Web Tools Administrator`s Guide
Contents
1. 000085 201 IPsec header options 0 0 0c eee eee 201 Basic IPsec configurations 00 0c eee eee eee 202 Internet Key Exchange concepts 0 000eeeeee 203 IPsec over FOP noira ie ie bead tae da Rhee cee ect ke aa eed ae Sh 205 FCIP Cormmpression inl uere xm b RR 206 Accessing the IPsec Policies dialog box 05 206 Establishing an IKE policy for an FCIP tunnel 206 Establishing an IPsec policy for an FCIP tunnel 207 IPsec over management portS 0 0 cece leere 207 Enabling the Ethernet IPsec policies 208 Establishing an IKE policy 00 0c cece eee eee 208 Creating a security association 00 cee eee eee 209 Creating an SA proposal nasasa 0000 eee eee 209 Adding an IPsec transform policy 0000eeeee 210 Adding an IPsec selector 0 0 cee eee eee eee 210 Manually creating an SA 2 ee eee 211 Editing an IKE or IPsec policy 000000 eee eee 212 Deleting an IKE or IPsec policy 0000 eee eee 212 Establishing authentication policies for HBAS 213 Administering FICON CUP Fabrics In this Chapter seca de cR Ee rEGc EX EEG Cru o E 215 FICON CUP fabrics overvieW 0 0 cee 215 Enabling port based routing lesser 216 Enabling or disabling FICON Management Server mode 217 FMS parameter configuration llle 218 Configuring FMS mode paramet2. 00c cee ee eee 30 Chapter 3 Managing Fabrics and Switches In this Chapter e d imeem ee eee Bae eee hes 31 Fabric and switch management overview 0 0ee eee 31 Opening the Switch Administration window 33 Configuring IP and subnet mask information 33 Configuring Netstat Auto Refresh 000 eee ee eee 33 Configuring a syslog IP addreSS 0c cee eee eee 34 Removing a syslog IP address 0 00 e eee ee eee 34 Configuring IP Filtering 0 00 cece eee 35 Blade management uz eue hy ace An Pane ek e drca eed 35 Enabling or disabling a blade 2 eee eee eee 35 Setting a slot level IP address 0 00 e eee eee 36 Viewing IP addresSeS 1 0 cece eee eee 37 Web Tools Adminstrator s Guide 53 1002152 01 Switch configuration llle 37 Enabling and disabling aswitch 00 c eee eee 37 Changing the switch name llle 38 Changing the switch domain ID 000 00 eee 38 Viewing and printing a switch report 00005 38 SWITCH restant zu c vu ELS auk ER des UTES Sea Biers 39 Performing a fast boot 39 Performing a reboot llli eese 39 System configuration parameters 00 eee eee 39 WWN based Persistent PID assignment lulu 40 Configuring fabric settings 0 0 00 cee eee ee 41 Enabling insistent domain ID mode 000000ee 41 Configuring v
3. Standby Slot 7 Type 50 Fabric OS Version 6 4 0 main bld34 Fabric OS Version 6 4 0 main bld34 Status Warm Recovered Status Healthy Event Arbitration Synchronize Services initiate Failover Close Refresh HA Admin started Tue Mar 23 2010 11 03 34 GMT 00 00 Synchronize standby services Free Professional Management Tool 10 35 52 54 FID 128 User admin FIGURE 10 High Availability window CP tab The High Availability window gets refreshed automatically You can also click Refresh to update the information displayed in the High Availability window Admin Domain considerations To open the High Availability window the switch must be a member of your current Admin Domain If the switch is not a member of the current Admin Domain the Synchronized Services and Initiate Failover buttons are unavailable Synchronizing services on the CP A nondisruptive CP failover is only possible when all the services are synchronized between both CPs To synchronize services on the CP perform the following steps 1 Open the High Availability window as described in Launching the High Availability window on page 46 2 Verify that the HA Status field displays HA enabled Heartbeat Up HA State synchronized If the HA Status field displays HA enabled Heartbeat Up HA State synchronized you are finished If the HA Status field displays HA enabled Heartbeat Up HA State not in sync continue with step
4. llle 132 Viewing detailed information about the enabled zone configuration llle ee 133 Adding a WWN to multiple aliases and zones 133 Removing a WWN from multiple aliases and zones 134 Replacing a WWN in multiple aliases and zones 134 Searching for zone members 0 00 eee eee 135 Clearing the zoning database 00c cee eee 135 Zone configuration analysis cc eee eee eee 136 Best practices for zoning 6 eee ee 136 Chapter 10 Working with Diagnostic Features Inthis Chapter 35 Soir Ao eek Hal eae Za oe ne oe 137 Trace dumps 1 os Settee ead dete deen dtt ate de Rhe es 137 How a trace dump is USEC 1 ee eee 138 Setting up automatic trace dump transfers 138 Specifying a remote server eee 138 Enabling automatic transfer of trace dumps 138 Disabling automatic trace uploadS 0005 139 Displaying switch information 00 cee eee ee eee 139 Viewing detailed fan hardware status 25 140 Viewing the temperature status llle esses 141 Viewing the power supply status llli 141 Checking the physical health of aswitch 142 Defining Switch Policy llle 143 Port LED interpretation 0 2 2 0 0 00 cee eens 144 Porticon colols iessen ex eee as EG i bd eS 144 Chapter 11 Using the FC FC Routing Service Ir thils chapterz cer Sag anced tee x nox Ate
5. When the Brocade 8000 runs in Access Gateway mode all the FCoE ports are F Ports and all the FC port are N Ports Static mapping is not supported on the Brocade 8000 When Access Gateway is enabled F Ports mapping to N Ports is allowed and all 4 FCOE ports in the trunk group are mapped to the same N Port F Ports mapping to the Port Group level is not allowed You cannot map individual FCoE Ports within the same trunk group to different FC ports All the four FCoE ports in a set will failover or failback to one FC N Port Enabling or disabling of N port Port Grouping is not allowed Port Group modification is allowed Login Balancing and Fabric Name Monitoring is not allowed in Add Port Group configuration Login Balancing Fabric Name Monitoring F Port Auto Rebalancing N Port Auto Rebalancing and Manual Balance options are not allowed in the Edit Port Group or View Port Group configuration Web Tools Adminstrator s Guide 53 1002152 01 Chapter Administering Fabric Watch 13 In this chapter Fabric Watch OVelVIGW uncus dos ee aces cm RR Rn CR Gn CUR TET GbR RR RR 163 Fabric Watch overview Fabric Watch is an optional Brocade licensed feature that monitors the performance and status of switches Fabric Watch can automatically alert you when problems arise before they become costly failures NOTE If you do not own the switch Fabric Watch is view only Owning ports on a switch is not enough to enable Fabric W
6. Beginning with Fabric OS version 6 1 1 some Web Tools capabilities are moved from Web Tools to Brocade Network Advisor Table 2 summarizes these changes Web Tools Adminstrator s Guide 1 53 1002152 01 1 Web Tools the EGM license and Brocade Network Advisor Web Tools features enabled by the EGM license Table 1 describes those Web Tools features that require the EGM license TABLE 1 Basic Web Tools features and EGM licensed features Feature Basic Web Tools Web Tools with EGM License Active Directory support yes yes AD Context Switching no yes AD filtered views yes yes Admin Domain Management no yes AG Management yes yes Analyze zone config no no Basic Zoning and TI Zoning yes yes Blade Management yes yes Cloning a zone no yes Configuration upload download yes yes Convenience function from Tools menu no no Device Accessibility Matrix no no Easy to configure iSCSI wizard yes yes Extended Fabric Management no yes F Port Trunk Management no yes Fabric Events no no Fabric Summary no no Fabric Tree yes yes FCIP Tunnel configuration no no FCIP Tunnel Display yes yes FCR Management yes yes FCR Port Config yes yes FICON CUP Tab no yes FRU Monitoring yes yes High Availability yes yes IP Sec Policies yes yes ISL Trunk Management no yes ISL Trunking information yes yes License Management yes yes Long Distance no yes Logical Switch Context Switching no yes
7. Enabling in order delivery IOD guarantees that frames are either delivered in order or dropped For more information regarding IOD refer to the Fabric OS Administrator s Guide NOTE Enabling in order delivery can cause a delay in the establishment of a new path when a topology change occurs and therefore should be used with care To specify frame order delivery perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Routing tab 3 Click On in the In Order Delivery IOD area to force in order frame delivery across topology changes or click Off to restore out of order frame delivery across topology changes 4 Click Apply Configuring the link cost for a port 172 This section describes how to set the cost of an interswitch link ISL The cost of a link is a dimensionless positive number The fabric shortest path first FSPF protocol compares the cost of various paths between a source switch and a destination switch by adding the costs of all the ISLs along each path FSPF defines the path with minimum cost If multiple paths exist with the same minimum cost FSPF employs load sharing over these paths Every ISL has a default cost that is inversely proportional to its bandwidth Use this procedure to set a non default static cost for any port 1 Open the Switch Administration window as described in Opening the Switch Ad
8. e General All ports Enable Disable Trunking Enable Disable NPIV NPIV Max Login Port Swap F Port Trunking Re Authenticate Bind Un Bind PID F Port BB Credit QoS Enable Disable requires Adaptive Networking License CSCTL enable disable requires Adaptive Networking License Speed combination applicable only to the Brocade 6510 and Brocade DCX 8510 4 8510 8 with the FC16 32 or FC16 48 Port beacon enable disable Web Tools Adminstrator s Guide 53 1002152 01 Configuring FC ports 6 e SFP Physical ports only FC CEE and GbE Basic Information about the port Advanced information about the port equipment e QSFP Quad Small Form factor Pluggable ports Basic Information about the port Advanced information about the port equipment UnitNumber Channellndex DeviceTech MaxCaseTemp e Port Statistics Advanced port statistics Error details FCIP Tunnels GbE ports and logical FCIP ports only not available for the FR4 16IP Controllable ports All ports have a Controllable attribute visible from the Advanced Mode which represents a combination of the RBAC and Admin Domain permissions The Controllable attribute is No when non owned E Ports and indirect member ports on non owned switches are accessible in read only mode and are not controllable regardless of RBAC permissions Additionally if you are logged in with read only permission the Controllable attribute displays No for all por
9. The Web Tools Switch Explorer might continue to display a switch from the Switch View even when the switch has been removed from the fabric Workaround If this behavior is seen relaunch Switch Explorer If the switch was removed from the fabric the Fabric View window lists the switch as unavailable Refresh option in browsers In the Switch Administration window Switch tab if you click the Refresh button you might not be able to click the data entry fields to enter text This behavior occasionally happens on a notebook or laptop computer it rarely happens on a desktop computer Workaround If this happens you should close the browser window and restart it Switch Explorer closure If a session times out or you log out or close Switch Explorer window all other windows belonging to the session are invalidated After a short delay these windows become unusable but are not closed automatically You must manually close these windows Switch View Occasionally switches might display the port icons correctly but be missing one or more control button icons Workaround Close the Switch View of the switch and reopen it Windows Operating Occasionally you will not see the Lost connection to the switch message on the Systems Switch View even though the Ethernet connection has been lost You might still be able to invoke various features from Switch View such as Status Fan Temp Power and Beacon Workaround Verify Ethernet
10. The following procedure describes how to save graphs to a new canvas 1 Open the Performance Monitoring window 2 Create basic or advanced Performance Monitor graphs as described in Creating basic performance monitor graphs on page 109 and Advanced performance monitoring graphs on page 111 The graphs display in the Performance Monitor window 3 Select File Save Current Canvas Configuration The Save Canvas Configuration dialog box displays 4 Entera name and description for the configuration and click Save Canvas A message displays confirming that the configuration was successfully saved to the switch Adding graphs to an existing canvas The following procedure assumes that a canvas is already created To create a new canvas you must first create graphs as described in Creating basic performance monitor graphs on page 109 and Advanced performance monitoring graphs on page 111 and then save those graphs to a canvas as described in Saving graphs to a canvas on page 114 To add a graph to an existing canvas perform the following steps 1 Select File gt Display Canvas Configurations The Canvas Configuration List displays The error message No Canvas configuration to display displays if there are no saved canvas configurations 2 Click a canvas in the list 3 Click Edit The Edit Canvas dialog box displays 4 Click Add A list of graphs displays 5 Click a graph to add it to the canvas and click S
11. Traffic Isolation zones A traffic isolation zone TI zone is a special zone that creates a dedicated path for a specific traffic flow TI zones are primarily for shaping and controlling traffic rather than partitioning access to storage Web Tools Adminstrator s Guide 117 53 1002152 01 9 Zoning configurations LSAN zone requirements An LSAN zone enables device connectivity between fabrics connected in Fibre Channel Routing FCR configurations without forcing you to merge fabrics Extension switches provide multiple mechanisms to manage interfabric device connectivity Zones that contain hosts and targets that are shared between the two fabrics need to be explicitly coordinated To share devices between any two fabrics you must create an LSAN zone in both fabrics considering the following e The name of an LSAN begins with the prefix LSAN The prefix is not case sensitive e Members must be identified by their port WWN because port IDs are not necessarily unique across fabrics QoS zone requirements A QoS zone is a special zone that assigns a Quality of Service QoS level for traffic flow between a given host or target pair The members of a QoS zone are WWNs of the host or target pairs QoS zones can contain only WWN members A QoS zone has a special prefix to differentiate it from a regular zone The formats and meaning of the QoS zone name prefix are shown in Table 14 the names are not case dependent TABLE 14 QoS zone
12. Enabling zone configurations on page 131 To add or remove members of a zone configuration perform the following steps NOTE You can make changes to a configuration that is currently enabled however changes do not display until you re enable the configuration To configure the zone members perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Zone Config tab 3 Select the configuration you want to modify from the Name list 4 Click an element in the Member Selection list that you want to include in your configuration or select the element in the Config Members list that you want to delete 5 Click the right arrow to add a configuration member or the left arrow to remove a configuration member 6 Select Zoning Actions gt Save Config to save the configuration changes Renaming zone configurations The new name cannot exceed 64 characters and can contain alphabetic numeric and underscore characters NOTE You cannot rename the currently enabled configuration To rename the zone configuration perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Zone Config tab 3 Select the configuration you want to rename from the Name list and click Rename 4 In the Rename a Config dialog box enter a new configuration name and click OK Web Tools Adminstrator s Guide
13. Gbps links the default cost is 1000 For a VEX Port the default cost is 10000 If the cost is set to O the default cost are be used for that link To configure the FCR router port cost perform the following steps 1 Open the Switch View window Click FCR in the Manage section of the Tasks menu Click the EX Ports tab Disable the EX Port Click the Router Port Cost button ao PF WN Viewing LSAN zones The LSAN Zones tab displays all the LSAN zones in both a tabular and tree form If FC FC Routing is disabled the table and the tree node in this tab display only the LSAN zones present in the backbone fabric For more detailed information about a specific LSAN zone click a zone name in the table and then click the View Details button in the task bar You can also click the zone name in the tree on the left side of the window The LSAN matrix is mapping of LSAN Zones with the edge fabric they are going to communicate with When an LSAN matrix is created in the backbone fabric only the LSAN zones mapped in the edge fabrics are displayed in the LSAN Zones tab Follow the procedure described in Creating and populating zones on page 125 to create LSAN zones Viewing LSAN devices The LSAN Devices tab displays information about the physical and proxy devices and displays these devices in a tree on the left side of the window If FC FC Routing is disabled the tables and tree nodes in this tab are empty Click the LSAN D
14. JRE patches on Solaris 7 Solaris patches 7 Internet Explorer 7 0 29 IOD frame delivery 172 IP address filtering 35 ISL trunking 99 J Java Plug ins configuring 8 installing 6 7 supported 5 JRE installing 7 L launching FC Routing module 147 Web Tools 10 LEDs port 144 licensed features 44 licenses activating 44 removing 45 limitations browsers 243 246 firmware download 244 HTTP 244 245 Microsoft Windows Operating System 246 Performance Monitor 245 Switch View 246 limited switch license 9 link cost 172 logging out 12 LSAN devices 150 fabrics managing 148 zones managing 150 250 M managing RADIUS server 196 199 media type GigE 84 85 message severity levels 48 MetaSAN 145 modifying performance graphs 116 RADIUS server 197 RADIUS server order 198 zone aliases 124 zone configurations 130 zones 126 monitoring performance 103 mouse over information 26 N name server entries displaying 51 naming ports 82 no access zoning 119 non FIPS 245 NPIV ports disable 85 enable 85 0 opening Performance Monitoring window 108 Switch Administration window 33 optical GigE 84 85 P passwords changing 181 expiring 183 rules 182 unlocking 183 performance graphs adding to a canvas 115 modifying 116 printing 115 types of 105 Performance Monitoring window 108 Web Tools Adminstrator s Guide 53 1002152 01 per frame routing pri
15. Supplier Serial none Switch Status DNS Configuration Enable Disable DNS Server 103221 D DNS Server 2 10 32 211 EPE Domain Name enalat bracade com View Report Remove All Reboot Fastboot Reboot Fastboot Access Gateway Mode Enable Disable v N Port Auto Rebalancing F Port Auto Rebalancing Manual Balancing Apply Close Refresh a gt Switch Administration opened Thu Jul 09 2009 19 49 21 GMT 00 00 Change current switch settings Mode Basic Free Professional Management Tool 10 35 52455 User admin Role admin 4 FIGURE31 Access Gateway Auto Rebalancing 5 Click Refresh 6 Under the Access Gateway Mode section do the following e Select the N Port Auto Rebalancing check box to enable N_Port rebalancing Web Tools Adminstrator s Guide 161 53 1002152 01 12 Access Gateway limitations on the Brocade 8000 T e Select F Port Auto Rebalancing check box to enable F Port rebalancing e Click Manual Balancing and a confirmation dialog box displays Click Yes to change F Port N Port Mapping or click No to cancel the changes Click Apply to apply the changes Access Gateway limitations on the Brocade 8000 The following list the is a compilation of the limitations of using Access Gateway with the Brocade 8000 switch 162 Only the Port Grouping PG policy is supported When the Access Gateway mode is first enabled the default PG policy is enforced
16. System configuration parameters 3 Configuring fabric settings To configure the fabric settings perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Make the fabric parameter configuration changes Enable the switch as described in Enabling and disabling a switch on page 37 2 Select the Configure tab 3 Select the Fabric subtab 4 5 Click Apply 6 Fabric settings Configure the following fabric settings on the Fabric subtab of the Configure tab BB Credit R A TOV E D TOV Addressing mode Datafield size Sequence Level Switching Disable Device Probing Per Frame Routing Priority Suppress Class F Traffic Insistent Domain ID Mode WWN based Persistent PID The buffer to buffer credit is the number of buffers available to attached devices for frame receipt The default BB Credit is 16 The range of valid values is from 1 through 27 Resource allocation timeout value in milliseconds This variable works with the E D TOV to determine switch actions when presented with an error condition The default is 10000 The possible range is 2 E D TOV 120000 Values must be multiples of 1000 Error detect timeout value in milliseconds This timer is used to flag a potential error condition when an expected response is not received within the set time The valid range is 1000 R A TOV 2 Displays the addressi
17. The FC FC Routing Service is supported only on the following switch models e Brocade VA 40FC Brocade 6510 e Brocade 5100 and 5300 switches e Brocade 7800 Extension Switch e Brocade DCX and DCX AS enterprise class platforms when configured with FRA 18i FC8 16 FC8 32 FC8 48 FC8 64 FS8 18 or FX8 24 blades e Brocade DCX 8510 4 and DCX 8510 8 when configured with FC16 32 or FC16 48 blades Setting up FC FC routing The following procedure provides the basic steps for setting up FC FC Routing using an FC Router 1 Ensure that the backbone fabric ID of the FC Router is the same as that of other FC Routers in the backbone fabric Refer to Configuring the backbone fabric ID on page 150 2 Onthe FC Router ensure that the ports to be configured as EX Ports are either not connected or are disabled 3 Configure EX Ports by clicking the EX Ports tab and then clicking New Follow the instructions in the wizard Refer to Viewing EX Ports on page 148 4 Connectthe cables from the EX Ports on the FC Router to the edge fabrics if they were not connected before NOTE For a multi FC Router backbone fabric make sure that each FC Router is connected to a switch in the backbone fabric 5 Configure LSAN zones on the fabrics that share devices Refer to Viewing LSAN zones on page 150 6 View the information in the EX Ports LSAN Fabrics LSAN Zones and LSAN Devices tabs to make sure that your configuration succeeded 146
18. creating it NOTE Clear the Active check box if you want the Admin Domain deactivated when you finish creating it Click Next In the Membership area assign members to the Admin Domain by selecting them in the Available Members section and clicking Add Add Ports or Add Devices as described below Select a switch port or device in the Available Members tree and click Add to add the selected element Alternatively you can press the Insert key to add your selections e Select a switch or slot and click Add Ports to add all of the ports in the selected switch or slot e Select a switch slot or port and click Add Devices to add all of the devices for the selected element Optional Click Manual to add offline devices NOTE To add ports or other switches in the fabric launch the Add Member wizard by clicking the Manual button Click Next The wizard displays a summary of the Admin Domain Read the summary to verify that the Admin Domain setup is correctly 10 Click Finish to close the wizard 11 Click Save to save the new Admin Domain configuration to persistent storage 12 Click Apply to enforce the new Admin Domain configuration as the effective configuration Adding ports or switches to the fabric To add ports or switches to the fabric perform the following steps 1 From the Create Admin Domain wizard click Manual The Add Member window displays 2 Select Port and enter the member ID in the Membe
19. the down arrow To find the previous match press the up arrow If the text is not found in the table the text turns red Opening the Admin Domain window Use the Admin Domain window to perform all Admin Domain configuration procedures If you want to configure Admin Domains you must launch the Admin Domain window from the physical fabric context If you are in any Admin Domain other than the physical fabric the module launches in read only mode NOTE The switch must be running Fabric OS v5 2 0 or later Web Tools Adminstrator s Guide 67 58 1002152 01 68 5 Admin Domain window To open an Admin Domain window perform the following steps 1 Select a switch from the Fabric Tree and log in when prompted Switch View displays information for the selected switch 2 If you plan to modify the Admin Domain configuration from the Admin Domain menu select Physical Fabric 3 Click Admin Domain in the Manage section of the Tasks menu The Admin Domain window displays Refreshing fabric information When you refresh the system updates the display of fabric elements only switches ports and devices It does not update Admin Domain changes in the Admin Domain window This option allows you to refresh the fabric element information displayed at any time To refresh the fabric information open the Admin Domain window and click Refresh The status for the fabric including switches ports and devices is refreshed Refres
20. the recipient generates a new message digest from the data that was received decrypts the original message digest with the originator s public key and compares the decrypted digest with the newly generated digest If the two digests match the integrity of the message is verified The identity of the originator also is confirmed because the public key can decrypt only data that has been encrypted with the corresponding private key IPsec over FCIP FR4 81i blades use FCIP protocol to IP to carry Fibre Channel traffic over IP networks IPsec can be used to secure the IP flows over an FCIP tunnel At a high level the steps to take are e Access the IPsec Policies dialog box e Create an IKE policy for authentication Web Tools Adminstrator s Guide 205 53 1002152 01 16 IPsec over FCIP 206 Create a security association SA Create an SA proposal Add an IPsec Transform policy referencing the IKE policy and the SA proposal Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow Enable the policy FCIP Compression The FCIP tunnel compression mode allows IP packets to be compressed over the FCIP The modes available are None Moderate and Auto FCIP tunnel configuration is available in Brocade Network Advisor Accessing the IPsec Policies dialog box To access the IPsec Policies dialog box perform the following steps 1 2 3 A Open the Switch Administration window Select Sho
21. your fabric You can access the basic monitoring graphs on all switches advanced monitoring graphs are available only on switches that have a Brocade Advanced Performance Monitoring license activated TABLE 11 Basic performance graphs Graph type Port Throughput Display description The performance of a port in bytes per second for frames received and transmitted Switch Aggregate Throughput The aggregate performance of all ports on a switch Blade Aggregate Throughput The aggregate performance of all ports on a port card This graph is available only for the Brocade DCX and DCX 4S enterprise class platforms Switch Throughput Utilization The port throughput in Gbps at the time the sample is taken For the Brocade DCX and DCX 4S enterprise class platforms this graph displays the throughput for each slot You can customize this graph to display information for particular ports Port Error Switch Percent Utilization CRC errors for a given port The percentage utilization for each port in a switch For the Brocade DCX this graph displays the percent utilization for each slot You can customize this graph to display information for particular ports Port Snapshot Error The CRC error count between sampling periods for all the ports on a switch For the Brocade DCX and DCX 4S enterprise class platforms this graph displays the CRC error rate for each slot You can customize this graph to display i
22. 1 Open the Admin Domain window From the tree on the left select the Admin Domain Click Rename Enter the new name and click OK ov d c0 de Select Actions Save AD Configuration to save the new Admin Domain configuration to persistent storage 6 Select Actions gt Apply AD Configuration to enforce the new Admin Domain configuration as the effective configuration Deleting Admin Domains When you delete an Admin Domain its devices no longer have access to the members of the zones with which it was associated To delete an Admin Domain perform the following steps 1 Open the Admin Domain window 2 Fromthe tree on the left select the Admin Domain 3 Click Delete 4 Inthe confirmation dialog box click Yes to delete the domain The system deletes the Admin Domain 5 Select Actions gt Save AD Configuration to save the new Admin Domain configuration to persistent storage 6 Select Actions gt Apply AD Configuration to enforce the new Admin Domain configuration as the effective configuration 72 Web Tools Adminstrator s Guide 53 1002152 01 Modifying Admin Domain members 5 Clearing the Admin Domain configuration When you clear the Admin Domain configuration all user defined Admin Domains are deleted and all fabric resources switches ports and devices are returned to ADO You cannot clear the Admin Domain configuration if zone configurations exist in any of the user defined Admin Domains To clear
23. 1002152 01 10 Port LED interpretation NOTE The options available in the dialog box may differ depending on the options available on your switch including CP core blades blades and WWN Switch Status Policy Down Marginal Power Supplies 0 4 3 0 4 Temperature 0 32 Fans 0 3 Flash 0 1 Error Ports 0 100 95 Marginal Ports 0 100 96 Faulty Ports 0 100 96 Missing SFPs 0 100 96 WAAN 0 2 CP 0 2 Blades 0 8 Core Blades 0 2 ONONN on 1 1 1 3 5 5 9 1 1 1 1 oooo OK Cancel FIGURE 29 Switch Status Policy dialog box Configure the numerical and percentage values to conform to your definition of a healthy switch Optional Right click a row in the table to access options to copy the values to your clipboard or to export the values to a file Click OK Port LED interpretation The Switch View displays port graphics with blinking LEDs simulating the physical appearance of the ports One of the LEDs indicates port status the other indicates port speed For LED information refer to the hardware documentation for the switch you are viewing The blink rate of the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical switch 144 NOTE All 8G and 16G Brocade switches and port blades do not have port speed LEDs but only port status LEDs Port icon colors The background color of the port icon indicates the port status as f
24. 1002152 01 Enabling or disabling FICON Management Server mode 17 Enabling or disabling FICON Management Server mode FICON Management Server FMS is used to support switch management using CUP To be able to use the CUP functionality all switches in the fabric must have FICON Management Server mode FMS mode enabled FMS mode is a per switch setting After FMS mode is enabled you can activate a CUP license without restarting the director You can use Web Tools to install a CUP license For more information on installing licenses refer to Activating a license on a switch on page 44 When FMS mode is disabled mainframe management applications director consoles or alternate managers cannot communicate with a director with CUP In addition when FMS mode is disabled on a director you cannot configure CUP attributes To enable or disable FICON Management Server perform the following steps 1 Select a FICON CUP capable switch from the Fabric Tree 2 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Click Show Advanced Mode Select the FICON CUP tab The FICON CUP tabbed page displays the FICON Management Server page All attributes on this tab are disabled until FMS mode is enabled 5 Click Enable in the FICON Management Server Mode section to enable FMS mode or click Disable to disable FMS mode 6 Click Apply to save your changes Web Tools Adminstrator s Guide 2
25. 320000 i l 50 1 U Port PID 320100 e E 50 2 U Port PID 320200 lel E 50 3 U Port PID 320300 E 8 50 4 U Port PID 320400 8 50 5 U Port PID 320500 8 50 6 U Port PID 320600 gt 50 7 U Port PID 320700 a WWNSs 0 Devices qd Add Other Current View Fabric View e Effective Zone Config Default All Access Switch Commit Messages Zone Admin opened at Wed Feb 09 2011 18 12 56 GMT 00 00 Loading information from Fabric Done Free Professional Management Tool 10 24 51 48 ADO User admin Role admin eo FIGURE23 Zone Admin window ATTENTION Any changes you make in the Zone Admin window are held in a buffered environment and are not updated in the zoning database until you save the changes If you close the Zone Admin window without saving your changes your changes are lost To save the buffered changes you make in the Zone Admin window to the zoning database on the switch refer to Saving local zoning changes on page 122 Note the following e Saving means updating the zoning database on the switch with the local changes from the Web Tools buffer e Refreshing means copying the current state of the zoning database on the switch to the Web Tools buffer overwriting its current contents In the Zone Admin window all WWNs also display vendor names NOTE The Member Selection List only lists the ports of the current switch and the devices of all the switches in the fabric Slot and port
26. 35 GMT 00 00 Switch Network Firmware Download License User Trunking Trunk Group Master Port Member Ports Trunk index Trunk Type Bandwidth Throughput Utlization 96 1 8 8 9 11 10 N A E Trunk 64 Gbps 2 1432 Gbps 3 8985 Close Refresh ay Switch Administration opened Tue Mar 09 2010 14 47 35 GMT 00 00 View Trunking Information FIGURE 19 Trunking tab The following trunking attributes can be displayed from the Switch Admin view Trunk port state either master or slave e Trunk master port e Trunk index applies only to F Port trunking e Trunk type Web Tools Adminstrator s Guide 53 1002152 01 F Port trunk groups T e Bandwidth shown only for E Port Ex Port F_Port and N_Port e Throughput shown only for E Port Ex Port F Port and N_Port e Utilization shown only for E Port Ex Port F Port and N Port Additionally the following trunking attributes can also be displayed from the Port Admin view by clicking the Show Advanced Mode button Trunk port state either master or slave e Master Port Trunk Index applies only to F_Port trunking e Trunking Enabled F_Port trunk groups F_Port trunking provides extra bandwidth and robust connectivity for hosts and targets connected by switches in Access Gateway mode There are five general criteria for establishing F_Port trunking e The F_Port trunking feature requires installing the EGM license otherwise i
27. 40 characters long They must begin with an alphabetic or numeric character They can include alphanumeric characters the dot and the underscore _ They are case sensitive Passwords must also meet any additional password rules that were set up Refer to the procedure Setting the rules for passwords on page 182 for more information 9 Retype the password in the Confirm Password field for confirmation 10 Check the available Virtual Fabrics or Admin Domains that you can access For Virtual Fabrics all logical fabrics IDs 1 128 are displayed even if they have not all been created Only Admin Domains that were created and are accessible to you display If all the Admin Domains in the list are inactive then you cannot log in to the switch The All option does not mean all of the listed Admin Domains it means all Admin Domains from ADO through AD255 regardless of whether they were already created The All button is disabled unless the following conditions are met The selected role for the target user must be admin or securityadmin e You must be a physical fabric administrator Selecting All makes the target user account a physical fabric administrator 11 Select a home logical fabric ID if Virtual Fabrics are enabled or select a home domain for the user from the Home AD menu if Admin Domains are enabled The default home logical fabric ID is 128 NOTE If ADO is deselected in the user s Admin Domain list and n
28. 9 252 VC Priority 42 viewing EX Ports 148 LSAN devices 150 LSAN fabrics 148 LSAN zones 150 swapped ports 91 Switch Explorer 17 Switch status 142 viewing FCR router cost 149 virtual channel settings configuring 42 W Web Tools Access Gateway mode enable 155 GUI preferences 19 launching 10 partial function transition to Brocade Network Advisor 3 WWN adding to zones 133 removing from zones 134 replacing in zones 134 Z Zone Admin module saving changes 68 Zone Admin window about 119 refreshing 121 saving changes 122 zone aliases creating 123 deleting 125 description 123 modifying 124 renaming 124 zone configurations creating 129 deleting 131 disabling 132 enabling 131 example 129 modifying 130 renaming 130 zone member selection lists searching 135 Web Tools Adminstrator s Guide 53 1002152 01 zones about 117 adding WWNs 133 best practices 136 creating 125 deleting 127 description 125 LSAN 150 modifying 126 removing WWNs 134 renaming 126 replacing WWNs 134 selecting a view 123 zoning all access 119 default zoning 119 no access 119 zoning database clearing 135 maximum size 122 131 zoning views 123 zoning disabling 132 zoning saving changes 68 122 Web Tools Adminstrator s Guide 53 1002152 01 253 MK 99COM101 01 254 Web Tools Adminstrator s Guide 53 1002152 01
29. Admin Domains it means all Admin Domains from ADO through AD255 regardless of whether they were already created The All button is disabled unless the following conditions are met The selected role for the target user must be admin or securityadmin e You must be a physical fabric administrator Selecting All makes the target user account a physical fabric administrator 9 Select a home domain for the user from the Home AD menu If ADO is deselected in the user s Admin Domain list and no other Admin Domains are selected the next available Admin Domain becomes the user s default home Admin Domain 10 Click OK and click Apply to apply your changes Maintaining passwords When you expire a password the next time that user logs in Web Tools requires the user to provide a new password NOTE You have to own the switch in order to modify password rules A password becomes locked if a user has exceeded the maximum number of failed login attempts This number is specified in the Lockout Threshold field To unlock a locked password refer to the unlock procedure in Unlocking a password on page 183 Changing the password of an account If you are logged in as admin you can change the password of your own account peer admin accounts switchadmin accounts and user accounts You can also change the root or factory account passwords If you are changing the password of an admin account you must also provide the current password Y
30. Admin list view and detailed view swapped ports are indicated with the Swapped label appended to the Port Index column and field Figure 13 Porti Port Index ofox0 ofoxd 1 0x1 4 0x4 Svapped 2 0x2 3 0x3 Svvapped 3 0x3 2 0x2 Svvapped 4 0x4 1 0x1 Svvapped 5 0x5 7 0x7 Svapped 6 0x6 6 0x6 FIGURE 13 Port swapped label To swap ports perform the following steps 1 Select a port in the Switch View to open the Port Administration window Select the FC Ports tab Click Advanced From the tree on the left select the port you want to swap Click Disable Ov d s You must disable the ports used for port swapping If the port is not in the disable state the port swap operation internally disables and re enables the port 6 Click Port Swap NOTE When the Port Swap dialog box is launched for a swapped port the dialog box displays The Selected port is already Swapped T Enterthe number of the port with which you want to swap the current port Web Tools Adminstrator s Guide 53 1002152 01 8 Port swapping index 6 If the port is on a blade you must also provide the slot number NOTE Port swap is not supported above the 16th port in a 48 port card in FMS mode Click Swap Determining if a port index was swapped with another switch port To determine whether a port was swapped perform the following steps 1 Select a port in the Switch View to open the Port Administration w
31. Administration window 2 Make sure that you have selected Advanced from the Port Configuration Policy drop down list 3 Click Configure N Port Groups CERES N Port Groups is disabled if you select Automatic from the Port Configuration Policy drop down list 4 Inthe Port Group Configuration dialog box click Add The Add Port Group window displays Enter the ID for the new port group in the Port Group ID field Enter the name for the new port group in the Port Group Name field Select the Login Balancing check box to enable login balance for the port group o sog Select the Fabric Name Monitoring check box to manually configure the managed fabric name monitoring 9 Underthe Select Members N Port section select the required ports you want to group 10 Click Save 11 Click Close on the Port Group Configuration dialog box Editing or viewing port groups To edit port groups perform the following steps 1 Click a port in the Switch View to open the Port Administration window 2 Click Configure N Port Groups Web Tools Adminstrator s Guide 157 53 1002152 01 12 Port configuration 158 3 On Port Group Configuration dialog box select the group that you want to edit and then click Edit View The Edit View Port Group window displays 4 Edit the name of the port group in the Port Group Name field Select the Login Balancing check box and the Fabric Name Monitoring check box if you want to enable these features C
32. Allow Prohibit Matrix no yes Performance Monitoring Dialog no yes Web Tools Adminstrator s Guide 53 1002152 01 Web Tools the EGM license and Brocade Network Advisor TABLE 1 Basic Web Tools features and EGM licensed features Continued Feature Basic Web Tools Web Tools with EGM License Port Administration yes yes Print zone database summary no no RBAC yes yes Routing and DLS Configuration no yes Security Policies Tab like ACL yes yes Switch Info tab yes yes Switch Status yes yes Switch View right click options yes yes Trace dump yes yes USB Management yes yes User Management yes yes Verify and troubleshoot accessibility yes yes between devices Web Tools functionality moved to Brocade Network Advisor The functionality that was moved from Web Tools into Brocade Network Advisor is detailed in Table 2 TABLE 2 Web Tools functionality moved to Brocade Network Advisor 1 Function Web Tools 6 1 0 Brocade Network Advisor Comments Add Un Zoned Zone Admin Configure Zoning Devices Reverse Find in the Zoning dialog box provides the view of the zoned and unzoned devices in the fabric if all zone members are selected for Find Analyze Zone Zone Admin 1 Configure gt Zoning Config Reverse Find in the Zoning dialog box provides the view of the zoned and unzoned devices in the fabric if all zone members are selected for Find 2 Device Tree and Topology Connected End Devices Cu
33. Do out Port O FSPF Route 3 303 Ly Link Cost 303 303 Flegs Next Domain Next Port Apply Switch Administration opened Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration opened Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administretion closed Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Configure Routing Information Mode Advanced FIGURE33 Routing tab ADO User admin Role admin Free Professional Management Tool 10 35 52 140 Viewing fabric shortest path first routing The Routing tab of the Switch Administration window displays information about routing paths To view the fabric shortest path first routing perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Routing tab 3 This step is switch type specific For the Brocade DCX 8510 8 DCX 8510 4 DCX or DCX AS enterprise class platforms click a slot number under the FSPF Route category in the navigation tree For the Brocade 300 5100 5300 6510 7800 Extension switches VA AOFC and the Encryption Switch click the FSPF Route category in the navigation tree Configuring dynamic load sharing The exchange based routing po
34. PFC can be used to pause the storage transfer so other traffic may use the network To enable or disable PFC perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the QoS tab 3 Select the DCB Maps tab 4 Under the Priority Group area enable or disable Priority Flow Control Status option for each Priority Group ID Enabling and disabling FCoE ports 242 You can enable and disable FCoE Ports individually from the Port Administration panel 1 Select the FCoE Ports tab on the Port Administration panel 2 Select the port you want to enable or disable under the FCOE Ports Explorer or from the list 3 Click Enable or Disable to change the current status of the port You can also enable or disable by clicking Edit Configuration and selecting Enable or Disable on the FCoE Edit Configuration dialog box Web Tools Adminstrator s Guide 53 1002152 01 Chapter Limitations 19 In this chapter e General Web Tools limitations lle n n 243 General Web Tools limitations Table 21 lists general Web Tools limitations that apply to all browsers and switch platforms TABLE 21 Web Tools limitations Area Details Blade Failure If a blade fails on the switch the Web Tools interface can still display slot and ports as healthy In this case the failure might not be visible in Web Tools until the Web Tools window is reopened Browser For Internet Explore 7 0 the defau
35. Quin ias Red dana Re e RR hice mad Ra uda aaa ei alas 99 Disabling or enabling ISL WUNKIAB sess ane saa RR c RACER cR 99 e Viewing Wank BOWS INONMA crus cubcem eR oe eer ERU EE RE ARA 100 OTe a CORON IGS E E TTE TT MM 101 ISL Trunking overview Inter Switch Link ISL Trunking optimizes network performance by forming trunking groups that can distribute traffic between switches across a shared bandwidth Atrunking license is required on each switch that participates in the trunk For details on obtaining and installing licensed features refer to Licensed feature management on page 44 For additional information about ISL Trunking refer to the Fabric OS Administrator s Guide You must use Web Tools with the EGM license to create ISL trunk groups and to manage F Port trunks The EGM license is required only for 8 Gbps platforms such as the following e Brocade Encryption Switch e Brocade 300 5300 and 5100 switches Brocade VA AOFC Brocade 8000 Brocade 7800 For non 8 Gbps platforms all functionality is available without EGM license For detailed information about ISL Trunking configurations and criteria refer to the Fabric OS Aaministrator s Guide Disabling or enabling ISL Trunking The trunking feature requires using Web Tools with the EGM license If you attempt to use this feature without the EGM license an error message displays When the trunking license is activated trunks are automatically established
36. Rh 215 Enabling port based FOllUE assausawxakska EX R EXUPEROOCA CR eee OR 216 e Enabling or disabling FICON Management Server mode 217 FMS parameter COMME UA eesi enc sce nup xum a xara hc n oka al nt R Rn 218 Displaying code page IDTOFITIBllOlI assssua sr knka hh xRRORRXGAGOERXA Y 219 e Viewing Mie Control UBVICE SISUS notin pete e eR ERRe E RIA REA 219 Allow Prohibit Matnx configuration occa kee xou RR rtm rhe hne Rn 220 CUP logical pate CONMNBUIEUON s ass veered Ya x oak Rares ie KR 224 e Link Incident Registered Recipient configuration 4 229 Displaying Request Node Identification Data lllsllslss 226 FICON CUP fabrics overview Control Unit Port CUP is a protocol for managing FICON directors Host based management programs manage the switches using CUP protocol by sending commands to the emulated control device implemented by Fabric OS A Brocade switch or director that supports CUP can be controlled by one or more host based management programs or director consoles such as Brocade Web Tools or Brocade Fabric Manager Refer to the Fabric Manager Administrator s Guide for information about Fabric Manager The director allows control to be shared between host based management programs and director consoles NOTE To perform FICON CUP operations the EGM license must be enabled on the switches using the CUP protocol Also the EGM license must be enabled to set the Allow Pro
37. Security Policies tab Select Authentication on the Security Policies menu Select the Shared Secret Keys subtab Select a secret key pair and click Edit Do BR WN Make the appropriate changes and click OK Setting the Switch Policy Authentication mode This setting determines whether or not authentication is required when a switch logs in to a fabric To set the Switch Policy Authentication mode perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Security Policies tab 3 Select Authentication on the Security Policies menu Web Tools Adminstrator s Guide 193 53 1002152 01 16 SNMP configuration 4 Usethe Switch Policy Authentication Mode option to select the authentication policy SNMP configuration 194 This section describes how to manage the configuration of the SNMP agent in the switch The configuration includes SNMPv1 and SNMPv3 configuration accessControl and systemGroup configuration parameters Access is read only if you do not have admin or security admin authority For more information refer to the snmpConfig command in the Fabric OS Command Reference Setting SNMP trap levels To set SNMP trap levels perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the SNMP tab 3 Select a trap level fo
38. User defined roles 184 Guidelines and restrictions Follow these guidelines and restrictions when creating and configuring user defined roles In order for the user defined role to be able to edit the Port Admin and FCR configuration you must assign the RBAC SwitchPortManagement and RBAC SwitchPortConfiguration RBAC classes to the role In order for the user defined role to be able to set the Fabric ID you must assign the RBAC FabricRouting and RBAC_SwitchConfiguration RBAC classes to the role In order for the user defined role to be able to view reports you must assign the RBAC SwitchManagement RBAC SwitchConfiguration and RBAC FRUManagement RBAC classes to the role For some functionality and operations which needs chassis level access the user defined role privileges must be assigned at both the chassis level and the Logical Fabric level to have the corresponding tab enabled In order for the user defined role to have access to the Configure tab you must assign either the RBAC ConfigManagement RBAC SwitchConfiguration or RBAC Configure classes to the user defined role which is applied at the Logical Fabric level Any of these three classes are sufficient In order for the user defined role to have access to the Security Policy tab you must assign either the RBAC Authentication RBAC_FabricDistribution RBAC Security RBAC_IPSec RBAC AG or RBAC_IPfilter classes to the user defined role which is applied at the Logi
39. VLAN information displays Displaying FCoE login groups To display FCoE login group information perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the FCoE Login tab The FCOE login group information displays Displaying QoS information To display QoS information perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the QoS tab From the QoS tab you can select the DCB Map tab to display DCB map information or select the Traffic Class Map tab to display traffic class maps information Web Tools Adminstrator s Guide 239 53 1002152 01 18 Displaying LLDP DCBX information Displaying LLDP DCBX information To display LLDP DCBX information perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the LLDP DCBX tab To display global settings select the Global tab e To display LLDP profile information select the LLDP Profile tab Displaying DCB interface statistics The DCB interface Port Statistics tab displays basic and advanced statistics and allows you to change statistics collection parameters The DCB Interface Statistics Configuration section allows you to do the following Toggle between showing Absolute Values or Delta Values values that have changed since the last data collection e Use the Clear Counters button to clear the counters in port statistics e Change the retrieval inte
40. Web Tools Adminstrator s Guide 53 1002152 01 FC FC routing management 11 FC FC routing management You can perform Fibre Channel Routing operations using Web Tools Web Tools with the EGM license and Integrated Routing license You can manage FC FC Routing through the FC Routing module The FC Routing module has tabbed panes that display EX Ports LSAN fabrics LSAN zones LSAN devices and general FCR information The FC Routing module provides a dynamic display Any changes in the FCR configuration on the switch are automatically updated in the FC Routing module within 30 to 90 seconds depending on the network traffic The last refresh time is displayed in the lower left corner of the subtabs The switch must be FC Router capable as described in Fibre Channel Routing overview on page 145 The only things you need to configure on the FC Router are the EX Ports and the backbone fabric ID You configure LSAN zones on the fabrics from where devices need to be shared You can configure LSAN zones on the backbone fabric to allow edge fabrics to share devices in the backbone fabric To modify the data you must log in as switchadmin fabricadmin basicswitchadmin operator or any user defined role configured with modify rights If you log in as user zoneadmin or securityadmin you can only view the data If the FC FC Routing service is disabled the LSAN zones LSAN fabric and devices tabs continue to display the existing entries but
41. a reference to related information ATTENTION An Attention statement indicates potential damage to hardware or data A CAUTION A A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware firmware software or data DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you Safety labels are also attached directly to products to warn of these conditions or situations Web Tools Adminstrator s Guide 53 1002152 01 Key terms For definitions specific to Brocade and Fibre Channel see the Brocade Glossary For definitions of SAN specific terms visit the Storage Networking Industry Association online dictionary at http www snia org education dictionary Notice to the reader This document may contain references to the trademarks of the following corporations These trademarks are the properties of their respective companies and corporations These references are made for informational purposes only Corporation Referenced Trademarks and Products Microsoft Corporation Windows 7 Windows Server 2008 Standard Windows Vista Business Windows XP SP3 Internet Explorer Oracle Corporation Oracle Solaris Netscape Communications Corporation Netscape Red Hat Inc Red Hat Red Hat Network Maximum RPM Linux Undercover Mozilla Firefox Additional information This section lists a
42. ache ats 175 User defined accounts 00 cee eee 175 Virtual Fabrics considerations llle eee eee 176 Admin Domain considerations 0200 ee eee eee 176 Viewing user account information 2 0055 177 Creating user defined accounts 000 nanan 177 Deleting user defined accounts 00 eee eeee 180 Changing user account parameters 180 Maintaining passwords 200 cece eee eee 181 User defined roles cei tate ERI e ears 183 Guidelines and restrictions llllllllllelss 184 Creating a user defined role 0 2 0 0c eee eee 184 Editing a user defined role 0 0 c eee eee eee 185 Access control list policy configuration 00005 186 Virtual Fabrics considerations 000c cee eee 187 Admin Domain considerations 000e eee eee 187 Creating an SCC DCC or FCS policy 4 187 Editing an SCC DCC or FCS policy 000 187 Deleting all SCC DCC or FCS policies 188 Activating all SCC DCC or FCS policieS 188 Distributing an SCC DCC or FCS policy 188 Moving an FCS policy switch position 189 Configuring Advanced Device Security policy 189 Fabric Wide Consistency Policy configuration 190 Authentication policy configuration 0 00 eee eee 191 Configuring authenti
43. address a specific peer IP address and a specific transform 1 Select the Selectors tab The Selectors screen displays Web Tools Adminstrator s Guide 53 1002152 01 p Qe cr m Or IPsec over management ports 16 Select Add The Add Selector dialog box displays Enter a name in the Selector Name field Select the Traffic Flow Direction in or out IPsec policies are unidirectional and must be applied separately to inbound and outbound flows Enter the IP address of the sender in the Source IP Address field Enter the IP address of the receiver in the Peer IP Address field Enter the Transform Name value The Protocol Name selector allows you to select a specific protocol Click OK Manually creating an SA Part of manually creating an security association SA is to select an IPsec Protection Type The choices are discard bypass and protect Discard causes data packets to be rejected if there is an invalid pair of source and destination addresses or invalid port addresses Bypass allows a data packet to be transmitted or received without IPsec protection Process indicates a data packet is processed using IPsec encryption IKE authentication or both using encapsulation security protocol ESP processing or authentication header AH protocol processing To manually create a SA perform the following steps 1 Select the SA Manual tab 2 Select Add The Add Manual SA dialog box displays 3 En
44. and then click Apply Viewing IP addresses If you want to view the IP addresses configured on the switch for the currently populated slots use the Show IP Address button Use this procedure to display the IP addresses 1 a PB WN Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Blade tab Click Show IP Address Scroll through the list to view all the information When you are finished click Close Switch configuration Use the Switch tab of the Switch Administration window to perform basic switch configuration Figure 8 on page 32 displays an example of the Switch tab Enabling and disabling a switch You can identify whether a switch is enabled or disabled in the Switch Administration window by looking at the lower right corner If you rest the cursor over the icon the system displays text that indicates the status of the switch Use this procedure to enable or disable a switch 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Switch tab In the Switch Status section click Enable to enable the switch or Disable to disable the switch Click Apply Web Tools Adminstrator s Guide 37 53 1002152 01 38 Switch configuration The system displays a confirmation window that asks if you want to save the changes to the switch You must click Yes to save the changes
45. association SA is rekeyed This limits the amount of time a given key is available to a potential attacker Click OK Establishing an IPsec policy for an FCIP tunnel To establish an IPsec policy for an FCIP tunnel perform the following steps Select the IPsec tab The IPsec Policies window displays Select Create An Add Policy dialog box displays Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog boxes Make sure the Policy Type is set to IPSEC Assign a policy number The Policy Number selector allows you to select a number between 1 and 32 Select the Encryption Algorithm used in this policy The choices are 3DES AES 128 and AES 256 Select an Authentication Algorithm for this policy The choices are SHA 1 MD5 and AES XCBC The remaining three fields are grayed out They apply only to IKE policies Click OK IPsec over management ports IPsec can be applied to the management port on a switch or a CP blade to establish a secure connection between a PC or workstation and Web Tools The connection can be used as a virtual private network VPN interface to Web Tools At a high level the steps to take are Access the Ethernet IPsec Policies dialog box Enable IPsec Create an IKE policy for authentication Create an security association SA Create an SA proposal Add a IPsec Transform policy referencing the IKE policy and the SA proposal Add an IPsec selector that a
46. bar 10 Select all the EX_Ports in the table and click Enable Web Tools Adminstrator s Guide 151 53 1002152 01 11 Configuring the backbone fabric ID 152 Web Tools Adminstrator s Guide 53 1002152 01 Using the Access Gateway Chapter 12 In this chapter e Access Gateway OVerviGeW l c ek ese a ee AURORA ACACR ORA 153 Viewing Switch Explorer for Access Gateway mode lssus 154 e Access Gateway mote civics eek ci eee Sheed REA o Meee GR ERGO RAS RRA 155 Enabling Access Gateway MOQ ae asir ek cece eee nsara naea aden 155 Disabling Access Gateway mode sisasso aee oan hh RERO 156 e Viewing the Access Gateway SettingS 0 0c e eee eee 156 E POLCON USNO arinn ITI TET 156 Access Gateway policy modification llle 160 Access Gateway limitations on the Brocade 8000 162 Access Gateway overview Access Gateway is a software feature that allows multiple host bus adapters HBAs to access the fabric using fewer physical ports You can set a switch in Access Gateway mode to transform them into a device management tool that is compatible with different types of fabrics including Brocade Enterprise OS EOS and Cisco based fabrics When a switch is in Access Gateway mode it is logically transparent to the host and the fabric Brocade Access Gateway mode allows hosts to access the fabric without increasing the number of switches and simplifies configuration a
47. bar between them represents the average of all values polled NOTE Virtual ports on logical switches cannot be graphed 106 Web Tools Adminstrator s Guide 53 1002152 01 Performance Monitor overview 8 Figure 20 shows how to access the list of Advanced Performance Monitoring graphs using Web Tools with the EGM license This example displays the graphs available in the Performance Monitoring window with the Advanced Performance Monitoring license installed Note that the slot number is identified dcm dcx 28 Performance Monitoring File Window a ND SID DID Performance A SCSI Read Write on a Lun per port SCSI vs IP Traffic SCSI Read on a Lun per port ALPA Error SCSI Write on a Lun per port SCSI Read Write per port SCSI Read per port SCSI Write per port 102 4 204 8 409 6Gb Sec Free Professional Management Tool 10 244928 FID 128 User admin Role admin FIGURE20 Accessing performance graphs User defined graphs You can modify the predefined graphs to create your own customized graphs refer to Customizing basic monitoring graphs on page 109 for more information These user defined graphs can be added and saved to canvas configurations Web Tools Adminstrator s Guide 107 53 1002152 01 8 Opening the Performance Monitoring window Canvas configurations A canvas is a saved configuration of graphs The graphs can be either the Web Tools predefined graphs or user defined grap
48. be edited To edit an IKE or IPsec policy perform the following steps O gv dm qe cR ES N Open the Switch Administration window Click Show Advanced Mode Select the Security Policies tab Under Security Policies select Ethernet IPsec or Ethernet IPsec Select the policy you want to edit Select Edit An Edit Policy dialog box displays Edit the policy as needed Click OK Deleting an IKE or IPsec policy You can delete one or more IKE or IPsec policies To delete an IKE or IPsec policy perform the following steps OQ er ae OT ONY de Open the Switch Administration window Select Show Advanced Mode Select the Security Policies tab Under Security Policies select Ethernet IPsec or Ethernet IPsec Select the policy or policies you want to delete Select Delete The policy is deleted from the SA database SADB and is removed from the list Web Tools Adminstrator s Guide 53 1002152 01 Establishing authentication policies for HBAs 16 Establishing authentication policies for HBAs To establish and enable authentication policies for HBAs as the log in to a fabric perform the following steps 1 2 3 4 10 11 12 13 Open the Switch Administration window Click Show Advanced Mode Select the Security Policies tab Select Authentication under Security Policies The Authentication Policy Settings screen displays Under Configure Authentication Policy do the following e Sel
49. between hello bridge protocol data units sent by the root switch configuration messages The range of valid values is from 4 to 180 seconds The default is 30 seconds In the Multiplier field set the number of consecutive misses allowed before LLDP considers the interface to be down The range is 2 to 10 The default is 4 The multiplier is related to the Hello time interval Using the defaults you wait four times the multiplier value at 30 second intervals the hello value before giving up on the interface In the FCOE Priority Bits field enter a value that indicates the desired user priority Each bit represents a user priority associated with FCoE traffic The range of valid values is from O through 255 The default is 8 Even though setting multiple bits is allowed exercising the full range of values it doesn t make sense to set more than one bit because adapters don t support multiple priorities for FCoE NOTE Web Tools accepts only decimal values for this option but the CLI allows only entries in list format or hexadecimal For example if you enter the value 8 decimal in Web Tools CLI represents it as 3 in list format If you enter the value 255 decimal iin Web Tools CLI represents itas0 12345 67 in list format Select the parameters you want to exchange Note that the term TLV indicates packaging of parameters into a Brocade specific Type Length Value TLV Web Tools Adminstrator s Guide 53 1002152 01 L
50. box select the group that you want to delete and then click Delete A confirmation dialog box displays Click Yes to confirm the action Click Close Web Tools Adminstrator s Guide 53 1002152 01 Port configuration 12 Defining custom primary F N port mapping To manually change primary F N port mappings perform the following steps 1 Click a port in the Switch View to open the Port Administration window Click the FC Ports tab Click Configure F_N Port Mappings Select the Primary Mappings subtab on the right side of the dialog a F WN In the Primary Mappings area select ports and use the Add right arrow button to map F_Ports or U_Ports to N_Ports Optional Use the Remove left arrow button to delete an F_Port mapping from an N_Port Optional Define a secondary N_Port in the Secondary Failover Mappings area by selecting the ports using the Add and Remove buttons to set up the secondary mappings The secondary mappings must be to a different port in the same group as the primary mapping If a secondary port is not defined the failover moves to any online ports within the same port group 8 After you have made the appropriate changes click Save Defining custom static F N port mapping In Fabric OS v7 0 0 the Static F port mapping and Static N port mapping columns have been added to the Port Admin GUI to display static mapping information NOTE Static mappings and custom WWN N port mappings are mutually exclu
51. buttons above the Switch View provide access to switch information status temperature power and fan data beaconing and the legend for the Switch View Although clicking a button can open a separate dialog box or window displays the management tasks all access control is established when you first log in to the switch Buttons in Switch Explorer are unavailable for two reasons your account does not have sufficient privileges to access this feature or your currently selected Admin Domain does not meet some condition to access the feature The Admin Domain context field indicates the administrative domain you are viewing and allows you to change it The Switch View displays an interactive graphic of the switch The Switch Events and Switch Information tabs allow you to view event information and switch information including connectivity port zone and other information An indicator bar in the lower right corner of every module window contains the Admin Domain you are currently viewing the current user name logged in to the switch and the role associated with that user account The small right arrow near the Switch Event tab displays the switch When you log out of Web Tools it remembers the last window settings the next time you log in to the application If you display the switch the next time you log in to Web Tools by default the Switch View displays The EGM license is required only for 8 Gbps platforms such as the followi
52. certificate authority servers to enable certificate based authentication of computers SA lifetime The SA lifetime may be defined as the number of bytes transmitted before the SA is rekeyed or as a time value in seconds or both When both are used the SA lifetime is determined by the threshold that is first reached Whenever an SA lifetime expires the security association SA is renegotiated and the key is refreshed or regenerated Web Tools Adminstrator s Guide 53 1002152 01 IPsec over FCIP 16 For example if a 200 MB file is transferred with a 100 MB lifetime at least two keys are generated If a communication takes one hour and you specify a lifetime of 300 seconds five minutes more than 12 keys may be generated to complete the communication The SA lifetime limits the length of time a key is used before it is replaced by a new key thus limiting the amount of time a given key is available to a potential attacker Part of a message may be protected by an old key while new keys protect the remainder of the message so even if an attacker deciphers one key only a portion of the message is vulnerable Diffie Hellman groups Diffie Hellman DH groups are used to determine the length of the base prime numbers for the Diffie Hellman exchange Diffie Hellman key exchange is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communi
53. configure a LAG perform the following steps 1 Select the DCB Interfaces tab on the Switch Administration panel 2 Select the Link Aggregation tab 3 Click Add The Add LAG Configuration dialog box displays NOTE Only ports that you defined with an Interface Mode of None can be a LAG Member Click the Add arrow button to move the interfaces to the Selected List Select the Mode Web Tools Adminstrator s Guide 235 58 1002152 01 18 Configuring VLANs The choices are Static and Dynamic Static mode does not use Link Aggregation Control Protocol LACP to negotiate and manage link aggregation Link participation in the LAG is determined by the link s operational status and administrative state Dynamic mode uses LACP LACP allows partner systems to examine the attributes of the links that connect them and dynamically form a LAG When you select Dynamic mode the Active and Passive options are enabled e If you choose Active your switch initiates an exchange of LACP data units e If you choose Passive your switch waits to receive LACP data units from its partner system and then respond Passive is the default behavior 6 Select the Type Type refers to the type of trunking used by the LAG The choices are Standard and Brocade T Select the Interface Mode The options are None and L2 The default is None 8 Select the L2 Mode The L2 mode setting determines operation within a VLAN Access mode allows only one VLAN associ
54. design and management is done at the granularity of a physical switch Each switch and all the ports in the switch act as a single fabric element that participates in a single fabric Virtual Fabrics allows SAN design and management to be done at the granularity of a port This enables partitioning of a physical switch into multiple logical switches which may be organized into logical fabrics The following platforms are Virtual Fabrics capable Brocade DCX and DCX 4S e Brocade 5300 e Brocade 5100 e Brocade 6510 e Brocade DCX 8510 4 Web Tools Adminstrator s Guide 58 53 1002152 01 3 54 Virtual Fabrics overview e Brocade DCX 8510 8 Virtual Fabrics cannot be configured or managed from Web Tools Configuration and management is done from either the Brocade Network Advisor or the Fabric OS command line interface For information about configuring and managing Virtual Fabrics refer to the Brocade Network Advisor User Manual if you are using Brocade Network Advisor or Fabric OS Administrator s Guide if you are using the Fabric OS command line interface You can use Web Tools to view Virtual Fabrics and logical switch configurations Selecting a logical switch from the Switch View You can log in to a specific logical switch as described in Chapter 1 or you can select a logical switch from the Switch View If you do not log in to a specific logical switch you are presented with the default logical switch Under the Switc
55. distance mode You can select any unique fabric ID as long as it is consistent for all EX Ports that connect to the same edge fabric Editing the configuration of an EX Port To edit the configuration of an EX Port perform the following steps 1 Select Tasks gt Manage gt FCR 2 Select the EX Ports tab 3 Select a port to configure by clicking the row 4 Click Edit Configuration in the task bar This launches the port configuration wizard which guides you through the port configuration process The current configuration values are displayed in the wizard steps NOTE If you decide to configure a disabled port the wizard provides the Enable Port after configuration check box If you select this check box the disabled port is automatically enabled after configuration If you leave this box cleared the port remains in the same state after configuration Configuring FCR router port cost In FCR EX Ports can be assigned router port cost The cost of the link is a positive number The router port path or tunnel path is chosen based on the minimum cost per connection If multiple paths exist with the same minimum cost there will be load sharing over these paths If multiple paths exist where one path costs lower than the others then the lowest cost path is used Web Tools Adminstrator s Guide 149 53 1002152 01 11 Viewing LSAN zones Every link has a default cost For an EX Port 1 Gbps 2 Gbps 4 Gbps 8 Gbps 10 Gbps and 16
56. eee eens 105 User defined graphs 0 0 cece eee 107 Canvas configurations llle eee 108 Opening the Performance Monitoring window 108 Creating basic performance monitor graphs 109 Customizing basic monitoring graphs 00 0 eee eee 109 Advanced performance monitoring graphs 05 111 Creating SID DID Performance graphs 111 Creating the SCSI vs IP Traffic graph 004 112 Creating SCSI command graphs 0020 eee 112 Tunnel and TCP performance monitoring graphs 113 Tunnel and TCP graph chart properties 114 Web Tools Adminstrator s Guide ix 58 1002152 01 Saving graphs to a canvas llll sellers 114 Adding graphs to an existing canvas 0000 eee eee 115 Printing graphs d sspe e geek Wate eee ae edie ea 115 Modifying graphs 1 eee 116 Chapter 9 Administering Zoning In this chapter scere mne mem dene eae RR ence s 117 Zoning overview s sss eh n ye Rr Rr a dnt 117 Basic Zones uu eds weed e Gr reu RAS ME Sees 117 Traffic Isolation zones 1 eee eee 117 LSAN zone requirementsS 0002 c cee eee ee 118 QoS zone requirements llli els eee 118 Zoning configurations sse 118 Opening the Zone Admin window lles esee 118 Setting the default zoning mode llllesluesse 119 Zoning management ssesleseseeeee ne 1
57. firmware perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Configure tab Select the Firmware subtab Select the Enable Signed Firmware Download check box Click Apply Ol dw dex go Licensed feature management 44 The licensed features currently installed on the switch are listed in the License tab of the Switch Administration window If the feature is listed such as the EGM license it is installed and immediately available When you enable some licenses such as ISL Trunking you might need to change the state of the port to enable the feature on the link For time based licenses the expiry date is included Right click a license key to export data copy data or search the table Activating a license on a switch Before you can unlock a licensed feature you must obtain a license key You can either use the license key provided in the paperpack document supplied with switch software or refer to the Fabric OS Administrator s Guide for instructions on how to obtain a license key at the Brocade website my brocade com To activate a license perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the License tab and click Add The Add License dialog box displays Paste or enter a license key in the field Click Add License Cl
58. information of other switches are not displayed in the tree 120 Web Tools Adminstrator s Guide 53 1002152 01 Zoning management 9 Click the Alias tab to display which aliases the port or device is a member of Also you can right click the device nodes and click View Device Detail to display detailed information about the selected device The Member Selection List panel displays only physical FC ports To verify whether you have any unzoned devices you must use Brocade Network Advisor to analyze zone configurations Admin Domain considerations The Member Selection List panel displays a filtered list of ports that are Direct port members that are zoneable and are displayed in the tree e Indirect port members to which owned devices are attached are displayed in the tree but cannot be added to a zone or alias Direct device members that are zoneable and are displayed in the tree e Indirect device members devices that are currently attached to owned ports that are also zoneable and displayed in the tree But if such a device is later moved to a non owned port it will no longer be displayed or zoneable e Switches and blades that are displayed only if they contain owned ports or devices regardless of switch ownership such as the FS8 18 Encryption blade e Ports that are indirect members only because the switch is owned are not displayed NOTE When no user defined Admin Domains are present on the switch ADO displays the
59. jl Link Number Limited Speed Needed Allocated Distance km Distance km Distance 0 N2 26 26 5 N A LO Normal N2 26 26 5 N A LO Normal N4 o0 N A LO Normal N4 o0 N A LO Normal N4 o0 N A LO Normal N4 00 N A LO Normal N4 on NIA LO Normal N1 os N A LO Normal N2 0 8 N A L0 Normal 1 2 3 4 5 B 7 8 9 2G on N A LO Normal o N4 on N A L0 Normal N4 on N A L0 Normal N4 0n N A L0 Normal ay Switch Administration opened Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration opened Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Switch Administration closed Fri Jun 19 2009 17 38 00 GMT 00 00 Long Distance Port Configuration Mode Advanced Free Professional Management Tool 10 35 5240 ADO User admin Role admin s FIGURE32 Extended Fabric tab For the Brocade DCX DCX 4S DCX 8510 4 and DCX 8510 8 the slots for CPs are not available Web Tools Adminstrator s Guide 53 1002152 01 Configuring a port for long distance 14 The Brocade Encryption Switch and the FS8 18 Encryption blade support auto negotiated link speeds of 1 2 4 and 8 Gbps The GE ports are always locked at 1 Gbps TABLE 15 Long distance settings and license
60. logical switches using chassis beaconing 53 Virtual Fabrics overview lllseeeeeeee 53 Selecting a logical switch from the Switch View 54 Viewing logical ports ssesleeeeeeeeeenBB amp 54 Chapter 4 Maintaining Configurations and Firmware Irthis chapter esse eser ciel oe eave arm B i ER Guee 4u 57 Creating a configuration backup file 200000 57 Restoring a configuration 0 0 0 0 600 eee ee 58 Web Tools Adminstrator s Guide vii 58 1002152 01 Admin Domain configuration maintenance lesus 59 Uploading and downloading from USB storage 60 Performing a firmware download 00ce cece eee eee 60 Chapter 5 Managing Administrative Domains Iri this chapter verit AC E ao a a e a AUE SARUM 63 Administrative Domain overview llle 63 Requirements for Admin Domains lesus 63 User defined Admin Domains 002 cee eee eee 64 System defined Admin Domains 2000 eee 64 Admin Domain membership 000 cece eee aes 65 Enabling Admin Domains lessen 65 Admin Domain window seeeeee nn 66 Opening the Admin Domain window lsssss 67 Refreshing fabric information 02 cee eee eee 68 Refreshing Admin Domain information 68 Saving local Admin Domain changes 2 005 68 Closing the Admin Domain window Lees
61. name prefixes QoS name prefix Priority Bandwidth assignment QosH_ High Five virtual circuits 60 of available bandwidth QosM_ Medium Four virtual circuits 40 of available bandwidth QosL_ Low Two virtual circuits 10 of available bandwidth Zoning configurations 118 The Zone Admin window is where all of the zoning tasks are performed When performing zoning tasks for switches in a mixed fabric that is a fabric containing two or more switches running different fabric operating systems you should use the switch with the highest Fabric OS level Refer to Best practices for zoning on page 136 for more recommendations about zoning Opening the Zone Admin window Launching the Zone Admin window and performing any kind of zone configuration takes more time if there are a large number of entries in the zone database If the zone count is above 10000 the time taken for completing the operation increases proportionately You cannot open the Zone Admin window from AD255 physical fabric To open a Zone Adminstration window perform the following steps 1 Select a switch from the Fabric Tree 2 Click Zone Admin in the Manage section of the Tasks menu The Zone Admin dialog box displays as shown in Figure 23 Web Tools Adminstrator s Guide 53 1002152 01 Zoning management 9 Setting the default zoning mode The default zoning mode has two options All Access All devices within the fabric can communicate with all
62. not selected 2 Select the Security Policies tab 3 Select Authentication on the Security Policies menu 4 In the Authentication Type field select DHCHAP NOTE You must select DHCHAP when you are configuring authentication for an F Port 5 Set the switch authentication mode to either off or passive and click Apply Distributing authentication policies Authentication policies are distributed only if all the selected switches accept the distribution Only the policy mode is distributed to the selected switches The switch initiating the distribution must accept distribution NOTE You cannot distribute authentication policies in ADO unless it is the only Admin Domain To distribute authentication policies perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Security Policies tab Select Authentication on the Security Policies menu Click Distribute Policy Select the switches or click the button to distribute to all Click OK oa F WN Re authenticating policies A user who has changed authentication policy parameters or a shared secret key pair can re initialize the authentication To re authenticate policies perform the following steps 1 Click a port in the Switch View to open the Port Administration window The Port Administration window displays with the port selected 2 Click Re Authenticate active only f
63. output e Detailed description of the problem including the switch or fabric behavior immediately following the problem and specific questions e Description of any troubleshooting steps already performed and the results e Serial console and Telnet session logs e syslog message logs 2 Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number label as illustrated below TIU A O FTOOXOO54E9 The serial number label is located as follows e Brocade 300 5100 5200 5300 6510 7800 8000 VA 40FC and Brocade Encryption Switch On the switch ID pull out tab located inside the chassis on the port side on the left e Brocade 5000 On the switch ID pull out tab located on the bottom of the port side of the switch e Brocade 7600 On the bottom of the chassis e Brocade DCX and 8510 8 On the bottom right on the port side of the chassis e Brocade DCX 4S and 8510 4 On the bottom right on the port side of the chassis directly above the cable management comb Web Tools Adminstrator s Guide 53 1002152 01 e Brocade 8000 On the switch ID pull out tab located inside the chassis on the port side on the left 3 World Wide Name WWN Use the licenseldShow command to display the WWN of the chassis If you cannot use the licenseldShow command because the switch is inoperable you can get the WWN from the same place as the serial number except for the Brocade DCX For the Broc
64. overall status of the switch The policy parameter values determine how many failed or faulty units of each contributor are allowed before triggering a status change in the switch from Healthy to Marginal or Down The existence of policies such as WWN CP and Blade might differ from platform to platform Numerical and percentage values that are above Marginal are considered to be Healthy Any single contributor can force the overall status of the switch to Marginal or Down For example assuming that the switch contributor values are set to the default values if there is one faulty port in a switch then this contributor would set the overall switch status to Marginal If two ports were faulty then this contributor would set the overall switch status to Down Percentages are configured from a maximum of 100 For example setting the Marginal value to 6 means the percentage is 94 and up setting the Marginal value to 12 means the percentage is 8896 and up NOTE Entering the value zero 0 for a parameter means that it is NOT used in the calculation In addition if the range of configurable values in the prompt is zero 0 0 the policy parameter is NOT applicable to the switch To define the Switch Status Policy perform the following steps 1 Open the Web Tools main page 2 Click the Switch Status Policy button The Switch Status Policy dialog box displays as shown in Figure 29 Web Tools Adminstrator s Guide 143 53
65. ports D Port are used for running diagnostics to isolate link level faults and inter switch link testing in fabric optical and remote loopback modes D Ports are not part of any fabric and it does not carry any data or protocol traffic with it It is used only for running diagnostic traffic for isolating link level faults D Port can be used to get estimated link distance measure as done for long distance mode links For information on configuring a D Port see the Fabric OS Administrator s Guide Web Tools can not configure a D Port Following list of features are not supported when a port is configured as a D Port e Port swap e Port bind Port trunk e QOS Enable Disable e BBcredit e NPIV Enable Disable Max login Allow Prohibit Matrix D Ports do not take part in zoning If D Port is added to a zone it does not take part in the fabric Reserving and releasing licenses on a port basis NOTE If the Admin Domains feature is enabled the Dynamic POD configuration is only applied to the ports if the switch is a member of the current Admin Domain The Dynamic PODs feature is supported on the Brocade 4018 4020 and 4024 switches only To reserve and release licenses on a port basis perform the following steps 1 Click a port in the Switch View to open the Port Administration window 2 Click the FC Ports or GigE Ports tab 3 Fromthe tree on the left click the switch or the slot that contains the port The License col
66. preferences that persists are e Last selected tab The Name Server GUI preferences that persist are e Table column sorting e Table column positions e Auto refresh interval selection check box e Auto refresh interval value The Zone Admin GUI preferences that persist are Basic Zones e Traffic Isolation Zones e Last selected tab e Table column sorting e Table column positions Tasks The Tasks menu lets you manage monitor and perform other tasks The Management section of the Tasks menu provides access to the following options Zone administration Zone information is collected from the selected switch If an ACL based FCS policy is in effect zoning can be administered only from the primary fabric configuration server FCS switch Refer to Zoning management on page 119 for more information Web Tools Adminstrator s Guide 53 1002152 01 Viewing Switch Explorer 2 e Switch administration e Port administration e Admin Domain administration e FCR present only on the base switch when the Virtual Fabrics capability is enabled e Fabric Watch NOTE Some of these functions require a license key to activate them The Monitor section of the Tasks menu provides access to the following options e Performance monitoring You must use Web Tools with the EGM license to perform performance monitoring operations otherwise access to this feature is denied and an error message displays e Name Server information This f
67. rates they correctly illustrate variance in the refresh rates throughout Web Tools TABLE 6 Polling rates Module Polling rate Name Server User defined 15 sec minimum Zoning Database 60 sec Fabric Watch 45 sec Performance Monitor 30 sec This feature requires the EGM license Port Management 60 sec FC Routing 45 90 sec depending on network traffic Displaying switches in the fabric If your fabric has more than one switch you can open Web Tools from one switch and then access other switches You can also launch Web Tools from the Brocade Network Advisor client as Element Manager This lets you manage Web Tool requests in the case where the fabric is in a private network Launch Web Tools from Brocade Network Advisor if you need to access the fabric from a host that is not in the same network and does not have direct access to the fabric NOTE If you open switches running Fabric OS v4 4 x or later from a Fabric Tree displayed for a version earlier than a v4 4 x switch Some of the features might be disabled To display switches in the fabric perform the following steps 1 Open Web Tools as described in Opening Web Tools on page 10 and log in to the switch 2 If the Fabric Tree is not expanded click the plus sign in the Fabric Tree to view all the switches in the fabric 3 Click a switch in the Fabric Tree A separate browser dialog box displays the selected switch If the launch switch is running
68. requirements Value Description Extended Fabrics License Required LO No long distance setting is enabled The maximum supported link distance No is 10kilometers at 1 Gbps e 5 kilometers at 2 Gbps e 2 5kilometers at 4 Gbps 1 kilometers at 10 Gbps 500 meters at 16 Gbps LE Extended normal setting is enabled 10 km 6 miles or less No LD Dynamic setting is enabled Buffer credits for the given E_Port are Yes dynamically configured based on the actual link distance as long as this is less than the desired distance If the actual link distance exceeds the desired distance the desired distance is used to allocate the buffers The LD level link can operate at distances up to 500 km at 1 Gbps 250 km at 2 Gbps or 125 km at 4 Gbps depending on the switch platform and the availability of frame buffers within the port group LS Static setting is enabled Buffer credits for the given E_Port are statically Yes configured based on the desired link distance The LS level link can operate at distances up to 500 km at 1 Gbps 250 km at 2 Gbps or 125 km at 4 Gbit sec depending on the switch platform and the availability of frame buffers within the port group For the Brocade DCX 8510 8 Brocade 6510 and Brocade DCX 8510 4 the buffer credits are 10 through X where X is proportional to the available buffers Configuring a port for long distance When you configure a long distance ISL ensure that the ports on both sides of the ISL have the s
69. s Guide 53 1002152 01 Advanced performance monitoring graphs 8 f Click Apply Only the selected ports are displayed in the graph Advanced performance monitoring graphs This section describes how to create the advanced performance monitor graphs listed in Table 12 on page 105 Because the procedure for creating these graphs differs depending on the type of graph each type is described separately in the sections that follow The advanced monitoring graphs are not supported for GbE ports NOTE You must have an Advanced Performance Monitoring license installed to use the Advance Performance Monitor features If user defined Admin Domains are configured Advanced Performance Monitoring works only in AD255 Creating SID DID Performance graphs The SID DID Performance graph displays the traffic between a SID DID pair on the switch being managed To create a SID DID performance graph perform the following steps 1 Open the Performance Monitoring window 2 Select Performance Graphs gt Advanced Monitoring gt SID DID Performance The SID DID Performance Setup dialog box displays e To see the end to end EE monitors that are currently set up on a particular port proceed to step 3 e To specify the port Source ID and Domain ID skip to step 4 NOTE Only the FC ports of the launched switch display in the tree The All Devices tab lists all the devices in the fabric and lets you select the source and destination Slot and p
70. secondary mapping if the primary mapped port is offline If a secondary port is not defined the failover moves to any online ports Optional To create a detached WWN N port mapping enter the WWN value into the WWN field and click Add The detached WWN port is now available for mapping After you have made the appropriate changes click Save Any unused WWNS are discarded Access Gateway policy modification Although you can control a number of policies on switches in Access Gateway mode Web Tools only provides the ability to enable and disable the policies For more information on these policies please refer to Access Gateway Administrator s Guide 160 Path Failover and Failback policies The Path Failover and Failback policies determine the behavior of the F Port if the primary mapped N Port they are mapped to goes offline or is disabled The Path Failover and Failback policies are attributes of the N Port By default the Path Failover and Failback policies are enabled for all N Ports Modifying Path Failover and Failback policies To modify Path Failover and Failback policies perform the following steps 1 ov d 0 NS Click a port in the Switch View to open the Port Administration window Select the N Port for which you want to modify the policy Click Edit Configuration Select the appropriate check box to modify the policy Click Save Web Tools Adminstrator s Guide 53 1002152 01 Access Gateway policy
71. status The icon on the Temp button indicates the overall status of the temperature For more information regarding switch temperature refer to the appropriate hardware documentation To view the temperature status perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View The icon on the Temp button indicates the overall status of the temperature 2 Click Temp on the Switch View The detailed temperature sensor states for the switch are displayed as shown in Figure 25 Viewing the power supply status The icon on the Power button indicates the overall status of the power supply status For more information regarding switch power modules refer to the appropriate hardware documentation Power Supply States for Chassis Power Supply No State 1 Ok 2 Ok 3 Absent 4 Absent FIGURE27 Power States window To view the power supply status perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window 2 The selected switch displays in the Switch View The icon on the Power button indicates the overall status of the power supply Web Tools Adminstrator s Guide 141 53 1002152 01 10 Displaying switch information 142 3 Click Power on the Switch View The detailed power supply states are displayed Figure
72. switch is still in the process of booting and you try to launch the Web Tools by management entering the IP address this message displays in the browser You should wait for the Switch to finish the startup sequence Configuration Web Tools does not support NAT router configurations and does not function correctly with switches behind a NAT router Web Tools Adminstrator s Guide 243 53 1002152 01 19 General Web Tools limitations TABLE 21 Web Tools limitations Continued Area Firmware download Details There are multiple phases to firmware download and activation When Web Tools reports that firmware download completed successfully this indicates that a basic sanity check package retrieval package unloading and verification was successful Web Tools forces a full package install A restart is required to activate the newly downloaded firmware This restart is done automatically however although Web Tools screens continue to display during the restart they are not available Wait approximately 10 minutes to ensure that all of the application windows are restored If Web Tools fails to respond after 20 minutes you might need to close all Web Tools applications windows and restart them or to contact your system administrator for network assistance The Web Tools loss of network connectivity during a failover or restart initiated through the firmwareDownload varies for different configurations Brocade DCX and DCX 4S enter
73. the firmware key is downloaded to the switch connection to the switch is lost and Web Tools invalidates the current session Web Tools invalidates all windows because upfront login is always enabled and cannot be disabled T Close all Web Tools windows and log in again If the firmware download is in progress when you log in you can continue to monitor its progress Web Tools Adminstrator s Guide 61 53 1002152 01 4 62 Performing a firmware download Web Tools Adminstrator s Guide 53 1002152 01 Chapter Managing Administrative Domains D In this chapter Adrmimistrative Domain SVE VIEW os ake gain cls mura n mana RR RR RR ROBUR RUN 63 Enabling ACMI DOMAINS sauaqdaaaxwxekSEeaERGAEAQE XAR E ERO RUE 65 e Admin Drap VelieloW a usu ce bebe eR PERIERE ERU KE Ra eo 66 Creating and populating domalfis srir ca ced ee ee rer were bleed nn 69 Modifying Admin Domain membelgS aesexanakcaerk mh rn ERR RO ERR 71 Administrative Domain overview Using Administrative Domains Admin Domains or ADs you can partition the fabric into logical groups and allocate administration of these groups to different user accounts so that these accounts manage only the Admin Domains assigned to them and do not make changes to the rest of the fabric The ability to assign an Admin Domain to a specific user account is performed in the User tab of the Switch Administration window and not in the Admin Domain window You can create domains
74. the following zone configurations Add unzoned devices Remove offline or inaccessible devices Replace offline devices Define device alias Best practices for zoning 136 The following are recommendations for using zoning Always zone using the highest Fabric OS level switch Switches with lower Fabric OS versions do not have the capability to view all the functionality that a newer Fabric OS provides as functionality is backwards compatible but not forwards compatible Zone using the core switch versus an edge switch Zone using a director over a switch A director has more resources to handle zoning changes and implementations Zone on the switch you connect to when bringing up Web Tools the proxy switch Web Tools Adminstrator s Guide 53 1002152 01 Chapter Working with Diagnostic Features 1 0 In this chapter 9 IKBgee Ops suec coke baked red E Xrka E Ru clues quiae dE 137 Displaying switch Information assa ak scn GaCCEEG EX ROGXCRUCROR ACER ear ee 139 e Detimsz wc POI esses eX Kee EER ERE Dee eee Shae eee 143 Port LED Ie NW uU Dea ru ger cR CER a ees E awe et R RA 144 Trace dumps Atrace dump is a snapshot of the running behavior within the Brocade switch The dump can be used by developers and troubleshooters at Brocade to help understand what might be contributing to a specific switch behavior when certain internal events are seen For example a trace dump can be created each time a certain error mess
75. the ports for the slot or switch If you select a port the system displays detailed information about the port Subtabs You can view either Basic Mode or Advanced Mode and to view the subtabs that contain additional information about the port The available subtabs depend on the type of port selected Web Tools Adminstrator s Guide 77 53 1002152 01 6 78 Port management overview When viewing detailed information about a port Basic Mode provides these subtabs e General AIl ports View Details Rename Edit Configuration Enable Disable port Persistent Enable Persistent Disable port e SFP Physical ports only FC CEE and GbE Basic information about the port equipment e QSFP Quad Small Form factor Pluggable ports Basic Information about the port UnitNumber Channellndex DeviceTech e Port Statistics All ports Basic port information and statistics Advanced port information Note that on the Port Statistics subtab you can view either absolute values or deltas for port statistics Viewing the deltas is useful if you want to view current port trends To reset the counters on the port statistics click the Clear Counters button FCIP statistics for a GbE port are the accumulated statistics of all the FCIP tunnels for that GbE port e IP Interfaces GbE ports only e IP Routes GbE ports only When viewing detailed information about a port the Advanced Mode provides these additional subtabs
76. this document llle xxiii Document conventions lessen xxiv Text formatting 2 253 en tems cedet ia t dide er don edere als e xxiv Notes cautions and warnings 0e eee eee eee xxiv Key terms 5 soc cde e Uc ar pon er CER ccs A XXV Notice to the reader asirar ee ee m ee XXV Additional information 020 ee ee eee eee XXV Brocade resources XXV Other industry resources 1 ee eee xxvi Getting technical help llli xxvi Document feedback 00 c eee xxvii Chapter 1 Introducing Web Tools li thiis chapter s ues exec doe iR cede bean aci CR E RC RR RORIS SCR RCR 1 Web Tools overview llle IR ms 1 Web Tools the EGM license and Brocade Network Advisor 1 Web Tools features enabled by the EGM license 2 Web Tools functionality moved to Brocade Network Advisor 3 System requirements llle nnne 4 Setting refresh frequency for Internet Explorer 5 Deleting temporary internet files used by Java applications 6 Java installation on the workstation slles lessen 6 Installing the JRE on your Solaris or Linux client workstation 7 Installing patches on Solaris llli eee ee 7 Installing the Java plug in on Windows 2 00 7 Java plug in configuration 0 sassa eee 8 Configuring the Java plug in for Windows 8 Configuring the Java plug in for Mozilla family browsers
77. to show only ports that are direct or indirect members of the currently selected Admin Domain Direct members are ports that were directly added to the Admin Domain as members Indirect members are Non owned ports on a member switch Non owned ports to which member devices are attached All active ports as well as any inactive EX Ports are shown Port Administration window components The Port Administration window has the following four tabs in the top left corner FC Ports tab displays all of the FC ports on the switch physical FC ports and logical ports VE VEx Ports tab displays all of the VE VEx ports on the switch If the switch does not have VE VEx ports the VE VEx Ports tab does not display ICL Ports tab displays all of the ICL ports on the switch If the switch does not have ICL Ports the ICL ports tab does not display GigE Ports tab displays all of the GigE ports If the switch does not have GigE ports the GigE Ports tab does not display The GigE Ports tab has the following three subtabs General General information about the GigE Ports SFP Displays information about SFP ports Port Statistics Displays statistics about the ports JP Interfaces Lets you view interfaces P Routes Lets you view routes FCIP tunnel Lets you view FCIP tunnels This tab has two buttons Go to FCIP port and Show Security Policies On selecting an FCIP tunnel the following circuit details with the circu
78. user login database When the primary AAA service is RADIUS you have three secondary service choices e None e Switch Database when RADUIS authorization fails e Switch Database when RADIUS times out When RADIUS login fails even though RADIUS server is available the additional service allows you the option to use the Switch Database as backup authentication service when the RADIUS server is not available Alternatively you can have no secondary AAA service which means that only the primary service is used for authentication Use the AAA Service tab of the Switch Administration window to manage RADIUS Enabling and disabling RADIUS At least one RADIUS server must be configured before you can enable RADIUS To enable or disable RADIUS perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the AAA Service tab To enable RADIUS select RADIUS from the Primary AAA Service drop down menu 4 Select None Switch Database when RADIUS Login Failed or Switch Database when RADIUS Login Timeout from the Secondary AAA Service menu Web Tools Adminstrator s Guide 53 1002152 01 RADIUS management 16 NOTE To disable RADIUS select Switch Database from the Primary AAA Service menu and select None from the Secondary AAA Service menu 5 Click Apply Configuring RADIUS The configuration is chassis based so it applies to all logical switc
79. you can perform this task To specify a remote server perform the following steps 1 Open the Switch Administration window 2 Click Show Advanced Mode if it is not selected 3 Select the Trace tab 4 Enter the FTP host IP address path of the remote directory for the trace dump files FTP user name and FTP password in the appropriate fields The IP address can be IPv4 or IPv6 format or a DNS name The password is optional if you log in as an anonymous user 5 Click Apply Enabling automatic transfer of trace dumps The switch must belong to your current Admin Domain before you can perform this task To enable the automatic transfer of trace dumps perform the following steps 1 Open the Switch Administration window 2 Click Show Advanced Mode if it is not selected Web Tools Adminstrator s Guide 53 1002152 01 Displaying switch information 10 Select the Trace tab Select Enable in the Auto FTP Upload section to enable automatic uploading of the trace dump to the FTP host 5 Click Apply Disabling automatic trace uploads If automatic uploading of a trace dump is disabled you must manually upload the trace dump or else the information is overwritten when a subsequent trace dump is generated The switch must belong to your current Admin Domain before you can perform this task To disable automatic trace uploads perform the following steps 1 Open the Switch Administration window 2 Click Show Advanced M
80. 0 seconds The X axis is limited to 30 minutes The graph scale starts with O minutes and auto scales to draw the statistics Once the 30 minutes graph is drawn the first minute data is removed to accommodate the 31st minute values e Global auto scaling By default this option is in disabled mode User can either enable or disable this option If enabled the graph s X axis scale up to 30 minutes and if it is disabled the X axis will scale up to 10 minutes e Number of graphs per row Designate how many graphs you wish to appear in each row 6 Click Generate Click Reset to reset all the graphs NOTE Brocade Network Advisor has an option for launching the TCP circuit Performance statistics dialog Tunnel and TCP graph chart properties When a Tunnel and TCP graph displays you can right click the graph to access the display properties These properties include e Font selection e Background color selection Title text e Display zoom These value selections are not persistent When you close the graph these values reset to the default settings In addition you can print the graph and save the graph to a file Saving graphs to a canvas Saving graphs is useful when you create customized graphs and do not want to recreate them each time you access the Performance Monitoring window When you save graphs you must save them to a canvas 114 Web Tools Adminstrator s Guide 53 1002152 01 Adding graphs to an existing canvas 8
81. 002152 01 Configuring a link aggregation group 18 6 Select the L2 Mode The choices are Access Trunk and Converged The default is Access The L2 mode setting determines operation within a VLAN e Access mode allows only one VLAN association and all frames are untagged e Trunk mode allows more that one VLAN association and tagged frames are allowed e Converged mode interface can be Native untagged or access in one VLAN and it could be non native trunk or tagged type in another VLAN If you are using the DCB map or a Traffic Class Map to apply QoS traffic priority select the appropriate button and enter the name of the map you want to use For a TenGigabitEthernet port configured as an FCoE port the default DCB map is applied automatically You cannot apply the Traffic Class Map to an FCoE port Enter the profile name in the LLDP DCBX Profile field for using a specific profile for the interface In the FCOE Priority Bits field enter a value that indicates the desired user priority Each bit represents a user priority that is associated with FCoE traffic The range is 0 255 The default is 8 10 Assign a default class of service in the Default CoS field The default CoS range is O 7 The default is O 11 Click OK 12 Click Enable for Status and LLDP Status Configuring a link aggregation group FCoE ports can be grouped to create a link aggregation group LAG The LAG is treated as a single interface To
82. 1 requires a Web Tools license and if applicable an EGM license installed Other switches must be managed through the Fabric OS command line interface CLI another management application or by using Brocade Network Advisor Changing the Admin Domain context The Admin Domain field displays the currently selected Admin Domain and allows you to change to a different one The ability to change Admin Domain context requires that the EGM license is enabled on the switch Otherwise an error message displays If you are logged in to Web Tools without the EGM license you must log in again using a specific Admin Domain Web Tools Adminstrator s Guide 21 53 1002152 01 22 2 Viewing Switch Explorer After you log in all Admin Domains assigned to you are available in the drop down menu For most administrative tasks you must be in either ADO or the physical fabric When changing the Admin Domain context the option for selecting AD from the drop down list is not available if the EGM license is not present Web Tools Adminstrator s Guide 53 1002152 01 Viewing Switch Explorer 2 To change the Admin Domain context perform the following steps 1 Select a domain from the Admin Domain menu 2 Click OK in the confirmation window Switch Explorer refreshes to display the new Admin Domain context You can monitor the progress using the progress bar The system displays a list of all open windows You can choose to change the Admin Do
83. 10 32 151 212 ADO User admin Role admin FIGURE44 Switch RNID information RNID information for attached FICON devices and channel paths displays on the Name Server view To view this information Click Name Server to display the Name Server view Ports that completed an RNID exchange display FICON in the Capability column For those ports the following information specific to RNID displays in the following columns Device Type e Model e Manufacturer e Manufacturer Plant Unit Type Tag Web Tools Adminstrator s Guide 53 1002152 01 Configuring FCoE with Web Tools Chapter 18 In this chapter even Tools and FCE QVO UI e su ec x scacaudncn a ace i Ra meala nia a C nOn 228 e Web Tools the EGM license and Brocade Network Advisor 228 e Switolh adminis auon dhd POOR ccc tohadsoeadstoads ohieds bad RR 229 M iet xeuptyr tbc RIP 229 Quality of Service confI UTatllOTi iissaassaaua ka ERRARE ena ree eae 230 LLDP DCBX COPUBM BUDE S diese p EXE ERIES NEC AR GU RE E ul ee ne Rp 231 ian E CB MICE TO CES ense Eden ue nx deen RR alc RD RR Rc 234 Configuring a link aggregation ZroUD 1 eee eee 230 e Canmigurig VEANS sas usu uan Ea ee E E E EE Red 236 ConnEunNnNE POOE IGEIIETEODIDS soss ro sex ace nln acacia eed a nca tarn eee 231 Displaying FGoE port Information asses rae Ry RRERORCROR RR X 238 Displaying LAG informatio se sies ecl e rmm m rs 239 Displaying VLAN mronnatiahi uc eec
84. 1002152 01 Creating and populating domains 5 To save the local Admin Domain changes perform the following steps 1 Select Actions gt Save AD Configuration to save your changes to persistent storage as the defined Admin Domain configuration 2 Select Actions gt Apply AD Configuration to save your changes to persistent storage and make your changes effective in the fabric These options are not enabled until you make a change to the Admin Domain configuration If another user has an Admin Domain operation in progress at the time that you attempt to save changes Web Tools displays a warning to indicate that another Admin Domain transaction is in progress on the fabric You can select to abort the other transaction and override it with yours This action updates the entire contents of the Admin Domain window not just the selected Admin Domain You can save your changes at any time during the Admin Domain configuration session Closing the Admin Domain window It is important to remember that any changes you make in the Admin Domain window are not saved automatically To close the Admin Domain window perform the following steps 1 In the Admin Domain window select File gt Close If there are changes in the buffer that were not saved a warning message displays Confirm that you want to close the Admin Domain session without saving the changes 2 Click Yes to close without saving changes or click No to go back to the Admin
85. 11 23 10 28 GUT 06 00 The icense tey 2050c t a 6 E Gean events tom switch dene Refreshed 440457 PM S Tove Profenesoa Maneaemect Tox 10245143 FO 128 User dram Role admin Tasks and Fabric Tree Menu bar Switch View buttons Changing the Virtual Fabric ID or Changing the Admin Domain Switch Events and Switch Information BWNHRPR ol 6 Indicator bar 7 Professional Management Tool offering 8 Switch View FIGURE 5 Switch Explorer Persisting GUI preferences Web Tools persists your GUI preferences across sessions for the Switch Explorer Port Admin Switch Admin Name Server and Zone Admin dialog boxes on all web browser platforms Persistence is performed on a per host basis Web Tools Adminstrator s Guide 19 53 1002152 01 20 2 Viewing Switch Explorer If you launch WebTools from Brocade Network Advisor BNA all of the Web Tools GUI persistence data for each user name is stored in the BNA database The Port Admin GUI preferences that persist are e Basic or Advance mode e Last selected tab by the user e Table column sorting Table column positions e Auto refresh interval selection check box Auto refresh interval value The Switch Admin GUI preferences that persist are e Basic or Advance modes e Last selected tab e Table column sorting e Table column positions e Last selected tab Auto refresh interval selection check box Auto refresh interval value The Switch Explorer GUI
86. 149 routes configuring 169 S saving performance graphs 114 zoning changes 68 122 SCC DCC policy activate 188 create 187 deactivate 188 delete 188 edit 187 SCSI command graph 112 SCSI vs IP traffic graph 112 searching zone member selection lists 135 sequence level switching 41 session management 13 sessions ending 12 setting refresh frequency 5 SNMP trap levels 194 severity levels 48 SID DID performance graph 111 SNMP trap levels 194 Solaris patches installing 7 SSLv3 245 starting Web Tools 10 251 swapping port index IDs 91 switch 7800 84 85 changing the name of 38 enabling and disabling 37 mouse over information 26 rebooting 39 Switch Administration window 31 opening 33 Switch Events and Switch Information 25 Switch events displaying 49 Switch Explorer Admin Domains 21 switch name changing 38 switch report 38 switch status report 142 Switch View 23 Switch View buttons 23 syslog IP address configuring 34 removing 34 System services configuring 43 T Telnet 29 temperature status 141 temporary internet files 6 timeout session 14 TLS 245 trace dumps 137 transition partial Web Tools functions to Brocade Network Advisor 3 troubleshooting Web Tools 29 trunking mode enabling and disabling 99 U unlocking passwords 183 user accounts managing 175 user defined roles guidelines and restrictions 184 V value line licenses
87. 152 01 Chapter 10 Working with Diagnostic Features provides information about trace dumps viewing switch health and interpreting the LEDs Chapter 11 Using the FC FC Routing Service provides information on using the FC FC Routing Service to share devices between fabrics without merging those fabrics Chapter 12 Using the Access Gateway provides information on how to configure and manage the Brocade Access Gateway Chapter 13 Administering Fabric Watch provides information on how to use the Fabric Watch feature to monitor the performance and status of switches and alert you when problems arise Chapter 14 Administering Extended Fabrics provides information on how to configure a port for long distance Chapter 15 Routing Traffic provides information on how to configure routes Chapter 16 Configuring Standard Security Features provides information on managing user accounts SNMP and the RADIUS server Chapter 17 Administering FICON CUP Fabrics provides information on how to administer and manage FICON CUP fabrics You can enable FMS mode edit and create configurations and edit FMS parameters Chapter 18 Configuring FCoE with Web Tools provides information on how to configure FCoE features Chapter 19 Limitations discusses limitations of and provides workarounds for using Web Tools Supported hardware and software xxii In those instances in which procedures or parts of procedures documented here a
88. 152 01 Configuring CSCTL 6 Configuring CSCTL Unlike QoS Zone based FC flow prioritization method CSCTL enables the same SID DID pair exchange frames with different priorities To be able to prioritize a frame flow between two end nodes Fabric OS v7 0 0 provides support for up to 32 Virtual Channels VCs per port This categorizes the frames entering into a fabric on the basis of preset behavior defined with these VCs and conserves the frame s behavior until it is transmitted out of fabric However out of the 32 VCs for each external port only 16 are used With the CSCTL method of prioritization there is no need to have explicit traffic segregation such as QOS H QOS M and QOS L The classification is entirely based upon CSCTL database programmed into the ASIC As the name suggests CSCTL bits in each frame are used to define the VC number on the transmit port In order to achieve this kind of classification Fabric OS v7 0 0 provides a CSCTL database table on each chip capable of storing 256 entries Each entry in the database table is populated with a VC number which if this feature is enabled is retrieved by indexing the CSCTL value into the table for each frame entering the fabric Irrespective of the type of frame classification method used the flow priority of a frame is primarily determined by the VC number used to transmit the frames across the ISL ports In both methods of classification the VC number for a frame is determ
89. 17 53 1002152 01 17 FMS parameter configuration FMS parameter configuration FMS parameters control the behavior of the switch with respect to CUP itself as well as the behavior of other management interfaces director console Alternate Managers You can configure FMS parameters for a switch only after FMS mode is enabled on the switch All FMS parameter settings are persistent across switch power cycles There are six FMS parameters as described in Table 20 TABLE 20 FMS mode parameter descriptions Parameter Programmed Offline State Control Description Controls whether host programming is allowed to set the switch offline The parameter is set as enabled by the hardware after system installation and can be reset by Web Tools Active Saved Mode Controls the IPL file update The IPL file saves port connectivity attributes and port names After a switch restart or power cycle the switch reads the IPL file and actives its contents as default configuration When this mode is enabled activating a configuration saves a copy to the IPL configuration file All changes made to the active connectivity attributes or port names by host programming or alternate managers are saved in this IPL file It keeps the current active configuration persistent across switch restarts and power cycles You cannot directly modify the IPL file or save a file as an IPL file When this mode is disabled the IPL file is not altered for either new
90. 19 Refreshing fabric information llle eeesesse 121 Refreshing Zone Admin window information 121 Saving local zoning changes 0 c eee eee eee eee 122 Selecting a zoning view eee 123 Creating and populating zone aliases 123 Adding and removing members of a zone alias 124 Renaming zone aliases 0 eee eee 124 Deleting zone aliases eee ee 125 Creating and populating zoneS 0 20 c ee eee eee 125 Adding and removing members of a zone 126 RenaritigZOries oia hail ate Eu skis c nain dank oe ok QR 126 Cloning ZONES asrine ea eene c tci ene ms 127 Beleting ZONES rae euenit x ta chm ge a cere ncn dite 127 Creating and populating enhanced traffic isolation zones 128 Web Tools Adminstrator s Guide 53 1002152 01 Zone configuration and zoning database management 128 Creating zone configurations lille 129 Adding or removing zone configuration members 130 Renaming zone configurationS 0 0 sanaaa naa 130 Cloning zone configurations 0 00 cece eee eee 131 Deleting zone configurations 0c eee eee eee 131 Enabling zone configurations 000 eee eee eee 131 Disabling zone configurations 0 cee eee eee 132 Displaying enabled zone configurations 132 Viewing the enabled zone configuration name without opening the Zone Admin window
91. 27 If you are using the Brocade 6510 the Type column displays either AC or DC For all other hardware the value will be N A Checking the physical health of a switch The Status button displays the operational state of the switch The icon on the button displays the real time status of the switch If no data is available from a switch the most recent background color remains displayed Any error based status messages that is based on a per time interval cause the status to show faulty until the entire sample interval has passed If the switch status is marginal or critical information on the trigger that caused that status displays in the Switch Information view Click the Status button to display a detailed customizable switch status report shown in Figure 28 Note that this is a static report and not a dynamic view of the switch Switch Report for sw0 VF 128 Mozilla Firefox c Ar O D http 10 32 79 105 switchReport htmi A 5 Most Visited Getting Started Latest Headlines Suggested Sites Web Slice Gallery Switch Report for sw0 VF 128 Switch Health Report Report Time Thu Feb 11 2010 22 15 26 GMT Switch Name sw0 IP Address 10 32 79 105 Switch State HEALTHY Duration HM 49 31 Switch Health Switch State Contributors State Power supplies monitor Temperatures monitor Fans monitor Flash monitor Marginal ports monitor Faulty ports monitor Missing SFPs monit
92. 3 3 Click Synchronize Services The Warning dialog box displays Web Tools Adminstrator s Guide 47 53 1002152 01 3 Event monitoring Click Yes and wait for the CPs to complete a synchronization of services so that a nondisruptive failover is ready Click Refresh to update the HA Status field When the HA Status field displays HA enabled Heartbeat Up HA State synchronized a failover can be initiated without disrupting frame traffic on the fabric Initiating a CP failover A nondisruptive failover might take about 30 seconds to complete During the failover all of the Web Tools windows and all associated child windows are invalidated You must close all Web Tools windows and open Web Tools again To initiate a nondisruptive failover perform the following steps 1 Open the High Availability window as described in Launching the High Availability window on page 46 2 Verify that the HA Status field displays HA enabled Heartbeat Up HA State synchronized or HA enabled Heartbeat Up HA State not in sync 3 Click Initiate Failover The Warning dialog box displays 4 Click Yes to initiate a nondisruptive failover When prompted close the Web Tools Switch Explorer window and all associated windows and re open Web Tools Event monitoring 48 Web Tools displays fabric wide and switch wide events Event information includes sortable fields for the following Switch name Message number Time stamp Indicati
93. 3 1002152 01 Performing a firmware download 4 To download a new firmware version perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Firmware Download tab 3 Choose to download either the firmware or the firmware key The download source can be located on the network or a USB device NOTE When you select the USB button you can specify only a firmware path or directory name No other fields on the tab are available The USB button is available if the USB is present on the switch 4 Enterthe host name or IP address user name password and fully qualified path to the file release plist You can enter the IP address in either IPv4 or IPv6 format The path name should use the following structure lt directory gt lt fos_version_directory gt release plist where the lt directory gt is the path up to the entry point of lt fos_version_directory gt and lt fos_version_directory gt is where the unzipped version of Fabric OS is located Example directory_1 my_directory v7 0 0 release plist 5 Select the protocol type in the Protocol Type field If you select Secure Copy Protocol SCP you cannot specify anonymous in the User field 6 Click Apply The firmware download begins You can monitor the progress by looking at the Firmware Download progress bar NOTE About halfway through the download process after
94. 53 1000606 02 Updates for support for new switches traffic isolation zoning F_Port trunking removal of enhanced Access Gateway support and other enhancements March 2008 Web Tools Administrator s Guide 53 1001080 01 Updates to add features that require the Enhanced Group Management license removal of features that are now available from the Brocade Network Advisor July 2008 Web Tools Administrator s Guide 53 1001133 01 Updates to add support for Brocade Encryption Switch and FS8 18 Encryption Blade August 2008 Web Tools Administrator s Guide 53 1001194 01 Updates to add support for Virtual Fabrics IPsec and consistency with Brocade Network Advisor November 2008 Web Tools Administrator s Guide Web Tools Administrator s Guide 53 1001343 01 53 1001772 01 Updates to add support for Brocade 7800 Extension Switch Brocade 8000 FCOE10 24 DCX Blade and FX8 24 DCX Extension Blade Updates to add support for Brocade Fabric OS 6 4 0 July 2009 March 2010 Web Tools Administrator s Guide 53 1002152 01 Updates to add support for Brocade Fabric OS 7 0 0 April 2011 Contents Web Tools Adminstrator s Guide 53 1002152 01 About This Document In this Chapter i455 sse iecore rco wae ea alae hs xxi How this document is organized 0 0 0 0 cee eee eee eee xxi Supported hardware and software 0000 cece eee eeee xxii What s new in
95. 53 1002152 01 Zone configuration and zoning database management 9 The configuration is renamed in the configuration database 5 Select Zoning Actions gt Save Config to save the configuration changes Cloning zone configurations You must use Web Tools with the EGM license to perform cloning operations for zone configurations otherwise access to this feature is denied and an error message displays To clone a zone configuration perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Zone Config tab 3 Select the zone configuration you want to clone from the Name list 4 Click Clone 5 Inthe Copy An Existing Zone Config dialog box enter a name for the copied zone and click OK The selected zone is copied from the Zone Admin buffer 6 Select Zoning Actions Save Config to save the configuration changes No changes were made to the effective configuration You do not need to enable the configuration Deleting zone configurations To delete a zone configuration perform the following steps NOTE You cannot delete a enabled configuration 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Zone Config tab 3 Select the configuration you want to delete from the Name list and click Delete 4 On the confirmation dialog box click Yes The selected configuration is deleted from the config
96. 53 1002152 01 29 April 2011 Web Tools Administrator s Guide Supporting Fabric OS v7 0 0 BROCADE MK 99COM101 01 Copyright 2006 2011 Brocade Communications Systems Inc All Rights Reserved Brocade the B wing symbol Biglron DCX Fabric OS Fastlron IronPoint IronShield IronView IronWare JetCore Netlron Securelron Serverlron StorageX and Turbolron are registered trademarks and Brocade Network Advisor Extraordinary Networks and SAN Health are trademarks of Brocade Communications Systems Inc in the United States and or in other countries All other brands products or service names are or may be trademarks or service marks of and are used to identify products or services of their respective owners Notice This document is for informational purposes only and does not set forth any warranty expressed or implied concerning any equipment equipment feature or service offered or to be offered by Brocade Brocade reserves the right to make changes to this document at any time without notice and assumes no responsibility for its use This informational document describes features that may not be currently available Contact a Brocade sales office for information on feature and product availability Export of technical data contained in this document may require an export license from the United States government The authors and Brocade Communications Systems Inc shall have no liability or responsibility to any per
97. 6 3 0 Web Tools supports universal time based licensing Each universal key is for a single feature and can be used on any product that supports the feature for a defined trial period At the end of the trial period the feature gets disabled You can extend the universal key license For time based licenses the Expiry Date displays in the License Administration table The following features are supported for universal time based license e Fabric e Extended Fabric Fabric Watch e Performance Monitor e Trunking e High Performance Extension over FCIP FC e Advanced Extension e Advanced FICON Acceleration e FICON Management Server CUP e Enhanced Group Management EGM e 10GbE e Integrated Routing e Adaptive Networking Web Tools Adminstrator s Guide 45 53 1002152 01 3 High Availability overview e Server Application Optimization High Availability overview High Availability HA features provide maximum reliability and nondisruptive replacement of key hardware and software modules High Availability is available only on the Brocade DCX DCX AS DCX 8510 4 and DCX 8510 8 platforms Refer to the Fabric OS Administrator s Guide for additional information about High Availability The High Availability window as shown in Figure 10 displays information about the status of the HA feature on each control processor CP and enables you to perform CP failover The background color of the HA button indicates the overall stat
98. 69 Creating and populating domains 000 eee eee 69 Creating an Admin Dom in 00 0c eee eee 69 Adding ports or switches to the fabric 70 Activating or deactivating an Admin Domain 71 Modifying Admin Domain members 0020 cee eee eee 71 Renaming Admin Domains 0000 cece eee eee 72 Deleting Admin Domains 000 cece eee eee 72 Clearing the Admin Domain configuration 73 Chapter 6 Managing Ports h this chapter ue ein opel Winn ko ee Wie nn Wied acs 75 Port management overview 0 0 eee eee 75 Opening the Port Administration window ss 75 Port Administration window components Ls 76 Controllable ports 0 0 cece eee 79 Configuring FC portS 2 A a A eee 79 Allowed port typeS 0 0 cee eee eee 80 Long distance mode ss oirrasan ee c re d e eee ee 81 Ingress rate limit 0 0 ee eee 81 Assigning a name to a port 2 eee ee 82 Port beacohlhng cns ir ci a Na es 83 Enabling and disabling a port 00 2 cee eee eee 84 Considerations for enabling or disabling a port 84 Persistent enabling and disabling ports 505 85 Configuring NPIV ports nesune susun traue aneao II 85 Viii Web Tools Adminstrator s Guide 53 1002152 01 Port actiVatiOn zu ae E Soest ocean A CET d Ae a RD RT TR RH Ane 86 Enabling Ports on Demand 02 cee eee
99. 9 Value line licenses lllleellleeerr IRI 9 Opening Web TOOlS Les ssse o wee Move ee aed TREE Y 10 LOSSING IN EC 11 Logging OUt occ cn cera iude ye eee bye eee Ra x 12 V Role Based Access Control ccc eee eee eee eee 13 Session management turp ERA Eee poe Cael 13 Ending a Web Tools session 000 c eee eee eee eee 14 Web Tools system logs 00 cee eee eee 14 Requirements for IPv6 support 2 0 c ee ee 15 Chapter 2 Using the Web Tools Interface Inthis chapter soirs ist ie athe ee a oe eee es 17 Viewing Switch Explorer lesser 17 Persisting GUI preferences 000 eee eee eee ee 19 TASKS a este ee rt an eue i gen secte RR cet td 20 Fabric Trey iuuversus n RU EPA FEY RE Ue E EU ees 21 Changing the Admin Domain context 00 21 Switch View buttOnS 0 0 enu eranda n eee 23 SWITCH MIGW ethos ec ec ee ea ee CER T eee as 23 Switch Events and Switch Information 25 Free Professional Management tool lususss 26 Displaying tool tips wie prisar tera torun ptura torra y Eaua bie 26 Rightclickcoptions an a Sade te pate Late A dad ad duck dials 27 Refresh rates sea een undies whens hats diee o aai died ng 27 Displaying switches in the fabric 0 0 0 e eee eee 28 Working with Web Tools recommendations 55 29 Opening a Telnet or SSH client Window 00e ee eee 29 Collecting logs for troubleshooting
100. ARE 60 Creating a configuration backup file Keep a backup copy of the configuration file in case the configuration is lost or unintentional changes are made You should keep individual backup files for all switches in the fabric You should avoid copying configurations from one switch to another If you upload from a network enter the host name or IP address in the Host Name or IP field the user ID and password required for access to the host in the User Name and Password fields and select the Protocol Type used for the upload The default is FTP If you select Secure Copy Protocol SCP you cannot specify anonymous in the User Name field An info link is enabled when USB is chosen as the source of the configuration file If you click on info the following information message displays Figure 11 x QD Plug in USB device to the USB port and mount it before proceeding with any operations USB can be mounted using USB admin dialog by clicking on the USB in the switch view Close i FIGURE 11 Information dialog box To create a configuration backup file perform the following task 1 Open the Switch Administration window 2 Select Show Advanced Mode 3 Select the Configure tab The Configure screen displays 4 Select the Upload Download tab The Upload Download configuration screen displays Web Tools Adminstrator s Guide 57 53 1002152 01 4 Restoring a configuration NOTE By default Config Upload is ch
101. Admin Domains 72 Allow Prohibit Matrix configuration 224 user accounts 180 zone aliases 125 zone configurations 131 zones 127 device probing 41 devices only view 123 devices only zoning 123 direct port membership in Admin Domains 76 disabling Access Gateway mode 156 automatic trace uploads 139 blades 35 dynamic load sharing 170 FICON Management Server mode 217 ports 84 85 RADIUS 196 RLS probing 43 switch 37 trunking mode 99 zone configurations 132 zoning 132 displaying Allow Prohibit Matrix configuration 221 224 225 Control Device state 219 enabled zone configuration 132 fan status 140 FICON code page 219 name server entries 51 power supply status 141 Switch events 49 temperature status 141 user account information 177 DLS 170 domain ID changing 38 downloading configuration file 58 firmware 60 Dynamic Load Sharing Refer to DLS E E D TOV 41 Web Tools Adminstrator s Guide 53 1002152 01 edge fabrics 145 EGM licensed features FICON CUP 215 Performance Monitoring 18 enabled zone configuration displaying 132 enabling Access Gateway mode 155 automatic trace dump transfer 138 beaconing 53 blades 35 DLS 170 FICON Management Server mode 217 insistent domain ID mode 41 ports 84 Ports on Demand 86 RADIUS 196 RLS probing 43 switch 37 trunking mode 99 zone configurations 131 ending sessions 12 events displaying 49 filtering 50 severity levels 48
102. Alert o Error level messages represent an error condition that does not impact overall Errot system functionality significantly For example error level messages might indicate timeouts on certain operations failures of certain operations after retries invalid parameters or failure to perform a requested operation A Warning level messages highlight a current operating condition that should be Warning checked or it might lead to a failure in the future For example a power supply failure in a redundant system relays a warning that the system is no longer operating in redundant mode The failed power supply must be replaced or fixed Notices report important events such as task completions or events i Notice e Information level messages report the current nonerror status of the system Info components such as the online and offline status of a fabric port X Debug messages deliver status messages relating to debugging systems Debug Displaying Switch Events The Switch Events tab displays a running log of events for the selected switch Switch events are polled and updated every 15 seconds there is no refresh on demand option for switch events For two switch configurations all chassis related events are displayed in the event list of each logical switch for convenience Web Tools Adminstrator s Guide 49 53 1002152 01 3 Event monitoring To display Switch Events perform the following steps 1 Select the switch from the Fabri
103. CX AS chassis eight per chassis and eight per each installed CP Configuring Netstat Auto Refresh The Netstat Performance window displays the details about Ethernet management port statistics like the Interface MTU Met RX OK RX ERR RX DRP RX OVR TX OK TX ERR TX DRP TX OVR and Flag Web Tools Adminstrator s Guide 33 53 1002152 01 3 Configuring a syslog IP address To configure Auto Refresh perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Network tab Click Netstat Performance Select the Auto Refresh check box to automatically refresh the port details Clear the check box to disable auto refresh When enabled enter the interval time in seconds in the Auto Refresh Interval field The port details are automatically refreshed based on the configured time interval The minimum value is 15 seconds Configuring a syslog IP address The syslog IP represents the IP address of the server that is running the syslog process The syslog daemon reads and forwards system messages to the appropriate log files or users depending on the system configuration When one or more IP addresses are configured the switch forwards all error log entries to the syslog on the specified servers Up to six servers are supported Refer to Fabric OS Administrator s Guide for more information on configuring the syslog daemon To configur
104. Changing the switch name Switches can be identified by IP address domain ID World Wide Name WWN or switch names Names must begin with an alphabetic character but otherwise can consist of alphanumeric hyphen and underscore characters The maximum number of characters is 30 unless FICON mode is enabled When FICON mode is enabled the maximum number of characters is 24 NOTE Some system messages identify a switch service by the chassis name If you assign meaningful chassis names and switch names system logs are easier to use 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Switch tab 3 Enter a new name in the Name field and click Apply Changing the switch domain ID Although domain IDs are assigned dynamically when a switch is enabled you can request a specific ID to resolve a domain ID conflict when you merge fabrics To change the switch domain ID perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Disable the switch as described in Enabling and disabling a switch on page 37 Select the Switch tab 4 Entera new domain ID in the Domain ID field For IMO the range of valid values is from 1 athrough 239 Click Apply Enable the switch as described in Enabling and disabling a switch on page 37 Viewing and printing a switch report The swi
105. Continued Switch name Enabled by Enabled with Ports on Demand Enabled with the Dynamic Ports on default licenses Demand feature Brocade 5460 0 3 6 13 4 5 14 25 Brocade 5450 1 10 19 22 O 11 18 23 25 Brocade 5424 1 8 17 20 O 9 16 21 23 Any available ports Brocade 5300 0 47 48 63 64 79 Brocade 5100 0 23 24 31 32 39 Brocade 5000 0 15 16 23 24 31 Not supported Brocade 4100 Brocade 4900 0 31 32 47 48 63 Not supported Brocade 4424 1 8 17 20 0 9 16 21 23 Brocade 4024 1 8 17 20 9 12 13 16 21 23 Any available ports Brocade 4020 0 7 15 16 8 9 17 19 10 14 Any available ports Brocade 4018 0 11 12 17 Any available ports Brocade 4016 O 7 10 13 8 9 14 15 Any available ports Brocade 300 0 7 8 15 16 23 When using the Brocade 4016 4018 4020 4024 4424 5424 5450 5460 5470 5480 and NC 5480 switches you can enable the Dynamic Ports on Demand DPOD feature which allows you to select the ports to be enabled instead of predefined sets of ports after the POD license is installed Web Tools allows you only to enable or disable the DPOD functionality on a port To configure DPOD refer to the Fabric OS Administrator s Guide In the Port Administration window the Licensed attribute indicates whether a port is licensed yes whether it can be license possible because there are free licenses available only applicable with the Dynamic POD feature or whether it is not licensed
106. Domain window to save the changes refer to Saving local Admin Domain changes on page 68 Creating and populating domains Setting up an Admin Domain involves the following steps 1 Creating an Admin Domain 2 Assigning one or more administrators to the Admin Domain The Admin account always has access to administer the Admin Domains even if no other users are assigned refer to Changing user account parameters on page 180 When you create an Admin Domain you can activate the Admin Domain after you finish creating it If you activate the Admin Domain you must click Apply to transfer your changes from the Web Tools database to the fabric database so that your changes are applied to the fabric You can log in to an active Admin Domain You cannot log in to an Admin Domain that was deactivated Creating an Admin Domain To create an Admin Domain perform the following steps 1 Open the Admin Domain window as described in Opening the Admin Domain window on page 67 2 Click New The Create Admin Domain wizard displays Web Tools Adminstrator s Guide 69 53 1002152 01 5 70 Creating and populating domains In the Name area assign an Admin Domain name You can specify a name or let the system assign the name for you In the ID area assign an Admin Domain ID You can specify an ID or let the system assign the ID for you In the State area select the Active check box to activate the Admin Domain when you finish
107. Domain window from AD255 physical fabric the window contains information about the current content of all Admin Domains If you launch the Admin Domain window from any other Admin Domain the window displays the current Admin Domain only To manage Admin Domains you must be logged in with the role of Admin ATTENTION Any changes you make in the Admin Domain window are held in a buffered environment and are not saved to persistent storage until you explicitly save the changes If you close the Admin Domain window without saving your changes your changes are lost To save the buffered changes you make to persistent storage in the Admin Domain window refer to Saving local Admin Domain changes on page 68 When you are logged into ADO if a physical fabric administrator modifies the AD configuration from another session the changes in the membership might not be visible to you 66 Web Tools Adminstrator s Guide 53 1002152 01 Admin Domain window 5 When you launch the Admin Domain window and select the parent Admin Domains node in the tree on the left pane the Admin Domain window displays summary information about all of the Admin Domains You can also select a specific Admin Domain from the tree to display detailed information about that Admin Domain The detailed view displays summary information as well as information about the online switch port and device members of the selected Admin Domain NOTE The tree only displays launc
108. EX Ports configuring 148 exchange based routing 169 170 expiring passwords 183 extended fabrics 165 F F Port trunk groups Access Gateway mode 101 fabric ID configuring 150 fabric information refreshing 68 121 fabric parameters configuring 41 Fabric Tree 21 fabric view 123 fabric view zoning 123 Fabric Watch about 163 failover initiating 48 FAN frame notification parameters configuring 42 fan status 140 fast boot 39 FC ports configuring 79 FC Routing module 147 Web Tools Adminstrator s Guide 53 1002152 01 FC FC routing about 145 setting up 146 supported switches 146 FCR router cost 149 FCS policy activate 188 create 187 deactivate 188 delete 188 distribute 188 moving switch position 189 feature licenses 44 FICON Management Server mode enabling and disabling 217 parameters 218 filtering events 50 Filtering IP Addresses 35 firmware download 60 FSPF routing 170 fwdl Refer to firmware download G GigE media type 84 85 graphs for performance monitoring 105 GUI preferences 19 H HA Refer to High Availability hard zones 123 heap size configuring 8 High Availability 46 HTTPS protocol 10 245 ID ID mode about 41 enabling 41 inactivity timeout 14 indirect port membership in Admin Domains 76 initiating CP failover 48 249 in order delivery Refer to IOD insistent domain ID mode about 41 enabling 41 installing Java Plugin 6 7 JRE 7
109. ICON CUP Busy Error Most write operations from alternate managers are also rejected Web Tools Adminstrator s Guide 219 53 1002152 01 17 Allow Prohibit Matrix configuration Device allegiance usually lasts for a very short time However under abnormal conditions device allegiance can get stuck and fail to terminate It might cause the switch to be unmanageable with CUP and you will continue to receive the FICON CUP Busy Error In this case you should check the control device state and the last update time to identify if the device allegiance is stuck The Web Tools Switch Administration window displays the control device state and last update time You can click Refresh to get most recent update NOTE You can manually reset allegiance to bring the control device back to the neutral state by clicking Reset Allegiance in the FICON CUP Busy Error dialog box The following switch parameters being read or modified can cause the FICON CUP Busy error e Mode Register e Port Names also called Port Address Name e Allow Prohibit Matrix and Port Connectivity Attributes e Switch enable disable e Switch name change To access the FICON CUP tab perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 3 Select the FICON CUP tab The FICON CUP tabbed page displays with the FICON Management Se
110. IP header Mode header TCP Data ia encrypted FIGURE 41 ESP header in transport mode and tunnel mode Basic IPsec configurations There are three basic configurations for IPsec use e Endpoint to Endpoint e Gateway to Gateway Web Tools Adminstrator s Guide 53 1002152 01 IPsec concepts 16 Endpoint to Gateway Endpoint to Endpoint In an endpoint to endpoint configuration both endpoints implement IPsec Transport mode is commonly used in endpoint to endpoint configurations and only a single pair of addresses is used Typically this kind of configuration would be used for direct communication between hosts There are two drawbacks to consider If network address translation NAT is used on the connection one or both endpoints may be behind a NAT node If that is the case UDP must be used to encapsulate the tunneled packets Port numbers in the UDP headers can then be used to identify the endpoint behind the NAT node e Packets cannot be inspected or modified in transit This means that QoS traffic shaping and firewall applications cannot access the packets and does not work Gateway to Gateway In a gateway to gateway configuration IPsec protection is implemented between network nodes Tunnel mode is commonly used in a gateway to gateway configuration A tunnel endpoint represents a set of IP addresses associated with actual endpoints that use the tunnel IPsec is transparent to the actual endpoints Enapo
111. L Mode E Port 4 9l Ports Porti Port Index 9l Porte 0 0x0 0 0x0 e Port7 1 0x1 1 0x1 2 0x2 2 0x2 3 0x3 3 0x3 4 0x4 4 0x4 5 0x5 5 0x5 FIGURE 46 FCoE Ports tab Port Administration panel 2 To view information for a specific port select the trunk in the FCOE Ports Explorer or select the port in the FCoE Port Configuration and Management table and click View Details Port information displays in three tabs The General tab is pre selected The Connected Devices tab displays information about devices connected to the switch Figure 46 Six columns of information are displayed Device WWN displays the WWN of the connected device e Device MAC displays the MAC address of the connected device 238 Web Tools Adminstrator s Guide 53 1002152 01 Displaying LAG information 18 e Connected Peer Type displays the port type on the connected device e Is Directly Connected indicates whether or not the device is directly connected to the trunk FCoE Port MAC displays the FCoE port MAC address e Switch Port displays the switch port WWN Displaying LAG information To display LAG information perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the Link Aggregation tab The LAG information displays Displaying VLAN information To display VLAN information perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the VLAN tab The
112. LDP DCBX configuration 18 e Advertise Optional tlv Advertises the following optional TLVs system description Describes switch or blade characteristics port description Describes the configured port system name Specifies the system name system capabilities Describes the system capabilities management address The IP address of the management port on the 8000 switch e Advertise dot1 tlv Select this check box to advertise to any attached device to send IEEE 802 1 LLDP type length and values Advertise dot3 tlv Select this check box to advertise to any attached device to send IEEE 802 3 LLDP type length and values e Advertise DCBx tlv Select this check box to advertise to any attached device the respective LLDP type length and values e Advertise DCBx fcoe logical link Select this check box to advertise to any attached device to send DCBX protocol over LLDP to negotiate the logical link type length and values e Advertise DCBx fcoe app Select this check box to advertise application type length and values to ensure interoperability of traffic over DCBX protocol running over LLDP 12 Click Apply 13 Click Save Configuration Adding an LLDP profile The LLDP profile determines LLDP settings per port To add an LLDP profile perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the LLDP DCBX tab 3 Select the LLDP Profile tab 4 Clic
113. N NOTE You cannot modify the default BB credit value for VE and ICL ports 6 Click OK The value displays in the table of the Port Administration window If no value is configured the F Port BB Credit column displays the default value Configuring ALPA 92 PID is the address assigned to the host when it performs a login with a fabric The 24 bits of the PID are built from three 1 byte fields The most significant byte is the Domain ID the second byte is the Area which that device belongs to and the least significant byte is the ALPA Persistent ALPA provides the hosts with the same ALPA which they recieved the first time they logged in If they login using the same port the domain and the area for that device are still the same This ensures that whenever a host logs in using the same port it recieves the same PID The hosts can select their ALPA and the switch provides the same value if it s available By default persistent ALPA is disabled on Access Gateway switches Access Gateway always tries to request the same ALPA which the host has requested to the edge switch but there is a possibility that the ALPA value has already been taken by another host Therefore the device can either use a different ALPA value FLEXIBLE ALPA which is available or can stick to the same requested ALPA value STRINGENT ALPA As the Access Gateway controls the assignment of ALPA values to the devices it knows which ALPA value has been taken and w
114. O USURIS UNUM Port4 index 10 Add Ports index 5 Port amp index 11 25K 1G Port index 7 0 016 Port8 index 8 5 wy Port index 9 4 e Port10 index 12 SIGNE S Portt 1 index 6 9 Port12 1323 index 4 Port13 index 13 Port14 index 14 Port15 index 16 geo 0 0 4G Reset To Default Eree Professional Management Too 10 35 52140 ADO User admin Role admin FIGURE 22 Select Ports for customizing the Switch Throughput Utilization graph You can perform the following in the dialog box a Double click the domain to expand the slot or port list NOTE For the Brocade 8510 8 Brocade 8510 4 and Brocade DCX and Brocade DCX AS enterprise class platforms click the plus signs to expand the ports under each slot as shown in Figure 22 b Click the port you want to monitor in the graph in the Port Selection List Use Shift click and Ctri click to select multiple ports c Click Add to move the selected ports to the Selected Ports list d Optional Click ADD ALL Ports to add all of the ports in the Port Selection List to the Selected Ports list e Optional Click Search to open the Search Port Selection List dialog box from which you can search for all E Ports all F Ports or all port names with a defined string Select the ports you want to add and click Search in the Search Port Selection List dialog box 110 Web Tools Adminstrator
115. P address of the device in the Address field such as http 10 77 77 77 or https 10 77 77 77 Press Enter The Web Tools login dialog box displays Refer to Logging in on page 11 for more information NOTE If you are using Firefox the browser window is left open You can close it anytime after the login dialog box displays If you are using Internet Explorer the browser window automatically closes when the login dialog box displays NOTE If you have installed EZSwitchSetup on your workstation the EZSwitchSetup Switch Manager displays the first time you access the device EZSwitchSetup provides an easy to use wizard interface that may be used to simplify the initial setup procedure for smaller switches Refer to EZSwitchSetup Administrator s Guide for information about the EZSwitchSetup interface If you want to use Web Tools instead of EZSwitchSetup click Advanced Management in the lower left corner of the window to open the Web Tools interface This book describes only the Web Tools interface 299990900000 OO P PPP CCS OROCOSOOO mccain NG POUR Veram Am em FIGURE 3 Web Tools interface Web Tools Adminstrator s Guide 53 1002152 01 Opening Web Tools 1 Logging in When you use Web Tools you must log in before you can view or modify any switch information This section describes the login process Prior to displaying the login window Web Tools displays a security banner if one is configured for
116. Ports or all port names with a defined string Select the ports you want to add and click Search in the Search Port Selection List dialog box Click Apply in the SCSI vs IP Traffic Setup dialog box Only the selected ports are displayed in the SCSI vs IP traffic graph Creating SCSI command graphs This graph displays the total number of read or write or both commands on a given port or to a specific LUN on a given port Web Tools Adminstrator s Guide 53 1002152 01 Tunnel and TCP performance monitoring graphs 8 To create a SCSI command graph perform the following steps 1 Open the Performance Monitoring window 2 Select Performance Graphs gt Advanced Monitoring gt SCSI Commands gt Graph Type The applicable setup dialog box displays Navigate to a switch gt slot gt port in the Port Selection List Click the port from the Port Selection List and drag it into the Enter drag port field Optional For the LUN per port graphs enter a LUN number in hexadecimal notation For the Brocade Encryption Switch you can enter up to eight LUN masks For the Brocade 5100 5300 300 7800 and 8000 you can enter up to eight LUN masks For all other switches running Fabric OS 4 x or v5 x you can enter up to two LUN masks For switches running Fabric OS 3 x you can enter up to three LUN masks 6 Click OK The selected graph displays in the canvas Tunnel and TCP performance monitoring graphs This section describes how to gene
117. RN E EE KR ERE E Ru E eec dE 200 epe Dus EL as actuscudc ace dio re Mi eda diate xa teca d Ra a uS ca eat i et 205 IPsec over management PONS evire ak dxrad da Ea RE REEE OR E 207 e Establishing authentication policies for HBAS 20000e 213 User defined accounts In addition to the default accounts root factory admin and user Fabric OS v7 0 0 supports up to 256 user defined accounts in each logical switch domain These accounts expand your ability to track account access and audit administrative activities When the Virtual Fabrics capability is enabled each user defined account is associated with the following Virtual Fabric ID Specifies the accessible Virtual Fabrics for a user account e Home Virtual Fabric Specifies the default Virtual Fabric for a user account Role Determines functional access levels within the Virtual Fabric When the Admin Domain capability is enabled each user defined account is associated with the following e Admin Domain list Specifies the accessible Admin Domains for a user account e Home Admin Domain Specifies the default Admin Domain for a user account The home Admin Domain must be a member of the user s Admin Domain list e Role Determines functional access levels within the bounds of the user s current Admin Domain NOTE Virtual Fabrics and Admin Domains are mutually exclusive Web Tools Adminstrator s Guide 175 53 1002152 01 16 User defined accoun
118. S name Select the Encryption Algorithm option Select the Hash Algorithm option Select the PRF Algorithm option Select the DH Group Number option Select the Authentication Method option IF PSK is chosen as the authentication method enter the name of the file that holds the pre shared key in the Pre Shared Key filename field If you are using an X 509 certificate for authentication enter the appropriate file names in the Public Key filename Private Key filename and Peer Public Key filename fields in PEM format Use the PFS selector to turn Perfect Forward Secrecy PFS on or off PFS provides additional security by means of a Diffie Hellman shared secret value With PFS if one key is compromised previous and subsequent keys are secure because they are not derived from previous keys Web Tools Adminstrator s Guide 53 1002152 01 IPsec over management ports 16 Creating a security association A security association SA describes a set of parameters for providing secure communications between two endpoints To create a security association perform the following steps 1 Select the IPsec tab The IPsec Policies screen displays Select the SA tab Select Add The Add SA dialog box displays Enter a name for the SA in the SA Name field Select the IPsec Protocol option The choices are ah for authentication header and esp for encapsulated security protocol Select the Authentication Algorithm optio
119. The IP address of the management port on the 8000 switch Advertise dot1 tlv Advertises to any attached device to send IEEE 802 1 LLDP type length and values Advertise dot3 tlv Advertises to any attached device to send IEEE 802 3 LLDP type length and values Advertise DCBx tlv Advertises to any attached device the respective LLDP type length and values Advertise DCBx fcoe logical link Advertises to any attached device to send DCBX protocol over LLDP to negotiate the logical link type length and values Advertise DCBx fcoe app Advertises application type length and values to ensure interoperability of traffic over DCBX protocol running over LLDP Click Save Configuration Configuring DCB interfaces The DCB Interfaces tab on the Port Administration panel is used for configuring the DCB interfaces on a switch 234 To configure the DCB interfaces perform the following steps 1 2 3 Select the DCB Interfaces tab on the Port Administration panel Select the port you want to configure under the DCB Interface Explorer Select the General tab Normally this tab is pre selected Select Edit Configuration The DCB Edit Configuration dialog box displays Select the Interface Mode The options are None and L2 The default is None If you intend to use this port in a Link Aggregation Group LAG select None L2 mode is applied when you configure the LAG Web Tools Adminstrator s Guide 53 1
120. Windows 2000 Firefox 2 0 Internet Explorer 6 0 Windows 2003 Server SP2 Firefox 2 0 Internet Explorer 7 0 8 0 Windows XP Pro SP3 x86 32 bit Firefox 2 0 Internet Explorer 7 0 8 0 Windows Server 2003 Standard SP2 x86 Firefox 2 0 Internet Explorer 7 0 8 0 32 bit Windows Server 2008 Standard Firefox 2 0 Internet Explorer 7 0 8 0 Windows 7 Professional x86 Firefox 2 0 Solaris 9 SPARC only Firefox 2 0 Solaris 10 SPARC only For Windows systems a minimum of 256 MB of RAM for fabrics comprising up to 15 switches 512 MB of RAM for fabrics comprising more than 15 switches and a minimum of 8 MB of video RAM are recommended Additionally a DCX with a fully populated FC8 64 blade requires a minimum of 512 MB of RAM Setting refresh frequency for Internet Explorer Correct operation of Web Tools with Internet Explorer requires specifying the appropriate settings for browser refresh frequency and process model Browser pages should be refreshed frequently to ensure the correct operation of Web Tools To set the Internet Explorer options perform the following steps 1 Open your web browser and select Tools Internet Options 2 Select General Temporary Internet Files Settings Web Tools Adminstrator s Guide 5 53 1002152 01 1 Java installation on the workstation 3 Choose Every visit to the page under Check for newer versions of stored pages as shown in Figure 1 on page 6 Internet Options A31 xl Gener
121. X Ports Edit an EX Ports configuration e Rename an EX Port e Swap the Port Index of an EX Port described in Port swapping index on page 90 e Enable or disable an EX Port e Persistently enable or disable an EX Port Enable or disable trunking e Configure router port cost ATTENTION During EX_Port configuration the port is automatically disabled and then re enabled when the changes are applied Be sure that you do not physically connect a port to a remote fabric before configuring it as an EX_Port otherwise the two fabrics merge and you lose the benefit of Fibre Channel Routing Web Tools Adminstrator s Guide 53 1002152 01 Configuring an EX Port 11 You can enable or disable multiple ports at one time Use Shift click and Ctrl click to select multiple ports in the table and then click one of the enable or disable tasks in the task bar You can select multiple ports in the table but you can select only one port at a time in the tree Configuring an EX_Port To configure an EX_Port perform the following steps 1 Select Tasks gt Manage gt FCR 2 Select the EX_Ports tab 3 Click New in the task bar to configure one or more EX Ports This launches the port configuration wizard which guides you through the port configuration process NOTE Support for EX PORTs on the Brocade FR4 18i switch has been removed in Fabric OS v7 0 0 You must specify the Fabric ID and if configuring an FC port the speed and long
122. _Sync The 10 GE license is required in order to set a port to speed 10G To configure the Port Octet Speed Combination perform the following steps 1 2 3 5 Select Port Admin gt Advanced mode Select the FC Ports tab In the FC Ports Explorer select a port to configure WT_D4S_CORE Port Administration 3 5 x Show Basic Mode FC Ports 4 Fe PoS bo View Details Rename Edit Configuration Disable Persistent Disable E Bj 1T Das CORE E Li Slot 1 39 Port Swap Re Authenticate F Port BB Credit F Port Trunking Slot 1 39 U siet 3 48 Li Slot 6 46 Speed Combination Slot 7 51 Port Port Index Port Id Slot Port Type Remote Node PortName Speed Ghis Speed Combination Port Status lad Slot 8 37 0 0x0 0 0x0 0x010000 1 U Port N A 16 1 Auto 2G 4G 8GN BG INo Module Dis 1 0x1 1 0x1 0x010100 1 U Port NIA 16 1 Auto 2G 4G 8GH BG o Module Dis FIGURE 17 FC Explorer dialog E E E d Click Speed Combination The Port Octet Speed Combination dialog displays I Port Octet Speed Combination The speed combination will be set to all ports which are part of the selected octet group 0 1 2 3 4 5 6 7 Port Number 0 Speed Combination 2 Auto or Fixed 10G 8G 4G 2G v 1 Auto or Fixed 16G 8G 4G 2G 2 Auto or Fixed 10G 8G 4G 2G 3 Auto or Fixed 16G 10G FIGURE 18 Port Octet Speed Combination dialog Select a Speed Combination and click OK Web Tools Adminstrator s Guide 53 1002
123. a Fabric OS version earlier than v5 0 1 the selected switch displays in the same browser window The graphic of the selected switch displays in Switch View Additional switch information displays in the Switch Events and Switch Information dialog box 28 Web Tools Adminstrator s Guide 53 1002152 01 Working with Web Tools recommendations 2 Working with Web Tools recommendations Brocades makes the following recommendations for working with Web Tools If you receive an error when saving changes in the Switch Administration window note the error messages refresh the window and make your changes again Do not continue making changes without refreshing the window and determining which changes were saved correctly In a fabric containing switches and directors running different versions of firmware use the switches or directors with the latest firmware versions to control the fabric If switches are accessed simultaneously from different connections for example Web Tools CLI and API changes from one connection might not be updated to the other and some modifications might be lost Make sure that when you connect with simultaneous multiple connections you do not overwrite the work of another connection Several tasks in Web Tools make fabric level changes such as the tasks in Zone Administration When executing fabric level configuration tasks wait until you have received confirmation that the changes are implemented before ex
124. a list of all the switches in the fabric e The menu bar at the top of the window providing access to commands and actions The menu bar displays the same commands as the left pane of Switch Explorer If you choose to collapse the left pane you still have access to Management tasks such as zone administration switch administration port administration admin domain administration and Fabric Watch administration NOTE You can manage basic zoning and Traffic Isolation zoning using Web Tools and Web Tools with the Enhanced Group Management EGM license To perform clone operations for zoning the EGM license must be installed on the switch otherwise access to this feature is denied and an error message displays You must use Brocade Network Advisor to print the zone database summary configuration and to analyze zone configurations For more information on zoning management refer to Zone configuration and zoning database management on page 128 Reporting tasks such as viewing the status of a switch Monitoring tasks such as performance monitoring and viewing the temperature or power status Web Tools Adminstrator s Guide 17 53 1002152 01 18 2 Viewing Switch Explorer NOTE To perform monitoring tasks such as performance monitoring the EGM license must be installed on the switch otherwise access to this feature is denied and an error message displays Tools tasks such as opening the Telnet window The
125. ade DCX access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis Document feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document However if you find an error or an omission or you think that a topic needs further development we want to hear from you Forward your feedback to documentation brocade com Provide the title and version number of the document and as much detail as possible about your comment including the topic heading and page number and your suggestions for improvement Web Tools Adminstrator s Guide xxvii 53 1002152 01 xxviii Web Tools Adminstrator s Guide 53 1002152 01 Chapter Introducing Web Tools 1 In this chapter OTE TOE QUOEVIBIM Eu aique a e dud era n Ra asi Rn cR ana AUR da E oh cq d wih al Web Tools the EGM license and Brocade Network Advisor 1 e System requirements i lt 2 chee Pade FRAG ERGGG ee ee ERG ERG PER 4 Java iristallauomon the wWOHSLHDO 2 uu ce chlor aie mended an wee aaa 6 Jaya plugdn COFTIBUIBMOTI asd ea RA EAR AEESRAOG WEE R3 Edad aka 8 e Value IMME I ONSE nsere ramcn Ee Rh ud4 E huc ERI RE ERE Re FERRE 9 Openin We TODI uud aeu er ics d seh x d mak et e ador EAE RS 10 Role Based Access LODTiol ia sss ek ERR EROURADCR EORAHECR OON CR EORR RC 13 Session Irnanagemearit ssise rib 3T eed Seder NU rd 13 OWNED TOOK syst
126. ady configured perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the AAA Service tab 3 Select a RADIUS server from the RADIUS Configuration list Web Tools Adminstrator s Guide 197 53 1002152 01 16 RADIUS management Click Modify The RADIUS ADLDAP Configuration dialog box displays Enter new values for the port number timeout time in minutes and secret string Select either CHAP or PAP as the authentication protocol The default value is CHAP and if you do not change it CHAP becomes the authentication protocol Click OK to return to the AAA Service tab Click Apply Modifying the RADIUS server order The RADIUS servers are contacted in the order they are listed starting from the top of the list and moving to the bottom To modify the RADIUS server order perform the following steps 1 ao B WN Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the AAA Service tab Select a RADIUS server from the RADIUS Configuration list Click the up and down arrows to rearrange the order of the RADIUS servers Click Apply Removing a RADIUS server To remove a RADIUS server perform the following steps 1 198 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the AAA Servic
127. age displays 4 Click OK to delete all the policies Activating all SCC DCC or FCS policies After a policy is created or modified you can distribute it to the remaining fabric To delete a policy you must activate a new or empty policy To activate all SCC DCC or FCS policies perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Security Policies tab 3 Click Activate All to activate all the policies NOTE Activating the policy moves it into the Activate Policy Set window Distributing an SCC DCC or FCS policy Perform this procedure to distribute an SCC DCC or FCS policy 188 Web Tools Adminstrator s Guide 53 1002152 01 Access control list policy configuration 16 NOTE SCC and DCC policy can be distributed only for a primary switch To distribute an SCC DCC or FCS policy perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Security Policies tab Select the appropriate tab SCC DCC or FCS Click Distribute Policy Select the switches that will receive the policy Select OK oa e WN If the policy distribution fails an error dialog box displays Moving an FCS policy switch position You can move the position of a primary switch in the FCS policy list To move an FCS policy switch position perfo
128. age is logged to the system error log Developers can then examine what led up to the message event by studying the traces Tracing is always on As software on the switch executes the trace information is placed into a circular buffer in system RAM Periodically the trace buffer is frozen and saved This saved information is a trace dump A trace dump is generated when e Itis triggered manually use the traceDump command e Acritical level LOG message occurs e A particular LOG message occurs use the traceTrig command to set up the conditions for this Akernel panic occurs e The hardware watchdog timer expires For information about the traceDump and traceTrig commands refer to the Fabric OS Command Reference The trace dump is maintained on the switch until either it is uploaded to the FTP host or another trace dump is generated If another trace dump is generated before the previous one is uploaded the previous dump is overwritten When a trace dump is generated it is automatically uploaded to an FTP host if automatic FTP uploading is enabled Using the Trace tab of the Switch Administration window you can view and configure the trace FTP host target and enable or disable automatic trace uploads Web Tools Adminstrator s Guide 137 53 1002152 01 10 Trace dumps 138 How a trace dump is used The generation of a trace dump causes a CRITICAL message to be logged to the system error log When a trace dump i
129. agement EGM license Refer to Web Tools the EGM license and Brocade Network Advisor for more information A new view has been added to Web Tools for the Brocade 8000 switch and FCOE10 24 DCX blade and new tabs have been added to the Switch Administration panel and the Port Administration panel to support FCoE interfaces and trunks Web Tools the EGM license and Brocade Network Advisor 228 Beginning with Fabric OS version 6 1 1 Web Tools functionality is tiered and integrated with Brocade Network Advisor If you are migrating from a Web Tools release prior to Fabric OS version 6 1 1 this may impact how you use Web Tools A Web Tools license is not required and a basic version of Web Tools is available for free Additional functionality may be added by obtaining the Enhanced Group Management EGM license The EGM license is required only for 8 Gbps platforms such as the e Brocade Encryption Switch e Brocade 300 5300 and 5100 switches e Brocade VA 40FC Brocade 8000 e Brocade 7800 For non 8 Gbps platforms all functionalities are available without the EGM license Port information that is unique to FCoE The General tab of the Port Administration panel displays several parameters that are unique to DCB DCE interfaces e Interface Mode The interface mode vales are either None or L2 mode e VLAN ID The VLANs that carry traffic on the links are attached to this port e LAG The ID of the Link Aggregation G
130. al Security Privacy Content Connections Programs Advanced m Home page You can change which page to use for your home page tx al Check For newer versions of stored pages s Every visit to the page Der time you start Internet Explorer C Automatically C Never Temporary Intern A Pages for quicl r Temporary Internet Files Folder Current location C Documents and Settings plevin Local Settings Temporary Internet Files The His A quick a Amount of disk space to use Days to a MB Colors Move Folder View Files view Objects mea r History FIGURE 1 Configuring Internet Explorer Deleting temporary internet files used by Java applications For Web Tools to operate correctly you must delete the temporary internet files used by Java applications To delete these files perform the following steps 1 5 WN From the Control Panel open Java Select the General tab and click Settings Click Delete Files to remove the temporary files used by Java applications Click OK on the confirmation dialog box You can clear the Trace and Log files check box if you want to keep those files Click OK On the Java Control Panel click View to review the files that are in the Java cache If you have deleted all the temporary files the list is empty Java installation on the workstation Java Plug in must be installed on the workstatio
131. ality of Service configuration llle eee eee ee 230 Editing the DCB map eee eee ee 230 Adding a traffic class map 00 c eee eee ee 231 LLDP DCBX configuration 0 2 0 0 cece eee eee 231 Configuring global LLDP characteristics 232 Adding an LLDP profile 0 0 0 cece eee eee eee 233 Configuring DCB interfaces 0 00 eee eee 234 Configuring a link aggregation group 1 2 2 eee eee eee 235 Configuring VLANS 00 00 cece eee 236 Configuring FCoE login groups llle eere 237 Displaying FCoE port information 02000 eee ee eee 238 Displaying LAG information 00 00 cee eee eee 239 Displaying VLAN information ccc eee eee 239 Displaying FCoE login groupS 00 e eee eee eee 239 Displaying QoS information anaana anae 239 Displaying LLDP DCBX information 0020 ee eee 240 Displaying DCB interface statistics 0000 eee 240 Configuring a DCB interface from the Switch View 240 Configuring a DCB interface from the Port Admin panel 241 Enabling and disabling aLAG 0 0 0 eee eee eee 241 XV xvi Enabling and disabling LLDP 00 0 2 ce eee eee 241 Enabling and disabling QoS priority based flow control 242 Enabling and disabling FCoE ports 0000 eee eaee 242 Chapter 19 Limitations lin this chapter cs Sut ea e
132. ame configuration in order to avoid fabric segmentation To configure a port for long distance perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Click Show Advanced Mode Select the Extended Fabric tab 4 This step is switch specific For the Brocade 8510 8 8510 4 DCX and DCX 4S platforms click the slot subtab that corresponds to the correct slot for the logical switch For the Brocade 300 5100 5300 6510 7800 Extension and the Encryption Switch proceed directly to the next step 5 Select a distance that corresponds to the port from the Long Distance menu Web Tools Adminstrator s Guide 53 1002152 01 167 14 Configuring a port for long distance 168 Depending on the distance selected this might require a license For information about the various distances refer to Table 15 If you select a long distance setting of LD or LS you must also enter a value in the Desired Distance column for that port number a Double click the Desired Distance field for the port as shown in Figure 32 b Enter a number in the field to indicate the distance in kilometers The allowed values depend on the port capability If the port capability is 8 GB type a number between 10 and 63 inclusive If the port capability is 4 GB type a number between 10 and 125 inclusive If the port capability is 2 GB type a number between 10 an
133. and cannot be licensed because there is no available license After the license keys are installed you must enable the ports You can do so without disrupting switch operation as described in Enabling and disabling a port on page 84 Alternatively you can disable and re enable the switch to activate all ports as described in Enabling and disabling a switch on page 37 To unlock a Ports on Demand license you can use the supplied license key or generate a license key If you need to generate a key open an Internet browser and go to the Brocade website at www brocade com Select Products gt Software License Keys and follow the instructions to generate the key Enabling Ports on Demand To enable Ports on Demand perform the following steps 1 Install the Brocade Ports on Demand licensed product For instructions refer to Activating a license on a switch on page 44 2 Enable the ports as described in Enabling and disabling a port on page 84 Web Tools Adminstrator s Guide 87 53 1002152 01 6 88 Port activation If you remove a Ports on Demand license the licensed ports are disabled after the next platform restart or the next port deactivation Enabling Dynamic Ports on Demand You must be logged in as Admin to enable the Dynamic POD feature NOTE The Dynamic PODs feature is supported on the Brocade 4018 4020 4024 5460 and 5470 Switches only If you click the Enable DPOD button on an unsupporte
134. ap ALPA Map Porti 10 00 00 05 16 65 b3 0e Remove All 10 00 00 05 16 42 25 b8 FIGURE 16 ALPA Map dialog 9 Optional Click Remove All to clear all of the Port WWN maps Configuring Port Octet Speed Combination The Port Admin dialog provides an option to set the Port Octet Speed Combination This option is available only on the e Brocade DCX 8510 8 and DCX 8510 4 with the FC16 32 and FC16 48 port blades e Brocade 6510 Web Tools Adminstrator s Guide 93 53 1002152 01 94 6 Configuring Port Octet Speed Combination The ports on these hardware models are segregated into 8 port octets The Port Octet Speed Combination is applied to the eight ports to which the selected port belongs Based on this Port Octet Speed combination the speed options will be available in the Edit Configuration Dialog TABLE 10 Port octet speed combinations Port Octet in Combination Available port speeds within the Octet 1 ASN or Fixed 16G 8G 4G 2G 2 ASN or Fixed 8G 4G 2G Fixed 10G 3 Auto or Fixed 10G Auto or Fixed 16G You can change the octet combination for the octet associated with first eight ports of a blade or switch The first eight ports are based on the slot port number or user port number in case of the Brocade 6510 The octet speed must be set consistently across all members of the port octet NOTE Changing from one combination to another is disruptive operation It may cause connected ports to become No
135. are available without the EGM license Uploading and downloading from USB storage If you choose to upload or download from a USB device you must click the USB port to launch the USB Port Management wizard To update your USB storage perform the following steps 1 Select Mount USB Device and select Yes at the confirmation prompt 2 Right click on a configuration file to access Export Copy and Search options 3 Click Copy to upload and Export to download Performing a firmware download 60 During a firmware download the switch restarts and the browser temporarily loses connection with the switch When the connection is restored the version of the software running in the browser is different from the new software version that was installed and activated on the switch You must close all of the Web Tools windows and log in again to avoid a firmware version mismatch Note that for chassis based switches you might get popup messages that imply the loss of connection is temporary and will soon be resolved You must still close all windows and re log in When you request a firmware download the system first checks the file size being downloaded If the compact flash does not have enough space Web Tools displays a message and the download does not occur If this happens contact your switch support supplier NOTE You can perform a firmware download only when the current Admin Domain owns the switch Web Tools Adminstrator s Guide 5
136. are the routing table on the control processor This is separate from the routing table for each GigE port that exists Because of this there are certain limits to the addresses that are allowed and the routes that are allowed for the Inband Management interfaces and route entries Inband Management is supported on the Brocade 7800 and Brocade FX8 24 Only one IP interface entry can be configured per GigE port To configure Inband Management perform the following steps 1 Select Port Admin gt GigE Ports gt Inband IP Interface 2 Click Add to configure a new Inband Management entry 3 Setthe IP Address Type to IPv4 4 Setthe address options P Address Subnet Mask MTUSize Click OK 6 Select the Inband IP Routes tab Click Add to configure a new route entry You can create a maximum of 32 Inband IP Route entries 8 Setthe IP Address Type to either IPv4 Set the address options of the management station on the WAN side of the FCIP platform Destination IP Address Subnet Mask Gateway IP Address Web Tools Adminstrator s Guide 53 1002152 01 Inband Management 6 10 Click OK 11 Select the General sub tab 12 Select the Enable option from the Inband selection list to activate Inband Management Web Tools Adminstrator s Guide 97 53 1002152 01 98 6 Inband Management Web Tools Adminstrator s Guide 53 1002152 01 Chapter Enabling ISL Trunking 1 In this chapter e qb Troiae COUTE
137. ask information Before proceeding collect all the information you need to configure the Ethernet IP interface This includes the subnet mask gateway IP address or IPFC and subnet mask for your system When you configure or change the Ethernet IP subnet mask gateway IP or IPFC and subnet mask from Web Tools there is a normal loss of network connection to the switch Close all current windows and restart Web Tools with the new IP address NOTE The IPFC address is specific for each logical switch The IPFC address is set to FCO for switches that do not support Virtual Fabrics To configure the IP and subnet mask information perform the following steps 1 Select the Network tab 2 Inthe appropriate IP address section enter the IP address you want to use for the IP interface Use the IPv4 Address section or the IPv6 Address section to specify IP addresses 3 Inthe IPv4 Address section nthe Ethernet IP field enter the Ethernet IP address nthe Ethernet Mask field enter the Ethernet mask address Inthe GateWay IP address field enter the gateway IP address 4 Inthe IPv6 Address section in the Ethernet IPv6 field enter the Ethernet IP address You can also enable automatic configuration of IPv6 addresses by selecting Enable IPV6 Auto Configuration The automatically generated IPv6 addresses are displayed under Auto Configured IPV6 Addresses Eight auto configured addresses are created per switch and up to 24 for a DCX or D
138. ass structure is based on IEEE 802 1Q recommendations as in the default Priority Group Map Enter a name for the traffic class map in the Name field 6 Select the Traffic Class that you want to assign to the CoS priority Click OK LLDP DCBX configuration Link Layer Discovery Protocol LLDP is a IEEE standard for collecting and distributing device information Data Center Bridging Exchange DCBX extends LLDP by providing a protocol for discovering initializing and managing DCB compliant devices There are two configuration procedures e Configuring global LLDP characteristics e Configuring an LLDP profile Web Tools Adminstrator s Guide 231 53 1002152 01 18 LLDP DCBX configuration Configuring global LLDP characteristics Configuring at the global level enables you to apply changes to every port To configure the global LLDP characteristics perform the following steps 3 2 3 4 e 10 11 232 Select the DCB tab on the Switch Administration panel Select the LLDP DCBX tab Select the Global tab Select the LLDP check box to enable LLDP globally You can clear the check box to disable LLDP Enter a name for the configuration in the System Name field Optionally add a description in the System Description field Select the Mode For Mode the choices are Tx transmit Rx receive or Both The default is Both In the Hello field enter a time value in seconds The Hello value sets the interval
139. atch on that switch To use Fabric Watch you must have the Fabric Watch license installed on the switch Fabric Watch tracks a number of SAN fabric elements events and counters For example Fabric Watch monitors the following e Fabric resources including fabric reconfigurations zoning changes new logins domain ID changes E Port failures and segmentation changes e Switch environmental functions such as temperature flash CPU and memory usage along with security violations Port state transitions errors and traffic information for multiple port classes as well as operational values for supported models of Finisar Smart GBICs SFPs Fabric Watch lets you define how often to measure each switch and fabric element and allows you to specify notification thresholds Whenever fabric elements exceed these thresholds Fabric Watch automatically provides notification using several methods including e mail messages SNMP traps and log entries For detailed information regarding Fabric Watch refer to the Fabric Watch Administrator s Guide Web Tools Adminstrator s Guide 163 53 1002152 01 13 Fabric Watch overview 164 Web Tools Adminstrator s Guide 53 1002152 01 Chapter Administering Extended Fabrics 14 In this chapter e Extended link buffer allocation overview llle 165 Gonfiguring a port Tor long diStalic amp issus ska ux REREXTERERAG REFARRE 167 Extended link buffer allocation overview If t
140. ath is a CUP mechanism for sending FRU failure type reports to a FICON Logical Path via the FICON Protocol Viewing CUP logical path configurations To display a list of CUP logical path configurations perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Select Tasks Manage Switch Admin 3 Click Show Advanced Mode to see all the available tabs and options 4 Select the FICON CUP tab The FICON CUP page displays the FICON Management Server page in front All attributes on this page are read only until FMS mode is enabled 5 Click the CUP Logical Paths subtab Configuring CUP logical paths To configure a CUP logical path perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Select Tasks gt Manage gt Switch Admin 3 Click Show Advanced Mode to see all the available tabs and options 4 Select the FICON CUP tab Web Tools Adminstrator s Guide 53 1002152 01 Link Incident Registered Recipient configuration 17 The FICON CUP page displays the FICON Management Server page in front All attributes on this page are read only until FMS mode is enabled Click the CUP Logical paths subtab Select a logical path and click Set Current Link Incident Registered Recipient configuration The Link Incident Registered Recipient LIRR receives Link Incident Reports RLIR on the source N Port The LIRR database is stored on the switch Viewing Link Incid
141. aths RNID information for the switch displays in the Switch Information tab Figure 44 Manage Reports Monitor Tools Tasksi et ko status O temp 4 Power O Fan K TN l Beacon Legend Admin Domain ADO v Log Out Manage a 5l Zone Admin N Switch Events Switch Information Switch Admin Last updated at Wed Jul 22 2009 19 0 E Switch E Port Admin Name WT PLUTO BH Admin Domain Status Down E Fabric OS version v6 3 0 main bld37 FCR Domain ID 2 0x2 WAN 10 00 00 05 1e 53 99 Monitor a Type 774 tt Performance Monitor Role Disabled E Ethernet ET Name Server Ethernet IPv4 10 32151 212 x Ethernet IPv4 netmask 255 255 240 0 Other A Ethernet IPv4 gateway 10 32 144 1 ss Telnet SSH Client Ethernet IPv6 None B rc IPFC IPv4 None IPFC IPv4 netmask None MEUM Moa ESP OU Aaa E Zone ae I Effective configuration No Effective configur Aes lr are ict ial b ANGO31 4D00G b r lal m lal lanufacturer serial number HE Name as 3 LU IE B mms Supplier serial number E amp Fabric License ID 10 00 00 05 16 53 99 WT PLUTO E RNID 45 Segmented Switches Type Model Tag Sequence number DANGQOS314D00G Insistent Domain ID Mode Disabled Manufacturer BRD Manufacturer Plant CA PSRs V T A EDI Free Professional Management Tool
142. ation Optional Click Active Saved Mode to enable selected or disable not selected the Active Saved FMS parameter after the configuration is activated Click Yes to activate the configuration or click No to cancel the activation Copying an Allow Prohibit Matrix configuration To copy an Allow Prohibit Matrix configuration to a new configuration perform the following steps 1 Display the Allow Prohibit Matrix configuration list 2 Select a saved configuration or the active configuration from the list Web Tools Adminstrator s Guide 223 53 1002152 01 17 CUP logical path configuration 3 Click Copy The Allow Prohibit Matrix Configuration dialog box displays 4 Inthe dialog box enter a name and description for the new configuration and click OK to save the configuration to the target file click Cancel to cancel copying the configuration The file name must be in alphanumeric characters and can contain only dashes or underscores as special characters Deleting an Allow Prohibit Matrix configuration To delete a saved Allow Prohibit Matrix configuration 1 Display the Allow Prohibit Matrix configuration list 2 Select the saved configuration from the list 3 Click Delete The Delete Allow Prohibit Matrix Configuration confirmation dialog box displays 4 Click Yes to delete the selected configuration click No to cancel the deletion CUP logical path configuration 224 The logical reporting p
143. ation and all frames are untagged Trunk mode allows more than one VLAN association and allows tagged frames 9 Select the operational Status The choices are Administratively Up and Administratively Down 10 Click OK Configuring VLANs 236 The Virtual LAN VLAN capability allows multiple virtual LANs within a single physical LAN infrastructure The physical interface must be configured as L2 prior to configuring a VLAN either as an individual interface or as a LAG Before you start the VLAN configuration procedure you need to know which interfaces or LAGs you want to associate with each VLAN To configure a VLAN perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the VLAN tab 3 Click Add The VLAN Configuration dialog box displays 4 Specify a VLAN ID The format is VLAN bridge number ID In this Fabric OS release no bridge instances are supported so the bridge number is always O and the value under Bridge is statically defined as VLANO The ID is an integer from 1 to 3583 that must be entered in the ID field 5 Select the Native check box to add all the converged interfaces added in the present operation as native to a VLAN Web Tools Adminstrator s Guide 53 1002152 01 Configuring FCoE login groups 18 NOTE If you want to modify any converged interface as either native or non native you must first remove that particular member from that VLAN and then re a
144. ation parameters perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the SNMP tab 3 Select a user name from the User Name menu in the SNMPv3 section NOTE The list is scrollable If you do not see your user name scroll down using the scroll bar or by clicking the User Name heading Double click a recipient IP address in the SNMPv3 section and enter a new IP address Select a trap level from the Trap Level menu Optional Select the Enable SNMPv3 Informs for all Trap Recipients check box to enable or disable inform requests for all trap recipients T Enabling SNMPv3 informs allows you to enter the Engine ID The Engine ID is required to authenticate the inform request If informs request is disabled the SNMP manager does not send a response to the sender 8 Click Apply Changing the access control configuration NOTE The port number is not included To change the access control configuration perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the SNMP tab 3 Double click an access host IP address in the Access Control List section and enter a new host IP address You can enter an IP address in either IPv4 or IPv6 format When you use the IPv6 format you must include a prefix for example ec0 2002 64 NOTE The lis
145. ave Printing graphs You can print a single graph or all the graphs displayed on the selected canvas configuration Only one canvas configuration can be opened at a time To print a graph perform the following steps 1 Open the Performance Monitoring window 2 Create a basic or advanced Performance Monitor graph as described in Creating basic performance monitor graphs on page 109 and Advanced performance monitoring graphs on page 111 3 To print a single graph right click the graph and choose Print To print all the graphs displayed on the selected canvas configuration select File gt Print All Graphs Web Tools Adminstrator s Guide 115 53 1002152 01 8 Modifying graphs 4 Inthe print dialog box click OK Modifying graphs To modify an existing graph that is saved in a canvas perform the following steps 1 Open the Performance Monitoring window 2 Select File gt Display Canvas Configurations The Canvas Configuration List displays A message No Canvas configuration to display displays if there are no saved canvas configurations 3 Selecta canvas from the list and click Edit The Performance Monitor Canvas Canvas Name dialog box displays 4 Select a graph from the list and click Edit NOTE The Edit button is enabled only for the graphs that are configurable or editable 5 Make changes in the Edit dialog box as necessary 6 Click OK to close the Edit dialog box T Click Save to save the changes and clo
146. bled No No swadmin switchadmin switch admin Enabled No No fadmin fabricadmin Enabled No No zadmin zoneadmin Enabled No No bswadmin basicswitchadmin Enabled No No secadmin securityadmin Enabled No No irul switchadmin test Enabled No No La User Role Apply Close Refresh ay Switch Administration opened Mon Jan 31 2011 16 32 27 GMT 00 00 Add up to 256 User defined accounts Mode Basic Free Professional Management Tool 10 24 51 46 User admin Role admin s FIGURE34 User tab Viewing user account information To view user account information perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the User tab A list of the default and user defined accounts displays If you are logged in using the switchadmin role only your account information displays Creating user defined accounts To create user defined accounts perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the User tab 3 Click Add Web Tools Adminstrator s Guide 177 53 1002152 01 16 User defined accounts The Add User Account dialog box displays For switches that support Virtual Fabrics refer to Figure 35 For switches that support Administrative Domains AD refer to Figure 36 Switch Admin Add User Accoun
147. both IPv4 and IPv6 addresses are configured Web Tools can be launched using any configured IP address Use a switch with v5 3 0 or later firmware to manage a mixed fabric of IPv4 and IPv6 switches Switches running on version 5 2 0 do not discover IPv6 address only switches in the same fabric until the IPv4 address is configured Web Tools Adminstrator s Guide 15 58 1002152 01 16 1 Requirements for IPv6 support Web Tools Adminstrator s Guide 53 1002152 01 Chapter Using the Web Tools Interface 2 In this chapter SENE SWEN PODES oie nt usus kara Dic du du c det ni AER UR 17 Displaying Wol pS sau qx CR EROR AEE NRE RRC ERER 26 e Biglitephek OPIO Soira Coe RO ER IE ERE EEE EEEE DE Rad 27 OS RS 0o E A a TERTIUM 2q Displaying switches In the TaDriG isse kai hr nr OPERE REG 28 e Working with Web Tools recommendations llellssess 29 Opening a Telnet or SSH client WIRKOW s o secca ce ee ee ee 29 Collecting logs for troubleshooting i sss seo ner nr RE RR 30 Viewing Switch Explorer The first thing you see when you log in to a switch with Web Tools is Switch Explorer shown in Figure 5 on page 19 Switch Explorer is divided into areas that provide access to and information about the switch and fabric The Switch Explorer areas are e The left pane displaying the Tasks and Fabric Tree areas The Tasks area lets you perform management monitoring and other tasks The Fabric Tree displays
148. box Remove Zone Admin Configure gt Zoning Offline or Replace Replace All zone members by Inaccessible selecting the offline devices from the zone Devices tree Offline devices have an unknown overlay badge with good visibility Zonedatabase Zone Admin Configure gt Zoning summary print System requirements Zoning report for both online and offline database Before you install Web Tools on your workstation verify that your switches and workstation meet the Web Tools requirements listed in this chapter Web Tools requires any browser that conforms to HTML version 4 0 JavaScript version 1 0 and Java Plug in 1 6 0_24 or later Web Tools Adminstrator s Guide 53 1002152 01 System requirements 1 Brocade has certified and tested Web Tools on the platforms shown in Table 3 TABLE 3 Certified and tested platforms Operating System Browser Windows Server 2008 R2 Standard 64 bit Internet Explorer 8 0 Windows Server 2008 Standard Internet Explorer 7 0 Windows Vista Business Internet Explorer 7 0 Red Hat Enterprise Server 5 Advanced Internet Explorer 7 0 Platform SUSE Linux Enterprise Server 10 Internet Explorer 7 0 Brocade supports the platforms shown in Table 4 TABLE 4 Supported platforms Operating System Browser Red Hat AS 4 0 x86 32 bit Firefox 2 0 Red Hat Enterprise Linux 5 4 Adv x86 32 bit SUSE Linux Enterprise Server 10 32 bit SUSE Linux Enterprise Server 11 x86 32 bit
149. c Tree The Switch View displays 2 Select the Switch Events tab if necessary Filtering Switch Events You can filter the fabric and switch events by time severity message ID and service You can apply either one type of filter at a time or multiple types of filters at the same time When a filter is applied the filter information displays at the bottom of the filtered information and the Show All link is available to allow you to view the information unfiltered To filter Switch Events perform the following the procedure 1 Open the Switch Events tab as described in Displaying Switch Events on page 49 2 Click Filter The Event Filter dialog box displays 3 To filter events within a certain time period e Select the From check box and enter the start time and date in the fields e Select the To check box and enter the finish time and date in the fields e To filter events beginning at a certain date and time select only the From check box and enter the start time and date To filter events up until a certain date and time select only the To check box and enter the finish time and date 4 Click OK The filter is enabled and the window is refreshed to show the filtered information Filtering events by event severity levels To filter events by event severity levels perform the following steps 1 Open the Switch Events tab as described in Displaying Switch Events on page 49 2 Click Filter The Event Filter
150. cal Fabric level Any of these six classes is sufficient In order for the user defined role to have access to the Switch tab you must assign either the RBAC_SwitchConfiguration RBAC SwitchManagement RBAC_FRUManagement RBAC_AG or RBAC Configure classes to the user defined role which is applied at the Logical Fabric level Any of these five classes is sufficient Creating a user defined role To add a user defined role perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the User tab Select the Role sub tab Click the Add button Web Tools Adminstrator s Guide 53 1002152 01 User defined roles 16 The Switch Admin Add User Defined Role dialog displays Switch Admin Add User Defined Role Available Privileges Read amp Write Privileges 9 AdminDomains 49 ADSelect 49 AG 4 APM 49 Audit gt Authentication Blade 9 ChassisConfiguration e ChassisManagement P ConfigManagement P Configure Read Only Privileges Q nce gt Debug P Diagnostics gt oun yy EncryptionCon figuration yy EncryptionManagement gt EthernetConfig 49 Fabric gt FabricDistribution Cancel FIGURE37 Switch Admin Add User Defined Role dialog Enter a role name in the Name field 6 Enter a description of the role in the Description field To grant the role a read write privilege se
151. cation policies for E_Ports 191 Configuring authentication policies for F_Ports 192 Distributing authentication policies 192 Re authenticating policieS 0 0 00 eee 192 Setting a shared secret key pair 1 2 2 2 0 0 e eee eee 193 Modifying a shared secret key pair 000 eee 193 Setting the Switch Policy Authentication mode 193 SNMP configuration 0 0 194 Setting SNMP trap levels llle eee eee 194 Changing the systemGroup configuration parameters 194 Setting SNMPv1 configuration parameters 194 Setting SNMPv3 configuration parameters 195 Changing the access control configuration 195 Web Tools Adminstrator s Guide xiii 53 1002152 01 xiv RADIUS management 0 00 cece eee 196 Enabling and disabling RADIUS 0005 196 Configuring RADIUS 0 0 00 cece eee eee eee eee 197 Modifying the RADIUS server 0 0c eee eee eee 197 Modifying the RADIUS server order 000000ee 198 Removing a RADIUS server 0 0 0 cece ee eee 198 Active Directory service management 20 2e eee 199 Enabling Active Directory service llli lesen 199 Modifying Active Directory service 00000 eee 199 Removing Active Directory service llle 200 IPsec Concepts 44i d eh ete atc c cn os t RO eR RR 200 Transport mode and tunnel mode
152. cations channel DH group choices are 1 modp768 2 modp1024 14 modp2048 and 18 modp8192 Each group provides an incrementally more secure key exchange by providing more bits 768 1024 2048 8192 Authentication methods The methods used to authenticate the IKE peer are preshared key psk DSS digital signature dss and RSA digital signature rsasig e APreshared key PSK is a shared secret that is shared between two parties over a secure channel before it is used Typically the PSK is a password or pass phrase PSKs are created in the end systems used by the two parties There are several tools available to help select a strong key that will work with various operating systems When choosing a tool and creating a PSK keep in mind that the cryptographic strength of a key generally increases with length The Digital Signature Standard DSS makes use of a private key to generate a digital signature Each user possesses a private and public key pair Signature generation can be performed only by the possessor of the user s private key The digital signature is sent to the intended verifier in a message The verifier of the message and signature verifies the signature by using the sender s public key e The RSA digital signature process uses a private key to encrypt only the message digest The encrypted message digest becomes the digital signature and is attached to the original data To verify the contents of digitally signed data
153. cca deren Sie eee es 145 Fibre Channel Routing overview ccc eee eee eee 145 Supported switches for Fibre Channel Routing 146 Setting up FC FC routing 0 2 0 eee eee 146 FC FC routing management 2 0 eee eee 147 Opening the FC Routing module 0 00000 147 Viewing and managing LSAN fabrics 0 148 Web Tools Adminstrator s Guide xi 53 1002152 01 Viewing EX Ports uer nh nh m ae nc ne Rc n 148 Configuring an EX_Port 0 0 cece eee 149 Editing the configuration of an EX_Port 149 Configuring FCR router port COSt 2 2 0 cece eee eee 149 Viewing LSAN zones 00 ce eee 150 Viewing LSAN devices 0 00 cece ee eee 150 Configuring the backbone fabric ID 20 lessen 150 Chapter 12 Using the Access Gateway In this Chapter usse tette xe Melee ee ees 153 Access Gateway overvieW cee eee eee 153 Viewing Switch Explorer for Access Gateway mode 154 Access Gateway mode lleeeleeeel eens 155 Restricted access in the Port Administration window 155 Enabling Access Gateway Mode 00 e eee eee eee 155 Disabling Access Gateway mode 2 rnaar annann 156 Viewing the Access Gateway settings 000 ee eee 156 Port configuration issa a a i A a ee 156 Creating port groups 0 cee eere 157 Editing or viewing port SroupS 0 20 e eee eee 157 Deleting por
154. ch displays in Switch View Select Telnet SSH Client in the Other section of the Tasks panel The Preference dialog box displays Select the client by clicking Telnet or SSH Enter the Telnet or SSH path as defined for your implementation Web Tools Adminstrator s Guide 29 58 1002152 01 2 Collecting logs for troubleshooting 6 T To avoid the need to remember and key in the path you can store the path on your PC and browse to the location Clicking the button to the right of the field initiates the browse capability Click OK The Telnet or SSH window displays Enter your user credentials at the login prompt To close the session enter exit at the prompt and press the Enter key Collecting logs for troubleshooting If you encounter problems using the Web Tools interface collect Java logs for use in troubleshooting From Microsoft Windows perform this procedure 30 1 Qr Row Je D Open Control Panel and select Java Click on the Advanced tab Expand Java console Select Show console Restart Web Tools The Java console displays along with the Web Tools opening page Perform the Web Tools operation that caused the problem Collect the logs shown on the Java console If you no longer want to see the Java console when you start Web Tools go back to the Control Panel repeat steps 1 and 2 and then deselect Show console Web Tools Adminstrator s Guide 53 1002152 01 Managing Fabrics and Switc
155. characters are displayed as dots Web Tools Adminstrator s Guide 53 1002152 01 Allow Prohibit Matrix configuration 17 When initially installed a switch allows any port to dynamically communicate with any other port Two connectivity attributes are defined to restrict this any to any capability for external ports Block and Prohibit Block is a port connectivity attribute that prevents all communication through a port Prohibit is the port connectivity attribute that prohibits or allows dynamic communication between ports when a port is not blocked Each port has a vector specifying its Prohibit attribute with respect to each of the other ports in the switch This attribute is always set symmetrically in that a pair of ports is either prohibited or allowed to communicate dynamically The Port Connectivity table shown in Figure 43 on page 223 displays the Port number in physical location format Port Name port address name Block attribute Prohibit attribute and Area ld port address displayed in hexadecimal in fixed columns The right side is a port matrix that lists all ports by Area ID and identifies prohibited ports Those columns are scrollable and swappable Viewing Allow Prohibit Matrix configurations To display a list of Allow Prohibit Matrix configurations perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Select Tasks Manage Switch Admin 3 Click Show Advanced Mode to s
156. ck box in the Name Server window and enter an auto refresh interval in seconds The minimum and default interval is 15 seconds Printing the Name Server entries To set up printing preferences perform the following steps 1 Select Tasks gt Monitor gt Name Server The Name Server window displays Click Print On the Page Setup dialog box set up your printing preferences and click OK The Print dialog box displays Select a printer and click OK Displaying Name Server information for a particular device To display Name Server information for a particular device perform the following steps 1 Select Tasks gt Monitor gt Name Server The Name Server window displays Select a device from the Domain column Click Detail View The Name Server Information dialog box displays the information specific to that device Displaying zone members for a particular device To display zone members for a particular device perform the following steps 1 Select Tasks gt Monitor gt Name Server The Name Server window displays Select a device from the Domain column Click Accessible Devices The Zone Accessible Devices window displays accessible zone member information specific to that device Web Tools Adminstrator s Guide 53 1002152 01 Physically locating a switch using beaconing 3 Physically locating a switch using beaconing Use the Beacon button to physically locate a switch in a fabric The beaconi
157. cluding Ports on Demand user administration and zoning wizards Web Tools Administrator s Guide 53 0000522 08 Updates to support new switch types April 2005 200E 48000 and Fabric OS v5 0 1 including switchAdmin role upfront login and Web Tools EZ Web Tools Administrator s Guide 53 0000522 09 Updates to add additional information July 2005 about refresh and polling rates Web Tools Administrator s Guide 53 1000049 01 Updates to support new switch types January 2006 4900 7500 and Fabric OS v5 1 0 including FCR FCIP and the FR4 18i port blade Web Tools EZ information is moved to a separate book Web Tools Administrator s Guide 53 1000049 02 Updates to the FCIP chapter to clarify April 2006 how to configure tunnels Web Tools Administrator s Guide 53 1000194 01 Updates for Fabric OS v5 2 0 and the September 2006 FC4 16IP blade Also new security for Web Tools including Role Based Access Control and administrative domains Web Tools Administrator s Guide 53 1000435 01 Updates to reflect interface June 2007 enhancements support for new switch types IPv6 support and other enhancements Document Title Publication Number Summary of Changes Publication Date Web Tools Administrator s Guide 53 1000606 01 Updates to reflect updates to enhanced Access Gateway support changes to FCIP tunneling wizard and other enhancements October 2007 Web Tools Administrator s Guide
158. configuration activation or any changes made on the current active configuration This parameter is set as enabled by the hardware after system installation and can be reset by Web Tools Note When FMS mode is enabled and the Active Saved parameter is disabled you can enable and disable ports but the setting is not persistent When the Active Saved parameter is enabled you can enable and disable ports and the setting is persistent Alternate Control Prohibited Determines whether alternate managers are allowed to modify port connectivity Enabling this mode prohibits alternate manager control of port connectivity otherwise alternate managers can manage port connectivity This parameter is set as enabled by the hardware after system installation and can be reset by Web Tools User Alert Mode Controls director console behavior for alerts Enabling this mode prompts the director consoles to display a warning whenever you attempt an action that changes switch parameters When you disable this mode no warning is displayed In this case in which Web Tools is the director console warning messages are displayed by Web Tools regardless of the setting of the parameter since Web Tools always displays warning messages when you apply a change to a switch that changes parameters This parameter is always read only in Web Tools Each time that the switch is powered on the parameter is reset to disabled Director Clock Alert Mode C
159. connection to the switch by pinging the logical switch IP address Web Tools Adminstrator s Guide 53 1002152 01 Index Numerics 2 domain 4 domain fabric licenses 9 7800 switch 84 85 A Access Control List Refer to ACL access control Refer to RBAC Access Gateway mode configuration 153 disable 156 enable 155 F Port trunk groups 101 accessing switch event report 49 activating Allow Prohibit Matrix configuration 223 licenses 44 Ports on Demand 86 adding performance graphs to a canvas 115 zone alias members 124 zone configuration members 130 zone members 126 Admin Domain window 66 closing 69 refreshing 68 Admin Domains assigning administrators 180 creating 69 deleting 72 direct port membership 76 indirect port membership 76 opening 66 to activate deactivate 71 aliases zone Refer to zone aliases all access zoning 119 Web Tools Adminstrator s Guide 53 1002152 01 Allow Prohibit Matrix configuration activating 223 copying 223 deleting 224 displaying 221 225 Allow Prohibit Matrixconfiguration displaying 224 arbitrated loop parameters configuring 42 automatic trace dump transfers 138 B backbone fabric ID configuring 150 backing up configuration file 57 basic performance monitoring graphs 109 BB credit 41 beaconing enabling 53 best practices for zoning 136 blades enabling and disabling 35 browsers limitations 243 246 refresh frequency setting 5 su
160. d Allowed Port Type The allowed or configured port type The allowed port types indicate any constraints on what types the port can be configured when it comes online For normal that is non EX Port ports the following are the allowed port types L Port The port can be used to connect a loop device F Port The port can be used to connect a non loop device Web Tools Adminstrator s Guide 53 1002152 01 Configuring FC ports 6 E Port The port can be used to connect to another switch On the Brocade FC8 64 ports 56 through 63 are not available as E Ports This option is unavailable for these ports U Port For a physical FC port the port can be any one of E Port F Port or L Port For a logical FC port the port can be either VE Port or VEX Port When the wizard prompts you to select allowed port types if all of these boxes are selected there are no constraints on port type The port negotiated to its preferred type when the switch comes up depending on what type of device or switch to which it is connected Clearing a check box guarantees that the port does not attempt to function as a port of the unchecked type At least one type must remain selected An FC port cannot be configured as an E Port and L Port L Ports are not supported on the Brocade FC16 32 Brocade FC16 48 or Brocade 6510 NOTE To configure a port as an EX Port the switch must be capable of supporting FCR or FCIP features The EX Port option is
161. d 250 inclusive If the port capability is 1 GB type a number between 10 and 500 inclusive For the Brocade 6510 Brocade DCX 8510 8 and Brocade DCX 8510 4 the buffer credits are 10 through X where X is proportional to the available buffers This value is the upper limit for calculating buffer availability for other ports in the same port group If the actual distance is more than the desired distance the port operates in buffer limited mode C Press Enter or click another port entry for the value to be accepted 6 Click Apply The warning message DLS should be disabled while enabling Long distance link with Credit Recovery displays T Click Yes to apply the changes or click No to close the confirmation message window Web Tools Adminstrator s Guide 53 1002152 01 Chapter Routing Traffic 1 5 In this chapter e ptas I E seta d quce di S eua A Sa E ARUM ER aca RR Rh 169 Viewing fabric shortest path first routing 0 0 eee ee eee 170 e Configuring dynamic load sharing 0000 ee eee eee eee 170 Specifying frame order delivery aoc cusuces eu arme erem a a wlace eel a ode 172 Configuring the link cost fora POM a spcrn mina 172 Routing overview NOTE To perform routing operations and Dynamic Load Sharing DLS configurations the EGM license must be installed on the switch otherwise access to these features is denied and an error message displays For Fabric OS v7 0 0 the supported ro
162. d or disabled across switch restarts perform the following steps NOTE Ports cannot be persistently enabled or disabled when FMS is enabled Select a port in the Switch View to open the Port Administration window Select the FC Ports VE VEx Ports ICL Ports or GigE Ports tab From the tree on the left select the switch or slot that contains the port PF WN BF From the table select one or more ports NOTE Use Shift click and Ctrl click to select multiple ports You can select multiple ports from the table You cannot select multiple ports from the tree 5 Click Persistent Enable or Persistent Disable NOTE Persistent Enable or Persistant Disable is not supported in FMS mode NOTE If the button is gray unavailable the port is already in that state or FMS mode is enabled on the switch gray unavailable the port is already in the enabled or disabled state For example if the Enable button is unavailable the port is already enabled If you select multiple ports in both enabled and disabled states both buttons are active When you click either button the action is applied to all selected ports 6 Optional If you are accessing a Brocade 7800 switch you can set the media type for the GEO and GE1 GigE ports to either copper or optical a Select the GigE Ports tab b Select either the GEO or GE1 port c Select either Copper or Optical from the Media Type selection list T Click Yes in the confirmation window C
163. d switch an error message displays To enable Dynamic Ports on Demand perform the following steps 1 Select a port in the Switch View to open the Port Administration window 2 Select the FC Ports or GigE Ports tab 3 From the tree on the left select the switch or the slot that contains the port 4 Click Enable DPOD to enable the licensing mechanism to be dynamic If the button is labeled Disable DPOD the licensing mechanism is already set to dynamic The existing POD associations and assignments are set as the initial Dynamic POD associations Two fields are displayed Available Licenses indicate the number of free licenses These can be allocated for any port Total Licenses indicate the total number of licenses Disabling Dynamic Ports on Demand NOTE Disabling DPODs causes traffic disruption Any prior port associations and assignments are lost the next time the switch is restarted To disable the Dynamic POD feature log in as Admin and perform the following steps 1 Select a port in the Switch View to open the Port Administration window 2 Select the FC Ports or GigE Ports tab 3 Fromthe tree on the left select the switch or the slot that contains the port 4 Click Disable DPOD to set the licensing mechanism to static If the button is labeled Enable DPOD the licensing mechanism is already set to static Web Tools Adminstrator s Guide 53 1002152 01 Port activation 6 Diagnostic ports Diagnostic
164. dd it to the same VLAN Under the Selection List click the plus sign next to the Interface and LAG folders and select individual interfaces and LAGs you want to associate with the VLAN ID Click Add to move the interfaces or LAGs to the Selected List Note the reminder that interfaces must be configured as L2 and that the interfaces or LAGs must be in Trunk mode to be associated with multiple VLANs Access mode interfaces can be associated with only one VLAN and the Converged mode interface can be Native in one VLAN and it could be non native type in more than one VLAN Click OK Repeat the procedure for additional VLANs 10 To edit VLAN select the detail from the table in the VLAN tab and click Edit NOTE The FCoE check box is selected by default for FCoE VLAN The FCoE check box is read only you must use the CLI to make any changes to the FCoE VLAN 11 Click OK to enable FCoE Clear the check box to disable FCoE Configuring FCoE login groups FCoE login groups control which FCoE devices are allowed to log in to a switch or fabric The FCoE Ports window is used for configuring the FCoE ports on a switch To configure an FCoE login group perform the following steps 1 Select the DCB tab on the Switch Administration panel 2 Select the FCoE Login Group tab 3 Click New The New Login Group dialog box displays 4 Entera name for the login group in the Login Group Name field Select the switch WWN The choices a
165. dditional Brocade and industry specific documentation that you might find helpful Brocade resources To get up to the minute information go to http my brocade com and register at no cost for a user ID and password White papers online demonstrations and data sheets are available through the Brocade website at http www brocade com products solutions products index page For additional Brocade documentation visit the Brocade website http my brocade com Release notes are available on the MyBrocade website and are also bundled with the Fabric OS firmware Web Tools Adminstrator s Guide XXV 53 1002152 01 Other industry resources For additional resource information visit the Technical Committee T11 website This website provides interface standards for high performance and mass storage applications for Fibre Channel storage management and other applications http www t11 org For information about the Fibre Channel industry visit the Fibre Channel Industry Association website http www fibrechannel org Getting technical help xxvi Contact your switch support supplier for hardware firmware and software support including product repairs and part ordering To expedite your call have the following information available 1 General Information e Switch model e Switch operating system version e Software name and software version if applicable e Error numbers and messages received e supportSave command
166. dialog box displays Select Level 4 Select the event levels you want to display Click OK The filter is enabled and the window is refreshed to show the filtered information Web Tools Adminstrator s Guide 53 1002152 01 Displaying the Name Server entries 3 Filtering events by message ID To filter events by message ID perform the following steps 1 Open the Switch Events tab as described in Displaying Switch Events on page 49 2 Click Filter The Event Filter dialog box displays Select Message ID Enter the message IDs in the associated field NOTE You can enter multiple message IDs as long as you separate them by commas You can enter either the full message ID modulelD messageType or a partial ID modulelD only The message ID filtering is case sensitive 5 Click OK The filter is enabled and the window is refreshed to show the filtered information Filtering events by service component To filter events by service component perform the following steps 1 Open the Switch Events tab as described in Displaying Switch Events on page 49 2 Click Filter The Event Filter dialog box displays Select Service The event service menu is enabled Select either Switch or Chassis from the menu to show only those messages from the logical switch or from the chassis 5 Click OK The filter is enabled and the window is refreshed to show the filtered information Displaying the Name Server entries Web Tools display
167. disabled in the wizard if the switch does not meet these requirements Long distance mode Port long distance configurations can be performed in the Switch Admin Extended Fabric tab if the link is used over long distances To configure the long distance settings the EGM license must be enabled on the switch Otherwise access to this feature is denied and an error message displays For information about long distance mode settings refer to Chapter 14 Administering Extended Fabrics The EGM license is required only for 8 Gbps platforms such as the following e Encryption Switch e 300 5300 and 5100 switches Brocade VA 40FC e Brocade 8000 e Brocade 7800 For non 8 Gbps platforms all functionality is available without EGM license Ingress rate limit Ingress rate limiting is a licensed feature that requires the Adaptive Networking license Ingress rate limiting restricts the speed of traffic from a particular device to the switch port allowing latency sensitive applications to share the storage resources alongside throughput intensive applications Ingress rate limiting delays the return of BB credits to the external device By limiting the throughput on the ingress side of a port existing congestion can be removed or avoided The implication is as following e Ingress rate limiting is not supported if the F Port is in AOQ e Ingress rate limiting is not supported if the F Port is part of Trunk e Ingress rate limiting is no
168. disabling a switch on page 37 3 Select the Configure tab 4 Select the Virtual Channel subtab 5 Enter a value in the VC Priority field you want to change The only valid numeric values for all fields are either 2 or 3 6 Click Apply Enable the switch as described in Enabling and disabling a switch on page 37 Configuring arbitrated loop parameters To configure arbitrated loop parameters perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Disable the switch as described in Enabling and disabling a switch on page 37 Select the Configure tab Select the Arbitrated Loop subtab Web Tools Adminstrator s Guide 53 1002152 01 System configuration parameters 3 5 Select or clear the check boxes to enable or disable the corresponding arbitrated loop parameters 6 Click Apply Enable the switch as described in Enabling and disabling a switch on page 37 Arbitrated loop parameters Configure the following arbitrated loop parameters on the Arbitrated Loop subtab of the Configure tab Send Fan Frames Select this check box to specify that fabric address notification FAN frames are sent to public loop devices to notify them of their node ID and address Always Send RSCN Following the completion of loop initialization a remote state change notification RSCN is issued when FL Ports detect the presence of new devices or t
169. display the entries related to the backbone fabric only All of the EX Ports are disabled and you cannot enable them until FC FC routing is enabled Opening the FC Routing module The FCR button in the Switch View launches the FC Routing module This button is displayed only for the following switches Brocade VA 40FC Brocade 6510 e Brocade 5100 and 5300 switches and the 7800 Extension Switch e Brocade DCX and DCX 4S enterprise class platforms when configured with FRA 18i FC8 16 FX8 24 FC8 32 FC8 48 FC8 64 FC16 32 or FC16 48 blades NOTE When the Virtual Fabrics capability is enabled on the switch Fabric ID cannot be set using the Set Fabric ID button To open the FC Routing module perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View 2 Click FCR in the Manage section of the Tasks menu The FC Routing module displays If FC FC Routing is disabled a message to that effect displays on all the tabs in the module Web Tools Adminstrator s Guide 147 53 1002152 01 11 Viewing EX Ports Viewing and managing LSAN fabrics The LSAN Fabric tab displays all the LSAN fabrics visible to your switch in both a tabular and tree form If FC FC Routing is disabled the table and tree nodes in this tab are empty and the tree displays only the backbone switch For more detailed information abou
170. e between the end of one polling period and the start of the next and not how often the screen is refreshed A refresh rate of 15 seconds does not ensure that a refresh occurs every 15 seconds It ensures that the time between each refresh activity is no more than 15 seconds Autorefresh intervals might be not be exactly 15 seconds The refresh rate varies depending on the activity in the fabric and on the host system you are using Following are some variables you should consider when refreshing the fabric Retrieval time increases when you are in a large fabric because there is more data to retrieve from the switches e Processor speed of the system you are using may slow down the refresh rate e OS Job Scheduling if you are using a host system in the data center impacts the refresh rate e JVM Performance can contribute to causing interval differences between what is on screen and how long it is actually taking Web Tools Adminstrator s Guide 27 53 1002152 01 2 Displaying switches in the fabric For these reasons the time displayed in the port statistics tab might not be refreshed as expected The counter time indicates only that this statistics data is retrieved from the switch in this time period To ensure the correct information the time field is updated along with the port statistics data after every refresh The refresh rates are different for each module Table 6 lists polling rates by module Though these rates are sample
171. e Brocade FC16 32 Brocade FC16 48 e Brocade DCX with 8G blades e Brocade DCX 4S with 8G blades e Brocade 300 e Brocade 5100 e Brocade 5300 e Brocade 6510 e Brocade 7800 on FC ports Brocade FX8 24 on FC ports You can enable this loss less feature from WT If you try to enable loss less when DLS is OFF an error message displays To enable or disable loss less DLS perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Routing tab Select On in the Loss Less DLS area to enable the mode or select Off to disable dynamic load sharing Web Tools Adminstrator s Guide 171 53 1002152 01 15 Specifying frame order delivery When the exchange based routing policy is in effect the Loss Less DLS radio buttons display on the Routing tab 4 Click Apply and then click OK Specifying frame order delivery In a stable fabric frames are always delivered in order even when the traffic between switches is shared among multiple paths However when topology changes occur in the fabric for example if a link goes down traffic is rerouted around the failure and some frames could be delivered out of order By default frame delivery is out of order across topology changes However if the fabric contains destination devices that do not support out of order delivery you can force in order frame delivery across topology changes
172. e TI zones must be in the same failover mode Optional Repeat steps 5 and 6 to add more elements to your TI zone When you are finished click OK The Traffic Isolations Zones window displays Click Apply to save the TI zone configuration Zone configuration and zoning database management A zone configuration is a group of zones zoning is enabled on a fabric by enabling a specific configuration You can specify members of a configuration using zone names 128 Web Tools Adminstrator s Guide 53 1002152 01 Zone configuration and zoning database management 9 Figure 24 displays a sample zoning database and the relationship between the zone aliases zones and zoning configuration The database contains one zoning configuration myconfig which contains two zones Zone A and Zone B The database also contains four aliases which are members of Zone A and Zone B Zone A and Zone B also have additional members other than the aliases a Alias 2 WWN 1 WWN 2 WWN 3 a 4 lt domain portarea gt Other Elements omen J ES zi T Alias 3 gt L WWN 5 J WWW 5 WWN 6 WWN7 e Other Elements gt L won 7 m Jl ES J FIGURE 24 Sample zoning database Creating zone configurations To create a zone configuration perform the following steps After creating a zone configuration you must explicitly enable it for it to take
173. e View menu T Select an element in the Member Selection List that you want to include in your zone Note that LSAN zones should contain only port WWN members The right arrow becomes active 8 Click the right arrow to add the zone member The selected member is moved to the Zone Members window 9 Optional Repeat steps 7 and 8 to add more elements to your zone 10 Optional Click Add Other to include a WWN or port that is not currently a part of the fabric At this point you can either save your changes or save and enable your changes 11 Select Zoning Actions Save Config to save the configuration changes To enable the configuration refer to Enabling zone configurations on page 131 Adding and removing members of a zone For information on enabling the configuration refer to Enabling zone configurations on page 131 NOTE When you assign a node WWN to an alias or zone all of the WWPN s associated to that Node are also moved This functionality is supported only for IMO mode This behavior is duplicated in Brocade Network Assistant zoning This functionality is supported only by selecting the node WWN and assigning it to the alias or zone To add or remove zone members perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Zone tab 3 Select the zone you want to modify from the Name list The zone members for the selected zone are listed i
174. e Virtual Fabric options You are given a choice between Home Logical Fabric and User Specified Virtual Fabric Figure 4 Home Logical Fabric is the default lolx Please enter user name and password Resource 10 35 52 51 User Name admin Password DIL Virtual Fabric Home Logical Fabric User Specified Logical Fabric Cancel Options FIGURE 4 Virtual Fabric login option Log in to a logical fabric e To log in to the home logical fabric select Home Logical Fabric and click OK e To log in to a logical fabric other than the home logical fabric select User Specified Logical Fabric enter the fabric ID number and click OK Logging in to an Admin Domain If you are logging in to a platform that is capable of supporting Admin Domains the login dialog box displays You do not have an Admin Domain option if the Access Gateway mode is enabled Admin Domains and Virtual Fabrics are mutually exclusive 1 Select Options to select an Admin Domain other than your default home domain You are given a choice of Home Domain the default or User Specified Domain Log in to an Admin Domain e Tologin to the home domain select Home Domain and click OK e To log in to an Admin Domain other than the home domain select User Specified Domain enter the Admin Domain name or number and click OK If the user name or password is incorrect a dialog box displays indicating an authentication failure If you en
175. e a syslog IP address perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Network tab In the Syslog IP s Configuration section in the New IP field enter an IP address in either IPv4 or IPv6 format Click Add The new IP address displays in the Syslog IP area Click Apply Removing a syslog IP address 34 To remove a syslog IP address perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Network tab Select a syslog IP in the table and click Remove You can click Clear All to remove all of the syslog IP addresses from the table Click Apply Web Tools Adminstrator s Guide 53 1002152 01 Configuring IP Filtering 3 Configuring IP Filtering Web Tools provides the ability to control what client IP addresses may connect to a switch or fabric To set up IP Filtering perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Security Policies tab Select IPFilter on the Security Policies menu 4 Click Create Policy The Create IP Filter Policy dialog box displays Enter a policy name select a policy type and then click the Add Rule button Enter the rule order rule type source and destination IP addresses and th
176. e available without EGM license To clone a zone configuration perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Click the Zone tab 3 Select the zone you want to clone from the Name list 4 Click Clone 5 Inthe Clone an Existing Zone dialog box enter a name for the copied zone 6 Click OK The selected zone is copied from the Zone Admin buffer T Select Zoning Actions Save Config to save the configuration changes Because no changes were made to the effective configuration you do not need to enable the configuration Deleting zones For information on enabling the configuration refer to Enabling zone configurations on page 131 To delete a zone perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Click the Zone tab 3 Select the zone you want to delete from the Name menu and click Delete 4 Onthe confirmation dialog box click Yes The selected zone is deleted from the Zone Admin buffer At this point you can either save your changes or save and enable your changes 5 Select Zoning Actions gt Save Config to save the configuration changes Web Tools Adminstrator s Guide 127 53 1002152 01 9 Zone configuration and zoning database management Creating and populating enhanced traffic isolation zones An enhanced traffic isolation zone TI zone is a special zone t
177. e monitor If you click OK the monitor is saved and persists if the switch is restarted Creating the SCSI vs IP Traffic graph The SCSI vs IP Traffic graph displays the SCSI versus IP traffic for selected ports For Brocade 8510 8 Brocade 8510 4 and Brocade DCX and Brocade DCX 4S enterprise class platforms the slot and port name are identified in the graph In a trunk group the SCSI vs IP Traffic graph displays only the master port and not the slave ports To create a SCSI vs IP Traffic graph perform the following steps 2 2 Open the Performance Monitoring window Select Performance Graphs Advanced Monitoring SCSI vs IP Traffic The SCSI vs IP Traffic Setup dialog box displays This dialog box is similar to that shown in Figure 22 on page 110 Double click the domain to expand the slot port list NOTE For Brocade 8510 8 Brocade 8510 4 and Brocade DCX and Brocade DCX 4S enterprise class platforms click the plus signs to expand the ports under each slot as shown in Figure 22 Click the port you want to monitor in the graph in the Port Selection List Use Shift click and Ctrl click to select multiple ports Click Add to move the selected ports to the Selected Ports list Optional Click ADD ALL Ports to add all of the ports in the Port Selection List to the Selected Ports list Optional Click Search to open the Search Port Selection List dialog box from which you can search for all E Ports all F
178. e tab Select a RADIUS server from the RADIUS Configuration list Click Remove If there is no RADIUS server configured the Remove button is disabled You cannot remove the only RADIUS server if RADIUS is the primary AAA service The RADIUS server is not deleted until you apply the changes from the AAA Services tab Click Apply in the AAA Services tab A confirmation displays warning you that you are about to remove the selected RADIUS server Click Yes in the confirmation Web Tools Adminstrator s Guide 53 1002152 01 Active Directory service management 16 Active Directory service management Active Directory is the directory server that holds all the user profiles Active Directory provides user authentication and authorization using LDAP as authentication protocol Active Directory provides better security while using remote authentication mechanism You can add remove and modify settings of Active Directory Server Enabling Active Directory service For adding a new Active Directory server you must provide the server IP address port number secret string timeout value and LDAP as the authentication protocol The server IP address may be in either IPv4 or IPv6 format Select Active Directory as the server type the dialog box displays LDAP as the only authentication protocol To enable Active Directory service perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Admini
179. e the Advanced Monitoring feature you must have a Performance Monitor license installed and you must log in using an account with an admin switchadmin fabricadmin role and properly configured user defined roles The Advanced Monitoring option in the Performance Graphs window displays predefined reports and filter based performance monitoring You can use this feature to track the following e The number of words received and transmitted in Fibre Channel frames with a defined SID DID pair e The number of times a particular filter pattern in a frame is transmitted by a port For detailed information on performance monitoring refer to the Fabric OS Administrator s Guide Performance graphs Each performance graph is displayed individually in a window so it can be minimized maximized resized and closed Graphs within the Performance Monitoring window are updated every 30 seconds When you first display the graph or if you modify the graph such as to add additional ports you might have to wait up to 30 seconds before the new values are shown When you have multiple graphs open in the Performance Monitoring window you can perform the following tasks e Select Window gt Tile to view all graphs at once tiled in the Performance Monitoring window e Select Window gt Cascade to view one graph at a time e Select Window gt Close All to close all open Performance Monitor graphs in the Performance Monitoring window In addition
180. eature is available with Web Tools and Web Tools with the EGM license Name Server information is collected from the selected switch Refer to Displaying the Name Server entries on page 51 for more information The Other section of the Tasks menu provides access to Telnet tools Fabric Tree Fabric Tree displays all switches in the fabric even those that do not have a Web Tools license and that are not owned by your selected Admin Domain Switches that are not owned by the Admin Domain are shown in the Fabric Tree with switch status Fabric Tree does not display switches segmented before you opened Web Tools Only two types of switch icons display in Fabric Tree one for a pizza box and one for a chassis No platform based icons are supported Use the drop down menu at the top of the Fabric Tree area to view switches in the Fabric Tree by switch name IP address or WWN You can rest on the cursor over a switch to display the IP address and current status To manually refresh the status of a switch within the fabric right click the switch in the Fabric Tree and select Refresh Although Fabric Tree displays all the switches in the fabric you can manage switches that support Fabric OS v6 1 and later versions because it does not requires Web Tools license If a switch is launched from Fabric Tree preference will be given to IPV4 even though both IPV4 and IPV6 are configured for that particular switch The versions earlier than Fabric OS v6
181. eb Tools Adminstrator s Guide 23 53 1002152 01 2 Viewing Switch Explorer The default Switch View display refresh rate is 60 seconds However the initial display of Switch Explorer might take from 30 to 60 seconds after the switch is booted Refresh rates are fabric size dependent The auto refresh interval may not be less than 60 seconds However the refresh rate varies depending on the activity in the fabric and on the host system you are using The larger the fabric the longer it takes to poll the fabric and refresh the view F Port and L Port connection changes refresh immediately Port representations The ports in the Switch View show the port type Borders around the accessible ports indicate that SFP modules are present A colored border indicates the status of the port for example a green border indicates that the port is connected and traffic is flowing Ports that are not accessible do not display the port type and do not have borders The port LEDs in the Switch View match the LEDs on the physical switch However the blink rate of the LEDs in the Switch View does not necessarily match the blink rate of the LEDs on the physical Switch Refer to Port LED interpretation on page 144 for more information Right click a port in Switch View to get a menu that opens the Port Administration window allowing you to view detailed information about the port From Port Administration you can access information on all other ports Ref
182. ecked check box indicates that the parameter is enabled You cannot configure the User Alert Mode parameter in Web Tools as it is read only Displaying code page information The Code Page section identifies the language used to exchange information between the FICON director and Host Programming It is a read only field in Web Tools as it is set by Host Programming only When FMS mode is disabled the code page is displayed as unavailable To display code page information perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 3 Select the FICON CUP tab The FICON CUP page displays the FICON Management Server page in front All attributes on this tab are read only until FMS mode is enabled The code page format is displayed in the Code Page section as shown in the following example Language used to exchange information with Host Programming EBCDIC USA Canada 00037 Viewing the control device state The control device is in either a neutral or a switched state When it is neutral the control device accepts commands from any channel that has established a logic path with it and accepts commands from alternate managers When the control device is switched it establishes a logical path and accepts commands only from that logical path device allegiance Commands from other paths cause a F
183. ect the Authentication Type The choices are FCAP DHCHAP or both e Select the Switch Authentication Policy Mode The choices are Passive Active On or Off Select the Hash Type used The choices are SHA1 MD5 or both e Select the DH Group Type The choices are O no DH authentication 1 1024 bit 2 1280 bit 3 1536 bit or 4 2048 bit e Use the Device Authentication Policy Mode selector to set the desired mode The choices are On Off or Passive Click Apply If your authentication method uses a shared secret select the Shared Secret Keys tab The Shared Secret Keys screen displays Select Add The Add Shared Secret Keys dialog box displays Browse to select the switch WWN or name and domain ID or enter the switch WWN or name and domain ID in the Switch WWN Name Domain ID field Enter the shared secret key for the peer device an HBA in this case in the Peer Shared Secret and Confirm Peer Shared Secret fields Enter the shared secret for switch in the Local Shared Secret and Confirm Local Shared Secret fields Click Add An entry is added in the Switch WWN box Click OK Add more shared secrets if needed Web Tools Adminstrator s Guide 213 58 1002152 01 16 Establishing authentication policies for HBAs 214 Web Tools Adminstrator s Guide 53 1002152 01 Chapter Administering FICON CUP Fabrics 1 1 In this chapter ACON CUF TaBEICS DUBEMEW Luo Lies esd ecto uix nte a nica i ana nic e t n cR
184. ect the User tab Select the account to modify NOTE You cannot modify the default root and factory accounts even if you are logged in as root Click Modify The Modify User Account dialog box displays NOTE If the user account you are modifying does not have a subset of your Admin Domains a warning message displays to inform you of the permissions conflict Select a role from the menu You can change the role only on user level accounts You cannot change the role on the admin or root accounts You cannot change the role of your own account Enter a new description You can change the description only on user level accounts You cannot change the description of the default accounts You cannot change the description of your own account Click Enabled or Disabled to enable or disable the account You can enable and disable user and admin level accounts but not your own account You cannot enable or disable your own account or the factory account Only the root account can disable itself If you disable an account all active CLI sessions for that account are logged out Web Tools Adminstrator s Guide 53 1002152 01 User defined accounts 16 8 Check the available Admin Domains that the user can access Only Admin Domains that have already been created and are accessible to you display If all the Admin Domains in the list are inactive then you cannot log in to the switch NOTE The All option does not mean all of the listed
185. ecuting any subsequent tasks For a large fabric this can take several minutes Some data collection and processing operations in the iSCSI Gateway module might take a long time to complete especially in large fabrics or fabrics with large numbers of defined Discovery Domains and Discovery Domain Sets In most cases progress bars are provided Allow the application a sufficient amount of time 30 40 seconds to collect and display data before taking any action or assuming the application is hanging A maximum of five simultaneous HTTP sessions to any one switch is recommended An HTTP session is considered a Fabric Manager or Web Tools connection to the switch Opening a Telnet or SSH client window When you open a Telnet or SSH client window it connects to the IP interface of the switch You cannot connect to a CP blade on a director switch through a Telnet or SSH client window opened from Web Tools even when the blade has an IP address and supports Telnet sessions Refer to the Fabric OS Command Reference for information about the Telnet commands NOTE Internet Explorer 7 0 default settings disable Telnet functionality If you are using Internet Explorer 7 O you must make the appropriate changes in the registry to open the Telnet window To open a Telnet or SSH client window perform the following steps 1 Select a switch in Fabric Tree You are prompted to log in if the OS is version 5 3 0 or later otherwise the selected swit
186. ee all the available tabs and options 4 Select the FICON CUP tab The FICON CUP page displays the FICON Management Server page in front All attributes on this page are read only until FMS mode is enabled 5 Click the Allow Prohibit Matrix subtab Modifying Allow Prohibit Matrix configurations In the Allow Prohibit Matrix Configuration dialog box swapped ports are indicated with the Swapped label Figure 42 Port amp rea Dt oo 01 Svvapped 02 Svvapped 03 Svvapped 04 Svvapped 05 Svvapped 06 OF Swapped 06 Svvapped 09 Svvapped FIGURE 42 Edit Allow Prohibit Matrix dialog box swapped label Web Tools Adminstrator s Guide 221 53 1002152 01 17 Allow Prohibit Matrix configuration To create a new Allow Prohibit Matrix configuration or to edit an existing configuration perform the following steps 1 Display the Allow Prohibit Matrix configuration list 2 Youcan either create a new configuration or edit an existing configuration e To create a new configuration click New The Allow Prohibit Matrix Configuration dialog box displays all ports and port names on the selected switch similar to the dialog box shown in Figure 43 The Block column Prohibit column and prohibited ports matrix are displayed as empty for you to configure e To edit an existing configuration click the configuration and then click Edit The Allow Prohibit Matrix Configuration dialog box dis
187. eee 87 Enabling Dynamic Ports on Demand susss 88 Disabling Dynamic Ports on Demand suslsusss 88 Diagnostic port sse sl xb Rr ER RR Ru EYES 89 Reserving and releasing licenses on a port basis 89 Port swapping index llle 90 Port sWapplng siecle tees mier Pook bebe wees 90 Determining if a port index was swapped with another switch port 0 0000 eee eee eee 91 Configuring BB credits on an F_Port 00 0c e ee eee 92 Configuring ALPA uir eere ero ten de eas ate ea e Rs 92 Configuring Port Octet Speed Combination 93 Configuring CSCTL 0 0 0 eee eee 95 Inband Management 2000 e eee eee eee ee 96 Chapter 7 Enabling ISL Trunking In this chapter iss re chee ee ee eee 99 ISL Trunking OVErVieW 2 eee 99 Disabling or enabling ISL Trunking 00 eee ee eee 99 Admin Domain considerations 020000 ee eeee 100 Viewing trunk group information 0 0c eee eee eee 100 F_Port trunk groups 0 eects 101 Creating and maintaining F_Port trunk groups 101 Chapter 8 Monitoring Performance In this chapter sareari eek ee 103 Performance Monitor overview 00 cece eee eee 103 Basic monitoring 2 0 cece eee 103 Advanced monitoring llle 104 Performance graphs 0 c eee eee eese 104 Admin Domain considerations 20002 ee eens 104 Predefined performance graphs 20
188. effect For information on enabling the configuration refer to Enabling zone configurations on page 131 NOTE Any changes made to the currently enabled configuration does not display until you re enable the configuration To create zone configurations perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select a format to display zoning members in the Member Selection List as described in Selecting a zoning view on page 123 Select the Zone Config tab and click New Zone Config In the Create New Config dialog box enter a name for the new configuration and click OK Web Tools Adminstrator s Guide 129 53 1002152 01 9 130 Zone configuration and zoning database management The new configuration displays in the Name list 5 Expand the Member Selection List to view the nested elements The choices available in the list depend on the selection made in the View menu 6 Select an element in the Member Selection List that you want to include in your configuration The right arrow becomes active T Clickthe right arrow to add configuration members Selected members are moved to the Config Members window Repeat steps 6 and 7 to add more elements to your configuration Select Zoning Actions gt Save Config to save the configuration changes Adding or removing zone configuration members For information on enabling the configuration refer to
189. efined Role dialog slllseseseesse 185 Switch Admin Add User Defined Role dialog lleseessesse 186 Transport mode and tunnel mode comparisSon 0 00 cee eee 201 AH header in transport mode and tunnel mode 00 cee eens 202 ESP header in transport mode and tunnel mode Lieu 202 Edit Allow Prohibit Matrix dialog box swapped label 221 Allow Prohibit Matrix Configuration dialog box 2 2 2 0 cee eee eee eee 223 Switch RNID informations uere e ERR ee gea ence eed A 226 Switch Administration DCB subtabS 0 00 cee elles 229 FCoE Ports tab Port Administration panel 2000 cece eee eee 238 Web Tools Adminstrator s Guide 53 1002152 01 Tables Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 Table 13 Table 14 Table 15 Table 16 Table 17 Table 18 Table 19 Table 20 Table 21 Web Tools Adminstrator s Guide 53 1002152 01 Basic Web Tools features and EGM licensed features llus 2 Web Tools functionality moved to Brocade Network Advisor 3 Certified and tested platforms 0 0 0 0 ccc eee eee 5 Supported platforms 00 sso eer resestir tates Eini E dro En EEN 5 Predefined Web Tools roles 00 cece eee eee 13 Polling rat s P PEDI 28 Switches that support WWN based Persistent PID on Web Tools 40 Event severity levels sss i
190. elected zoning elements The former WWN is replaced in the Zone Admin buffer by the new WWN including within any alias or zone in which the old WWN was a member 134 Web Tools Adminstrator s Guide 53 1002152 01 Zone configuration and zoning database management 9 Searching for zone members You can search zone member selection lists for specified strings of text If you know some identifying information about a possible member of a zoning entity you can select the tab and view for that entity and then search through its member selection list using the Search for Zone Member option If the target entity is an alias or zone then the search domain includes elements like switch names and domain numbers port names and domain port addresses device WWNs and manufacturer names and also any aliases that might already have been defined If the target entity is a configuration then zones are also included along with the elements they contain The search starts from the top of the list and when the target element is found it is also selected in the Member Selection List so it can be added or its parent or children can be found By default the Member Selection List is searched from beginning to end one time If you select the wraparound option the search continues to loop from the beginning to the end of the Member Selection List To search for zone members perform the following steps 1 Open the Zone Admin window as described in Opening t
191. em IGS daos dacuex cre eked RR merca Rp REA RE EA 14 Requirements for IPYG suDDOIt crcs sires nin enini Enap ean cae cme 15 Web Tools overview Brocade Web Tools is an embedded graphical user interface GUI that enables administrators to monitor and manage single or small fabrics switches and ports Web Tools is launched directly from a web browser or from the Brocade Network Advisor A limited set of features is accessible using Web Tools without a license and is available free of charge Additional switch management features are accessible using Web Tools with the Enhanced Group Management EGM license Refer to Web Tools the EGM license and Brocade Network Advisor for more information Web Tools the EGM license and Brocade Network Advisor Beginning with Fabric OS version 6 1 1 Web Tools functionality is tiered and integrated with Brocade Network Advisor If you are migrating from a Web Tools release prior to Fabric OS version 6 1 1 this may impact how you use Web Tools A Web Tools license is not required and a basic version of Web Tools is available for free Additional functionality may be added by obtaining the Enhanced Group Management EGM license Table 1 compares Basic Web Tools features to Web Tools with the EGM license The EGM license is only for 8 Gbps platforms such as the Encryption Switch and the 300 5100 and 5300 switches For non 8 Gbps platforms all functionalities are available without the EGM license
192. ement Protocol ISAKMP RFC 4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload ESP and Authentication Header RFC 4869 Suite B Cryptographic Suites for IPsec Web Tools Adminstrator s Guide 53 1002152 01 IPsec concepts 16 TABLE 17 Relevant RFCs Continued RFC number Title RFC 4309 Using Advanced Encryption Standard AES CCM Mode with IPsec Encapsulating Security Payload ESP RFC 4306 Internet Key Exchange Version 2 IKEv2 Protocol RF C4307 Cryptographic Algorithms for Internet Key Exchange Version 2 IKEv2 RFC 3971 Secure Neighbor Discovery RFC 3972 Cryptographically Generated Addresses RFC 3041 Privacy Extensions for Stateless Address Auto configuration in IPv6 Transport mode and tunnel mode Transport mode adds an authentication header AH before the IP header Only a single pair of addresses is used those in the IP header When transport mode is used both endpoints implement IPsec Tunnel mode encapsulates an IP datagram in a new datagram with a new IP header specifying the addresses of the tunnel end points IPsec is implemented between tunnel endpoints IPsec is transparent to the actual endpoints within the IP header in the original packet Figure 39 provides a basic visual comparison of how transport mode and tunnel mode modify an IP datagram ele Sey E DD pd Tunnel Mode PEP New IP header FIGURE39 Transport m
193. en modify the service or destination port protocol and action as necessary Both the source and destination IP addresses are needed for the FWD rule type Only the source IP address is needed for the INPUT rule type as the destination IP address field is disabled T Click OK After you create a policy you can use the following controls on this tab to manage the policies The Edit Policy button lets you select an existing policy and make changes to it e The Show Policy button lets you view the details of the policy in a read only window The Delete Policy button lets you delete a policy The Clone Policy button lets you copy a policy Use this feature when you want to create similar policies After you create a clone you can edit the policy to make the appropriate changes e The Activate Policy button lets you make an existing policy active The Distribute Policy button lets you distribute a policy to various switches e The Accepts Distribution check box lets you set the policy to accept or reject distributions Blade management Web Tools provides the ability to enable and disable blades and to set slot level IP addresses for blades The procedure in this section applies only to the Brocade DCX 8510 4 Brocade DCX 8510 8 or the Brocade DCX and DCX 4S enterprise class platforms Enabling or disabling a blade The Firmware Version columns display the firmware loaded onto each blade A blade can have more than one firmware i
194. enc No encryption is performed a8es128 cbc Advanced Encryption Standard AES 128 bit RFC 4869 block cipher aes256 cbc Advanced Encryption Standard AES 256 bit RFC 4869 block cipher Hash algorithms Hash message authentication codes HMAC check data integrity through a mathematical calculation on a message using a hash algorithm combined with a shared secret key Table 19 lists the available encryption algorithms The sending computer uses the hash function and shared key to compute a checksum or code for the message and sends it to the receiving computer The receiving computer must perform the same hash function on the received message and shared key and compare the result If the hash values are different it indicates that a third party may have tampered with the message in transit and the packet is rejected TABLE 19 Hash algorithm options Hash algorithm Description RFC Publication number aes xcbc Uses a cypher block and extended cypher block RFC 3566 chaining CBC hmac_md5 The MD5 computation produces a 128 bit RFC 1321 hash hmac_shat The SHA1 computation produces a 160 bit FIPS Pub 180 1 hash Pseudo Random Function algorithm The Pseudo Random Function PRF algorithm generates output that appears to be random data using the HMAC chosen as the hash algorithm as the seed value PRF is used to strengthen security Public key certificate based authentication Industry standard X 500 database servers are available as
195. ent Registered Recipient configurations To display a list of Link Incident Registered Recipient LIRR configurations 1 Select a FICON enabled switch from the Fabric Tree 2 Select Tasks Manage Switch Admin 3 Click Show Advanced Mode to see all the available tabs and options 4 Select the FICON CUP tab The FICON CUP page displays the FICON Management Server page in front All attributes on this page are read only until FMS mode is enabled 5 Click the Link Incident Registered Recipient subtab Configuring LIRRs To configure the Link Incident Registered Recipients LIRR perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Select Tasks Manage Switch Admin 3 Click Show Advanced Mode to see all the available tabs and options 4 Select the FICON CUP tab The FICON CUP page displays the FICON Management Server page in front All attributes on this page are read only until FMS mode is enabled 5 Click the Link Incident Registered Recipient subtab 6 Select a port from the list T Click Set Current 8 Click Close 9 Optional The selected port can be reset using the reset button Web Tools Adminstrator s Guide 225 58 1002152 01 17 Displaying Request Node Identification Data Displaying Request Node Identification Data 226 Web Tools displays Request Node Identification Data RNID information for the local switch and for attached FICON devices and FICON channel p
196. er only that there is no configuration active on the fabric When you disable a zone configuration from Web Tools keep in mind that the entire zoning database is automatically saved and then the selected zone configuration is disabled NOTE When you disable the active configuration Advanced Zoning is disabled on the fabric and according to the default zone set devices within the fabric can or cannot communicate with other devices To disable a zone configuration perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select Zoning Actions gt Disable Zoning The Disable Config warning message displays 3 Click Yes to save and disable the current configuration Displaying enabled zone configurations The enabled zone configuration screen displays the actual content of the single zone configuration that is currently enabled on the fabric whether it matches the configuration that was enabled when the current Zone Admin session was launched or last refreshed The zones are displayed and their contents ports WWNs are displayed next to them Aliases are not displayed in the enabled zone configuration If there is no active zone configuration enabled on the switch a message displays to that effect NOTE The enabled configuration is listed in the lower right corner of the Zone Admin window Viewing the enabled zone configuration name without opening the Zone Admin wi
197. er to Chapter 6 Managing Ports for more information NOTE For detailed information on ISL Trunking F Port Trunking and long distance you must install the EGM license on the switch otherwise access to these features is denied and an error message is displayed If the selected Admin Domain does not include ownership of some ports that are physically present on the switch these ports are represented as black rectangles with horizontal gray bars indicating they are not accessible E Ports are visible in all domains You cannot open the Port Administration window by clicking these ports For the Brocade DCX the Port Admin view is launched for ICL ports USB port representation For switches with USB ports the USB Storage Management view is launched for USB ports Figure 6 FIGURE 6 USB port storage management Web Tools Adminstrator s Guide 53 1002152 01 NOTE Viewing Switch Explorer 2 Click the USB port on the switch to launch the USB Storage Management window Switch Events and Switch Information Switch Events and Switch Information display as tab forms under Switch View The information in the Switch Information View is polled every 60 seconds NOTE You can click the column head to sort the events by a particular column and dragthe column divider to resize a column You can also right click a column heading to resize one or all columns sort the information in ascending or descending order or select which column
198. ers 002000 ee 219 Displaying code page information 000 cee ee eee 219 Viewing the control device State 0 00 ee eee 219 Web Tools Adminstrator s Guide 53 1002152 01 Chapter 18 Web Tools Adminstrator s Guide 53 1002152 01 Allow Prohibit Matrix configuration llle 220 Viewing Allow Prohibit Matrix configurations 221 Modifying Allow Prohibit Matrix configurations 221 Activating an Allow Prohibit Matrix configuration 223 Copying an Allow Prohibit Matrix configuration 223 Deleting an Allow Prohibit Matrix configuration 224 CUP logical path configuration lille 224 Viewing CUP logical path configurations 224 Configuring CUP logical pathsS 0e eee 224 Link Incident Registered Recipient configuration 225 Viewing Link Incident Registered Recipient configurations 225 Configuring LIRRS 0 00 cece eee eee 225 Displaying Request Node Identification Data 226 Configuring FCoE with Web Tools In this chapter isole 6s cilia as Chee a Ode es 227 Web Tools and FCoE overview 0 0 c cece eee eee eee 228 Web Tools the EGM license and Brocade Network Advisor 228 Port information that is unique to FCoE 228 Switch administration and FCoE saaana nran 229 FCOE configuration tasks 0 0 0 6 cece eee 229 Qu
199. es deer aie eigen a Gane AAA SE ane Sone 49 Ports enabled with POD licenses and DPOD feature 0000 86 Port octet speed combinations 00 eee eee 94 Basic performance grapns 0 0 cee eee 105 Advanced performance monitoring graphs s lessen 105 Supported port types for Brocade switches 0 0 00 cece eee eee 106 QoS Zone name prefixes osred cee tw nee la em ar wa nba 118 Long distance settings and license requirements 0020e eee 167 User role and perMiSSIONS 2 2 cee eens 176 Relevant RFCS srs amarani nsa Rex a Y rea tS Ya ene Dae CR Y Ren nce Re SR rd 200 Encryption algorithm options llle 204 Hash algorithm options isasid iaciaisso eh 204 FMS mode parameter descriptions llle 218 Web Tools limitations llslleeeeeeeen RII 243 xix XX Web Tools Adminstrator s Guide 53 1002152 01 About This Document In this chapter How this document IS organized iscerasecexex tesxrtkterkreerzra erae xxi Supported hardware and software llle xxii Whats new wu THIS dOOUNIQGEI a dup ado pop KOC ERO AE C ROROR RO CREE e ER xxiii e DOCUMENT DDITVe llli ll e ceerscterxeccerpECRCERECORECCREE C CIE 43 xxiv e NOCE tO GMI SRS eri rrr XXV Additional informiatiori saxa koe a EE ee ears RUTHER ERS XXV Getting technical Delp ss cose ker er CER eee einer EE Y xxvi 9 UMS Lat ee DOR su suciedad RR EU Ronan o Ace a edid A RR caa TE
200. ession automatically ends if no information was sent to the switch for more than two hours Because user key strokes are not sent to the switch until you apply or save the information it is possible for your session to end while you are entering information in the interface For example entering a zoning scheme in the Zoning module does not require you to send information to the switch until you save the scheme Web Tools does not display a warning when the session is about to time out If your session ends due to inactivity all Web Tools windows become invalid and you must restart Web Tools and log in again Web Tools enables sessions to both secure and nonsecure switches Access rights for your session are determined by your role based access rights and by the contents of your selected Admin Domain After you log in you can change to a different Admin Domain at any time However you cannot change your role based permissions Ending a Web Tools session To end a Web Tools session perform one of the following actions e Select Manage gt Logout e Click the X in the upper right corner of the Switch Explorer window to close it e Close all open Web Tools windows Web Tools system logs Web Tools uses the log4j framework to write the logs into a file When you launch Web Tools for the first time it automatically creates the following directories These directories are created under Web Tools directory if they are not available e A
201. est the cursor over a blade to view the blade ID and its status It is easier to use the top of the blade to display the tool tip so that you do not inadvertently display the port tool tips Firmware versions and IP addressing are displayed for CP blades When you rest the cursor over a port you can view the port name e port ID port beacon e port number e port index e port type E F L D Ex GlGe or U Port Web Tools Adminstrator s Guide 53 1002152 01 Right click options 2 e port status online or offline e port state in sync no sync no light or no module Right click options You can right click a port to quickly perform some basic port administration tasks as shown in Figure 7 FIGURE 7 Right click menu for ports from Switch Explorer The tasks are e The Port Admin option displays the Port Administration window The Port Details option displays read only information about a port without opening the Port Administration window You can right click on the table content to export or copy the information from the Port Details window e The Configure option provides another menu of options to allow you to rename enable and disable ports and to set persistent enable or disable without opening the Port Administration window Refresh rates Different panels of Web Tools refresh at different rates The refresh or polling rates listed in this section and throughout the book indicate the tim
202. evices element in the tree to display a count of all the physical and proxy LSAN devices Note that this count is for all of the LSAN fabrics Click the Physical Devices or Proxy Devices element in the tree to see a detailed list of the physical or proxy devices Click the device name in the tree for more detailed information about a specific device Configuring the backbone fabric ID 150 Web Tools automatically disables FC FC Routing before setting the fabric ID You should manually enable FCR after setting backbone FID However you must first disable all of the EX_Ports before you begin this operation After the fabric ID is changed you must re enable these ports Web Tools Adminstrator s Guide 53 1002152 01 Configuring the backbone fabric ID 11 NOTE When the Virtual Fabrics capability is enabled on the switch Fabric ID cannot be set using the Set Fabric ID button To configure the backbone fabric ID perform the following steps oa e WN p Open the Switch View window Select FCR in the Manage section of the Tasks menu Select the EX Ports tab Select all the EX_Ports in the table and click Disable Select the General tab Click Set Fabric ID in the task bar The Configure Backbone Fabric ID window displays Select a fabric ID from the drop down menu NOTE The fabric ID is a number from 1 through 128 Web Tools warns you if you select a fabric ID that is already in use Click OK Click Enable FCR in the task
203. f you attempt to use this feature in Web Tools without the license an error message displays Trunking must be enabled on the ports e The trunking license must be enabled on the switch in Access Gateway mode The ports should not be configured for long distance connections e The ports should not be port swapped When you create an F Port trunk you create a logical entity called a trunk index TI which represents the physical ports The TI represents all ports in the trunk If a master port fails and a slave port takes over the TI remains the same The EGM license is required only for 8 Gbps platforms such as the following Brocade Encryption Switch e Brocade 300 5300 and 5100 switches e Brocade VA 40FC Brocade 8000 Brocade 7800 For non 8 Gbps platforms all functionality is available without EGM license Creating and maintaining F Port trunk groups The FS8 18 Encryption blade provides trunk groups with a maximum of eight ports per trunk group The trunk groups are in the blade port ranges O 7 and 8 15 which are applicable to front end ports On the Brocade Encryption Switch the trunk groups are in the port ranges O 7 8 15 16 23 and 24 31 which are applicable on the front end ports User this procedure to create an F Port trunk group and to add or remove member ports 1 Select Port Admin 2 Click Show Advanced Mode Web Tools Adminstrator s Guide 101 53 1002152 01 7 102 F Port trunk group
204. fer Needed Allocated The number of buffers needed and the number of buffers that are actually allocated Web Tools Adminstrator s Guide 165 53 1002152 01 14 Extended link buffer allocation overview 166 Actual Distance km The actual distance for the link in kilometers Desired Distance km Required for a port configured in LD or LS mode Table 15 on page 167 the desired distance in kilometers for the link For an LD mode link the desired distance is used as the upper limit of the link distance to calculate buffer availability for other ports in the same port group If the measured distance is more than the desired distance the desired distance is used to allocate the buffers In this case the port operates in degraded mode instead being disabled due to insufficient buffers For an LS mode link the actual distance is not measured instead the desired distance is used to calculate the buffers required for the port Long Distance Table 15 describes the long distance settings and identifies which settings require a Brocade Extended Fabrics license sw0 Switch Administration SwitchName swO DomainlD 2 0x2 WAAN 10 00 00 05 16 38 49 54 Fri Jun 19 2009 18 44 58 GMT 00 00 SNMP Configure Routing Extended Fabric AAA Service Trace FICONCUP Security Policies Extended Fabric Administration Switch if Network i Firmware Download License iS pert N Buffer Pot Buffer Link Desired
205. g Add Add Ports or Add Devices as described below e Select a switch port or device in the Available Members tree and click Add to add the selected element Alternatively you can press the Insert key to add your selections e Select a switch or slot and click Add Ports to add all of the ports in the selected switch or slot Select a switch slot or port and click Add Devices to add all of the devices for the selected element Optional Click Manual to add offline switches and devices Remove members from the Admin Domain by selecting them in the Selected Members section and clicking Remove Alternatively you can press the Delete key to remove selected items Click Next Use the summary to verify that the Admin Domain setup is correct 8 Click Finish Web Tools Adminstrator s Guide 71 53 1002152 01 5 Modifying Admin Domain members 9 Select Actions Save AD Configuration to save the new Admin Domain configuration to persistent storage 10 Select Actions gt Apply AD Configuration to enforce the new Admin Domain configuration as the effective configuration Renaming Admin Domains You can change the name of an Admin Domain including an auto assigned ID name The Admin Domain name cannot exceed 63 characters and can contain alphabetic and numeric characters The only special character allowed is an underscore _ NOTE You cannot rename ADO or AD255 To rename an Admin Domain perform the following steps
206. g list describes the high level tasks in a Suggested order Quality of Service QoS configuration optional If you intend to implement a specific QoS scheme to prioritize data traffic it is recommended that you finish your QoS configuration before you begin port configuration QoS values are referenced when you configure ports LLDP DCBX configuration optional If you intend to implement DCBX it is recommended that you finish LLDP DCBX configuration before you configure ports LLDP DCBX values are referenced when you configure ports DCB interface configuration mandatory Web Tools Adminstrator s Guide 229 53 1002152 01 18 Quality of Service configuration Link Aggregation Group LAG configuration mandatory Ports must be configured before they can be placed into a LAG The parameters applied to the LAG reflects on each port that is member of the LAG VLAN configuration optional Port and LAG names are referenced in VLAN configuration and must be defined before you can successfully complete a VLAN configuration Login group configuration optional Login group configuration is not dependent on any of the above configurations It can be done as a separate task Quality of Service configuration As a general concept Quality of Service QoS is a mechanism for classifying and scheduling data traffic based on priority settings QoS can be used to control traffic congestion allocate bandwidth and carry data traffic
207. ged by another user or from another interface for example the CLI while Web Tools zoning changes are still pending the refresh icon starts to blink after a 15 30 second polling delay You can then decide to refresh the current Web Tools zoning view to reflect the new externally changed contents of the fabric zoning database in which case any pending local changes are lost or you can ignore the blinking refresh icon and save your local changes overwriting the external changes that triggered the icon to blink You can refresh zoning to back out of current unsaved work and start over You can refresh the zoning information at any time either using the refresh icon whether it is flashing or not or from the View menu The following procedure updates the information in the Zone Admin window with the information saved in the zoning database on the switch ATTENTION When you refresh the buffered information in the Zone Admin window any zoning configuration changes you made and not yet saved are erased from the buffer and replaced with the currently enabled zone configuration information that is saved on the switch To refresh the Zone Admin window perform the following steps 1 Launch the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select View gt Refresh Zoning or click Refresh This re displays the information in the Zone Admin window with the information in the switch s zoning database Th
208. gged into the switch using a user name with one of the following roles associated with it to make changes to the zoning zoneAdmin admin fabricAdmin or any user defined role with modify rights All other roles allow only a view or read only access Most of the zoning operations are disabled in read only mode A snapshot is taken of all the zoning configurations at the time you launch the Zone Admin window this information is not updated automatically by Web Tools To update this information refer to Refreshing Zone Admin window information on page 121 Web Tools Adminstrator s Guide 119 53 1002152 01 9 Zoning management When you log in to a virtual switch or select a virtual switch using the drop down list under Fabric Tree section in the Switch Explorer window only the ports that are associated with the Virtual Fabric ID you selected are displayed in the member selection list as shown in Figure 23 You can use the Add Other button to add ports of other switches in the fabric 4 Zoning Modes b Larai Basic Zones Print Edit View Zoning Actions Traffic Isolation Zones CI New v Resource View vV e Refresh v Enable Config Save Config Clear All Alias Zone Zone Config Name FCIP Alias w New Alias Delete Rename Member Selection List Alias Members E Ports amp Attached Devices 8 Members 4 Members E lt P 50 WT Elara 48 8 Ports l 50 0 U Port PID
209. gh the default zone mode access is set to No Access you can still create and enable zones within each Admin Domain These zones are configurable only from the Admin Domain in which they were created Indirect port members cannot be zoned Web Tools Adminstrator s Guide 65 53 1002152 01 5 Admin Domain window To enable Admin Domains perform the following steps 1 Change the Admin Domain context to ADO Refer to Changing the Admin Domain context on page 21 NOTE Changing the Admin Domain context requires using Web Tools with the EGM license otherwise access to this feature is denied and an error message displays Change the Default Zone mode to No Access Refer to Setting the default zoning mode on page 119 for more information 2 Navigate to AD255 or the physical fabric and begin managing the Admin Domains Admin Domain window You can view and manage Admin Domains through the Admin Domain window If you are not using Web Tools with the EGM licensed installed managing Admin Domain operations is denied and an error message displays The EGM license is required only for 8 Gbps platforms such as the e Brocade Encryption Switch e Brocade 300 5300 and 5100 switches e Brocade VA 40FC e Brocade 8000 Brocade 7800 For non 8 Gbps platforms all functionalities are available without EGM license The Admin Domain window displays information about the Admin Domains that are defined in the fabric If you launch the Admin
210. h Information tab Base Switch Default Switch and Allow XISL Use are specific to Virtual Fabrics These options perform these functions e Base Switch indicates whether or not the logical switch can act as a base switch A base switch is a special logical switch that can be used for chassis interconnection Each chassis may only designate only one logical switch as a base switch e Default Switch indicates whether or not the logical switch is the default logical switch The default logical switch is equivalent to the normal discovered physical switch topology It is automatically assigned fabric ID 128 If you do not log in to a specific logical switch using Options on the login dialog box the default logical switch displays in the Switch View e Allow XISL Use indicates whether or not the logical switch is allowed to connect to other logical switches using an extended inter switch link XISL Base switches may use XISLs Dynamically created logical switches can use the XISL for traffic only if Allow XISL Use is enabled through CLI using the configure command To select a logical switch perform the following steps 1 Use the Logical Switch selector to select the fabric ID You must have the EGM license installed to view the Logical Switch selection on a Brocade 5100 5300 or VA 40FC A dialog box displays asking you to confirm your selection 2 Click Yes to confirm The selected logical switch displays Note that the Logical Switch se
211. hat creates a dedicated path for a specific traffic flow When an enhanced TI zone is activated inter switch traffic from a zone member is directed to E Ports that are included in the TI zone Traffic from outside the TI zone is excluded A maximum of 255 TI zones can be configured LSAN devices can be added only in TI zones created in the backbone switch A port may be assigned to more than one enhanced TI zone in a fabric A port can be part of more than one enhanced TI zone provided following conditions are satisfied e All the switches in the fabric should have Fabric OS v 6 4 or later e Aport can be assigned to multiple TI Zones that have the same failover state e The fabric is composed entirely of Condor 2 or GoldenEye 2 switches To create and populate an enhanced TI zone perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Under Zoning Modes select Traffic Isolation Zones The Traffic Isolation Zones view displays 3 Click New on the menu bar The Add TI Zone dialog box displays 4 Expand the Member Selection List to view the nested elements Select an element in the Member Selection List that you want to include in your zone The right arrow becomes active 6 Click the right arrow to add the zone member The selected member is moved to the Zone Members window NOTE All switches in the fabric must be running Fabric OS v6 4 0 or later and all the ports in th
212. he Zone Admin window on page 118 2 Select Edit gt Search Member 3 Enterthe zone member name in the Member Name field Optional Narrow the search by selecting one or more of the check boxes such as Match Case 4 Click Next to begin the zone member search Clearing the zoning database Use the following procedure to disable the active zoning configuration if one exists and delete the entire zoning database You must disable any active configuration before you can delete the zoning database ATTENTION This action not only disables zoning on the fabric but also deletes the entire zoning database This results in all devices being able to communicate with each other To clear the zone database perform the following steps 1 Openthe Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select Actions gt Clear All The Disable Config wizard displays 3 Click Yes to do all of the following in the wizard e Disable the current configuration e Clear the entire contents of the current Web Tools Zone Admin buffer Delete the entire persistent contents of the fabric zoning database The wizard allows you to define one and only one name for each device port WWN Devices with one or more aliases are considered already named and are not displayed Web Tools Adminstrator s Guide 135 53 1002152 01 9 Best practices for zoning Zone configuration analysis You must use Brocade Network Advisor to analyze
213. he absence of pre existing devices Select this check box to issue an RSCN upon completion of loop initialization regardless of the presence or absence of new or pre existing devices Configuring system services You can enable or disable FCP read link status RLS probing for F Ports and FL Ports It is disabled by default To configure system services perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Disable the switch as described in Enabling and disabling a switch on page 37 Select the Configure tab Select the System subtab Select the Disable RLS Probing check box to disable RLS probing a B WN Or Clear the check box to enable RLS probing 6 Click Apply Enable the switch as described in Enabling and disabling a switch on page 37 Configuring signed firmware When the firmware is downloaded to a device the system can validate the firmware based on a configuration setting By default the signed firmware download is not validated NOTE During the first download the system ignores the signed firmware After the first download the public key is downloaded and then in subsequent downloads you can turn on the feature You can view the public key on the Firmware Download tab in the Switch Administration window Web Tools Adminstrator s Guide 43 53 1002152 01 Licensed feature management To configure the signed
214. he link is used over long distances use the Extended Fabric tab of the Switch Administration window to configure the long distance setting of a port Because buffer credits are a switch resource you must own the switch in order to modify extended fabric settings on a port The EGM license must be enabled on the switch otherwise access to configuring long distance is denied and an error message displays The Extended Fabric tab displays information about the port speed long distance settings and buffer credits as shown in Figure 32 on page 166 For detailed information on managing extended fabrics refer to the Fabric OS Administrator s Guide The Extended Fabric tab displays the following columns Port Number e Buffer Limited Indicates whether the port is buffer limited A buffer limited port can come online with fewer buffer credits allocated than its configuration specifies allowing it to operate at a reduced bandwidth instead of being disabled for lack of buffers Buffer limited operation is supported for the LS and LD extended ISL modes only and is persistent across reboots switch disabling and enabling and port disabling and enabling e Port Speed The port speed is displayed as follows 41G 1 Gbps 2G 2 Gbps 4G 4 Gbps 8G 8 Gbps 10G 10 Gbps N1 Negotiated 1 Gbps N2 Negotiated 2 Gbps N4 Negotiated 4 Gbps N8 Negotiated 8 Gbps N16 Negotiated 16 Gbps Auto Negotiation Buf
215. hed switches and their ports It also displays all the devices in the fabric Slot and port information of other switches are not displayed in the tree The Admin Domain window has the following buttons in a task bar at the top of the window e New allows you to create a new Admin Domain Printallows you to print the current or effective configuration e Refresh allows you to refresh the information for the entire fabric or a specific Admin Domain e Apply allows you to apply a configuration e Save allows you to save a configuration Clear allows you to clear the configuration You can right click on any of the table content in the Admin Domain window to access Export Copy and Search options The options are not available if the table does not have any content MUI accept the Brocade Certificate at the beginning of the log in to Web Tools to enable the functionality of Export and Copy e Click Export Row or Export Table to save the contents to a tab delimited file e Click Copy Row or Copy Table to copy the contents in tab delimited text format to a file e Click Search to search for a specific text string in the table The Switch Members dialog box displays In the Switch Members dialog box enter the text string and press Enter This is an incremental search and allows 24 maximum characters including the wildcards question mark and asterisk The first row containing the text string is highlighted To find the next match press
216. hes Chapter 3 In this chapter Fabric and switch management overvieW 00 ccc eee eee 31 Configuring IP and subnet mask information 20 000 00s 33 Configuring Netstat Auto Refreshi 2 2 loss o rro sirieni RE da Configuring a syslog IP address oo cca ed ee eee eee eee 34 Removing s Syslog IP address cca rr ctacestav ee bara AER GU REDE dE 34 e Cianngurg IP SI HE casae ccaatkesk ees hewesa esce nre RE dra do Bidde I dl EE T TL TT T ITI ET 35 GWEN COMEU ION uo scare d a d AE aE EE aires E CAUCA 37 oS MES strc ERA Dd CR ER E ee CER hue ard a d Res hes ome 39 System canf ration parameters a serasa cuum mr neck Sale alee 39 Licensed feature ARSENE xaaaa aca tikin Gp a ER AOI RO AGRCIEOR nae CR 44 e High Avallabillit OWePVIBW a2 nx aac nexr E Rua eg hence Sic RE Re a 46 OE SEE Mi MNES acea acie RR noi ma eph eec qi Rx RAM RE nica lA RR 48 Displaying the Name Server entries isses kae sone RR ERE ERES 51 e Physically locating a switch using beaconing lslslseese 53 e Locating logical switches using chassis beaconing 53 Virtual Psblos DVel ION usce qox i YR ERR RACER RERO RR ORC GE RUE CR 53 Fabric and switch management overview Most of the management tasks described in this chapter are accessed through the Switch Administration window Information in the Switch Administration window is retrieved from the selected switch as shown in Figure 8 on page 32 Web T
217. hes domains on the switch and it is replicated on a standby CP if one is present It is saved in a configuration upload and can be applied to other switches in a configuration download You should configure at least two RADIUS servers so that if one fails the other server assumes the service You can configure RADIUS even if it is disabled You can configure up to five RADIUS servers You must be logged in as admin switchadmin or securityadmin to configure RADIUS To configure RADIUS perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the AAA Service tab 3 Click Add The RADIUS Configuration dialog box displays You can configure up to five RADIUS servers If five RADIUS servers are already configured the Add button is disabled 4 Enterthe RADIUS server name as a valid IP address in either IPv4 or IPv6 format or Dynamic Name Server DNS string Each RADIUS server must have a unique IP address or DNS name for the RADIUS server Enter the port number Enter the secret string Enter the timeout time in minutes o sog Select either CHAP or PAP as the authentication protocol The default value is CHAP and if you do not change it CHAP becomes the authentication protocol 9 Click OK to return to the AAA Service tab 10 Click Apply Modifying the RADIUS server To change the parameters of a RADIUS server that is alre
218. hibit Matrix parameters NOTE While enabling FMS mode with online devices connected to ports with addresses of OxFE or OxFF the following error displays FMS mode enable failed due to port s with areas OxFE or OxFF is are connected to device s User must disable the ports or remove the online devices from those ports that are mapped to the OxFE or OxFF address To use FICON CUP you must do the following e Install a FICON CUP license on a FICON director e Enable FICON Management Server FMS mode on the FICON director Web Tools Adminstrator s Guide 215 53 1002152 01 17 Enabling port based routing e Install a FICON CUP license on the Brocade switch e Configure CUP attributes FMS parameters for the FICON director FMS mode enable failed due to ports with areas OxFE or OxFF are connected to devices You can use Web Tools for all of these tasks You can also use Web Tools to manage FICON directors when FMS mode is enabled on those directors to do the following Display the control device state Display a code page Manage port connectivity configuration You do not need to install the FICON CUP license to perform FICON CUP management you must install the FICON CUP license however if your switch is to enforce traffic between the FICON director and the host based management program NOTE If the switch does not have the FICON CUP license installed Web Tools prevents the enabling of FMS mode and displays the foll
219. hich is free With FLEXIBLE ALPA option the host login is accepted with either the requested ALPA value or a different ALPA value With STRINGENT ALPA if the requested ALPA value is not available the login is rejected The Enable Disable of Persistent ALPA feature is available on the Switch tab of the Switch Admin dialog The Persistent ALPA tables start populating as soon as the Access Gateway boots and the devices start logging in NOTE Persistent ALPA is supported on all the Access Gateway platforms except the Brocade Encryption Switch Persistent ALPA is not supported in non Brocade fabric and the Brocade 8000 To configure Persistent ALPA perform the following steps 1 Select Switch gt Switch Admin gt Switch tab 2 Select the enable radio option of Persistent ALPA Web Tools Adminstrator s Guide 53 1002152 01 Configuring Port Octet Speed Combination 6 After selecting enable the stringent and flexible radio buttons are enabled Neither radio buttons are selected by default Select either stringent or flexible Click Apply Close the Switch page Select Port Admin Select an F Port or U Port from the device tree or Port List table Click ALPA Map 0 noc 5 o Persistent D Configure F N Port Mappings Persistent ALPA v A n wmonn 47 FIGURE 15 ALPA Map selection A dialog launches listing the Port WWN to ALPA Map with the host The Port WWN map automatically populates I Port WWN M
220. hing Admin Domain information Any changes you make in the Admin Domain window are saved to a local buffer They are not applied to persistent storage until you invoke one of the transactional operations listed in the Actions menu You can refresh the Admin Domain information at any time to reflect changes that might have been made by other users or to back out of current unsaved work and start again ATTENTION When you refresh the buffered information in the Admin Domain window any Admin Domain configuration changes you made and not yet saved are erased from the buffer and replaced with the currently enabled Admin Domain information that is saved on the switch To update the information in the Admin Domain window with the information saved on the switch perform the following steps 1 Inthe Admin Domain window click the Refresh arrow 2 Click Refresh Admin Domains The information in the Admin Domain window is updated with the saved information on the Switch This action also refreshes the fabric information as described in Refreshing fabric information on page 68 Any unsaved Admin Domain changes are deleted Saving local Admin Domain changes All information displayed and all changes made in the Admin Domain window are buffered until you save the changes That means that any other user looking at the Admin Domain information for the switch does not see the changes you made until you save them Web Tools Adminstrator s Guide 53
221. hot Error P P N A SID DID Performance P P N A SCSI Commands P N A N A SCSI vs IP Traffic P N A N A 1 The Blade Aggregate Throughput graph is supported only on the Brocade DCX and DCX 4S enterprise class platforms The labeling of the axes in the graphs depends on the switch type e For the Brocade DCX 8510 8 DCX 8510 4 and the DCX and DCX 4S enterprise class platforms slot numbers are displayed with expansion arrows next to them as shown in Figure 20 on page 107 Click the arrows to expand and contract the list of ports per slot e Switches such as the Brocade 300 5100 5300 6510 8000 VA 40FC 7800 Extension and the Brocade Encryption Switch do not have slot numbers because they have no blade FRUs and therefore there is no need for slot numbering e For Brocade the Brocade DCX 8510 8 DCX 8510 4 and the DCX and DCX 4S enterprise class platforms the X axis scales up to 409 6 Gbps in multiples of 2 For Brocade 300 5100 5300 VA 40FC 6510 8000 7800 Extension and the Brocade Encryption Switch the X axis scales up to 8 0 Gbps in increments of 0 8 Gbps Port throughput utilization is represented by a horizontal bar for each selected port The horizontal bar gets longer or shorter depending on the percent utilization for that port at the last poll time Thin short vertical intersecting bars give a historical perspective by representing the highest and lowest values reached for each selected port since the graph was opened A third
222. hs Each canvas can hold up to eight graphs per window with six shown in Figure 21 Up to 20 canvases can be set up for different users or different scenarios Each canvas is saved with a name and an optional brief description File Performance Graphs Window w Port Throughput Port Throughput Port 0 Port Speed 2G Ref rate 30 Secs Transmitted Bytes sec Received Bytes sec Trunk Grp 10006 1006 106 16 100M lt Port Snapshot Error Port Snapshot Error Ref rate 30 Secs CRC Errors Frames sec Switch Aggregate Throughput Switch Aggregate Throughput All Ports Ref rate 30 Secs Transmitted Bytes sec Received Bytes sec 1000G umm 1006 miS witch Percent Utilization Switch Percent Utilization Ref rate 30 Secs Switch Throughput Utilization Ref rate 30 Secs w Port Error Port Error Port 2 Ref rate 30 Secs CRC Errors Frames sec 10006 1006 v gt Host 192 168 163 238 AD ADO User admin Role admin FIGURE21 Canvas of six performance monitoring graphs Opening the Performance Monitoring window To perform performance monitoring you must use Web Tools with the EGM license otherwise when you click on the Performance Monitor tab access to this feature is denied and an error messages displays To open the Performance Monitoring window perform the following steps 1 Select a switch from the Fabric Tree and log in when prompted 2 Inthe Monitor a
223. ias The right arrow becomes active T Click the right arrow to add alias members Selected members move to the Alias Members window 8 Optional Repeat steps 6 and 7 to add more elements to the alias Optional Click Add Other to include a WWN or port that is not currently a part of the fabric 10 Select Actions gt Save Config to save the configuration changes Adding and removing members of a zone alias For more information on enabling the configuration refer to Enabling zone configurations on page 131 NOTE When you assign a node WWN to an alias or zone all of the WWPN s associated to that Node are also moved This functionality is supported only for IMO mode This behavior is duplicated in Brocade Network Assistant zoning This functionality is supported only by selecting the node WWN and assigning it to the alias or zone To add or remove zone alias members perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Alias tab 3 Select the alias you want to modify from the Name list 4 Select an element in the Member Selection List that you want to add to the alias or select an element in the Alias Members list that you want to remove 5 Click the right arrow to add the selected alias member or click the left arrow to remove the selected alias member The alias is modified in the Zone Admin buffer 6 Select Zoning Actions gt Sa
224. ical fabric administrator in AD255 System defined Admin Domains ADO and AD255 are special Admin Domains and are present in every AD capable fabric ADO ADO is a system defined Admin Domain that in addition to containing members you explicitly added similar to user defined Admin Domains it contains all online devices switches and switch ports that were not assigned to any user defined Admin Domain ADO also implicitly contains all devices from switches running Fabric OS versions earlier than 5 2 0 as they can never be part of an Admin Domain unless they are upgraded to v5 2 0 or later Unlike user defined Admin Domains ADO has both an automatic membership list and a fixed membership list User defined Admin Domains have only a fixed membership list e Automatic membership list Contains all devices and switches that were not assigned to any other Admin Domain e Fixed membership list Contains all devices and switches that you explicitly add to ADO and can be used to force device and switch sharing between ADO and other Admin Domains The Admin Domain window displays the fixed members and not the automatic members you can use the View menu to display a list of the automatic members ADO can be managed like any user defined Admin Domain The only difference between ADO and user defined Admin Domains is the automatic membership list In filtered views the automatic members of ADO are considered direct members The automatic
225. ical fabric level Admin Domain considerations ACL management can be done on AD255 and in ADO only if there are no other user defined Admin Domains Both ADO when no other user defined Admin Domains exist and AD255 provide an unfiltered view of the fabric If there are user defined Admin Domains then ACL management can be done on AD255 only Creating an SCC DCC or FCS policy You can create the FCS policy only once To create an SCC DCC or FCS policy perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Security Policies tab Select the ACL subtab Select a policy by clicking on the appropriate tab SCC DCC or FCS Click Edit ow B p m This launches the ACL Policy Configuration wizard D Select the policy type you want to edit Click Next and click Create 8 SCC Option Add switches to an SCC policy by selecting one or more switches and clicking Add or Add All 9 SCC Option To add an offline switch click Add other Switch and enter the WWN 10 DCC Option Select the ports to add to a DCC policy When you launch the DCC Policy Configuration wizard only the launched switch and its ports are listed in the tree All the devices in the fabric are also listed in the tree 11 In the ADD Domain Port Index field enter the value in the Domain Index format and click Add 12 Click OK to confirm the changes to the
226. ick Refresh to display the new licenses in the License tab Some licenses such as the Trunking or Brocade 7800 upgrade license do not take effect until the switch is restarted Assigning slots for a license key This feature allows to increase the capacity without disrupting the slots that already have licensed features running NOTE You can enable slot based licenses only on 10 Gigabit Ethernet FTR 10G Advanced Extension FTR AE and Advanced FICON Acceleration FTR AFA features To assign slots for a license key perform the following steps Web Tools Adminstrator s Guide 53 1002152 01 Licensed feature management 3 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the License tab Select the license key for which you want to assign slots from the License Administration table The Assign Slots window displays 4 Select the slots you want to assign Click OK Removing a license from a switch To remove a license from a switch in the Switch Administration window perform the following steps ATTENTION Use care when removing licenses If you remove a license for a feature that feature no longer works 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the License tab Click the license you want to remove 4 Click Remove Universal time based licensing After v
227. ick ae eee eee n sene ew e ce RE er s 91 ALPA Map selectiol socio RE tessa Rx Rex yerREX C RREXG bee dab ee 93 ALPA Map dialog siot orsi rk er br EE ge ang Rh ea eee 93 FC Explorer dialog 4 3 os ue tr Dh dte Pia eR d RC hes 94 Port Octet Speed Combination dialog 0 00 cece 94 TRUNKINS TAD eased teen ter EST 100 Accessing performance graphs 0 0 c eee eee eee 107 Canvas of six performance monitoring graphs llle leues 108 Select Ports for customizing the Switch Throughput Utilization graph 110 Zone Admin WIBdOW soa cess eee teehee eee eee Eee ed eae MUERE 120 Sample zoning database 0 0 cee eee 129 Temperature Sensor States window 000s 140 Fan States window llle nnn 140 Power States windOW sseseeeeeee een 141 Switch Report WiNdOW 2 ce ren 142 Switch Status Policy dialog DOX 0 0 6c eee 144 Switch Explorer view for Access Gateway mode 500e eee eee 154 Access Gateway Auto Rebalancing liliis 161 Extended Fabric tab mesa chews eee recede dee e RR e aoa wees R 166 ROUNE cio PC Dm 170 User tab s c ren oce cron eo bids arta cse t m aces SEE Mea Aei 177 Add User Account dialog box VF 0 2 0 0c cece tenes 178 Add User Account dialog box AD 2 00 eee eee 178 xvii xviii Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Switch Admin Add User D
228. ient Name Webtools Status Healthy Fabric OS version v5 3 0 main bld34 WAN 10 00 00 05 1e 53 89 cf Type 67 0 Mode Access Gateway Mode i2 Ethernet Ethernet IPv4 10 35 52 150 Ethernet IPv4 netmask 255 255 240 0 Ethernet IPv4 gateway 10 35 48 1 Ethernet IPv6 None Other Manufacturer serial number AKDO31 3D00L Supplier serial number License ID 10 00 00 05 16 53 89 cf ees gt Free Professional Management Tool 10 35 52 150 User admin Role admin FIGURE30 Switch Explorer view for Access Gateway mode The Access Gateway mode Switch Explorer is divided into the following areas e Menu bar Tasks e Switch View buttons e Switch Events and Access Gateway information e Indicator bar e Professional Management Tool offering e Switch View 154 Web Tools Adminstrator s Guide 53 1002152 01 Access Gateway mode 12 Access Gateway mode The Access Gateway feature on the Brocade Encryption switch and the Brocade 8000 enables interoperability with the Cisco fabrics The Access Gateway mode of the switch presents standard F Ports to the hosts but it connects to the Enterprise fabric as N Port rather than as E Port in case of a regular switch Restricted access in the Port Administration window When Access Gateway mode is enabled the following options are disabled in the Port Administration window Port Configuration Policy Configuring the Auto or Advanced mode under Port Configuration P
229. ile is to downloaded The selector displays all the virtual fabric IDs that have been defined the default of 128 for the physical switch chassis level configuration and all chassis and switches 8 Enterthe fabric ID of the logical switch in Template Fabric ID NOTE If you are using a USB device it must be connected and mounted before you upload or download Refer to Uploading and downloading from USB storage on page 60 for more information 9 Click Apply You can monitor the progress by watching the Upload Download Progress bar Admin Domain configuration maintenance When you log in to the switch as a physical fabric administrator and back up a configuration all local switch configuration parameters are saved as well as all Admin Domain membership information and Admin Domain zone databases To perform a configuration upload or download you should have the Admin Domain of AD255 or ADO if no other user defined Admin Domains exist A configuration upload or download gathers all the configuration files for the fabric including Admin Domains For more information on Admin Domains refer to Requirements for Admin Domains on page 63 When the configuration is backed up one of the following scenarios is possible e If the current Admin Domain does not own the switch and you are logged in with any role that allows configuration upload or download the following items are saved in the configuration file Local zone configurat
230. ination of protocols and algorithms applied to a flow of IP packets IPsec unidirectional and policies need to be applied to both inbound and outbound flows Part of adding an IPsec transform policy is to select an IPsec Protection Type The choices are discard bypass and protect Discard causes data packets to be rejected if there is an invalid pair of source and destination addresses or invalid port addresses Bypass allows a data packet to be transmitted or received without IPsec protection Process indicates a data packet is processed using IPsec encryption IKE authentication or both using encapsulation security protocol ESP processing or authentication header AH protocol processing To add an IPsec transform policy perform the following steps 1 Select the Transforms tab The Transforms screen displays Select Add The Add Transform dialog box displays Enter a name in the Transform Name field Select the IPsec Mode The choices are Transport or Tunnel Enter the SA Proposal name Select the IPsec Protection Type option Select the IKE Policy Name option IKE policies need to be created before adding a transform policy If there are no names to select from you must create an IKE policy Optional Enter a local and peer IP address Click OK Adding an IPsec selector Selectors are used to apply transform policies to an IP flow Flows are uni directional Selectors are associated with a specific source IP
231. indow 2 Select the FC Ports tab 3 Click Show Advanced Mode 4 Fromthe tree on the left select the port you want to swap 5 Click the General tab NOTE The Port Index attribute on the General tab indicates whether a port was swapped For ports that were swapped the attribute name displays as Port Index Swapped as shown in Figure 14 The value indicates with which port index the port was swapped t General SFP Port Statistics Rename Edit Configuration Disabla Disable NPI Port Swap RI General Port Number 4 0x4 Port Name Port WAN 20 04 00 05 16 38 49 54 Port Media Port Type U Port Port protocol FC Allowed Port Type E Port F Port L Port Speed Gb s N4 Speed Configured Auto Negotiate Ingress Rate Limit Gb s Not Available QOS Status Enabled Long Distance Mode LO Normal Desired Distance km N A Port Status Mo Module Controllable Yes Licensed Yes FC Fast Write Enabled Teise Trunk Port State Master Port FIGURE 14 Port swapping index Web Tools Adminstrator s Guide 91 53 1002152 01 6 Configuring BB credits on an F Port Configuring BB credits on an F Port In Fabric OS v6 4 0 and later you can configure the BB credits value on an F Port Follow the steps given below 1 Select a port in the Switch View to open the Port Administration window Select the FC Ports tab Click Show Advanced Mode Click F Port BB Credit Enter the BB credit value in the Enter BB Credit field the default value is 8 a B Y
232. ined at the ingress Fabric port or Fabric Loop port F FL when the frame enters the fabric for the very first time To maintain the same flow priority for a frame across all the ISL hops in a fabric the same VC number is used while transmitting the frame at the egress E Port until it is out of the fabric thru a F FL port The main difference between QoS Zone method of classification and CSCTL VC based method of classification is how the VC number is computed when the frame enters into the fabric thru an F FL port and of course the manner of setting up these two frame classification methods Once the CSCTL mode is enabled on an F FL port in a switch the CSCTL value in the frame header of all the incoming frames on that F FL port are used to index into the ASIC s CSCTL database table to compute the VC number which will define the frame s flow priority throughout its life in the fabric until it exits out of the fabric thru another F FL port The QoS links ISLs preserve this classification during frame s traversal across all the hops in the fabric NOTE When CSCTL mode and QOS zones are enabled QoS zones lose priority to CSCTL mode To enable CSCTL mode perform the following steps 1 Select Port Admin Advanced mode 2 Selectthe F Ports to configure 3 Select CSCTL Mode gt Enable To disable CSCTL mode perform the following steps 1 Select Port Admin Advanced mode 2 Select the F Ports to configure 3 Select CSCTL Mode g
233. inistration window as described in Opening the Switch Administration window on page 33 Select the User tab Click Set Password Rule The Configure Password Rule dialog box displays Fill out the dialog box for the password rules you want to enforce The available options are e Minimum number of days 0 999 before you can change the password again e Number of days 0 999 before a password expires e Number of password changes before you can reuse a password e Minimum password length 8 40 characters e Minimum number of uppercase and lowercase characters required e Minimum number of digits and punctuation characters required e Number of characters that can be repeated in the password e Number of failed login attempts 0 999 before the password is locked from further change attempts and the amount of time the password is locked 0 99999 minutes e Number of days to warn user before password expiration 0 999 Select whether to enable or disable the lockout administration features If you select to disable the lockout administration the user is never locked out of the system Click OK to close the dialog box Click Apply to save your changes Web Tools Adminstrator s Guide 53 1002152 01 User defined roles 16 Setting a password as expired To set a password as expired perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select
234. int to Gateway In an endpoint to gateway configuration a protected endpoint connects through an IPsec protected tunnel This can be used as a virtual private network VPN for connecting a roaming computer like a service laptop to a protected network Internet Key Exchange concepts Internet Key Exchange IKE is used to authenticate the end points of an IP connection and to determine security policies for IP traffic over the connection The initiating node proposes a policy based on the following e An encryption algorithm to protect data Ahash algorithm to check the integrity of the authentication data e A Pseudo Random Function PRF algorithm that can be used with the hash algorithm for additional cryptographic strength e An authentication method requiring a digital signature and optionally a certificate exchange e A Diffie Hellman exchange that generates prime numbers used in establishing a shared secret key Web Tools Adminstrator s Guide 203 53 1002152 01 16 IPsec concepts 204 Encryption algorithms An encryption algorithm is used to encrypt messages used in the IKE negotiation Table 18 lists the available encryption algorithms A brief description is provided If you need further information please refer to the RFC TABLE 18 Encryption algorithm options Encryption algorithm Description RFC number 3des cbc 3DES processes each block three times using RFC 2451 a unique 56 bit key each time null
235. ion Noother configuration information e If the current Admin Domain owns the switch and you are logged in with any role that allows configuration upload or download the following items are saved in the configuration file Local zone configuration All other configuration information except Admin Domain configuration information Web Tools Adminstrator s Guide 59 53 1002152 01 4 Uploading and downloading from USB storage e If you invoke Admin Domain from AD255 and you are logged in with any role that allows configuration upload download the following items are saved in the configuration file Configuration information for zones in all Admin Domains Allother configuration information including zoning from all Admin Domains The filtering depends on the Admin Domain switch ownership with additional access if you are in AD255 Access to the command itself is limited by Role Based Access RBAC and not by whether the current user is a Physical Fabric Administrator or an admin user with enumerated access to the relevant domains The ability to change Admin Domain context requires installing the EGM license Refer to Changing the Admin Domain context on page 21 for complete instructions The EGM license is required only for 8 Gbps platforms such as the Brocade Encryption Switch e Brocade 300 5300 and 5100 switches Brocade VA 40FC e Brocade 8000 Brocade 7800 For non 8 Gbps platforms all functionalities
236. ion refer to Enabling zone configurations on page 131 Web Tools Adminstrator s Guide 53 1002152 01 Zoning management 9 Selecting a zoning view You can define how zoning elements are displayed in the Zone Admin window The zoning view you select determines how members are displayed in the Member Selection List panel Figure 23 The views filter the fabric and device information displayed in the Member Selection List for the selected view making it easier for you to create and modify zones especially when creating hard zones Depending on the method you use to zone certain tabs might or might not be available in the Zone Admin window There are two views of defining members for zoning Fabric View Displays the physical hierarchy of the fabric a list of the attached and imported physical devices by WWN and a list of the FC Virtual Initiators on switches that support iSCSI In the Fabric View you can select ports for port based zoning or devices for WWN based zoning Devices Only Displays a list of the attached and imported physical devices by WWN You cannot select ports for port based or mixed zoning schemes nor can you select virtual initiators for iSCSI FC Zone creation To define the view of the fabric resource perform the following steps 1 Launch the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select View Choose Fabric Resources View 3 Define the way you wan
237. irtual channel settingS 005 42 Configuring arbitrated loop parameters lusus 42 Configuring system services 1 0 2 0 cee eee eee 43 Configuring signed firmware 000e cece e eee eee 43 Licensed feature management 0 cece cece eee eee 44 Activating a license on a switch 20 002 ee ee eee 44 Assigning slots for a license key 020 cee eee 44 Removing a license from a switch 0000 eee 45 Universal time based licensing ce eee ee eee 45 High Availability Overview 0 eee eee 46 Admin Domain considerations 020 eee eee eee 46 Launching the High Availability window 46 Synchronizing services on the CP 00 ce eee eee 47 Initiating a CP failover llle 48 Event monitoring i ee race eade act eoe Phd aed 48 Displaying Switch Events llle 49 Filtering Switch Events llis esses 50 Filtering events by event severity levels 0 50 Filtering events by message ID 0 0 eee eee eee 51 Filtering events by service component 05 51 Displaying the Name Server entries llli 51 Printing the Name Server entrieS 20 e eee eee ee 52 Displaying Name Server information for a particular device 52 Displaying zone members for a particular device 52 Physically locating a switch using beaconing 53 Locating
238. is action also refreshes the fabric information as described in Refreshing fabric information on page 121 Any unsaved zoning changes are deleted Saving local zoning changes All information displayed and all changes made in the Zone Admin window are buffered until you save the changes In that case any other user looking at the zone information for the switch do not see the changes you have made until you save them Saving the changes propagates any changes made in the Zone Admin window buffered changes to the zoning database on the switch If another user has a zoning operation in progress atthe time that you attempt to save changes a warning displays that indicates that another zoning transaction is in progress on the fabric You can select to abort the other transaction and override it with yours If the zoning database size exceeds the maximum allowed you cannot save the changes The zoning database summary displays the maximum zoning database size This action updates the entire contents of the Zone Admin window not just the selected zone alias or configuration You can save your changes at any time during the Zone Admin session To save the local zone changes perform the following steps 1 Make the zoning changes in the Zone Admin window 2 Select Zoning Actions gt Save Config NOTE If you have made changes to a configuration you must enable the configuration before the changes are effective To enable the configurat
239. istent domain ID mode To enable insistent domain ID mode perform the following steps Web Tools Adminstrator s Guide 53 1002152 01 41 3 42 System configuration parameters 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Disable the switch as described in Enabling and disabling a switch on page 37 Select the Configure tab Select the Fabric subtab Select the Insistent Domain ID Mode check box Click Apply N Q oO FP N Enable the switch as described in Enabling and disabling a switch on page 37 Configuring virtual channel settings You can configure parameters for eight virtual channels VC to enable fine tuning for a specific application You cannot modify the first two virtual channels because these are reserved for switch internal functions ATTENTION The default virtual channel settings are already optimized for switch performance Changing the default values can improve switch performance but can also degrade performance Do not change these settings without fully understanding the effects of the changes VC Priority specifies the class of frame traffic given priority for a virtual channel To configure the virtual channel settings perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Disable the switch as described in Enabling and
240. it properties are displayed Circuit Number Tunnel ID Administrator Status Operational Status GigEPort Source IP Gateway VLAN ID Web Tools Adminstrator s Guide 53 1002152 01 Port management overview 6 e MTU Size e Compression Mode e Data L2COS Value e DSCP Data IKE Policy Number e Psec Policy Enabled e Keep Alive Timeout e MaximumCommunicationRate e MinimumCommunicationRate e MaxRetransmitRate e MinRetransmitRate Metric e Pre Shared key e QOS Mapping Selective Ack Ports Explorer tree The Ports Explorer tree displays on the left side of the window Items in the tree are displayed as follows e Switches Switch ID with switch name in parentheses for example 3 MapsSW 202 e Blades Slot number of the blade with blade ID in parentheses for example Slot 7 24 Ports Port number for example Port 2 e 10G SFP ports A yellow triangle badge displays to visually distinguish the 10G SFP ports Button area The button area contains buttons for all the tasks you can perform on the selected port If you select more than one port buttons are available for only the tasks that you can perform on all of the selected ports Buttons are grayed unavailable if they are not applicable to the selected ports Port information displays in either a table of ports or information about a specific port depending on your selection If you select a slot or switch the system displays a table of all
241. k Add The LLDP Configuration dialog box displays 5 Enter a name for the configuration in the Name field Optionally add a description in the Description field Select the Mode For Mode the choices are Tx transmit Rx receive or Both The default is Both 8 Inthe Hello field enter a time value in seconds The Hello value sets the interval between hello bridge protocol data units sent by the root switch configuration messages The range is 4 to 180 seconds The default is the global configuration range 9 Inthe Multiplier field set the number of consecutive misses allowed before LLDP considers the interface to be down Web Tools Adminstrator s Guide 233 58 1002152 01 18 Configuring DCB interfaces 10 11 The range is 2 to 10 The default is the global configuration range The multiplier is related to the Hello time interval Using the defaults you wait four times the multiplier value at 30 second intervals the hello value before giving up on the interface Select the parameters you want to exchange Note that the term TLV indicates packaging of parameters into a Brocade specific Type Length Value TLV Advertise Optional tlv Advertises the following optional TLVs e system description Describes switch or blade characteristics e port description Describes the configured port e system name Specifies the system name system capabilities Describes the system capabilities e management address
242. k Save As to save the configuration to a new configuration file When you click Save As a dialog box displays in which you should enter a file name and description for the configuration file Click Refresh to refresh the information from the switch Click Cancel to cancel all changes without saving 222 Web Tools Adminstrator s Guide 53 1002152 01 Allow Prohibit Matrix configuration 17 Create Allow Prohibit Matrix Configuration for switch WT Elara 48 Code Page Settings Language used to exchange information with Host Programming J Prohibit Al Block All EBCDIC USA Canada 00037 rt Port Name JEn ES ES ES ES ES jive Il Oooo Oooo Al lik Activate Save As Cancel FIGURE 43 Allow Prohibit Matrix Configuration dialog box Activating an Allow Prohibit Matrix configuration When you activate a saved Allow Prohibit Matrix configuration on the switch the preceding configuration currently activated is overwritten To activate an Allow Prohibit Matrix configuration perform the following steps 1 2 3 Open theAllow Prohibit Matrix configuration list Select the saved configuration from the list Click Activate The Activate Allow Prohibit Matrix Configuration confirmation dialog box displays The message reminds you that the current configuration will be overwritten upon activ
243. karound Restart the browser Refresh option in browsers Web Tools Adminstrator s Guide 53 1002152 01 If you change the switch name or domain ID using the CLI after the Web Tools Switch Administration window has started the new switch name or domain ID is not updated on the header of the Switch Administration page Clicking the Refresh button does not fix the problem Workaround Click the Switch tab and the Switch Administration header updates 245 19 General Web Tools limitations 246 TABLE 21 Web Tools limitations Continued Area Refresh option in browsers Details If you change the switch name using the Web Tools Switch Administration page or SNMP and then open a Telnet window to verify the name change the CLI prompt for example switch admin gt displays the previous name The Telnet prompt cannot pick up the new switch name until the switch is fastbooted Workaround In order to display the correct switch name in the CLI prompt after a switch name update using Web Tools or SNMP fastboot the switch Refresh option in browsers Following a switch enable or disable you must wait at least 25 to 30 seconds for the fabric to reconfigure and for FSPF route calculations to complete before requesting routing information If accessed too early routing information are not shown Workaround Following a switch enable or disable wait at least 25 30 seconds before further action Refresh option in browsers
244. l 8620 3891 2000 Fax 8620 3891 2111 E mail china info brocade com Document History Document Title Publication Number Summary of Changes Publication Date Web Tools User s Guide v2 0 53 0001536 01 A September 1999 Web Tools User s Guide v2 2 53 0001558 02 A May 2000 Web Tools User s Guide v2 3 53 0000067 02 N A December 2000 Web Tools User s Guide v3 0 53 0000130 03 A July 2001 Web Tools User s Guide v2 6 53 0000197 02 N A December 2001 Advanced Web Tools User s 53 0000185 02 N A March 2002 Guide v3 0 v4 0 Advanced Web Tools User s 53 0000185 03 A September 2002 Guide v4 0 2 Advanced Web Tools User s 53 0000503 02 A April 2003 Guide v3 1 0 Advanced Web Tools User s 53 0000522 02 N A April 2003 Guide v4 1 0 Advanced Web Tools User s 53 0000522 04 Insistent Domain ID Mode October 2003 Guide v4 1 2 Port Swapping information Minor editorial changes Advanced Web Tools 53 0000522 05 Updates to support new switch types December 2003 Administrator s Guide v4 2 0 Brocade 3250 3850 24000 Structural changes support changes installation changes Advanced Web Tools User s 53 0000522 06 Clarifications on software and hardware March 2004 Guide support minor enhancements in procedure text minor rearranging of content Advanced Web Tools 53 0000522 07 Updates to support new switch types September 2004 Administrator s Guide 3016 4100 and Fabric OS v4 4 0 in
245. l If you are accessing a Brocade 7800 switch you can set the media type for the GEO and GE1 GigE ports to either copper or optical a Selectthe GigE Ports tab b Select either the GEO or GE1 port c Select either Copper or Optical from the Media Type selection list Click Yes in the confirmation window Considerations for enabling or disabling a port You should understand the following limitations and conditions when enabling or disabling a port 84 On FR4 18i and FC4 16IP port blades all ports are disabled by default You can disable and re enable them as needed If a port is not licensed you cannot enable it until you install the appropriate license such as a Ports on Demand or N Port ID Virtualization license refer to Port activation on page 86 for more information The Licensed field located in the General tab in the Port Administration window indicates whether a port is licensed If you disable a principal ISL port an ISL port that is designated by the fabric to be a part of the path to communicate with the principal switch the fabric automatically reconfigures If you disable a port that was connected to a device that device is no longer accessible from the fabric For more information refer to Fabric OS Administrator s Guide Web Tools Adminstrator s Guide 53 1002152 01 Persistent enabling and disabling ports 6 Persistent enabling and disabling ports To enable or disable a port so that it remains enable
246. l switches might cause your switch to fail If you download from a network enter the host name or IP address in the Host Name or IP field the user ID and password required for access to the host in the User Name and Password fields and select the Protocol Type used for the upload The default is FTP If you select Secure Copy Protocol SCP you cannot specify anonymous in the User Name field To restore a configuration perform the following task 1 Open the Switch Administration window 2 Select Show Advanced Mode 3 Select the Configure tab The Configure screen displays Web Tools Adminstrator s Guide 53 1002152 01 Admin Domain configuration maintenance 4 4 Select the Upload Download tab The Upload Download configuration screen displays By default Config Upload is chosen under Function and Network is chosen as the source of the configuration file 5 Under Function select Config Download to Switch If you select USB as the configuration file source the network parameters are not needed and are not displayed and you can skip to step 7 An info link is enabled when USB is chosen as the source of the configuration file If you click info an information message displays 6 Enter the configuration file with a fully qualified path or select the configuration file in the Configuration File Name field T Usethe Fabric ID selector to select the fabric ID of the logical switch to which the configuration f
247. lear the check boxes to disable these features Upon selecting the Login Balancing check box the F Port Auto Rebalancing and N Port Auto Rebalancing check boxes and Manual Balancing button become enabled 6 Click Failover Enable A confirmation dialog box displays T Click Yes to enable failover to all the ports in the port group or click No if you do not want to enable failover 8 Click Failover Disable A confirmation dialog box displays Click Yes to disable failover to all the ports in the port group or click No if you do want to disable failover 9 Click Failback Enable A confirmation dialog box displays 10 Click Yes to enable failback to all the ports in the port group or click No if you do not want to enable failback 11 Click Failback Disable A confirmation dialog box displays Click Yes to disable failback to all the ports in the port group or click No if you do not want to disable failback 12 Under the Select Members N Port section select the required ports you want to group and clear the check boxes for the ports you want to remove from the port group 13 Click Save 14 Click Close on the Port Group Configuration dialog box Deleting port groups NOTE You cannot delete the default port group O pgO To delete port groups perform the following steps 1 2 3 Click a port in the Switch View to open the Port Administration window Click Configure N Port Groups In the Port Group Configuration dialog
248. lect the privilege and click the right arrow next to the Read amp Write Privileges section You can select multiple privileges 8 To grant the role a read privilege select the privilege and click the right arrow next to the Read Privileges section You can select multiple privileges 9 To delete a privilege select it and click left arrow 10 Click OK to save your changes Editing a user defined role To edit a user defined role perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the User tab Select the Role sub tab 4 Select an existing user defined role Web Tools Adminstrator s Guide 185 53 1002152 01 16 Access control list policy configuration 5 Click the Edit button The Switch Admin Edit User Defined Role dialog displays Switch Admin Edit User Defined Role Name sample Description Testing Sample Available Privileges Read amp Write Privileges 49 AdminDomains 49 ADSelect 4 AG gt Audit gt APM Ae LocalUserEnvironment o Authentication o Nocheck o Blade y UserManagement vy Configure 4 pcr o Debug yp Diagnostics 4 omm o EncryptionConfiguration o EncryptionManagement o ChassisConfiguration o EthernetConfig o ChassisManagement vy Fabric b y ConfigManagement o FabricDistribution gt FabricRouting o FabricWatch gt Factory Q FCoE 4 FICON Read Only P
249. lector is relocated above the Switch View Viewing logical ports When base switches are connected through XISLs a base fabric is formed that includes logical switches in different chassis A logical link is formed dynamically among logical switches that have the same FID to carry frames between the logical switches Logical ports are created in the respective switches to support the logical link Web Tools Adminstrator s Guide 53 1002152 01 Virtual Fabrics overview 3 Logical ports are software constructs and have no corresponding hardware to represent them on the Switch View Logical port information is available in the Port Administration window 1 Select Port Administration The Port Administration window displays Logical ports are displayed in the FC Ports Explorer tree structure 2 To view logical port properties expand the Logical Ports folder and select a port The General properties are displayed Web Tools Adminstrator s Guide 55 58 1002152 01 3 56 Virtual Fabrics overview Web Tools Adminstrator s Guide 53 1002152 01 Chapter Maintaining Configurations and Firmware 4 In this chapter Creating a configuration backup THE occ liccc ol Rr neria 57 Restoring a con IBUL UD arerin EE EE EEOAE ORE RO 58 e Admin Domain configuration maintenalicB li r llik Rer cee ERR RA 59 e Uploading and downloading from USB storage lllusuun 60 Performing a firmware download sssua sese uu ah RR ERR
250. licy depends on the Fabric OS dynamic load sharing feature DLS for dynamic routing path selection When this policy is in force DLS is always enabled and cannot be disabled 170 Web Tools Adminstrator s Guide 53 1002152 01 Configuring dynamic load sharing 15 When the port based policy is in force you can enable DLS to optimize routing When DLS is enabled it shares traffic among multiple equivalent paths between switches DLS recomputes load sharing either when a switch boots up or each time an E Port or FX Port goes online or offline Enabling this feature allows a path to be discovered automatically by the FSPF path selection protocol For more information regarding DLS refer to the dlsset command in the Fabric OS Command Reference To configure dynamic load sharing perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Routing tab 3 Select Onin the Dynamic Load Sharing DLS area to enable dynamic load sharing or select Off to disable dynamic load sharing When the exchange based routing policy is in effect the DLS radio buttons display on the Routing tab 4 Click Apply The warning message Credit Recovery for Long distance links should be turned off using CLI while enabling DLS displays 5 Click OK Lossless dynamic load sharing Lossless dynamic load sharing DLS is supported in following platforms
251. lig gEIaplis cioacotus Red ke REA RR E coarse ME Ra Rud 115 SE CIT DIIS JI REEL DET LT 116 Performance Monitor overview The Web Tools Performance Monitoring tool graphically displays throughput in megabytes per second for each port and for the entire switch To utilize performance monitoring the EGM license must be enabled on the switch Otherwise when you select Performance Monitor tab access to this feature is denied and an error messages displays Basic monitoring The Basic Monitoring menu is standard in the Web Tools software Any user logged into Web Tools with an associated role of zoneadmin or securityadmin cannot open Performance Monitor The roles user operator basicswitchadmin and properly configured user defined roles are allowed to perform basic monitoring tasks except save or display canvas operations in any Admin Domain context Only users with the admin switchadmin and fabricadmin roles associated with their login accounts are able to save or display a canvas Use the Basic Monitoring option in the Performance Graphs window to do the following e Create user definable reports Display a performance canvas for application level or fabric level views e Save persistent graphs across restarts saves parameter data across restarts Web Tools Adminstrator s Guide 103 53 1002152 01 8 104 Performance Monitor overview Advanced monitoring The Advanced Monitoring menu is an optionally licensed feature To utiliz
252. ll FIGURE25 Temperature Sensor States window Viewing detailed fan hardware status The icon on the Fan button indicates the overall status of the fans For more information about the switch fan refer to the appropriate hardware documentation You can display status information about the fans as shown in Figure 26 E Fan States for Chassis DER Speed RPM Wind Flow Direction 1304 1237 1237 FIGURE26 Fan States window The Fan No column indicates either the fan number or the fan FRU number depending on the switch model A fan FRU can contain one or more fans The Fan No column indicates the fan FRU number when it is available otherwise it displays the fan number The Wind Flow Direction column displays the direction state as either Forward or Backward for the Brocade 6510 For all other hardware the displayed value will be N A NOTE If the Fan States window has no Fan Speed column the speed is not monitored Web Tools Adminstrator s Guide 53 1002152 01 Displaying switch information 10 To view the detailed fan status of a switch perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View The icon on the Fan button indicates the overall status of the fan 2 Click the Fan button The detailed fan status for the switch displays as shown in Figure 26 Viewing the temperature
253. llows you to apply a Transform policy to a specific IP flow Web Tools Adminstrator s Guide 207 58 1002152 01 16 IPsec over management ports 208 Enabling the Ethernet IPsec policies To access the Ethernet IPsec Policies dialog box perform the following steps 1 2 3 A Open the Switch Administration window Select Show Advanced Mode Select the Security Policies tab Under Security Policies select Ethernet IPsec The Ethernet IPsec Policies screen displays Ethernet IPsec policies can be configured only after enabling IPsec by clicking the Enable button below the Ethernet IPsec policies table Establishing an IKE policy When you establish an IKE policy you identify a set of algorithms and authentication rules and parameters to use in a key exchange Refer to the Fabric OS Administrator s Guide for details on IKE functionality To establish an IKE policy perform the following steps 1 12 13 Select the IKE tab on the IPsec Policies window for Ethernet IPsec The Add IKE Policy dialog box displays Enter an IKE Policy Name Enter the IP address of the authentication partner in the Peer IP Address field Enter the switch s local identifier in the Local Identifier field This is normally the IP address in IPv4 or IPv6 format but it may also be a DNS name Enter the identifier of the remote peer switch in Peer Identifier This is normally the IP address in IPv4 or IPv6 format but it may also be a DN
254. lly refresh the port details Clear the check box to disable auto refresh 3 When enabled enter the interval time in seconds in the Auto Refresh Interval field The port details are automatically refreshed based on the configured time interval The minimum value is 45 seconds 4 Select the port you want to configure from the tree on the left Click the General subtab NOTE Long distance does not display from the General or Table subtabs if the EGM license is not enabled on the switch 6 Click Edit Configuration The FC Port Configuration wizard displays The fields are populated with the current configuration values NOTE Long distance is not displayed from the Edit Configuration window You can view long distance from the View tab when you display the port details T Follow the steps in the wizard NOTE If you configure a disabled port as an EX Port the wizard displays the Enable Port after configuration check box If you select the check box the disabled port is automatically enabled after configuration otherwise the port remains in the same state after configuration Allowed port types For FC ports the Port Administration window displays the following values relating to port type Port Type This is the actual or current port type If the port is offline this value is the allowed types or U Port if no type constraint is specified If the port is online this value is the type to which the port has been configure
255. lt Web Tools directory under the user home directory e The Web Tools Switch Support Save directory with the name format Core Switch Name Switch IP Address Switch WWN gt The Web Tools Switch Support Save directory contains the following files e Log4j xml e WebrTools log e Switchlnfo txt The SwitchInfo txt file contains the following basic switch information e Switch Name e Fabric OS version e Switch Type e Ethernet Ipv4 Ethernet IPv4 subnet mask Ethernet IPv4 gateway Web Tools Adminstrator s Guide 53 1002152 01 Requirements for IPv6 support 1 The maximum size of the webtools log file is 2MB It is rolled into new file when the 5mb file size limit is exceeded A backup file named webtools1 log is automatically created Web Tools maintains only one webtools log backup file at a time The Web Tools debug dialog box can be used to enable the debug state and level for a module at runtime If you are familiar with XML scripting you can edit the configuration file log4j xml to collect the data at startup If you edit the configuration file Web Tools need to be restarted Contact your switch support supplier for assistance Requirements for IPv6 support The following list provides requirements for Web Tools IPv6 support In a pure IPv6 environment you must configure your DNS maps to the IPv6 address of the Switch The switch name is required to match the DNS name that is mapped to the IPv6 address If
256. lt setting is to disable Telnet functionality You must make the appropriate changes in the registry to enable Telnet functionality if you want to use it Launching the default Telnet is not supported in Windows Vista and Windows 2008 server Browser Fabric Watch Switch Admin HA Name Server and Zone Admin are separate applets embedded in HTML pages The successful launch of the applet depends on whether the browser can successfully load the HTML page Very occasionally a blank browser window displays with the message loading pages that is stuck This is likely caused by a sudden loss of switch Web server either by normal HA failover restart or other causes Workaround If Fabric Watch Switch Admin HA Name Server or Zone Admin hang close this window and relaunch the module Browser A Web Tools browser window might stop responding following an HA failover immediately after a zoning configuration was enabled or disabled It is likely that the Web daemon was terminated by the HA failover before the HTTP request was sent back Workaround If one of the Web Tools modules is hanging close the window and relaunch the module If the module is locked shut down and relaunch the Web Tools application Browser When you launch Fabric Watch Switch Admin Name Server and Topology from Switch Explorer through Internet Explorer the applet windows cannot be resized and the Maximize button is disabled Chassis not ready for If the
257. mage loaded onto it The Blade State column in the Blade tab pane indicates whether the blade is enabled Web Tools Adminstrator s Guide 35 53 1002152 01 36 3 Blade management NOTE The blade state is always shown as enabled even if you perform a blade disable operation When a blade is set to a disable state only the ports on the balde are disabled The blade remains active To enable or disable a blade perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Blade tab Figure 9 sw0 Switch Administration DAR Show Advanced Mode SwitchName sw0 DomainiD 2 0x2 WWN 10 00 00 05 1e 38 ef 23 Fri Jan 28 2011 17 49 29 GMT 00 00 Switch Network Firmware Download License User Blade Trunking Set IP Address Show IP Address Blade Action v Blade Administration Enable Blade Disable Blade Slot No Blade Id pe E Blade State Power Consumption SW BLADE N A N A FAULTY 91 UNKNOWN N A N A VACANT UNKNOWN N A N A VACANT SW BLADE N A NIA FAULTY 94 N A N A ENABLED CP BLADE 7 0 0 main bld13 7 0 0 main bld13 STANDBY CP BLADE 7 0 0 main bld13 7 0 0 main bld13 ACTIVE CORE BLADE N A N A ENABLED 43 FS8 18 AP BLADE 7 0 0 main bld13 7 0 0 main bld13 FAULTY 51 97 SW_BLADE N A N A FAULTY 21 96 SW BLADE N A N A FAULTY 21 96 SW BLADE N A N A ENABLED 1 2 3 4 5 6 7 8 9 Cl
258. main which closes all the open windows or cancel the action and return to Switch Explorer NOTE The Telnet window and the Fabric Details are not AD filtered and do not need to be closed Switch View buttons The Switch View buttons let you access the following switch information Status Click the button to view the status of the switch Temperature Click the button to view temperature monitors Power Click the button to view power supply information Fan Click the button to view the status of the switch fans Beaconing Click this button to enable or disable beaconing and to view the status of beaconing from the button s icon Legend Click the button to view the legend for the Switch View NOTE For all status displays based on errors per time interval any errors cause the status to show faulty until the entire sample interval has passed Switch View You can click the small right arrow towards the left of the Switch Event tab to display the Switch View The Switch View displays a graphical representation of the switch including a real time view of switch and port status Refer to area 8 in Figure 5 on page 19 NOTES With the upgrade license installed e For 7800 all FC ports and 6 GbE ports are enabled Without the upgrade license installed e For 7800 4 FC ports and 2 GbE ports are enabled NOTE Blades are graphically represented in the Web Tools GUI They are vertical in the DCX and horizontal in the DCX AS W
259. members of ADO change dynamically as the membership of other Admin Domains changes The fixed members of ADO are not deleted unless you explicitly remove them For example if you explicitly add DeviceA to ADO and it is not a member of any other Admin Domain then DeviceA is both an automatic and a fixed member of ADO If you add DeviceA to AD2 then DeviceA is deleted from the ADO automatic membership list but is not deleted from the ADO fixed membership list If you then remove DeviceA from AD2 DeviceA is added back to the ADO automatic membership list assuming DeviceA is not in any other Admin Domains ADO is useful if you want to share its zone database called root zone database with a legacy fabric AD255 or physical fabric AD255 is a virtual domain that contains all devices switches and switch ports in the fabric AD255 presents an unfiltered view of the fabric and is also referred to as the physical fabric You can use AD255 to do the following Manage other Admin Domains e Get an unfiltered view of the fabric e Manage ACL and distribution this can be managed in ADO if no other Admin Domains are present Web Tools Adminstrator s Guide 53 1002152 01 Enabling Admin Domains 5 e Manage Advanced Performance Monitoring this can be managed in ADO if no other Admin Domains are present but only if you are using Web Tools with the EGM license The EGM license is required only for 8 Gbps platforms such as the B
260. ministration window on page 33 2 Select the Routing tab Web Tools Adminstrator s Guide 53 1002152 01 Configuring the link cost for a port 15 This step is switch specific Forthe Brocade DCX and DCX 4S enterprise class platforms click the slot number of the logical switch under Link Cost in the navigation tree For Brocade 300 5100 5300 and the Encryption Switch click Link Cost in the navigation tree Double click in the row in the Cost column that corresponds to the appropriate port Enter the link cost Valid values for link cost are from 1 through 65534 Setting the value to O sets the link cost to the default value for that port Click Apply Web Tools Adminstrator s Guide 173 58 1002152 01 15 Configuring the link cost for a port 174 Web Tools Adminstrator s Guide 53 1002152 01 Chapter Configuring Standard Security Features 1 6 In this chapter Lai sl pesi fem THREE 175 UsercetnnedYoles orereta cease ce NEERI WR GG AER ERO ERO AO ER OE RUE ER 183 Access control list policy configuration 2 2 iiec or rm 186 e Fabric Wide Consistency Policy configuration 02000 eee 190 Authentication policy configuration siae nu Rh ERERE RE 191 e SNMP COMPU 24 scende ccr cRbReeE QC AG RR E ul eens kd 194 BADIUS SI EORITOU sa scio e eg do ser dire xen e E nica RC RUBER 196 Active Directory service management occa cea esses HER CER GRE 199 IPSec CONCEDES cios EP RIIGQG PEOR RYE QUE
261. modification 12 Enabling the Automatic Port Configuration policy The Automatic Port Configuration APC policy is a global configuration policy for a switch in Access Gateway mode By default this policy is disabled If you created an N Port grouping and switching over to the automatic mode those port groups are lost After you enable the APC policy you cannot define custom port type configurations port mappings Path Failover and Failback settings NOTE When port configuration is in auto mode the Configure N port groups Configure F N port mapping and Configure WWN N port mapping buttons are disabled To enable auto rebalancing from the Switch Administration window perform the following steps 1 Click a port in the Switch View to open the Port Administration window 2 Select Automatic from the Port Configuration Policy drop down list NOTE When Port Configuration Policy is set to Advanced you can enable the auto rebalancing options from the Configure N Port Groups dialog box through the Port Administration window Click Yes in the confirmation window 4 n the Switch Explorer window select Switch Admin The Switch Administration window displays Figure 31 SW300_155 Switch Administration Show Advanced Mode SwitchName SW300 155 VAN 10 00 00 05 16 07 b5 bf Thu Jul 09 2009 20 03 38 GMT 00 00 Switch Network Firmware Download License User Trunking Switch Name Name SW300 155 Manufacturer Serial ALJO613D04K
262. n Select the Encryption Algorithm option Optionally enter a value in the SPI number field A Security Parameter Index SPI number is automatically assigned but may be manually overridden Click OK Creating an SA proposal An SA proposal is sent from one endpoint to another to negotiate IKE and IPsec policies An SA proposal contains one or more security associations SA The endpoints must find a match for each of the following in the SAs sent in the SA proposal The IKE authentication method The IKE encryption algorithm The IKE hash algorithm The Diffie Hellman group number The IKE SA lifetime The IP addresses of the endpoints The IPsec protocol AH or ESP The IPsec Transform policy To create an SA proposal perform the following steps 1 Select the SA Proposal tab on the IPsec Policies screen 2 Select Add The Add SA Proposal dialog box displays Enter a name in the SA Proposal Name field Enter the SAs in the SA s to use field Web Tools Adminstrator s Guide 209 58 1002152 01 16 IPsec over management ports 210 Optionally define SA lifetime parameters The SA lifetime may be defined as a time value in seconds LifeTime in seconds as the number of bytes transmitted before the SA is rekeyed LifeTime in bytes or both When both are used the SA lifetime is determined by the threshold that is first reached Click OK Adding an IPsec transform policy The IPsec transform policy is the comb
263. n If you attempt to open Web Tools without any Java Plugin installed Internet Explorer automatically prompts and downloads the proper Java Plug in Firefox downloads the most recently released Java Plug in Web Tools Adminstrator s Guide 53 1002152 01 Java installation on the workstation 1 If you attempt to open Web Tools with a later version of Java Plug in installed e Internet Explorer might prompt for an upgrade depending on the existing Java Plug in version Firefox uses the existing Java Plug in Installing the JRE on your Solaris or Linux client workstation To do the JRE installation perform the following steps 1 Locate the JRE on the Internet at the following URL http java sun com products archive j2se 6 index html NOTE This URL points to a non Brocade website and is subject to change without notice 2 Click Download JRE Follow the instructions to install the JRE Create a symbolic link from this location FIREFOX plugins libjavaplugin_oji so To this location JRE plugin ARCH ns600 libjavaplugin_oji so Installing patches on Solaris To install patches on Solaris perform the following steps 1 Search for any required patches for your current version of the JRE at the following website http sunsolve sun com pub cgi show pl target patchpage NOTE This URL points to a non Brocade website and is subject to change without notice Follow the link to download the patch Exit the browser when you ha
264. n eR aree RR RR aer Raman 239 Displaying FCoE login SIOUDS saa rinek nEn t hane R Caesarea pee 239 Displaying QoS information i sols elu er RR tiiri niir X ER 239 Displaying LLDP DCBX infOrmiatlon ecran RR Rer RR Rr nnn 240 Displaying DCB interface statistics isses eo ker RR 240 e Configuring a DCB interface from the Switch View 5 240 e Configuring a DCB interface from the Port Admin panel 241 Enabling and disabling LAG caresses EX ERO ERROR TERR aaa E eens 241 Enabling and disabling LLDP occss estes eee ci eecns deer dear Pra n 241 e Enabling and disabling QoS priority based flow control 242 Enabling and disabling FOOE POMS ssa sr ao Rd E RR ER GRO EE RE m 242 Web Tools Adminstrator s Guide 53 1002152 01 227 18 Web Tools and FCoE overview Web Tools and FCoE overview Brocade Web Tools is an embedded graphical user interface GUI that enables administrators to monitor and manage single or small fabrics switches and ports Web Tools is launched directly from a web browser or from Brocade Network Advisor NOTE For complete information on Web Tools refer to the Web Tools Administrator s Guide This chapter only discusses Web Tools and FCoE configuration A limited set of features is accessible using Web Tools without a license and is available free of charge Additional switch management features are accessible using Web Tools with the Enhanced Group Man
265. n protocol policy for E Port and F Port authentication and then distribute the authentication policy to other switches in the fabric You can also set shared secret keys Configuring authentication policies for E Ports To configure authentication policies for E Ports perform the following steps 1 ao BON Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Security Policies tab Select Authentication on the Security Policies menu In the Authentication Type field select FCAP or DHCHAP Select the switch authentication policy mode On Strict authentication is enforced on all E Ports Active The switches can be connected to a switch with any type of policy Passive The switch does not initiate authentication but participates if the connecting switch initiates authentication Hash A hash function like SHA or MD5 is used for authentication Off The switch does not support authentication Any authentication negotiation is rejected Select a DH Group type Optional Set the device authentication policy mode to either off or passive and click Apply Web Tools Adminstrator s Guide 191 53 1002152 01 16 Authentication policy configuration 192 Configuring authentication policies for F Ports To configure authentication policies for F Ports perform the following steps 1 Open the Switch Administration window and click Show Advanced Mode if
266. n the Zone Members list 4 Highlight an element in the Member Selection List that you want to include in your zone or highlight an element in the Zone Members list that you want to delete 5 Click the right arrow to add a zone member or click the left arrow to remove a zone member The zone is modified in the Zone Admin buffer 6 Select Zoning Actions gt Save Config to save the configuration changes Renaming zones For information on enabling the configuration refer to Enabling zone configurations on page 131 To change the name of a zone perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Click the Zone tab 3 Select the zone you want to rename from the Name list Web Tools Adminstrator s Guide 53 1002152 01 Zoning management 9 Click Rename In the Rename a Zone dialog box enter a new zone name and click OK The zone is renamed in the Zone Admin buffer Select Zoning Actions gt Save Config to save the configuration changes Cloning zones To perform clone operations for zoning the EGM license must be installed on the switch otherwise access to this feature is denied and an error message displays The EGM license is required only for 8 Gbps platforms such as the following Brocade Encryption Switch Brocade 300 5300 and 5100 switches Brocade VA 40FC Brocade 8000 Brocade 7800 For non 8 Gbps platforms all functionalities ar
267. nd management in a large fabric by reducing the number of domain IDs and ports For detailed descriptions of the Access Gateway refer to the Brocade Access Gateway Administrator s Guide NOTE When Access Gateway mode is enabled on switches managed through Web Tools only a limited subset of menus and options related to device management are available A switch in Access Gateway mode is considered a device management tool and not a fabric switch therefore fabric related options are disabled fabric management menus are unavailable and fabric related service requests are forwarded to the fabric switches Web Tools Adminstrator s Guide 53 1002152 01 153 12 Viewing Switch Explorer for Access Gateway mode Viewing Switch Explorer for Access Gateway mode The Switch Explorer for Access Gateway mode displays as shown in Figure 30 Webtools Web Tools Manage Reports Monitor Tools TRSRES M x Q status Temp Q Power Q Fan Beacon E Switch View E Port Admin f Fabric Watch GE1 GEO CJC mw Monitor T o 72 use 016 1f o gt moomoo Oo CON LEX 205 M 6 22 22 12 2812 2914 3015 31 mN N ooo ONNIN NIN I NI N 8 24 9 2510 2611 27 E Performance Monitor Switch Events Information E Access Gateway Device s jd Access Gateway Information Last updated at Thu Jul 09 2009 00 57 48 ECT Obes E Switch al Telnet SSH Cl
268. ndow To view the enabled zone configuration name perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View Web Tools Adminstrator s Guide 53 1002152 01 2 Zone configuration and zoning database management 9 You can view the current zone configuration name if one is enabled in the lower portion of the Switch Events and Switch Information window If no zone configuration is enabled the field displays No configuration in effect Viewing detailed information about the enabled zone configuration To view detailed information about the enabled zone configuration perform the following steps 1 Open the Zone Admin window as described on Opening the Zone Admin window on page 118 The zone configuration in effect at the time you launched the Zone Admin window is identified in the lower right corner It is also updated if you manually refresh the Zone Admin window contents by clicking the refresh icon at the lower right corner of the Zone Admin window or when you enable a configuration through the Zone Admin window A CAUTION Clicking the refresh icon overwrites all local unsaved zoning changes If anyone has made any changes to the zones outside of your Zone Admin session those changes are applied To identify the most recently effective zone configuration without saving or applying an
269. ndow as described in Opening the Switch Administration window on page 33 2 Click Reboot On the Reboot Confirmation window click Yes to continue 4 Click Apply System configuration parameters You must disable the switch before you can configure fabric parameters You can change the following system configuration parameters e Switch fabric settings e Virtual channel settings e Arbitrated loop parameters Web Tools Adminstrator s Guide 39 53 1002152 01 3 40 System configuration parameters e System services Signed firmware WWN based Persistent PID assignment WWN based PID assignment allows you to configure a PID persistently using a device s WWN When the device logs into the switch the PID is bound to the device WWN If the device is moved to another port in the same switch or a new blade is hot plugged the device receives the same PID area at its next login For information on configuring WWN based PID assignment refer to Configuring fabric settings on page 41 This feature is deactivated by default When the feature is enabled bindings are created dynamically as new devices log in they automatically enter the WWN based PID database The bindings exist until you explicitly unbind the mappings through the CLI or change to a different addressing mode If there are any existing devices when you enable the feature you must manually enter the WWN based PID assignments through the CLI Once WWN based PID a
270. nfirm Deleting Alias dialog box displays 4 Click Yes The selected alias is deleted from the Zone Admin buffer At this point you can either save your changes or save and enable your changes 5 Select Zoning Action gt Save Config to save the configuration changes To enable the configuration refer to Enabling zone configurations on page 131 Creating and populating zones A zone is a region within the fabric where specified switches and devices can communicate A device can communicate only with other devices connected to the fabric within its specified zone To create a zone perform the following steps 1 Openthe Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select a format to display zoning members in the Member Selection List as described in Selecting a zoning view on page 123 Select the Zone tab 4 Click New Zone The Create New Zone dialog box displays 5 Inthe Create New Zone dialog box enter a name for the new zone and click OK LSAN zones and QoS zones have specific naming requirements For LSAN zones refer to LSAN zone requirements on page 118 For QoS zones refer to QoS zone requirements on page 118 The new zone displays in the Name list Web Tools Adminstrator s Guide 125 53 1002152 01 9 126 Zoning management 6 Expand the Member Selection List to view the nested elements The choices available in the list depend on the selection made in th
271. nformation for particular ports TABLE 12 Advanced performance monitoring graphs Graph type SID DID Performance Display description The traffic between the SID DID pair on the switch being managed The member selection list in the LHS displays the port in the current switch only The All Devices tab lists all the devices in the fabric SID DID Performance can be used to select the source and destination For more information refer to Creating SID DID Performance graphs on page 111 SCSI vs IP Traffic The percentage of SCSI versus IP frame traffic on each individual port For more information refer to Creating the SCSI vs IP Traffic graph on page 112 SCSI Commands by port and LUN R W R W Web Tools Adminstrator s Guide 53 1002152 01 The total number of read write commands on a given port to a specific LUN For more information refer to Creating SCSI command graphs on page 112 105 8 Performance Monitor overview Table 13 lists each graph and indicates the supported port types for each graph The port selection columns for each graph displays the supported ports TABLE 13 Supported port types for Brocade switches Graph type Physical FC ports Logical FC ports GbE ports Port Throughput P P P Switch Aggregate N A N A N A Throughput Blade Aggregate N A N A N A Throughput Switch Throughput P N A P Utilization Port Error P P P Switch Percent Utilization P N A P Port Snaps
272. ng Brocade Encryption Switch Brocade 300 5300 and 5100 switches Brocade VA 40FC Brocade 8000 Brocade 7800 Web Tools Adminstrator s Guide 53 1002152 01 Viewing Switch Explorer 2 For non 8 Gbps platforms all functionalities are available without EGM license dise Chessa Descon cc Lepea LegealSwich 138 F 8 zone admin 1 E switch Admin B Port Admin 8 Iff Pertormance Monitor C name server Other aff TeinetiSSH Client Message Processor retocind Reset A new zone database fie i created The FC Rowing service is enabied The FC Reueng service is disabled Wed Jan 26 2011 16 0426 GUT 00 00 L Chasaa FRU header not programmes tor switch ND using defauta apples oniy to PICON environments Wied Jas 28 2011 180432 GUT 0209 z PS 2 eet lo taulty rco 20200 2011 160432 QUT 0600 G pe resented 4 time s 2011 160425 GUT 08 09 7 ct Bupalyng power fan speeds nat avalatie Please ensure Pat the unt hes power and De switch a on Ii for the centigeraten le ter me centguraten t ly 2 a below low boundary MigheD Laws Ci Switch status changed tom HEALTHY to MARGINAL Swath status change contreving factor Power sugpiy 1 bad Switch status change contrbutng factor Fan 1 bad curty vicisten Login falure attemet via TELNET SSHRSM P Ador 10 24 51 69 Logn nifermaten Logn successful va T LNETISSIRSM P Agar 124 168 The icense key milagKFPTVTQteKZ 7358 OQ YMIoNNKSC32B ANM i Aet IS SySRRSdRTOT a Added Wes Jas 28 20
273. ng function helps to physically locate a switch by sending a signal to the specified switch resulting in an LED light pattern that cycles through all ports for each switch from left to right NOTE You must have an RBAC role of admin to initiate switch beaconing The LED light pattern is initiated on the actual switch or chassis It is not mirrored in the Switch View To use beaconing perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View 2 Select Beacon for a switch or Chassis Beacon for a chassis based switch The LED lights on the actual switch light up on the physical switch in a pattern running back and forth across the switch itself In chassis based switches the LEDs glow across all the blades 3 Lookatthe physical switches in your installation location to identify the switch Locating logical switches using chassis beaconing To locate all logical switches in a chassis perform the following steps 1 Select a logical switch using the drop down list under the Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View 2 Click Chassis Beacon The LEDs on the logical switch light up on the blades associated with the logical switch Virtual Fabrics overview Virtual Fabrics is an architecture that virtualizes hardware boundaries Traditionally SAN
274. ng mode present in the switch The largest possible data field size in bytes The range of valid values is from 256 through 2112 Select this box to enable frames of the same sequence from a particular group to be transmitted together When this option is not selected frames are transmitted interleaved among multiple sequences Under normal circumstances sequence level switching should be disabled for better performance However some host adapters have issues when receiving interleaved frames among multiple sequences Set this mode only if the switch N Port discovery process PLOGI PRLI INQUIRY causes an attached device to fail When set devices that do not register with the Name Server are not present in the Name Server database Select whether to select per frame routing priority When enabled the virtual channel ID is used in conjunction with a frame header to form the final virtual channel ID Applies only if VC encoded address mode is also set When selected translative addressing which allows private devices to communicate with public devices is disabled Set this mode to make the current domain ID insistent across reboots power cycles and failovers This mode is required fabric wide to transmit FICON data Set this mode to configure a PID persistently using a device s WWN When the device logs into the switch the PID is bound to the device WWN Refer to WWN based Persistent PID assignment on page 40 Enabling ins
275. ng the port back online Port activation Brocade switches come with a preset number of ports enabled Additional ports can be enabled using the Ports on Demand POD licenses and the Dynamic Ports on Demand DPOD feature for supported switches only Ports on Demand is ready to be unlocked in the switch firmware The license might be part of the licensed Paper Pack supplied with the switch software or you can purchase the license separately from your switch vendor who will provide you with a key to unlock it You can install up to two Ports on Demand licenses on each switch Table 9 lists the ports that are enabled by default settings and the ports that can be enabled after you install the first and second Ports on Demand licenses for each switch type and the ports that can be enabled with the Dynamic PODs feature TABLE 9 Ports enabled with POD licenses and DPOD feature Switch name Enabled by Enabled with Ports on Demand Enabled with the Dynamic Ports on default licenses Demand feature Brocade 0 15 Not supported Not supported Encryption Brocade 8000 None 0 7 Not supported Brocade 6510 0 23 24 35 36 47 Brocade VA AOFC 0 23 24 31 32 39 Brocade NC 5480 1 8 17 20 O 9 16 21 23 Brocade 5480 1 8 17 20 O 9 12 13 16 21 23 Any available ports Brocade 5470 0 7 15 16 8 14 17 19 86 Web Tools Adminstrator s Guide 53 1002152 01 Port activation 6 TABLE 9 Ports enabled with POD licenses and DPOD feature
276. nterface e Click Enable Interface or Disable Interface to enable or disable the interface as desired Click Edit Configuration to open the DCB Edit Configuration dialog box Select Enable or Disable for the Status field to enable or disable the interface Enabling and disabling a LAG To enable or disable a LAG perform the following steps 1 2 3 Select the DCB tab on the Switch Administration panel Select the Link Aggregation tab Click Add The LAG Configuration dialog box displays Change the Status to Administratively Up or Administratively Down Enabling and disabling LLDP To enable or disable LLDP on a DCB interface perform the following steps 1 Select the DCB Interfaces tab on the Port Administration panel 2 Underthe DCB Interface Explorer select the port 3 Select the General tab 4 Click Edit Configuration The DCB Edit Configuration dialog box displays 5 Forthe LLDP Status option select Enable or Disable Web Tools Adminstrator s Guide 241 58 1002152 01 18 Enabling and disabling QoS priority based flow control Enabling and disabling QoS priority based flow control Priority based flow control PFC can be used to control network congestion PFC can be used to selectively pause lower priority traffic classes to ensure that high priority and delay sensitive traffic are not affected by network congestion For example if a large storage transfer is monopolizing the network and causing congestion
277. ntly accessible The dialog box title may vary because it indicates which module is having the problem This is caused by the loss of HTTP connection with the switch due to a variety of possible problems Web Tools automatically tries to regain the connection While Web Tools is trying to regain the connection check if your Ethernet connection is still functioning If the problem is not with the Ethernet connection wait for Web Tools to recover the connection and display the following message You will have to resubmit your request after closing this message If the temporary switch connection loss is caused by switch hot code load or other similar operation Switch Explorer you are currently running can be downloaded from a different firmware version than the new one In this case the following message displays Switch connection is restored The firmware version you are running is not in sync with the version currently on switch Close your browser and re launch Web Tools You need to close Switch Explorer and relaunch Web Tools to reopen the connection Non FIPS secure mode HTTPS HTTPS supports only TLSv1 and SSLv3 protocols with DH HIGH MD5 cipher in non fips mode These options must be enabled in your internet browser Out of Memory Errors Performance Monitor If you are managing fabrics with more than ten switches or more than 1000 ports or if you are using the iSCSI Gateway module extensively you might encounter o
278. o DCB Fabric Watch enhancements User defined roles Persistant user preferences Port octet speed combination support CSCTL mode support Inband management configuration support Support for port names of 128 characters For further information refer to the release notes Web Tools Adminstrator s Guide 58 1002152 01 xxiii Document conventions xxiv This section describes text formatting conventions and important notice formats used in this document Text formatting The narrative text formatting conventions that are used are bold text Identifies command names Identifies the names of user manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies paths and Internet addresses Identifies document titles code text Identifies CLI output Identifies command syntax examples For readability command names in the narrative portions of this guide are presented in mixed lettercase for example switchShow In actual examples command lettercase is often all lowercase Otherwise this manual specifically notes those cases in which a command is case sensitive Notes cautions and warnings The following notices and statements are used in this manual They are listed below in order of increasing severity of potential hazards NOTE A note provides a tip guidance or advice emphasizes important information or provides
279. o other Admin Domains are selected the next available Admin Domain becomes the user s default home Admin Domain 12 For Virtual Fabrics environments select a Chassis Role The chassis role determines the RBAC role and permissions of the user for performing all chassis level operations in all logical fabrics 13 Click OK 14 On the User tab click Apply to apply your changes Web Tools Adminstrator s Guide 179 53 1002152 01 16 User defined accounts 180 Deleting user defined accounts To delete user defined accounts perform the following steps 1 2 3 4 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the User tab Select the account to remove and click Remove Click Apply to save your changes You cannot delete the default accounts An account cannot delete itself All active command line interface CLI sessions for the deleted account are logged out Changing user account parameters You cannot change the user name of the account using this procedure To change the user name you must delete the account and create a new account Users can select their own accounts in the user account table and change the password All other buttons are unavailable To change the user account parameters perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Sel
280. ode if it is not selected 3 Select the Trace tab 4 Select Disable in the Auto FTP Upload section to disable automatic uploading of the trace dump to the FTP host 5 Click Apply Displaying switch information You can right click in the table content of Fan Temperature and Power Status windows to find Export Copy and Search options These options are not available if the table does not have any content e Click Export Row or Export Table to save the contents to a tab delimited file e Click Copy Row or Copy Table to copy the contents in tab delimited text format to a file e Click Search to search for a specific text string in the table NOTE You must accept the Brocade Certificate at the beginning of the login to Web Tools to enable the functionality of Export and Copy Web Tools Adminstrator s Guide 139 58 1002152 01 10 Displaying switch information 140 Enter the text string in the box that displays on the table as shown in Figure 25 and press Enter This is an incremental search and allows 24 maximum characters including wildcards question mark and asterisk The first row containing the text string is highlighted To find the next match click the down arrow To find the previous match click the up arrow If the text is not found in the table the text turns red V Temperature Sensor States for Chassis Thermal Sen siot E State Centigrade Fahrenheit 1 78 29 QQOQOGGOUOGUONAALlLlL
281. ode and tunnel mode comparison IPsec header options IPsec adds headers to an IP datagram to enable authentication and privacy There are two options e Authentication Header AH e Encapsulating Security Payload ESP Web Tools Adminstrator s Guide 201 53 1002152 01 16 IPsec concepts 202 Authentication Header AH can be used to authenticate a data stream but does not provide encryption needed for privacy The AH contains a message authentication code MAC The MAC is created by a hash algorithm calculation The MAC is transmitted in an IP datagram The same hash algorithm is then used by the receiver to verify the integrity of the packet AH can be used in either transport mode or tunnel mode as shown in Figure 40 Mode Tunnel new IP header AH original IP header TCP Data Mode FIGURE40 AH header in transport mode and tunnel mode Encapsulating Security Payload ESP provides authentication and also provides privacy by encrypting the IP datagram The use of an ESP header is similar to the use of the AH header A hash algorithm is used to calculate an authentication value the authentication value is sent in an IP datagram and the same hash algorithm is used by the receiver to verify the authentication value ESP can be used in either transport mode or tunnel mode as shown in Figure 41 i Transport original IP header ESP Data ESP Mode header trailer encrypted Tunnel new IP header ESP original
282. olicy is disabled Enable Trunking and Disable Trunking Enabling and Disabling of N_Port trunking is disabled e Configure N Port Groups You can only view the port group details from the Port Group Configuration window The following options are disabled Disable N port Grouping Add Edit View Delete e Configure F N Port Mappings Add and Remove buttons are disabled for primary mappings and secondary failover mapping e N Port Configuration By default all the ports are set to N Ports and failover and fallback are disabled You can edit the speed The following options are disabled in the N Port Configuration window Lock as N Port Allow as F U Port Enable N Port Failover Policy Enable N Port Fallback Policy Enabling Access Gateway mode When you enable Access Gateway mode some fabric information such as the zone and security databases is erased To recover this information save the switch configuration before enabling Access Gateway mode To save the switch configuration using Web Tools click Switch Admin in the Manage section under Tasks and then select the Configure Upload Download subtab and upload the configuration file NOTE You cannot enable Access Gateway mode if Management Server is enabled To disable Management Server enter the MsplmgmtDeactivate command Web Tools Adminstrator s Guide 155 53 1002152 01 12 Disabling Access Gateway mode To enable Access Gateway mode
283. ollows Green healthy Yellow marginal Red critical Gray unmonitored Blue buffer limited Dimmed unlicensed Web Tools Adminstrator s Guide 53 1002152 01 Chapter Using the FC FC Routing Service 11 In this chapter Fibre Channel ROUNNE GVSEVIBW coi sick ae acera aina a n cuc nin RR ee n 145 Supported switches for Fibre Channel Routing 2 000 146 e Setting ip FC POTOUDE sucum eet teats adie Ud EE RUE EAE soe 146 e POSEU YONDE XSIT S RSMO oeras nin xcu ta eee a dere dig dea da lee x cR 147 ViewIBB EX PONS iesus p kene EEEO REET X ERG ACERO ROCK RR ADR OEC OR 148 Comiguring an EX PolE osiiiescco Rb Le Re ere PFARRER CHEER YR 149 Conmguring FCR router port COSE noi cee sek Ree xm RR acr RR DR ERA 149 Viewing LOAN ZONES axaqueaa arya En EX EAR DERG RACER ROMA TCR CARCER UE OR 150 e Configuring the backbone fabric ID llle 150 Fibre Channel Routing overview Fibre Channel Routing FCR provides connectivity to devices in different fabrics without merging the fabrics For example Fibre Channel Routing allows you to share tape drives across multiple fabrics without the administrative problems such as change management network management scalability reliability availability and serviceability that might result from merging the fabrics Fibre Channel Routing lets you create logical storage area networks LSANs that can span fabrics These LSANSs allow Fibre Channel zones to cro
284. on eligible ISLs and trunking capability is enabled by default on all ports Trunking is not supported on logical ports or GbE ports Web Tools Adminstrator s Guide 99 53 1002152 01 7 Viewing trunk group information To disable trunking on a port or to re enable trunking if it has been disabled perform the following steps 1 Select a port in the Switch View to open the Port Admin window 2 Select the FC Ports tab 3 Fromthe tree on the left select the switch name or slot name 4 From the table select the port that you want to trunk You can select multiple ports from the table You cannot select multiple ports from the tree 5 Click the Show Advanced Mode button on Ports Admin Click either the Trunking Enable or Trunking Disable button If the button is unavailable then the selected port is already in that state 6 6 Click Yes in the confirmation dialog box Admin Domain considerations You can only enable and disable trunking for a port when the current Admin Domain owns the switch You can log in to a switch that is not in your Admin Domain but most of the functionality is unavailable F Port trunking should not be configured in physical fabric mode Viewing trunk group information 100 Use the Trunking tab on the Switch Administration window to view trunk group information hello Switch Administration Show Advanced Mode SwitchName hello DomainiD 200 0xC8 WWN 10 00 00 05 16 55 66 85 Tue Mar 09 2010 14 48
285. on of whether the event is from a logical switch or a chassis The number of successive events of the same kind Severity level Unique message identifier in the form modulelD messageType Detailed error message for root cause analysis There are eight message severity levels Emergency Alert Critical Error Warning Web Tools Adminstrator s Guide 53 1002152 01 Event monitoring 3 e Marginal e Notice e Information e Debug Table 8 lists the event message severity levels displayed on the Switch Events tab and explains what qualifies event messages to be certain levels On the Switch Events tab you can click the Filter button to launch the Filter Events dialog box The Filter Events dialog box allows you to define which events should be displayed on the Switch Events tab For more information on filtering events refer to Filtering Switch Events on page 50 TABLE 8 Event severity levels Icon and level Description Emergency level messages indicate a partial or complete failure of a Emergency subsystem Q Critical level messages indicate that the software has detected serious Critical problems that will eventually cause a partial or complete failure of a subsystem if not corrected immediately For example a power supply failure or rise in temperature must receive immediate attention This event does not compromise data or prevent the use of the system however the event warrants your attention
286. onfiguring NPIV ports The NPIV license must be installed on a switch before NPIV functionality can be enabled on any port For detailed information about understanding and configuring NPIV ports refer to the Fabric OS Administrator s Guide NOTE NPIV feature cannot be disabled when Access Gateway mode is enabled Web Tools Adminstrator s Guide 85 53 1002152 01 6 Port activation The NPIV Max Login Limit option configures the maximum number of permitted logins per NPIV port Each NPIV port can support up to 255 logins The range of valid values is from 1 through 255 logins per port The default value is 126 logins This feature supports virtual switches but not on physical switches Each port can have a different NPIV login limit value in each logical switch The NPIV Max Login column displays the value assigned to each port The column is displays by default on the far right hand side of the port listing view To configure an NPIV port perform the following steps 1 Select Port Admin Advanced Mode 2 Select the FC Ports tab 3 Fromthe tree on the left select the logical port you want to configure 4 Ifthe NPIV port is not already disabled click Disable The NPIV login limit for a port can be set only for disabled ports 5 Click NPIV Max Login The Configure NPIV Max Login dialog displays You can configure only one port at a time 6 Setthe number of logins to allow on the selected port and click OK Click Enable to bri
287. ontrols behavior for attempts to set the switch timestamp clock through the director console When it is enabled the director console Web Tools in this case displays warning indications when the switch timestamp is changed by a user application When it is disabled you can activate a function to automatically set the timestamp clock There is no indication for timestamp clock setting This parameter is set as disabled by the hardware after system installation and can be reset by Web Tools Host Control Prohibited 218 Determines whether host programming allows modifying port connectivity Enabling this mode prohibits host programming control of port connectivity otherwise host programming can manage port connectivity This parameter is set as disabled by the hardware after system installation and can be reset by Web Tools Web Tools Adminstrator s Guide 53 1002152 01 Displaying code page information 17 Configuring FMS mode parameters To configure FMS mode parameters perform the following steps 1 Select a FICON enabled switch from the Fabric Tree 2 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 3 Select the FICON CUP tab The FICON CUP page displays the FICON Management Server page All attributes on this page are read only until FMS mode is enabled 4 Toenable or disable an FMS mode parameter click the check box next to the parameter A ch
288. ools Adminstrator s Guide 53 1002152 01 31 3 32 Fabric and switch management overview If the switch is not a member of the selected Admin Domain most tabs in the Switch Administration window display in read only mode regardless of your permission level The User tab is editable because most of its information does not require switch membership in the current Admin Domain MMA 8 58 SW Switch Administration ET i8 xi Show Advanced Mode SwitchName MMA 8 58 SW DomainiD 58 0x34 WAAN 10 00 00 05 1e 53 89 9e Fri Nov 14 2008 19 35 53 GMT 00 00 Switch Network Firmware Download License User Trunking Switch Name and Domain ID Name MMA 8 58 SVV Manufacturer Serial AKD0313D00T Domain ID Supplier Serial Switch Status DNS Configuration Enable Disable DNS Server 1 DNS Server 2 Report Domain Name View Report Remove All Reboot Fastboot Reboot Fastboot Apply Close Refresh A Switch Administration opened Fri Nov 14 2008 19 34 59 GMT 00 00 Change current switch settings Mode Basic Free Professional Management Tool 10 32 52 58 ADO User admin Role admin s FIGURE 8 Switch Administration window Switch tab With the exception of switch time information displayed in the Switch Administration window is not updated automatically by Web Tools To update the information displayed in the Switch Administration window click the Refresh but
289. or FIGURE28 Switch Report window To check the physical health of the switch perform the following steps 1 Select a logical switch using the drop down list under Fabric Tree section in the Switch Explorer window The selected switch displays in the Switch View The icon on the Status button indicates the overall status of the switch 2 Click Status on the Switch View The detailed switch health report displays as shown in Figure 28 3 Optional Click the underlined links in the left panel to display detailed information about ports and Switch Availability Monitoring SAM Web Tools Adminstrator s Guide 53 1002152 01 Defining Switch Policy 10 NOTE The Port Detail Report and Switch Availability Monitor SAM reports display the details of only those ports which are members of the current Admin Domain context and the E Ports of the Switch 4 Optional Hold the cursor on the Action bar and click an action to perform one of the following options e Refresh the information displayed in the report e Customize the report e View the data in raw XML format e View the style sheet for the report e View the XML schema for the report Defining Switch Policy The Switch Policy dialog box lets you define the values for what you consider a healthy switch The parameters for Switch Policy define whether the unit is listed as being Healthy Marginal or Down Use this dialog box to set policy parameters for calculating the
290. or F Ports and E Ports 3 Close the window Web Tools Adminstrator s Guide 53 1002152 01 Authentication policy configuration 16 Setting a shared secret key pair DH CHAP requires a shared secret key pair between two entities to authenticate with each other A key pair consists of a local secret and a peer secret The local secret identifies the local switch The peer secret identifies the entity to which the local switch may authenticate To set a shared secret key pair perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Security Policies tab Select Authentication on the Security Policies menu Select the Shared Secret Keys subtab Click Add ao F WN The Add Shared Secret Keys dialog box displays 6 Enter the Switch WWN name or domain ID or use the Browse button to select a switch T Inthe Peer Secret and Confirm Peer Secret fields enter the peer secret value 8 Inthe Local Secret and Confirm Local Secret fields enter the local secret value 9 Click Add 10 When you are finished adding secret key pairs for switches click Apply Modifying a shared secret key pair You can edit and modify the secret key pairs by switch To modify a shared secret pair perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the
291. ority 41 persistently disable a port 85 platforms supported 5 polling rates 28 port membership in Admin Domains 76 port menu 27 port names assigning 82 port speed configuring 79 port swapping 91 port type configuring 79 port based routing 169 ports buffer limited 165 configuring 75 disabling 84 85 enabling 84 LEDs 144 long distance parameter 167 naming 82 Ports on Demand enabling 86 power supply status 141 142 preferences persist 19 printing effective zone configuration 133 performance graphs 115 protocol options 245 R R A TOV 41 RADIUS server about 196 199 configuring 197 enabling and disabling 196 modifying 197 modifying server order 198 removing 198 RAM requirements 5 RBAC pre defined roles 13 rebooting the switch 39 recommendations configuration tasks 29 for Web Tools 29 for zoning 136 refresh frequency setting 5 refresh rates 28 Web Tools Adminstrator s Guide 53 1002152 01 refreshing Admin Domain window 68 fabric information 68 121 Zone Admin window 121 removing licenses 45 RADIUS server 198 zone alias members 124 zone configuration members 130 zone members 126 renaming zone aliases 124 zone configurations 130 zones 126 replacing a WWN in zoning database 134 requirements Web Tools 4 restoring configuration file 58 right click menu 27 RLS probing enabling and disabling 43 Role Based Access Control Refer to RBAC router cost path
292. ort information of other switches is not displayed in the tree 3 Click a port from the Slot Port or Sid Did Selection List a Dragthe selected port into the Enter drag slot port number field b Click Retrieve preset EE monitors The current end to end monitors for that port are displayed in the Current EE monitors set for selected port table c Optional To display a performance graph for the current EE monitors set for the selected port click a SID DID pair in the table You can select multiple Source ID and Destination IDs Click Select If you selected multiple SID DID monitors click OK in the confirmation dialog box that displays Skip to step 6 If you do not want to display a performance graph for the current EE monitors set for the selected port continue with step 4 4 Select a source ID from the Port or Sid Did Selection List and click Add Sid You can also enter a source ID in the Enter drag SID number field Web Tools Adminstrator s Guide 111 53 1002152 01 8 112 Advanced performance monitoring graphs Select a destination ID from the Port or Sid Did Selection List and click Add Did You can also enter a destination ID in the Enter drag DID number field Click OK If you selected multiple EE monitors SIDs or PIDs a confirmation dialog box displays reminding you that one graph is opened for each selection Click Yes to display the graphs When you close a graph a dialog box asks if you want to save th
293. ose a gt Switch Administration opened Fri Jan 28 2011 17 43 29 GMT 00 00 Mode Basic Free Professional Management Too 10 24 51 56 FID 128 User admin Role admin V FIGURE 9 Blade tab 3 Select Blade Action gt Enable Blade for each blade you want to enable or Blade Action gt Disable Blade to disable a blade and click Yes in the confirmation dialog Disabling a blade does not turn off the blade it disables the ports on the blade You cannot enable or disable the CP blades Setting a slot level IP address To set an IP address perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the Blade tab Click Set IP address Select a slot number from the list Web Tools Adminstrator s Guide 53 1002152 01 Switch configuration 3 Enter the IP address subnet mask and Gateway IP address Select a type from the list Click Add to add the new entry to the table When you click Add the values remain in the fields The Clear Gateway and Clear IP buttons are available for clearing fields in the table NOTE To remove a configuration select a row in the table and click Delete 8 Click Apply to save the values currently shown in the table or click Cancel to close the dialog box without saving any of your changes 9 To update the switch with your changes update the table using the Add and Delete buttons
294. osen under Function and Network is chosen as the source of the configuration file 5 Enter the configuration file with a fully qualified path or select the configuration file name in the Configuration File Name field If you select USB as the configuration file source the network parameters are not needed and are not displayed You can skip to step 6 6 Usethe Fabric ID selector to select the fabric ID of the logical switch from which the configuration file is to uploaded The selector displays all the virtual fabric IDs that have been defined the default of 128 for the physical switch chassis level configuration and all chassis and switches Fabric ID I Fabric Virtual ChanjChassis Level Configuration Only All of Configurations including Chassis and switches FIGURE 12 Fabric ID selector NOTE If you are using a USB device it must be connected and mounted before you upload or download Refer to Uploading and downloading from USB storage on page 60 for more information T Click Apply You can monitor the progress by watching the Upload Download Progress bar Restoring a configuration 58 Restoring a configuration involves overwriting the configuration on the switch by downloading a previously saved backup configuration file Perform this procedure during a planned down time Make sure that the configuration file you are downloading is compatible with your switch model Configuration files from other mode
295. other devices e No Access Devices in the fabric cannot access any other device in the fabric Web Tools supports default zoning on switches running firmware v5 1 0 or later Default zoning on legacy switches switches running firmware versions prior to v 5 1 0 are not supported Legacy switches can use default zoning however they cannot manipulate the default zone or default configuration NOTE To use Admin Domains you must set the default zoning mode to No Access prior to setting up the Admin Domains To use the Admin Domain feature the EGM license must be enabled on the switch otherwise access to this feature is denied You cannot change the default zoning mode to All Access if user specified Admin Domains are present in the fabric To set the default zoning mode perform the following steps 1 Open the Zone Admin window refer to Opening the Zone Admin window on page 118 2 Select Zoning Actions gt Set Default Mode and then select the access mode Zoning management You can monitor and manage basic and traffic isolation zoning through the Web Tools Zone Admin window The information in the Zone Admin window is collected from the selected switch If the FCS policy is activated in the fabric zoning can be administered only from the primary FCS switch If the selected switch has an Advanced Zoning license installed but is not the primary FCS switch the Zone Admin option is displayed but not activated You must be lo
296. ou do not need to provide the current password if you are changing the password of a lower level user account Passwords can be from 8 through 40 characters long They must begin with an alphabetic or numeric character They can include alphanumeric characters the dot and the underscore _ They are case sensitive Passwords must also meet any additional password rules that were set up Refer to Setting the rules for passwords on page 182 for more information To change the password of an account perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the User tab Web Tools Adminstrator s Guide 181 53 1002152 01 16 User defined accounts 182 Select the account to modify If you are logged in as a switchadmin you can only change the password of your own account Click Change Password The Set User Account Password dialog box displays Enter the current password of the account This step is required only if you are changing the password of your own or a peer admin account Enter the new password of the account The new password must have at least one character different from the old password Retype the new password in the Confirm Password field Click OK Click Apply to save your changes Setting the rules for passwords To set rules for passwords perform the following steps 1 Open the Switch Adm
297. ou were working on to retrieve related data If your request did not get through to the switch resubmit it Executing a refresh from Web Tools retrieves a copy of switch data at that moment the data you entered can be lost if it had not already committed to the switch Inband management support Java cache Fabric OS v7 0 0 supports Web Tools SNMP polling and SNMP traps only in IPv4 on the Brocade 7800 and FX8 24 If the Web Tools progress bar stops at 93 percent when initializing switch details you must clear the Java cache as described in Deleting temporary internet files used by Java applications on page 6 Java Plug in 244 If you have a Web Tools session open and you open a second session using the File gt New browser menu this results in unexpected behavior of the original Web Tools session For example you cannot change Admin Domains in the second session Web Tools supports only one browser instance per JRE and when you open another window using the File New menu the two windows share the same JRE environment Workaround Open two independent browser sessions Web Tools Adminstrator s Guide 53 1002152 01 TABLE 21 Area Loss of Connection 19 General Web Tools limitations Web Tools limitations Continued Details Occasionally you might see the following message when you try to retrieve data from the switch or send a request to the switch Switch Status Checking The switch is not curre
298. owing error message Enabling FMS mode requires FICON CUP license installed on the switch Contact your preferred storage vendor for more details Enabling port based routing 216 Port based path selection is a routing policy in which paths are chosen based on ingress port and destination only This also includes user configured paths All ports with FICON devices attached must have port based routing policy enabled Port based routing is a per switch routing policy After port based routing is enabled you can continue with the remaining FICON implementation To enable port based routing perform the following steps 1 Select a switch with FICON devices attached from the Fabric Tree 2 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 3 Click the FICON CUP tab If the EGM license is not installed on the switches using CUP protocol access to this feature is denied and an error message displays If the EGM license is enabled the FICON CUP tab is available 4 Click Enable in the FICON Management Server Mode section to enable the port based routing policy or click Disable to disable port based routing NOTE While enabling FMS mode with online devices connected to FE FF the below error will be shown FMS mode enable failed due to port s with areas OxFE or OxFF is are connected to device s 5 Click Apply to save your changes Web Tools Adminstrator s Guide 53
299. perform the following steps 1 2 Select a switch Click Switch Admin in the Manage section under Tasks The Switch Administration dialog box displays Click Disable in the Switch Status section You can enable Access Gateway mode only after the switch is disabled Click Enable in the Access Gateway Mode section Click Apply Click Yes to restart the switch in Access Gateway mode Disabling Access Gateway mode To disable Access Gateway mode perform the following steps 1 2 Select a switch Click Switch Admin in the Manage section under Tasks The Switch Administration dialog box displays Click Disable in the Switch Status section You can disable Access Gateway mode only after the switch is disabled Click Disable in the Access Gateway Mode section Click Apply Click Yes to restart the device in native switch mode Viewing the Access Gateway settings You can view the effective Access Gateway settings for the selected switch The view can be customized To view the Access Gateway settings select Tasks Monitor Access Gateway Devices The Access Gateway Device Display dialog box displays Port configuration 156 You can configure the port types N Port F Port on each individual port on an Access Gateway enabled switch When you configure ports you can specify a global configuration policy using the Port Configuration Policy button By default Advanced is selected and sets the initial defaults fo
300. plays the content of the selected configuration from the switch in a table format Figure 43 3 Optional Select the check box corresponding to a port you want to block on the Block column Repeat this step for all ports you want to block Select the Block All check box to block all ports 4 Optional Select the check box corresponding to a port you want to prohibit on the Prohibit column Repeat this step for all ports you want to prohibit Select the Prohibit All check box to prohibit all ports The cells in the matrix are updated with crossed circle icons to identify prohibited ports FE and FF ports are not shown in the Allow Prohibit Matrix dialog The FE and FF Ports state displays only in the Port Admin page 5 Optional Click the individual cells corresponding to the combination of ports you want to prohibit You cannot prohibit a port to itself If you prohibit E Port E E connection or E F connection a warning message is displayed You have placed a prohibit on an E Port This has no effect for Fabric OS based fabrics 6 Review your changes A blue background in a cell indicates that its value has been modified After you have finished making changes do any of the following Click Activate to save the changes and make the configuration active immediately as described in Activating an Allow Prohibit Matrix configuration on page 223 e Click Save to save the changes but not make the configuration active e Clic
301. port count If there are user defined Admin Domains ADO does not show the port count and the user defined AD displays the port count Refreshing fabric information This function refreshes the display of fabric elements only switches ports and devices It does not affect any zoning element changes or update zone information in the Zone Admin window You can refresh the fabric element information displayed at any time To refresh fabric information 1 Open the Zone Admin window 2 Select View gt Refresh From Live Fabric This refreshes the status for the fabric including switches ports and devices NOTE Depending on the role associated with your user name or if the switch is owned by the current Admin Domain you are logged in to you may not be able to modify zones or ports in other Admin Domains Refreshing Zone Admin window information The information displayed in the Zone Admin window is initially a snapshot of the contents of the fabric zoning database at the time the window is launched Any changes you make to this window are saved to a local buffer but they are not applied to the fabric zoning database until you invoke one of the transactional operations listed in the Zoning Actions menu Web Tools Adminstrator s Guide 121 53 1002152 01 9 122 Zoning management Any local zoning changes are buffered by the Zone Admin window until explicitly saved to the fabric If the fabric zoning database is independently chan
302. pply to some switches but not to others this guide identifies exactly which switches are supported and which are not Although many different software and hardware configurations are tested and supported by Brocade Communications Systems Inc for Fabric OS v7 0 0 documenting all possible configurations and scenarios is beyond the scope of this document The following hardware platforms are supported by this release Brocade 300 Brocade 5100 Brocade 5300 Brocade 5410 Brocade 5424 Brocade 5450 Brocade 5460 Brocade 5470 Brocade 5480 Brocade NC 5480 Brocade 6510 Brocade 7800 Extension Web Tools Adminstrator s Guide 53 1002152 01 The following blades are supported by this release Brocade 8000 Brocade DCX 8510 4 Brocade DCX 8510 8 Backbone Brocade DCX Backbone Brocade DCX 4S Backbone Brocade Encryption Switch Brocade VA 40FC Brocade CORE 8 blade Brocade CP8 blade Brocade CR16 4 blade Brocade CR16 8 blade Brocade CR4S 8 blade Brocade FC10 6 port blade Brocade FC16 32 port blade Brocade FC16 48 port blade Brocade FC8 16 port blade Brocade FC8 32 port blade Brocade FC8 48 port blade Brocade FC8 64 port blade Brocade FCOE10 24 blade Brocade FR4 18i router blade Brocade FS8 18 Encryption blade Brocade FX8 24 Extension blade What s new in this document The following major additions have been made since this document was last released DCFM has been changed to Brocade Network Advisor CEE has been changed t
303. pported 4 buffer limited ports 165 C changing domain ID 38 passwords 181 switch name 38 class F traffic 41 clearing temporary internet files 6 clearing the zoning database 135 closing Admin Domain window 69 sessions 12 code page displaying 219 247 configuration Access Gateway mode 153 upload 155 configuration file Admin Domain considerations 59 backing up 57 restoring 58 configuring Allow Prohibit Matrix 220 arbitrated loop parameters 42 backbone fabric ID 150 default heap size 8 EX Ports 148 fabric parameters 41 FAN frame notification parameters 42 FC ports 79 FCR router cost 149 FICON Management Server parameters 218 IOD frames delivery 172 Java Plug in 8 link cost 172 long distance settings 167 port speed 79 port type 79 ports 75 RADIUS server 197 routes 169 syslog IP address 34 system services 43 virtual channel settings 42 configuring FCR router port costs 149 Control Device state 219 Control Unit Port Refer to CUP copper GigE 84 85 copying Allow Prohibit Matrix configuration 223 CP failover initiating 48 creating Admin Domains 69 basic performance graphs 109 SCC DCC policy 187 SCSI command graphs 112 SCSI vs IP traffic graphs 112 SID DID performance graphs 111 zone aliases 123 zone configurations 129 zones 125 creating FCS policy 187 customizing basic performance graphs 109 248 D datafield size 41 default zoning 119 deleting
304. prise class platforms loss of network connectivity is up to 5 minutes if the power on self test POST is disabled If POST is enabled the loss of network connectivity can exceed 5 minutes Brocade 300 5100 5300 6510 7800 8000 VA 40FC and the Encryption Switch Loss of network connectivity is up to 1 minute if POST is disabled If POST is enabled the loss of network connectivity can exceed 1 minute Firmware downgrade If you try to run Web Tools on a switch after downgrading the firmware Web Tools may not open This is due to the presence of old application cache files in Java The workaround is to delete the application cache files using the Java Control Panel After upgrading or downgrading the firmware delete the application cache files HTTP timeout Occasionally you might see the following message when you try to get data from a Switch or to send a request to the switch Failed to get switch response Please verify the status of your last operation and try again if necessary This indicates that an HTTP request did not get a response The request was sent to the Switch but the connection was down probably caused by a temporary loss of the Web server on the switch Due to the nature of an HTTP connection Web Tools reports this error after a 90 second default timeout In this case verify the status of your last request using Telnet to check related status or click the Refresh button from the Web Tools application y
305. r License ID Displays the license ID e RNID Type Type of the switch Model Model of the switch Tag Tag of the switch Sequence number Sequence number of the switch nsistent Domain ID Current status of the Insistent Domain ID mode of the switch Mode Manufacturer Manufacturer of the switch Manufacturer Plant Plant where the switch was manufactured For more information refer to Displaying switch information on page 139 Free Professional Management tool You can use the Professional Management tool with Web Tools to view connectivity for each fabric to back up and restore last known configurations and more You can also use it with the Enhanced Group Management license to manage groups of switches download firmware manage security settings and deploy configurations across groups of switches Contact your preferred storage supplier to get a complimentary copy of the Professional Management tool Launch the install wizard for the free Professional Management tool through the link located at the bottom of the Switch Explorer Displaying tool tips 26 When you rest the cursor over a Web Tools button the system displays a brief description of the button If you rest the cursor over most components the system displays tool tip information about the component In the Fabric Tree you can rest the cursor over a switch to view its type Ethernet IP IPFC and status of the switch In Switch View you can r
306. r port types groups and the F Port to N Port mappings When the policy is Automatic the port type assignments and mappings are configured automatically based on device and switch connections and internal load balancing and grouping user controls are disabled When you configure ports perform the tasks in the following order 1 Configure N Ports if necessary Use the Edit Configuration button to configure a port 2 Configure N Port groups Web Tools Adminstrator s Guide 53 1002152 01 Port configuration 12 3 Configure F Port to N Port mappings You can set up primary and secondary mappings The secondary mapping is the N Port to which an F Port is mapped when the primary N Port mapping goes offline 4 Configure WWN N Port mappings Creating port groups You can group a number of N Ports and its mapped F Ports together to connect to multiple independent fabrics or to create performance optimized ports To group a number of ports you must create a new port group and assign desired N Ports to it The N_Port grouping option is enabled by default and all N Ports are members of a default port group O pgO Access Gateway prevents failover of F Ports across N Port groups NOTE If you want to distribute F Ports among groups you can leave all ports in the default port group O or you can disable N Port grouping To create port groups perform the following steps 1 Click a port in the Switch View to open the Port
307. r a recipient from the corresponding Trap Level menu in the SNMPv1 and SNMPv3 sections The level you select identifies the minimum event level that prompts a trap NOTE Adding or editing the user name can be done only through the CLI and by selecting a user name from the User Name menu in the SNMPv3 section 4 Click Apply Changing the systemGroup configuration parameters To change the systemGroup configuration parameters perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the SNMP tab Enter a contact name description and location in the SNMP Information section Optional Select the Enable Authentication Trap check box to allow authentication traps to be sent to the reception IP address 5 Click Apply Setting SNMPv1 configuration parameters To set SNMPv1 configuration parameters perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the SNMP tab Web Tools Adminstrator s Guide 53 1002152 01 SNMP configuration 16 3 Double click a community string in the SNMPv41 section and enter a new community string 4 Double click a recipient IP address in the SNMPv1 section and enter a new IP address 5 Click Apply Setting SNMPv3 configuration parameters NOTE The port number is not included To set SNMPv3 configur
308. r field using the Domain Index D lI format 3 Click Apply to enforce the added members and then click OK to accept the changes Web Tools Adminstrator s Guide 53 1002152 01 Modifying Admin Domain members 5 Activating or deactivating an Admin Domain To activate or deactivate an Admin Domain perform the following steps 1 Open the Admin Domain window 2 Fromthe tree on the left select the Admin Domain you want to activate or deactivate 3 Click Activate to activate the Admin Domain or click Deactivate to deactivate the Admin Domain 4 Select Actions Save AD Configuration to save the new Admin Domain configuration to persistent storage 5 Select Actions gt Apply AD Configuration to enforce the new Admin Domain configuration as the effective configuration ATTENTION When you deactivate an Admin Domain the members or devices assigned to the domain can no longer access its hosts or storage unless those devices are part of another Admin Domain When you deactivate an Admin Domain no one can use this Admin Domain to log in to a Switch Modifying Admin Domain members To modify members from an Admin Domain perform the following steps 1 Open the Admin Domain window 2 Fromthe tree on the left select the Admin Domain you want to modify 3 Click Modify The Modify Admin Domain wizard displays the Membership step 4 Assign members to the Admin Domain by selecting them in the Available Members section and clickin
309. rate the Tunnel and TCP performance monitor graphs You can launch maximum of four Tunnel and TCP graphs for a switch at a time A total of 16 TCP connection graphs can be launched for a switch The TCP graphs available are e Sender RoundTrip e Sender RoundTripVariance e TCP DupAck e TCP OOS e TCP SlowStart e TCP FastRetransmit e TCP Tx MB sec e TCP Rx MB sec The Tunnel graphs available are e Throughput MB sec e Effective Throughput MB sec e CompressionRatio For TCP connection graphs tool tip is displayed only for all selected connections To create a Tunnel and TCP graph perform the following steps 1 Select Monitor gt Performance Monitoring The Performance Monitoring window displays 2 Select Performance Graphs gt Tunnel and TCP Graph The Tunnel and TCP Graph dialog box displays Web Tools Adminstrator s Guide 113 53 1002152 01 8 Saving graphs to a canvas 3 Selectthe tunnel from the Tunnels drop down list for which you want to generate the graphs For Brocade 7800 extension switch you can have maximum six circuit connections in a tunnel and for FX8 24 DCX extension blade you can have maximum of ten circuit connections in a tunnel 4 Inthe Tunnel and TCP area at the bottom of the screen select the required check boxes for the statistic you want to graph Note that each column represents a different graph 5 Click Options to set the display options for the graphs e Ranges The range is from 3 through 3
310. re e Self WWN of your current switch e Other Switch WWN If you choose Other Switch WWN you must enter the WWN of that switch in the provided field 6 Under Login Member Configuration select either Allow All Members or Allow Specific Member e If you select Allow All Members all devices attached to FCoE ports are allowed to log in to the switch Web Tools Adminstrator s Guide 237 58 1002152 01 18 Displaying FCoE port information e If you select Allow Specific Member you can control which devices can log in using Member Type Member PWWN MAC and the Add and Remove buttons as described below a Select Model2 as Member Type a Enter the port WWN in hexadecimal format in the Member PWWN MAC field and click Add The WWN displays under Allowed Login Members If you decide a member should not be on the list highlight the entry and click Remove T Click OK Displaying FCoE port information There are 24 internal FCoE Ports that bridge FC and Ethernet traffic You can view FCoE port information from the Port Administration panel To display FCoE port information perform the following steps 1 Select the FCoE Ports tab on the Port Administration panel The initial view displays a summary of all FCoE ports on the switch Figure 46 Vi Auto Refresh Interval 45 seconds FC Ports DCBinterfaces FCoE Poris FC Ports Explorer E NE E Porto E Port 1 Sl Port2 Configure N Port Groups E Port 3 QoS v CSCT
311. rea under Tasks click Performance Monitor The Performance Monitoring window displays 108 Web Tools Adminstrator s Guide 53 1002152 01 Creating basic performance monitor graphs 8 Creating basic performance monitor graphs To create the basic performance monitor graphs listed in Table 11 on page 105 perform the following steps 1 Open the Performance Monitoring window 2 Select Performance Graphs gt Basic Monitoring gt Graph Type Depending on the type of graph you select you might be prompted to select a slot or port for which to create a graph 3 If prompted drag the port into the Enter drag slot port field or manually enter the slot and port information in the field in the format slot port NOTE For the Brocade 300 5100 5300 6510 VA 40FC 7800 Extension 8000 and the Encryption Switch enter only a port number 4 Click OK The graph is displayed in a window in the Performance Monitoring window Customizing basic monitoring graphs You can customize some of the basic performance monitoring graphs to display information for particular ports For the Brocade 8510 8 Brocade 8510 4 and Brocade DCX and DCX AS enterprise class platforms you can also customize these graphs to display information for a slot You can customize the following graphs e Switch Throughput Utilization e Switch Percent Utilization e Port Snapshot Error The following procedure assumes that you already created one of these cu
312. reating unique user account roles refer to User defined accounts on page 175 TABLE 5 Predefined Web Tools roles Role Description admin You have full access to all of the Web Tools features operator You can perform any actions on the switch that do not affect the stored configuration securityadmin You can perform actions that do not affect the stored configuration switchadmin You can perform all actions on the switch except the following You cannot modify zoning configurations You cannot create new accounts e You cannot view or change account information for any accounts You can only view your own account and change your account password zoneadmin You can only create and modify zones fabricadmin You can do everything the Admin role can do except create new users basicswitchadmin You have a subset of Admin level access user You have nonadministrative access and can perform tasks such as monitoring system activity Session management A Web Tools session is the connection between the Web Tools client and its managed switch A session is established when you log in to a switch through Web Tools When you close Switch Explorer Web Tools ends the session Asession remains in effect until one of the following happens e You log out e You close the Switch Explorer window e The session ends due to inactivity time out Web Tools Adminstrator s Guide 13 53 1002152 01 1 Web Tools system logs A s
313. ric Wide Consistency Policy configuration 190 Fabric Wide Consistency Policy FWCP configures the Fabric Wide Consistency behavior of distributable ACL policies The policy ensures that the switches in the fabric enforce the same policies Set a strict or tolerant fabric wide consistency policy for each ACL policy type SCC DCC FCS to automatically distribute that database when a policy change is activated If a fabric wide consistency policy is not set then the policies are managed on a per switch basis To set the fabric wide consistency policy for an SCC DCC or FCS policy perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Security Policies tab Under Security Policies click FWCP 4 Select one of the following consistency behavior for the required policy type SCC DCC FCS Absent Tolerant Strict Web Tools Adminstrator s Guide 53 1002152 01 Authentication policy configuration 16 NOTE You can change the consistency behaviors of SCC DCC or FCS policy only for a primary switch Click Apply Click Yes to accept the changes NOTE If the switch is not a primary switch an error message dialog box displays Click No to discard the changes and click Refresh in the FWCP Configuration window to manually refresh the window Click Close Authentication policy configuration You can configure an authenticatio
314. rivileges FIGURE38 Switch Admin Add User Defined Role dialog 6 To grant the role a read write privilege select the privilege and click the right arrow next to the Read amp Write Privileges section You can select multiple privileges T To grant the role a read privilege select the privilege and click the right arrow next to the Read Privileges section You can select multiple privileges 8 To delete a privilege select it and click left arrow 9 Click OK to save your changes Access control list policy configuration 186 Support for the Access Control List ACL policies is currently defined in the Switch Connection Control SCC and Device Connection Control DCC policies SCC and DCC policy configuration in base Fabric OS is performed on a switch local basis Fabric Configuration Server FCS Policy can be created only once While creating the FCS policy the local switch WWN is automatically included in the list In the FCS list the switch in the first position becomes the primary FCS switch If the first switch in the FCS list is not reachable the next switch becomes the primary switch You can also explicitly specify the primary FCS switch If there is no SCC DCC or FCS policy the defined and active list is blank Web Tools Adminstrator s Guide 53 1002152 01 Access control list policy configuration 16 Virtual Fabrics considerations ACL policies can be implemented at the logical switch log
315. rm the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Click Show Advanced Mode Select the Security Policies tab Select the FCS tab Click Move FCS Switch Select the appropriate from and to positions Click Apply NDT R WN After you move all the member switches click Apply and Close Configuring Advanced Device Security policy The ADS policy allows you to restrict devices that are logged into the fabric using a particular F_Port When this policy is enabled only authorized devices are allowed to login into the fabric This can be achieved by allowing all the devices blocking all the devices or giving access to selected devices ADS is supported only in Access Gateway mode The restrictions to device login are e All Access Allows all the devices to login into the fabric through that F_Port e No Access Blocks all the devices trying to login into the fabric through that F Port e WWNs Allows only selected WWNs to login into the fabric through that F Port NPIV capable device port WWN s can also be added to the allowed list of device port WWN s for the particular F Port Web Tools Adminstrator s Guide 189 53 1002152 01 16 Fabric Wide Consistency Policy configuration When the ADS policy is enabled first time all the F Ports are set to All Access and all the devices are allowed to login into fabric This configuration persist
316. rocade Encryption Switch e Brocade 300 5300 and 5100 switches Brocade VA AOFC e Brocade 8000 Brocade 7800 For non 8 Gbps platforms all functionalities are available without EGM license You cannot manage zones with AD255 because AD255 does not have a zone database associated with it Admin Domain membership Switches ports and devices can be members of an Admin Domain Admin Domain members can be either direct or indirect members as described below Direct members Devices switches and ports that you explicitly add to an Admin Domain Direct members are listed in the Admin Domain membership list e Indirect port members Ports that are implicitly added as part of an Admin Domain when any of the following occurs Adevice that is connected to a port was added to the Admin Domain Aswitch to which the port belongs is a member of the Admin Domain e Indirect device members Devices that are connected to ports that are direct members of an Admin Domain Enabling Admin Domains The default zone mode setting gives attached devices either All Access to all devices or No Access to all devices To begin implementing an Admin Domain structure within a SAN you must set the default zone mode to No Access You must be in ADO to change the default zone mode After the default zone mode is set to No Access you cannot change it from the physical fabric NOTE The term physical fabric is used in Web Tools only Even thou
317. rocedures instruct you in increasing the default heap size in the Java Control Panel and in setting the default browser Configuring the Java plug in for Windows To configure Java plug in for Windows perform the following steps 1 2 3 From the Start menu select Settings gt Control Panel gt Java Click the Java tab In the section Java Applet Runtime Settings click View The Java Runtime Settings dialog box displays Double click the Java Runtime Parameters field and enter the following information to set the minimum and maximum heap size Xms256m Xmx256m In this example the minimum and maximum sizes are both 256 MB Click Apply to apply your settings and close the Java Control Panel Web Tools Adminstrator s Guide 53 1002152 01 Value line licenses 1 Configuring the Java plug in for Mozilla family browsers To configure Java plug in for Mozilla family browsers perform the following steps 1 From the Start menu select Settings gt Control Panel 2 Click the Advanced tab and expand the Default Java for browsers option as shown in Figure 2 on page 9 Java Control Panel Bm E3 General Update Java Security Advanced Settings 4 Debugging Java console Default Java for browsers Microsoft Internet Explorer Iv Mozilla Family Shortcut Creation JNLP File MIME Association JRE Auto Download Security Miscellaneous ma __ FIGURE 2 Default Java for browsers option 3 Selec
318. roup LAG with which this port is associated If no ID is specified the port is not associated with any LAG Web Tools Adminstrator s Guide 53 1002152 01 Switch administration and FCoE 18 L2 Mode The values are Access Trunk or Converged Access mode allows only one VLAN association and allows only untagged frames Trunk mode allows more than one VLAN association and allows tagged frames Converged mode interface can be native untagged or access in one VLAN and it could be non native trunk or tagged type in more than one VLAN DCB Map The name of a DCB map that was created and associated with the port Traffic Class Map The name of a traffic class map that was created and associated with the port LLDP Status Indicates whether LLDP is active or inactive LLDP Profile The name of an LLDP profile that was created and associated with the port FCoE Priority Bits Each bit represents a user priority that is associated with FCoE traffic Default CoS The default Class of Service Switch administration and FCoE The DCB tab on the Switch Administration panel is specific to DCE and DCB configuration and management The DCB tab has five subtabs Figure 45 that are used for FCoE switch administration I Link Aggregation Link Aggregation VLAN FCoE Login Group QoS LLDP DCBX FIGURE45 Switch Administration DCB subtabs FCOE configuration tasks There are several tasks related to FCOE configuration The followin
319. rval To view additional information select Show Advanced Mode An Advanced tab and an Error Detail tab are added next to Basic Mode The Advanced tab displays DCB transmission statistics and the Error Details tab displays transmission error statistics To display DCB interface statistics perform the following steps 1 Select the DCB Interfaces tab on the Port Administration panel 2 Underthe DCB Interface Explorer select a port 3 Select the Port Statistics tab Configuring a DCB interface from the Switch View DCB interfaces can be enabled and disabled from a right click menu on the Switch View To enable or disable a DCB interface from the Switch View perform the following steps 1 Right click the port to display the right click menu 2 Select Configure to display the Enable and Disable options 240 Web Tools Adminstrator s Guide 53 1002152 01 Configuring a DCB interface from the Port Admin panel 18 Configuring a DCB interface from the Port Admin panel DCB interfaces can be enabled and disabled from the Port Administration panel To enable or disable a DCB interface from the Port Administration panel perform the following steps 1 Select the DCB Interfaces tab on the Port Administration panel 2 Underthe DCB Interface Explorer select the port you want to enable or disable 3 Select the General tab This tab is normally pre selected You can follow either of the following options to enable or disable the i
320. rver subtabbed page in front All attributes on this tab are read only until FMS Mode is enabled The control device state is displayed as neutral or switched in the Control Device Allegiance field NOTE If FMS mode is enabled and the control device state is unavailable the FICON CUP Busy Error is displayed Click Reset Allegiance in the error message to reset the control device state to its correct state Allow Prohibit Matrix configuration 220 In the Allow Prohibit Matrix subpanel you can manage the configuration files and active configuration All configuration files and the active configuration are listed in a table The active configuration is listed as Active Configuration and the description in the table is Current active configuration on switch The other special configuration file is the IPL Any other files displayed are user defined configurations and are stored on the switch You can create activate copy or delete saved Allow Prohibit Matrix configurations however you can only edit or copy a configuration while it is active You can also activate edit or copy the IPL configuration You must have FMS mode enabled before you can make any changes to the configurations Click Refresh to get the latest configuration file list from the switch When creating a new configuration or editing an existing configuration the Web Tools port name is restricted to printable ASCII characters Characters beyond printable ASCII
321. s Select any port from the port group in which you want to create the trunk group Select F Port Trunking The F Port Trunking dialog box displays Select one or more ports in the Ports for trunking pane A dialog box displays asking you to select a trunk index Select the trunk index from the drop down list populated with the index for all the ports Atrunk group is created identified by the trunk index and containing the port you selected Select the trunk group you just created Add Members becomes active Additional ports can be added by selecting a port from Ports for trunking table and then clicking Add Members NOTE To remove a port from the trunk group select the port from Trunk Groups table and then click Remove Members Click OK to save your changes Web Tools Adminstrator s Guide 53 1002152 01 Chapter Monitoring Performance 8 In this chapter Periormange Monitor RO uec cease quce adul spl Qe io dah a el D NUR do 103 Opening the Performance Monitoring window eeseesss 108 e Creating basic performance monitor graphs 0020 0s eee 109 Custamizing basic MONINE graplis oo ce ck ee sollen rete RR 109 Advanced performance monitoring graphS 00 ee eee eee 111 Tunnel and TCP performance monitoring graphs lusus 113 Savne graphs ig B Canas cear Shea dierent Masa que a Made E BA AERE 114 Adding graphs to an existing canvas isssso enr 115 e Pribil
322. s Name Server entries listed in the Simple Name Server database This includes all Name Server entries for the fabric not only those related to the local domain Each row in the table represents a different device You can click the column head to sort the events by a particular column and drag the column divider to resize a column You can also right click a column heading to resize one or all columns sort the information in ascending or descending order or select which columns are displayed Admin Domain considerations The Name Server table is filtered based on Admin Domain membership of the fabric devices The Name Server table lists only devices that are part of your current Admin Domain This includes devices that are direct members of the Admin Domain and devices that are attached to ports that are direct members of the Admin Domain All other fabric devices are filtered out of the Name Server view for the current Admin Domain Refer to Admin Domain membership on page 65 for information about direct and indirect members Web Tools Adminstrator s Guide 51 53 1002152 01 3 52 Displaying the Name Server entries For FICON devices The Name Server table lists the request node identification RNID information To display the Name Servers perform the following steps 1 Select Tasks gt Monitor gt Name Server The Name Server window displays To set an autorefresh rate for the Name Server entries select the Auto Refresh che
323. s are displayed The Switch Information tab displays information about the following items e Switch Name Status Fabric OS Version Domain ID WWN Type Role Name of the switch Status of the switch Fabric OS version of the switch Domain ID of the switch World Wide Name of the switch Type of the switch Role of the switch The following information is specific to Virtual Fabrics Base Switch Default Switch Allow XISL Use Ethernet Zone Web Tools Adminstrator s Guide 53 1002152 01 Ethernet IPv4 Ethernet IPv4 subnet mask Ethernet IPv4 gateway Ethernet IPvG IPFC IPv4 Indicates whether or not the logical switch can act as a base Switch Indicates whether or not the logical switch is the default logical switch Indicates whether or not the logical switch is allowed to connect to other logical switches using an extended inter switch link XISL Ethernet IPv4 address of the switch Ethernet IPv4 subnet mask address of the switch Ethernet IPv4 gateway address of the switch Ethernet IPv6 address of the switch Fiber Channel IPv4 address IPFC IPv4 subnet mask Fiber Channel IPv4 subnet mask address Effective Configuration Indicates whether zone configuration is enabled or not 25 2 Displaying tool tips Other Manufacturer serial number Displays the serial number of the manufacturer Supplier serial number Displays the serial number of the supplie
324. s detected issue the supportSave command on the affected switch This command packages all error logs the supportShow output and trace dump and moves these to your FTP server You can also configure your switch to automatically copy trace dumps to your FTP server refer to Setting up automatic trace dump transfers In addition to automatic generation of trace dumps on faults you can also generate a trace dump manually or when certain system error messages are logged This is normally done with assistance from Brocade customer support when diagnosing switch behavior For details on the commands refer to the Fabric OS Command Reference Setting up automatic trace dump transfers You can set up a switch so that diagnostic information is transferred automatically to a remote server Then if a problem occurs you can provide your customer support representative with the most detailed information possible To ensure the best service you should set up for automatic transfer as part of standard switch configuration before a problem occurs Setting up for automatic transfer of diagnostic files involves the following tasks e Specifying a remote server to store the files Enabling the automatic transfer of trace dumps to the server Trace dumps overwrite each other by default sending them to a server preserves information that would otherwise be lost Specifying a remote server The switch must belong to your current Admin Domain before
325. s for subsequent logins from all devices Existing devices that are already logged into the fabric are not affected When the ADS policy is disabled all the allowed lists are cleared and all the devices are allowed to login into the fabric To configure ADS policy perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Click Show Advanced Mode Select the Security Policies tab to configure the ADS policy in Access Gateway mode Select the ADS option Ov d GN Select the Enable ADS Policy option The Configure Advanced Device Security Port WWN table displays 6 Optional Select an F Port from the table and click the Edit button The ADS Port WWN Configuration dialog displays You can configure device port WWN s that can be allowed to login to a particular F Port by adding them to the Selected WWN list Select either All Access or a list of selected WWNs 8 Optional You can add the detached port WWN to the selected WWN s list by adding the WWN in the detached WWN text field and clicking Add 9 Optional For a selected F Port if you select the Show device WWN connected to this port check box of the ADS Port WWN Configuration dialog only connected devices are listed in Available WWN s list When you deselects the check box all the connected device port WWN s and detached WWN s added to the AG are listed in the Available WWN S list Fab
326. se the Performance Monitor Canvas dialog box 8 Click Close to close the Canvas Configuration List 116 Web Tools Adminstrator s Guide 58 1002152 01 Chapter Administering Zoning 9 In this chapter s ZORNE ENIO Sac e D ai Seal gas E Rd 117 Zonihg conTIBUFSUDEIS aaa oar RERRRA EAR EO ewe ae eee ee 118 Zoning Ka age EE sosu sss pRRIEARAE PAR ERDEETRRRETR eee Keak ee 119 e Zone configuration and zoning database management 128 Best practices TOF ZODIn B saxa d dEWAGEREAERERA A RNAOER RON ER NON CR 136 Zoning overview This chapter describes zoning and provides the procedures for managing zoning The Zone Admin window provides two zoning options on the left pane Basic zones Traffic isolation zones You can perform basic zoning and traffic isolation zones using Web Tools and Web Tools with the EGM license Basic zones Basic zoning enables you to partition a storage area network SAN into logical groups of devices that can access each other For example you can partition a SAN into two zones winzone and unixzone so that the Windows servers and storage do not interact with UNIX servers and storage Zones can be configured dynamically They can vary in size depending on the number of fabric connected devices and devices can belong to more than one zone Because zone members can access only other members of the same zone a device not included in a zone is not available to members of that zone
327. sive To manually change static F N port mappings perform the following steps 1 Click a port in the Switch View to open the Port Administration window Click the FC Ports tab Click Configure F_N Port Mappings Select the Static Mappings subtab on the right side of the dialog Qv dm Qo UID In the Primary Mappings area select ports and use the Add right arrow button to map F Ports or U Ports to N Ports Optional Use the Remove left arrow button to delete an F Port mapping from an N Port After you have made the appropriate changes click Save Defining custom WWN N port mappings NOTE Static mappings and custom WWN N port mappings are mutually exclusive To manually change WWN N port mappings perform the following steps Web Tools Adminstrator s Guide 159 58 1002152 01 12 Access Gateway policy modification fog IN ree e Open the Port Administration window Click the FC Ports tab Click Configure WWN N Port Mappings In the Primary Mappings area select a WWN from the left pane and a group or port from the right pane Click the Add right arrow button to map the WWN to the port or port group Optional Expand the port in the right page and select the WWN and then use the Remove left arrow to remove the mapping Optional Define a failover in the Secondary Failover Mappings area by selecting the ports using the Add and Remove buttons to set up the secondary mappings The WWN fails over to the
328. son or entity with respect to any loss cost liability or damages arising from the information contained in this book or the computer programs that accompany it The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements To find out which open source software is included in Brocade products view the licensing terms applicable to the open source software and obtain a copy of the programming source code please visit http www brocade com support oscd Brocade Communications Systems Incorporated Corporate and Latin American Headquarters Brocade Communications Systems Inc 1745 Technology Drive San Jose CA 95110 Tel 1 408 333 8000 Fax 1 408 333 8101 E mail info brocade com European Headquarters Brocade Communications Switzerland S rl Centre Swissair Tour B 4 me tage 29 Route de l A roport Case Postale 105 CH 1215 Gen ve 15 Switzerland Tel 41 22 799 5640 Fax 41 22 799 5641 E mail emea info brocade com Asia Pacific Headquarters Brocade Communications Systems China HK Ltd No 1 Guanghua Road Chao Yang District Units 2718 and 2818 Beijing 100020 China Tel 8610 6588 8888 Fax 8610 6588 9999 E mail china info brocade com Asia Pacific Headquarters Brocade Communications Systems Co Ltd Shenzhen WFOE Citic Plaza No 233 Tian He Road North Unit 1308 13th Floor Guangzhou China Te
329. ss physical SAN boundaries without merging the fabrics while maintaining the access controls of zones Note the following terminology for Fibre Channel Routing backbone fabric An FC Router can connect two edge fabrics a backbone fabric connects FC Routers The FC Router fabric is the backbone fabric A backbone fabric consists of at least one FC Router and possibly a number of Fabric OS based Fibre Channel switches Initiators and targets in the edge fabric can communicate with devices in the backbone fabric through the FC Router edge fabric A standard Fibre Channel fabric with targets and initiators connected through an FC Router to another Fibre Channel fabric EX Port Atype of port that functions somewhat like an E Port but does not propagate fabric services or routing topology information from one fabric to another FC Router A switch running FC FC Routing Service interfabric link IFL The link between an E Port and an EX Port or a VE Port and a VEX Port metaSAN The collection of all SANs interconnected with FC Routers Web Tools Adminstrator s Guide 145 53 1002152 01 11 Supported switches for Fibre Channel Routing VEX Port A virtual port that enables routing functionality through an FCIP tunnel A VEX Port is similar to an EX Port A device is shared between e The backbone fabric and edge fabric 1 e Edge fabric 1 and edge fabric 2 e Edge fabric 2 and edge fabric 3 Supported switches for Fibre Channel Routing
330. sses The Priority Group Map displays the Layer 2 Cos values mapped to Priority Group ID PGID PGID values are in the form lt policy gt lt priority gt A policy value of 15 indicates Priority values run from O highest priority to 7 lowest priority Note that this is contrary to the CoS values which run from 7 highest priority to O lowest priority Create a new priority group by clicking Add next to the Priority Group table Web Tools Adminstrator s Guide 53 1002152 01 LLDP DCBX configuration 18 An entry is added to the Priority Group table NOTE When you add an entry a PGID is automatically assigned The PGID is an integer from O to 7 The first added entry is given a PGID of O and the PGID increments by one for each additional added entry until a PGID of 7 is reached Edit the Bandwidth entry to indicate the desired percentage of total bandwidth Change the Priority Flow Control Status to Enabled to enable PFC for the entry Click OK The new priority group displays in the Priority Group Map Adding a traffic class map CoS priorities can be mapped to traffic classes using a traffic class map 1 Select the DCB tab on the Switch Administration panel 2 Select the QoS tab 3 Select the Traffic Class Map tab 4 Select Add The Traffic Class Map Configuration dialog box displays NOTE This dialog box has the same structure as the Priority Group Map in the DCB Configuration dialog box The default CoS to traffic cl
331. ssignment is enabled you must manually enter the WWN based PID assignments through the CLI for any existing devices Any new devices logging in are automatically entered in the WWN based PID database Current WWN based PID bindings are cleared when you change to a different addressing mode PID assignments are supported for a maximum of 4096 devices this includes both point to point and NPIV devices The number of point to point devices supported depends directly on the areas available For example 448 are available on an enterprise class platform and 256 are available on switches When the number of entries in the WWN based PID database reaches the number 4096 or areas are used up the oldest unused entry is purged from the database to free up the reserved area for the new FLOGI Refer to Table 7 for complete information TABLE 7 Switches that support WWN based Persistent PID on Web Tools Platform VF Default switch Logical switch Area mode FICON mode Yes if dynamic 0 If 8 bit dynamic DCX DCX 4S area addressing mode is DCX 8510 4 Enabled is enabled inthe yes enabled FMS is DCX 8510 8 default switch not supported 1 Can be set 2 Not supported Brocade 5100 Enabled Yes Yes Default 8 bit Configurable Brocade 5300 dynamic Brocade VA 40FC Brocade 6510 Brocade 300 Disabled N A N A Default 8bit Configurable Brocade 5100 dynamic Brocade 5300 Brocade VA 40FC Brocade 6510 Brocade 7800 Web Tools Adminstrator s Guide 53 1002152 01
332. stom Display from the top level in the main frame provides the device tree and topology view for all the zoned devices if all zones are selected in the active zone configuration Define Device Zone Admin Configure Zoning Alias Web Tools Adminstrator s Guide 53 1002152 01 System requirements TABLE 2 Web Tools functionality moved to Brocade Network Advisor Continued Function Web Tools 6 1 0 Brocade Network Advisor Comments Device Zone Admin Configure gt Zoning Accessibility the Compare dialog box provides the Matrix Storage Host and Host Storage view in a tree representation that is comparable to the Device Accessibility Matrix when all devices are selected Fabric Events Monitor gt Fabric Events Monitor gt Logs gt Events Fabric Reports gt Fabric Monitor gt Reports gt Fabric Summary Report Summary Summary FCIP Tunnel Port Admin Module gt GigE Configure gt FCIP Tunnel Viewing FCIP Configuration tab tunnels is still supported in Web Tools 6 1 1 but New Edit Config and delete are only available in Brocade Network Advisor GigE Ports Port Admin Module gt GigE Configure gt FCIP Tunnel Interface tab GigE Ports Port Admin Module gt GigE Configure gt FCIP Tunnel Route tab Non local Zone Admin Configure gt Zoning In Web Tools switch ports Admin Domain non local switch display in Switch Admin gt DCC port id WWN can zoning tree policies be added using Performance Monitoring text
333. stomizable graphs 1 Create or access the graph you want to customize Refer to Creating basic performance monitor graphs on page 109 for instructions on creating a graph 2 For Brocade 8510 8 Brocade 8510 4 and Brocade DCX and DCX 4S enterprise class platforms display the detailed port throughput utilization rates for each port in a slot by clicking the arrows next to a slot The port information for that slot displays in the graph NOTE For the Brocade 300 5100 5300 6510 VA 40FC 7800 Extension 8000 and the Encryption Switch proceed to step 3 3 To display detailed port throughput utilization rates for particular ports only right click anywhere in the graph and click Select Ports The setup dialog box displays as shown in Figure 22 Web Tools Adminstrator s Guide 109 53 1002152 01 8 Customizing basic monitoring graphs The title of the dialog box varies depending on the type of graph you are customizing but the layout of the dialog box is the same Figure 22 displays an example of the setup dialog box for the Edit Switch Throughput Utilization graph Nd sw0 Performance Monitoring File Performance Graphs Window Switch Throughput Utilization Ref rate 30 Secs 1 1K 2G 0 0 4G 0 0 46 0 0 4G 0 0 4G 0 0 4G 1 1K 1G 4372 26 Edit Switch Throughput Utilization pee Port Selection List nl o Domain 2 sw0 Port indexs 0 0046 Port index 1 0 0 4G Port test indexs 2 00 46 Port3 index 3 P
334. stration window on page 33 2 Select the AAA Service tab To enable Active Directory service select Active Directory from the Primary AAA Service menu 4 Select None Switch Database when Active Directory authentication failed or Switch Database when Active Directory timeout from the Secondary AAA Service menu NOTE To disable Active Directory service select Switch Database from the Primary AAA Service drop down menu and select None from the Secondary AAA Service drop down menu 5 Click Apply Modifying Active Directory service To change the parameters of a Active Directory service that is already configured perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the AAA Service tab Select a server from the ADLDAP Configuration list 4 Click Modify The RADIUS ADLDAP Configuration dialog box displays Enter new values for the port timeout and domain Click OK to return to the AAA Service tab Click Apply Web Tools Adminstrator s Guide 199 53 1002152 01 16 IPsec concepts Removing Active Directory service To remove a RADIUS server perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the AAA Service tab Select a server from the ADLDAP Configuration list 4 Click Remove NOTE The server is not deleted until yo
335. switch 13 Activate the policy in order to implement it Refer to Activating all SCC DCC or FCS policies on page 188 for instructions Editing an SCC DCC or FCS policy To edit an SCC DCC or FCS policy perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Make sure the Show Advanced Mode option is selected Web Tools Adminstrator s Guide 187 53 1002152 01 16 Access control list policy configuration Select the Security Policies tab Select a policy by clicking on the appropriate tab Click Edit o This launches the ACL Policy Configuration wizard 6 Select the policy type you want to edit T Click Next and click Modify 8 Select a switch or highlight multiple switches to add to the policy by clicking Add or Add All 9 Select a switch or highlight multiple switches to remove a policy by clicking Remove 10 Click Next and click Finish to confirm the changes to the switch Deleting all SCC DCC or FCS policies You cannot delete the FCS policy from non primary or non FCS switches The Delete All button is enabled only when there is at least one policy activated To delete all SCC DCC or FCS policies perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Security Policies tab 3 Click Delete All A warning mess
336. t E User Name Description Status Enabled Disabled New Password Confirm Password Logical Fabric Logical Fabric ID User Role 1 No Access s 2 No Access v 3 No Access v 4 No Access ww 5 No Access v 6 No Access v 7 No Access a Home Logical Fabric Id 128 aii Chassis Access Role No Access Enabled Disabled Confirm Password Admin Domain amp Select Admin Domain vi ADO Physical Fabric FIGURE36 Add User Account dialog box AD 178 Web Tools Adminstrator s Guide 53 1002152 01 User defined accounts 16 4 Enterthe user name The user name must begin with an alphabetic character The name can be up to 40 characters long It is case sensitive and can contain alphabetic and numeric characters the dot and the underscore It must be different from all other account names on the logical switch 5 Select a role from the drop down menu For VF enabled switches the selection is done per logical fabric ID Refer to Role Based Access Control on page 13 for information about these roles 6 Optional Enter a description of the account Click Enabled or Disabled to enable or disable the account 8 Enter the password for the account The password is not displayed when you enter it on the command line Passwords can be from 8 through
337. t Disable Web Tools Adminstrator s Guide 95 53 1002152 01 6 Inband Management Inband Management 96 Inband Management is designed to allow the management of the switch through GigE ports This allows a management station located on the WAN side of the FCIP platform to communicate with the control processor for management tasks such as launching Web Tools SNMP polling SNMP traps trouble shooting and configuration To provide this communication new interfaces have been added to the control processor that have an external IP address allowing IP connectivity through the port processor to the control processor The Inband Management interface is protocol independent so any traffic destined for these Inband Management interfaces is passed through the distribution point to the control processor It is then handled on the control processor according to the rules set forth for the normal management interface and following any security rules that may be in place on the control processor To provide redundancy there is one inband management interface per GigE port This allows the management station on the WAN side of the network to have multiple addresses with which to reach that switch and allow redundancy in the event one of the GigE ports becomes unreachable for any reason Communication is handled through external addresses that are configured independently for each Inband Management interface The Inband Management interfaces sh
338. t GbE ports Refer to Viewing EX Ports on page 148 for information on how to view and configure EX Ports The Port Administration window is refreshed automatically every sixty seconds and is refreshed immediately when you make any port changes through Web Tools To manage ports you must be logged in with the role of switchadmin admin basicswitchadmin operator or fabric admin If you are logged in with a user securityadmin or zoneadmin role you can only view the port information For information about creating unique user account roles refer to User defined accounts on page 175 Opening the Port Administration window To open the Port Administration window click Port Admin in the Switch View window The window displays in Basic Mode Refer to Switch View on page 23 for information about accessible ports The Port Administration window displays information about the ports on the switch Click Show Advanced Mode in the upper right corner of the window to see more port management options Web Tools Adminstrator s Guide 75 53 1002152 01 76 6 Port management overview NOTE You can drag the column divider to resize a column or drag columns to re arrange them in a custom order You can also right click a column heading to resize one or all columns or sort the information in ascending or descending order Admin Domain considerations In fabrics with user defined Admin Domains the Port Administration window is filtered
339. t Mozilla family and click OK 4 Click OK to apply your settings and close the Java Control Panel Value line licenses If you open Web Tools on a switch with a limited license and if the fabric exceeds the switch limit indicated in the license then Web Tools displays a warning message Web Tools allows a 30 day grace period during which you can still monitor the switch while continuing to display warning messages periodically These messages warn you that your fabric size exceeds the supported switch configuration limit and tells you how long you have before Web Tools is disabled After the 30 day grace period you are no longer able to open Web Tools from the switch with the limited switch license Web Tools is part of the Fabric OS of a switch When you open Web Tools on a switch you can manage other switches in the fabric that have lower or higher firmware versions It is important to note that when accessing these switches you are opening the remote switch s version of Web Tools and the functionality available for those switches might vary Web Tools Adminstrator s Guide 53 1002152 01 1 Opening Web Tools Opening Web Tools You can open Web Tools on any workstation with a compatible Web browser installed For a list of Web browsers compatible with Fabric OS v7 0 0 refer to Table 3 Web Tools supports both HTTP and HTTPS protocol To open Web Tools perform the following steps 1 Open the Web browser and enter the I
340. t a specific LSAN fabric click a fabric name in the table and then click View Details in the task bar You can also click the fabric name in the tree on the left side of the window When there is more than one router present in the backbone fabric with different backbone Fabric IDs the routers with the conflicting IDs are shown in a separate table on the LSAN Fabric tab To manage an LSAN fabric select the fabric to manage and click Manage LSAN Fabric in the task bar A browser window is launched with the following URL http ip address of Isan fabric switch For Brocade switches this launches Web Tools For non Brocade fabrics this launches the Element Manager for that switch Viewing EX Ports 148 The EX Ports tab displays all of the EX Ports on the switch including configuration and status information The ports are sorted by slot number and then by row number within each slot IP address information is displayed in IPv4 and IPv6 formats NOTE To disable FC Routing you must disable all Ex Vex ports You cannot enable these ports until FC Routing is enabled For more detailed information about a specific port click a port name in the table and then click View Details in the task bar You can also click the port name in the tree on the left side of the window From the EX Ports tab you can perform the following port management tasks by selecting a port in the table and then clicking a task in the task bar e Configure E
341. t groups 0 0 ce ee 158 Defining custom primary F N port mapping 159 Defining custom static F N port mapping 159 Defining custom WWN N port mappings 159 Access Gateway policy modification 2 000 eee 160 Path Failover and Failback policies lusus 160 Modifying Path Failover and Failback policies 160 Enabling the Automatic Port Configuration policy 161 Access Gateway limitations on the Brocade 8000 162 Chapter 13 Administering Fabric Watch In this chapter scies eme xe ek ba m 163 Fabric Watch overview 02 0c 163 Chapter 14 Administering Extended Fabrics In this chapter vues exten alee ele RR xs 165 Extended link buffer allocation overview lllllses 165 Configuring a port for long distance 0000 eee ee 167 Chapter 15 Routing Traffic Inthis chapter zie eere mea E ona Rome kc RH 169 Xii Web Tools Adminstrator s Guide 53 1002152 01 Routing overview lille nnne 169 Viewing fabric shortest path first routing lesus 170 Configuring dynamic load sharing 02 cece eee eee 170 Lossless dynamic load sharing 0000 eee eae 171 Specifying frame order delivery 0 0c eee eee eee 172 Configuring the link cost fora port 2 e eee eee eee 172 Chapter 16 Configuring Standard Security Features li Chis Cha pte hives sete tpe eid nA can dere ete
342. t is scrollable If you do not see your user name scroll down using the scroll bar or by clicking the Access Host heading Web Tools Adminstrator s Guide 195 53 1002152 01 16 RADIUS management 4 Select a permission for the host from the Access Control List menu Options are Read Only and Read Write 5 Click Apply RADIUS management 196 Fabric OS supports RADIUS authentication authorization and accounting service AAA When configured for RADIUS the switch becomes a Network Access Server NAS that acts as a RADIUS client In this configuration authentication records are stored in the RADIUS host server database Login and logout account name assigned role and time accounting records are also stored on the RADIUS server You should set up RADIUS through a secure connection such as SSH The following are the three choices in the drop down menu when RADIUS is selected as the primary service e Switch Database when RADIUS Authentication Fails When selected the switch user login database is checked whenever RADIUS authentication fails e Switch Database When RADIUS Times Out Switch user login database is checked only if the physical connection to the RADIUS server fails e None Switch user login database is never checked Only a RADIUS server can be used for authentication If the switch database is selected as primary there is no secondary option The RADIUS server cannot be configured as a backup for the switch
343. t supported if the F Port is not QoS enabled but it connects to a QoS enabled AG switch port Web Tools Adminstrator s Guide 81 53 1002152 01 6 Assigning a name to a port Ingress rate limiting is applicable only to F Ports and FL Ports and is available only on the following platforms e Brocade DCX Brocade DCX 4S e Brocade DCX 8510 Brocade Encryption Switch e Brocade 300 e Brocade 5100 e Brocade 5300 Brocade 5410 Brocade 5424 e Brocade 5450 Brocade 5460 e Brocade 5470 Brocade 5480 e Brocade 6510 Brocade 7800 e Brocade VA AOFC Brocade 8000 To configure the ingress rate limit feature perform the following steps 1 Select Port Admin gt Advance Mode 2 Select a port or multiple ports to configure 3 Select the QoS Enable option This enables the QoS on selected ports The selected port QoS status will be displayed in port table 4 Click the Edit Configuration button The Edit Configuration dialog displays This dialog sets the QoS Ingress Rate Limit on selected ports 5 Configure the port using the pre defined Ingress Rate Limits NOTE You can set the Ingress Rate Limit even if QoS is disabled It does not take effect until QoS is enabled Assigning a name to a port Port names are optional You can assign a name to an FC or FCIP port to make port grouping easier You can also rename FC and FCIP ports to new names You cannot rename GbE ports The Port Name column in the Por
344. t to view the fabric resource and click OK Creating and populating zone aliases An alias is a logical group of port index numbers and WWNSs Specifying groups of ports or devices as an alias makes zone configuration easier by enabling you to configure zones using an alias rather than inputting a long string of individual members You can specify members of an alias using the following methods e identifying members by switch domain and port index number pair for example 2 20 e identifying members by device node and device port WWNs For more information on enabling the configuration refer to Enabling zone configurations on page 131 To create a zone alias perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select a format to display zoning members in the Member Selection List as described in Selecting a zoning view on page 123 3 Select the Alias tab and click New Alias The Create New Alias dialog box displays 4 Inthe Create New Alias dialog box enter a name for the new alias and click OK The new alias displays in the Name list 5 Expand the Member Selection List to view the nested elements Web Tools Adminstrator s Guide 123 53 1002152 01 9 124 Zoning management The choices available in the Member Selection List depend on the selection in the View menu 6 Click elements in the Member Selection List that you want to include in the al
345. tch report includes the following information Alist of switches in the fabric e Switch configuration parameters Alist of ISLs and ports e Name Server information Zoning information e SFP serial ID information Web Tools Adminstrator s Guide 53 1002152 01 Switch restart 3 To view or print a report perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the Switch tab Click View Report 4 Inthe new window that displays the report view or print the report using your browser Switch restart When you restart the switch the restart takes effect immediately Ensure that there is no traffic or other management on the switch because traffic is interrupted during the restart however frames are not dropped Be sure to save your changes before the restart because any changes not saved are lost Performing a fast boot A fast boot reduces boot time significantly by bypassing the power on self test POST To perform a fast boot perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Click Fastboot On the Fastboot Confirmation window click Yes to continue 4 Click Apply Performing a reboot To reboot the CP and execute the normal power on booting sequence perform the following steps 1 Open the Switch Administration wi
346. ter a security parameter index number in the SPI Hexadecimal field The SPI must be manually applied when manually adding an SA 4 Enterthe IP address of the endpoint that sends the SA in the Source IP Address field 5 Enter the IP address of the endpoint that receives the SA in the Peer IP Address field 6 Select the protocol used to carry the transmission using the Protocol Name selector T Select the Traffic Flow Direction in or out IPsec policies are unidirectional and must be applied separately to inbound and outbound flows Forthe flow from peer to source select in Forthe flow from source to peer select out 8 Select the IPsec Mode The choices are Transport or Tunnel Refer to Transport mode and tunnel mode on page 201 if you are unfamiliar with Transport and Tunnel modes Web Tools Adminstrator s Guide 211 53 1002152 01 16 IPsec over management ports 212 10 11 12 13 14 15 16 Select the IPsec Protocol The choices are ah for authentication header and esp for encapsulated security protocol Select the IPsec Protection Type option Select the Authentication Algorithm option Enter or copy a generated encryption key in the Encryption Key field Select the Encryption Algorithm Enter or copy a generated authentication key in the Authentication Key field Optional Enter a local and peer tunnel IP address Click OK Editing an IKE or IPsec policy An existing IKE or IPsec policy can
347. ter pe EIER Ee abs SCR es 243 General Web Tools limitations 0 0c cece 243 Index Web Tools Adminstrator s Guide 53 1002152 01 Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Web Tools Adminstrator s Guide 53 1002152 01 Configuring Internet Explorer ss 0 0 0 c eee eee 6 Default Java for browsers option 000 cee eee 9 Web Tools Interface i meh ree Eae k d a a an thee CADO eects Seach 10 Virtual Fabric login option llle BI 12 Switch Explorer uu e d eae ut pcnc o RERO KURIER Uo Regen A M CR cet 19 USB port storage management lssseesesseleeee eee 24 Right click menu for ports from Switch Explorer leslsssss 27 Switch Administration window Switch tab 0000 eee eee eee 32 Blade tab ser me Rex ie Ra EAE dae a A eee Se one Ape 36 High Availability window CP tab 2 0 0 0 c eee eee 4T Information dialog DOX i sees rhe hyemem anh hxc ck Roc ER RR 57 Fabric ID Selectoruss sv ate octal ux REG UE ERE Med RC RES baba ae 58 Port swapped label 20 0 ee eer rh rre heres 90 Port swapping Index wae s
348. tered valid credentials but specified an invalid Admin Domain a dialog box displays from which you can select a valid Admin Domain or click Cancel to log in to your home domain Logging out You can end a Web Tools session either by selecting Manage gt Log Out or by closing the Switch Explorer window You might be logged out of a session involuntarily without explicitly selecting the Manage gt Log Out under the following conditions A physical fabric administrator changes the contents of your currently selected Admin Domain Web Tools Adminstrator s Guide 53 1002152 01 Role Based Access Control 1 e Your currently selected Admin Domain is removed or invalidated e Your currently selected Admin Domain is removed from your Admin Domain list e You initiate a firmware download from Web Tool s Switch Administration window In this case you are logged out a few minutes later when the switch restarts Your session times out Role Based Access Control Role Based Access Control RBAC defines the capabilities that a user account has based on the assigned role For each role there is a set of predefined permissions on the jobs and tasks that can be performed on a fabric and its associated fabric elements When you log in to a switch your user account is associated with a predefined role The role determines the level of access you have on that switch and in the fabric Table 5 describes these roles For information about c
349. th no Admin Domain specified the user has access to AD O through 255 physical fabricadmin if their current role is Admin Otherwise the user has access to ADO only If some Admin Domains were defined for the user and all of them are inactive the user is not allowed to log in to any switch in the fabric If no Home Domain is specified for a user the system provides a default home domain The default home domain for predefined account is ADO User defined accounts the default home domain is the Admin Domain in the user s Admin Domain list with the lowest ID 176 Web Tools Adminstrator s Guide 53 1002152 01 User defined accounts 16 NOTE The User tab displays and changes information in the switch database If you have RADIUS configured note that this tab displays the logged in RADIUS account information but does not allow the user to modify the RADIUS host server database Show Advanced Mode SwitchName wt 5100 46 WWN 10 00 00 05 1e 41 5e 41 Mon Jan 31 2011 16 34 27 GMT 00 00 Switch Network Firmware Download License User Trunking Switch User Account Add Modify Remove Change Password Expire Password Set Password Rule User Name Role Description Status Expiration Date Expiration Status Lockout root root root Enabled No No factory factory Diagnostics Enabled No No admin admin Administrator Enabled No No juser user User Enabled No No jqwewq user weqwe Enabled No No fabric zoneadmin Disa
350. that are grouped together based on the type of members in the domain For example you can create Admin Domains based on the type of switches in your fabric using the WWN not to be confused with the Admin Domain number or put all the devices in a particular department in the same Admin Domain for ease of administering those devices You can have up to 256 Admin Domains in a fabric 254 user defined and 2 system defined numbered from O through 255 Admin Domains are designated by a name and a number This document refers to specific Admin Domains using the format ADn where n is a number between O and 255 NOTE ADs and Virtual Fabrics are mutually exclusive Virtual Fabrics must be disabled if you want to use the AD feature Requirements for Admin Domains The following are the requirements for using administrative domains e Admin Domains are supported on fabrics with switches running Fabric OS v5 2 0 or later e To manage Admin Domains you must be a physical fabric administrator A physical fabric administrator is a user with the Admin role and access to all Admin Domains ADO through AD255 e The default zone mode setting must be set to No Access refer to Enabling Admin Domains on page 65 Web Tools Adminstrator s Guide 63 53 1002152 01 64 5 Administrative Domain overview User defined Admin Domains AD1 through AD254 are user defined Admin Domains These user defined Admin Domains can be created only by a phys
351. the Admin Domain configuration perform the following steps 1 Open the Admin Domain window 2 Select Actions gt Clear AD Configuration 3 Inthe confirmation dialog box click Yes to clear the Admin Domain configuration Web Tools Adminstrator s Guide 73 58 1002152 01 74 5 Modifying Admin Domain members Web Tools Adminstrator s Guide 53 1002152 01 Chapter Managing Ports 6 In this chapter Port managemorit DVBFVIDW oracle aa xem Baan a rua ERR Rape RR RUE Rn 3 v Comiguring FO POS aad A HCEERUSAOER SHEER RR SEA Cas eae CUERO 79 ASSINE d Name iubeo essem cR RUM S E ER UT ER UAE RE A exe 82 OPES ON RTT TIT LITT UM 83 Enabling and disabling PO sso se ks priere nEs E NEEE ERR ERES 84 Persistent enabling and disabling ports 0 00 e eee eee eee 85 OC earn NPIV POS caes odes i aera d RT Eden pasce auae ead 85 Port SC Vatio serer ve eee eRe Ee OER RR RAE RO ERO ORC E RUE RC 86 e Port swapping Index ritr rotii renner Ena E RR ER UG E E uxore ebE SS 90 Configuring BB Credits on an F Port iic secus e eR RE Rt nm ems 92 COMBUNNE ALPA as ssa ka qx ER RA CEGR ROCA LIAC AC Oa ee aE Hae RC 92 e Configuring Port Octet Speed Combination 00 0 e eee eee 93 TOBIISUEDg DOCE sus damn ated Were E GR Ra UEM EE RERBA RE Ep 95 Inband NManagembBhlt iasssead x ERRXAXGARRAE RAO ROGRGOCESGORAU E RARO Re 96 Port management overview This chapter describes how to manage FC and gigabit Etherne
352. the User tab Select the account 4 Click Expire Password If the button is unavailable the password is already expired 5 Click Apply to save your changes Unlocking a password To unlock a password perform the following steps 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 Select the User tab Select the account Click Unlock Password If the button is unavailable the password is already unlocked or was not locked out 5 Click Apply to save your changes Displaying roles and assigned logical fabrics You can display user role assignments for logical fabrics 1 Open the Switch Administration window as described in Opening the Switch Administration window on page 33 2 Select the User tab Select an account Select Show Role and VF The role mapping for that user displays User defined roles User defined role provides the ability to create roles dynamically on the switch The default roles like Root Factory Admin User SwitchAdmin ZoneAdmin FabricAdmin BasicSwitchAdmin SecurityAdmin and Operator are defined by giving different permissions for different features or by restricting access to various features The default roles cannot be edited for assigning different privileges However user defined roles provide the ability to create new roles and define permissions for the RBAC classes Web Tools Adminstrator s Guide 183 53 1002152 01 16
353. the Window menu lists all open graphs You can click Window and then select a graph name to view that graph The Tunnel and TCP Graph option in the Performance Graphs window displays real time performance monitoring charts for Brocade 7800 Extension Switch and FX8 24 DCX Extension Blade This option is not available on other platforms Admin Domain considerations You must consider the following when configuring Admin Domain e If you are not the switch owner only directly and indirectly owned E Ports including EX Ports are available e You can use the Advanced Performance Monitoring feature only in AD255 if there are user defined Admin domains or in ADO if there are no other user defined Admin Domains Otherwise access to Advanced Monitoring features in the Performance Graphs menu are unavailable e It is recommended that you define a user with a switchadmin role and give that user access to AD255 for the purpose of data collecting using the Advanced Performance Monitor Web Tools Adminstrator s Guide 53 1002152 01 Performance Monitor overview 8 Predefined performance graphs Web Tools predefines basic graph types to simplify performance monitoring A wide range of end to end fabric LUN device and port metrics graphs are included Table 11 lists the basic monitoring graphs available Table 12 lists the advanced monitoring graphs The advanced monitoring graphs give more detailed performance information to help you manage
354. ton ATTENTION Most changes you make in the Switch Administration window are buffered and are not applied to the switch until you save the changes If you close the Switch Administration window without saving your changes your changes are lost To save the buffered changes you make in the Switch Administration window to the switch click Apply before closing the module or before switching to another tab The License tab Firmware Download tab and the Security Policies tab are exceptions The changes you make on these tabs take effect immediately and there is no Apply button There is an Apply button in all the subtabs of security policies except ACL You can also use Telnet commands to perform management tasks Refer to Opening a Telnet or SSH client window on page 29 for information on how to launch a Telnet window using Web Tools Web Tools Adminstrator s Guide 53 1002152 01 Configuring IP and subnet mask information 3 Opening the Switch Administration window Most of the management procedures in this chapter are performed from the Switch Administration window To open the Switch Administration window perform the following steps 1 Select Tasks gt Manage gt Switch Admin The Switch Administration dialog box displays in basic mode as shown in Figure 8 on page 32 The basic mode displays the basic tabs and options 2 Click Show Advanced Mode to see all the available tabs and options Configuring IP and subnet m
355. ts The Controllable attribute is Yes for ports that are directly owned by the current Admin Domain and for all ports on switches that are owned by the current Admin Domain if your role gives you Modify permission for ports If a port is controllable all configuration functionality is enabled Ports on a non owned switch that are not E Ports and are neither direct nor indirect members of the current Admin Domain are inaccessible and are not displayed in the Port Administration window Configuring FC ports With the FC Port Configuration wizard you can configure allowed port types port speed and long distance mode for physical ports You must use Web Tools with the EGM license enabled on the switch to configure long distance otherwise access to this feature is denied and an error message displays The EGM license is required only for 8 Gbps platforms such as the following e Brocade Encryption Switch e Brocade 300 5300 and 5100 switches e Brocade VA 40FC e Brocade 8000 Web Tools Adminstrator s Guide 79 53 1002152 01 80 6 Configuring FC ports e Brocade 7800 For non 8 Gbps platforms all functionality is available without EGM license The following procedure describes how to open the FC Port Configuration wizard The wizard is self explanatory so the explicit steps are not documented here 1 Click a port in the Switch View to open the Port Administration window 2 Select the Auto Refresh check box to automatica
356. ts The WWN is added to the Zone Admin buffer and can be used as a member Removing a WWN from multiple aliases and zones Use this procedure if you want to remove a WWN from all or most zoning entities 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select Edit gt Delete WWN The Delete WWN dialog box displays 3 Entera WWN value in the WWN field and click OK The Delete WWN dialog box displays all the zoning elements that include the WWN 4 Click items in the list to select or unselect and click Delete to delete the WWN from all the selected zoning elements The WWN is deleted from the selected items in the Zone Admin buffer Replacing a WWN in multiple aliases and zones This procedure enables you to replace a WWN throughout the Zone Admin buffer This is helpful when exchanging devices in your fabric and helps you to maintain your current configuration To replace a WWN in multiple aliases and zones perform the following steps 1 Launch the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select Edit gt Replace WWN The Replace WWN dialog box displays Enter the WWN to be replaced in the Replace field 4 Enterthe new WWN in the By field and click OK The Replace WWN dialog box displays It lists all the zoning elements that include the WWN 5 Click an item in the list to select or unselect and click Replace to replace the WWN in all the s
357. ts Access rights for any user session are determined by the user s role based access rights Refer to Chapter 1 Introducing Web Tools for additional information about Role Based Access Control RBAC The User tab of the Switch Administration window Figure 34 on page 177 displays account information You can create and manage accounts depending on your role The roles and permissions are listed in Table 16 TABLE 16 User role and permissions Role Permissions admin Create and manage all predefined and user defined accounts operator Change your own password and cannot create modify or view predefined or user defined accounts securityadmin Create and manage all security roles Switchadmin Change your own password and cannot create modify or view predefined or user defined accounts zoneadmin Change your own password and cannot create modify or view predefined or user defined accounts fabricadmin Change your own password and cannot create modify or view predefined or user defined accounts basicswitchadmin Change your own password and cannot create modify or view predefined or user defined accounts user Change your own password and cannot create modify or view predefined or user defined accounts Virtual Fabrics considerations If no home logical fabric ID is specified for a user the system provides a default home ID The default home ID is 128 Admin Domain considerations For legacy users wi
358. ts tab displays the default port name 82 Web Tools Adminstrator s Guide 53 1002152 01 Port beaconing 6 Port names can be from 1 through 128 alphanumeric characters unless FICON Management Server FMS mode is enabled If FMS mode is enabled port names should be limited from 1 through 24 alphanumeric characters The comma semicolon and at symbol 8 are not allowed NOTE Although it is not required it is recommended that port names be unique To assign a name to a port perform the following steps 1 Click a port in the Switch View to open the Port Administration window 2 Select the FC Ports tab 3 Fromthe tree on the left select the switch or slot that contains the port you want to rename 4 From the table select the port you want to rename 5 Click Rename 6 Enter a name for the port and click Rename Port beaconing Individual FC ports can be set to beacon using the Port Admin dialog box Port beaconing status displays in the Port Beaconing column The Switch View reflects the port beaconing status by flashing the port amber and green for 2 5 seconds each in an alternating pattern To configure beaconing for an FC port perform the following steps 1 Open the Port Admin window 2 Click Show Advanced Mode if the Port Admin window is in Basic Mode 3 Select the switch in the FC Ports Explorer list 4 Select a port from the list in the main window The Port Beacon Enable or Port Beacon Disable b
359. u apply the changes from the AAA Services tab 5b Click Apply in the AAA Services tab A confirmation dialog box displays warning you that you are about to remove the selected server 6 Click Yes in the confirmation dialog box IPsec concepts 200 Internet Security Protocol IPsec is a set of open standards that provide cryptographic security services for IP networks Several protocols are available for providing authentication and secure transmission of data From Web Tools you can establish IPsec policies for FCIP implementations on 7800 extension switches with the upgrade license the 7500 extension switches and FR4 18i blades and you can establish IPsec policies for IP interfaces that provide management access to switches and control processors There are several protocols and algorithms that can be applied Choosing the protocols and algorithms you want to use may be a matter of adapting to an implementation that is already in place in your LAN or you may need to do a significant amount of research and planning The supported protocols and algorithms are defined and described in the RFCs listed in Table 17 TABLE 17 Relevant RFCs RFC number Title RFC4301 Security Architecture for the Internet Protocol RFC 4302 IP Authentication Header RFC 4303 IP Encapsulating Security Payload RFC 4304 Extended Sequence Number ESN Addendum to IPsec Domain of Interpretation DOI for Internet Security Association and Key Manag
360. umn identifies the port license status e If the port has a license allocated the License field contains the value Yes e If the port does not have a license allocated and there are no free licenses that can be allocated the License field contains the value No e If the port does not have a license allocated and there are licenses that can be allocated to the port the License field contains the value Possible You can reserve or release a license on any port with a a license allocated You must be logged in as Admin to reserve and release licenses To reserve a license click Reserve License in the Port Administration window To release a license click Release License in the Port Administration window NOTE You must disable the port or switch before reserving or releasing a license Web Tools Adminstrator s Guide 89 53 1002152 01 Port swapping index Port swapping index 90 If a port malfunctions or if you want to connect to different devices without having to rewire your infrastructure you can move traffic from one port to another swap ports without changing the I O Configuration Data Set IOCDS on the mainframe computer P sue is not applicable to GE or ICL ports because there are no areas assigned to these ports The following restrictions apply to all ports Ports can be swapped only once e Aswapped port can only be un swapped e Port binding is not supported on swapped ports Port swapping In the Port
361. uration database 5 Select Zoning Actions gt Save Config to save the configuration changes Enabling zone configurations Several zone configurations can reside on a switch at the same time and you can quickly alternate between them For example you might want to have one configuration enabled during the business hours and another enabled overnight However only one zone configuration can be enabled at a time When you enable a zone configuration from Web Tools the entire zoning database is automatically saved and then the selected zone configuration is enabled If the zoning database size exceeds the maximum allowed you cannot enable the zone configuration The zoning database summary displays the maximum zoning database size Web Tools Adminstrator s Guide 131 53 1002152 01 9 132 Zone configuration and zoning database management To enable the zone configuration perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select Zoning Actions gt Enable Config 3 On Enable Config select the configuration to be enabled from the menu 4 Click OK to save and enable the selected configuration Disabling zone configurations When you disable the active configuration the Advanced Zoning feature is disabled on the fabric and all devices within the fabric can communicate with all other devices This does not mean that the zoning database is deleted howev
362. us of high availability on the switch The colors and their meanings are e Green Healthy HA Status is HA enabled Heartbeat Up HA State synchronized e Yellow Disruptive mode HA Status is HA enabled Heartbeat Up HA State not in sync e Red HA is unavailable HA Status is Non Redundant Admin Domain considerations HA is possible if the switch is a member of the current Admin Domain If switch is not a member of current Admin Domain the Synchronize Services and Initiate Failover buttons are unavailable Launching the High Availability window To launch the High Availability window perform the following steps 1 Select a Brocade DCX DCX AS DCX 8510 4 or DCX 8510 8 platforms from the Fabric Tree The Switch View displays 2 Click the HA button in the Switch View The High Availability dialog box displays The High Availability window contains the following two tabs e The Service tab displays information about the switch When the hardware is configured as a dual switch the Service tab displays information about both switches 46 Web Tools Adminstrator s Guide 53 1002152 01 High Availability overview 3 e The CP tab displays information about slots For Brocade DCX 4S or DCX 8510 4 CP blades are placed in slot 4 and slot 5 For the Brocade DCX or DCX 8510 8 CP blades are placed in slot 6 and 7 BB swO High Availability Chassis wt qa S HA Status HA enabled Heartbeat Up HA State synchronized Service cr
363. ut of memory errors such as the following java lang OutOfMemoryError Java heap space To avoid this problem increase the default heap size in the Java Control Panel Refer to Java plug in configuration on page 8 for instructions If the Web browser crashes or the Performance Monitor license is lost while the Performance Monitoring window is running some of the Performance Monitor resources owned by Web Tools might not be cleaned up correctly Workaround You might need to use the CLI to manually delete these counters For example if you detect Web Tools owned resources using perfshoweemonitor but you have verified that no Web users are actually using them use the perfdeleemonitor or perfcleareemonitor command to free the resources Performance Monitor The Switch Throughput Utilization Switch Percent Utilization and Port Snapshot Error graphs displays the faulty powered off slot node in the Y Axis of the graph Workaround Launch any port selection dialog box and load the graphs accordingly Refresh option in browsers When a pop up window requesting a user response is pushed into the background and a refresh is requested a fatal Internet Explorer error might occur Workaround Restart the browser Refresh option in browsers Web Tools must be restarted when the Ethernet IP address is changed using the NetworkConfig View command Web Tools appears to hang if it is not restarted after this operation is executed Wor
364. uting policies are Port based routing Port based routing assigns a static route in which the path chosen for traffic never changes e Exchanged based routing Exchange based routing policy is the default Exchange based routing policy always employs dynamic path selection in which the software defines a path based on current traffic conditions Refer to the Fabric OS Administrator s Guide for more information To optimize port based routing the DLS can be enabled to balance the load across the available output ports within a domain Exchange based routing requires the use of DLS when this policy is in effect you cannot disable the DLS feature Web Tools Adminstrator s Guide 169 53 1002152 01 15 Viewing fabric shortest path first routing Use the Routing tab of the Switch Administration window to view and modify routing information Figure 33 on page 170 displays the Routing tab sw0 Switch Administration Show Basic Mode SwitchName sw0 DomainlD 2 0x2 WWAN 10 00 00 05 16 38 49 54 Fri Jun 19 2009 18 44 58 GMT 00 00 SNMP Configure Routing Extended Fabric AAA Service Trace FICONCUP Security Policies Switch f Network f Firmware Download f License User i Trunking Advanced Performance Tuning APT Policy Dynamic Load Sharing DLS In Order Delivery IOD Vi Exchange Based Routing Info on Port Based Routing Info Off On Off Routing Table Routing In Port Destination
365. utton becomes active PULS select all the ports on the switch but if you select a port that is not valid for beaconing the Port Beacon buttons are disabled There is an optional procedure for configuring a single FC port 1 Open the Port Admin dialog box 2 Click Show Advanced Mode if the Port Admin window is in Basic Mode 3 Select a port from the list in the main window The Port Beacon Enable or Port Beacon Disable button becomes active Web Tools Adminstrator s Guide 83 53 1002152 01 6 Enabling and disabling a port Enabling and disabling a port To enable or disable a port perform the following steps 1 2 3 Click a port in the Switch View to open the Port Administration window Select the FC Ports or GigE Ports tab From the tree on the left select the switch or slot that contains the port you want to enable or disable From the table select one or more ports NOTE Use Shift click and Ctrl click to select multiple ports You can select multiple ports from the table You cannot select multiple ports from the tree Click either the Enable or Disable button NOTE If the button is gray unavailable the port is already in the enabled or disabled state For example if the Enable button is unavailable the port is already enabled If you select multiple ports in both enabled and disabled states both buttons are active When you click either button the action is applied to all selected ports Optiona
366. ve Config to save your configuration changes Renaming zone aliases The new alias name cannot exceed 64 characters and can contain alphabetic numeric and underscore characters For more information on enabling the configuration refer to Enabling zone configurations on page 131 To change the name of a zone alias perform the following steps 1 Open the Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Alias tab and select the alias you want to rename from the Name list 3 Click Rename The Rename an Alias dialog box displays Web Tools Adminstrator s Guide 53 1002152 01 Zoning management 9 4 Enter a new alias name and click OK The alias is renamed in the Zone Admin buffer At this point you can either save your changes or save and enable your changes 5 Select Zoning Actions gt Save Config to save the configuration changes Deleting zone aliases You can remove a zone alias from the Zone Admin buffer When a zone alias is deleted it is no longer a member of the zones of which it was once a member NOTE If you delete the only member zone alias an error message is issued when you attempt to save the configuration To delete the zone aliases perform the following steps 1 Openthe Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select the Alias tab 3 Select the alias you want to delete from the Name list and click Delete The Co
367. ve downloaded the patch Install the patch and restart the system Installing the Java plug in on Windows To Install the Java plug in on Windows perform the following steps 1 Select Start Menu gt Settings gt Control Panel and select the Java Plug in Control Panel 2 Select the About tab 3 Determine whether the correct Java Plug in version is installed e fthe correct version is installed Web Tools is ready to use Web Tools Adminstrator s Guide 7 53 1002152 01 1 Java plug in configuration e If no Java Plugin is installed point the browser to a switch running Fabric OS 5 2 0 or later to install JRE 1 6 0 For Fabric OS 6 3 0 install JRE 1 6 0 update 13 Web Tools guides you through the steps to download the proper Java Plug in e If an outdated version is currently installed uninstall it restart your computer reopen the browser and enter the address of a switch running Fabric OS 5 2 0 or later to install JRE 1 6 0 For Fabric OS 6 3 0 install JRE 1 6 0 update 13 Web Tools guides you through the steps to download the proper Java Plug in Java plug in configuration If you are managing fabrics with more than 10 switches or 1000 ports or if you are using the iSCSI Gateway module extensively you should increase the default heap size to 256 MB to avoid out of memory errors If you are using a Mozilla family browser Firefox Netscape you should set the default browser in the Java control panel The following p
368. w Advanced Mode Select the Security Policies tab Under Security Policies select IPsec Policies The IPsec Policies window displays The default view shows the IKE tab Establishing an IKE policy for an FCIP tunnel To establish an IKE policy for an FCIP tunnel perform the following steps 1 From the IKE tab of the IPsec Policies screen select Create The Add Policy dialog box displays Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog box boxes Make sure the Policy Type is set to IKE Assign a policy number The Policy Number selector allows you to select a number between 1 and 32 Select the Encryption Algorithm used in this policy The choices are 3DES AES 128 and AES 256 Select an Authentication Algorithm for this policy The choices are SHA 1 MD5 and AES XCBC Turn Perfect Forward Secrecy on or off The default is On Perfect Forward Secrecy PFS provides additional security by means of a Diffie Hellman shared secret value With PFS if one key is compromised previous and subsequent keys are secure because they are not derived from previous keys Select a Diffie Hellman Group association The choices are 1 modp768 and 14 modp2048 Web Tools Adminstrator s Guide 53 1002152 01 8 9 IPsec over management ports 16 Set a Security Association Lifetime in seconds The Security Association Lifetime is a time value in seconds When this timer expires the security
369. with different characteristics over a common interface 230 The following two configuration options are available You can edit the DCB map The DCB map defines priority and priority group tables that support Enhanced Transmission Selection ETS ETS allows allocation of bandwidth to different traffic classes DCB maps also allow you to enable Priority Flow Control PFC You can create a traffic class map A traffic class map can be used to map a specific class of traffic to a specific Class of Service CoS Editing the DCB map The DCB map defines priority and priority group tables that support Enhanced Transmission Selection ETS ETS allows bandwidth to be allocated based on priority settings through an exchange of priority group tables To edit the DCB map perform the following steps 1 2 3 6 Select the DCB tab on the Switch Administration panel Select the QoS tab Select the DCB Map tab Select the default DCB map and click Edit The DCB Map Configuration dialog box displays Enter a precedence value in the Precedence field The value is specified as a number The allowable range is 1 to 100 The default is 1 The precedence value controls QoS scheduling policies The scheduler gives precedence to the highest precedence value When the DCB Map Configuration dialog box displays the default values shown in the Priority Group Map match the IEEE 802 1Q recommendation for systems supporting eight traffic cla
370. xxvii How this document is organized This document is organized to help you find the information that you want as quickly and easily as possible The document contains the following components e Chapter 1 Introducing Web Tools provides some basic information about the Web Tools interface including system requirements and installation instructions e Chapter 2 Using the Web Tools Interface describes the components of the Web Tools interface e Chapter 3 Managing Fabrics and Switches provides information on how to manage your fabric and switches using the Web Tools interface e Chapter 4 Maintaining Configurations and Firmware provides information about uploading and downloading configuration files and downloading firmware e Chapter 5 Managing Administrative Domains provides information on managing Admin Domains e Chapter 6 Managing Ports provides information about managing FC and GbE ports e Chapter 7 Enabling ISL Trunking provides information on managing the licensed ISL Trunking feature e Chapter 8 Monitoring Performance provides information on how to use the Brocade Advanced Performance Monitoring feature to monitor your fabric performance e Chapter 9 Administering Zoning provides information on how to use the Brocade Advanced Zoning feature to partition your storage area network SAN into logical groups of devices that can access each other Web Tools Adminstrator s Guide XXi 53 1002
371. y changes you made in the Zone Admin window select Print gt Print Effective Zone Configuration in the Zone Admin window NOTE If no zone is enabled a message displays indicating that there is no active zoning configuration on the switch Optional Click Print located in the Print Effective Zone Configuration dialog box to print the enabled zone configuration details NOTE You must use Brocade Network Advisor to print the zone database summary configurations display zone configuration summaries and create configuration analysis reports Adding a WWN to multiple aliases and zones This procedure enables you to configure a WWN as a member in a zone configuration prior to adding that device to the fabric Specifically it is useful if you want to add a WWN to all or most zoning entities The added WWN does not need to currently exist in the fabric To add a WWN perform the following steps 1 Openthe Zone Admin window as described in Opening the Zone Admin window on page 118 2 Select Edit Add WWN The Add WWN dialog box displays 3 Enter a WWN value in the WWN field and click OK Web Tools Adminstrator s Guide 133 53 1002152 01 9 Zone configuration and zoning database management The Add WWN dialog box displays all the zoning elements that include the new WWNS All of the elements are selected by default 4 Click items in the list to select or unselect and click Add to add the new WWN to all the selected zoning elemen
372. your switch that you must accept before logging in The security banner displays every time you access the switch When you are presented with the login screen you must provide a user name and a password Your home Admin Domain is automatically selected You can select to log in to an Admin Domain other than your home domain NOTE You must login before you can view Switch Explorer shown in Figure 3 on page 10 Use this procedure to log in to the Admin Domain 1 Click Run on the signed certificate applet A warning dialog box may display If you select the check box Always trust content from this publisher the warning dialog box is not displayed when you open Web Tools again 2 Click OK in the security banner window if one displays 3 Inthe login dialog box enter your user name and password If your current password has expired you must also provide a new password and confirm the new password Logging in to a Virtual Fabric If you are logging in to a platform that is capable of supporting Virtual Fabrics the login dialog box provides the option of logging in to a virtual fabric The following platforms support virtual fabrics e Brocade DCX and DCX 4S e Brocade VA 40FC Brocade 6510 e Brocade DCX 8510 8 and DCX 8510 4 e Brocade 5300 Brocade 5100 Web Tools Adminstrator s Guide 11 53 1002152 01 1 Opening Web Tools To log in to a Virtual Fabric perform the following steps 1 Select Options to display th
Download Pdf Manuals
Related Search