ADMINISTRATION GUIDE Brocade Fabric OS Access Gateway Administration Guide Supporting Fabric OS 8.0.
© 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, ClearLink, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision is a trademark of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others.
Contents Preface...........................................................................................................................................................................................................................................................................................7 Document conventions...............................................................................................................................................................................................
Saving port mappings...................................................................................................................................................................................................................................44 Limitations and considerations................................................................................................................................................................................................................
Enabling and disabling the Failback policy on an N_Port ....................................................................................................................................................... 67 Enabling and disabling the Failback policy for a port group...................................................................................................................................................68 Upgrade and downgrade considerations for the Failback policy................................
Brocade Fabric OS Access GatewayAdministration Guide 53-1004110-01
Preface ∙ ∙ ∙ ∙ Document conventions..................................................................................................................................................................................................... 7 Brocade resources...............................................................................................................................................................................................................8 Contacting Brocade Technical Support.............
Preface Convention Description ... Repeat the previous element, for example, member[member...]. \ Indicates a “soft” line break in command examples. If a backslash separates two lines of a command input, enter the entire command at the prompt without the backslash. Notes, cautions, and warnings Notes, cautions, and warning statements may be used in this document. They are listed in the order of increasing severity of potential hazards.
Preface If you have purchased Brocade product support directly from Brocade, use one of the following methods to contact the Brocade Technical Assistance Center 24x7. Online Telephone E-mail Preferred method of contact for non-urgent issues: Required for Sev 1-Critical and Sev 2-High issues: support@brocade.
Preface 10 Brocade Fabric OS Access GatewayAdministration Guide 53-1004110-01
About This Document ∙ ∙ ∙ Supported hardware and software..............................................................................................................................................................................11 What's new in this document......................................................................................................................................................................................... 11 Key terms for Access Gateway.................................
About This Document ∙ Port mirroring is deprecated and not supported (the portmirror command). ∙ Removed Admin Domain in Enabling and disabling Access Gateway mode on page 25. Administration Domains is not supported. NOTE In Fabric OS 8.0.1, support for Administration Domains (ADs) is deprecated. In Fabric OS 8.0.1, a warning message will be displayed and a RASLog entry be generated for any AD configuration commands or if an AD is activated though a command or zone merge.
Access Gateway Basic Concepts ∙ ∙ ∙ ∙ Brocade Access Gateway overview ........................................................................................................................................................................13 Fabric OS features in Access Gateway mode....................................................................................................................................................15 Access Gateway port types.....................................................
Access Gateway Basic Concepts FIGURE 1 Switch function in Native mode 14 Brocade Fabric OS Access GatewayAdministration Guide 53-1004110-01
Access Gateway Basic Concepts FIGURE 2 Switch function in Access Gateway mode Fabric OS features in Access Gateway mode The following table lists feature support for a switch operating in Access Gateway mode. Feature support is indicated in the following ways: ∙ Yes means the feature is supported in Access Gateway mode. ∙ No means the feature is not supported in Access Gateway mode. ∙ NA means the feature is not applicable in Access Gateway mode.
Access Gateway Basic Concepts TABLE 1 Fabric OS components supported in Access Gateway mode Feature Access Support Control1 Yes (limited roles) Adaptive Networking Yes Admin Domains No Audit Yes Beaconing Yes Bottleneck Detection No Support is deprecated in Fabric OS 8.0.0. Buffer Credit Recovery (CR) Yes Refer to Buffer credit recovery support on page 17. Config Download/Upload Yes Device Authentication Yes Refer to Device authentication support on page 18.
Access Gateway Basic Concepts TABLE 1 Fabric OS components supported in Access Gateway mode (continued) Feature Support Manufacturing Diagnostics Yes Monitoring and Alerting Policy Suite (MAPS) Yes N_Port ID Virtualization (NPIV) Yes Name Server NA Native Interoperability Mode NA Network Time Protocol (NTP) Yes Open E_Port NA Performance Monitor No Support is deprecated in Fabric OS 7.4.0.
Access Gateway Basic Concepts NOTE If a device that supports 16 Gbps or 32 Gbps is connected to a device that supports only 8 Gbps, buffer credit recovery is disabled, even if both devices are running 8 Gbps. Switch platforms support buffer credit recovery in R_RDY or VC_RDY mode. In R_RDY mode, buffer credit recovery is supported without FA-PWWN and QoS. In VC_RDY mode, buffer credit recovery is supported with fabric-assigned PWWN (FA-PWWN), FEC, QoS, and trunking.
Access Gateway Basic Concepts Authentication policy is supported in the following configurations for Access Gateway devices: ∙ Access Gateway device N_Port connected to Brocade fabric switch F_Port. The N_Port enables authentication when authentication is enabled on the connected switch. Enable switch policy on the AG device, and enable device policy on the fabric switch. ∙ Access Gateway switch F_Port connected to an HBA.
Access Gateway Basic Concepts HBA, authentication enabled HBA, authentication disabled Authorization negotiation - accept Authorization negotiation - accept Authorization negotiation - reject DH-CHAP DH-CHAP F_Port without authentication Success - F_Port Success - F_Port Failure - disable Failure - disable No negotiation No negotiation No negotiation No light F_Port without authentication F_Port without authentication Supported Fabric OS commands The following Fabric OS commands for authe
Access Gateway Basic Concepts ∙ By default, configured N_Ports will come up as disabled because a PoD license is not installed for those ports. ∙ All F_Ports mapped to the default N-Port will come up as disabled with a message displayed: N-Port Offline for FPort. ∙ You must manually configure N_Ports in the AG device using the portcfgnport command, and move the cable connections accordingly. ∙ You can update the N_Port-to-F_Port mapping using the ag --mapdel and ag --mapadd commands.
Access Gateway Basic Concepts external NTP server as it can receive NTP server configuration from the connected FOS switch. If the AG device is connected to more than one fabric, the latest clock server request received is configured. Consider the following points when distributing the NTP server configuration: ∙ The tsClockServer command distributes the NTP server configuration to all switches within the fabric and AG devices connected to the same fabric.
Access Gateway Basic Concepts FIGURE 3 Port comparison You can test the link between ports on an AG device and another AG device, fabric switch, or HBA by configuring each connection in the link as a D_Port. When you configure the ports at each end of the link as D_Ports, diagnostic tests automatically initiate on the link when the D_Ports come online. You can view results by using Fabric OS commands, such as portdporttest, during or after testing.
Access Gateway Basic Concepts FIGURE 4 Diagnostic port configurations The following table shows a comparison of port configurations between AG devices and a standard fabric switch. TABLE 4 Port configurations Port type Available on Access Gateway? Available on Fabric switch? F_Port Yes Connects hosts and targets to Access Gateway. Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Port Yes Connects Access Gateway to a fabric switch. N/A N_Ports are not supported.
Configuring Ports in Access Gateway Mode ∙ ∙ ∙ ∙ Enabling and disabling Access Gateway mode...............................................................................................................................................25 Access Gateway mapping............................................................................................................................................................................................26 N_Port configurations........................................
Configuring Ports in Access Gateway Mode Refer to the Fabric OS Command Reference for examples of output. For a description of the port state, refer to Table 5 on page 26. 10. Enter the switchdisable command to disable the switch. switch:admin> switchdisable 11. Enter the ag --modedisable command to disable AG mode. switch:admin> ag --modedisable 12. Enter the ag --modeshow command to verify that AG mode is disabled.
Configuring Ports in Access Gateway Mode Port mapping ensures that all traffic from a specific F_Port always goes through the same N_Port. A single F_Port is mapped to a single N_Port, or to an N_Port group. To map an F_Port to an N_Port group, map the F_Port to an N_Port that belongs to that port group. All F_Ports mapped to an N_Port group are part of that N_Port group. ∙ Device mapping Device mapping is optional. Port maps must exist before you can create device maps.
Configuring Ports in Access Gateway Mode FIGURE 5 Port mapping example The following table describes the port mapping details shown in the example. TABLE 6 Description of port mapping Access Gateway Fabric F_Port N_Port Edge switch F_Port F_1, F_2 N_1 Switch_A F_A1 F_3, F_4 N_2 Switch_A F_A2 F_5, F_6 N_3 Switch_B F_B1 F_7, F_8 N_4 Switch_B F_B2 Default port mapping When you enable AG mode on a switch, a default mapping is used for the F_Ports and N_Ports.
Configuring Ports in Access Gateway Mode To change the default mapping, refer to Adding F_Ports to an N_Port on page 31. Note that all F_Ports must be mapped to an N_Port before the F_Port can come online. NOTE For Fabric OS 7.3.0 and later, all PoD licenses are not required to run in AG mode.
Configuring Ports in Access Gateway Mode TABLE 7 Access Gateway default port mapping (continued) Brocade Model Total Ports F_Ports N_Ports Default port mapping 10 mapped to 37 11 mapped to 38 12 mapped to 39 13 mapped to 40 14 mapped to 41 15 mapped to 42 16 mapped to 43 17 mapped to 44 18 mapped to 45 19 mapped to 46 20 mapped to 47 6548 28 1–16 0, 17–27 1, 13 mapped to 0 2, 14 mapped to 17 3, 15 mapped to 18 4, 16 mapped to 19 5 mapped to 20 6 mapped to 21 7 mapped to 22 8 mapped to 23 9 mapped
Configuring Ports in Access Gateway Mode NOTE Communication between host and target ports is not supported if both are mapped to the same N_Port. Use the following recommendations for mapping between host and target ports: ∙ Use separate port groups for the host and target ports. ∙ If connecting a host and target port to the same AG device, map the host and target to separate N_Ports and connect those N_Ports to the same fabric.
Configuring Ports in Access Gateway Mode The output for this command displays the following information in the Proto column for each unassigned F_Port: Disabled (No mapping for F_Port) F_Port Static Mapping The F_Port Static Mapping feature adds the staticadd and staticdel keywords to the ag Fabric OS command. These keywords simplify how you change N_Port to F_Port mapping. Using the ag staticadd command, any existing mappings are removed and replaced with the new mapping information.
Configuring Ports in Access Gateway Mode Device mapping Device mapping allows you to map individual N_Port ID Virtualization (NPIV) devices to N_Ports. By mapping device WWNs directly to an N_Port group, traffic from the device will always go to the same N_Port group, independently of the F_Port where the device logs in.
Configuring Ports in Access Gateway Mode FIGURE 6 Example of device mapping to N_Port groups The following figure shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
Configuring Ports in Access Gateway Mode FIGURE 7 Example device mapping to an N_Port Static versus dynamic mapping Device mapping is of two types, static or dynamic. Static device mapping has the following considerations: ∙ Static device mapping is when a device is mapped to an N_Port group or N_port. ∙ Static device mappings persist across reboots. ∙ Static device mappings can be saved and restored with the configUpload and configDownload commands.
Configuring Ports in Access Gateway Mode NOTE Static and dynamic mapping only applies to NPIV devices and cannot redirect devices that are physically attached to Access Gateway devices because physically-attached devices use port maps to connect to the fabric. Device mapping to port groups (recommended) Device mapping is recommended when a number of devices must connect to the same group of N_Ports. This approach provides the flexibility to move the devices to any available F_Port.
Configuring Ports in Access Gateway Mode After you have logged in, you can apply any of the following commands to configure how devices are mapped to port groups. 2. To add one or multiple devices to an N_Port , use the ag --addwwnmapping command. All listed device WWNs use the N_Port if it is available. The following example adds two devices to N_Port 17. ag --addwwnmapping 17 "10:00:00:06:2b:0f:71:0c;10:00:00:05:1e:5e:2c:11" The --all option edits all the currently existing mappings.
Configuring Ports in Access Gateway Mode Enabling device mapping Use the following steps to enable device mapping for all devices or specific devices that were previously disabled. 1. Connect to the switch and log in using an account with admin permissions. After you have logged in, you can one of the following commands to enable how devices are mapped to port groups. 2. Use the ag --wwnmappingenable command to enable mapping for specific WWNs. The following example enables two device WWNs.
Configuring Ports in Access Gateway Mode If there are any additional disruptions, the server does not switch back to the virtual port, and the VM traffic does not follow the configured device mapping. Note that this behavior can also occur when a VM first boots, prior to any failover. When this behavior occurs, the VM WWN will be logged in to the fabric. The WWN appears in the output of ag --show and ag -wwnmapshow, as well as on the switch.
Configuring Ports in Access Gateway Mode 5. Port mapping to an N_Port in a port group (if defined) Device mapping considerations Consider the following points when using device mapping: ∙ When the N_Port is disabled, all devices that are mapped to it are disabled. Depending on the effective failover policy, the devices are enabled on other N_Ports. ∙ Similar to port mappings, device mappings are affected by changes to underlying F_Ports.
Configuring Ports in Access Gateway Mode FIGURE 8 Example of adding an external F_Port (F9) on an embedded switch Although some ports are locked as N_Ports, you can convert N_Ports to F_Ports, as follows. 1. Before converting an N_Port to an F_Port, remap all F_Ports on that N_port to another N_Port. 2. Remove all the F_Ports that are mapped to the selected N_Port. 3. Unlock the selected port from N_Port state. 4. Define a map for the port.
Configuring Ports in Access Gateway Mode 1. Connect to the switch and log in using an account with admin permissions. 2. Enter the portcfgnport command. The command output displays ON for locked N_Ports. Unlocking N_Ports By default, when you enable Access Gateway mode on embedded switches, all external ports are configured in N_Port lock mode. A switch in Access Gateway mode connects only Fibre Channel Protocol (FCP) hosts and targets to the fabric.
Configuring Ports in Access Gateway Mode D_Port support The D_Port (diagnostic port) feature is supported on 16 Gbps and 32 Gbps ports in the following configurations: ∙ An AG device connected to an AG device in cascaded configuration (supports only static D_Port). ∙ An AG device connected to a Brocade fabric switch (supports only static D_Port). ∙ An AG device connected to an HBA. Supported modes are as follows: – – Static D_Port starting with Fabric OS 7.2.
Configuring Ports in Access Gateway Mode For details on configuring D_Ports, using D_Ports, and D_Port limitations and considerations, refer to the Fabric OS Administrator's Guide. For details on D_Port-related commands, refer to the Fabric OS Command Reference. Saving port mappings Before configuring static D_Ports, you must remove all mappings between the ports and devices because mappings are not retained on D_Ports. This includes port (N_Port-to-F_Port), device (WWN), static, and dynamic mapping.
Configuring Ports in Access Gateway Mode For a complete list of D_Port limitations and considerations, refer to the Fabric OS Administrator's Guide.
Configuring Ports in Access Gateway Mode 46 Brocade Fabric OS Access GatewayAdministration Guide 53-1004110-01
Managing Policies and Features in Access Gateway Mode ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ Access Gateway policies overview.......................................................................................................................................................................... 47 Advanced Device Security policy ...........................................................................................................................................................................
Managing Policies and Features in Access Gateway Mode Advanced Device Security policy Advanced Device Security (ADS) is a security policy that restricts access to the fabric at the AG level to a set of authorized devices. Unauthorized access is rejected and the system logs a RASLOG message. You can configure the list of allowed devices for each F_Port by specifying their Port WWN (PWWN). The ADS policy secures virtual and physical connections to the SAN.
Managing Policies and Features in Access Gateway Mode Use an asterisk enclosed in quotation marks ("*") to set the allow list to “all access.” Use a pair of double quotation marks ("") to set the allow list to “no access.” Consider the following characteristics of the allow list: ∙ The maximum number of device entries allowed in the allow list is twice the per-port maximum login count. ∙ Each port can be configured to “not allow any device” or “to allow all the devices” to log in.
Managing Policies and Features in Access Gateway Mode In the following example, two devices are removed from the list of allowed devices (ports 3 and 9). switch:admin> ag --adsdel "3;9" "22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b" WWNs removed successfully from Allow Lists of the F_Port[s]Viewing F_Ports allowed to login Adding new devices to the list of allowed devices Add specified WWNs to the list of devices allowed to log in to the specified F_Ports using the ag --adsadd command.
Managing Policies and Features in Access Gateway Mode Automatic Port Configuration policy The Automatic Port Configuration (APC) policy provides the ability to automatically discover port types (host, target, or fabric) and dynamically update the port maps when a change in port-type connection is detected. This policy is intended for a fully hands-off operation of Access Gateway. APC dynamically maps F_Ports across available N_Ports so they are evenly distributed.
Managing Policies and Features in Access Gateway Mode ∙ The APC policy applies to all ports on the switch. ∙ Enabling the APC policy is disruptive and erases all existing port mappings. Therefore, before enabling the APC policy, you should disable the AG module. When you disable the APC policy, the N_Port configuration and the port mapping revert back to the default factory configurations for that platform.
Managing Policies and Features in Access Gateway Mode FIGURE 9 Port grouping behavior When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can access the same target devices from both of the fabrics. In this case, you must group the N_Ports connected to the redundant fabric into a single port group. It is recommended to have paths fail over to the redundant fabric when the primary fabric goes down.
Managing Policies and Features in Access Gateway Mode 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgadd command with the appropriate options to add an N_Port to a specific port group. In the following example, N_Port 14 is added to port group 3. If you add more than one N_Port, you must separate them with a semicolon.
Managing Policies and Features in Access Gateway Mode Port Grouping policy modes You can enable and disable the Automatic Login Balancing and Managed Fabric Name Monitoring (MFNM) Port Grouping policy modes when you create port groups using the pgcreate command. Alternately, you can enable these modes using the ag --pgsetmodes command.
Managing Policies and Features in Access Gateway Mode Rebalancing F_Ports To minimize disruption that could occur once F_Ports go offline or when additional N_Ports are brought online, you can modify the default behavior of Automatic Login Balancing mode by disabling or enabling rebalancing of F_Ports when F_Port offline or N_Port online events occur. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Managing Policies and Features in Access Gateway Mode This command changes the monitoring mode from “default” to “managed.” In the following example, MFNM mode is enabled for port group 3. switch:admin> ag --pgsetmodes 3 "mfnm" Managed Fabric Name Monitoring mode has been enabled for Port Group 3 Disabling MFNM mode The following steps show how to disable MFNM mode. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Managing Policies and Features in Access Gateway Mode ∙ If an N_Port is added to a port group or deleted from a port group and Automatic Login Balancing mode is enabled or disabled for the port group, the N_Port maintains its original failover or failback setting. If an N_Port is deleted from a port group, it automatically gets added to port group 0. ∙ When specifying a preferred secondary N_Port for a port group, the N_Port must be from the same group.
Managing Policies and Features in Access Gateway Mode 3. The Port Grouping policy must be enabled to enable Device Load Balancing. Enter the ag --policyshow command to determine if the Port Grouping policy is enabled. If it is not enabled, enter ag --policyenable pg to enable this policy. 4. Enter the ag --policyenable wwnloadbalance command to enable the Device Load Balancing policy. Because Fibre Channel devices are identified by their WWNs, CLI commands use device WWNs.
Managing Policies and Features in Access Gateway Mode Enabling the Persistent ALPA policy By default, Persistent ALPA is disabled. You can enable Persistent ALPA using the ag --persistentalpaenable command with the following syntax and with one of the following value types: ag -persistentalpaenable 1/0[On/Off] -s/-f[Stringent/Flexible] To enable Persistent ALPA, use the following steps. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
Managing Policies and Features in Access Gateway Mode Clearing ALPA values You can clear the ALPA values for a specific port. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --clearalpamap command with the appropriate option to remove the PWW-to-ALPA mapping for a specific port. In the following example, the mapping for port 2 is cleared from the database. switch:admin> ag --clearalpamap 2 NOTE All the device data must be persistent in case of a reboot.
Managing Policies and Features in Access Gateway Mode Failover configurations in Access Gateway The following sequence describes how a failover event occurs: ∙ An N_Port goes offline. ∙ All F_Ports mapped to that N_Port are temporarily disabled. ∙ If the Failover policy is enabled on an offline N_Port, the F_Ports mapped to it will be distributed among available online N_Ports. If a secondary N_Port is defined for any of these F_Ports, these F_Ports will be mapped to those N_Ports.
Managing Policies and Features in Access Gateway Mode FIGURE 11 Failover behavior Adding a preferred secondary N_Port (optional) F_Ports automatically fail over to any available N_Port. Alternatively, you can specify a preferred secondary N_Port in case the primary N_Port fails. If the primary N_Port goes offline, the F_Ports fail over to the preferred secondary N_Port (if it is online), then re-enable. If the secondary N_Port is offline, the F_Ports will disable.
Managing Policies and Features in Access Gateway Mode The F_Ports must be enclosed in quotation marks and the port numbers must be separated by a semicolon, as shown in the following example. switch:admin> ag --prefset "3;9" 4 Preferred N_Port is set successfully for the F_Port[s] NOTE Preferred mapping is not allowed when Automatic Login Balancing mode is enabled for a port group. All N_Ports are the same when Automatic Login Balancing mode is enabled.
Managing Policies and Features in Access Gateway Mode To configure N_Port 32 as a failover port for all WWNs mapped to the N_Port, use the ag --addwwnfailovermapping command with the N_Port and --all options. ag --addwwnfailovermapping 32 --all Deleting a preferred secondary N_Port for device mapping (optional) Use the following steps to remove a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1.
Managing Policies and Features in Access Gateway Mode 2. Enter the ag --failoverenable -pg pgid command to enable failover. switch:admin> ag --failoverenable -pg 3 Failover policy is enabled for port group 3 3. Enter the ag --failoverdisable -pg pgid command to disable failover. switch:admin> ag --failoverdisable -pg 3 Failover policy is disabled for port group 3 Upgrade and downgrade considerations for the Failover policy The Brocade G620 is supported in Fabric OS 8.0.0 and subsequent releases.
Managing Policies and Features in Access Gateway Mode Failback example In the following figure, the Access Gateway N_1 remains disabled because the corresponding F_A1 port is offline. However, N_2 comes back online. Refer to Failover example on page 62 for the original failover scenario. Ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
Managing Policies and Features in Access Gateway Mode ∙ Enter the ag --failbackenable n_portnumber command to enable failback. switch:admin> ag --failbackenable 13 Failback policy is enabled for port 13 ∙ Enter the ag --failbackdisable n_portnumber command to disable failback.
Managing Policies and Features in Access Gateway Mode ∙ If failback is enabled, configured F_Ports will fail back to the N_Port. ∙ If the configured F_Ports are offline, they will go back online. ∙ If Device Load Balancing is enabled, rebalancing occurs. Trunking in Access Gateway mode The hardware-based Port Trunking feature enhances management, performance, and reliability of Access Gateway N_Ports when they are connected to Brocade fabrics.
Managing Policies and Features in Access Gateway Mode On switches running in Access Gateway mode, the masterless trunking feature trunks N_Ports because these are the only ports that connect to the Enterprise fabric. When a TA is assigned to a port or trunk group, the ports will immediately acquire the TA as the area of its port IDs (PIDs). When a TA is removed from a port or trunk group, the port reverts to the default area as its PID. NOTE By default, trunking is enabled on all N_Ports of the AG device.
Managing Policies and Features in Access Gateway Mode Assigning a trunk area You must enable trunking on all ports to be included in a trunk area (TA) before you can create a trunk area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all ports of a switch. Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a TA from a port or group of ports in a trunk, and to display masterless trunking information.
Managing Policies and Features in Access Gateway Mode Enabling trunking The following steps show how to enable trunking. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Disable the desired ports by entering the portdisable port command for each port to be included in the TA. 3. Enter the porttrunkarea--enable 3 command with the appropriate options to form a trunk group for the desired ports.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (continued) Category Description switch, and authentication follows FLOGI on that port, only that port displays the authentication details when you issue the portshow command. NOTE Authentication is also supported on switches configured in AG mode.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (continued) Category Description Fast Write When you assign a Trunk Area to a trunk group, the trunk group cannot have fast write enabled on those ports; if fast-write is enabled on a port, the port cannot be assigned a Trunk Area. FICON FICON is not supported on F_Port trunk ports. However, FICON can still run on ports that are not F_Port trunked within the same switch.
Managing Policies and Features in Access Gateway Mode TABLE 10 Access Gateway trunking considerations for the Edge switch (continued) Category Description You can remove the port from the Trunk Area to have the “I” back into effect. D,I will behave as normal, but you may see the effects of grouping ports into a single “I”. Also, D,I continues to work for Trunk Area groups. The “I” can be used in D,I if the “I” was the “I” for the Trunk Area group.
Managing Policies and Features in Access Gateway Mode You can configure the ingress rate limiting and SID/DID traffic prioritization levels of QoS for the following configurations: ∙ Supported HBA to AG to switch ∙ Unsupported HBA to AG to switch ∙ HBA (all) to Edge AG to Core AG to switch QoS: Ingress rate limiting Ingress rate limiting restricts the speed of traffic from a particular device to the switch port. On switches in AG mode, you must configure ingress rate limiting on F_Ports.
Managing Policies and Features in Access Gateway Mode FIGURE 13 Starting point for QoS Upgrade and downgrade considerations for Adaptive Networking in AG mode The Brocade G620 is supported in Fabric OS v8.0.0 and subsequent releases. Downgrading to a prior release is not supported. Upgrading to Fabric OS v7.1.0 from Fabric OS v6.4.0 is supported. Note the following considerations when upgrading to Fabric OS v7.1.0 from Fabric OS v6.2.X and earlier and downgrading from Fabric OS v7.1.0 to Fabric OS v6.2.
Managing Policies and Features in Access Gateway Mode ∙ Disabling QoS on online N_Ports in the same trunk can cause the slave N_Port ID Virtualization (NPIV) F_Port on the Edge switch to become persistently disabled with “Area has been acquired.” This is expected behavior because after QoS is disabled, the slave NPIV F_Port on the Edge switch also tries to come up as a master. To avoid this issue, simply persistently enable the slave F_Port on the switch.
Managing Policies and Features in Access Gateway Mode ∙ Enforced login: The second login request will have precedence over the existing login and Access Gateway will accepts the login. ∙ Mixed: This option takes port type into consideration. The second login request will have precedence over the existing login in case of a duplicate entry exit on the F_Port with an NPIV device logged in.
Managing Policies and Features in Access Gateway Mode Considerations for the Brocade 6505 and 6510, and Brocade G620 The Brocade 6505 and 6510, and Brocade G620 can function in either Fabric OS Native mode or Brocade Access Gateway mode. These switches are shipped in Fabric OS Native mode. They are also supported in Access Gateway cascaded configurations. All PoD licenses must be present to support Access Gateway for all releases prior to Fabric OS 7.3.0. However, starting with Fabric OS 7.3.
SAN Configuration with Access Gateway ∙ ∙ ∙ ∙ ∙ ∙ ∙ Connectivity of multiple devices overview........................................................................................................................................................... 81 Direct target attachment..................................................................................................................................................................................................81 Target aggregation....................
SAN Configuration with Access Gateway FIGURE 14 Direct target attachment to switch operating in AG mode Although target devices can be connected directly to AG ports, it is recommended that the switch operating in AG mode be connected to the core fabric. Considerations for direct target attachment Consider the following points for direct target attachment: 82 ∙ Direct target attachment to AG is only supported if the AG module is also connected to a core fabric.
SAN Configuration with Access Gateway ∙ Redundant configurations should be maintained so that when hosts and targets fail over or fail back, they do not get mapped to a single N_Port. ∙ Hosts and targets should be in separate port groups. ∙ Direct target attachment configurations are not enforced. Target aggregation Access Gateway mode is normally used as host aggregation. In other words, a switch in AG mode aggregates traffic from a number of host systems onto a single uplink N_Port.
SAN Configuration with Access Gateway FIGURE 15 Target aggregation Access Gateway cascading Access Gateway cascading is an advanced configuration supported in Access Gateway mode. Access Gateway cascading allows you to further increase the ratio of hosts to fabric ports to beyond what a single switch in AG mode can support. Access Gateway cascading allows you to link two Access Gateway (AG) switches back to back. The AG switch that is directly connected to the fabric is referred to as the Core AG.
SAN Configuration with Access Gateway FIGURE 16 Access Gateway cascading AG cascading provides higher over-subscription because it allows you to consolidate the number of ports going to the main fabric. There is no license requirement to use this feature. Access Gateway cascading considerations Note the following configuration considerations when cascading Access Gateways: ∙ Only one level of cascading is supported.
SAN Configuration with Access Gateway Fabric and Edge switch configuration To connect devices to the fabric using Access Gateway, configure the fabric and Edge switches within the fabric that will connect to the AG module using the following parameters. These parameters apply to Fabric OS, M-EOS, and Cisco-based fabrics: ∙ Install and configure the switch as described in the switch’s hardware reference manual before performing these procedures.
SAN Configuration with Access Gateway 1. Connect to the switch and log in as admin on the M-EOS switch. 2. Enable Open Systems Management Server (OSMS) services by using the following command. For the Mi10K switch, enter the following command. fc osmsState vfid state In the command, vfid is the virtual fabric identification number. The state variable can be enable for the enabled state or disable for the disabled state.
SAN Configuration with Access Gateway ∙ If you saved a Fabric OS configuration before enabling AG mode, download the configuration using the configDownload command. ∙ If you want to rejoin the switch to the fabric using the fabric configuration, use the following procedure. To rejoin the Fabric OS switch to a fabric, perform the following steps: 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchDisable command to disable the switch. 3.
Troubleshooting The following table provides troubleshooting information for Fabric OS switches in AG mode. TABLE 12 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag -modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command.
Troubleshooting TABLE 12 Troubleshooting (continued) Problem Cause Solution Command returns “Failback (or Failover) on N_Port port_number is supported.” If it returns, “Failback (or Failover) on N_Port port_number is not supported.” Refer to Adding a preferred secondary N_Port (optional) on page 63. Access Gateway is mode not wanted Access Gateway must be disabled. Disable switch using the switchDisable command. Disable Access Gateway mode using the ag -modeDisable command.