BCFP Nutshell 4Gbit VC Part2

8/14/2019 BCFP Nutshell 4Gbit VC Part2

1/41

2006 Brocade Communications Systems, Incorporated.

Revision CFP264 ILT 0606

Page -1

1

Brocade Education Services

Brocade

Product Training


BCFP in a Nutshell 4 Gbit/secVirtual Classroom Version

Part 2


2/41



Page -2

2 2006 Brocade Communications Systems, Incorporated.

Part 1:

1. Fibre Channel Concepts

2. Switch, Fabric OS and Licensed Features

3. SAN Hardware Components

4. Initial Configuration

Part 2:

5. Management Interfaces

6. Security and Access Control

7. Troubleshooting

8.Taking the Test

Topics

Todays Session


3/41



Page -3


5. Management Interfaces


4/41



Page -4


Adding an Initiator and Target Pair

Once an initiator and target have been added, connectivitybetween the two must be verified

If zoning is involved, the zoning configuration must bechecked using the cfgshow command

A way to test initiator-to-target communication is by usingthe fcping command

A device contacted by fcping could either ignore the ELSEcho request or issue an ELS ACCEPT

By default, fcping sends 5 ELS Echo requests to eachport


5/41



Page -5


fcping Command


6/41



Page -6


Web Tools Support

Fabric OS v5.1.0 Web Tools is supported only on the followingSilkWorm products:

200E 3250

3850

3900

4100

4900

7500

24000

48000


7/41


8/41



Page -8


Fabric Manager Toolbar


9/41



Page -9


Fabric Watch Information

Can be the same file for each switchOne Fabric Watch configuration per switch

SNMP trapEvent is logged to switch error logPort log lockRAPITrap

Email alert

Alarms

Triggered or continuousEvents

Default and customConfigurations

EnvironmentFabric

Performance MonitorPortE_PortF/FL_Port (Optical)AL_PA Performance MonitorEE Performance MonitorFilter Performance MonitorResourceSecuritySFP

Classes

DescriptionInformation


10/41



Page -10


Fabric Watch Commands

Configures Fabric Watch from the command linefwconfigure

Configures email address to receive notificationsfwmailcfgDisplays current alarm settingsfwalarmsfiltershow

0 = disable alarms, 1 = enable alarmsfwalarmsfilterset

DescriptionCommand


11/41



Page -11


Fabric Watch Events

Counter < (Upper boundary Buffer)Counter > (Lower boundary + Buffer)

In-between

Counter is different than precedingcounter

Changed

Counter < Lower boundaryBelow

Counter > Upper boundaryAbove

DefinitionEventType

Port 4 E_PortRx Perf.

(Kbytes/sec)

200K

160K

120K

80 K

40 K

A B C D E F G H

Above

Changed

150K

90 K

In-BetweenChanged

BelowChanged

Changed

Changed

Time Intervals


12/41


13/41



Page -13


Extended Edge PID Format

0x00 0x0f0x70 0x7f10

0x70 0x7f0x60 0x6f9

0x60 0x6f0x50 0x5f8

0x50 0x5f0x40 0x4f7

0x40 0x4f0x30 0x3f4

0x30 0x3f0x20 0x2f3

0x20 0x2f0x10 0x1f20x10 0x1f0x00 0x0f1

SilkWorm 24000 YY ValueExtended Edge PID

SilkWorm 24000 YY ValueCore PID

SilkWorm 24000Slot


14/41



Page -14


Maintenance Operation Impacts

Certain configuration parameters may be changed without disablingthe switch System Services such as rstatd, ruserd and telnetd

SNMP settings

Fabric Watch settings

Zoning

Firmware downloads will not disrupt the flow of data on Fabric OS v4.1and above

To avoid a disruptive firmware download to Directors, it is essentialthat these conditions are met:

HA is enabled

Heartbeat is up

CPs are in sync

Adding a new switch or Director to a fabric with a unique domain ID

will not cause a disruption New switches or Directors attempting to join a fabric with a duplicate

domain ID will cause a segmentation error


15/41


16/41



Page -16


Secure Sockets Layer (SSL)

SSL provides secure access to a switch through a GUIlike Web Tools

SSL uses PKI encryption

Depending upon the CA, certificates are based on IPaddress or a fully-qualified domain name

The CA certificate, installed only if you want the CA namedisplayed in the browser window

nameCA.crt

The root certificate, which may already be installed in the

browser. If not, it must be installednameRoot.crt

The switch certificatename.crt

DescriptionCertificateFile


17/41



Page -17


SNMP

Fabric OS v5.1.0 supports SNMPv1 and SNMPv3

The SNMP security level is set with the configurecommand

The SNMP agent and traps are configured with thesnmpconfigure command


18/41



Page -18


Web Tools

Web Tools may be disabled with the configure

command

Using the configure command, you may also enable theupfront login feature

Upfront login requires validation before the GUI will belaunched

RSL1_ST02_B200E:admin> configure

Not all options will be available on an enabled switch.

To disable the switch, use the "switchDisable" command.

Configure...

System services (yes, y, no, n): [no]

ssl attributes (yes, y, no, n): [no]

http attributes (yes, y, no, n): [no]

snmp attributes (yes, y, no, n): [no]

rpcd attributes (yes, y, no, n): [no]

cfgload attributes (yes, y, no, n): [no]

webtools attributes (yes, y, no, n): [no] yes

Upfront Login Enabled (yes, y, no, n): [no] yes


19/41



Page -19


Multiple User Accounts

New accounts may be created with the userconfig

command

There are different account roles Admin: has all abilities

SwitchAdmin: can do everything except modify zoning, createor modify accounts

User: display switch information only

RSL1_ST02_B41:admin> userconfig --add jdoe -r admin -d "Jane Doe"

Setting initial password for jdoe

Enter new password:

Re-type new password:

Account jdoe has been successfully added.


20/41



Page -20


RADIUS

When configured for RADIUS, the switch becomes aRADIUS client

With RADIUS enabled, all account passwords aremanaged through the RADIUS server

Authentication may be done from a RADIUS server, anduse the local switch database as a backup if RADIUS isunavailable

If only RADIUS is used for authentication, and unavailable,no access to the switch is possible through telnet


21/41



Page -21


Tracking Changes

The track changes feature allows you to keep a record ofchanges that might not be considered switch events

Output from the track changes feature goes to the switcherror log and/or an external log

Items that may be tracked: Successful logins

Unsuccessful logins

Logouts

Configuration file changes

Turning track changes on/off


22/41



Page -22


Track Changes Error Messages

2006/06/29-08:43:02, [TRCK-1002], 4,, INFO, switch2,

Unsuccessful login by user jcannata.

2006/06/29-08:43:14, [TRCK-1006], 5,, INFO, switch2,

Track-changes off.


23/41



Page -23


Passwords and Policies

Passwords should be changed on a regular basis

Administration of Fabric OS v5.1.0 account passwords consists of

these policy features: Password strength

Password history

Password expiration

Account lockout

The strength policy enforces format rules such as case, digits,punctuation and minimum length

The history policy prevents users from recycling passwords

The expiration policy forces the minimum and maximum time apassword may exist

The lockout policy allows you to set the number of failed attempts, and

the duration of the lockout When an administrator sets a users password, the history policy will

be ignored


24/41



Page -24


7. Troubleshooting


25/41



Page -25


Commands to Diagnose PhysicalSwitch Connectivity

Sends a Fibre Channel ELS Echo request to a pair of portsfcping

Shows the port status and initializationportflagsshow

Displays the current zoning configurationcfgshow

Displays a port error summaryporterrshow

Validates a device has logged in to the fabricswitchshow

Displays the switch port logportlogdump

Displays contents of the local Name Servernsshow

Displays the 24-bit addresses for all devices in the fabricnsallshow

DescriptionCommand


26/41



Page -26


Commands to Diagnose Routing Issues

Displays or sets the switch routing policyaptpolicy

Displays fabric topology as it appears to the local switchtopologyshow

Debugs failures in trunkstrunkdebug

Displays current connections and status of ISLsislshow

Displays routing information for a porturouteshow

DescriptionCommand


27/41



Page -27


FICON Notes

FICON is a high-speed mainframe interface

Configurable as a single-switch or cascaded fabric

Cascaded fabrics require a Secure Fabric OS license anddigital certificates from Brocades CA

Allows for port swapping Redirects resources from a failed port to a healthy port without

changing the FICON host configuration using theportswapcommand

It uses Insistent Domain IDs (IDID) Switch insists on a specific Domain ID which guarantees it

operates only with its pre-assigned Domain ID


28/41



Page -28


Fibre Channel Router Commands

Displays devices presented by Router EX_Portsfcrproxydevshow

Displays available resources on the Routerfcrresourceshow

Displays Routers that exist in a backbone fabricfcrfabricshow

Displays physical devices configured to be exported to another fabricfcrphydevshow

Displays routes through the Router backbone fabricfcrrouteshow

DescriptionCommand

AP7420

SW7500

FR4-18i


29/41



Page -29


Verifying IP Layer Connectivity

-d dest_ip Specifies the IP interface receiving

the ping

-s source_ip Specifies the IP interface issuingthe ping

portcmd ping [slot/]geports source_ip d dest_ip

Descriptionportcmd Command


30/41



Page -30


Guaranteeing In-Order Frame Delivery

Set the routing policy to port-based

aptpolicy 1 Turn on in-order delivery

iodset

Turn off dynamic load sharing

dlsreset

Frames Frames

1of42of43of44of4 1of42of43of44of4


31/41



Page -31


Switch Data Collection Commands

Captures the contents of supportshow, as well as all of the system

RASLOG, TRACE, core, FFDC and other files; for Directors run onboth CPs

supportsave

Displays devices presented by Router EX_Portsfcrproxydevshow

Displays available resources on the Routerfcrresourceshow

Sets/clears auto-FTP parameters, and/or checks connectivity to theFTP server

supportftp

Enables an immediate trace dump to be retrieved from the switch tothe FTP site; configured in supportftp

traceftp

Sets/clears a trace trigger on a specific error messagetracetrig

DescriptionCommand


32/41



Page -32


Problem Escalation Notes

When escalating a problem to a support provider, include thefollowing:

A very detailed description of the problem citing specific

information

Capture the error log, port details, and the switch configuration

Gather the historic record of the current andpast state of theswitch (trace dump)

Identify vital information important in problem determination

Collect this information by running the supportsave command

All supportshow groups are included in capture

RASLog output includes external andinternal messages

Most recent trace dump file is included

First-Failure-Data-Capture (FFDC) files are captured

Out-Of-Memory (OOM) information is also captured

When relevant, FR4-18i blade data is included

Collect dual-CP supportsave output from Active andStandby CPs


33/41



Page -33


SAN Health


34/41



Page -34


SAN Health Notes

SAN Health is a free utility that helps you create: Comprehensive Documentation

Historical Performance Graphs

Detailed Topology Diagrams

Best Practice Recommendations

SAN Health may be run against: Brocade systems running any version of Fabric OS or XPath OS

McDATA systems running EOS 4.x and higher


35/41



Page -35


8. Taking the Test


36/41



Page -36


Exam Introduction Screen


37/41



Page -37


Non-disclosure Agreement


38/41



Page -38


Sample Question


39/41



Page -39


Sample Score Sheet


40/41



Page -40


Thanks Brocade Education, I Passed!


41/41

41

Brocade Education Services

Brocade

Product Training


BCFP in a Nutshell 4 Gbit/secVirtual Classroom Version

End of Part 2

Documents

BCFP Nutshell 4Gbit VC Part2