53-1001760-01 30 March 2010 Access Gateway Administrator’s Guide Supporting Fabric OS v6.4.
Copyright © 2007-2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Document History The following table lists all versions of the Access Gateway Administrator’s Guide. Document Title Publication Number Summary of Changes Publication Date Access Gateway Administrator’s Guide 53-1000430-01 First version January 2007 Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E June 2007 Access Gateway Administrator’s Guide 53-1000605-01 Added support for new policies and changes to N_Port mappings.
iv Access Gateway Administrator’s Guide 53-1001760-01
Contents About This Document How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiii What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Displaying N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . 25 Unlocking N_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Chapter 3 Managing Policies and Features in Access Gateway Mode In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Access Gateway policies overview . . . . . . . . . . . . . . . .
Persistent ALPA Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Enabling Persistent ALPA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Disabling Persistent ALPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Persistent ALPA device data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Removing device data from the database . . . . . . . . . . . . . . . . . 42 Displaying device data. . . . . . . . . . . . . . . . . . . . . . . . .
Fabric and Edge switch configuration . . . . . . . . . . . . . . . . . . . . . . . . 65 Verifying the switch mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Enabling NPIV on M-EOS switches . . . . . . . . . . . . . . . . . . . . . . . 66 Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Enabling NPIV on a Cisco switch. . . . . . . . . . . . . . . . . . . . . . . . . 67 Rejoining Fabric OS switches to a fabric . . . . . . . . . . . . . . . . .
Figures Figure 1 Switch function in Native mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Figure 2 Switch function in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Figure 3 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 4 Example port-based mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x Access Gateway Administrator’s Guide 53-1001760-01
Tables Table 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3 Table 2 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 3 Port state description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Table 4 Description of port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii Access Gateway Administrator’s Guide 53-1001760-01
About This Document • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv • Notice to the reader . . . . . . . . . . . . . . . . . . . .
All Fabric OS switches must be running v6.1.0 or later; all M-EOS switches must be running M-EOSc 9.1 or later, M-EOSn must be running 9.6.2 or later, and Cisco switches with SAN OS must be running 3.0 (1) and 3.1 (1) or later. Fabric OS v6.4.
Document conventions This section describes text formatting conventions and important notices formats.
ATTENTION An Attention statement indicates potential damage to hardware or data. CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data. DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.
E_Port An ISL (Interswitch link) port. A switch port that connects switches together to form a fabric. Edge switch A fabric switch that connects host, storage, or other devices, such as Brocade Access Gateway, to the fabric. F_Port A fabric port. A switch port that connects a host, HBA (host bus adaptor), or storage device to the SAN. On Brocade Access Gateway, the F_Port connects to a host or a target.
For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.org Optional Brocade features For a list of optional Brocade features and descriptions, see the Fabric OS Administrator’s Guide. Getting technical help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1.
3. World Wide Name (WWN) Use the licenseIdShow command to display the WWN of the chassis. If you cannot use the licenseIdShow command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX. For the Brocade DCX, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis.
xx Access Gateway Administrator’s Guide 553-1001760-01
Chapter 1 Access Gateway Basic Concepts In this chapter • Brocade Access Gateway overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway hardware considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 2 Brocade Access Gateway overview FIGURE 1 Switch function in Native mode FIGURE 2 Switch function in Access Gateway mode Access Gateway Administrator’s Guide 53-1001760-01
Fabric OS features in Access Gateway mode 1 Fabric OS features in Access Gateway mode Table 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. “No” indicates that the feature is not provided in AG mode. “NA” indicates this feature is not applicable in Access Gateway mode of operation. A single asterisk (*) indicates the feature is transparent to AG, that is AG forwards the request to the Enterprise fabric.
1 Access Gateway port types TABLE 1 Fabric OS components supported on Access Gateway (Continued) Feature Support Speed Negotiation Yes Syslog Daemon Yes Trunking Yes** ValueLineOptions (Static POD, DPOD) Yes Web Tools Yes Zoning NA 1. When a switch is behaving as an AG, RBAC features in Fabric OS are available, but there are some limitations. For more information on the limitations, refer to “Access Gateway hardware considerations” on page 5. 2.
Access Gateway hardware considerations 1 Access Gateway Ports Switch in AG mode Fabric Hosts N_Port Edge Switch F_Port N_Port N_Port F_Port NPIV enabled F_Port Fabric Switch Ports Fabric FIGURE 3 Hosts Switch in Native Fabric mode N_Port F_Port E_Port E_Port N_Port F_Port E_Port E_Port Fabric Switch Port usage comparison Table 2 shows a comparison of port configurations with AG to a standard fabric switch.
1 6 Access Gateway hardware considerations Access Gateway Administrator’s Guide 53-1001760-01
Chapter Configuring Ports in Access Gateway mode 2 In this chapter • Enabling and disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . 7 • Access Gateway mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 • N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Enabling and disabling Access Gateway mode Use the following steps to enable and disable Access Gateway mode.
2 Enabling and disabling Access Gateway mode You can display the port mappings and status of the host connections to the fabric on Access Gateway. 7. Enter the ag --mapshow command to display all the mapped ports. The ag --mapshow command shows all the N_Ports (with the portcfgnport value of 1) even if those N_Ports are not connected.
Enabling and disabling Access Gateway mode 2 When you disable AG mode, The switch automatically reboots and comes back online using the fabric switch configuration; the AG parameters, such as port mapping, and Failover and Failback are automatically removed. When the switch reboots, it starts in Fabric OS Native mode. To re-join the switch to the core fabric, refer to “Rejoining Fabric OS switches to a fabric” on page 67. 9. Enter the switchDisable command to disable the switch.
2 Access Gateway mapping Access Gateway mapping When operating in AG mode you must specify pre-provisioned routes that AG will use to direct traffic from the devices (hosts or targets) on its F_Ports to the ports connected to the fabric using its N_Ports. This is unlike Native switch mode where the switch itself determines the best path between its F_Ports. This process of pre-provisioning routes in AG mode is called “mapping.
Access Gateway mapping Hosts Host_1 2 Fabric Access Gateway Edge Switch (Switch_A) F_1 F_A1 N_1 Host_2 NPIV enabled F_2 F_A2 Host_3 Host_4 N_2 NPIV enabled F_3 Edge Switch (Switch_B) F_4 F_B1 N_3 Host_5 NPIV enabled F_5 F_B2 N_4 FIGURE 4 Host_6 F_6 Host_7 F_7 Host_8 F_8 NPIV enabled Example port-based mapping Table 4 provides a description of the port mapping in Figure 4.
2 Access Gateway mapping • When configuring secondary port mapping for failover and failback situations, make sure that initiator and target F_Ports will not fail over or fail back to the same N_Port. Brocade 8000 mapping differences The Brocade 8000 contains 24 internal FCoE ports and eight external Fibre Channel ports. In Access Gateway mode, the internal FCoE ports are configured logically as F_Ports, while the external Fibre Channel ports are configured as N_Ports.
Access Gateway mapping TABLE 5 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default Port Mapping 5100 40 0-31 32-39 0, 1, 2, 3 mapped to 32 4, 5, 6, 7 mapped to 33 8, 9, 10, 11 mapped to 34 12, 13, 14, 15 mapped to 35 16, 17, 18, 19 mapped to 36 20, 21, 22, 23 mapped to 37 24, 25, 26, 27 mapped to 28 28, 29, 30, 31 mapped to 39 5424 24 1-16 0, 17-23 0, 17-23 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 2
2 Access Gateway mapping TABLE 5 Access Gateway default port mapping (Continued) Brocade Model Total Ports F_Ports N_Ports Default Port Mapping 5480 24 1-16 0, 17-23 1, 2 mapped to 17 9, 10 mapped to 18 3, 4 mapped to 19 11, 12 mapped to 20 15, 16 mapped to 0 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23 8000 32 8-31 FCoE ports mapped as F_Ports.
Access Gateway mapping 2 Removing F_Ports from N_Ports 1. Connect to the switch and log in using an account assigned to the admin role. 2. Remove any preferred secondary N_Port settings for the F_Port. Refer to “Deleting F_Ports from a preferred secondary N_Port” on page 46 for instructions. 3. Enter the ag --mapdel N_Port command with the “[fprot;[fport]” option to remove the F_Port from the N_Port. The f_portlist can contain multiple F_Port numbers separated by semicolons, for example “17;18”.
2 Access Gateway mapping NOTE Port Grouping Policy is not supported when both Automatic Login Balancing and Device Load Balancing are enabled. Device-based mapping does not affect or replace the traditional port mapping. Device mapping is an optional mapping that will exist on top of existing port mapping. In general mapping devices to N_Port groups is recommended over mapping devices to individual N_Ports within a port group.
Access Gateway mapping Hosts/Targets WWN1 2 Access Gateway F_1 N_1 F_2 N_2 WWN2 PG1 F_3 N_3 WWN3 F_4 N_4 WWN4 F_5 N_5 WWN5 PG2 F_6 N_6 FIGURE 5 Example of device mapping to N_Port groups Figure 6 shows an example of device mapping to specific N_Ports. Note that you can map one or multiple WWNs to one N_Port to allow multiple devices to log in through one N_Port.
2 Access Gateway mapping Hosts/Targets Access Gateway WWN1 F_1 WWN2 F_2 N_1 N_2 WWN3 WWN4 F_3 WWN5 F_4 N_3 N_4 WWN6 FIGURE 6 WWN7 F_5 WWN8 F_6 N_5 Example device mapping to an N_Port Static versus dynamic mapping Device mapping can be classified as either “static” or “dynamic” as follows: • Device mapping to an N_Port and to an N_Port Group are considered static.
Access Gateway mapping 2 Use the following steps to map one or more devices to an N_Port group or remove device mapping from an N_Port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To add one or multiple device WWNs to an N_Port group, enter the ag --addwwnpgmapping Port_Group command with the “[WWN];[WWN]” option.
2 Access Gateway mapping Device mapping to N_Ports Use the following steps to add one or more devices to an N_Port to route all device traffic to and from the device through the specified N_Port. Also use these steps to remove device mapping to an N_Port. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To add one or multiple devices to an N_Port, enter the ag --addwwnmapping N_Port command with the “[WWN];[WWN]” option.
Access Gateway mapping 2 The following example disables device mapping for two WWNs. switch:admin> ag --wwnmappingdisable “10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e:2c:11” Enter the ag command with the ag--wwnmappingdisable with the --all option to disable mapping for all available WWNs. The -all option will not affect mappings made in the future, Disabled mappings can be modified without automatically enabling them. The following example removes device mapping for all available WWNs.
2 Access Gateway mapping Pre-provisioning You can use Fabric OS commands, Web Tools, and Fabric Manager to map devices that do not yet exist. This allows applicable management programs to push configuration changes with out worrying about the order in which they are received. For example, if system administrators need to push a set of port group changes and a set of device mapping changes, they could push them in either order with out error.
Access Gateway mapping 2 1. Static device mapping to N_Port (if defined) 2. Device mapping to N_Port group (if defined) For more information, refer to “Port Grouping policy” on page 33. 3. Automatic WWN load balancing within a port group (if enabled) For more information, refer to “Port Grouping policy” on page 33. NOTE Only NPIV devices can use device mapping and the automatic WWN Load Balancing policy. NOTE In Fabric OS v6.4.
2 N_Port configurations N_Port configurations By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. On standalone switches with AG support, a preset number of ports are locked as N_Ports and the rest of the ports operate as standard F_Ports. Although some ports are locked as N_Ports, these ports can be converted to F_Ports.
N_Port configurations 2 Displaying N_Port configurations 1. Connect to the switch and log in using an account assigned to the admin role. Enter the portcfgnport command. switch:admin> portcfgnport Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 --------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON Unlocking N_Ports By default, on embedded switches all external ports are configured in N_Port lock mode when you enable Access Gateway.
2 26 N_Port configurations Access Gateway Administrator’s Guide 53-1001760-01
Chapter Managing Policies and Features in Access Gateway Mode 3 In this chapter • Access Gateway policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Advanced Device Security policy Access Gateway policy enforcement matrix The following table shows which combinations of policies can co-exist with each other.
Advanced Device Security policy 3 Enabling and disabling the Advanced Device Security policy By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configupload command in case you need this configuration again. 1. Connect to the switch and log in using an account assigned to the admin role. 2.
3 Advanced Device Security policy Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate operands to set the list of devices not allowed to log into specific ports. In the following example, ports 11 and 12 are set to “no access.
Automatic Port Configuration policy 3 Displaying the list of allowed devices on the switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsshow command.
3 Automatic Port Configuration policy Enabling and disabling the APC policy Use the following steps to enable and disable Automatic Port Configuration policy. This policy is disabled by default in Access Gateway. Enabling APC policy 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchdisable command to ensure that the switch is disabled. 3. Enter the configupload command to save the switch’s current configuration. 4.
Port Grouping policy 3 • The APC policy applies to all ports on the switch. Enabling the APC policy is disruptive and erases all existing port-based mappings. Therefore, before enabling the APC policy, you should disable the AG module. When you disable the APC policy, the N_Port configuration and the port-based mapping revert back to the default factory configurations for that platform.
3 Port Grouping policy F_Port1 N_Port1 F_Port2 F_Port3 Fabric-1 Storage Array-1 Fabric-2 Storage Array-2 N_Port2 F_Port4 PG1 AG F_Port5 N_Port3 F_Port6 F_Port7 N_Port4 F_Port8 PG2 FIGURE 8 Port grouping behavior When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can access the same target devices from both of the fabrics. In this case, you must group the N_Ports connected to the redundant fabric into a single port group.
Port Grouping policy 3 Deleting an N_Port from a port group Before deleting an N_Port, all F_Ports mapped to that N_Port should be remapped before that N_Port is deleted from a port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgdel command with the appropriate operands to delete an N_Port from a specific port group. In the following example, N_Port 13 is removed from port group 3.
3 Port Grouping policy Port Grouping policy modes You can enable and disable the following Port Grouping policy modes when you create port groups using the pgcreate command. Alternately, you can enable these policies using the ag--pgsetmodes command. Automatic Login Balancing If Automatic Login Balancing mode is enabled for a port group and an F_Port goes offline, logins in the port group are redistributed among the remaining F_Ports.
Port Grouping policy 3 Port Group 3 created successfully 3. Enter the ag --pgshow command to verify the port group was created.
3 Port Grouping policy ------------------------------------------------automapbalance on N_Port Online Event: Disabled automapbalance on F_Port Offline Event: Enabled ------------------------------------------------- Considerations when modifying automatic login balancing Consider the following when disabling automatic login balancing: • Be aware that modifying the APC policy default setting using the agautomapbalance command may yield to uneven distribution of F_Ports to N_Ports.
Port Grouping policy 3 Setting the current fabric name monitoring timeout value 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --pgfnmtov command, followed by a value. switch:admin> ag --pgfnmtov 100 This sets the timeout value to 100 seconds. NOTE The pgfnmtov command is blocked on a Brocade 8000. Port Grouping policy considerations Following are the considerations for the Port Grouping policy: • A port cannot be a member of more than one port group.
3 Device Load Balancing Policy Upgrade and downgrade considerations for the Port Grouping policy Downgrading to Fabric OS v6.3.0 or earlier is supported. Note the following considerations when upgrading and downgrading from Fabric OS v6.4.0 to Fabric OS v6.3.0 and earlier: • When upgrading to Fabric OS v6.4.0, the PG policy that was enforced in Fabric OS v6.3.0 continues to be enforced in Fabric OS v6.4.0 and the port groups are retained.
Persistent ALPA Policy 3 2. Enter the ag --policydisable wwnloadbalance command to enable the Device Load Balancing policy. switch:admin> ag --policydisable wwnloadbalance The policy WWN load balancing is disabled NOTE Use the ag --policyshow command to determine the current status of the WWN Load Balancing policy. Device Load Balancing considerations • This policy should be enabled on the edge AG of a cascaded AG configuration.
3 Persistent ALPA Policy Enabling Persistent ALPA By default, Persistent ALPA is disabled. You can enable Persistent ALPA using the ag --persistentalpaenable command with the following syntax and with one of the following value types: ag -persistentalpaenable 1/0[On/Off] -s/-f[Stringent/Flexible] • Flexible ALPA assigns an unassigned ALPA value when the ALPA assigned to the device is taken by another host.
Persistent ALPA Policy 3 Displaying device data You can view the ALPA of the host related to any ports you delete from the database. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --printalpamap command with the appropriate operand to display a database entry for a specific F_Port. The following example will display an entry for F_Port 2. switch:admin> ag --printalpamap 2 Clearing ALPA values You can clear the ALPA values for a specific port. 1.
3 Failover Failover Access Gateway Failover ensures maximum uptime for the servers. When a port is configured as an N_Port, failover is enabled by default and is enforced during power-up. Failover allows hosts and targets to automatically remap to another online N_Port if the primary N-Port goes offline. NOTE For port-based mapping, the Failover policy must be enabled on an N_Port for failover to occur.
3 Failover Example 1 Hosts Host_1 Example 2 Hosts Access Gateway Fabric F_1 Host_1 Access Gateway Fabric F_1 Edge Switch (Switch_A) Host_2 F_2 F_A1 Edge Switch (Switch_A) Host_2 F_2 N_1 Host_3 Host_3 F_3 F_A2 F_3 F_A2 N_2 Host_4 F_A1 N_1 N_2 Host_4 F_4 F_4 Edge Switch (Switch_B) Host_5 F_B1 F_5 Edge Switch (Switch_B) Host_5 N_3 Host_6 F_6 F_B1 F_5 N_3 F_B2 Host_6 F_6 N_4 F_B2 N_4 Host_7 F_7 Host_7 F_7 Host_8 F_8 Host_8 F_8 Legend Physical connection Mapped online F
3 Failover Deleting F_Ports from a preferred secondary N_Port 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --prefdel command with the "F_Port1;F_Port2;..." N_Port operands to delete F_Ports from an N_Port. The list of F_Ports must be enclosed in quotation marks. Port numbers must be separated by a semicolon. In the following example, F_Ports 3 and 9 are deleted from preferred secondary N_Port 4.
Failover 3 Deleting a preferred secondary N-Port for device mapping (optional) Use the following steps to remove a secondary N_Port where devices will connect if their first or primary N_Port, if defined, is unavailable. 1. Connect to the switch and log in using an account assigned to the admin role. 2. To delete an N_Port configured as a failover port for one or multiple devices mapped to a specific N_Port, enter the ag --delwwnfailovermapping N_Port command with the “[WWN];[WWN]” option.
3 Failback 3. Enter the ag --failoverdisable -pg pgid command to disable failover. switch:admin> ag --failoverdisable -pg 3 Failover policy is disabled for port group 3 Upgrade and downgrade considerations for Failover Consider the following when upgrading or downgrading Fabric OS versions. • Downgrading to Fabric OS v6.3.0 or earlier is supported. • Upgrading from v6.3.0 to v6.4.0 or downgrading from v6.4.0 to v6.3.0 will not change failover settings.
Failback 3 Example 3 Host_1 Fabric Access Gateway Hosts Edge Switch (Switch_A) F_1 F_A1 N_1 Host_2 F_2 F_A2 Host_3 Host_4 F_3 N_2 Edge Switch (Switch_B) F_4 F_B1 N_3 Host_5 F_5 F_B2 N_4 Host_6 F_6 Host_7 F_7 Host_8 FIGURE 11 F_8 Legend Physical connection Mapped online Failover route online Original mapped route (offline) Failback behavior Enabling and disabling Failback on an N_Port Use the following steps to enable or disable Failback on N_Ports. 1.
3 Trunking in Access Gateway mode Enabling and disabling Failback for a port group Use the following steps to enable or disable Failback policy on all the N_Ports belonging to the same port group. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Use the following commands to enable or disable Failback for a port group: • Enter the ag --failbackenable pg pgid command to enable failback on a port group.
Trunking in Access Gateway mode 3 Configuring Trunking on the Edge switch Since AG Trunking configuration is mostly on the Edge switch, information in this section is applicable to the Edge switch module and not the AG module. On the AG module you only need to ensure that the trunking license is applied and enabled. On the Edge switch, you must first configure an F_Port Trunk group and statically assign an Area_ID to the trunk group.
3 Trunking in Access Gateway mode Configuration management for trunk areas The porttrunkarea command does not allow ports from different admin domains (ADs) and ports from different logical switches to join the same trunk area (TA) group. When you assign a TA, the ports within the TA group will have the same Index. The Index that was assigned to the ports is no longer part of the switch.
Trunking in Access Gateway mode 3 Slot Port Type State Master TI DI ------------------------------------------10 13 ---125 125 10 14 ---125 126 ------------------------------------------- 5. Enable ports specified in step 3. Continuing with the example shown in step 3, this would mean enabling ports 13 and 14. switch:admin> portenable 10/13 switch:admin> portenable 10/14 6.
3 Trunking in Access Gateway mode Disabling F_Port trunking Use the following steps to disable F_Port Trunking. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the porttrunkarea --disable command. switch:admin> porttrunkarea --disable 36-39 ERROR: port 36 has to be disabled Disable each port prior to removing ports from the TA. Then reissue the command: switch:admin> porttrunkarea --disable 36-39 Trunk area 37 disabled for ports 36, 37, 38 and 39.
Trunking in Access Gateway mode TABLE 8 3 Access Gateway trunking considerations for the Edge switch (Continued) Category Description Trunk area The port must be disabled before assigning a Trunk Area on the Edge switch to the port or removing a Trunk Area from a trunk group. You cannot assign a Trunk Area to ports if the standby CP is running a firmware version earlier than Fabric OS V6.2.0. PWWN The entire Trunk Area trunk group share the same Port WWN within the trunk group.
3 Trunking in Access Gateway mode TABLE 8 Access Gateway trunking considerations for the Edge switch (Continued) Category Description FC4-32 blade If an FC4-32 blade has the Trunk Area enabled on ports 16 - 31 and the blade is swapped with a FC8-48 blade, the Trunk Area ports will be persistently disabled. You can run the porttrunkarea command to assign a Trunk Area on those ports. Trunking You must first enable Trunking on the port before the port can have a Trunk Area assigned to it.
Trunking in Access Gateway mode TABLE 8 3 Access Gateway trunking considerations for the Edge switch (Continued) Category Description D.I. Zoning (D,I) AD (D, I) DCC and (PWWN, I) DCC Creating a Trunk Area may remove the Index (“I”) from the switch to be grouped to the Trunk Area. All ports in a Trunk Area share the same “I”. This means that Domain,Index (D,I), which refer to an “I”, that might have been removed, will no longer be part of the switch.
3 Adaptive Networking on Access Gateway Adaptive Networking on Access Gateway Adaptive Networking (AN) ensures bandwidth for critical servers, virtual servers, or applications in addition to reducing latency and minimizing congestion. Adaptive Networking in Access Gateway works in conjunction with the Quality of Service (QoS) feature on Brocade fabrics. Fabric OS provides a mechanism to assign traffic priority, (high, medium, or low) for a given source and destination traffic flow.
Adaptive Networking on Access Gateway FIGURE 12 3 Starting point for QoS Upgrade and downgrade considerations with Adaptive Networking in AG mode enabled Downgrading to Fabric OS v6.3.0 is supported. Note the following considerations when upgrading and downgrading from Fabric OS v6.4.0 to Fabric OS v6.2.X and earlier: • If any of the AG QoS enabled ports are active and you attempt a firmware downgrade, the downgrade is prevented.
3 Per Port NPIV login limit Per Port NPIV login limit This feature allows you to set a specific maximum NPIV login limit on individual ports. This feature works in both Native Fabric Switch and Access Gateway mode. Using this feature, you can use additional tools to design and implement a virtual infrastructure. In Access Gateway mode, this feature allows smaller login limits for F_Ports and larger limits for N_Ports.
Considerations for the Brocade 8000 3 Policy and feature support The following AG policies and features are not supported on the Brocade 8000. • Access Gateway Cascading NOTE This is not supported on the Brocade 8000 Core AG (the Brocade 8000 is only supported on an Edge AG). • • • • Automatic Load Balancing Auto Port Configuration Policy Persistent ALPA Device Load Balancing Fabric OS commands This section describes differences in using Fabric OS commands on the Brocade 8000 in AG mode.
3 Considerations for the Brocade 8000 • The following commands have restricted usage, mostly because the Brocade 8000 contains only eight Fibre Channel ports and does not support the Automatic Port Configuration policy: - ag --pgcreate ag --policyenable ag --policydisable ag --portcfgdefault • To enable or disable FCoE (F) ports, use fcoe --enable and fcoe --disable instead of portdisable and portenable.
Chapter 4 SAN Configuration with Access Gateway In this chapter • Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . • Direct target attachment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Target aggregation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Target aggregation • Redundant configurations should be maintained so that when hosts and targets fail over or fail back, they should not get mapped to a single N_Port. • Hosts and targets should be in separate port groups. • Configuration is not enforced. Target aggregation Access Gateway mode is normally used as host aggregation. In other words, a switch module in AG mode aggregates traffic from a number of host systems onto a single uplink N_Port.
Fabric and Edge switch configuration 4 • AG trunking between the Edge and Core AG switches is not supported. Trunking between the Core AG switch and the fabric is supported. • It is recommended that you enable Advanced Security Policy (ADS) on all AG F_Ports that are directly connected to devices. • APC policy is not supported when cascading. • Loopbacks (Core AG N_Port to Edge AG F_Port) are not allowed. • The agshow command issued on the fabric will discover only the Core AG switches.
4 Fabric and Edge switch configuration switchType: 76.6 switchState: Online switchMode: Native switchRole: Subordinate switchDomain: 13 switchId: fffc01 switchWwn: 10:00:00:05:1e:03:4b:e7 zoning: OFF switchBeacon: OFF ----------------------------------------= See Table 3 on page 9 for a description of the port state. If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch. Enabling NPIV on M-EOS switches 1.
Connectivity to Cisco Fabrics 4 Connectivity to Cisco Fabrics When connecting a switch in Access Gateway mode to a Cisco fabric Fabrics you only need to make sure NPIV is enabled on the connecting switch and that Fabric OS version 3.1 or higher is used. Enabling NPIV on a Cisco switch 1. Log in as admin on the Cisco MDS switch. 2. Enter the show version command to determine that you are using the correct SAN-OS version and to see if NPIV is enabled on the switch. 3.
4 Rejoining Fabric OS switches to a fabric The switch automatically joins the fabric.
Appendix A Troubleshooting This appendix provides troubleshooting instructions. TABLE 10 Troubleshooting Problem Cause Solution Switch is not in Access Gateway mode Switch is in Native switch mode Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Access Gateway mode.
A TABLE 10 Troubleshooting Troubleshooting (Continued) Problem Cause Solution Failover is not working Failover disabled on N_Port. Verify that the failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the port_number operand. Enter the ag --failbackShow command with the port_number operand. Command returns “Failback (or Failover) on N_Port port_number is supported.” If it returns, “Failback (or Failover) on N_Port port_number is not supported.
Index A Access Gateway cascading, 64 comparison to standard switches, 4 compatible fabrics, 1 connecting devices, 63 connecting two AGs, 64 description, 1 displaying information, 66 features, 3 limitations, 5 mapping description, 11 port types, 4 Access Gateway mode comparison, 2 disabling, 9 port types, 4 supported firmware versions, 63 terms, xvi verifying, 7 ACL policies, settings, 65 adding devices to fabric, 30 address Identifier, 52 admin domain, 56 ADS Policy adding devices, 30 displaying devices, 3
commands ag --addwwnfailovermapping, 46 ag --addwwnpgmapping, 19 ag --delwwnfailovermapping, 47 ag --delwwnpgmapping, 19 ag --failbackEnable, 49, 50 ag --failbackShow, 49, 70 ag --failoverDisable, 47 ag --failoverEnable, 47, 48 ag --failoverShow, 47, 70 ag --mapAdd, 14 ag --mapDel, 15 ag --mapShow, 8, 14 ag --modeDisable, 9, 70 ag --modeEnable, 7, 69 ag --modeShow, 7 ag --policydisable wwnloadbalance, 41 ag --policyenable wwnloadbalance, 40 ag --wwnmapping, 19, 20, 46, 47 ag --wwnmappingdisable, 20 ag --wwn
F L F_Port adding external port on embedded switch, 24 description, 4 mapping, example, 11 maximum number mapped to N_Port, 24 settings, Edge switch, 65 shared area ports, 52 trunking setup, 51 fabric compatibility, 65 inband queries, 65 join, 67 logins, 65 management server platform, 65 zoning scheme, 65 Fabric OS management server platform service settings, 65 failback policy upgrade and downgrade considerations, 50 failback policy example, 44, 48 failover device mapping, 46 failover policy behavior, 45
N_Ports unlocking, 25 native switchMode, 66 non disruptive, 55 NPIV Edge switch, 65 enabling on Cisco switch, 67 enabling on M-EOS switch, 66 login limit, 60 support, 63 O optional features, xviii P per port NPIV login limit, 60 Persistent ALPA support, 41 persistent ALPA clearing ALPA values, 43 considerations, 43 deleting hash table data, 42 disabling, 42 enabling, 42 flexible ALPA value, 42 reboot, 43 stringent ALPA value, 42 tables, 42 upgrade and downgrade considerations, 43 value types, 42 policies
S Z settings ACL policies, 65 FLOGI, 65 inband queries, 65 management server platform, 65 zone, no access, 67 static vs.
76 Access Gateway Administrator’s Guide 53-1001760-01