Brocade Product Training: CFP264 Brocade 4 Gbit/sec Accelerated BCFP Instructor-Led Module 4 Installation and Setup

2006 Brocade Communications Systems, Incorporated.
Revision CFP264 ILT 0806

Page 4-1
1
Brocade Education Services
Brocade
Product Training
CFP264 ILT 0806
CFP264
Brocade 4 Gbit/sec Accelerated BCFP
Instructor-Led Module 4
Installation and Setup
Page 4-2
2
CFP264 ILT 0806
Objectives
Following this module and associated lab, an attendee should be able to
Perform out-of-box initial configuration
Perform initial security configuration
Verify switch status
Identify the importance of fabric parameters
Perform other common administrative tasks
Page 4-3
3
CFP264 ILT 0806
Out of the box Experience
Items included
Qualified Fabric OS version
Command-Line management
Generally included: Web Tools and Zoning licenses
Power Cables
Serial Cables
Rubber mounting feet
Quick Start Guide
Documentation CD
Optional Items
Rack-mount kit
Additional licensed Fabric OS features
SFPs (may be included, varies by OEM)
Each vendor that ships a Brocade switch will include the version of firmware that the supporting vendor has
qualified.
Due to qualification cycles, switches shipping from the factory may not have the same Fabric OS version that is
currently installed on other switches in your fabric, even if the switches were obtained from the same vendor.
Close attention should be taken to ensure the firmware on the new switch is compatible with other switches in your
environment, per your vendors qualification matrix. Use the version command to determine the installed
firmware version.
You may also check fabric operation parameters to ensure there are no conflicting settings when any new switch
is introduced to a production fabric. Being familiar with the version of Fabric OS currently installed on the SAN and
any customized settings will make troubleshooting easier and adding new switches simpler. The SAN Health utility
can help you audit your current environment.
Cables and documentation will be enclosed with the switch. A switch may be shipped with a rack mounting kit or
enclosed in a 19 rack. Should the switch reside on a table top and not installed in a rack, it is recommended to
attach the four rubber mounting feet, one in each corner to reduce the chance of slipping.
Each switch has a blank IP address label located on the cable side of the switch that can be used to document the
IP address when assigned.
The Quick Start Guide and Brocade Documentation CD should be read prior to installing SFPs and powering on
the switch.
Brocade Partner Network http://partner.brocade.com
For Brocade partners.
Firmware and release notes
Documentation, how-to-guides
Sales presentations and collateral
Sales training courses and sales Webinars
Scripts, MIBs, and RSH Utilities
Technical support bulletins, advisory notices, and the Brocade
Knowledge Base.
Brocade Connect: http://www.brocadeconnect.com
For Brocade end-users.
User-donated scripts
SNMP MIBs
User message boards
Documentation, how-to guides, and release notes
Customers that have purchased Brocade support have
access to firmware, support bulletins, advisory notices, and
the Brocade Knowledge Base.
SAN Health: http://www.brocade.com/sanhealth
For Brocade end-users and partners
Generates a Visio topology diagram.
Generates a detailed "snapshot" report on your SAN
configuration including alerts, performance graphs, and best
practices.
Page 4-4
4
CFP264 ILT 0806
Physical Preparation
Customizing the Switch
Managing Licensed Features
Configuring and Verifying Fabric Parameters
Verifying Switch Function
Attaching Nodes
Saving Switch Configuration
Steps For Configuring a New Switch
Prior to installing the switch, a site survey should be made. Brocade recommends separate
power sources; one for each of the dual power supplies and ample airflow for the back to
front cooling. Details on environmental requirements, including power and cooling, are found
in the Hardware Reference Guide for your switch. This document is found on the
Documentation CD shipped with the switch, and can be downloaded from Brocade Connect.
When customizing the switch for the SAN and Network, it is customary to first assign the
switch an IP address by connecting to the external serial port first. It is also a good idea to
set a timeout value (timeout 10) to ensure you do not end up with hanging administrative
sessions. Once the IP address is assigned, log out of the serial connection and connect over
IP with Web Tools, telnet or SSH for remaining customization such as the domain number
and switch name.
During the login process and after the password submitted has been verified, a message
will appear asking to change default user id and password from its current value.
Responding to this is optional and changing the default password to a new value will make
the switch more secure when performing administration.
Page 4-5
5
CFP264 ILT 0806
Environmental Concerns
Power
Cable dual power switches to dual power circuits
Air
Air flow is from non-cable side (back) to cable side (front)
Cable(s)
Allow for manageable cable slack to minimize stress
Do not mix single (longwave) with multimode (shortwave) in patch panel
Secure with Velcro straps
Be wary of distances total can add up quickly with patch panels
Create a Cable Table
Monitor switch environment
psshow Displays power status
fanshow Displays fan status
tempshow Displays temp readings
sensorshow Displays all sensor readings
Air flow for Brocade switches is from the non-cable side to the cable side because the heat-
generating components of the switch (ASICs and SFPs) are on the port side.
Improper cable planning can cause problems and may impact performance in the SAN.
Although patch panels are helpful in a cable management scenario, attempt to minimize the
number of connections as every fiber optic interconnection generates a few dB of signal
loss. Keep a manageable slack to minimize cable stress. Use different color Velcro straps
for trunk groups.
For more information on power supplies, fans, and temperature readings see the hardware
reference manual for the appropriate switch model.
Page 4-6
6
CFP264 ILT 0806
SilkWorm Management Interfaces
Command Line Interface
Serial Communication (HyperTerm or tip)
Telnet (Port 23)
SSHv2 (Port 22) - v4.1 and later
Brocade Application Program Interface (API and SMI-S)
Brocade Fabric Manager
Brocade Advanced Web Tools
HTTP
HTTPS requires a Digital Certificate to be installed on the switch
(v4.4 and later)
SNMPv1 (all) and SNMPv3 (Fabric OS v4.4 and later)
Brocade MIBs
Brocade switches can be administered using a command line interface (CLI) or through a
graphical user interface (GUI).
With Fabric OS v4.1 and higher, SSHv2 (Secure Shell version 2) is enabled by default,
allowing the entire telnet session to be encrypted.
The Brocade Fabric Access and Storage Management Initiative Specification (SMI-S) APIs
give developers and customers programmatic access into the switch where organizations
can easily integrate the intelligence of Brocade SAN fabrics into existing management
applications, or quickly develop customized SAN-specific capabilities.
Brocade Fabric Manager is a powerful desktop application that manages multiple Brocade
SilkWorm switches and fabrics in real time. In particular, Fabric Manager provides the
essential functions for efficiently configuring, monitoring, provisioning, and managing
Brocade SAN fabrics on a daily basis.
Brocade Web Tools, an intuitive and easy-to-use interface, enables organizations to monitor
and manage Brocade SilkWorm fabrics. Tasks can be performed by using a Java-capable
Web browser from standard laptops, desktop PCs, or workstations from any location within
the enterprise. Use the httpcfgshow command to determine the java version the switch
expects at the management console.
Brocade offers SNMP MIBs for customers to use to read and set common settings on
SilkWorm switches.
For information regarding Secure Shell, read:
SSH, The Secure Shell: The Definitive Guide
By Daniel J. Barrett, Richard E. Silverman
First Edition February 2001
ISBN: 0-596-00011-1
Page 4-7
7
CFP264 ILT 0806
Command Line Interface Shortcuts
Recall last command & put CLI into edit mode
ESC + K (pre v5.1.0), or UP Arrow key (v5.1.0 and higher)
Cursor Position - while edit mode active
H, J, K, L or UP, DOWN, LEFT, RIGHT
End of Line - while edit mode active
Shift + A or END key
History of commands
h
Multiple commands issued on one line
command1;command2
Help for commands
help <command>
When administrating Brocade switches using the command line interface certain key strokes
can be helpful administrating the switch.
Page 4-8
8
CFP264 ILT 0806
Initial Configuration
Log in Through the Serial Port
Cable:
The required serial cable is provided with the switch
A PC with:
HyperTerm
An available COM port
A UNIX
system with:
tip
An available serial port
When a new switch has arrived for installation into a fabric, its suggested to use a
serial cable to configure the switch with an IP address. After the IP address is
configured, the serial connection to the switch may be dropped and an SSH, telnet,
or Web Tools session may be used for further switch configuration because of its
convenience and speed.
To configure the connection in a Microsoft Windows
environment:
Bits per second: 9600 Data bits: 8
Parity: None Stop bits: 1 Flow control: None
To configure the connection in a UNIX environment:
# tip hardwire
Installation steps
1. Insert the serial cable provided to an RS-232 serial port on the workstation
2. Verify the switch has power and is past the POST stage
3. Invoke the ipaddrset command to set the IP address and subnet mask and
default gateway
Page 4-9
9
CFP264 ILT 0806
Set the IP Address
Default IP Address for switches: 10.77.77.77
Default Netmask: 255.255.255.0
Obtain addressing information for your network
IP Address & netmask
Default gateway
Directors require more than one IP address on the same subnet
One IP Address required per Control Processor
One IP Address required per logical switch
2 logical switches in the SilkWorm 12000
1 or 2 logical switches in the SilkWorm 24000
1 logical switch in the SilkWorm 48000
Default IP Addresses for Directors: 10.77.77.77 (logical switch 0),
.76 (logical switch 1), .75 (cp0), .74 (cp1)
RSL1_ST02_B41:admin> ifmodeshow eth0
Link mode: negotiated 100baseTx-FD, link ok
RSL1_ST02_B41:admin> ifmodeset eth0
Exercise care when using this command. Forcing the link to an operating mode not supported
by the network equipment to which it is attached may result in an inability to communicate
with the system through its Ethernet interface. It is recommended that you only use this
command from the serial console port.
Are you sure you really want to do this? (yes, y, no, n): [no] yes
Proceed with caution.
Auto-negotiate (yes, y, no, n): [no]
Force 100 Mbps / Full Duplex (yes, y, no, n): [no]
Force 100 Mbps / Half Duplex (yes, y, no, n): [no]
Force 10 Mbps / Full Duplex (yes, y, no, n): [no]
Force 10 Mbps / Half Duplex (yes, y, no, n): [no]
You must select at least one link operating mode.
RSL1_ST02_B41:admin> ipaddrset
Ethernet IP Address [10.255.248.35]:
Ethernet Subnetmask [255.255.255.192]:
Fibre Channel IP Address [0.0.0.0]:
Fibre Channel Subnetmask [0.0.0.0]:
Gateway IP Address [10.255.248.62]:
Issuing gratuitous ARP...Done.
IP address is being changed...Done.
Committing configuration...Done.
Page 4-10
10
CFP264 ILT 0806
Log In Through the Ethernet Interface
Multiple concurrent telnet sessions are allowed on Linux-based
switches
Two admin and four user logins simultaneously
Use killtelnet to terminate a telnet connection
Login using a standard telnet or SSHv2 client
Use quietmode to suppress messages to the console
Telnet may be disabled to force administrators to connect through an
encrypted SSHv2 session
RSL1_ST02_B41 login: admin
Password:
Please change your passwords now.
Use Control-C to exit or press 'Enter' key to proceed.
Password was not changed. Will prompt again at next login
until password is changed.
RSL1_ST02_B41:admin> quietmode
[* abbreviated *]
quietMode: Off
RSL1_ST02_B41:admin> quietmode 1
Committing configuration...done
Quiet Mode is now ON
RSL1_ST02_B41:admin> killtelnet
[* abbreviated *]
______________________________________________________________________________
Session No USER TTY IDLE FROM LOGIN@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0 admin0 pts/0 1.00s 10.255.248.22 1:47pm
1 admin0 pts/1 9.00s 10.255.248.22 1:52pm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enter Session Number to terminate (q to quit) 1
Please Ensure (Y/[N]): Y
killing session.... Done!
Page 4-11
11
CFP264 ILT 0806
Switch Login Accounts
Open telnet or serial connection to switch
Default administrative account: admin
Default password: password
Other accounts: root, factory, switchadmin and user
You will be prompted to change the default passwords at every login
until they are changed
The default user accounts are factory, root, admin and user. The default password for
admin and user is password. Brocade discourages signing on as root/factory except for
conditions when directed by an OEM support team for advanced troubleshooting reasons.
When signing onto a switch and the current password is the Brocade default value, a
password prompt will appear asking to change the password for all accounts. Once this
process completes, you may rename the default accounts to a new name and assign a new
password that meet the password requirements of 8 characters long. New passwords must
be different than the current password. The password value is then written to the local
switch. Subsequently, when signing onto other switches in the fabric, other switches may
have different accounts and passwords. Documenting renamed accounts and their new
password values is strongly encouraged. Having the same password for each account is
discouraged.
Use the switchAdmin level account for administrative use that does not include security,
user management, or zoning configuration.
Password:
While there are four accounts that can be used to sign onto a switch. Fabric OS v3.x and
v2.x, only one person signed at a time can sign on. FOS v4.x allows for two concurrent
admin sessions. For FOS v2.x and v3.x, if an administration session using the RS232
interface is in use and a telnet session using the IP interface is made to the same switch, the
telnet session will disconnect the RS232 session.
Page 4-12
12
CFP264 ILT 0806
Set the Fabric-Wide Clock
The Principal Switch maintains time for an entire fabric
Subordinate switches synchronize time from the Principal
Use the tsclockserver command to instruct the Principal Switch to
synchronize time with an NTP server
Specify an IP address of an NTP server
Specify LOCL to stop NTP synchronization
Use the date command to manually set the switch date and time
date with no arguments displays the current date and time
date "mmddhhmmyy" sets the date and time, where
mm is the month, valid values are 01-12
dd is the date, valid values are 01-31
hh is the hour, valid values are 00-23
mm is minutes, valid values are 00-59
yy is the year, valid values are 00-99
The date command becomes read-only if an NTP server has
been specified
RSL1_ST02_B41:admin> date
Tue May 16 15:00:57 UTC 2006
RSL1_ST02_B41:admin> tsclockserver
LOCL
RSL1_ST02_B41:admin> tsclockserver 128.118.25.3
Updating Clock Server configuration...done.
128.118.25.3
RSL1_ST02_B41:admin> date "0516073406"
External Time Synchronization in place. Cannot execute this
command.
RSL1_ST02_B41:admin> tsclockserver LOCL
Updating Clock Server configuration...done.
LOCL
RSL1_ST02_B41:admin> date "0516073406"
Tue May 16 07:34:00 UTC 2006
Page 4-13
13
CFP264 ILT 0806
Set Switch Time Zone
Set on each switch in the fabric
Individual switches maintain time zone information independently
Use the tstimezone command to set the switch time zone in
relationship to Greenwich Mean Time (GMT)
Example: Eastern Time (United States) is GMT-5
tstimezone -5
RSL1_ST02_B41:admin> tstimezone -5
Updating Time Zone configuration...done.
System Time Zone change will take effect at next reboot.
Page 4-14
14
CFP264 ILT 0806
Set Login Banner
A login banner will appear prior to CLI or Web Tools login
Limited to 1022 characters interactively, 116 as a command line
argument
Viewed from command line or Web Tools
Set using the bannerset command
Remove using bannerset ""
RSL1_ST02_B41:admin> bannerset
Please input content of security banner
(press "." and RETURN at the beginning of a
newline to finish input):
Unauthorized access is prohibited.
Do not log in if you do not have the
authorization to do so.
.
RSL1_ST02_B41:admin> bannerset
Please input content of security banner (press "." and RETURN at the
beginning of a newline to finis
h input):
Do not log in if you do not have the authorization to do so.
.
RSL1_ST02_B41:admin> login
Password:
RSL1_ST02_B41:admin> bannershow
RSL1_ST02_B41:admin> bannerset ""
RSL1_ST02_B41:admin> bannershow
Page 4-15
15
CFP264 ILT 0806
Activate Licensed Features
Used to enable Fabric OS features
Based on the switch WWN
licenseidshow
License string is up to 16 mixed-case, case-sensitive characters
A single license key may activate one feature or a bundle of features
License commands
licenseshow
licenseadd
licenseremove
RSL1_ST02_B41:admin> licenseidshow
10:00:00:05:1e:02:ab:21
RSL1_ST02_B41:admin> licenseadd "cbQeQRy9QdsVfRl"
adding license-key "cbQeQRy9QdsVfRl"
RSL1_ST02_B41:admin> licenseshow
bzbzRQQSRQc0c0SQ:
Web license
ezcRecbSef0dSf2:
Zoning license
ReQbbSzdR9SfRcc7:
Fabric license
cbQeQRy9QdsVfRl:
Ports on Demand license - additional 8 port upgrade
Ports on Demand license - additional 8 port upgrade
One feature per
license key
Multiple features
per license key
Page 4-16
16
CFP264 ILT 0806
Set the Switch Name
Switch names should be unique for easier administration
Naming suggestions
Site or building where switch is located
Floor or room where switch is located
Indicate topology (core switch vs. edge switch)
Rack ID
Switch Type
Fabric ID
Domain ID
Example: RSL1_ST02_B41
Remote SAN Lab #1
Station #2
Brocade 4100
Switch name is assigned using the switchname command
Having a well thought out switch naming convention enables easy identification of physical
switches if a problem arises. Use a switch naming convention that scales across the
organization, keeping in mind that the SAN might start small but can be extended
enterprise-wide over time. Switch names can be duplicated in the fabric. To see a list of the
existing switch names and their IP settings, use the command fabricshow.
Switch Name rules in Fabric OS v4.1 and later
- Up to 15 characters including letters, digits, hyphens, and underscore characters
- Must begin with a letter
- No spaces
switch:admin> switchname "RSL1_ST02_B41"
Committing configuration...
Done.
RSL1_ST02_B41:admin> switchname
RSL1_ST02_B41
RSL1_ST02_B41:admin> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
-------------------------------------------------------------------------
1: fffc01 10:00:00:05:1e:02:12:a5 10.255.248.32 0.0.0.0 "RSL1_ST02_B20"
2: fffc02 10:00:00:05:1e:02:ab:21 10.255.248.35 0.0.0.0 >"RSL1_ST02_B41"
The Fabric has 2 switches
Page 4-17
17
CFP264 ILT 0806
Set syslog Server
The system logging daemon (syslogd) on hosts can receive system
events and error messages from SilkWorm switches
If all switches and control processors escalate messages to syslogd,
the administrator may view a fabric-wide log of events
Configuration is simple
syslogdipadd
syslogdipremove
syslogdipshow
syslog records are tagged as belonging to a facility
Fabric OS v4.4 and later support UNIX local1 - local7
facilities
The default facility level is 7
Change the facility using the syslogdfacility command
Additional host configuration may be necessary, see server
documentation
RSL1_ST02_B41:admin> syslogdipshow
No addresses configured
RSL1_ST02_B41:admin>
RSL1_ST02_B41:admin> syslogdipadd 10.255.248.2
RSL1_ST02_B41:admin> syslogdipadd 10.255.248.3
syslog.IP.address.1 10.255.248.2
RSL1_ST02_B41:admin> syslogdfacility
Syslog facility: LOG_LOCAL7
RSL1_ST02_B41:admin> syslogdfacility -l 6
Syslog facility changed to LOG_LOCAL6
RSL1_ST02_B41:admin> syslogdipremove 10.255.248.3
RSL1_ST02_B41:admin> syslogdipremove 10.255.248.2
No addresses configured
Page 4-18
18
CFP264 ILT 0806
Initial Security Configuration
Disable Telnet
Use the configure command to disable telnet
May be run on an enabled switch
If telnet is disabled from within a telnet session, all telnet sessions will
be disabled
To avoid losing your session, disable telnet through an alternate
interface
Serial port session
SSHv2 session
Web Tools
RSL1_ST02_B41:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no] y
rstatd (on, off): [off]
rusersd (on, off): [off]
telnetd (on, off): [on]
ssl attributes (yes, y, no, n): [no]
http attributes (yes, y, no, n): [no]
snmp attributes (yes, y, no, n): [no]
rpcd attributes (yes, y, no, n): [no]
cfgload attributes (yes, y, no, n): [no]
No changes.
Page 4-19
19
CFP264 ILT 0806
Enable Web Tools Upfront Login
Upfront Login forces administrators to enter an ID and password
before they can access any portion of the Web Tools interface
Enable Upfront Login using the configure command
May be run on an enabled switch
By default Upfront Login is not enabled.
RSL1_ST02_B200E:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no]
ssl attributes (yes, y, no, n): [no]
http attributes (yes, y, no, n): [no]
snmp attributes (yes, y, no, n): [no]
rpcd attributes (yes, y, no, n): [no]
cfgload attributes (yes, y, no, n): [no]
webtools attributes (yes, y, no, n): [no] yes
Upfront Login Enabled (yes, y, no, n): [no] yes
By default, Upfront Login is not enabled. Anyone with network access to the
management port may enter the initial switchExplorer view without an ID and
password. However, an ID and password are required to change any switch or
fabric parameters. Upfront Login ensures that unauthorized users are not able to
gather even basic information regarding the switch.
Web Tools may be disabled using the configure command.
Page 4-20
20
CFP264 ILT 0806
Set Command Line Session Timeout
Automatically terminate a telnet or SSH session after a period of
inactivity
Timeout value is specified in minutes
Setting a timeout value of 0 disables automatic session timeout
Valid settings include 0, or a value between 1 and 99,999 minutes
To display the current setting, type timeout with no arguments
RSL1_ST02_B41:admin> timeout
Current IDLE Timeout is 0 minutes
RSL1_ST02_B41:admin> timeout 15
IDLE Timeout Changed to 15 minutes
The modified IDLE Timeout will be in effect after NEXT login
Password:
RSL1_ST02_B41:admin> timeout
Current IDLE Timeout is 15 minutes
Default timeout on Linux-based switches is 10 minutes.
Page 4-21
21
CFP264 ILT 0806
Change Default Passwords
Open a serial port, telnet, or SSH connection to the switch
Default administrative accounts: admin, user
Default password for both: password
Other default accounts: root, factory
Use of root and factory accounts is not supported
Log in as root or factory only if directed by your support provider
When prompted, change all default passwords
Passwords must be between 8 and 40 characters by default
Use the passwdcfg --showall command to display password
rules in Fabric OS v5.1 and higher only
Password:
Password:
Warning: Access to the Root and Factory accounts may be required for
proper support of the switch. Please ensure the Root and Factory
passwords are documented in a secure location. Recovery of a lost Root
or Factory password will result in fabric downtime.
for user - root
Changing password for root
Enter new password:
Re-type new password:
passwd: all authentication tokens updated successfully
for user - factory
for user - admin
for user - user

Saving passwords to stable storage.
Passwords saved to stable storage successfully
Page 4-22
22
CFP264 ILT 0806
Set Password Rules
Fabric OS v5.1 and later only
Password rules are enforced only when defining new passwords
Passwords that have already been defined will not be checked for
policy compliance
Set password rules with passwdcfg --set command
Set password strength policy by specifying the minimum number of:
Lowercase letters -lowercase
Uppercase letters -uppercase
Digits (0-9) -digits
Punctuation characters
1
-punctuation
Minimum length
2
-minlength
Limit password re-use by setting the password history policy
Passwords kept in history
3
-history
1
All printable punctuation characters except colon ":" are allowed
2
The minimum password length may be set from 8 to 40 characters in length. The password length is
the total number of lowercase, uppercase, digits, and punctuation characters. The total number of
these characters may not exceed 40. Keep this in mind as you specify the minimum number of each
type of character required.
3
The password history policy is not enforced when an administrator sets a password for another user,
but the password set by the administrator is recorded in the user's password history.
swd77:admin> passwdcfg --set -lowercase 3 -uppercase 1 -digits 2 -punctuation 2
-minlength 10 -history 3
swd77:admin> passwd
Changing password for admin
Enter old password:
Enter new password:
Password must be between 10 and 40 characters long.
Enter new password:
Insufficient number of upper case letters
Enter new password:
Insufficient number of lower case letters
[* abbreviated *]
Enter new password:
Insufficient number of digits in password
Enter new password:
Saving password to stable storage.
Password saved to stable storage successfully.
Page 4-23
23
CFP264 ILT 0806
Set Password Rules (cont.)
Avoid stale passwords by setting a password expiration policy
2
Minimum age -minpasswordage
Maximum age -maxpasswordage
Expiration warning (days)
1
-warning
Set the account lockout policy
3
Password failures allowed -lockoutthreshold
Set lockout duration (minutes) -lockoutduration
RSL1_ST02_B41:admin> passwdcfg --set -minpasswordage 20 -maxpasswordage 30 -warning 5
RSL1_ST02_B41:admin> passwdcfg --set -lockoutthreshold 5 -lockoutduration 15
1
The user will begin seeing warning messages when they login a number of days
prior to password expiration. They will be compelled to change their password when
it has expired.
2
The password expiration policy is not enforced for root and factory accounts.
3
The account lockout policy is not enforced for root, factory, and admin role
accounts.
swd77:admin> passwdcfg --set -minpasswordage 20 -maxpasswordage 30 -warning 5
swd77:admin> userconfig --show -a
[* abbreviated *]
Account name: root
Role: root
Description: root
Enabled: Yes
Password Last Change Date: Unknown
Password Expiration Date: Not Applicable
Locked: No
Account name: admin
Role: admin
Description: Administrator
Enabled: Yes
Password Last Change Date: Wed May 24 2006
Password Expiration Date: Fri Jun 23 2006
Locked: No
Page 4-24
24
CFP264 ILT 0806
Set Password Rules (cont.)
Use passwdcfg --setdefault command to restore the factory
default password policy
RSL1_ST02_B41:admin> passwdcfg --setdefault
RSL1_ST02_B41:admin> passwdcfg --showall
passwdcfg.minlength: 8
passwdcfg.lowercase: 0
passwdcfg.uppercase: 0
passwdcfg.digits: 0
passwdcfg.punctuation: 0
passwdcfg.history: 1
passwdcfg.minpasswordage: 0
passwdcfg.maxpasswordage: 0
passwdcfg.warning: 0
passwdcfg.lockoutthreshold: 0
passwdcfg.lockoutduration: 30
passwdcfg.status: 0
Page 4-25
25
CFP264 ILT 0806
User-Defined Accounts
Up to 15 user defined accounts may be created
Default accounts admin and user may be disabled
Use the userconfig command to administer accounts
userconfig --show
userconfig --change
userconfig --add
userconfig --delete
User-defined accounts assist in tracking who did what, when
Enable enhanced change tracking with trackchangesset 1
RSL1_ST02_B41:admin> userconfig --show -a
Account name: root
Role: root
Description: root
Enabled: Yes
Account name: factory
Role: factory
Description: Diagnostics
Enabled: Yes
Account name: admin
Role: admin
Enabled: Yes
Account name: user
Role: user
Description: User
Enabled: Yes
RSL1_ST02_B41:admin> userconfig --add jdoe -r admin -d
"Jane Doe"
Setting initial password for jdoe
Enter new password:
Account jdoe has been successfully added.
RSL1_ST02_B41 login: jdoe
Password:
RSL1_ST02_B41:jdoe> userconfig --show jdoe
Account name: jdoe
Role: admin
Description: Jane Doe
Enabled: Yes
RSL1_ST02_B41:jdoe> userconfig --change admin -e no
Broadcast message from root (pts/0) Wed May 17 09:14:48
2006...
Security Policy, Password or Account Attribute Change:
admin will be logged out
Attribute for account admin has been successfully
changed.
RSL1_ST02_B41:jdoe> userconfig --show admin
Account name: admin
Role: admin
Enabled: No
RSL1_ST02_B41:jdoe> DANGER
Your company policy may require you to disable default
accounts or group-access accounts such as the default
user and admin accounts. Before you disable the
default account admin, be certain you have created at
least one user-defined account assigned to the admin
role. Without an account with admin privileges, you will
not be able to manage your switch.
Page 4-26
26
CFP264 ILT 0806
RADIUS Authentication
To centrally control user logins, Fabric OS supports the open-standard
RADIUS protocol
Provides remote user access authentication, authorization, and
accounting
Client/server model: A Brocade switch running Fabric OS v3.2/4.4 or
higher acts as a RADIUS client to a RADIUS server
Network Security: All RADIUS client/server traffic is authenticated via a
shared secret
Focused on user logins, not FC device logins or switch attachment
When RADIUS is enabled on a switch:
All logins are authenticated through a RADIUS server (bypasses local
database)
All switch passwords are managed through the RADIUS server - the
switch/Director local password database is bypassed
Monitor user logins on a RADIUS-enabled system through the RADIUS
server
The Remote Authentication Dial-In User Service (or RADIUS) is a protocol for carrying
authentication, authorization, and authentication (aaa) information about remote user access
between a Network Access Server (which desires to authenticate its links) and a shared
Authentication Server. RADIUS is an open standard (IETF RFC 2865 and RFC 2866).
Client/server: The RADIUS client must pass user information to designated RADIUS
servers, and act on the returned response. The RADIUS server receives user connection
requests, authenticates the users, and then returns all configuration information needed for
the RADIUS client to deliver service. In this case, a SilkWorm switch is configured as a
Network Access Server that acts as a RADIUS client.
Network Security: To ensure that user names and passwords remain private, all
client/server communication is encrypted, and authenticated with a shared secret key.
RADIUS is focused on authenticating, authorizing, and accounting remote user access in
particular, logins and logouts. RADIUS does not perform these roles for devices or switches
entering a fabric these roles continue to be handled by existing Fibre Channel protocols.
In a fabric with switches running a mix of Fabric OS version, the way a switch
authenticates users depends on whether a RADIUS server is set up for that switch.
For a switch with RADIUS support and configuration enabled, authentication
bypasses the local password database. On a RADIUS-enabled switch, logins
through the console port are not authenticated with the RADIUS server, but through
the local switch database.
For a switch with RADIUS support or configuration disabled, authentication uses
switch local account names and passwords.
Page 4-27
27
CFP264 ILT 0806
RADIUS Authentication (cont.)
Fabric OS v3.2/4.4+ switches have two login authentication databases
The default primary database is Switch Database
1
It consists of the default switch login accounts: root, factory, admin,
and user
It can also contain user-defined multiple user accounts (MUAs)
There is no secondary login authentication database available when the
primary database is Switch Database; the only option is None
When RADIUS is configured as the primary login authentication database
there are two options available for secondary login authentication: None
(default) and Switch Database
Footnote 1: Web Tools Switch Database is referred to as switchdb at
the CLI.
If a denial (incorrect user name / password) is received from RADIUS server
that is authenticating login then a secondary RADIUS server or
authentication database login is not attempted.
If a configuration parameter is incorrect in either the RADIUS server or the
switch AND if the secondary database is Switch Database then telnet or
Web Tools Admin access could be gained, after timeout(s), using a local
account that authenticates via the Switch Database.
Page 4-28
28
CFP264 ILT 0806
RADIUS Authentication (cont.)
Management access to a switch with primary database configured to RADIUS will
attempt authentication via configured RADIUS server(s)
Possible RADIUS server responses: grant, deny, or time out
If response from all RADIUS servers is timeout, serial access can authenticate using
switch database; ALL servers can similarly access IF secondary RADIUS server is set to
Switch Database
RADIUS Server 2
RADIUS Server 1
Management
Server
Fabric OS v4.4+
switch
1
2
3 4
5
Response
Serial /Console
Server
Network
Serial Cable
6
In the example above, the primary database is RADIUS, and the RADIUS servers
have been properly configured with user names and passwords. When a
management station attempts access, the following scenario occurs:
1. The management server attempts to access the switch (RADIUS client) using a
user name/password combination configured on the RADIUS servers.
2. The authentication request is sent to the first RADIUS server in the RADIUS
configuration (RADIUS Server 1).
3. If the response from RADIUS Server 1 is accept, management access is
achieved; if the response is deny, the management server does not get access.
4. If there is a timeout from RADIUS Server 1, then the authentication request is
sent to the second RADIUS server in the RADIUS configuration (RADIUS Server
2).
5. If the response from RADIUS Server 2 is accept, management access is
achieved; if the response is deny, the management server does not get access.
6. If there is a timeout from RADIUS Server 2 AND the switch database is
configured as a secondary database, then the user name/password is
authenticated on the local switch.
Notes:
Error messages related to RADIUS access attempts are displayed at the serial
port console.
Up to five RADIUS servers can be configured.
Page 4-29
29
CFP264 ILT 0806
Verify Switch Status
View Switch Uptime
Use switchuptime or uptime commands to display the amount of time
the switch has been operational
RSL1_ST02_B41:admin> switchuptime
8:49pm up for 10 days 5 hrs 21 mins
RSL1_ST02_B41:admin> uptime
8:49pm up 10 days, 5:21, 1 user, load average: 0.01, 0.03, 0.00
Page 4-30
30
CFP264 ILT 0806
Check Switch Status Commands
Display overall status of switch with switchstatusshow
Display current policy settings with switchstatuspolicyshow
Marginal Status
Yellow color when displayed in Web Tools or Fabric Manager
Entry in error log, viewed with errshow, flagged as marginal
Down Status
Red color when displayed in Web Tools or Fabric Manager
Entry in error log, viewed with errshow, flagged as faulty
Display temperature, fan, and power supply status with sensorshow
RSL1_ST02_B41:admin> switchstatusshow
Switch Health Report Report time: 05/16/2006 10:59:22 AM
Switch Name: RSL1_ST02_B41
IP address: 10.255.248.35
SwitchState: HEALTHY
Duration: 01:45
Power supplies monitor HEALTHY
Temperatures monitor HEALTHY
Fans monitor HEALTHY
Flash monitor HEALTHY
Marginal ports monitor HEALTHY
Faulty ports monitor HEALTHY
Missing SFPs monitor HEALTHY
Fabric Watch is not licensed
Detailed port information is not included
Page 4-31
31
CFP264 ILT 0806
Check Switch Status Commands (cont.)
RSL1_ST02_B41:admin> sensorshow
sensor 1: (Temperature ) is Ok, value is 27 C
sensor 6: (Fan ) is Ok, speed is 5400 RPM
sensor 9: (Power Supply) is Ok
sensor 10: (Power Supply) is Ok
RSL1_ST02_B41:admin> switchstatuspolicyshow
The current overall switch status policy parameters:
Down Marginal
----------------------------------
PowerSupplies 2 1
Temperatures 2 1
Fans 2 1
Flash 0 1
MarginalPorts 2 1
FaultyPorts 2 1
MissingSFPs 0 0
switchstatusshow will display the overall status of the switch that include internal switch status, faulty ports,
missing SFPs, power supplies, temperatures, fans, portstatus, and ISLStatus. The status may be one of the
following: marginal/warning or down/failed.
switchstatuspolicyshow: This command prints the current policy parameters for calculating the overall status
of the switch. The tolerances for calculating the status of the switch can be configured with
switchstatuspolicyset.
RSL1_ST02_B200E:admin> switchstatusshow
Switch Health Report
Report time: 05/21/2006 09:37:31 AM
Switch Name: RSL1_ST02_B200E
IP address: 10.255.248.32
SwitchState: HEALTHY
Duration: 70:56
Power supplies monitor HEALTHY
Temperatures monitor HEALTHY
Fans monitor HEALTHY
Flash monitor HEALTHY
Marginal ports monitor HEALTHY
Faulty ports monitor HEALTHY
Missing SFPs monitor HEALTHY
All ports are healthy
Page 4-32
32
CFP264 ILT 0806
switchstatuspolicyset
Seven parameters that determine switch status
PowerSupplies
Temperatures
Fans
Flash
MarginalPorts
FaultyPorts
MissingSFPs
Marginal triggers
Yellow status in Web Tools
Down triggers
Red status in Web Tools
These states are policy
based and do not
necessarily reflect the
operational state of the
switch
RSL1_ST02_B41:admin> switchstatuspolicyset
To change the overall switch status policy parameters
The current overall switch status policy parameters:
Down Marginal
----------------------------------
PowerSupplies 1 1
Temperatures 2 1
Fans 2 1
Flash 0 1
MarginalPorts 2 1
FaultyPorts 2 1
MissingSFPs 0 0
Note that the value, 0, for a parameter, means that it is
NOT used in the calculation.
** In addition, if the range of settable values in the prompt is (0..0),
** the policy parameter is NOT applicable to the switch.
** Simply hit the Return key.
The minimum number of
Bad PowerSupplies contributing to DOWN status: (0..1) [1]
Bad PowerSupplies contributing to MARGINAL status: (0..1) [1]
Bad Temperatures contributing to DOWN status: (0..2) [2]
Bad Temperatures contributing to MARGINAL status: (0..2) [1]
Bad Fans contributing to DOWN status: (0..3) [2]
Bad Fans contributing to MARGINAL status: (0..3) [1]
Out of range Flash contributing to DOWN status: (0..1) [0]
Out of range Flash contributing to MARGINAL status: (0..1) [1]
MarginalPorts contributing to DOWN status: (0..16) [2]
MarginalPorts contributing to MARGINAL status: (0..16) [1]
FaultyPorts contributing to DOWN status: (0..16) [2]
FaultyPorts contributing to MARGINAL status: (0..16) [1]
MissingSFPs contributing to DOWN status: (0..16) [0]
MissingSFPs contributing to MARGINAL status: (0..16) [0]
No change
Page 4-33
33
CFP264 ILT 0806
Port Status
Port name command
portname <port> or <slot>/<port>
Port enable/disable commands
portdisable <port> or <slot>/<port>
portenable <port> or <slot>/<port>
portcfgpersistentdisable <port> or <slot>/<port>
portcfgpersistentenable <port> or <slot>/<port>
Port status command
portshow <port>
sw2:admin> portshow 2
portName: JBOD PORT
portFlags: 0x23806b portLbMod: 0x0 PRESENT ACTIVE F_PORT L_PORT U_PORT LOGIN NOELP LED ACCEPT
portType: 4.1
portState: 1 Online
portPhys: 6 In_Sync
portScn: 6 F_Port
portRegs: 0x81020000
portData: 0x102de900
portId: 330200
portWwn: 20:02:00:60:69:50:06:67
portWwn of device(s) connected: 21:00:00:20:37:38:60:e5
21:00:00:20:37:38:ab:42
21:00:00:20:37:36:02:4a
21:00:00:20:37:38:89:a9
21:00:00:20:37:59:84:17
21:00:00:20:37:97:02:13
21:00:00:20:37:0c:30:bf
21:00:00:20:37:87:49:7d
21:00:00:20:37:87:49:87
21:00:00:20:37:11:65:ec
Distance: normal
Speed: N1Gbps
Interrupts: 707 Link_failure: 0 Frjt: 0
Unknown: 90 Loss_of_sync: 69 Fbsy: 0
Lli: 191 Loss_of_sig: 0 Lip_in: 0
Proc_rqrd: 488 Protocol_err: 0 Lip_out: 7
Timed_out: 0 Invalid_word: 0 Lip_rx: F7,F7
Rx_flushed: 0 Invalid_crc: 0
Tx_unavail: 0 Delim_err: 0
Free_buffer: 0 Address_err: 47
Overrun: 0 Lr_in: 0
Suspended: 0 Lr_out: 0
Parity_err: 0 Ols_in: 0
Ols_out: 0
Port initialization from right to left and
current port type
Port Name
Port WWNs of Devices: 10 Devices
Distance: Normal buffering
Port speed
Page 4-34
34
CFP264 ILT 0806
Port Speeds
Individual port speeds can be set by the administrator
portcfgspeed <port>,<speed_level>
Set the speed level for all ports on a switch
switchcfgspeed <speed_level>
Valid speeds
0: auto-negotiated 1, 2, or 4 Gbit/sec
1: 1 Gbit/sec
2: 2 Gbit/sec
4: 4 Gbit/sec
The SFP and hard-coded port speed should match, otherwise a
Mod_Inv will display in switchshow output
Some devices prefer hard-coded speeds to auto-negotiation
Setting the port speed is a disruptive event, and can force a device to re-
login to the fabric.
Page 4-35
35
CFP264 ILT 0806
Port Settings & Port Setting Commands
portcfgshow
RSL1_ST02_B20:admin> portcfgshow
Ports of Slot 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-----------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+--
Speed 1G 2G 4G AN 1G 2G 4G AN AN AN AN AN AN AN AN AN
Trunk Port ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON ON
Long Distance .. .. .. .. .. .. .. LE LE .. .. .. .. .. .. ..
VC Link Init .. .. .. .. .. .. .. .. ON .. .. .. .. .. .. ..
Locked L_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. ON ..
Locked G_Port .. .. .. .. .. .. .. .. .. .. .. .. .. ON .. ..
Disabled E_Port .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ON
ISL R_RDY Mode .. .. .. .. .. .. .. .. .. .. .. ON .. .. .. ..
RSCN Suppressed .. .. .. .. .. .. .. .. .. .. ON .. .. .. .. ..
Persistent Disable.. .. .. .. .. .. .. .. .. ON .. .. .. .. .. ..
NPIV capability ON ON ON ON .. ON .. ON ON .. ON .. ON ON ON ON
where AN:AutoNegotiate, ..:OFF, ??:INVALID.
portcfgdefault
portcfgeport, portcfglport, portcfggport
Speed is displayed as 1G, 2G, 4G, or AN (when in Auto Speed Negotiation mode). This
value is set by the portcfgspeed command.
Trunk Port is displayed as ON (when port is set for trunking) or for OFF (when trunking is
disabled on the port) as set by the portcfgtrunkport command.
Long Distance setting of the port is shown as blank when long distance mode is L0
(normal) and will display modes depending on the distance mode setting: LE (<= 10km),
L0.5 (<=25km), L1 (<= 50km), L2 (<= 100km), LD (auto), LS (static). This value is set by
the portcfglongdistance command.
VC link init setting of the port is shown as blank when VC link init mode is off or ON
when VC link init mode is on. This value is set by the portcfglongdistance command.
Locked L_Port is displayed as ON when port is locked to L_Port only or when L_Port
lock mode is disabled (and it behaves as a U_Port). This value is set by the portcfglport
command.
Locked G_Port is displayed as ON when port is locked to G_Port only) or blank when
G_Port lock mode is disabled (and it behaves as a U_Port). This command is set by the
portcfggport command.
Disabled E_Port is displayed as ON when port is not allowed to be an E_Port. This
command is set by the portcfgeport command.
Persistent disable is displayed as ON when the port is disabled across reboots or
power cycles or when the port is allowed to function normally. This mode is set by the
portcfgpersistentdisable command.
ISL R_RDY is displayed as ON when the port is set to R_RDY flow control. This mode is set
by the portcfgislmode command.
RSCN Suppressed is displayed as ON when RSCNs have been suppressed on the port.
This mode is set by the portcfg rscnsupr command.
Persistent Disable is displayed as ON when the port has been persistently disabled.
This mode is set by the portcfgpersistentdisable command
NPIV capability mode is displayed as ON when the port is configured to perform N_port
virtualization. This mode is set by the portcfgnpivport command.
Page 4-36
36
CFP264 ILT 0806
SW3850_51:admin> switchshow
switchName: SW3850_51
switchType: 26.1
switchState: Online
switchMode: Native
switchRole: Subordinate
switchDomain: 51
switchId: fffc33
switchWwn: 10:00:00:60:69:50:06:67
switchBeacon: OFF
Zoning: OFF
port 0: id N1 Online F-Port 10:00:00:00:c9:24:76:16
port 1: id N2 Online F-Port 10:00:00:00:c9:29:06:4d
port 2: id N1 Online L-Port 10 public
port 3: id N2 Online Loopback->3
port 4: id N2 Online E-Port (Trunk port, master is port #5)
port 5: id N2 Online E-Port 10:00:00:60:69:90:04:f0 "SWT3850_53" (upstream) (Trunk master)
port 8: id N2 No_Light
port 9: id 2G No_Light
port 12: id 1G No_Light
port 15: -- N2 No_Module
Verifying Switch Operation
Switch
Domain #51
1 2 3
4
7
6
5
0
10 9 8 11
15
12
13
14
FC-AL
10 Devices
No SFP
Switch
Domain #53
1 2 3
4
7
6
5
0
10 9 8 11
15
12
13
14
The switchshow command can be used to verify the switch is operating correctly and display information about
the switch status.
switchName - The switchs name
switchType - model.motherboard-rev, where the model number is as follows:
1=SilkWorm 1000 2=SilkWorm 2800 3=SilkWorm 2400 4=SilkWorm 20x0 5=SilkWorm 22x0 9=SilkWorm 3800
10=SilkWorm 12000 12=SilkWorm 3900 16=SilkWorm 3200 21=SilkWorm 24000 26=SilkWorm 3850
27=SilkWorm 3250 32=SilkWorm 4100 34=SilkWorm 200E 38=AP 7420 42=SilkWorm 48000 44=SilkWorm 4900
46=SilkWorm 7500
switchState - The state of this switch: Online, Offline, Testing or Faulty
switchMode The switch mode, Native or InterOp
switchRole - The switch role: Principal, Subordinate or disabled
switchDomain - The domain ID of this switch: 0 to 31 or 1 to 239.
switchID - The 24-bit address of this switch's embedded port: hex fffc00 to fffcef.
switchWwn - The World Wide Name of this switch
switchBeacon - Indicates if the beacon is turned on or not
Zoning zoning status
Port Number - Each line shows the port number: 0 to 15, the GBIC type, the port state and a comment field
Port module type - The GBIC/SFP or other type follows the port number.
The four types include (--= none; sw=short wave; lw long wave; cu copper; id - intelligent)
Port speed - The speed of the port (1G, 2G, N1, N2, AN)
Long distance level - L0 (default), L1, L2, LE
Port state - The possible port states include:
No_Card - no card present in this switch slot
No_Module - no SFP module in this port
No_Light - the module is not receiving light
No_Sync - the module is receiving light but is out of sync
In_Sync - the module is receiving light and is in sync (copper displays Sync, fiber, Online)
Laser_Flt - the module is signaling a laser fault (defective GBIC)
Port_Flt - the port has been marked faulty (defective GBIC, cable, or device)
Diag_Flt - the port failed diagnostics (defective G_Port or FL_Port card or motherboard)
Online - the port is up and running
Lock_Ref - the port is locking to the reference signal
Testing - running diagnostics
Comment field - Some possible comments include: Disabled, Loopback
Page 4-37
37
CFP264 ILT 0806
Port Status LEDs
Port status LED behavior may vary per switch type
Check the Hardware Reference Guide for your particular switch
Example for the SilkWorm 4100:
Port is online but segmented Slow Green
(2 second intervals)
Port is faulty Fast Flashing Amber
( second intervals)
Port is disabled Slow Flashing Amber
(2 second intervals)
Port is connected to another device,
but has no traffic
Steady Green
Port is online and frames are
passing through the port
Flickering Green
Meaning Port Status LED State
None Port is Tx/Rx at 4 Gbit/sec Steady
amber
None Port is Tx/Rx at 2 Gbit/sec Steady
green
Above each port
on right
Below serial port
Location
of LED
Indicates port
speed
Indicates switch
power
Purpose
of LED
None POST is running, or port is Tx/Rx at
1 Gbit/sec
No light
Check error log One or more ports failed POST Slow
green
None Switch on and boot completed Steady
green
Verify boot completed; contact
switch vendor
Boot not complete or failed; switch
may be off
No light
Recommended Action Status of Hardware Color
of LED
Port Speed and Serial Port LEDs
Port Speed LED for 3900/12000: upper LED
Each SilkWorm 4100 port has two LEDs on an LED assembly below the ports. The
port-speed LED is on the right and port-status LED is on the left. Top row LEDs are
for ports 0-3; 8-11; 16-19; and 24-27. Bottom row LEDs are for ports 4-7; 12-15; 20-
23; and 28-31.
Page 4-38
38
CFP264 ILT 0806
Fabric Parameters
Configuration Parameters
They dictate the way the switch will behave
Set using the configure command
Some configure parameters can be changed online
Disable the switch before setting fabric configuration parameters
RSL1_ST02_B41:admin> switchdisable; configure
Reset to factory defaults by using the configdefault command
RSL1_ST02_B41:admin> switchdisable; configdefault
Parameters not reset by a configdefault
World Wide Name
Ethernet settings (MAC address, IP address, subnetmask)
IP gateway address
SNMP configuration
Zoning configuration
Switch name
License keys
An example of some of the configuration parameters:
RSL1_ST02_B41:admin> switchdisable; configure
Configure...
Fabric parameters (yes, y, no, n): [no] y
Domain: (1..239) [1]
R_A_TOV: (4000..120000) [10000]
E_D_TOV: (1000..5000) [2000]
WAN_TOV: (0..30000) [0]
MAX_HOPS: (7..19) [7]
Data field size: (256..2112) [2112]
Sequence Level Switching: (0..1) [0]
Disable Device Probing: (0..1) [0]
Suppress Class F Traffic: (0..1) [0]
Switch PID Format: (1..2) [1]
Per-frame Route Priority: (0..1) [0]
Long Distance Fabric: (0..1) [0]
BB credit: (1..27) [16]
Page 4-39
39
CFP264 ILT 0806
Fabric Parameters
Consistent Fabric Parameters
The configshow command will display parameter settings
RSL1_ST02_B20:admin> configshow fabric.ops
fabric.ops.BBCredit:16
fabric.ops.E_D_TOV:2000
fabric.ops.R_A_TOV:10000
fabric.ops.dataFieldSize:2112
fabric.ops.max_hops:7
fabric.ops.mode.fcpProbeDisable:0
fabric.ops.mode.isolate:0
fabric.ops.mode.longDistance:0
fabric.ops.mode.noClassF:0
fabric.ops.mode.pidFormat:1
fabric.ops.mode.tachyonCompat:0
fabric.ops.mode.unicastOnly:0
fabric.ops.mode.useCsCtl:0
fabric.ops.vc.class.2:2
fabric.ops.vc.class.3:3
fabric.ops.vc.config:0xc0
fabric.ops.vc.linkCtrl:0
fabric.ops.vc.multicast:7
fabric.ops.wan_tov:0
fabric.ops parameters must be
consistent on all switches throughout
the fabric otherwise switches cannot
join together
fabric.ops.pidFormat is the
most commonly changed default
setting
pidFormat = 1 (Core PID) is
the default setting for all 4
Gbit/sec switches and some 2
Gbit/sec models
pidFormat = 0 (Native PID) is
the default for all 1 Gbit/sec
switches and some 2 Gbit/sec
models
Other fabric.ops parameters:
fabric.ops.mode.longDistance: In fabrics with version 2.x switches this command is used in conjunction
with the portcfglongdistance command to extend ISL capabilities (Extended Fabrics switch license required).
fabric.ops.mode.noClassF: Class F frames will not be used for inter-switch communications - Class 2 is
used. Toggle using Suppress Class F Traffic under Fabric Parameters.
fabric.ops.mode.pidFormat: Used to enable PID and Extended Edge PID formats. The Core PID format is
the default on all 4 Gbit/sec SilkWorm switches.
fabric.ops.mode.sync: Used to prevent time out delays in remote Fabrics.
fabric.ops.mode.useCsCtl: Type configure then yes to Fabric parameters and toggle Per-frame Route
Priority: (0..1) [0] to change fabric.ops.mode.useCsCtl. Creates additional Virtual Channel ID for per-frame
based prioritization, using existing VCs plus frame header information.
fabric.ops.mode.vcEncode: The output relates to Virtual Channel (vc) settings for establishing
communication priority over ISLs and are configurable only when VC Encoded Address Mode is set. Like all
fabric.ops parameters, they must be the same on all fabric switches.
Other fabric.ops parameters are explained in the Fabric OS Reference Guide.
Fabric operating mode parameters include:
Disable Device Probing fabric.ops.mode.fcpProbeDisable
Isolated Operation fabric.ops.mode.isolate
Long Distance Fabric fabric.ops.mode.longDistance
Suppress Class F Traffic fabric.ops.mode.noClassF
Switch PID Format fabric.ops.mode.pidFormat
Sequence Level Switching fabric.ops.mode.tachyonCompat
Unicast-only Operation fabric.ops.mode.unicastOnly
Per-frame Route Priority fabric.ops.mode.useCsCtl
Page 4-40
40
CFP264 ILT 0806
Administrative Tasks
Booting a Switch
fastboot boots the switch bypassing POST
reboot boots the switch and includes POST*
switchreboot reboots a logical switch in a dual-domain SilkWorm
24000
* reboot includes POST unless diagdisablepost is configured.
Page 4-41
41
CFP264 ILT 0806
Join an Existing Brocade Fabric
Adding a new switch to an existing fabric
switchdisable
configure; set the domain ID
connect one or more ISLs
switchenable
Verify fabric membership with the fabricshow command
RSL1_ST02_B41:admin> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
-------------------------------------------------------------------------
1: fffc01 10:00:00:05:1e:02:12:a5 10.255.248.32 0.0.0.0 >"RSL1_ST02_B20"
2: fffc02 10:00:00:05:1e:02:ab:21 10.255.248.35 0.0.0.0 "RSL1_ST02_B41"
The Fabric has 2 switches
The > denotes the Principal Switch.
Page 4-42
42
CFP264 ILT 0806
Attach Devices
To attach a device to a switch, power it on, wait for it to come up, and
then plug it in to the switch port
Optional steps for the conservative administrator
Issue portdisable prior to plugging in a device to avoid noise
Once cable is secure, issue portenable to bring the port online
Switch will automatically negotiate the device speed and port type
Individual switch ports will negotiate speed to 4, 2, or 1 Gbit/sec to
match the attached device
Individual switch ports will determine the proper port type
F_Port
FL_Port
Verify device connection using switchshow and nsshow
Page 4-43
43
CFP264 ILT 0806
Verify Device Name Server Registration
Did the device log in to the name server as expected?
Verify that an entry exists
Verify Type
Did you expect N or NL?
Configurable on most HBAs
Configurable on switch ports with the portcfgshow command
RSL1_ST02_B41:admin> nsshow
{
Type Pid COS PortName NodeName TTL(sec)
NL 0200e2; 3;21:00:00:04:cf:92:69:9e;20:00:00:04:cf:92:69:9e; na
FC4s: FCP [SEAGATE ST318452FC 0004]
<truncated output>
The Local Name Server has 4 entries }
Use the nsshow command to display local Name Server information, including information about devices connected to this
switch, and cached information about devices connected to other switches in the fabric. Each line of output shows:
* Indicates a cached entry from another switch.
Type U for unknown, N for N_Port, NL for NL_Port.
PID 24-bit Fibre Channel address.
COS List of classes of service supported by device.
PortName Device port worldwide name.
NodeName Device node worldwide name.
TTL Time-to-live (in seconds) for cached entries, or NA (not applicable) if the entry is local.
There may be additional lines if the device has registered any of the following information (the switch automatically
registers SCSI inquiry data for FCP target devices):
FC4s supported IP address
IPA Port and node symbolic names
Fabric Port Name This is the WWN of the port to which a device is physically connected.
Hard address and/or port IP address
-r Lists the State Change Registration
0 Reserved
1 (Fabric Detected Registration) Register to receive all
RSCN requests issued by the Fabric Controller for events detected by the fabric.
2 (N_Port Detected Registration) Register to receive all RSCN requests issued by the Fabric
Controller for events detected by the affected N_Port or NL_Port.
3 (Full Registration (1 and 2)) Register to receive all RSCN requests issued by the Fabric
Controller for events detected by the affected N_Port ID pages.
Page 4-44
44
CFP264 ILT 0806
Summary
Installation and configuration of Brocade switches includes the
following steps:
Fabric Parameters
Page 4-45
45
CFP264 ILT 0806
Review Questions
1. What single command displays the current temperature, fan, and
power supply status?
2. You are about to add a new switch to an existing fabric. In order
for the new switch to join successfully, what parameter must be
set to a unique value?
3. When placing a new switch into an existing fabric, what
parameters must be set to the same values as the existing
fabric?
4. An administrator has plugged a new tape device into a switch
port. Name a command to verify the tape device is properly
attached to the switch.
5. Name three management interfaces into a Brocade switch.
1 . s e n s o r s h o w
2 . D o m a i n I D
3 . f a b r i c . o p s p a r a m e t e r s
4 . n s s h o w
5 . T e l n e t , S e r i a l , S S H , W e b T o o l s , S N M P , F a b r i c M a n a g e r , S M I - S
Page 4-46
46
Brocade Education Services
Brocade
Product Training
CFP264 ILT 0806
CFP264
Brocade 4 Gbit/sec Accelerated BCFP
End of Instructor-Led Module 4
Installation and Setup

Brocade Product Training: CFP264 Brocade 4 Gbit/sec Accelerated BCFP Instructor-Led Module 4 Installation and Setup

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brocade Product Training: CFP264 Brocade 4 Gbit/sec Accelerated BCFP Instructor-Led Module 4 Installation and Setup

Uploaded by

Copyright:

Available Formats

2006 Brocade Communications Systems, Incorporated.

Revision CFP264 ILT 0806

for user - admin

for user - user

passwd: all authentication tokens updated successfully

You might also like