BCFP Nutshell 4gbit VC Part2

Brocade®
Product Training
BCFP in a Nutshell 4 Gbit/sec
Virtual Classroom Version
Part 2
Brocade Education Services
© 2006 Brocade Communications Systems, Incorporated.

1

Revision CFP264 ILT 0606
Page <Mod Number>-1
Topics
Part 1:
1. Fibre Channel Concepts
2. Switch, Fabric OS and Licensed Features
3. SAN Hardware Components
4. Initial Configuration
Part 2:
Today’s Session
5. Management Interfaces
6. Security and Access Control
7. Troubleshooting
8. Taking the Test

2

Page <Mod Number>-2
5. Management Interfaces

3

Page <Mod Number>-3
Adding an Initiator and Target Pair
Once an initiator and target have been added, connectivity

between the two must be verified
If zoning is involved, the zoning configuration must be
checked using the cfgshow command
A way to test initiator-to-target communication is by using
the fcping command
A device contacted by fcping could either ignore the ELS
Echo request or issue an ELS ACCEPT
By default, fcping sends 5 ELS Echo requests to each
port

4

Page <Mod Number>-4
fcping Command

5

Page <Mod Number>-5
Web Tools Support
Fabric OS v5.1.0 Web Tools is supported only on the following
SilkWorm products:
– 200E
– 3250
– 3850
– 3900
– 4100
– 4900
– 7500
– 24000
– 48000

6

Page <Mod Number>-6
Fabric Manager Support
With the Change Management Profile feature, you may monitor
changes to:
– Firmware
– Name server
– Zoning
– Port state changes (online/offline)
– License keys
Fabric Manager may be used to download firmware to multiple
switches simultaneously, even if they are in different fabrics

7

Page <Mod Number>-7
Fabric Manager Toolbar

8

Page <Mod Number>-8
Fabric Watch Information
Information Description
Classes Environment
Fabric
Performance Monitor
Port
E_Port
F/FL_Port (Optical)
AL_PA Performance Monitor
EE Performance Monitor
Filter Performance Monitor
Resource
Security
SFP
Configurations Default and custom
Events Triggered or continuous
Alarms SNMP trap
Event is logged to switch error log
Port log lock
RAPITrap
Email alert
One Fabric Watch configuration per switch Can be the same file for each switch

9

Page <Mod Number>-9
Fabric Watch Commands
Command Description
fwalarmsfilterset 0 = disable alarms, 1 = enable alarms
fwalarmsfiltershow Displays current alarm settings
fwmailcfg Configures email address to receive notifications
fwconfigure Configures Fabric Watch from the command line

10

Page <Mod Number>-10
Fabric Watch Events
Port 4 E_Port
Rx Perf.
(Kbytes/sec) Above
Changed Changed
Event Definition
200K
Type
Changed
Above Counter > Upper boundary 160K
Below Counter < Lower boundary 150K
120K In-Between
Changed Counter is different than preceding Changed
counter 90K
80K
In- Counter < (Upper boundary – Buffer)
between Counter > (Lower boundary + Buffer) Below
40K Changed
A B C D E F G H
Time Intervals

11

PID Formats
24-bit address in Native Mode
XX1YZZ
XX is a value between 0x1 to 0xef inclusive (Domain ID 1-239 in decimal)
The “1” means Native Mode
Y is the port number 0x0 to 0xf (0-15 decimal)
ZZ is the AL_PA for a loop device or 00 for an F_Port
24-bit address in Core PID Mode

XXYYZZ
YY is the port area
24-bit address in Extended Edge PID Mode

XXYYZZ
YY is the port area + 0x10, wrapping at 0x7f
12

Extended Edge PID Format
SilkWorm 24000 SilkWorm 24000 YY Value SilkWorm 24000 YY Value
Slot Core PID Extended Edge PID
1 0x00 – 0x0f 0x10 – 0x1f
2 0x10 – 0x1f 0x20 – 0x2f
3 0x20 – 0x2f 0x30 – 0x3f
4 0x30 – 0x3f 0x40 – 0x4f
7 0x40 – 0x4f 0x50 – 0x5f
8 0x50 – 0x5f 0x60 – 0x6f
9 0x60 – 0x6f 0x70 – 0x7f
10 0x70 – 0x7f 0x00 – 0x0f

13

Maintenance Operation Impacts
Certain configuration parameters may be changed without disabling
the switch
– System Services such as rstatd, ruserd and telnetd
– SNMP settings
– Fabric Watch settings
– Zoning
Firmware downloads will not disrupt the flow of data on Fabric OS v4.1
and above
To avoid a disruptive firmware download to Directors, it is essential
that these conditions are met:
– HA is enabled
– Heartbeat is up
– CPs are in sync
Adding a new switch or Director to a fabric with a unique domain ID
will not cause a disruption
– New switches or Directors attempting to join a fabric with a duplicate
domain ID will cause a segmentation error
14

6. Security and Access Control

15

Secure Sockets Layer (SSL)
SSL provides secure access to a switch through a GUI

like Web Tools
SSL uses PKI encryption
Depending upon the CA, certificates are based on IP
address or a fully-qualified domain name
Certificate Description
File
name.crt The switch certificate
nameRoot.crt The root certificate, which may already be installed in the
browser. If not, it must be installed
nameCA.crt The CA certificate, installed only if you want the CA name
displayed in the browser window

16

SNMP
Fabric OS v5.1.0 supports SNMPv1 and SNMPv3

The SNMP security level is set with the configure
command
The SNMP agent and traps are configured with the
snmpconfigure command

17

Web Tools
Web Tools may be disabled with the configure
command
Using the configure command, you may also enable the
upfront login feature
– Upfront login requires validation before the GUI will be
launched
RSL1_ST02_B200E:admin> configure
Not all options will be available on an enabled switch.

To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no]

ssl attributes (yes, y, no, n): [no]
http attributes (yes, y, no, n): [no]
snmp attributes (yes, y, no, n): [no]
rpcd attributes (yes, y, no, n): [no]
cfgload attributes (yes, y, no, n): [no]
webtools attributes (yes, y, no, n): [no] yes
Upfront Login Enabled (yes, y, no, n): [no] yes

18

Multiple User Accounts
New accounts may be created with the userconfig
command
There are different account roles
– Admin: has all abilities
– SwitchAdmin: can do everything except modify zoning, create
or modify accounts
– User: display switch information only
RSL1_ST02_B41:admin> userconfig --add jdoe -r admin -d "Jane Doe"

Setting initial password for jdoe
Enter new password:
Re-type new password:
Account jdoe has been successfully added.

19

RADIUS
When configured for RADIUS, the switch becomes a

RADIUS client
With RADIUS enabled, all account passwords are
managed through the RADIUS server
Authentication may be done from a RADIUS server, and
use the local switch database as a backup if RADIUS is
unavailable
If only RADIUS is used for authentication, and unavailable,
no access to the switch is possible through telnet

20

Tracking Changes
The track changes feature allows you to keep a record of
changes that might not be considered switch events
Output from the track changes feature goes to the switch
error log and/or an external log
Items that may be tracked:
– Successful logins
– Unsuccessful logins
– Logouts
– Configuration file changes
– Turning track changes on/off

21

Track Changes Error Messages
2006/06/29-08:43:02, [TRCK-1002], 4,, INFO, switch2,
Unsuccessful login by user jcannata.
2006/06/29-08:43:14, [TRCK-1006], 5,, INFO, switch2,

Track-changes off.

22

Passwords and Policies
Passwords should be changed on a regular basis
Administration of Fabric OS v5.1.0 account passwords consists of
these policy features:
– Password strength
– Password history
– Password expiration
– Account lockout
The strength policy enforces format rules such as case, digits,
punctuation and minimum length
The history policy prevents users from recycling passwords
The expiration policy forces the minimum and maximum time a
password may exist
The lockout policy allows you to set the number of failed attempts, and
the duration of the lockout
When an administrator sets a user’s password, the history policy will
be ignored
23

7. Troubleshooting

24

Commands to Diagnose Physical
Switch Connectivity
Command Description
nsallshow Displays the 24-bit addresses for all devices in the fabric
nsshow Displays contents of the local Name Server
portlogdump Displays the switch port log
switchshow Validates a device has logged in to the fabric
porterrshow Displays a port error summary
cfgshow Displays the current zoning configuration
portflagsshow Shows the port status and initialization
fcping Sends a Fibre Channel ELS Echo request to a pair of ports

25

Commands to Diagnose Routing Issues
Command Description
urouteshow Displays routing information for a port
islshow Displays current connections and status of ISLs
trunkdebug Debugs failures in trunks
topologyshow Displays fabric topology as it appears to the local switch
aptpolicy Displays or sets the switch routing policy

26

FICON Notes
FICON is a high-speed mainframe interface

Configurable as a single-switch or cascaded fabric
Cascaded fabrics require a Secure Fabric OS license and
digital certificates from Brocade’s CA
Allows for port swapping
– Redirects resources from a failed port to a healthy port without
changing the FICON host configuration using the portswap
command
It uses Insistent Domain IDs (IDID)
– Switch insists on a specific Domain ID which guarantees it
operates only with its pre-assigned Domain ID

27

Fibre Channel Router Commands
Command Description
fcrrouteshow Displays routes through the Router backbone fabric
fcrphydevshow Displays physical devices configured to be exported to another fabric
fcrfabricshow Displays Routers that exist in a backbone fabric
fcrresourceshow Displays available resources on the Router
fcrproxydevshow Displays devices presented by Router EX_Ports
AP7420
SW7500
FR4-18i

28

Verifying IP Layer Connectivity
portcmd Command Description

portcmd ping [slot/]geport -s source_ip Specifies the IP interface issuing
–s source_ip –d dest_ip the ping
-d dest_ip Specifies the IP interface receiving
the ping

29

Guaranteeing In-Order Frame Delivery
Set the routing policy to port-
based
– aptpolicy 1
Turn on in-order delivery
– iodset
Turn off dynamic load sharing
– dlsreset
4of4 3of4 2of4 1of4 4of4 3of4 2of4 1of4
Frames Frames

30

Switch Data Collection Commands
Command Description
tracetrig Sets/clears a trace trigger on a specific error message
traceftp Enables an immediate trace dump to be retrieved from the switch to
the FTP site; configured in supportftp
supportftp Sets/clears auto-FTP parameters, and/or checks connectivity to the
FTP server
fcrresourceshow Displays available resources on the Router
fcrproxydevshow Displays devices presented by Router EX_Ports
supportsave Captures the contents of supportshow, as well as all of the system
RASLOG, TRACE, core, FFDC and other files; for Directors – run on
both CPs

31

Problem Escalation Notes
When escalating a problem to a support provider, include the
following:
– A very detailed description of the problem citing specific
information
– Capture the error log, port details, and the switch configuration
– Gather the historic record of the current and past state of the
switch (trace dump)
– Identify vital information important in problem determination
Collect this information by running the supportsave command
– All supportshow groups are included in capture
– RASLog output includes external and internal messages
– Most recent trace dump file is included
– First-Failure-Data-Capture (FFDC) files are captured
– Out-Of-Memory (OOM) information is also captured
– When relevant, FR4-18i blade data is included
Collect dual-CP supportsave output from Active and Standby CPs
32

SAN Health

33

SAN Health Notes
SAN Health is a free utility that helps you create:

– Comprehensive Documentation
– Historical Performance Graphs
– Detailed Topology Diagrams
– Best Practice Recommendations
SAN Health may be run against:
– Brocade systems running any version of Fabric OS or XPath OS
– McDATA systems running EOS 4.x and higher

34

8. Taking the Test

35

Exam Introduction Screen

36

Non-disclosure Agreement

37

Sample Question

38

Sample Score Sheet

39

Thanks Brocade Education, I Passed!

40

Brocade®
Product Training
BCFP in a Nutshell 4 Gbit/sec
Virtual Classroom Version
End of Part 2
Brocade Education Services

41


BCFP Nutshell 4gbit VC Part2

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

BCFP Nutshell 4gbit VC Part2

Hochgeladen von

Copyright:

Verfügbare Formate

Brocade®

Brocade Education Services

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

 Once an initiator and target have been added, connectivity

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

24-bit address in Core PID Mode

24-bit address in Extended Edge PID Mode

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

 SSL provides secure access to a switch through a GUI

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

 Fabric OS v5.1.0 supports SNMPv1 and SNMPv3

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

Not all options will be available on an enabled switch.

System services (yes, y, no, n): [no]

Upfront Login Enabled (yes, y, no, n): [no] yes

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

RSL1_ST02_B41:admin> userconfig --add jdoe -r admin -d "Jane Doe"

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

 When configured for RADIUS, the switch becomes a

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

2006/06/29-08:43:14, [TRCK-1006], 5,, INFO, switch2,

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

© 2006 Brocade Communications Systems, Incorporated.

Once an initiator and target have been added, connectivity

SSL provides secure access to a switch through a GUI

Fabric OS v5.1.0 supports SNMPv1 and SNMPv3

When configured for RADIUS, the switch becomes a

FICON is a high-speed mainframe interface

SAN Health is a free utility that helps you create: