. Compression, fastwrite, tape pipelining, or
IKE/IPSec needs to be either enabled or disabled at both ends of the tunnel. In the case of a
mismatch, the tunnel will not be established.
See “Interfaces, Routes, and Tunnels” on page 201 for additional information on configuring the
tunnels.
Adding a new FCIP tunnel
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports tab.
3. From the tree on the left, select the port to which you want to add the new tunnel.
4. Click the FCIP Tunnels subtab.
FIGURE 98
FCIP Tunnels subtab
5. Click New.
The GigE Port Configuration wizard opens with the current configuration values.
6. Follow the steps in the wizard.
Editing FCIP tunnel configuration
Adding or editing an active route being used by an FCIP tunnel may result in a loss of connection on
the FCIP tunnel and corresponding VE_Port.
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports tab.
3. From the tree on the left, select the port you want to modify.
Web Tools Administrator’s Guide
53-1000606-01
207
17
Managing the FCIP tunneling service
4. Click the FCIP Tunnels subtab.
5. Select the tunnel to edit in the table on the right side of the window.
6. Click Edit Configuration.
The GigE Port Configuration wizard opens with the current configuration values.
7.
Follow the steps in the wizard.
NOTE
You can observe the tunnel state transition from Inactive to In Progress at the bottom of the
FCIP Tunnels tab. Resize the column to view the full message.
Deleting an FCIP tunnel
1. Click a port in the Switch View to open the Port Administration window.
2. Click the GigE Ports tab.
3. From the tree on the left, select the port you want to modify.
4. Click the FCIP Tunnels subtab.
5. From the table, select the tunnel you want to delete. Use Shift-click and Ctrl-click to select
multiple tunnels.
6. Click Delete.
7.
208
Click Yes in the confirmation window.
Web Tools Administrator’s Guide
53-1000606-01
Chapter
18
Configuring Standard Security Features
In this chapter
This chapter contains the following information:
• Creating and maintaining user-defined accounts . . . . . . . . . . . . . . . . . . . .
• Configuring access control list policies . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring an authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Managing RADIUS service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
209
217
219
222
224
Creating and maintaining user-defined accounts
In addition to the default accounts—root, factory, admin, and user—Fabric OS supports up to 256
user-defined accounts in each logical switch (domain). These accounts expand your ability to track
account access and audit administrative activities.
Each user-defined account is associated with the following:
• Admin Domain list—Specifies what Admin Domains a user account is allowed to log in to.
• Home Admin Domain—Specified the Admin Domain that the user is logged in to by default. The
home Admin Domain must be a member of the user’s Admin Domain list.
• Role—Determines functional access levels within the bounds of the user’s current Admin
Domain.
Access rights for any user session are determined both by the user’s role-based access rights and
by the contents of the currently selected Admin Domain. See Chapter 1, “Introducing Web Tools” for
additional information about Admin Domains and Role-Based Access Control (RBAC).
The User tab of the Switch Administration window (see Figure 99 on page 211) displays account
information. You can create and manage accounts depending on your role:
TABLE 14
User role and permissions
Role
Permissions
admin
Create and manage all predefined and user-defined accounts
operator
Change your own password and cannot create, modify, or view predefined or
user-defined accounts
securityadmin
Create and manage all security roles.
switchadmin
Change your own password and cannot create, modify, or view predefined or
user-defined accounts
zoneadmin
Change your own password and cannot create, modify, or view predefined or
user-defined accounts
Web Tools Administrator’s Guide
53-1000606-01
209
18
Creating and maintaining user-defined accounts
TABLE 14
User role and permissions
Role
Permissions
fabricadmin
Change your own password and cannot create, modify, or view predefined or
user-defined accounts
basicswitchadmin
Change your own password and cannot create, modify, or view predefined or
user-defined accounts
user
Change your own password and cannot create, modify, or view predefined or
user-defined accounts
For legacy users with no Admin Domain specified, the user will have access to AD 0 through 255
(physical fabric admin) if their current role is Admin; otherwise, the user will have access to AD0
only.
If some Admin Domains have been defined for the user and all of them are inactive, the user will
not be allowed to log in to any switch in the fabric.
If no Home Domain is specified for a user, the system provides a default home domain. The default
home domain for predefined account is AD0. User-defined accounts, the default home domain is
the Admin Domain in the user’s Admin Domain list with the lowest ID.
NOTE
The User tab displays and changes information in the switch database. If you have RADIUS
configured, note that this tab displays the logged-in RADIUS account information but does not allow
the user to modify the RADIUS host server database.
210
Web Tools Administrator’s Guide
53-1000606-01
Creating and maintaining user-defined accounts
FIGURE 99
18
User tab
Viewing account information
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
A list of the default and user-defined accounts appears. If you are logged in using the
switchadmin role, only your account information is displayed.
Creating user-defined accounts
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Click Add.
The Add User Account dialog box opens.
Web Tools Administrator’s Guide
53-1000606-01
211
18
Creating and maintaining user-defined accounts
FIGURE 100 Add User Account dialog box
4. Type the user name, which must begin with an alphabetic character. The name can be up to 40
characters long. It is case-sensitive and can contain alphabetic and numeric characters, the
dot (.) and the underscore ( _ ). It must be different from all other account names on the logical
switch.
5. Select a role from the drop-down menu. (See “Role-Based Access Control” on page 15 for
information about these roles.)
6. Optional: Type a description of the account.
7.
Click the Enabled or Disabled radio button to enable or disable the account.
8. Type the password for the account. The password is not displayed when you enter it on the
command line.
Passwords can be from 8 through 40 characters long. They must begin with an alphabetic or
numeric character. They can include alphanumeric characters, the dot (.), and the underscore (
_ ). They are case-sensitive.
Passwords must also meet any additional password rules that have been set up. (See the
procedure “Setting the rules for passwords” on page 215 for more information.)
9. Retype the password in the Confirm Password field for confirmation.
10. Check the available Admin Domains that the user can access. Only Admin Domains that have
already been created and to which you have access are displayed.
If all the Admin Domains in the list are inactive then you cannot login to the switch.
212
Web Tools Administrator’s Guide
53-1000606-01
Creating and maintaining user-defined accounts
18
The All option does not mean all of the listed Admin Domains; it means all Admin Domains
from AD0 through AD255, regardless of whether they have been created yet.
The All radio button is disabled unless the following conditions are met:
• The selected role for the target user must be admin or securityadmin.
• You must be a physical fabric administrator.
Selecting All makes the target user account a physical fabric administrator.
11. Select a home domain for the user from the Home AD drop-down menu.
If AD0 is deselected in the user’s Admin Domain list and no other Admin Domains have been
selected, the next available Admin Domain becomes the user’s default home Admin Domain.
12. Click OK.
13. On the User tab, click Apply to apply your changes.
Deleting user-defined accounts
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Select the account to remove and click Remove.
4. Click Apply to save your changes.
You cannot delete the default accounts. An account cannot delete itself. All active command line
interface (CLI) sessions for the deleted account are logged out.
Changing account parameters
Use the following procedure to change the role, add or change the description, and enable or
disable accounts. Note that you cannot change the user name of the account using this procedure.
To change the user name, you must delete the account and create a new account.
Users can select their own accounts in the user account table and change the password. All other
buttons will be unavailable.
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Select the account to modify.
You cannot modify the default root and factory accounts, even if you are logged in as root.
4. Click the Modify button.
If the user account you are modifying doesn’t have a subset of your Admin Domains, a warning
message is displayed to inform you of the permissions conflict.
The Modify User Account dialog box displays.
5. Select a role from the drop-down menu.
You can change the role only on user-level accounts. You cannot change the role on the admin
or root accounts. You cannot change the role of your own account.
6. Type a new description.
Web Tools Administrator’s Guide
53-1000606-01
213
18
Creating and maintaining user-defined accounts
You can change the description only on user-level accounts. You cannot change the description
of the default accounts. You cannot change the description of your own account.
7.
Click the Enabled or Disabled radio button to enable or disable the account.
You can enable and disable user- and admin-level accounts except for your own account. You
cannot enable or disable your own account or the factory account. Only the root account can
disable itself. If you disable an account, all active CLI sessions for that account are logged out.
8. Check the available Admin Domains that the user can access. Only Admin Domains that have
already been created and to which you have access are displayed.
If all the Admin Domains in the list are inactive then you can’t login to the switch.
The All option does not mean all of the listed Admin Domains; it means all Admin Domains
from AD0 through AD255, regardless of whether they have been created yet.
The All radio button is disabled unless the following conditions are met:
• The selected role for the target user must be admin or securityadmin.
• You must be a physical fabric administrator.
Selecting All makes the target user account a physical fabric administrator.
9. Select a home domain for the user from the Home AD drop-down menu.
If AD0 is deselected in the user’s Admin Domain list and no other Admin Domains have been
selected, the next available Admin Domain becomes the user’s default home Admin Domain.
10. Click OK and click Apply to apply your changes.
Maintaining passwords
This section contains procedures for the following:
• Changing the password of an account. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Setting the rules for passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Setting a password as expired . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Unlocking a password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
214
215
216
216
When you expire a password, the next time that user logs in, Web Tools requires the user to provide
a new password.
NOTE
You have to own the switch in order to modify password rules.
A password becomes locked if a user has exceeded the maximum number of failed login attempts.
This number is specified in the Lockout Threshold field shown in Figure 101. To unlock a locked
password, see the unlock procedure on page 216.
Changing the password of an account
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Select the account to modify.
214
Web Tools Administrator’s Guide
53-1000606-01
Creating and maintaining user-defined accounts
18
If you are logged in as admin, you can change the password of your own account, peer admin
accounts, switchadmin accounts, and user accounts. You can also change the root or factory
account passwords.
If you are logged in as a switchadmin, you can only change the password of your own account.
4. Click Change Password.
The Set User Account Password dialog box displays.
If you are changing the password of an admin account, you must also provide the current
password. You do not need to provide the current password if you are changing the password
of a lower-level user account.
5. Type the current password of the account. This step is required only if you are changing the
password of your own or a peer admin account.
6. Type the new password of the account.
The new password must have at least one character different from the old password.
Passwords can be from 8 through 40 characters long. They must begin with an alphabetic or
numeric character. They can include alphanumeric characters, the dot (.), and the underscore (
_ ). They are case-sensitive.
Passwords must also meet any additional password rules that have been set up. (See the
procedure “Setting the rules for passwords” on page 215 for more information.)
7.
Retype the new password in the Confirm Password field.
8. Click OK.
9. Click Apply to save your changes.
Setting the rules for passwords
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Click Set Password Rule.
The Configure Password Rule dialog box displays, as shown in Figure 101 on page 216.
4. Fill out the dialog box for the password rules you want to enforce. Options are:
•
•
•
•
•
•
•
•
Minimum number of days (0–999) before you can change the password again
Number of days (0–999) before a password expires
Number of password changes before you can reuse a password
Minimum password length (8–40 characters)
Minimum number of uppercase and lowercase characters required
Minimum number of digits and punctuation characters required
Number of characters that can be repeated in the password
Number of failed login attempts (0–999) before the password is locked from further
change attempts, and the amount of time the password will be locked (0–99999 minutes)
• Number of days to warn user before password expiration (0–999)
5. Choose whether to enable or disable the lockout administration features.
Web Tools Administrator’s Guide
53-1000606-01
215
18
Creating and maintaining user-defined accounts
If you choose to disable the lockout administration, the user is never locked out of the system.
6. Click OK to close the dialog box.
7.
Click Apply to save your changes.
FIGURE 101 Configure Password Rules dialog box
Setting a password as expired
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Select the account.
4. Click Expire Password.
If the button is unavailable, this means the password is already expired.
5. Click Apply to save your changes.
Unlocking a password
1. Open the Switch Administration window as described on page 29.
2. Click the User tab.
3. Select the account.
4. Click Unlock Password.
If the button is unavailable, this means the password is already unlocked or was not locked
out.
5. Click Apply to save your changes.
216
Web Tools Administrator’s Guide
53-1000606-01
Configuring access control list policies
18
Configuring access control list policies
Support for the Access Control List (ACL) policies is currently defined in the Switch Connection
Control (SCC) and Device Connection Control (DCC) policies. SCC and DCC policy configuration in
base Fabric OS is performed on a switch-local basis.
FCS Policy can be created only once. While creating the FCS policy, the local switch WWN is
automatically included in the list. In the FCS list, the switch in the first position becomes the
primary FCS switch. If the first switch in the FCS list is not reachable, the next switch becomes the
primary switch. You can also explicitly specify the primary FCS switch.
If there is no FCS policy, the defined and active list is blank.
FIGURE 102 Security Policies tab for SCC/DCC/FCS policy configuration
Admin Domain considerations
ACL management can be done on AD255 and in AD0 only if there are no other user-defined Admin
Domains. Both AD0 (when no other user-defined Admin Domains exist) and AD255 provide an
unfiltered view of the fabric.
Creating an SCC, DCC, or FCS policy
You can create the FCS policy only once.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Select a policy by clicking on the appropriate tab (SCC, DCC, or FCS).
Web Tools Administrator’s Guide
53-1000606-01
217
18
Configuring access control list policies
4. Click Edit.
This launches the ACL Policy Configuration wizard.
5. Select the policy type you want to edit.
6. Click Next and click Create.
7.
SCC Option: Select a switch or highlight multiple switches to add to an DCC policy by clicking
Add or Add All.
To add an offline switch, click Add other Switch and enter the WWN.
8. DCC Option: Select the ports to add to an DCC policy by clicking Add or Add All.
9. Click Finish to confirm the changes to the switch.
You must activate the policy in order to implement it. See “Activating an SCC, DCC, or FCS policy” on
page 219, for instructions.
Editing an SCC, DCC, or FCS policy
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Select a policy by clicking on the appropriate tab.
4. Click Edit.
This launches the ACL Policy Configuration wizard.
5. Select the policy type you want to edit.
6. Click Next and click Modify.
7.
Select a switch or highlight multiple switches to add to the policy by clicking Add or Add All.
8. Click Next and click Finish to confirm the changes to the switch.
Deleting an SCC, DCC, or FCS policy
You cannot delete the FCS policy from non-primary or non-FCS switches.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Select a policy by clicking on the appropriate tab.
4. Click Edit.
This launches the ACL Policy Configuration Wizard.
5. Select the policy type you want to edit.
6. Click Next and click Delete.
7.
218
Click Next and click Finish to confirm the changes to the switch.
Web Tools Administrator’s Guide
53-1000606-01
Configuring an authentication policy
18
Activating an SCC, DCC, or FCS policy
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Select a policy by clicking on the appropriate tab.
4. Click Activate.
Activating the policy moves it into the Activate Policy Set window.
Once a policy has been created or modified you can distribute it to the rest of the fabric:
To deactivate a policy, you must activate a new or empty policy.
Distributing an FCS policy
You must perform this procedure to distribute an FCS policy.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Select the FCS tab.
4. Click Distribute Policy.
5. Select the switches to be distributed to.
6. Select OK.
If the policy distribution fails, an error dialog box is displayed.
Moving an FCS policy switch position
You can move the position of a member switch in the FCS policy list.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Select the FCS tab.
4. Click Move FCS Switch.
5. Select the appropriate from and to positions.
6. Click Apply.
When you have moved all the member switches, click Apply & Close.
Configuring an authentication policy
You can configure authentication protocol, policy mode for E-Port and F-Port authentication, and
you can distribute the authentication policy to other switches in the fabric. You can also set shared
secret keys.
Web Tools Administrator’s Guide
53-1000606-01
219
18
Configuring an authentication policy
Configuring authentication policies for E-Ports
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Click Authentication on the Security Policies menu.
4. In the Authentication Type field, choose FCAP or DHCHAP.
5. Select the switch authentication policy mode:
On
Strict authentication is enforced on all E-Ports.
Active
The switches can be connected to a switch with any
type of policy.
Passive
The switch does not initiate authentication but
participates if the connecting switch initiates
authentication.
Off
The switch does not support authentication. Any
authentication negotiation is rejected.
6. Select a DH-Group type.
7.
Optionally, choose whether the device authentication policy mode is off or passive.
8. Click Apply.
Configuring authentication policies for F-Ports
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Click Authentication on the Security Policies menu.
4. In the Authentication Type field, choose DHCHAP.
You must choose DHCHAP when you are configuring an F-Port.
5. Choose whether the device authentication policy mode is off or passive.
6. Click Apply.
Distributing authentication policies
NOTE
You cannot distribute authentication policies in AD0 unless it is the only Admin Domain.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Click Authentication on the Security Policies menu.
4. Click Distribute Policy.
5. Select the switches or click the radio button to distribute to all.
220
Web Tools Administrator’s Guide
53-1000606-01
Configuring an authentication policy
18
6. Click OK.
Authentication policies are distributed only if all the selected switches accept the distribution. Only
the policy mode is distributed to the selected switches. The switch initiating the distribution must
accept distribution.
Re-authenticating policies
A user who has changed authentication policy parameters or a shared secret key pair can
re-initialize the authentication.
1. Click a port in the Switch View to open the Port Administration window
The Port Administration window appears with the port selected.
2. Click the Re-Authenticate button.
3. Close the window.
Setting a shared secret key pair
DH-CHAP requires a shared secret key pair between two entities to authenticate with each other. A
key pair consists of a local secret and a peer secret. The local secret identifies the local switch. The
peer secret identifies the entity to which the local switch may authenticate.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Click Authentication on the Security Policies menu.
4. Click the Shared Secret Keys subtab.
5. Click Add.
FIGURE 103 Add Shared Secret Keys window
Web Tools Administrator’s Guide
53-1000606-01
221
18
Configuring SNMP
6. Enter the Switch WWN, name, or domain ID.
You can also use the Browse button to locate and select a switch.
7.
In the Peer Secret and Confirm Peer Secret fields, enter the peer secret value.
8. In the Local Secret and Confirm Local Secret fields, enter the local secret value.
9. Click Add.
10. When you are done adding secret key pairs for switches, click Apply.
Modifying a shared secret key pair
You can edit and modify the secret key pairs by switch.
1. Open the Switch Administration window as described on page 29.
2. Click the Security Policies tab.
3. Click Authentication on the Security Policies menu.
4. Click the Shared Secret Keys subtab.
5. Select a secret key pair and click Edit.
6. Make the appropriate changes and click OK.
Configuring SNMP
This section describes how to manage the configuration of the SNMP agent in the switch. The
configuration includes SNMPv1 and SNMPv3 configuration, accessControl, and systemGroup
configuration parameters.
NOTE
This module is read-only if you do not own the switch.
For more information, see the snmpConfig command in the Fabric OS Command Reference.
Setting SNMP Trap Levels
When you set trap levels for a Brocade 48000 configured with two logical switches, it is on a
logical-switch basis. This means that for each logical switch, you must set trap levels individually.
1. Open the Switch Administration window as described on page 29.
2. Click the SNMP tab.
222
Web Tools Administrator’s Guide
53-1000606-01
Configuring SNMP
18
FIGURE 104 SNMP tab
3. Select a trap level for a recipient from the corresponding Trap Level drop-down menu in the
SNMPv1 and SNMPv3 sections.
The level you select identifies the minimum event level that will prompt a trap.
4. Click Apply.
Configuring SNMP Information
When you configure SNMP information for a Brocade 48000 configured with two logical switches, it
is on a logical-switch basis. This means that for each logical switch, you must configure SNMP
information individually.
Changing the systemGroup configuration parameters
1. Open the Switch Administration window as described on page 29.
2. Click the SNMP tab (see Figure 104).
3. Type a contact name, description, and location in the SNMP Information section.
4. Optional: Select the Enable Authentication Trap check box to allow authentication traps to be
sent to the reception IP address.
Web Tools Administrator’s Guide
53-1000606-01
223
18
Managing RADIUS service
5. Click Apply.
Setting SNMPv1 configuration parameters
1. Open the Switch Administration window as described on page 29.
2. Click the SNMP tab (see Figure 104).
3. Double-click a community string in the SNMPv1 section and type a new community string.
4. Double-click a recipient IP address in the SNMPv1 section and type a new IP address.
5. Click Apply.
Setting SNMPv3 configuration parameters
1. Open the Switch Administration window as described on page 29.
2. Click the SNMP tab (see Figure 104).
3. Select a user name from the User Name drop-down menu in the SNMPv3 section.
Note that the list is scrollable. If you do not see your user name, scroll down using the scroll bar
or by clicking the User Name heading.
4. Double-click a recipient IP address in the SNMPv3 section and type a new IP address.
5. Select a trap level from the Trap Level drop-down menu.
6. Click Apply.
Changing the access control configuration
1. Open the Switch Administration window as described on page 29.
2. Click the SNMP tab (see Figure 104).
3. Double-click an access host IP address in the Access Control List section and type a new host
IP address.
Note that the list is scrollable. If you do not see your user name, scroll down using the scroll bar
or by clicking the Access Host heading.
You can enter an IP address in either IPv4 or IPv6 format. When you use the IPv6 format, you
must include a prefix, for example fec0::2002/64.
4. Select a permission for the host from the Access Control List drop-down menu. Options are
Read Only and Read Write.
5. Click Apply.
Managing RADIUS service
Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When
configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS
client. In this configuration, authentication records are stored in the RADIUS host server database.
Login and logout account name, assigned role, and time accounting records are also stored on the
RADIUS server.
224
Web Tools Administrator’s Guide
53-1000606-01
Managing RADIUS service
18
You should set up RADIUS service through a secure connection such as SSH.
The three choices in the drop-down menu when RADIUS is selected as the primary service are:
• Switch Database when RADIUS Authentication Fails—When selected, the switch user login
database will be checked whenever RADIUS authentication fails.
• Switch Database When RADIUS Times Out—Switch user login database is checked only if the
physical connection to the RADIUS server fails.
• None—Switch user login database is never checked. Only a RADIUS server can be used for
authentication.
FIGURE 105 Choices in the Secondary AAA Service drop-down menu
If the switch database is selected as primary, there is no secondary option. The RADIUS server
cannot be configured as a backup for the switch user login database.
When the primary AAA service is RADIUS you can enable the secondary service which offers three
choices:
• None
• Switch Database when RADUIS authorization fails
• Switch Database when RADIUS times out
When RADIUS login fails, even though RADIUS server is available, the additional service allows you
the option to use the Switch Database as backup authentication service when the RADIUS server is
not available. Alternatively, you can have no secondary AAA service, which means that only the
primary service will be used for authentication.
Use the AAA Service tab of the Switch Administration window to manage the RADIUS service (see
Figure 106).
Web Tools Administrator’s Guide
53-1000606-01
225
18
Managing RADIUS service
FIGURE 106 AAA Service tab
Enabling and Disabling RADIUS Service
At least one RADIUS server must be configured before you can enable RADIUS service.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. To enable RADIUS service, select RADIUS from the Primary AAA Service drop-down menu.
4. Select None, Switch Database when RADIUS Login Failed, or Switch Database when RADIUS
Login Timeout from the Secondary AAA Service drop-down menu.
To disable RADIUS service, select Switch Database from the Primary AAA Service drop-down
menu and select None from the Secondary AAA Service drop-down menu.
5. Click Apply.
226
Web Tools Administrator’s Guide
53-1000606-01
Managing RADIUS service
18
Configuring the RADIUS Service
The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and
replicates itself on a standby CP, if one is present. It is saved in a configuration upload, and so it
can be applied to other switches in a configuration download. You should configure at least two
RADIUS servers so that if one fails, the other will assume service.
You can configure the RADIUS service even if it is disabled. You can configure up to five RADIUS
servers. You must be logged in as admin, switchadmin, or securityadmin to configure the RADIUS
service.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. Click Add. You can configure up to five RADIUS servers. If five RADIUS servers are already
configured, the Add button is disabled.
The RADIUS Configuration dialog box displays.
4. Type the RADIUS server name, which is a valid IP address (in either IPv4 or IPv6 format) or
Dynamic Name Server (DNS) string. Each RADIUS server must have a unique IP address or
DNS name for the RADIUS server.
5. Type the port number.
6. Type the secret string.
7.
Type the timeout time in minutes.
8. Select an authentication protocol from CHAP or PAP. The default value is CHAP, and if you do
not change it, CHAP will be the authentication protocol.
9. Click OK to return to the AAA Service tab.
10. Click Apply.
Modifying the RADIUS Server
Use the following procedure to change the parameters of a RADIUS Server that is already
configured.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. Click a RADIUS server from the RADIUS Configuration list.
4. Click Modify.
The RADIUS/ADLDAP Configuration dialog box opens.
5. Type new values for the port number, timeout time (in minutes), and secret string.
6. Select an authentication protocol from CHAP or PAP. The default value is CHAP, and if you do
not change it, CHAP will be the authentication protocol.
7.
Click OK to return to the AAA Service tab and click Apply.
Web Tools Administrator’s Guide
53-1000606-01
227
18
Managing Active Directory service
Modifying the RADIUS Server Order
The RADIUS servers are contacted in the order they are listed, starting from the top of the list and
moving to the bottom.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. Click a RADIUS server from the RADIUS Configuration list.
4. Click the up and down arrows to rearrange the order of the RADIUS servers.
5. Click Apply.
Removing a RADIUS Server
Use the following procedure to remove a RADIUS server.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. Click a RADIUS server from the RADIUS Configuration list.
4. Click Remove. If there is no RADIUS server configured, the Remove button is disabled. You
cannot remove the only RADIUS server if the RADIUS service is the primary AAA service.
The RADIUS server is not deleted until you apply the changes from the AAA Services tab.
5. Click Apply in the AAA Services tab.
A confirmation displays, warning you that you are about to remove the selected RADIUS server.
6. Click Yes in the confirmation.
Managing Active Directory service
Active Directory is the directory server that holds all the user profiles. Active Directory provides user
authentication and authorization using LDAP as authentication protocol. Active Directory provides
better security while using remote authentication mechanism.
You can add, remove, and modify settings of Active Directory Server.
Enabling Active Directory service
For adding a new Active Directory server, user needs to provide server IP address, port number,
secret string, timeout value and LDAP as authentication protocol. selects Active Directory as server
type, dialog will show only LDAP as authentication protocol
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. To enable Active Directory service, select Active Directory from the Primary AAA Service
drop-down menu.
228
Web Tools Administrator’s Guide
53-1000606-01
Managing Active Directory service
18
4. Select None, Switch Database when Active Directory authentication failed, or Switch Database
when Active Directory timeout from the Secondary AAA Service drop-down menu.
To disable Active Directory service, select Switch Database from the Primary AAA Service
drop-down menu and select None from the Secondary AAA Service drop-down menu.
5. Click Apply.
Modifying Active Directory service
Use the following procedure to change the parameters of a Active Directory service that is already
configured.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. Click a server from the ADLDAP Configuration list.
4. Click Modify.
The RADIUS/ADLDAP Configuration dialog box opens.
5. Type new values for the port, timeout, and domain.
6. Click OK to return to the AAA Service tab and click Apply.
Removing Active Directory service
Use the following procedure to remove a RADIUS server.
1. Open the Switch Administration window as described on page 29.
2. Click the AAA Service tab.
3. Click a server from the ADLDAP Configuration list.
4. Click Remove.
The server is not deleted until you apply the changes from the AAA Services tab.
5. Click Apply in the AAA Services tab.
A confirmation displays, warning you that you are about to remove the selected server.
6. Click Yes in the confirmation.
Web Tools Administrator’s Guide
53-1000606-01
229
18
230
Managing Active Directory service
Web Tools Administrator’s Guide
53-1000606-01
Chapter
19
Administering FICON CUP Fabrics
In this chapter
This chapter contains the following sections:
• Enabling port-based routing on the Brocade 4100, 5000, and 48000 . .
• Enabling or disabling FMS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring FMS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Displaying code page information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Viewing the control device state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• Configuring CUP port connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
232
233
233
234
235
236
About FICON CUP fabrics
Control Unit Port (CUP) is a protocol for managing FICON directors. Host-based management
programs manage the switches using CUP protocol by sending commands to the emulated control
device implemented by Fabric OS. A Brocade switch or director that supports CUP (Brocade 48000)
can be controlled by one or more host-based management programs or director consoles, such as
Brocade Web Tools or Brocade Fabric Manager. (Refer to the Fabric Manager Administrator’s Guide
for information about Fabric Manager.) The director allows control to be shared between
host-based management programs and director consoles.
To use FICON CUP, you must:
• Install a FICON CUP license on a FICON director.
• Enable FMS mode on the FICON director.
• Configure CUP attributes (FMS parameters) for the FICON director.
You can use Web Tools for all of these tasks. You can also use Web Tools to manage FICON
directors (when FMS mode is enabled on those directors) to:
• Display the control device state
• Display a code page
• Manage port connectivity configuration
You do not need to install the FICON CUP license to perform FICON CUP management; you must
install the FICON CUP license, however, if your switch is to enforce traffic between the FICON
director and the host-based management program.
Web Tools Administrator’s Guide
53-1000606-01
231
19
Enabling port-based routing on the Brocade 4100, 5000, and 48000
Enabling port-based routing on the Brocade 4100, 5000, and 48000
Port-based path selection is a routing policy in which paths are chosen based on ingress port and
destination only. This also includes user-configured paths. All Brocade 4100, 5000, and 48000
switches with FICON devices attached must have port-based routing policy enabled. Port-based
routing is a per-switch routing policy. After port-based routing is enabled, you can continue with the
rest of the FICON implementation.
1. Click a switch with FICON devices attached from the Fabric Tree.
2. Open the Switch Administration window as described on page 29.
3. Click the FICON CUP tab.
The FICON CUP tab appears, as shown in Figure 107.
4. Click the Enable radio button in the FICON Management Server Mode section to enable the
port-based routing policy. Click the Disable radio button to disable port-based routing.
5. Click Apply to save your changes.
FIGURE 107 FICON CUP management
232
Web Tools Administrator’s Guide
53-1000606-01
Enabling or disabling FMS mode
19
Enabling or disabling FMS mode
FICON Management Server (FMS) is used to support switch management using CUP. To be able to
use the CUP functionality, all switches in the fabric must have FICON Management Server mode
(FMS mode) enabled. FMS mode is a per-switch setting. After FMS mode is enabled, you can
activate a CUP license without rebooting the director. You can use Web Tools to install a CUP
license. For more information on installing licenses, see “Activating a license on a switch” on
page 41.
When FMS mode is disabled, mainframe management applications, director consoles, or alternate
managers cannot communicate with a director with CUP. In addition, when FMS mode is disabled
on a director, you cannot configure CUP attributes.
1. Click a FICON CUP-capable switch from the Fabric Tree.
2. Open the Switch Administration window as described on page 29.
3. Click the FICON CUP tab.
The FICON CUP tabbed page displays, with the FICON Management Server subtabbed page in
front, as shown in Figure 107. All attributes on this tab are disabled until FMS mode is enabled.
4. Click the Enable radio button in the FICON Management Server Mode section to enable FMS
mode or click Disable to disable FMS mode.
5. Click Apply to save your changes.
Configuring FMS parameters
FMS parameters control the behavior of the switch with respect to CUP itself, as well as the
behavior of other management interfaces (director console, Alternate Managers). You can
configure FMS parameters for a switch only after FMS mode is enabled on the switch. All FMS
parameter settings are persistent across switch power cycles. There are six FMS parameters, as
described in the table below.
TABLE 15
FMS Mode Parameter Descriptions
Parameter
Description
Programmed
Offline State
Control
Controls whether host programming is allowed to set the switch offline. The parameter is set
as enabled by the hardware after system installation, and can be reset by Web Tools.
Active=Saved
Mode
Controls the IPL file update. The IPL file saves port connectivity attributes and port names.
After a switch reboot or power cycle, the switch reads the IPL file and actives its contents as
default configuration.
When this mode is enabled, activating a configuration saves a copy to the IPL configuration
file. All changes made to the active connectivity attributes or port names by host programming
or alternate managers are saved in this IPL file. It keeps the current active configuration
persistent across switch reboots and power cycles.
You cannot directly modify the IPL file or save a file as an IPL file. When this mode is disabled,
the IPL file is not altered for either new configuration activation or any changes made on the
current active configuration. This parameter is set as enabled by the hardware after system
installation, and can be reset by Web Tools.
Note: When FMS mode is enabled and the Active=Saved parameter is disabled, you can
enable and disable ports, but the setting is not persistent. When the Active=Saved parameter
is enabled, you can enable and disable ports and the setting is persistent.
Web Tools Administrator’s Guide
53-1000606-01
233
19
Displaying code page information
TABLE 15
FMS Mode Parameter Descriptions (Continued)
Parameter
Description
Alternate Control
Prohibited
Determines whether alternate managers are allowed to modify port connectivity.
Enabling this mode prohibits alternate manager control of port connectivity; otherwise,
alternate managers can manage port connectivity.
This parameter is set as enabled by the hardware after system installation, and can be reset by
Web Tools.
User Alert Mode
Controls director console behavior for alerts.
Enabling this mode prompts the director consoles to display a warning whenever you attempt
an action that will change switch parameters. When you disable this mode, no warning is
displayed. In this case, in which Web Tools is the director console, warning messages are
displayed by Web Tools regardless of the setting of the parameter, since Web Tools always
displays warning messages when you apply a change to a switch that changes parameters.
This parameter is always read-only in Web Tools. Each time that the switch is powered on, the
parameter is reset to disabled.
Director Clock
Alert Mode
Controls behavior for attempts to set the switch timestamp clock through the director console.
When it is enabled, the director console (Web Tools, in this case) displays warning indications
when the switch timestamp is changed by a user application. When it is disabled, you can
activate a function to automatically set the timestamp clock. There is no indication for
timestamp clock setting.
This parameter is set as disabled by the hardware after system installation, and can be reset
by Web Tools.
Host Control
Prohibited
Determines whether host programming allows modifying port connectivity.
Enabling this mode prohibits host programming control of port connectivity; otherwise, host
programming can manage port connectivity.
This parameter is set as disabled by the hardware after system installation. and can be reset
by Web Tools.
Configuring FMS mode parameters
1. Click a FICON-enabled switch from the Fabric Tree.
2. Open the Switch Administration window as described on page 29.
3. Click the FICON CUP tab.
The FICON CUP tabbed page displays, with the FICON Management Server subtabbed page in
front (see Figure 107 on page 232). All attributes on this tab are read-only until FMS mode is
enabled.
4. To enable or disable an FMS mode parameter, click the check box next to the parameter. A
marked check box means that the parameter is enabled. You cannot configure the User Alert
Mode parameter in Web Tools, as it is read-only.
Displaying code page information
The Code Page field identifies the language used to exchange information between the FICON
director and Host Programming. It is a read-only field in Web Tools, as it is set by Host Programming
only. When FMS mode is disabled, the code page is displayed as unavailable.
1. Click a FICON-enabled switch from the Fabric Tree.
2. Open the Switch Administration window as described on page 29.
234
Web Tools Administrator’s Guide
53-1000606-01
Viewing the control device state
19
3. Click the FICON CUP tab.
The FICON CUP tabbed page displays, with the FICON Management Server subtabbed page in
front (see Figure 107 on page 232). All attributes on this tab are read-only until FMS mode is
enabled.
The code page format is displayed in the Code Page field as shown in the example below:
Language used to exchange information with Host Programming: (EBCDIC)
USA/Canada -- 00037
Viewing the control device state
The control device is in either a neutral or a switched state. When it is neutral, the control device
accepts commands from any channel that has established a logic path with it and accepts
commands from alternate managers. When the control device is switched, it establishes a logical
path and accepts commands only from that logical path (“device allegiance”). Commands from
other paths cause a FICON CUP Busy Error. Most “write” operations from alternate managers are
also rejected.
Device allegiance usually lasts for a very short time. However, under abnormal conditions, device
allegiance can get “stuck” and fail to terminate. It might cause the switch to be unmanageable with
CUP, and you will continue to receive the FICON CUP Busy Error. In this case, you should check the
control device state and the last update time to identify if the device allegiance is stuck. The Web
Tools Switch Admin displays the control device state and last update time (see Figure 107 on
page 232). You can click Refresh to get most recent update.
You can manually reset allegiance to bring the control device back to the neutral state by clicking
Reset Allegiance in the FICON CUP Busy Error display (see Figure 108).
FIGURE 108 FICON CUP busy error
The following switch parameters being read or modified can cause the FICON CUP Busy error:
•
•
•
•
•
Mode Register
Port Names (also called Port Address Name)
PDCM and Port Connectivity Attributes
Switch enable/disable
Switch name change
1. Click a FICON-enabled switch from the Fabric Tree.
2. Open the Switch Administration window as described on page 29.
3. Click the FICON CUP tab.
Web Tools Administrator’s Guide
53-1000606-01
235
19
Configuring CUP port connectivity
The FICON CUP tabbed page displays, with the FICON Management Server subtabbed page in front
(see Figure 107 on page 232). All attributes on this tab are read-only until FMS Mode is enabled.
The control device state is displayed as neutral or switched in the Control Device Allegiance field.
If FMS mode is enabled, and the control device state is unavailable, the FICON CUP Busy Error is
displayed. Click Reset Allegiance in the error message to reset the control device state to its correct
state (see Figure 108).
Configuring CUP port connectivity
In the Port Connectivity subpanel, you can manage the configuration files and active configuration.
All CUP configuration files and the active configuration are listed in a table. The active configuration
is listed as “Active Configuration*” and the description in the table is “Current active configuration
on switch.” The other special configuration file is the IPL. Any other files displayed are user-defined
configurations and are stored on the switch.
You can create, activate, copy, or delete saved CUP port connectivity configurations; however, you
can only edit or copy a configuration while it is active.You can also activate, edit, or copy the IPL
configuration. You must have FMS mode enabled before you can make any changes to the
configurations. Click Refresh to get the latest configuration file list from the switch.
When creating a new configuration or editing an existing configuration, keep in mind that Web Tools
port name input is restricted to printable ASCII characters. Therefore, when Web Tools displays a
port name, if there are characters beyond printable ASCII characters (which would have been
created by the Host Program), those characters are displayed as dots (.).
When initially installed, a switch allows any port to dynamically communicate with any other port.
Two connectivity attributes are defined to restrict this any-to-any capability for external ports: Block
and Prohibit.
Block is a port connectivity attribute that prevents all communication through a port. Prohibit is the
port connectivity attribute that prohibits or allows dynamic communication between ports when a
port is not blocked. Each port has a vector specifying its Prohibit attribute with respect to each of
the other ports in the switch. This attribute is always set symmetrically in that a pair of ports is
either prohibited or allowed to communicate dynamically.
The Port Connectivity table (shown in Figure 109 on page 238) displays the Port number (in
physical-location format), Port Name (port address name), Block attribute, Prohibit attribute, and
Area Id (port address, displayed in hexadecimal) in fixed columns. The right side is a port matrix,
which lists all ports by Area ID and identifies prohibited ports. Those columns are scrollable and
swappable.
Viewing CUP Port Connectivity Configurations
Use the following procedure to display a list of CUP port connectivity configurations.
1. Click a FICON-enabled switch from the Fabric Tree.
2. Open the Switch Administration window as described on page 29.
3. Click the FICON CUP tab.
The FICON CUP tabbed page displays, with the FICON Management Server subtabbed page in
front (see Figure 107 on page 232). All attributes on this page are read-only until FMS mode is
enabled.
236
Web Tools Administrator’s Guide
53-1000606-01
Configuring CUP port connectivity
19
4. Click the CUP Port Connectivity subtab.
Creating or Editing CUP Port Connectivity Configurations
Use the following procedure to create a new CUP port connectivity configuration or to edit an
existing configuration.
1. Display the CUP port connectivity configuration list.
2. You can either create a new configuration or edit an existing configuration.
• To create a new configuration, click New.
The Create Port CUP Connectivity Configuration dialog box displays all ports and port
names on the selected switch (similar to the dialog box shown in Figure 109). The Block
column, Prohibit column, and prohibited ports matrix are displayed as empty, for you to
configure.
• To edit an existing configuration, click the configuration and then click Edit.
The Edit Port CUP Connectivity Configuration dialog box displays the content of the
selected configuration from the switch in a table format (see Figure 109).
3. Optional: Select the check box corresponding to a port you want to block on the Block column.
Repeat this step for all ports you want to block. Select the Block All check box to block all ports.
4. Optional: Select the check box corresponding to a port you want to prohibit on the Prohibit
column. Repeat this step for all ports you want to prohibit. Select the Prohibit All check box to
prohibit all ports.
The cells in the matrix are updated with “X” icons to identify prohibited ports.
5. Optional: Click the individual cells corresponding to the combination of ports you want to
prohibit. You cannot prohibit a port to itself.
6. Review your changes. A blue background in a cell indicates that its value has been modified.
7.
After you have finished making changes, do any of the following:
• Click Activate to save the changes and make the configuration active immediately, as
described in “Activating a CUP Port Connectivity Configuration” on page 238.
• Click Save to save the changes but not make the configuration active.
• Click Save As to save the configuration to a new configuration file. When you click Save As,
a dialog box displays in which you should type a file name and description for the
configuration file.
• Click Refresh to refresh the information from the switch.
• Click Cancel to cancel all changes without saving.
Web Tools Administrator’s Guide
53-1000606-01
237
19
Configuring CUP port connectivity
FIGURE 109 Port CUP Connectivity Configuration dialog box
Activating a CUP Port Connectivity Configuration
When you activate a saved CUP port connectivity configuration on the switch, the preceding
configuration (currently activated) is overwritten.
1. Open the CUP port connectivity configuration list.
2. Click the saved configuration from the list.
3. Click Activate.
The Activate CUP Port Connectivity Configuration confirmation dialog box opens.
The message reminds you that the current configuration will be overwritten upon activation.
4. Optional: Click Active=Saved Mode to enable (selected) or disable (not selected) the
Active=Saved FMS parameter after the configuration is activated.
5. Click Yes to activate the configuration or click No to cancel the activation.
Copying a CUP Port Connectivity Configuration
Use the following procedure to copy a CUP port connectivity configuration to a new configuration.
1. Display the CUP port connectivity configuration list.
2. Click a saved configuration or the active configuration from the list.
238
Web Tools Administrator’s Guide
53-1000606-01
Configuring CUP port connectivity
19
3. Click Copy.
The Copy CUP Port Connectivity Configuration dialog box displays.
4. In the dialog box, type a name and description for the new configuration and click OK to save
the configuration to the target file; click Cancel to cancel copying the configuration.
The file name must be in alphanumeric characters and can contain only dashes or
underscores as special characters.
Deleting a CUP Port Connectivity Configuration
Use the following procedure to delete a saved CUP port connectivity configuration.
1. Display the CUP port connectivity configuration list.
2. Click the saved configuration from the list.
3. Click Delete.
The Delete CUP Port Connectivity Configuration confirmation dialog box displays.
4. Click Yes to delete the selected configuration; click No to cancel the deletion.
Web Tools Administrator’s Guide
53-1000606-01
239
19
240
Configuring CUP port connectivity
Web Tools Administrator’s Guide
53-1000606-01
Chapter
20
Limitations
In this chapter
This section provides the following information:
• General Web Tools limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
General Web Tools limitations
Table 16 lists general Web Tools limitations that apply to all browsers and switch platforms.
TABLE 16
Web Tools limitations
Area
Details
Blade Failure
If a blade fails on the switch, the Web Tools interface can still display slot and ports as
healthy. In this case, the failure might not be visible in Web Tools until the Web Tools
window is reopened.
Browser
For Internet Explore 7.0, the default setting is to disable telnet functionality. You must
make the appropriate changes in the registry to enable telnet functionality if you want
to use it.
Browser
Fabric Watch, Switch Admin, HA, Name Server, and Zone Admin are separate applets
embedded in HTML pages. The successful launch of the applet depends on whether
the browser can successfully load the HTML page. Very occasionally, you will see a
blank browser window with the message “loading pages...” that is stuck. This is likely
caused by a sudden loss of switch Web server (either by normal HA failover, reboot, or
other causes).
Workaround: If Fabric Watch, Switch Admin, HA, Name Server, or Zone Admin hang,
close this window and relaunch the module.
Browser
A Web Tools browser window might stop responding following an HA failover
immediately after a zoning configuration was enabled or disabled. It is likely that the
Web daemon was terminated by the HA failover before the HTTP request was sent back.
Workaround: If one of the Web Tools modules is hanging, close the window and
relaunch the module. If the module is locked, shut down and relaunch the Web Tools
application.
Browser
When you launch Fabric Watch, Switch Admin, Name Server, and Topology from Switch
Explorer via Internet Explorer, the applet windows cannot be resized and the Maximize
button is disabled.
Configuration
Web Tools does not support NAT router configurations and will not function correctly
with switches behind a NAT router.
Web Tools Administrator’s Guide
53-1000606-01
241
20
General Web Tools limitations
TABLE 16
242
Web Tools limitations (Continued)
Area
Details
Firmware download
There are multiple phases to firmware download and activation. When Web Tools
reports that firmware download has completed successfully, this indicates that a basic
sanity check, package retrieval, package unloading, and verification was successful.
Web Tools forces a full package install.
A reboot is required to activate the newly downloaded firmware. This reboot is done
automatically; however, although Web Tools screens will continue to be visible during
the reboot, they will not be available. Wait approximately 10 minutes to ensure that all
of the application windows have been restored. If Web Tools fails to respond after 20
minutes, you might need to close all Web Tools applications windows and restart them,
or to contact your system administrator for network assistance.
The Web Tools loss of network connectivity during a failover or reboot (initiated though
the firmwareDownload) varies for different configurations:
Brocade 48000 directors: loss of network connectivity is up to 5 minutes if the
power-on self-test (POST) is disabled. If POST is enabled, the loss of network
connectivity can exceed 5 minutes.
Brocade 200E, 4012, 4016, 4018, 4020, 4024, 4100, 4900, 5000, and 7500
switches: loss of network connectivity is up to 1 minute if POST is disabled. If POST is
enabled, the loss of network connectivity can exceed 1 minute.
Firmware downgrade
If you try to run Web Tools on a switch after downgrading the firmware, Web Tools may
not open. This is due to the presence of old application cache files in Java. The
workaround is to delete the application cache files using the Java Control Panel.
HTTP timeout
Very occasionally, you might see the following message when you try to get data from a
switch or to send a request to the switch:
Failed to get switch response. Please verify the status
of your last operation and try again if necessary.
This indicates that an HTTP request did not get a response. The request was sent to the
switch, but the connection was down, probably caused by a temporary loss of the Web
server on the switch. Due to the nature of an HTTP connection, Web Tools will report
this error after a 90-second default timeout.
In this case, verify the status of your last request, using telnet to check related status,
or click the Refresh button from the Web Tools application you were working on to
retrieve related data. If your request did not get through to the switch, resubmit it.
Executing a refresh from Web Tools retrieves a copy of switch data at that moment; the
data you entered can be lost if it had not already committed to the switch.
Java cache
If the Web Tools progress bar stops at 93% when initializing switch details, you must
clear the Java cache, as described in “Deleting temporary internet files used by Java
applications” on page 3.
Java Plug-in
If you remove the certificate (not recommended) from the Java Control Panel, you must
close and reopen the browser for the certificate removal to take effect.
Java Plug-in
If you have a Web Tools session open and you open a second session using the File >
New browser menu, this results in unexpected behavior of the original Web Tools
session. For example, you cannot change Admin Domains in the second session.
Web Tools supports only one browser instance per JRE, and when you open another
window using the File > New menu, the two windows share the same JRE environment.
Workaround: Open two independent browser sessions.
Web Tools Administrator’s Guide
53-1000606-01
General Web Tools limitations
TABLE 16
20
Web Tools limitations (Continued)
Area
Details
Loss of Connection
Occasionally, you might see the following message when you try to retrieve data from
the switch or send a request to the switch:
Switch Status Checking
The switch is not currently accessible.
The dialog title may vary, because it indicates which module is having the problem.
This is caused by the loss of HTTP connection with the switch, due to a variety of
possible problems. Web Tools will automatically try to regain the connection. While Web
Tools is trying to regain the connection, check if your Ethernet connection is still
functioning. If the problem is not with the Ethernet connection, wait for Web Tools to
recover the connection and display the following message:
You will have to resubmit your request after closing this message.
If the temporary switch connection loss is caused by switch hot code load, or other
similar operation, Switch Explorer you are currently running can be downloaded from a
different firmware version than the new one. In this case the following message
displays:
Switch connection is restored. The firmware version you are running is not in sync with
the version currently on switch. Close your browser and re-launch Webtools.
You need to close Switch Explorer and relaunch Web Tools to reopen the connection.
Out of Memory Errors
If you are managing fabrics with more than 10 switches or more than 1000 ports, or if
you are using the iSCSI Gateway module extensively, you might encounter
out-of-memory errors such as the following:
java.lang.OutOfMemoryError: Java heap space
To avoid this problem, increase the default heap size in the Java Control Panel. See
“Configuring the Java plug-in” on page 5 for instructions.
Performance Monitor
If the Web browser crashes or the Performance Monitor license is lost while the
Performance Monitoring window is running, some of the Performance Monitor
resources owned by Web Tools might not be cleaned up correctly.
Workaround: You might need to use the CLI to manually delete these counters. For
example, if you detect Web Tools owned resources (using perfshoweemonitor), but you
have verified that no Web users are actually using them, use the perfdeleemonitor or
perfcleareemonitor command to free the resources.
Performance Monitor
For SCSI Read, Write, or Read/Write on a LUN per Port graphs, Fabric OS 4.1.0 (and
later 4.x versions) allows you to enable only two bytes or less for the LUN value mask
setting. Fabric OS 3.1 (and later 3.x versions) allows up to three bytes. Web Tools
displays an error message if you exceed this limit.
Workaround: There is no workaround.
Performance Monitor
For Brocade 48000 directors, while monitoring the performance, if one or all the blades
turn Faulty or if they are powered off or on, then the behavior of various monitoring
graphs is as follows:
The Switch Aggregate and Blade Aggregate graphs will freeze without any updates
(about the traffic).
Workaround: Close and relaunch the graphs.
The Switch Throughput Utilization, Switch Percent Utilization, and Port Snapshot Error
graphs will show the faulty/powered off slot node in the Y-Axis of the graph.
Workaround: Launch any port selection dialog and load the graphs accordingly.
Refresh option in
browsers
When a pop-up window requesting a user response is pushed into the background and
a refresh is requested, a fatal Internet Explorer error might occur.
Workaround: Restart the browser.
Web Tools Administrator’s Guide
53-1000606-01
243
20
General Web Tools limitations
TABLE 16
244
Web Tools limitations (Continued)
Area
Details
Refresh option in
browsers
Web Tools must be restarted when the Ethernet IP address is changed using the
NetworkConfig View command. Web Tools appears to hang if it is not restarted after
this operation is executed.
Workaround: Restart the browser.
Refresh option in
browsers
If you change the switch name or domain ID using the CLI after the Web Tools Switch
Administration window has started, the new switch name or domain ID will not be
updated on the header of the Switch Admin page. Clicking the Refresh button will not fix
the problem.
Workaround: Click the Switch tab and the Switch Admin header will update.
Refresh option in
browsers
If you change the switch name using the Web Tools Switch Admin page or SNMP and
then open a telnet window to verify the name change, the CLI prompt (for example,
switch:admin>) displays the previous name. The telnet prompt cannot pick up the new
switch name until the switch is fastbooted.
Workaround: In order to display the correct switch name in the CLI prompt after a switch
name update using Web Tools or SNMP, fastboot the switch.
Refresh option in
browsers
Following a switch enable or disable, you must wait at least 25–30 seconds for the
fabric to reconfigure and for FSPF route calculations to complete before requesting
routing information. If accessed too early, routing information will not be shown.
Workaround: Following a switch enable or disable, wait at least 25–30 seconds before
further action.
Refresh option in
browsers
The Web Tools Switch Explorer might continue to display a switch from the Switch View,
even when the switch has been removed from the fabric.
Workaround: If this behavior is seen, relaunch Switch Explorer. If the switch was
removed from the fabric, the Fabric View window will list the switch as unavailable.
Refresh option in
browsers
In the Switch Administration window, Switch tab, if you click the Refresh button, you
might not be able to click the data entry fields to enter text. This behavior occasionally
happens on a notebook or laptop computer; it rarely happens on a desktop computer.
Workaround: If this happens, you should close the browser window and restart it.
Switch Explorer closure
If a session times out or you log out or close Switch Explorer window, all other windows
belonging to the session are invalidated. After a short delay these windows become
unusable, but are not closed automatically. You must manually close these windows.
Switch View
Occasionally, switches might display the port icons correctly, but be missing one or
more control button icons.
Workaround: Close the Switch View of the switch and reopen it.
Windows Operating
Systems
Occasionally, you will not see the “Lost connection to the switch” message on the
Switch View, even though the Ethernet connection has been lost. You might still be able
to invoke various features from Switch View, such as Status, Fan Temp, Power, and
Beacon.
Workaround: Verify Ethernet connection to the switch by pinging the logical switch IP
address.
Windows Operating
Systems
While working on Internet Explorer 6.0, when the user launches Switch Explorer it
initially does not activate. You will have to click the window once with the mouse, press
the ESC key, the Space Bar, or Enter to activate the window. This is applicable in all
applets launched using IE 6.0.
Workaround: This is not seen while working on Firefox.
Web Tools Administrator’s Guide
53-1000606-01
Index
Numerics
2 domain/4 domain fabric licenses, 9
A
About Discovery Domains (DD), 179
Access Control List. See ACL
access control. See RBAC.
Access Gateway mode
configuration, 187
enable, 187
enable, Web Tools, 188
accessing
switch event report, 45
activating
CUP port connectivity configuration, 238
licenses, 41
Ports on Demand, 71
AD. See Admin Domains.
adding
Admin Domain members, 91
performance graphs to a canvas, 130
unzoned online devices to zones, 115
zone alias members, 102
zone configuration members, 107
zone members, 104
Admin Domain window, 83
closing, 87
refreshing, 86
Admin Domains
about, 81
assigning administrators, 213
brief description, 13
creating, 88
deleting, 92
direct port membership, 62
indirect port membership, 62
modifying, 91
opening, 83
to activate/deactivate, 90
Administrative Domains. See Admin Domains
Web Tools Administrator’s Guide
53-1000606-01
AL_PA
error graphs, creating, 129
alarm configuration report for Fabric Watch, 159
alarms, Fabric Watch
configuring, 157, 158
displaying, 159
enabling and disabling, 157
aliases, zone. See zone aliases
all access zoning, 96
arbitrated loop parameters, configuring, 39
automatic trace dump transfers, 144
B
backbone fabric, 134
backbone fabric ID, configuring, 140
backing up configuration file, 54
basic performance monitoring graphs, 124
BB credit, 37
beaconing, enabling, 51
best practices for zoning, 117
blades, enabling and disabling, 32
browsers
limitations, 241, 244
refresh frequency, setting, 2
supported, 1
buffer-limited ports, 163
C
Challenge Handshake Authentication Protocol. See CHAP
changing
chassis name, 35
domain ID, 35
passwords, 214
switch name, 34
CHAP
authentication, 169
secret, editing, 184
user, creating, 183
245
Index
chassis name, changing, 35
class F traffic, 38
clearing temporary internet files, 3
clearing the zoning database, 114
closing
Admin Domain window, 87
sessions, 13
Zone Administration window, 100
code page, displaying, 234
configuration
Access Gateway mode, 187
upload, 187
configuration file
Admin Domain considerations, 54
backing up, 54
restoring, 55
configuring
arbitrated loop parameters, 39
backbone fabric ID, 140
CUP port connectivity, 236
default heap size, 5
email notifications, 160
ethernet IP, 30
EX_Ports, 137
fabric parameters, 36
Fabric Watch thresholds, 155
FAN frame notification parameters, 39
FC IP address, 30
FC ports, 65
FCIP interswitch link, 199
FCIP IP interfaces, 201
FCIP IP routes, 201
FCIP ports, 67
FCR router cost, 139
FICON Management Server parameters, 233
FRU alarms, 158
GigE ports for FCIP, 68
IKE/IPSEC Policy, 199
IOD frames delivery, 195
IP address for iSCSI Target Gateway, 173
IP and netmask, 30
IP interfaces for FCIP, 68
IP route for iSCSI Target Gateway, 174
IP routes for FCIP, 68
Java Plug-in, 5
link cost, 195
long-distance settings, 165
port speed, 65
port type, 65, 67
ports, 61
RADIUS server, 227
246
routes, 193
SNMP information, 223
syslog IP address, 31
system services, 39
threshold alarms, Fabric Watch, 157
virtual channel settings, 38
Configuring an IKE or IPSEC Policy, 199
Configuring FCR router port costs, 139
Control Device state, 235
Control Unit Port. See CUP
copying CUP port connectivity configuration, 238
CP failover, initiating, 43
creating, 180
Admin Domains, 88
AL_PA error graphs, 129
basic performance graphs, 124
CHAP user for iSCSI Target Gateway, 183
DDset, 181
discovery domains (DD), 180
iSCSI fibre channel zones with an effective zone
configuration, 185
iSCSI fibre channel zones with no effective zone
configuration, 185
SCC/DCC policy, 217
SCSI command graphs, 128
SCSI vs. IP traffic graphs, 127
SID-DID performance graphs, 126
virtual targets for iSCSI Target Gateway, 175, 176
zone aliases, 101
zone configurations, 106
zones, 103
creating FCS policy, 217
CUP port connectivity configuration
activating, 238
copying, 238
deleting, 239
displaying, 236
customizing
basic performance graphs, 124
chassis name, 35
D
datafield size, 37
DDSet, creating, 181
DDSet, editing, 182
default zoning, 96
defining device aliases, 117
deleting
Admin Domains, 92
Web Tools Administrator’s Guide
53-1000606-01
Index
CUP port connectivity configuration, 239
user accounts, 213
zone aliases, 102
zone configurations, 108
zones, 105
device aliases, defining, 117
device probing, 38
devices only view, 100
devices only zoning, 101
direct port membership in Admin Domains, 62
disabling
automatic trace uploads, 145
blades, 32
dynamic load sharing, 194
Fabric Watch threshold alarms, 157
FICON Management Server mode, 233
ports, 69, 70
RADIUS service, 226
RLS probing, 39
switch, 34
trunking mode, 78
zone configurations, 109
zoning, 109
disabling an NPIV port, 71
Discovery Domain Set. See DDSet
Discovery Domains
create, 178
displaying
alarms, Fabric Watch, 159
Control Device state, 235
CUP port connectivity configuration, 236
enabled zone configuration, 109
fabric events, 44
fan status, 146
FICON code page, 234
name server entries, 49
power supply status, 148
switch events, 45
temperature status, 147
user account information, 211
DLS, 194
domain ID, changing, 35
downloading
configuration file, 55
firmware, 56
Dynamic Load Sharing. See DLS
E
E_D_TOV, 37
Web Tools Administrator’s Guide
53-1000606-01
edge fabrics
about, 134
editing
DDset, 182
discovery domains (DD), 180
iSCSI fibre channel zone members, 185
email notifications, 160
enable
Access Gateway mode, 187, 188
enabled zone configuration, displaying, 109
enabling
automatic trace dump transfer, 145
beaconing, 51
blades, 32
DLS, 194
Fabric Watch threshold alarms, 157
FICON Management Server mode, 233
insistent domain ID mode, 38
iSCSI Target Gateway service, 172
ports, 69
Ports on Demand, 71
RADIUS service, 226
RLS probing, 39
switch, 34
trunking mode, 78
zone configurations, 108
enabling an NPIV port, 70
ending sessions, 13
events
displaying, 44, 45
filtering, 46
severity levels, 44
EX_Ports, configuring, 137
exchange-based routing, 193, 194
expiring passwords, 216
extended fabrics, 163
F
fabric events, 44
fabric ID, configuring, 140
fabric information, refreshing, 86, 98
fabric parameters, configuring, 36
fabric topology report, 48
Fabric Tree, 19
fabric view, 100
fabric view zoning, 100
Fabric Watch
about, 153
247
Index
alarms, 157
thresholds, 155
failover, initiating, 43
FAN frame notification parameters, configuring, 39
fan status, 146
fast boot, 36
FC ports, configuring, 65
FC Routing module, 135
FC targets, searching for iSCSI Target Gateway, 178
FC-FC routing
about, 133
setting up, 134
supported switches, 133
FCIP
configuring interswitch link (ISL), 199
IP interfaces, configuring, 201, 203
IP routes, configuring, 201, 205
ports, configuring, 67
tunnels, configuring, 206
FCR router cost, 139
FCS policy
activate, 219
create, 217
deactivate, 219
delete, 218
distribute, 219
moving switch position, 219
feature licenses, 40
FICON Management Server
mode, enabling and disabling, 233
parameters, 233
filtering events, 46
Filtering IP Addresses, 31
firmware download, 56
FRU alarms, configuring, 158
FSPF routing, 194
fwdl. See firmware download.
G
GigE port
configuring FCIP IP interfaces, 203
configuring FCIP IP routes, 205
graphs for performance monitoring, 120
H
HA. See Hi Avail
248
hard zones, 100
heap size, configuring, 5
Hi Avail
administering, 41
High-Availability. See Hi Avail
HTTPS protocol, 9
I
ID_ID mode
about, 38
enabling, 38
IKE/IPSec policy, 199
inactivity timeout, 15
indirect port membership in Admin Domains, 62
initiating CP failover, 43
initiators for iSCSI Target Gateway, 178
in-order delivery. See IOD
insistent domain ID mode
about, 38
enabling, 38
installing
Java Plug-in, 4, 5
JRE, 4
JRE patches on Solaris, 4
Solaris patches, 4
Web Tools license, 7
IOD
frame delivery, 195
IP address
configuring for iSCSI Target Gateway, 173
IP address, filtering, 31
IP and netmask, configuring, 30
IP interfaces
configuring for iSCSI Target Gateway, 172
IP interfaces, configuring for FCIP, 68
IP routes, configuring for FCIP, 68
IQN, 169
iSCSI Target Gateway
about, 167
activating the service, 172
CHAP authentication, 169
CHAP secrets, editing, 184
CHAP user, creating, 183
CHAP, about, 183
clear all, 170
configure IP route, 174
configure the IP interface, 172
creating virtual targets, 175, 176
Web Tools Administrator’s Guide
53-1000606-01
Index
DDSet, creating, 181
DDSet, editing, 182
Discover Domain Set, 169
Discovery Domain, 169
discovery domain sets (DDSet), about, 181
discovery domains (DD), 178
discovery domains (DD), about, 179
discovery domains, creating, 180
discovery domains, editing, 180
editing an iSCSI target, 177
enabling, 172
FC LUN, 169
FC virtual initiator, 169
GbE, 169
IQN, 169
iSCSI fibre channel zone members, editing, 185
iSCSI fibre channel zone, creating, 184
iSCSI fibre channel zone, creating with an effective
zone configuration, 185
iSCSI fibre channel zone, creating with no effective
zone configuration, 185
iSCSI initiator, 169
iSCSI initiators, 178
iSCSI Port, 169
iSCSI session, 169
iSCSI virtual target, 169
launching module, 171
LUN mapping, 169
managing/troubleshooting accessibility, 186
PDU, 169
search for FC target, 178
supported switches, 167
VT LUN, 169
iSCSI target, editing for iSCSI Target Gateway, 177
ISL trunking, 77
J
Java Plug-ins
configuring, 5
installing, 4, 5
supported, 2
JRE, installing, 4
Web Tools, 9
LEDs, port, 150
license key, 7
licenseAdd command, 7
licensed features, 40
licenses
activating, 41
installing Web Tools, 7
removing, 41
licenseShow command, 7
limitations
browsers, 241, 244
firmware download, 242
HTTP, 242, 243
Microsoft Windows Operating System, 244
Performance Monitor, 243
Switch View, 244
limited switch license, 9
link cost, 195
logging out, 13
LSAN
devices, 140
fabrics, managing, 136
zones, managing, 139
M
managing RADIUS server, 224, 228
message severity levels, 44
MetaSAN, 134
modifying
Admin Domains, 91
performance graphs, 131
RADIUS server, 227
RADIUS server order, 228
zone aliases, 102
zone configurations, 107
zones, 104
monitoring performance, 119
mouse over information, 22
N
L
launching
FC Routing module, 135
iSCSI Target Gateway module, 171
Web Tools Administrator’s Guide
53-1000606-01
name server entries, displaying, 49
naming ports, 68
netmask and IP, configuring, 30
no access zoning, 96
NPIV
249
Index
about, 70
ports, disabling, 71
ports, enabling, 70
effective zone configuration, 110
performance graphs, 130
zone configuration summary, 111
O
R
opening
Performance Monitoring window, 123
Switch Administration window, 29
R_A_TOV, 37
RADIUS server
about, 224, 228
configuring, 227
enabling and disabling, 226
modifying, 227
modifying server order, 228
removing, 228
RAM requirements, 2
RBAC
pre-defined roles, 15
rebooting the switch, 36
recommendations
configuration tasks, 25
for Web Tools, 25
for zoning, 117
mixed fabric, 25
refresh frequency, setting, 2
refresh rates, 24
refreshing
Admin Domain window, 86
fabric information, 86, 98
Switch Administration window, 29
Zone Administration window, 99
removing
Admin Domains members, 91
licenses, 41
offline devices from zoning database, 116
RADIUS server, 228
zone alias members, 102
zone configuration members, 107
zone members, 104
renaming
zone aliases, 102
zone configurations, 107
zones, 104
replacing
offline devices in zones, 116
WWN in zoning database, 114
requirements, Web Tools, 1
restoring configuration file, 55
right-click menu, 23
RLS probing
enabling and disabling, 39
P
passwords
changing, 214
expiring, 216
rules, 215
unlocking, 216
PDU, 169
performance graphs
adding to a canvas, 130
modifying, 131
printing, 130
types of, 120
Performance Monitoring window, 123
per-frame routing priority, 38
persistently disable a port, 70
PID format, 37
platforms, supported, 2
polling rates, 24
Port Administration window, 61
port membership in Admin Domains, 62
port menu, 23
port names, assigning, 68
port speed, configuring, 65
port swapping, 74
port type, configuring, 65, 67
port-based routing, 193
ports
buffer-limited, 163
configuring, 61
disabling, 69, 70
enabling, 69
LEDs, 150
long distance parameter, 165
naming, 68
Ports on Demand, enabling, 71
power supply status, 148, 149
printing
250
Web Tools Administrator’s Guide
53-1000606-01
Index
Role-Based Access Control. See RBAC
router cost path, 139
routes, configuring, 193
S
saving
performance graphs, 129
zoning changes, 87, 99
SCC/DCC policy
activate, 219
create, 217
deactivate, 219
delete, 218
edit, 218
SCSI command graph, 128
SCSI vs. IP traffic graph, 127
searching zone member selection lists, 114
sequence level switching, 37
session management, 15
sessions, ending, 13
setting
refresh frequency, 2
SNMP trap levels, 222
severity levels, 44
SID-DID performance graph, 126
SNMP information, configuring, 223
SNMP trap levels, 222
soft zones, 95
Solaris patches, installing, 4
starting Web Tools, 9
swapping port index IDs, 74
switch
changing the name of, 34
enabling and disabling, 34
mouse over information, 22
rebooting, 36
Switch Administration window, 27
opening, 29
refreshing, 29
Switch Events and Switch Information, 22
switch events, displaying, 45
Switch Explorer
Admin Domains, 20
switch name, changing, 34
switch PID format, 37
switch report, 35
switch status report, 149
Web Tools Administrator’s Guide
53-1000606-01
Switch View, 21
Switch View buttons, 21
syslog IP address
configuring, 31
removing, 31
system services, configuring, 39
T
telnet, install Web Tools, 7
temperature status, 147
temporary internet files, 3
threshold alarms, Fabric Watch
configuring threshold alarms, 157
enabling and disabling, 157
timeout, session, 15
topology report, 48
trace dumps, 143
troubleshooting
iSCSI Target Gateway, 186
Web Tools, 25
trunking mode, enabling and disabling, 78
tunnels, configuring for FCIP, 206
U
unlocking passwords, 216
user accounts, managing, 209
V
value line licenses, 9
VC Priority, 38
viewing
EX_Ports, 137
LSAN devices, 140
LSAN fabrics, 136
LSAN zones, 139
swapped ports, 74
Switch Explorer, 17
switch status, 148
viewing FCR router cost, 139
virtual channel settings, configuring, 38
virtual targets, creating for iSCSI Target Gateway, 175,
176
251
Index
W
Web Tools
Access Gateway mode, enable, 187
Web Tools, launching, 9
WWN
adding to zones, 113
removing from zones, 113
replacing in zones, 114
Z
Zone Admin module
saving changes, 87
Zone Administration window
about, 97
closing, 100
refreshing, 99
saving changes, 99
zone aliases
adding unzoned online devices, 115
creating, 101
defining device aliases, 117
deleting, 102
description, 101
modifying, 102
renaming, 102
replacing offline devices, 116
zone configurations
analysis report, 111
creating, 106
deleting, 108
disabling, 109
enabling, 108
example, 105
modifying, 107
renaming, 107
summary report, 110
zone member selection lists, searching, 114
zones
about, 95
adding unzoned online devices, 115
adding WWNs, 113
best practices, 117
creating, 103
deleting, 105
description, 103
enforcement, 95
initiator/target accessibility matrix, 112
LSAN, 139
252
modifying, 104
removing WWNs, 113
renaming, 104
replacing offline devices, 116
replacing WWNs, 114
selecting a view, 100
zoning
all access, 96
default zoning, 96
no access, 96
zoning database
clearing, 114
managing, 113
maximum size, 100, 108
removing offline devices, 116
zoning views, 100
zoning, disabling, 109
zoning, saving changes, 87, 99
Web Tools Administrator’s Guide
53-1000606-01
Download PDF
Similar pages