사용자 설명서차례Contents5Figures25Tables29About This Document33In this chapter33How this document is organized33Supported hardware and software34What’s new in this document35Document conventions35Text formatting36Command syntax conventions36Notes, cautions, and warnings36Key terms37Notice to the reader37Additional information37Brocade resources37Other industry resources38Getting technical help38Document feedback39Understanding Fibre Channel Services43In this chapter43Fibre Channel services overview43The Management Server44Platform services44Platform services in a Virtual Fabric45Enabling platform services45Disabling platform services45Management server database45Displaying the management server ACL46Adding a member to the ACL46Deleting a member from the ACL47Viewing the contents of the management server database48Clearing the management server database48Topology discovery49Displaying topology discovery status49Enabling topology discovery49Disabling topology discovery49Device login50Principal switch50E_Port login50Fabric login51Port login process51RSCN causes52High availability of daemon processes52Performing Basic Configuration Tasks55In this chapter55Fabric OS overview55Fabric OS command line interface56Console sessions using the serial port56Telnet or SSH sessions57Getting help on a command58Password modification58Default account passwords59The Ethernet interface on your switch60Virtual Fabrics and the Ethernet interface60Displaying the network interface settings61Static Ethernet addresses62DHCP activation63IPv6 autoconfiguration64Date and time settings65Setting the date and time65Time zone settings66Network time protocol67Domain IDs68Displaying the domain IDs69Setting the domain ID70Switch names70Customizing the switch name70Chassis names71Customizing chassis names71Switch activation and deactivation71Disabling a switch71Enabling a switch71Switch and enterprise-class platform shutdown71Powering off a Brocade switch72Powering off a Brocade enterprise-class platform72Basic connections73Device connection73Switch connection73Performing Advanced Configuration Tasks75In this chapter75PIDs and PID binding overview75Core PID addressing mode76Fixed addressing mode7610-bit addressing mode76256-area addressing mode77WWN-based PID assignment77Ports79Setting port names81Port identification by slot and port number81Port identification by port area ID81Port identification by index81Swapping port area IDs82Port activation and deactivation82Setting port speeds83Setting the same speed for all ports on the switch84Blade terminology and compatibility84CP blades86Core blades86Port and application blade compatibility86FX8-24 compatibility notes88Enabling and disabling blades88Enabling blades88Disabling blades90Blade swapping90Swapping blades91Swapping blades92Power management93Powering off a port blade93Powering on a port blade93Equipment status94Checking switch operation94Verifying High Availability features (directors and enterprise-class platforms only)94Verifying fabric connectivity95Verifying device connectivity95Track and control switch changes96Enabling the track changes feature96Displaying the status of the track changes feature97Viewing the switch status policy threshold values97Setting the switch status policy threshold values97Audit log configuration99Auditable event classes100Verifying host syslog prior to configuring the audit log100Configuring an audit log for specific event classes101Routing Traffic103About this chapter103Routing overview103Path versus route selection104FSPF104Fibre Channel NAT105Inter-switch links106Buffer credits107Virtual Channels107Gateway links109Configuring a link through a gateway110Inter-chassis links111Supported topologies112Routing policies113Displaying the current routing policy114Exchange-based routing114Port-based routing114AP route policy115Routing in Virtual Fabrics115Route selection116Dynamic Load Sharing116Static route assignment117Frame order delivery118Forcing in-order frame delivery across topology changes118Restoring out-of-order frame delivery across topology changes118Lossless Dynamic Load Sharing on ports119Lossless core120Configuring Lossless Dynamic Load Sharing120Lossless Dynamic Load Sharing in Virtual Fabrics120Frame Redirection121Creating a frame redirect zone122Deleting a frame redirect zone122Viewing redirect zones122Managing User Accounts123In this chapter123User accounts overview123Role-Based Access Control (RBAC)124The management channel127Local database user accounts128Default accounts128Local account passwords129Local account database distribution130Distributing the local user database130Accepting distribution of user databases on the local switch130Rejecting distributed user databases on the local switch130Password policies131Password strength policy131Password history policy132Password expiration policy133Account lockout policy133The boot PROM password135Setting the boot PROM password for a switch with a recovery string135Setting the boot PROM password for a director with a recovery string136Setting the boot PROM password for a switch without a recovery string137Setting the boot PROM password for a director without a recovery string138The authentication model using RADIUS and LDAP139Setting the switch authentication mode141Fabric OS user accounts141Fabric OS users on the RADIUS server142The RADIUS server145LDAP configuration and Microsoft Active Directory151Authentication servers on the switch154Configuring local authentication as backup155Configuring Protocols157In this chapter157Security protocols157Secure Copy158Setting up SCP for configUploads and downloads159Secure Shell protocol159SSH public key authentication160Secure Sockets Layer protocol162Browser and Java support162SSL configuration overview163Certificate authorities163The browser165Root certificates for the Java Plug-in166Simple Network Management Protocol167SNMP and Virtual Fabrics168The security level169The snmpConfig command169Telnet protocol169Blocking Telnet169Unblocking Telnet170Listener applications171Ports and applications used by switches171Port configuration172Configuring Security Policies173In this chapter173ACL policies overview173How the ACL policies are stored173Policy members174ACL policy management174Displaying ACL policies175Saving changes without activating the policies175Activating policy changes175Deleting an ACL policy175Adding a member to an existing ACL policy176Removing a member from an ACL policy176Aborting unsaved policy changes176FCS policies177FCS policy restrictions177Ensuring fabric domains share policies178Creating an FCS policy178Modifying the order of FCS switches179FCS policy distribution179DCC policies180DCC policy restrictions181Creating a DCC policy181Deleting a DCC policy182SCC policies183Creating an SCC policy183Authentication policy for fabric elements184E_Port authentication185Device authentication policy187AUTH policy restrictions187Authentication protocols188Secret key pairs for DH-CHAP189FCAP configuration overview190Fabric-wide distribution of the Auth policy193IP Filter policy193Creating an IP Filter policy193Cloning an IP Filter policy194Displaying an IP Filter policy194Saving an IP Filter policy194Activating an IP Filter policy194Deleting an IP Filter policy195IP Filter policy rules195IP Filter policy enforcement197Adding a rule to an IP Filter policy197Deleting a rule to an IP Filter policy197Aborting an IP Filter transaction197IP Filter policy distribution198Policy database distribution198Database distribution settings199ACL policy distribution to other switches200Fabric-wide enforcement200Notes on joining a switch to the fabric202Management interface security204Configuration examples205IPsec protocols206Security associations207Authentication and encryption algorithms207IPsec policies208IKE policies209Creating the tunnel210Example of an End-to-End Transport Tunnel mode212Maintaining the Switch Configuration File215In this chapter215Configuration settings215Configuration file format216Configuration file backup218Uploading a configuration file in interactive mode219Configuration file restoration220Restrictions220Configuration download without disabling a switch222Configurations across a fabric224Downloading a configuration file from one switch to another same model switch224Security considerations224Configuration management for Virtual Fabrics224Uploading a configuration file from a switch with Virtual Fabrics enabled225Restoring logical switch configuration using configDownload225Restrictions226Brocade configuration form227Installing and Maintaining Firmware229In this chapter229Firmware download process overview229Upgrading and downgrading firmware230Considerations for FICON CUP environments231HA sync state231Preparing for a firmware download232Connected switches232Finding the switch firmware version233Obtain and decompress firmware233Firmware download on switches233Switch firmware download process overview234Firmware download on an enterprise-class platform236Enterprise-class platform firmware download process overview236Firmware download from a USB device240Enabling USB240Viewing the USB file system240Downloading from USB using the relative path240Downloading from USB using the absolute path240FIPS Support241Public and Private Key Management241The firmwareDownload Command241Power-on Firmware Checksum Test242Test and restore firmware on switches243Testing a different firmware version on a switch243Test and restore firmware on enterprise-class platforms244Testing different firmware versions on enterprise-class platforms245Validating a firmware download247Managing Virtual Fabrics249In this chapter249Virtual Fabrics overview249Logical switch overview250Default logical switch250Logical switches and fabric IDs252Port assignment in logical switches252Logical switches and connected devices253Logical fabric overview254Logical fabric and ISLs255Logical fabric and ISL sharing256Management model for logical switches259Account management and Virtual Fabrics260Supported platforms for Virtual Fabrics260Supported port configurations in the Brocade 5100, 5300, and VA-40FC260Supported port configurations in the Brocade DCX and DCX-4S261Virtual Fabrics interaction with other Fabric OS features261Limitations and restrictions of Virtual Fabrics262Restrictions on moving ports263Enabling Virtual Fabrics mode263Disabling Virtual Fabrics mode264Configuring logical switches to use basic configuration values265Creating a logical switch or base switch265Executing a command in a different logical fabric context267Deleting a logical switch268Adding and removing ports on a logical switch269Displaying logical switch configuration270Changing the fabric ID of a logical switch270Changing a logical switch to a base switch271Setting up IP addresses for a Virtual Fabric272Removing an IP address for a Virtual Fabric272Configuring a logical switch to use XISLs272Changing the context to a different logical fabric273Creating a logical fabric using XISLs274Administering Advanced Zoning277In this chapter277Special zones277Zoning overview278Zone types279Zone objects280Zone aliases281Zone configurations282Zoning enforcement282Considerations for zoning architecture283Best practices for zoning284Broadcast zones284Broadcast zones and Admin Domains284Broadcast zones and FC-FC routing285High availability considerations with broadcast zones286Loop devices and broadcast zones286Broadcast zones and default zoning286Zone aliases286Creating an alias286Adding members to an alias287Removing members from an alias287Deleting an alias288Viewing an alias in the defined configuration288Zone creation and maintenance289Creating a zone289Adding devices (members) to a zone289Removing devices (members) from a zone290Deleting a zone290Viewing a zone in the defined configuration291Validating a zone291Default zoning mode292Setting the default zoning mode292Viewing the current default zone access mode293Zoning database size293Zoning configurations293Creating a zoning configuration294Adding zones (members) to a zoning configuration294Removing zones (members) from a zone configuration295Enabling a zone configuration295Disabling a zone configuration296Deleting a zone configuration296Clearing changes to a configuration297Viewing all zone configuration information297Viewing selected zone configuration information298Viewing the configuration in the effective zone database298Clearing all zone configurations298Zone object maintenance299Copying a zone object299Deleting a zone object299Renaming a zone object300Zoning configuration management301New switch or fabric additions301Fabric segmentation and zoning303Security and zoning303Zone merging scenarios304Traffic Isolation Zoning307In this chapter307Traffic Isolation Zoning overview307TI zone failover308FSPF routing rules and traffic isolation310Enhanced TI zones312Traffic Isolation Zoning over FC routers313TI within an edge fabric314TI within a backbone fabric315Limitations of TI zones over FC routers316General rules for TI zones316Supported configurations for Traffic Isolation Zoning317Additional configuration rules for enhanced TI zones318Trunking with TI zones318Limitations and restrictions of Traffic Isolation Zoning318Admin Domain considerations for Traffic Isolation Zoning319Virtual Fabric considerations for Traffic Isolation Zoning319Traffic Isolation Zoning over FC routers with Virtual Fabrics321Creating a TI zone322Creating a TI zone in a base fabric324Modifying TI zones324Changing the state of a TI zone325Deleting a TI zone326Displaying TI zones326Setting up TI over FCR (sample procedure)327Administering NPIV331In this chapter331NPIV overview331Upgrade considerations332Fixed addressing mode33210-bit addressing mode332Configuring NPIV333Enabling and disabling NPIV334Viewing NPIV port configuration information334Viewing virtual PID login information336Interoperability for Merged SANs337In this chapter337Interoperability overview337Connectivity solutions338Domain ID offset modes339Configuring the Domain_ID offset341McDATA Fabric mode configuration restrictions341McDATA Open Fabric mode configuration restrictions342Interoperability support for logical switches342Switch configurations for interoperability343Enabling McDATA Open Fabric mode343Enabling McDATA Fabric mode344Enabling Brocade Native mode345Zone management in interoperable fabrics346Zoning restrictions346Zone name restrictions347Zoning modes347Setting the safe zone mode on a stand-alone switch348Setting the safe zone mode fabric-wide348Disabling safe zone mode348Effective zone configuration349Saving the effective zone configuration to the Defined Database349Frame Redirection in interoperable fabrics350Traffic Isolation zones in interoperable fabrics350Brocade SANtegrity implementation in mixed fabric SANS351Fabric OS Layer 2 Fabric Binding351E_Port authentication between Fabric OS and M-EOS switches351Switch authentication policy353Dumb switch authentication355Authentication of EX_Port, VE_Port, and VEX_Port connections356Authentication of VE_Port-to-VE_Port connections357Authentication of VEX_Port-to-VE_Port connections360Authentication of VEX_Port-to-VEX_Port connections361FCR SANtegrity361Fabric Binding behavior in a mixed fabric362Translate domains do not have Preferred or Insistent Domain ID behavior.362Configuring the preferred domain ID and the insistent domain ID362FICON implementation in a mixed fabric363Fabric OS version change restrictions in an interoperable environment363Coordinated Hot Code Load364Bypassing the Coordinated HCL check on firmware download364Coordinated HCL on switches firmware downloads365Upgrade and downgrade considerations for HCL for interoperability365McDATA-aware features365McDATA-unaware features366M-EOS feature limitations in mixed fabrics368Supported hardware in an interoperable environment369Supported features in an interoperable environment371Unsupported features in an interoperable environment374Managing Administrative Domains375In this chapter375Administrative Domains overview375Admin Domain features377Requirements for Admin Domains377Admin Domain access levels378User-defined Administrative Domains378System-defined Administrative Domains378Admin Domains and login380Admin Domain member types381Admin Domains and switch WWN382Admin Domain compatibility, availability, and merging384Admin Domain management for physical fabric administrators384Setting the default zoning mode for Admin Domains384Creating an Admin Domain385User assignments to Admin Domains386Removing an Admin Domain from a user account388Activating an Admin Domain388Deactivating an Admin Domain389Adding members to an existing Admin Domain389Removing members from an Admin Domain390Renaming an Admin Domain390Deleting an Admin Domain391Deleting all user-defined Admin Domains392Deleting all user-defined Admin Domains non-disruptively392Validating an Admin Domain member list396SAN management with Admin Domains396CLI commands in an AD context397Executing a command in a different AD context397Displaying an Admin Domain configuration398Switching to a different Admin Domain context398Admin Domain interactions with other Fabric OS features399Admin Domains, zones, and zone databases400Admin Domains and LSAN zones402Configuration upload and download in an AD context402Administering Licensing405In this chapter405Licensing overview405The Brocade 7800 Upgrade license411ICL licensing411ICL 16-link license411ICL 8-link license4118G licensing412Slot-based licensing412Upgrade/downgrade considerations413Adding a license to a slot413Removing a license from a slot413Time-based licenses413Configupload and download considerations414Expired licenses414Universal Time-based licenses414Universal Time-based license expiration date414Extending a license415Deleting a license415Date change restriction415Universal Time-based license shelf life415Viewing installed licenses415Activating a license415Adding a licensed feature416Removing a licensed feature417Ports on Demand417Activating Ports on Demand419Dynamic Ports on Demand419Displaying the port license assignments419Enabling Dynamic Ports on Demand420Disabling Dynamic Ports on Demand420Reserving a port license421Releasing a port from a POD set422Monitoring Fabric Performance423In this chapter423Advanced Performance Monitoring overview423Types of monitors423Virtual Fabrics considerations for Advanced Performance Monitoring424End-to-end performance monitoring425End-to-end monitors425Adding end-to-end monitors426Setting a mask for an end-to-end monitor427Deleting end-to-end monitors428Frame monitoring429Creating frame types to be monitored430Deleting frame types431Adding frame monitors to a port431Removing frame monitors from a port431Saving frame monitor configuration431Displaying frame monitors432Clearing frame monitor counters432ISL performance monitoring433Top Talker monitors433Adding a Top Talker monitor on an F_Port434Adding Top Talker monitors on all switches in the fabric (fabric mode)434Displaying the top n bandwidth-using flows on an F_Port435Displaying top talking flows for a given domain ID (fabric mode)436Deleting a Top Talker monitor on an F_Port436Deleting the fabric mode Top Talker monitors436Limitations of Top Talker monitors437Trunk monitoring437Displaying end-to-end and ISL monitor counters437Clearing end-to-end and ISL monitor counters438Saving and restoring monitor configurations439Performance data collection439Optimizing Fabric Behavior441In this chapter441Adaptive Networking overview441Ingress Rate Limiting442Limiting traffic from a particular device443Disabling ingress rate limiting443QoS: SID/DID traffic prioritization443License requirements for traffic prioritization444QoS zones446QoS on E_Ports447QoS over FC routers448Virtual Fabric considerations for traffic prioritization449High availability considerations for traffic prioritization450Supported configurations for traffic prioritization450Upgrade considerations for traffic prioritization450Limitations and restrictions for traffic prioritization453Setting traffic prioritization454Setting traffic prioritization over FC routers455Disabling QoS456Bottleneck detection456Supported configurations for bottleneck detection457How bottlenecks are reported457Limitations of bottleneck detection457High availability considerations for bottleneck detection457Upgrade and downgrade considerations for bottleneck detection458Trunking considerations for bottleneck detection458Virtual Fabrics considerations for bottleneck detection458Access Gateway considerations for bottleneck detection458Enabling bottleneck detection on a switch459Excluding a port from bottleneck detection459Displaying bottleneck detection configuration details460Changing bottleneck alert parameters460Displaying bottleneck statistics462Disabling bottleneck detection on a switch463Managing Trunking Connections465In this chapter465Trunking overview465Criteria for managing trunking connections466Supported hardware467Recommendations for trunking groups467Basic trunk group configuration468Re-initializing ports for trunking468Enabling Trunking on a port468Enabling Trunking on a switch468Displaying trunking information469Trunking over long distance fabrics470F_Port trunking471Prerequisites for F_Port trunking471Enabling F_Port trunking472Disabling F_Port trunking472F_Port trunking in Virtual Fabrics472F_Port trunking considerations for Virtual Fabrics473F_Port masterless trunking473F_Port masterless trunking considerations475Assigning a Trunk Area477Enabling the DCC policy on a Trunk Area479Managing Long Distance Fabrics481In this chapter481Long distance fabrics overview481Extended Fabrics device limitations482Long distance link modes482Configuring an extended ISL483Enabling long distance when connecting to TDM devices484Buffer credit management485Buffer-to-Buffer flow control485Optimal buffer credit allocation486Fibre Channel gigabit values reference definition487Allocating buffer credits based on full-size frames487Allocating buffer credits based on average-size frames489Allocating buffer credits for F_Ports490Displaying the remaining buffers in a port group490Buffer credits for each switch model491Maximum configurable distances for Extended Fabrics492Buffer credit recovery493Using the FC-FC Routing Service495In this chapter495FC-FC routing service overview495Supported platforms for Fibre Channel routing496Supported configurations496Integrated Routing497Fibre Channel routing concepts497Proxy devices501Routing types501Phantom domains502Setting up the FC-FC routing service504Verifying the setup for FC-FC routing504Backbone fabric IDs506Assigning backbone fabric IDs507FCIP tunnel configuration507Inter-fabric link configuration508Configuring an IFL for both edge and backbone connections508FC Router port cost configuration511Port cost considerations512Setting router port cost for an EX_Port513EX_Port frame trunking configuration514Masterless EX_Port trunking514Supported configurations and platforms515Configuring EX_Port frame trunking516Displaying EX_Port trunking information516LSAN zone configuration517Use of Admin Domains with LSAN zones and FCR517Zone definition and naming517LSAN zones and fabric-to-fabric communications518Controlling device communication with the LSAN518Setting the maximum LSAN count520Configuring backbone fabrics for interconnectivity521HA and downgrade considerations for LSAN zones521LSAN zone policies using LSAN tagging521LSAN zone binding525Proxy PID configuration529Fabric parameter considerations529Inter-fabric broadcast frames530Displaying the current broadcast configuration530Enabling broadcast frame forwarding531Disabling broadcast frame forwarding531Resource monitoring531FC-FC Routing and Virtual Fabrics532Logical switch configuration for FC routing533Backbone-to-edge routing with Virtual Fabrics534Upgrade and downgrade considerations for FC-FC routing535How replacing port blades affects EX_Port configuration535Displaying the range of output ports connected to xlate domains536M-EOS Migration Path to Fabric OS537In this appendix537M-EOS fabrics overview537McDATA Mi10K interoperability539Fabric configurations for interconnectivity539Connectivity modes539Configuring the FC router540Configuring LSAN zones in the M-EOS fabric542Correcting errors if LSAN devices appear in only one of the fabrics542Completing the configuration543Inband Management545In this appendix545Inband Management overview545Internal Ethernet devices546IP address and routing management546Setting the IP address for the 7500s547Setting the IP address for the CP Inband Management interface547Setting the IP address for the GE Inband Management interface547Adding an Inband Management route on the CP547Deleting an Inband Management route548Viewing Inband Management IP addresses and routes548FIPS549Examples of supported configurations549Configuring a Management Station on the same subnet549Configuring a Management Station on different subnets550Port Indexing553In this appendix553Port indexing on the Brocade 48000 director553Port indexing on the Brocade DCX backbone555Port indexing on the Brocade DCX-4S backbone557FIPS Support561In this appendix561FIPS overview561Zeroization functions561Power-up self tests562Conditional tests562FIPS mode configuration563LDAP in FIPS mode564LDAP certificates for FIPS mode566Preparing the switch for FIPS567Overview of steps567Enabling FIPS mode568Disabling FIPS mode569Zeroizing for FIPS570Displaying FIPS configuration570Hexadecimal571Hexadecimal overview571Example conversion of the hexadecimal triplet Ox616000571Index575크기: 7.63메가바이트페이지: 586Language: English매뉴얼 열기