HP StorageWorks Fabric OS 5.X Procedures User Guide (AA-RVHWB-TE, September 2005)

ManualsBrandsHP ManualsStorageHP StorageWorks TAA SAN Switch 2/16 Power Pack

HP StorageWorks

Fabric OS 5.x administrator guide

Part number: AA–RVHWB–TE

Second edition: September 2005

Summary of content (248 pages)

PAGE 1
HP StorageWorks Fabric OS 5.
PAGE 2
Legal and notice information © Copyright 2005 Hewlett-Packard Development Company, L.P. © Copyright 2005 Brocade Communications Systems, Incorporated. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
PAGE 3
Contents About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . HP StorageWorks Fabric OS 5.x master glossary . . . . . . . . . Document conventions and symbols . . . . . . . . . . . . . . . . . . HP technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
Verifying fabric connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tracking and controlling switch changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling the TC feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Setting the security level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Using the snmpConfig command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Using legacy commands for SNMPv1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Configuring secure file copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
Routing traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 About data routing and routing policies . . . . . . . . . . . . . . . . . . . . . . . Specifying the routing policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Assigning a static route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
Clearing the management server database Controlling topology discovery . . . . . . . . . . . . . . . . Displaying topology discovery status . . . . Enabling topology discovery . . . . . . . . . . Disabling topology discovery. . . . . . . . . . .. .. .. .. .. . . . . . .. .. .. .. .. . . . . . .. .. .. .. .. .. .. .. .. .. . . . . . .. .. .. .. .. .. .. .. .. .. . . . . . .. .. .. .. .. . . . . . .. .. .. .. .. .. .. .. .. .. . . . . . .. .. .. .. .. .. .. .. .. .. . . . . . .. .. .. .. ..
PAGE 8
Checking the switch temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking the power supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking the temperature, fan, and power supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Correcting device login issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
Rules for configuring zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and managing zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
Host reboots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Static PID mapping errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Changes to configuration data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Selecting a PID format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 SSL certificate files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Commands to display and delete SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 SSL messages and actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
PAGE 13
About this guide This guide provides information about: • Fabric OS procedures • Basic configuration tasks • Security features • Diagnostics • Extended fabrics • ISL trunking • Zoning • Performance monitoring NOTE: FICON is not supported on HP B-Series Fibre Channel switches. The FICON information in this document is included for reference only.
PAGE 14
Document conventions and symbols Document conventions Table 1 Convention Element Medium blue text: Figure 1 Cross-reference links and e-mail addresses Medium blue, underlined text (http://www.hp.
PAGE 15
• Operating system type and revision level • Detailed, specific questions For continuous quality improvement, calls may be recorded or monitored. HP strongly recommends that customers sign up online using the Subscriber's choice web site: http://www.hp.com/go/e-updates. • Subscribing to this service provides you with e-mail updates on the latest product enhancements, newest versions of drivers, and firmware documentation updates as well as instant access to numerous other product resources.
PAGE 16
PAGE 17
1 Introducing Fabric OS CLI procedures This chapter contains procedures for configuring and managing an HP StorageWorks Storage Area Network (SAN) using the Fabric OS Command Line Interface (CLI).
PAGE 18
• Advanced Web Tools: For Advanced Web Tools procedures, see the HP StorageWorks Fabric OS 5.x Advanced Web Tools administrator guide. • Fabric Manager: For Fabric Manager procedures, see the HP StorageWorks Fabric Manager 5.x administrator guide. • A third-party application using the API: For third-party application procedures, see the third-party API documentation.
PAGE 19
For example: switch:admin> help configure Administrative Commands configure(1m) NAME configure - change system configuration settings SYNOPSIS configure AVAILABILITY admin DESCRIPTION This command changes some system configuration settings, including: o Arbitrated loop settings o Switch fabric settings o System services settings o Virtual channel settings (output truncated) Additional help topics The following commands provide help files for specific topics: • diagHelp provides diagnostic information • fic
PAGE 20
Introducing Fabric OS CLI procedures
PAGE 21
2 Performing basic configuration tasks This chapter contains procedures for performing basic switch configuration tasks using the Fabric OS CLI. Connecting to the Command Line Interface You can connect to the CLI either through a telnet connection or through the serial port. Connecting with telnet 1. Verify that the switch is connected to the IP network through the RJ-45 Ethernet port.
PAGE 22
2. Open a terminal emulator application (such as HyperTerminal on a PC, or TERM, TIP, or Kermit in a UNIX® environment), and configure the application as follows: • In a Windows® environment: Parameter Value Bits per second 9600 Databits 8 Parity None Stop bits 1 Flow control None • In a UNIX environment, enter the following string at the prompt: tip /dev/ttyb -9600 If ttyb is already in use, you can use ttya (enter tip /dev/ttya -9600). 3.
PAGE 23
For the Core Switch 2/64 and SAN Director 2/128 (configured with two domains), each logical switch has its own set of default access accounts. The default account names and passwords are the same for both of the logical switches. You can also create up to 15 additional accounts per logical switch and designate their roles as either admin, switchAdmin, or user. See the procedures for doing so in ”Creating and maintaining user-defined accounts” on page 43.
PAGE 24
NOTE: Record the passwords exactly as entered and store them in a secure place; recovering passwords requires significant effort and fabric downtime. The initial login prompt accepts a maximum password length of eight characters. Characters beyond the eighth are ignored. Only the default password is subject to the eight-character limit. Any password set by the user can have a length of 8 to 40 characters. login: admin Password: Please change your passwords now.
PAGE 25
Setting the date and time 1. Connect to the switch and log in as admin. 2. Issue the date command using the following syntax: date “mmddHHMMyy” where: • mm is the month; valid values are 01 through 12. • dd is the date; valid values are 01 through 31. • HH is the hour; valid values are 00 through 23. • MM is minutes; valid values are 00 through 59. • yy is the year; valid values are 00 through 99 (values greater than 69 are interpreted as 1970–1999, and values less than 70 are interpreted as 2000–2069).
PAGE 26
Repeat the procedure on all switches for which the Time Zone needs to be set. This needs to be done only once; the value is written to nonvolatile memory. For U.S. time zones, use Table 3 to determine the correct parameter for the tsTimeZone command.
PAGE 27
5. If you want to generate a single license key, select Generate 1 license key. If you want to generate multiple license keys, select Batch Generation of Licenses. The Software License Key instruction page opens. 6. Enter the requested information in the required fields. When generating multiple license keys, enter the worldwide names and transaction keys in the table at the bottom of the screen. If you need additional rows in the table, select Add More Rows. 7. Click Next. A verification screen appears. 8.
PAGE 28
Removing a licensed feature 1. Connect to the switch and log in as admin. 2. Issue the licenseShow command to display the active licenses. 3. Remove the license key using the licenseRemove command: switch:admin> licenseremove “key” The license key is case-sensitive and must be entered exactly as given. The quotation marks are optional. After removing a license key, the optionally licensed feature is disabled when the switch is rebooted or when a switch disable or enable is performed. 4.
PAGE 29
2. Connect to the switch and log in as admin. 3. For the 4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, and SAN Switch 4/32: Proceed to the next step. For the SAN Director 2/128 and 4/256 SAN Director: If configured for one domain (the default) proceed to the next step. If configured with two domains, proceed as for the Core Switch 2/64. For the Core Switch 2/64: Choose the logical switch that you want to change.
PAGE 30
Disabling and enabling a port All licensed ports are enabled by default. You can disable and reenable them as necessary. Ports that you activate with Ports on Demand must be enabled explicitly, as described in ”Activating Ports on Demand” on page 30. Disabling a port 1. Connect to the switch and log in as admin. 2.
PAGE 31
switch vendor. You might need to generate a license key from a transaction key supplied with your purchase. If so, launch an Internet browser and visit the HP web site: http://webkey.external.hp.com/welcome.asp. Select Generate a license key and follow the instructions to generate the key. By default, ports 0 through 15 are activated on the SAN Switch 4/32. Each Port upgrade license activates the next group of eight ports in numerical order.
PAGE 32
For information on extended ISL modes, which enable longer-distance ISLs, see ”Administering extended fabrics” on page 163. Working with domain IDs Although domain IDs are assigned dynamically when a switch is enabled, you can reset them manually to control the ID number or to resolve a domain ID conflict when you merge fabrics. If a switch already has a domain ID when it is enabled, and that domain ID conflicts with a switch already in the fabric, the conflict is resolved.
PAGE 33
The fields in the fabricShow display are: • Switch ID: The switch Domain_ID and embedded port D_Id. • Worldwide Name: The switch WWN. • Enet IP Addr: The switch Ethernet IP address. • FC IP Addr: The switch FC IP address. • Name: The switch symbolic name. An arrow (>) indicates the principal switch. Setting the domain ID 1. Connect to the switch and log in as admin. 2. Issue the switchDisable command to disable the switch. 3. Issue the configure command. 4.
PAGE 34
3. Issue the portCfgIslMode command: For the 4/8 SAN Switch, 4/16 SAN Switch, portCfgIslMode port mode SAN Switch 2/8V, SAN Switch 2/16, SAN Specify a port number. Valid values for port number Switch 2/32, Brocade 4Gb SAN Switch for HP depend on the switch type. The mode operand is p-Class BladeSystem, and SAN Switch 4/32: required: Specify 1 to enable ISL R_RDY mode (gateway link) or specify 0 to disable it.
PAGE 35
switch:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr Name ------------------------------------------------------------------------1: fffc01 10:00:00:60:69:80:04:5a 192.168.186.61 192.168.68.193 “switch61” 3: fffc03 10:00:00:60:69:10:9c:29 192.168.186.175 0.0.0.0 “switch175” 4: fffc04 10:00:00:60:69:12:14:b7 192.168.174.70 0.0.0.0 “switch70” 5: fffc05 10:00:00:60:69:45:68:04 192.168.144.121 0.0.0.0 “switch121” 6: fffc06 10:00:00:60:69:00:54:ea 192.168.174.79 192.168.68.
PAGE 36
• Configuration file change from task • TC feature on • TC feature off An SNMP-TRAP mode can also be enabled; see the trackChangesHelp command in the HP StorageWorks Fabric OS 5.x command reference guide. For troubleshooting information on the TC feature, see ”Inaccurate information in the system message log” on page 161. Enabling the TC feature 1. Connect to the switch and log in as admin. 2.
PAGE 37
For the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director: The output is similar to the following: switch:admin> switchstatuspolicyshow The current overall switch status policy parameters: Down Marginal ---------------------------------PowerSupplies 3 0 Temperatures 2 1 Fans 2 1 WWN 0 1 CP 0 1 Blade 0 1 Flash 0 1 MarginalPorts 2 1 FaultyPorts 2 1 MissingSFPs 0 0 switch:admin> The policy parameter determines the number of failed or inoperable units for each contributor that triggers a status chan
PAGE 38
For the SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32: The following example shows the command as executed on a SAN Switch 2/32.
PAGE 39
3 Configuring standard security features This chapter provides information and procedures for configuring standard Fabric OS security features such as account and password management. Additional security features are available when secure mode is enabled. For information about licensed security features available in Secure Fabric OS, see the HP StorageWorks Secure Fabric OS administrator guide. Secure protocols Fabric OS supports the secure protocols shown in Table 4.
PAGE 40
Table 6 Main security scenarios Fabric Management interfaces Comments Nonsecure Nonsecure No special setup is need to use telnet or HTTP. An HP switch certificate must be installed if sectelnet is used. Nonsecure Secure Secure protocols may be used. An SSL switch certificate must be installed if SSH/HTTPS is used. Secure Secure Secure protocols are supported on Fabric OS 4.4.0 (and later) switches.
PAGE 41
Commands that require a secure login channel must be issued from an original SSH session. If you start an SSH session, and then use the login command to start a nested SSH session, commands that require a secure channel are rejected. Fabric OS 4.4.0 and later supports SSH protocol 2.0 (ssh2). For more information on SSH, see the SSH IETF web site: http://www.ietf.org/ids.by.wg/secsh.html. Another informative source is SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett, Richard Silverman.
PAGE 42
4. In response to the telnetd prompt, enter on. The telnet interface is enabled. Blocking listeners HP StorageWorks switches block Linux® subsystem listener applications that are not used to implement supported features and capabilities. Table 7 lists the listener applications that HP StorageWorks switches either block or do not start.
PAGE 43
Creating and maintaining user-defined accounts In addition to the default administrative and user accounts, Fabric OS supports up to 15 user-defined accounts in each logical switch (domain). These accounts expand your ability to track account access and audit administrative activities. User-defined accounts can be assigned either admin-, switchAdmin-, or user-level roles. Admin-level accounts allow up to two simultaneous login sessions. User-level accounts allow up to four simultaneous login sessions.
PAGE 44
3. In response to the prompt, enter a password for the account. The password is not displayed when you enter it on the command line. Deleting a user-defined account Only accounts with the admin role can delete user-defined accounts on the logical switch. 1. Connect to the switch and log in as admin. 2. Issue the following command: userConfig --delete username where username specifies the account name. You cannot delete the default accounts. An account cannot delete itself.
PAGE 45
Changing an account password At each level of account access, you can change passwords for that account and accounts that have lesser privileges. If you log in to a user account, you can change only that account’s password. If you log in to an admin account, you can change admin and user passwords. You must provide the old password when the account being changed has the same or higher privileges than the current login account.
PAGE 46
Configure at least two RADIUS servers so that if one fails, the other assumes service. You can set the configuration with both RADIUS service and local authentication enabled so that if all RADIUS servers do not respond (because of power failure or network problems), the switch uses local authentication. Consider the following effects of the use of RADIUS service on other Fabric OS features: • When RADIUS service is enabled, all account passwords must be managed on the RADIUS server.
PAGE 47
Linux The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a freeware RADIUS server that you can find at the following web site: www.freeradius.org. Follow the installation instructions at the web site. FreeRADIUS runs on Linux (all versions), FreeBSD, NetBSD, and Solaris. If you make a change to any of the files used in this configuration, you must stop the server and restart it for the changes to take effect.
PAGE 48
Enabling clients Clients are the switches that use the RADIUS server; each client must be defined. By default, all IP addresses are blocked. On dual-CP switches (Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director), the switch sends its RADIUS request using the IP address of the active CP. When adding clients, add both the active and standby CP IP addresses so that users can still log in, in case of a failover. 1. Open the $PREFIX/etc/raddb/client.
PAGE 49
Configuring users 1. From the Windows Start menu, select Programs > Administrative Tools > Computer Management to open the Computer Management window. 2. In the Computer Management window, expand the Local Users and Groups folder and select the Groups folder. 3. Right-click the Groups folder and select New Group from the pop-up menu. 4. In the New Group window, provide a Name and Description for the group and click Add. 5.
PAGE 50
15.In the Add Remote Access Policy window, confirm that the Conditions section displays the groups that you selected and click Next. 16.After the Add Remote Access Policy window refreshes, select the Grant remote access permission radio button and click Next. 17. After the Add Remote Access Policy window refreshes again, click Edit Profile. 18.
PAGE 51
Adding a RADIUS server to the switch configuration 1. Connect to the switch and log in as admin. 2. Issue the following command: switch:admin> aaaConfig --add server [-p port] [-s secret] [-t timeout] [-a pap | chap] where: server Is either a server name or an IP address. Avoid duplicating server listings (that is, listing the same server once by name and again by IP address). Up to five servers can be added to the configuration. -p port Is an optional argument; enter a server port.
PAGE 52
-p port Is an optional argument; enter a server port. -s secret Is an optional argument; enter a shared secret. -t timeout Is an optional argument; enter the length of time (in seconds) the server has to respond before the next server is contacted. -a[pap|chap] Specifies PAP or CHAP as authentication protocol. Changing the order in which RADIUS servers are contacted for service 1. Connect to the switch and log in as admin. 2.
PAGE 53
Browser and Java support Fabric OS supports the following web browsers for SSL connections: • Internet Explorer (Microsoft Windows) • Mozilla (Solaris and Red Hat Linux) In countries that allow the use of 128-bit encryption, use the latest version of your browser. For example, Internet Explorer 6.0 and later supports 128-bit encryption by default. You can display the encryption support (called cipher strength) using the Internet Explorer Help:About menu option.
PAGE 54
Choosing a CA To ease maintenance and allow secure out-of-band communication between switches, consider using one CA to sign all management certificates for a fabric. If you use different CAs, management services operate correctly, but the Advanced Web Tools Fabric Events button is unable to retrieve events for the entire fabric.
PAGE 55
5. Enter the requested information. For example: Select protocol [ftp or scp]: ftp Enter IP address: 192.1.2.3 Enter remote directory: path_to_remote_directory Enter Login Name: your account Enter Password: your password Success: exported CSR. 6. If you are set up for secure file copy protocol, you can select it; otherwise, select ftp. 7. Enter the IP address of the switch on which you generated the CSR. 8. Enter the remote directory name of the FTP server to which the CSR is to be sent. 9.
PAGE 56
Activating a switch certificate Issue the configure command and respond to the prompts that apply to SSL certificates: SSL attributes Enter yes. Certificate File Enter the name of the switch certificate file, for example, 192.1.2.3.crt. CA Certificate File If you want the CA name to be displayed in the browser window, enter the name of the CA certificate file; otherwise, skip this prompt. Select length of crypto key Enter the encryption key length (40, 56, or 128). HTTP attributes Enter yes.
PAGE 57
7. Browse to the certificate location and select the certificate. For example, select nameRoot.crt. 8. Click Open and follow the instructions to import the certificate. Installing a root certificate to the Java Plug-in For information on Java requirements, see ”Browser and Java support” on page 53. This procedure is a guide for installing a root certificate to the Java Plug-in on the management workstation. Install the root certificate, if it is not already installed to the plug-in.
PAGE 58
Troubleshooting certificates If you receive messages in the browser or in a pop-up window when logging in to the target switch using HTTPS, see Table 11. Table 11 SSL messages and actions Message Action The page cannot be displayed The SSL certificate is not installed correctly or HTTPS is not enabled correctly. Make sure that the certificate has not expired, that HTTPS is enabled, and that certificate file names are configured correctly.
PAGE 59
You can also use the following MIBs and their associated traps: • FICON-MIB (for FICON environments) • HA-MIB (for the Core Switch 2/64 and SAN Director 2/128) • SW-EXTTRAP, whcih includes the Software Serial Number (swSsn) as a part of HP StorageWorks SW traps. It is also used with the legacy Integrated/64 SAN Switch fabrics product to provide detailed group information for a particular trap. For information on HP StorageWorks MIBs, see the HP StorageWorks Fabric OS 5.x MIB reference guide.
PAGE 60
Sample SNMPv3 configuration: switch:admin> snmpconfig --set snmpv3 SNMPv3 user configuration: User (rw): [snmpadmin1] adminuser Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv[2]): (1..2) New Priv Passwd: Verify Priv Passwd: User (rw): [snmpadmin2] shauser Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv[2]): (1..
PAGE 61
Sample SNMPv1 configuration: switch:admin> snmpconfig --set snmpv1 SNMP community and trap recipient configuration: Community (rw): [Secret C0de] admin Trap Recipient's IP address in dot notation: [0.0.0.0] 10.32.225.1 Trap recipient Severity level : (0..5) [0] 1 Community (rw): [OrigEquipMfr] Trap Recipient's IP address in dot notation: [10.32.225.2] Trap recipient Severity level : (0..5) [1] Community (rw): [private] Trap Recipient's IP address in dot notation: [10.32.225.
PAGE 62
Sample mibCapability configuration: switch:admin> snmpconfig --show mibCapability FA-MIB: YES FICON-MIB: YES HA-MIB: YES SW-TRAP: YES swFCPortScn: YES swEventTrap: YES swFabricWatchTrap: YES swTrackChangesTrap: NO FA-TRAP: YES connUnitStatusChange: YES connUnitEventTrap: NO connUnitSensorStatusChange: YES connUnitPortStatusChange: YES SW-EXTTRAP: NO FICON-TRAP: NO HA-TRAP: YES fruStatusChanged: YES cpStatusChanged: YES fruHistoryTrap: NO Sample systemGroup configuration (default): switch:admin> snmpconfig
PAGE 63
Sample SNMP agent configuration information: switch:admin> agtcfgshow Current SNMP Agent Configuration Customizable MIB-II system variables: sysDescr = FC Switch sysLocation = End User Premise sysContact = Field Support. authTraps = 1 (ON) SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) Trap recipient: 192.168.1.51 Trap recipient Severity level: 4 Community 2: OrigEquipMfr (rw) Trap recipient: 192.168.1.
PAGE 64
Sample modification of the SNMP configuration values: switch:admin> agtcfgset Customizing MIB-II system variables ... At each prompt, do one of the followings: o to accept current value, o enter the appropriate new value, o to skip the rest of configuration, or o to cancel any change. To correct any input mistake: erases the previous character, erases the whole line, sysDescr: [FC Switch] sysLocation: [End User Premise] sysContact: [Field Support.
PAGE 65
Sample reset of the SNMP agent configuration to default values: switch:admin> agtcfgdefault ***** This command will reset the agent's configuration back to factory default ***** Current SNMP Agent Configuration Customizable MIB-II system variables: sysDescr = Fibre Channel Switch. sysLocation = End User Premise sysContact = sweng authTraps = 0 (OFF) SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) Trap recipient: 192.168.15.
PAGE 66
Sample modification of the options for configuring SNMP MIB traps: switch:admin> snmpmibcapset The SNMP Mib/Trap Capability has been set to support FE-MIB SW-MIB FA-MIB FA-TRAP FA-MIB (yes, y, no, n): [yes] FICON-MIB (yes, y, no, n): [no] y HA-MIB (yes, y, no, n): [no] y SW-TRAP (yes, y, no, n): [no] y swFCPortScn (yes, y, no, n): [no] swEventTrap (yes, y, no, n): [no] swFabricWatchTrap (yes, y, no, n): [no] swTrackChangesTrap (yes, y, no, n): [no] FA-TRAP (yes, y, no, n): [yes] connUnitStatusChange (yes, y
PAGE 67
Sample view of the SNMP MIB trap setup: switch:admin> snmpmibcapshow FA-MIB: YES FICON-MIB: YES HA-MIB: YES SW-TRAP: YES swFCPortScn: YES swEventTrap: YES swFabricWatchTrap: YES swTrackChangesTrap: YES FA-TRAP: YES SW-EXTTRAP: YES HA-TRAP: YES fruStatusChanged: YES cpStatusChanged: YES fruHistoryTrap: YES Configuring secure file copy Use the configure command to specify that secure file copy (scp) be used for configuration uploads and downloads.
PAGE 68
4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32 Follow this procedure to set the boot PROM password with a recovery string: 1. Connect to the serial port interface as described in ”Connecting through the serial port” on page 21. 2. Reboot the switch. 3. Press ESC within four seconds after the message Press escape within 4 seconds... is displayed.
PAGE 69
The following options are available: Option Description 1 Start system Continues the system boot process. 2 Recovery password Lets you set the recovery string and the boot PROM password. 3 Enter command shell Provides access to boot parameters. 5. Enter 2. If no password was previously set, the following message is displayed: Recovery password is NOT set. Please set it now.
PAGE 70
4/8 SAN Switch, 4/16 SAN Switch, SAN Switch 2/8V, SAN Switch 2/16V, SAN Switch 2/32, Brocade 4Gb SAN Switch for HP p-Class BladeSystem, and SAN Switch 4/32 Follow this procedure to set the boot PROM password without a recovery string: 1. Create a serial connection to the switch as described in ”Connecting through the serial port” on page 21. 2. Reboot the switch by issuing the reboot command. 3. Press ESC within four seconds after the message Press escape within 4 seconds... is displayed.
PAGE 71
The following options are available: Option Description 1 Start system. Continues the system boot process. 2 Recovery password. Lets you set the recovery string and the boot PROM password. 3 Enter command shell. Provides access to boot parameters. 6. Enter 3. 7. Issue the passwd command at the shell prompt. NOTE: The passwd command applies only to the boot PROM password when it is entered from the boot interface. 8. Enter the boot PROM password at the prompt, and then reenter it when prompted.
PAGE 72
Configuring standard security features
PAGE 73
4 Maintaining configurations and firmware This chapter contains procedures for maintaining switch configurations and maintaining firmware. Maintaining configurations It is important to maintain consistent configuration settings on all switches in the same fabric, because inconsistent parameters (such as inconsistent PID formats) can cause fabric segmentation.
PAGE 74
4. Respond to the prompts as follows: Protocol If your site requires the use of Secure Copy, specify scp. Otherwise, specify ftp. Server Name or IP Address Enter the name or IP address of the server where the file is to be stored; for example, 192.1.2.3. You can enter a server name if DNS is enabled. For details about the dnsConfig command, see the HP StorageWorks Fabric OS 5.x command reference guide. User name Enter the user name of your account on the server, for example, JohnDoe.
PAGE 75
6. At the Do you want to continue [y/n] prompt, enter y. 7. Wait for the configuration to be restored. 8. When the process is finished, issue the switchEnable command. For example: switch:admin> configdownload Protocol (scp or ftp) [ftp]: ftp Server Name or IP Address [host]: 192.1.2.3 User Name [user]: JohnDoe File Name [config.txt]: /pub/configurations/config.txt Password: xxxxx *** CAUTION *** This command is used to download a backed-up configuration for a specific switch.
PAGE 76
If fmsmode is enabled in a configuration file, but is disabled on the switch, the configdownload command fails and displays an error message. This prevents undesirable conditions that could result from enabling fmsmode on a switch that does not require it.
PAGE 77
4. In the Product information section on the right side, select Software & drivers. The download drivers & software page is displayed. 5. Click the appropriate switch in the select your product section. The specify operating system page is displayed. 6. Click Cross operating system (BIOS, Firmware, Diagnostics, etc.). The download drivers and software page is displayed. 7. In the Firmware section, click the blue download button to the right of the applicable firmware.
PAGE 78
Table 13 Recommended firmware Switch model1 Earliest recommended Fabric OS version 4/8 SAN Switch and 4/16 SAN Switch 5.0.1 1 GB Switches 2.6.1 SAN Switch 2/8-EL, SAN Switch 2/16-EL, and SAN Switch 2/16 3.1.0 SAN Switch 2/8V and SAN Switch 2/16V 4.2.0 SAN Switch 2/32 4.1.0 Brocade 4Gb SAN Switch for HP p-Class BladeSystem 5.0.1 SAN Switch 4/32 4.4.0 Core Switch 2/64 4.1.0 SAN Director 2/128 4.2.0 4/256 SAN Director 5.0.1 1.
PAGE 79
CAUTION: To ensure a nondisruptive download, for each nondirector class switch in your fabric, complete all firmware download changes before issuing the firmwareDownload command on the next switch. HP StorageWorks fixed-port models and each CP blade of the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director have two partitions of nonvolatile storage areas (a primary and a secondary) to store two firmware images.
PAGE 80
Do not override an autocommit under normal circumstances; use the default. See ”Upgrading firmware in single-CP mode” on page 239 for details about overriding the autocommit option. As an alternative, before starting a firmware download, you can connect the switch with a serial console cable to a computer that is running a session capture. The information collected might be useful for troubleshooting.
PAGE 81
6. Issue the firmwareDownload command. 7. At the Do you want to continue [y/n] prompt, enter y. 8. Respond to the prompts as follows: Server Name or IP Address Enter the name or IP address of the server where the firmware file is stored, for example, 192.1.2.3. You can enter a server name if DNS is enabled. User name Enter the user name of your account on the server, for example, JohnDoe. File name Specify the full path name of the firmware directory, appended by release.plist, for example, /pub/v5.0.
PAGE 82
Log in again to view the upgrade progress: switch:admin> firmwaredownloadstatus [0]: Tue Apr 20 10:32:34 2004 cp0: Firmwaredownload has started. [1]: Tue Apr 20 10:36:07 2004 cp0: Firmwaredownload has completed successfully. [2]: Tue Apr 20 10:57:09 2004 cp0: Firmwarecommit has started. [3]: Tue Apr 20 10:36:07 2004 cp0: Firmwarecommit has completed successfully. [4]: Tue Apr 20 11:03:28 2004 cp0: Firmwaredownload command has completed successfully. switch:admin> firmwareshow Primary partition: v5.0.
PAGE 83
NOTE: After you start the process, do not issue any disruptive commands (such as reboot) that will interrupt the process. The entire firmware download and commit process takes approximately 15 minutes. If there is a problem, wait for the timeout (30 minutes for network problems; 10 minutes for incorrect IP address). Disrupting the process can render the switch inoperable and require you to seek help from Customer Support.
PAGE 84
10.Respond to the prompts as follows: Server Name or IP Address Enter the name or IP address of the server where the firmware file is stored, for example, 192.1.2.3. You can enter a server name if DNS is enabled. User name Enter the user name of your account on the server, for example, JohnDoe. File name Specify the full path name of the firmware directory, appended by release.plist, for example, /pub/v5.0.1/release.plist. Password Enter your account password for the server.
PAGE 85
Start a new session to view the upgrade progress: switch:admin> firmwaredownloadstatus [0]: Tue Apr 20 15:18:56 2003 cp0: Firmwaredownload has started on Standby CP. It may take up to 10 minutes. [1]: Tue Apr 20 15:24:17 2003 cp0: Firmwaredownload has completed successfully on Standby CP. [2]: Tue Apr 20 15:24:19 2003 cp0: Standby CP reboots. [3]: Tue Apr 20 15:27:06 2003 cp0: Standby CP booted up. [4]: Tue Apr 20 15:29:01 2003 cp1: Active CP forced failover succeeded. Now this CP becomes Active.
PAGE 86
Decide which firmware version you want to be applied to each CP blade. If you want the version on the standby CP, issue the haFailover command on the active CP. If you want the version from the active CP, issue the firmwareDownload -s command on the standby CP. After entering the haFailover command, you must issue the firmwareDownload -s command on the new standby CP.
PAGE 87
5 Configuring Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director This chapter contains procedures that are specific to the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director.
PAGE 88
The following example shows how to enable port 4 on a blade in slot 2: switch:admin> portenable 2/4 By port area ID Zoning commands require that you specify ports using the area ID method. In Fabric OS 4.0.0 and later, each port on a particular domain is given a unique area ID. The relationship between the port number and area ID depends upon the PID format used in the fabric: • When Core PID format is in effect, the area ID for port 0 is 0, for port 1, it is 1, and so forth.
PAGE 89
Disabling and enabling port blades Port blades are enabled by default. You might need to disable a port blade to perform diagnostics. When diagnostics are executed manually (from the Fabric OS command line), many commands require the port blade to be disabled. This ensures that diagnostic activity does not interfere with normal fabric traffic. Disabling a port blade 1. Connect to the switch and log in as admin. 2. Issue the slotOff command with the slot number of the port blade you want to disable.
PAGE 90
Table 15 HP StorageWorks director terminology and abbreviations Term Abbreviation Blade ID Definition Core Switch 2/64 CP blade CP1 1 The first-generation CP blade provided with the Core Switch 2/64. This CP supports 1- and 2-Gbit/sec port speeds. It supports only the dual domain configuration within the chassis. SAN Director 2/128 CP blade CP2 5 The second-generation CP blade provided with the SAN Director 2/128. This CP supports 1- and 2-Gbit/sec port speeds.
PAGE 91
Port blade compatibility Table 16 indicates which blades are supported for each HP StorageWorks director.
PAGE 92
Table 17 Supported configuration options (continued) Option Number of domains Maximum number Supported port of ports per switch blades Supported CP blades Notes Results 4 2 64/64 Left side: FC-16 Right side: FC2-16 CP2 N/A Two 64-port switches (Blade ID 2 on slots 1–4; ID 4 on slots 7–10. Blade ID 5 on slots 5, 6) 5 1 256 FC4-16, FC4-32 CP4 CP4 fits all chassis except the D2 chassis. Option 5 is the default configuration option for 4/256 SAN Director.
PAGE 93
Field Value Status Displays the status of the blade: • VACANT: The slot is empty. • INSERTED, NOT POWERED ON: The blade is present in the slot but is turned off. • DIAG RUNNING POST1: The blade is present, powered on, and running the post-initialization POST. • DIAG RUNNING POST2: The blade is present, powered on, and running the POST. • ENABLED: The blade is on and enabled. • ENABLED (User Ports Disabled): The blade is on, but external ports have been disabled with the bladeDisable command.
PAGE 94
5. Use the configure command to configure the sw0 to match your fabric specifications. If the director is to be merged into an existing fabric, do not configure zoning parameters; these are propagated when you merge the director into the fabric. 6. Log in to the second logical switch (sw1) as admin. 7. Use the configure command to configure the sw1 to match your fabric specifications.
PAGE 95
4. Issue the ipAddrSet command to set and confirm the IP address of sw1 (sw1 takes on a default that must be corrected). The IP address of sw0 is already set. 5. After the system reboots, log in again as admin to each logical switch and issue the switchName command to assign a name to the new switch. 6. Using the configuration file saved in step 3 as a guide, manually reconfigure sw0 and sw1. Do not configure zoning parameters; these are propagated when you merge the director into the fabric. 7.
PAGE 96
Configuring Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director
PAGE 97
6 Routing traffic This chapter describes HP StorageWorks switch routing features and procedures. About data routing and routing policies Data moves through a fabric from switch to switch and from storage to server along one or more paths that make up a route. Routing policies determine the correct path for each frame of data. CAUTION: For most configurations, the default routing policy is optimal, and provides the best performance.
PAGE 98
You must disable the switch before changing the routing policy, and reenable it afterward. In the following example, the routing policy for a SAN Switch 4/32 is changed from exchange-based to device-based: switch:admin> aptpolicy Current Policy: 3 3: Default Policy 1: Port Based Routing Policy 2: Device Based Routing Policy 3: Exchange Based Routing Policy switch:admin> switchdisable switch:admin> aptpolicy 2 Policy updated successfully.
PAGE 99
In a stable fabric, frames are always delivered in order, even when the traffic between switches is shared among multiple paths. However, when topology changes occur in the fabric (for example, if a link goes down), traffic is rerouted around the failure, and some frames could be delivered out of order. Most destination devices tolerate out-of-order delivery, but some do not. By default, out-of-order frame-based delivery is allowed to minimize the number of frames dropped.
PAGE 100
Viewing routing path information The topologyShow and uRouteShow commands provide information about the routing path. 1. Connect to the switch and log in as admin. 2. Issue the topologyShow command to display the fabric topology, as it appears to the local switch.
PAGE 101
3. Issue the uRouteShow command to display unicast routing information.
PAGE 102
Viewing routing information along a path You can display detailed routing information from a source port (or area) on the local switch to a destination port (or area) on another switch. This routing information describes the full path that a data stream travels between these ports, including all intermediate switches. 1. Connect to the switch and log in as admin. 2. Issue the pathInfo command.
PAGE 103
• Name: The name of the switch. • Out Port: The output port that the frames use to reach the next hop on this path. For the last hop, the destination port. • BW: The bandwidth of the output ISL, in Gbit/sec. It does not apply to the embedded port. • Cost: The cost of the ISL used by FSPF routing protocol. It applies only to an E_Port. Fabric OS 5.
PAGE 104
Routing traffic
PAGE 105
7 Administering FICON fabrics NOTE: FICON is not supported on HP B-Series Fibre Channel switches. The FICON information in this document is included for reference only. FICON overview IBM FICON is an industry-standard, high-speed input/output (I/O) interface for mainframe connections to storage devices. Fabric OS supports intermix mode operations, in which FICON and Fibre Channel technology work together.
PAGE 106
• Switch binding is a security method for restricting devices that connect to a particular switch. If the device is another switch, security handled by the SCC policy. If the device is a host or storage device, the Device Connection Control (DCC) policy binds those devices to a particular switch. Policies range from completely restrictive to reasonably flexible, based upon customer needs. • Port binding is a security method for restricting host or storage devices that connect to particular switch ports.
PAGE 107
Table 18 Fabric OS commands related to FICON and FICON CUP Command Description Standard Fabric OS commands: configure Sets the domain ID and the IDID mode. portSwap Swaps ports. portSwapDisable Disables the portSwap command. portSwapEnable Enables the portSwap command. portSwapShow Displays information about swapped ports. Commands specific to FICON: ficonclear rlir Removes all registered link incident records (RLIRs) from the local RLIR database.
PAGE 108
Configuring switches This section describes how to configure a switch in a FICON environment. Use the worksheet shown in Figure 3 on page 119 to record your configuration information. The following are recommended FICON environment configuration settings: • Disable DLS (dlsReset command). If DLS is enabled, traffic on existing ISL ports might be affected when one or more new ISLs are added between the same two switches.
PAGE 109
Configuring a high-integrity fabric To configure a high-integrity fabric (cascaded configuration): 1. Disable each switch in the fabric. 2. For each switch: a. Enable the IDID flag. b. Set the domain ID. c. Install security certificates and keys. 3. Enable the switches. This builds the fabric. 4. Set up security on the primary FCS switch. Use Quickmode for FICON, which activates the SCC_POLICY and does not create a DCC policy. The security policies are distributed to each switch in the fabric.
PAGE 110
7. Respond to the remaining prompts (or press Ctrl-d to accept the other settings and exit). 8. Issue the switchEnable command to reenable the switch. For example: switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [3] 5 R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] VC Encoded Address Mode: (0..
PAGE 111
FRU failures To display FRU failure information, connect to the switch, log in as admin, and issue one of the following commands: • For the local switch: ficonshow ilir • For all switches defined in the fabric: ficonshow ilir fabric Swapping ports If a port malfunctions, or if you want to connect to different devices without having to rewire your infrastructure, you can move a port’s traffic to another port (swap ports) without changing the I/O Configuration Data Set (IOCDS) on the mainframe computer.
PAGE 112
A mode register controls the behavior of the switch with respect to CUP itself, and with respect to the behavior of other management interfaces. FICON Management Server mode (fmsmode) must be enabled on the switch to enable CUP management features. When this mode is enabled, Fabric OS prevents local switch commands from interfering with host-based management commands by initiating serialized access to switch parameters.
PAGE 113
NOTE: You cannot use the portCfgPersistentEnable and portCfgPersistentDisable commands to persistently enable and disable ports when FMS mode is on. See the procedure ”Persistently enabling and disabling ports” on page 115. Changing fmsmode from disabled to enabled triggers the following events: • Access to switch parameters is serialized. • The active CUP configuration data is established as follows: • Port and switch names are not read from the IPL; they remain as previously set.
PAGE 114
Table 19 FICON CUP mode register bits Bit Description POSC Programmed offline state control. When this bit is set on, the host is prevented from taking the switch offline. The default setting is 1 (on). UAM User alert mode. When this bit is set on, a warning is issued when an action is attempted that writes CUP parameters on the switch. The default setting is 0 (off). ASM Active=saved mode.
PAGE 115
The command format is: ficoncupset modereg [bitname] 0 | 1 where: bitname Specifies one of the mode register bits described in Table 19 on page 114. 0 Specifies that the bit is off. 1 Specifies that the bit is on. The following example sets the mode register bit HCP to off: switch:admin> ficoncupset modereg HCP 0 Mode register bit HCP has been set to 0. The following example sets the mode register bit ACP to on: switch:admin> ficoncupset modereg ACP 1 Mode register bit ACP has been set to 1.
PAGE 116
Port and switch naming standards Fabric OS handles differences in port and switch naming rules between CUP and itself as follows: • CUP employs 8-bit characters in port address names and switch names; Fabric OS employs 7-bit characters. When fmsmode is enabled, all characters greater than 0x40 and not equal to 0xFF (EBCIDC code page 37 [0x25]) are allowed in the name; therefore, it is possible for a channel to set a name with non-printable characters.
PAGE 117
• ficonDbg dump rnid • ficonDbg log • ficonShow ilir • ficonShow lirr • ficonShow rlir • ficonShow rnid • ficonShow switchrnid • ficucmd dump -A • Other detailed information for protocol-specific problems: • Display port data structures using the ptDataShow command. • Display port registers using the ptRegShow command. Identifying ports The ficonshow rlir command displays, among other information, a tag field for the switch port.
PAGE 118
Backing up FICON files The FICON file access facility is used to store configuration files. This includes IPL and other configuration files. Fabric OS saves the IPL and all other configuration files on the switch. A maximum of 16 configuration files, including the IPL file, are supported. You can upload the configuration files saved on the switch to a management workstation using the configUpload command.
PAGE 119
FICON® Switch Configuration Worksheet FICON® Switch Manufacturer:___________________Type: _________ Model: ______ S/N: ________ HCD Defined Switch ID_________(Switch ID) FICON® Switch Domain ID_________(Switch @) Cascaded Directors No _____Yes _____ Corresponding Cascaded Switch Domain ID _____ Fabric Name ________________________________ FICON® Switch F_Ports Attached N_Ports / E_Ports (CU, CPC, or ISL) Slot Port Number Number Port Address Laser Type: LX / SX Port Name Node Type CU / CHNL Machi
PAGE 120
Sample IOCP configuration file for the SAN Switch 2/32, Core Switch 2/64, and SAN Director 2/128 The channel subsystem controls communication between a configured channel, the CU, and the device. The IOCDS defines the channels, CUs, and devices to the designated logical partitions (LPARs) within the server; this is defined using the Input/Output Configuration Program (IOCP). The IOCP statements are typically built using the hardware configuration dialog box (HCD).
PAGE 121
IOCP (and not in decimal values); the Domain IDs in the following example are for demonstration purposes only.
PAGE 122
/*********************************************************************/ /* MONITOR I OPTIONS */ /* */ /* X A O N L Y */ /* */ /*********************************************************************/ FCD /* FICON Director */ CHAN /* COLLECT CHANNEL STATISTICS */ CPU /* COLLECT CPU STATISTICS */ CYCLE(1000) /* SAMPLE ONCE EVERY SECOND */ DEVICE(NOSG) /* PREVENT SORT OF STORAGE GROUPS*/ DEVICE(NOCHRDR) /* CHARACTER READER STATISTICS WILL NOT BE COLLECTED */ DEVICE(COMM) /* COMMUNICATION EQUIPMENT STATS.
PAGE 123
8 Configuring the Distributed Management Server The HP Fabric OS Distributed Management Server allows a SAN management application to retrieve information and administer interconnected switches, servers, and storage devices. The management server assists in the autodiscovery of switch-based fabrics and their associated topologies. A client of the Distributed Management Server can find basic information about the switches in the fabric and use this information to construct topology relationships.
PAGE 124
For example: switch:admin> msplmgmtdeactivate MS Platform Service is currently enabled. This will erase MS Platform Service configuration information as well as database in the entire fabric. Would you like to continue this operation? (yes, y, no, n): [no] y Request to deactivate MS Platform Service in progress...... *Completed deactivating MS Platform Service in the fabric! switch:admin> Controlling access You can use the msConfigure command to control access to the management server database.
PAGE 125
3. At the select prompt, enter 2 to add a member based on its port/node WWN. 4. Enter the WWN of the host to be added to the ACL. 5. At the select prompt, enter 1 to verify the WWN you entered was added to the ACL. 6. After verifying that the WWN was added correctly, enter 0 at the prompt to end the session. 7. At the Update the FLASH? prompt, enter y. 8. Press Enter to update the nonvolatile memory and end the session.
PAGE 126
7. At the Update the FLASH? prompt, enter y. 8. Press Enter to update the nonvolatile memory and end the session. For example: switch:admin> msconfigure 0 Done 1 Display the access list 2 Add member based on its Port/Node WWN 3 Delete member based on its Port/Node WWN select : (0..3) [1] 3 Port/Node WWN (in hex): [00:00:00:00:00:00:00:00] 20:00:00:20:37:65:ce:aa *WWN is successfully deleted from the MS ACL.
PAGE 127
The contents of the management server platform database are displayed. For example: switch:admin> msplatshow ----------------------------------------------------------Platform Name: [9] "first obj" Platform Type: 5 : GATEWAY Number of Associated M.A.: 1 [35] "http://java.sun.
PAGE 128
For example: switch:admin> mstdenable Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. switch:admin> mstdenable ALL Request to enable MS Topology Discovery Service in progress.... *MS Topology Discovery enabled locally. *MS Topology Discovery Enable Operation Complete!! Disabling topology discovery 1. Connect to the switch and log in as admin. 2. Issue the mstdDisable command to disable the discovery feature locally.
PAGE 129
9 Working with diagnostic features This chapter provides information on diagnostics and how to display system, port, and specific hardware information. It also describes how to set up system logging mapping (syslogd) and how to set up the offloading of error messages (supportSave). The purpose of the diagnostic subsystem is to evaluate the integrity of the system hardware.
PAGE 130
The following example shows a typical boot sequence, including POST messages: The system is coming up, please wait... Read board ID of 0x80 from addr 0x23 Read extended model ID of 0x16 from addr 0x22 Matched board/model ID to platform index 4 PCI Bus scan at bus 0 : : : : : : Checking system RAM - press any key to stop test Checking memory address: 00100000 System RAM test using Default POST RAM Test succeeded. Press escape within 4 seconds to enter boot interface. Booting "Fabric Operating System" image.
PAGE 131
For example: switch:admin> switchstatusshow Switch Health Report Report time: 03/21/2005 03:50:36 PM Switch Name: SW3900 IP address: 10.33.54.
PAGE 132
For example: : switch:admin> uptime 4:43am up 1 day, 12:32, switch:admin> 1 user, load average: 1.29, 1.31, 1.27 The uptime command displays the length of time the system has been in operation, the total cumulative amount of uptime since the system was first powered-on, the date and time of the last reboot (applies only to Fabric OS 3.x and 2.6.x systems), the reason for the last reboot (applies only to Fabric OS 3.x and 2.6.x systems), and the load average over the past one minute (1.
PAGE 133
Displaying the port statistics 1. Connect to the switch and log in as admin. 2. Issue the portStatsShow command. Port statistics include information such as number of frames received, number of frames sent, number of encoding errors received, and number of class 2 and class 3 frames received. See the HP StorageWorks Fabric OS 5.x command reference guide for additional portStatsShow command information, such as the syntax for slot or port numbering.
PAGE 134
The following example shows output from the portErrShow command: switch:admin> porterrshow frames enc crc too too bad enc disc link loss loss frjt fbsy tx rx in err shrt long eof out c3 fail sync sig sig===================================================================== 0: 22 24 0 0 0 0 0 1.5m 0 7 3 0 0 0 1: 22 24 0 0 0 0 0 1.
PAGE 135
Table 20 Port error summary description (continued) Error type Description frjt Frames rejected with F_RJT fbsy Frames busied with F_BSY Viewing equipment status You can display status for fans, power supply, and temperature. NOTE: The number of fans, power supply units, and temperature sensors depends on the switch type. For detailed specifications on these components, see the SAN Switch installation guide for your switch model.
PAGE 136
The possible status values are: • OK: Power supply is functioning correctly. • Absent: Power supply is not present. • Unknown: An unknown power supply unit is installed. • Predicting failure: Power supply is present but predicting failure. • FAULTY: Power supply is present but faulty (no power cable, power switch turned off, fuse blown, or other internal error). Displaying temperature status 1. Connect to the switch and log in as admin. 2. Issue the tempShow command.
PAGE 137
Viewing the port log Fabric OS maintains an internal log of all port activity. The port log stores entries for each port as a circular buffer. Each port has space to store 8000 log entries. When the log is full, the newest log entries overwrite the oldest log entries. Port logs are not persistent and are lost over power-cycles and reboots. If the port log is disabled, an error message is displayed. NOTE: Port log functionality is completely separate from the system message log.
PAGE 138
Because a portLogDump output is long, a truncated example is presented: switch:admin> portlogdump task event port cmd args ------------------------------------------------16:30:41.780 PORT Rx 9 40 02fffffd,00fffffd,0061ffff,14000000 16:30:41.780 PORT Tx 9 0 c0fffffd,00fffffd,0061030f 16:30:42.503 PORT Tx 9 40 02fffffd,00fffffd,0310ffff,14000000 16:30:42.505 PORT Rx 9 0 c0fffffd,00fffffd,03100062 16:31:00.464 PORT Rx 9 20 02fffc01,00fffca0,0063ffff,01000000 16:31:00.
PAGE 139
In the following example, Fabric OS messages map to local7 facility level 7 in the /etc/syslog.conf file: local7.emerg local7.alert local7.crit local7.err local7.warning local7.notice local7.info local7.debug /var/adm/swcritical /var/adm/alert7 /var/adm/crit7 /var/adm/swerror /var/adm/swwarning /var/adm/notice7 /var/adm/swinfo /var/adm/debug7 If you prefer to map Fabric OS severities to a different UNIX local7 facility level, see ”Setting the facility level” on page 139.
PAGE 140
3. Verify the IP address was deleted by issuing the syslogDipShow command. Viewing and saving diagnostic information Issue the supportShow command to dump important diagnostic and status information to the session screen, where you can review it or capture its data. To save a set of files that customer support technicians can use to further diagnose the switch condition, issue the supportSave command.
PAGE 141
Setting up periodic checking of the remote server 1. Connect to the switch and log in as admin. 2. Issue the following command: supportftp -t interval where the interval is in hours. The minimum interval is 1 hour. Specify 0 hours to disable the checking feature. Saving a comprehensive set of diagnostic files to the server 1. Connect to the switch and log in as admin. 2. Issue the following command: supportsave -c Fabric OS 5.
PAGE 142
Working with diagnostic features
PAGE 143
10 Troubleshooting Troubleshooting should begin at the center of the SAN—the fabric. Because switches are located between the hosts and storage devices and have visibility into both sides of the storage network, starting with them can help narrow the search path. After eliminating the possibility of a fault within the fabric, determine whether the problem is on the storage side or the host side, and continue a more detailed diagnosis from there. Using this approach can quickly pinpoint and isolate problems.
PAGE 144
Gathering information for technical support If you are troubleshooting a production system, you need to gather data quickly. As soon as a problem is observed, perform the following tasks (if you are using a dual-CP system, run the commands on both CPs): 1. Issue the supportSave command to save RASLOG, TRACE, and supportShow (active CP only) information for the local CP to a remote FTP location.
PAGE 145
• Commands pdShow and save Core output 2. Determine the following host information: • OS version and patch level • HBA type • HBA firmware version • HBA driver version • Configuration settings 3.
PAGE 146
The following is sample output from the fcPing command in which one device accepts the request and another device rejects the request: switch:admin> fcping 10:00:00:00:c9:29:0e:c4 21:00:00:20:37:25:ad:05 Source: 10:00:00:00:c9:29:0e:c4 Destination: 21:00:00:20:37:25:ad:05 Zone Check: Not Zoned Pinging 10:00:00:00:c9:29:0e:c4 [0x20800] with 12 bytes of date: received reply from 10:00:00:00:c9:29:0e:c4: 12 bytes time:1162 usec received reply from 10:00:00:00:c9:29:0e:c4: 12 bytes time:1013 usec received reply
PAGE 147
Checking the Simple Name Server (SNS) 1. Issue the nsShow command on the switch to which the device is attached.
PAGE 148
Checking for zoning problems 1. Issue the cfgActvShow command to determine whether zoning is enabled. If zoning is enabled, it is possible that the problem is being caused by zoning enforcement (for example, two devices in different zones cannot see each other). 2. Confirm that the specific edge devices that need to communicate with each other are in the same zone. • If they are in the same zone, perform the following tasks: a.
PAGE 149
8. Issue the configure command to edit the fabric parameters for the segmented switch. See the HP StorageWorks Fabric OS 5.x command reference guide for detailed information. 9. Enable the switch by issuing the switchEnable command. You can also reconcile fabric parameters by issuing the configUpload command for each switch. Downloading a correct configuration You can restore a segmented fabric by downloading a previously saved correct backup configuration to the switch.
PAGE 150
Table 25 Commands for debugging zoning Command Function aliCreate Use to create a zone alias. aliDelete Use to delete a zone alias. cfgCreate Use to create a zone configuration. cfgShow Displays zoning configuration. licenseShow Displays current license keys and associated (licensed) products. switchShow Displays currently enabled configuration and any E_Port segmentations due to zone conflicts. zoneAdd Use to add a member to an existing zone. zoneCreate Use to create a zone.
PAGE 151
Editing zone configuration members 1. Log in to one of the switches in a segmented fabric as admin. 2. Issue the cfgShow command and print its output. 3. Start another telnet session and connect to the next fabric as an administrator. 4. Issue the cfgShow command and print its output. 5. Compare the two fabric zone configurations line by line and look for an incompatible configuration. 6. Connect to one of the fabrics. 7.
PAGE 152
Checking fan components 1. Log in to the switch as user. 2. Issue the fanShow command. 3. Check the fan status and speed output. If any of the fan speeds display abnormal RPMs, replace the fan FRU. Checking the switch temperature 1. Log in to the switch as user. 2. Issue the tempShow command. 3. Check the temperature output. Look for indications of high or low temperatures. Checking the power supply 1. Log in to the switch as user. 2. Issue the psShow command. 3. Check the power supply status.
PAGE 153
For example: switch:admin> switchshow switchName: sw094135 switchType: 26.
PAGE 154
For example: sw094135:admin> porterrshow frames enc crc too too bad enc disc link loss loss frjt fbsy tx rx in err shrt long eof out c3 fail sync sig ===================================================================== 0: 38 75 0 0 0 0 0 0 0 9 11 0 0 0 1: 110 73 0 0 0 0 0 0 0 9 11 0 0 0 2: 0 0 0 0 0 0 0 38 0 4 0 2 0 0 3: 0 0 0 0 0 0 0 0 0 4 1 2 0 0 4: 59m 102 0 0 0 0 0 0 0 4 0 0 0 0 5: 59m 103 0 0 0 0 0 0 0 3 0 0 0 0 6: 0 0 0 0 0 0 0 21 0 3 0 0 0 0 7: 0 0 0 0 0 0 0 58 0 3 0 0 0 0 8: 81 19k 0 0 0 0 0 3.
PAGE 155
For example: sw094135:admin> portlogdumpport 10 time task event port cmd args ------------------------------------------------12:38:21.590 SPEE sn 10 WS 00000000,00000000,00000000 12:38:21.591 SPEE sn 10 WS 000000ee,00000000,00000000 12:38:21.611 SPEE sn 10 WS 00000001,00000000,00000000 12:38:21.871 SPEE sn 10 NC 00000002,00000000,00000001 12:38:21.872 LOOP loopscn 10 LIP 8002 12:38:22.171 LOOP loopscn 10 TMO 2 12:38:22.171 INTR pstate 10 LF2 12:38:22.172 INTR pstate 10 OL2 12:38:22.
PAGE 156
Table 26 Component test descriptions Test name Operands Checks crossporttest [-nframes count] Functional test of port external transmit [-lb_mode mode][-spd_mode mode] and receive path. [-gbic_mode mode] [-norestore mode] The crossport is set to loopback using [-ports itemlist] an external cable by default. However, this command can be used to check internal components by setting the lb operand to 5.
PAGE 157
Testing components to and from the HBA 1. Connect to the switch and log in as admin. 2. Issue the fPortTest command. See the HP StorageWorks Fabric OS 5.x command reference guide for information on the command options. The following example executes the fPortTest command 100 times on port 8 with payload pattern 0xaa55, pattern width 2 (meaning word width) and a default payload size of 512 bytes: switchname:admin> fporttest 100,8,0xaa55,2, 512 Will use pattern: aa55 aa55 aa55 aa55 aa55 aa55 ...
PAGE 158
1. Issue the portCfgShow command to display the port speed settings of all the ports. 2. Issue the switchShow command to determine whether the port has module light. 3. Determine whether the port at 1 Gig/sec completes by issuing the portCfgSpeed command, and then change the port speed to 2 Gig/sec. This should correct the negotiation by the port setting to one speed. 4. Issue the portLogShow or portLogDump command. 5. Check the events area of the output.
PAGE 159
3. Verify that the event area for the port state entry is pstate. The command entry AC indicates that the port has completed point-to-point initialization. For example: termB:root> portlogdumpport 4 time task event port cmd args ------------------------------------------------11:38:21.726 INTR pstate 4 AC 4. Skip over the loop initialization phase. After becoming an active port, the port becomes an F_Port or an E_Port, depending on the device on the opposite side.
PAGE 160
To troubleshoot a marginal link: 1. Issue the portErrShow command. For example: switch:admin> porterrshow frames enc crc too too bad enc disc link loss loss frjt fbsy tx rx in err shrt long eof out c3 fail sync sig sig===================================================================== 0: 22 24 0 0 0 0 0 1.5m 0 7 3 0 0 0 1: 22 24 0 0 0 0 0 1.
PAGE 161
Table 29 Loopback modes (continued) Mode Description 5 Internal (parallel) loopback (indicates no external equipment) 7 Backend bypass and port loopback 8 Backend bypass and SERDES loopback 9 Backend bypass and internal loopback 6. Check the results of the loopback test and proceed as follows: • If the loopback test failed, the port is bad. Replace the port blade. • If the loopback test did not fail, the SFP is bad. 7. Optional: To rule out cabling issues: a.
PAGE 162
accept PRLI represent a majority of storage targets. Private hosts require the QuickLoop feature, which is not available in Fabric OS 4.0.0 or later. A fabric-capable device implicitly registers information with the Name Server during a FLOGI. These devices typically register information with the Name Server before querying for a device list. The embedded port still performs a PLOGI and attempts PRLI with these devices.
PAGE 163
11 Administering extended fabrics This chapter contains procedures for using the HP Extended Fabrics licensed feature, which extends the distance that ISLs can reach. To use extended ISL modes, you must first purchase and install the Extended Fabrics license. For details on obtaining and installing licensed features, see ”Maintaining licensed features” on page 26.
PAGE 164
• Starting with Fabric OS 4.4.0, VC translation link initialization (an option of the portCfgLongDistance command) is enabled by default for LD links. For previous Fabric OS versions that support this option, it was disabled by default. To avoid inconsistency in the fabric, make sure that this value is enabled on both ends of the link. To connect to switches running Fabric OS versions earlier than 4.0.2 and 3.0.
PAGE 165
Table 32 Mode Extended ISL modes: switches with Condor ASIC. Buffer Allocation 1 Gbps 2 Distance at 1 Gbps Distance at 2 Gbps Distance at 4 Gbps Earliest Fabric Extended fabrics OS release license required? 2 Gbps 4 Gbps 5 (26) 2.5 km 10 km 5 km 2 km All No L0 5 (26) LE 11 16 10 km N/A 5 km 5 km 3.x, 4.x No L0.5 18 31 56 25 km 25 km 25 km 3.1.0, 4.1.0, 4.x, 5.
PAGE 166
3. Issue the portCfgLongDistance command, using the following syntax: portcfglongdistance [slotnumber/]portnumber [distance_level] [vc_translation_link_init] [desired_distance] where: slotnumber Specifies the slot number for Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director. This option is not applicable to fixed-port switches. The slot number must be followed by a slash ( / ) and the port number. portnumber Specifies the port number.
PAGE 167
12 Administering ISL trunking This chapter contains procedures for using the HP ISL Trunking licensed feature, which optimizes the use of bandwidth by allowing a group of ISLs to merge into a single logical link. About ISL trunking HP ISL Trunking reduces or eliminates situations that require static traffic routes and individual ISL management to achieve optimal performance.
PAGE 168
The maximum number of ports per trunk and trunks per switch depends on the HP StorageWorks model. For detailed information about trunking commands, see online help or the HP StorageWorks Fabric OS 5.x command reference guide. Standard trunking criteria Observe the following criteria for standard distance trunking: • There must be a direct connection between participating switches. • Trunk ports must reside in the same port group. • Trunk ports must run at the same speed (either 2 Gbit/sec or 4 Gbit/sec).
PAGE 169
• Consider how the addition of a new path affects existing traffic patterns: • A trunking group has the same link cost as the master ISL of the group, regardless of the number of ISLs in the group. This allows slave ISLs to be added or removed without causing data to be rerouted, because the link cost remains constant. • The addition of a path that is shorter than existing paths causes traffic to be rerouted through that path.
PAGE 170
• Fabric Watch allows you to monitor traffic flow through specified ports on the switch and send alerts when the traffic exceeds or drops below configurable thresholds. See the HP StorageWorks Fabric OS 5.x Fabric Watch administrator guide for additional information. • Issue the portPerfShow command, as described in the following procedure, to record traffic volume for each port in your fabric over time. Using the portperfshow command 1. Connect to the switch and log in as admin. 2.
PAGE 171
Enabling and disabling ISL trunking You can enable or disable HP ISL Trunking for a single port or for an entire switch.When you execute the portCfgTrunkPort or switchCfgTrunk command to update the trunking configuration, the ports for which the configuration applies are disabled and reenabled with the new trunk configuration. As a result, traffic through those ports could be disrupted. Enabling or disabling ISL trunking on one port 1. Connect to the switch and log in as admin. 2.
PAGE 172
Setting the speed for one port 1. Connect to the switch and log in as admin. 2. Issue the portCfgSpeed command: portcfgspeed [slotnumber/]portnumber, speed_level where: slotnumber Is for bladed systems only; it specifies the slot number of the port to be configured, followed by a slash (/). This operand is required only for switches with slots, such as the Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director. portnumber Specifies the port number relative to its slot for bladed systems.
PAGE 173
The following example sets the speed for all ports on the switch to 2 Gbit/second: switch:admin> switchcfgspeed 2 Committing configuration...done. switch:admin> The following example sets the speed for all ports on the switch to auto-negotiate: switch:admin> switchcfgspeed 0 Committing configuration...done. switch:admin> Displaying trunking information The trunkShow command offers an efficient means of listing all the trunks and members of a trunk.
PAGE 174
Troubleshooting trunking problems If you have difficulty with trunking, try the solutions in this section. Listing link characteristics If a link that is part of an ISL trunk fails, use the trunkDebug command to troubleshoot the problem, as shown in the following procedure: 1. Connect to the switch and log in as admin. 2. Issue the following command: trunkDebug port, port where port specifies the number of a port in an ISL trunking group.
PAGE 175
4. If you are in buffer-limited mode on the LD port, increase the estimated distance. These changes are implemented only after disabling (portDisable) and enabling (portEnable) the buffer-limited port (or buffer-limited switch). Reconfiguring a port to LD from another mode can result in the port being disabled for lack of buffers—this does not apply to the SAN Switch 4/32 and 4/256 SAN Director (using FC4-16 and FC4-32 port blades). If this happens: • In Fabric OS 4.2.
PAGE 176
Administering ISL trunking
PAGE 177
13 Administering advanced zoning This chapter provides procedures for using the HP Advanced Zoning feature. Zoning terminology The following terms are used in the advanced zoning procedures: • A zone is a region within the fabric where a specified group of fabric-connected devices (called zone members) have access to one another. When zoning is enabled, objects not explicitly defined in a zone are isolated, and members in the zoned fabric do not have access to them.
PAGE 178
To list the commands associated with zoning, use the zoneHelp command. For detailed information on the zoning commands used in the procedures, see the HP StorageWorks Fabric OS 5.x command reference guide or to the online man page for each command. Zoning concepts Before using the procedures, become familiar with the zoning concepts described in the following sections. Zone types Table 33 summarizes the types of zoning.
PAGE 179
Table 34 Approaches to fabric-based zoning Form Description Single HBA Zoning by single HBA most closely re-creates the original SCSI bus. Each zone created has only one HBA (initiator) in the zone; each of the target devices is added to the zone. Typically, a zone is created for the HBA and the disk storage ports are added. If the HBA also accesses tape devices, a second zone is created with the HBA and associated tape devices in it.
PAGE 180
WWNs are specified as 8-byte (16-digit) hexadecimal numbers, separated by colons, for example, 10:00:00:90:69:00:00:8a. When a node name specifies a zone object, all ports on such a device are in the zone. When a port name specifies a zone object, only the single port is in the zone. The types of zone objects used to define a zone can be mixed and matched.
PAGE 181
Zoning enforcement Software-enforced and hardware-enforced zoning are supported. Software-enforced zoning Zoning enables users to restrict access to devices in a fabric. Software-enforced zoning prevents hosts from discovering unauthorized target devices, while hardware-enforced zoning prevents a host from accessing a device it is not authorized to access. Software-enforced zoning: • Is also called soft zoning, Name Server zoning, fabric-based zoning, session-based zoning, or hardware-assisted zoning.
PAGE 182
Table 35 Enforcing hardware zoning Fabric type Methodology Best practice HP StorageWorks 1-GB switches Enables hardware-enforced zoning only on domain, port zones; WWN or mixed zones are not hardware-enforced. Any domain, port zone that overlaps a mixed or WWN zone is not hardware-enforced. Use domain, port identifiers (PIDs). Do not identify a zone member by its WWN. An overlap occurs when a member specified by WWN is connected to a port in a domain, port zone.
PAGE 183
WWN_Zone1 Port_Zone1 Port_Zone2 Core Switch WWN_Zone2 Zone Boundaries 22.2b(13.2) Figure 6 Hardware-enforced non-overlap ping zones Figure 7 shows the same fabric components zoned in an overlapping fashion. WWN_Zone1 Port_Zone1 Core Switch Port_Zone2 Zone Boundaries WWN_Zone2 22.3b(13.
PAGE 184
Port_WWN Zone3 Port_WWN Zone1 Port_WWN Zone2 Core Switch Port_WWN Zone4 Zone Boundaries 22.4b(13.4) Figure 8 Zoning with hardware assist (mixed-port and WWN zones) Port_Zone2 Port_Zone1 WWN_Zone1 Core Switch Zone Boundaries WWN_Zone2 22.5b(13.5) Figure 9 Session-based hard zoning In Figure 9, only the ports that are overlapped are software-enforced with hardware assist. Rules for configuring zones Observe the following rules when configuring zones.
PAGE 185
• QuickLoop: Evaluate whether the fabric will also use QuickLoop Fabric Assist (QLFA) or QuickLoop. If you are running Fabric OS 4.x, consider the following before creating and setting up QLFA zones: • QuickLoop Zoning. QuickLoop and QuickLoop zones cannot run on switches running Fabric OS 4.x. However, Fabric OS 4.x can still manage (create, remove, update) QuickLoop zones on any non-4.x switch. • QLFA. Fabric OS 4.x cannot have a Fabric Assist host directly connected to it.
PAGE 186
Adding members to an alias 1. Connect to the switch and log in as admin. 2. Issue the aliAdd command. 3. Issue the cfgSave command to save the change to the defined configuration. For example: switch:admin> aliadd “array1”, “1,2” switch:admin> aliadd “array2”, “21:00:00:20:37:0c:72:51” switch:admin> aliadd “loop1”, “4,6” switch:admin> cfgsave You are about to save the Defined zoning configuration. This action will only save the changes on the Defined configuration.
PAGE 187
Viewing an alias in the defined configuration 1. Connect to the switch and log in as admin. 2. Issue the aliShow command. The following example shows all zone aliases beginning with arr: switch:admin> alishow “arr*” alias: array1 21:00:00:20:37:0c:76:8c alias: array2 21:00:00:20:37:0c:66:23 If no parameters are specified, the entire zone database (both the defined and effective configuration) is displayed.
PAGE 188
Removing devices (members) from a zone 1. Connect to the switch and log in as admin. 2. Issue the zoneRemove command. 3. Issue the cfgSave command to save the change to the defined configuration. For example: switch:admin> zoneremove “greenzone”, “1,2” switch:admin> zoneremove “redzone”, “21:00:00:20:37:0c:72:51” switch:admin> zoneremove “bluezone”, “4,6; 21:00:00:20:37:0c:66:23 switch:admin> cfgsave You are about to save the Defined zoning configuration.
PAGE 189
Symmetrical segmentation occurs when both ends of an ISL are shut down. Subsequently, no frames are exchanged between the two switches. Asymemetrical segmentation not only prevents frames from being exchanged between switches, but also causes routing inconsistencies. The best way to avoid either type of segmentation is to know the zone database size limit of adjacent switches. Table 36 through Table 39 provide the expected behavior based on different database sizes after a zone merge is specified.
PAGE 190
Table 38 Resulting database size: 128K to 256K Receiver J FOS 2.6 FOS 3.1 FOS 3.2 FOS 4.0, 4.1, 4.2 FOS 4.3, 4.4.0 FOS 5.5.0, 5.0.1 Fibre Channel Router XPath 7.3 FOS 2.6, 3.1 Segment Segment Segment Segment Segment Segment Segment Segment FOS 3.2 Segment Segment Join Segment Join Join Join Segment FOS 4.0, 4.1, 4.1 Segment Segment Segment Segment Segment Segment Segment Segment FOS 4.3, 4.4.0 Segment Segment Join Segment Join Join Join Segment FOS 5.5.0, 5.0.
PAGE 191
For important considerations for managing zoning in a fabric, and details about the maximum zone database size for each version of the FOS, see ”Maintaining zone objects” on page 193. Creating a zoning configuration 1. Connect to the switch and log in as admin. 2. Issue the cfgCreate command. 3. Issue the cfgSave command to save the change to the defined configuration.
PAGE 192
For example: switch:admin> cfgdelete “testcfg” switch:admin> cfgsave You are about to save the Defined zoning configuration. This action will only save the changes on the Defined configuration. Any changes made on the Effective configuration will not take effect until it is re-enabled. Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y Clearing changes to a configuration Use the cfgTransAbort command.
PAGE 193
Viewing a configuration in the effective zone database 1. Connect to the switch and log in as admin. 2. Issue the cfgActvShow command.
PAGE 194
For example: switch:admin> cfgShow Defined configuration: cfg: USA_cfg Red_zone; White_zone; Blue_zone zone: Blue_zone 1,1; array1; 1,2; array2 zone: Red_zone 1,0; loop1 zone: White_zone 1,3; 1,4 alias: array1 21:00:00:20:37:0c:76:8c; 21:00:00:20:37:0c:71:02 alias: array2 21:00:00:20:37:0c:76:22; 21:00:00:20:37:0c:76:28 alias: loop1 21:00:00:20:37:0c:76:85; 21:00:00:20:37:0c:71:df 3. Issue the zoneObjectExpunge command to delete the zone object.
PAGE 195
Managing zoning configurations in a fabric To modify an existing zone configuration, you can add, delete, or remove individual elements to create the desired configuration. After the changes have been made, save the configuration to ensure the configuration is permanently saved in the switch and that the configuration is replicated throughout the fabric. The switch configuration file can also be uploaded to the host for archiving; it can also be downloaded from the host to a switch in the fabric.
PAGE 196
copy of this database. When a change is made to the defined configuration, the switch where the changes were made must close its transaction for the change to get propagated throughout the fabric. • Merging rules: Observe the following rules when merging zones: • Local and adjacent configurations: If the local and adjacent zone database configurations are the same, they remain unchanged after the merge.
PAGE 197
Splitting a fabric If the connections between two fabrics are no longer available, the fabric segments into two separate fabrics. Each new fabric retains the same zone configuration. If the connections between two fabrics are replaced and no changes have been made to the zone configuration in either of the two fabrics, the two fabrics merge back into one single fabric. If any changes that cause a conflict have been made to either zone configuration, the fabrics might segment.
PAGE 198
Table 41 lists considerations for zoning architecture. Table 41 Considerations for zoning architecture Item Description Type of zoning: hard or soft (session-based) If security is a priority, HP recommends hard zoning. Use of aliases The use of aliases is optional with zoning. Using aliases requires structure when defining zones. Aliases aid administrators of zoned fabric in understanding the structure and context. Security requirements Evaluate the security requirements of the fabric.
PAGE 199
14 Administering advanced performance monitoring This topic contains procedures for the HP Advanced Performance Monitoring licensed feature: Based on HP Frame Filtering technology and a unique performance counter engine, advanced performance monitoring is a comprehensive tool for monitoring the performance of networked storage resources.
PAGE 200
Table 42 Advanced performance monitoring commands (continued) Command Description perfSetPortEEMask Set the overall mask for EE monitors. perfShowAlpaCrc Display the AL_PA CRC count by port or by AL_PA. perfShowEEMonitor Show user-defined EE monitors. perfShowFilterMonitor Show filter-based monitors. perfShowPortEEMask Display the current EE mask of a port.
PAGE 201
Monitoring EE performance EE performance monitoring counts the number of words and CRC errors in Fibre Channel frames for a specified SID-DID pair.
PAGE 202
NOTE: EE performance monitoring looks at traffic on the receiving port respective to the SID only. In Figure 10, if you add a monitor to slot 2, port 2, on Switch X, specifying Dev B as the SID and Host A as the DID, no counters (except CRC) are incremented. SID 0x051200 Switch x Host A Switch y ... Monitor 0 domain 0x05, switch area ID 0x12 AL_PA 0x00 DID 0x111eef ...
PAGE 203
CAUTION: Only one mask per port can be set. When you set a mask, all existing EE monitors are deleted. You can specify a mask using the perfSetPortEeMask command in the form dd:aa:pp, where dd is the domain ID mask, aa is the area ID mask, and pp is the AL_PA mask. The values for dd, aa, and pp are either ff (the field must match) or 00 (the field is ignored). The default EE mask value is ff:ff:ff. The command sets the mask for all EE monitors of a port.
PAGE 204
The EE mask has 12 fields, each with a value of on or off. The following example shows how to set and display and EE mask (the EE mask is set on slot 1, port 11): switch:admin> perfsetporteemask 1/11, “00:00:ff” “00:00:ff” “00:00:ff” “00:00:ff” The EE mask on port 11 is set and EE counters are reset.
PAGE 205
Adding standard filter-based monitors Table 43 lists the commands for adding standard filter-based monitors to a port. Table 43 Commands to add filter-based monitors Telnet command Description perfAddReadMonitor Counts the number of SCSI read commands. perfAddWriteMonitor Counts the number of SCSI write commands. perfAddRwMonitor Counts the number of SCSI read and write commands. perfAddScsiMonitor Counts the number of SCSI traffic frames.
PAGE 206
• SAN Switch 4/32 (Fabric OS 4.4.0 or later): Up to 15 different offsets per port (14 offsets when FMS is enabled) • 4/8 SAN Switch, 4/16 SAN Switch, and Brocade 4Gb SAN Switch for HP p-Class BladeSystem (Fabric OS 5.0.1): Up to 7 different offsets per port (6 offsets when fmsmode is enabled) You can specify up to four values to compare against each offset.
PAGE 207
The following example displays the monitors on slot 1, port 4 using the perfShowFilterMonitor command (the monitor numbers are listed in the KEY column) and deletes monitor number 1 on slot 1: switch:admin> perfshowfiltermonitor 1/4 There are 4 filter-based monitors defined on port 4.
PAGE 208
The command format is: perfmonitorshow --class monitor_class [slotnumber/]portnumber [interval] where: monitor_class Specifies the monitor class, which can be EE, FLT (filter-based), or ISL. The --class monitor_class operand is required. slotnumber Specifies the slot number for a Core Switch 2/64, SAN Director 2/128, or 4/256 SAN Director. For all other switches, this operand is not required.
PAGE 209
The following example displays filter-based monitor on a port at an interval of every 6 seconds: switch:admin> perfMonitorShow --class FLT 2/5 6 perfmonitorshow 21, 6 0 1 2 3 4 5 6 #Frames #Frames #Frames #Frames #Frames #Frames #Frames --------------------------------------------------------------0 0 0 0 0 0 0 26k 187 681 682 682 494 187 26k 177 711 710 710 534 176 26k 184 734 734 734 550 184 26k 182 649 649 649 467 182 26k 188 754 755 755 567 184 26k 183 716 716 717 534 183 26k 167 657 656 655 488 167 26k
PAGE 210
The command format is: perfmonitorclear --class monitor_class [slotnumber/]portnumber [monitorId] where: monitor_class Specifies the monitor class, which can be one of EE, FLT (filter-based), or ISL. The --class monitor_class operand is required. slotnumber Specifies the slot number for a Core Switch 2/64, SAN Director 2/128, or 4/256 SAN Director. For all other switches, this operand is not required.
PAGE 211
Saving and restoring monitor configurations To save the current EE and filter monitor configuration settings into nonvolatile memory, use the perfCfgSave command. For example: switch:admin> perfcfgsave This will overwrite previously saved Performance Monitoring settings in FLASH ROM. Do you want to continue? (yes, y, no, n): [no] y Please wait... Committing configuration...done. Performance monitoring configuration saved in FLASH ROM.
PAGE 212
Administering advanced performance monitoring
PAGE 213
A Configuring the PID format Port identifiers (PIDs) are used by the routing and zoning services in Fibre Channel fabrics to identify ports in the network. All devices in a fabric must use the same PID format, so when you add new equipment to your SAN, you might need to change the PID format on legacy equipment.
PAGE 214
• If you are running dual-fabrics with multipathing software, you can update one fabric at a time without disrupting traffic. Move all traffic onto one fabric in the SAN and update the other fabric, and then move the traffic onto the updated fabric, and update the final fabric. • Without dual-fabrics, HP recommends stopping traffic. This is the case for many routine maintenance situations, so dual-fabrics are always recommended for uptime-sensitive environments.
PAGE 215
Table 45 Effects of PID format changes on configurations PID format before change PID format after change Configuration effect Native Extended Edge No impact Extended Edge Native No impact Native Core You must: Core Native • Extended Edge Core • Core Extended Edge Reenable zoning, if there is an active zone set and it uses port zones.
PAGE 216
Table 46 PID format recommendations for adding new switches Existing Fabric OS versions; PID format Switch to be added Recommendations (in order of preference) Version 2.6.2 and later; version 3.1.2 and later; Native PID 2.6.2 and later; 3.1.2 and later • Use Native PID format for new switch. Host reboot is not required. • Convert existing fabric to Core PID format, upgrading the version of Fabric OS, if necessary. Set Core PID format for new switch. Host reboot is required.
PAGE 217
1. Collect device, software, hardware, and configuration data. The following is a non-comprehensive list of information to collect: • HBA driver versions • Fabric OS versions • RAID array microcode versions • SCSI bridge code versions • JBOD drive firmware versions • Multipathing software versions • HBA timeout values • Multipathing software timeout values • Kernel timeout values • Configuration of switch 2. Make a list of manually configurable PID drivers.
PAGE 218
If either of the first two options are used, the procedures should again be validated in the test environment. Determine the behavior of multipathing software, including but not limited to: • HBA time-out values • Multipathing software time-out values • Kernel time-out values Planning the update procedure Whether it is best to perform an offline or online update depends on the uptime requirements of the site. • An offline update requires that all devices attached to the fabric be offline.
PAGE 219
1. Schedule an outage for all devices attached to the fabric. 2. Back up all data and verify backups. 3. Shut down all hosts and storage devices attached to the fabric. 4. Disable all switches in the fabric. 5. Change the PID format on each switch in the fabric. 6. Reenable the switches in the updated fabric one at a time. In a core/edge network, enable the core switches first. 7. After the fabric has reconverged, use the cfgEnable command to update zoning. 8.
PAGE 220
switch:admin> switchdisable switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] y Domain: (1..239) [1] BB credit: (1..27) [16] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] WAN_TOV: (1000..120000) [0] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] SYNC IO mode: (0..1) [0] Switch PID Address Mode: (0..2) [1] < Set mode number here. Per-frame Route Priority: (0..
PAGE 221
4. Change the switch configuration in the fabric to Extended Edge PID format: a. Configure Extended Edge PID (Format 2) on each switch. (See ”PID format changes” on page 224 for a sample configure command on an HP StorageWorks switch running Fabric OS 3.1.2 and for a sample configure command on an HP StorageWorks switch running Fabric OS 4.2.0 and later.) b. Run the switchEnable command all switches. c. Verify that all the switches form a fabric. d.
PAGE 222
Example of the configure command on a switch running Fabric OS 5.0.1: configure Configure... Fabric parameters (yes, y, no, n): [no] y Domain: (1..239) [11] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] WAN_TOV: (0..30000) [0] MAX_HOPS: (7..19) [7] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] Switch PID Format: (1..2) [1] 2 Per-frame Route Priority: (0..1) [0] Long Distance Fabric: (0..
PAGE 223
! 31 143 47 159 63 175 79 191 30 142 46 158 62 174 78 190 29 141 45 157 61 173 77 28 140 44 156 60 172 27 139 43 155 59 26 138 42 154 25 137 41 153 223 127 239 15 255 94 206 110 222 126 238 14 254 189 93 205 109 221 125 237 13 253 76 188 92 204 108 220 124 236 12 252 171 75 187 91 203 107 219 123 235 11 251 58 170 74 186 90 202 106 218 122 234 10 250 57 169 73 185 89 201 105 217 121 233 9 249 184 8
PAGE 224
PID format changes There are several routine maintenance procedures which might result in a device receiving a new PID.
PAGE 225
For example: switch:admin> switchdisable switch:admin> configure Configure... Fabric parameters (yes, y, no, n): [no] yes Domain: (1..239) [1] R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000..5000) [2000] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] SYNC IO mode: (0..1) [0] Core Switch PID Format: (0..2) [0] 1 Per-frame Route Priority: (0..1) [0] Long Distance Fabric: (0..1) [0] BB credit: (1..27) [16] 10.
PAGE 226
11.Issue the command cfgEnable [effective_zone_configuration]. For example: cfgEnable my_zones 12.Issue the switchEnable command. Enable the core switches first, and then the edges. 13.Clean the lvmtab file by using the command vgscan. 14.Change to /dev and untar the file that was tared in step 4. For example: tar –xf /tmp/jbod.tar 15.Import the volume groups using vgimport. The proper syntax is vgimport –m mapfile path_to_volume_group physical_volume_path.
PAGE 227
Executing the AIX procedure This procedure is not intended to be comprehensive. It provides a starting point from which a SAN administrator can develop a site-specific procedure for a device that binds by PID and cannot be rebooted due to uptime requirements. 1. Backup all data and verify the backups. 2. If you are not using multipathing software, stop all I/O going to all volumes connected through the switch or fabric to be updated. 3.
PAGE 228
Use the following procedure to swap the port area IDs of two physical switch ports. In order to swap port area IDs, the port swap feature must be enabled, and both switch ports must be disabled. The swapped area IDs for the two ports remain persistent across reboots, power cycles, and failovers. 1. Connect to the switch and log in as admin. 2. Enable the port swap feature: portswapenable 3.
PAGE 229
B Configuring interoperability mode For supported interoperability configurations and restrictions, see the HP StorageWorks SAN design reference guide (AA–RMPNW–TE): http://www.hp.com/go/SANDesignGuide. Fabric OS 5.
PAGE 230
Configuring interoperability mode
PAGE 231
C Using the HP Remote Switch feature The HP Remote Switch feature (Remote Switch), which aids in ensuring gateway compatibility, was formerly a licensed feature. Its functionality is now available as part of the Fabric OS standard feature set through the use of the portCfgIslMode command, which is described in ”Linking through a gateway” on page 33.
PAGE 232
• Suppress Class F Traffic: Use this parameter to disable class F traffic. Some network-bridge devices might not have a provision for handling class F frames. In this case, the transmission of class F frames must be suppressed throughout the entire Remote Switch fabric. To set the access and reconfigure these parameters: 1. Connect to the switch and log in as admin. 2. Issue the switchDisable command to disable the switch. 3. Issue the configure command. 4. At the Fabric Parameters prompt, enter yes. 5.
PAGE 233
D Understanding legacy password behavior The following sections provide password information for early versions of Fabric OS firmware. Password management information Table 48 describes the password standards and behaviors between various versions of firmware. Table 48 Account and password characteristics matrix Characteristic Version 4.0.0 Versions 4.1.0 to 4.2.0 Versions 4.4.0 to 5.0.
PAGE 234
Table 48 Account and password characteristics matrix (continued) Characteristic Version 4.0.0 Versions 4.1.0 to 4.2.0 Versions 4.4.0 to 5.0.1 Can passwd change higher-level passwords? For example, can admin change root password? Yes, but you must supply the old password of the higher-level account (example root). Yes; if users connect as admin, they can change the root, factory, and admin passwords. However, if one connects as user, one can change only the user password.
PAGE 235
Table 49 Password prompting matrix (continued) Issue Version 4.0.0 Version 4.1.0 and later Does password prompting reappear when passwords are changed back to the defaults using the passwd command? Yes No Does password prompting reappear when passwords are changed back to the defaults using the passwdDefault command? Yes Yes Password migration during firmware changes Table 50 describes the expected outcome of password settings when upgrading or downgrading firmware for various Fabric OS versions.
PAGE 236
Password recovery options Table 51 describes the options available when one or more types of passwords are lost. Table 51 Password recovery options Issue Version 4.0.0 Versions 4.1.0 and later If all the passwords are forgotten, what is the password recovery mechanism? Are these procedures non-disruptive recovery procedures? Contact your switch service provider. A non-disruptive procedure is available. Contact your switch service provider. A non-disruptive procedure is available.
PAGE 237
E Zone merging scenarios Table 52 provides information on merging zones and the expected results. Table 52 Zone merging scenarios Description Switch A Switch B Expected Results Switch A has a defined configuration. defined: none cfg1: none zone1: ali1; ali2 effective: none defined: none effective: none Configuration from Switch A to propagate throughout the fabric in an inactive state, because the configuration is not enabled.
PAGE 238
Table 52 Zone merging scenarios (continued) Description Switch A Switch B Expected Results There is a cfg content mismatch. defined: cfg1 zone1: ali1; ali2 effective: irrelevant defined: cfg1 zone1: ali3; ali4 effective: irrelevant Fabric segments due to a zone conflict content mismatch. defined: cfg1 zone1: ali1; ali2 effective: irrelevant defined: cfg1 zone1: ali1; ali4 effective: irrelevant Fabric segments due to a zone conflict content mismatch.
PAGE 239
F Upgrading firmware in single-CP mode For all HP StorageWorks switches and directors, the firmwareDownload command, by default, performs a full installation, automatic reboot (autoreboot), and automatic firmware commit (autocommit). Automatic reboot and automatic commit modes are not selectable by default; however, they become selectable when single-CP mode is enabled by entering the -s option on the command line.
PAGE 240
7. Answer the next prompts as indicated: Do Auto Commit after reboot [Y]: y If you specify no, you must manually issue the firmwareCommit command. Reboot system after download [N]: y The default is no. If you take the default, you must later use the haReboot command to perform an HA reboot manually. In Fabric OS 4.4.0 or later, the Full Install option is not available. 8. Wait for the firmware download to finish. 9. Start a new telnet session and use the firmwareDownloadStatus command to check the status.
PAGE 241
7. Enter the full path to the firmware file on the server. For example: /pub/v5.0.1/release.plist 8. Enter your password. 9. Answer the next prompts as indicated: Do Auto Commit after reboot [Y]: y If you answer no in the previous example, you must manually issue the firmwareCommit command. Reboot system after download [N]: y The default is no. If you take the default, you must later use the haReboot command to perform an HA reboot manually. NOTE: After you upgrade to Fabric OS 4.4.
PAGE 242
Upgrading firmware in single-CP mode
PAGE 243
Index A accessing switches and fabrics 42 account ID 21 account privilege levels 22 activating a switch certificate 56 ports on demand 30 adding a new switch or fabric 195 and removing FICON CUP licenses 116 custom filter-based monitors 205 end-to-end monitors 201 filter-based monitors 205 standard filter-based monitors 205 switches to a zone 195 zone members 187 advanced performance monitoring commands 199 AIX procedure, PID 227 analyzing connection problems 145 assigning a static route 98 audience 13 auth
PAGE 244
correcting link failures 157 correcting marginal links 159 correcting zoning setup issues 149 CRC errors, displaying 200 creating a zone 187 creating and maintaining user-defined accounts 43 creating and maintaining zones 187 creating and managing zone aliases 185 creating and modifying zoning configurations 190 customizing the chassis name 29 customizing the switch name 28 D database, clearing in a FICON environment 107 date and time 24 default names 28 default password 23 defined zone configuration 180 d
PAGE 245
fru failures 111 fru failures, monitoring in FICON environments 107, 111 G gateway 231 gateway, remote switch 231 gathering information for technical support 144 generating batch of licenses 27 generating a public/private key 54 generating and storing a csr 54 H hard zoning 181 hardware-enforced zoning 181 hashow command 34 help information 18 help, obtaining 14, 15 high availability (HA) 34 high integrity fabric 106 host reboots 214 host-based zoning 178 HP authorized reseller 15 storage web site 15 Subs
PAGE 246
default 23 password management information 233 password migration during firmware changes 235 password prompting behaviors 234 password recovery options 236 passwords recovering forgotten passwords 71 perfaddeemonitor command 201 perfaddIPmonitor command 205 perfaddusermonitor command 205 perfcfgrestore command 211 perfcfgsave command 211 perfdeleemonitor command 204 perfdelfiltermonitor command 206 performance monitoring commands 199 performing PID format changes 222 perfsetporteemask command 202 perfshowa
PAGE 247
configuring in a FICON environment 108 system status 130 switch access 42 switch names 28 switchshow command 34 SWL, ISL Trunking support for 167 symbols in text 14 T tag field, interpreting 117 technical support, HP 14 telnet connection 21 temperature, status of 136 text symbols 14 time and date 24 tracking and controlling switch changes 35 traffic patterns planning for 169 troubleshooting 116 troubleshooting certificates 58 troubleshooting firmware downloads 85 troubleshooting trunking problems 174 trunk
PAGE 248