Broadcom Brocade Fabric OS 6505 User manual
Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
User Guide
16 October 2020
FOS-821-access-AG104
16 October 2020
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Table of Contents
Copyright Statement............................................................................................................................ 7
Introduction...........................................................................................................................................8
About This Document......................................................................................................................................................8
What Is New in This Document......................................................................................................................................8
Supported Hardware and Software................................................................................................................................ 8
Key Access Gateway Terms........................................................................................................................................... 8
Contacting Technical Support for Your Brocade® Product......................................................................................... 9
Document Feedback...................................................................................................................................................... 10
Access Gateway Basic Concepts.................................................................................................... 11
Brocade Access Gateway Overview............................................................................................................................ 11
Fabric OS Features in Access Gateway Mode........................................................................................................... 13
Buffer Credit Recovery Support................................................................................................................................15
Forward Error Correction Support............................................................................................................................ 16
Virtual Fabrics Support............................................................................................................................................. 16
Device Authentication Support..................................................................................................................................16
Supported Policy Modes....................................................................................................................................17
Supported Fabric OS Commands..................................................................................................................... 18
Limitations and Considerations..........................................................................................................................18
AG Mode without All Ports on Demand Licenses.................................................................................................... 18
Password Distribution Support..................................................................................................................................19
FDMI Support............................................................................................................................................................ 19
NTP Configuration Distribution to Access Gateways............................................................................................... 19
Remote Fosexec Support......................................................................................................................................... 19
Slow-Drain Device Quarantining Support................................................................................................................. 21
Access Gateway Port Types......................................................................................................................................... 22
Comparison of Access Gateway Ports to Standard Switch Ports............................................................................22
Access Gateway Hardware Considerations................................................................................................................ 24
Configuring Ports in Access Gateway Mode..................................................................................25
Enabling and Disabling Access Gateway Mode......................................................................................................... 25
Port State Description............................................................................................................................................... 26
Access Gateway Mapping............................................................................................................................................. 26
Port Mapping............................................................................................................................................................. 27
Default Port Mapping......................................................................................................................................... 27
Considerations for Initiator and Target Ports.....................................................................................................30
Adding F_Ports to an N_Port............................................................................................................................ 31
Removing F_Ports from an N_Port................................................................................................................... 31
FOS-821-access-AG104
2
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
F_Port Static Mapping.............................................................................................................................................. 32
Considerations for Using F_Port Static Mapping with Other AG Features and Policies................................... 32
Upgrade and Downgrade Considerations......................................................................................................... 32
Device Mapping.........................................................................................................................................................32
Static versus Dynamic Mapping........................................................................................................................ 34
Device Mapping to Port Groups (Recommended)............................................................................................ 34
Device Mapping to N_Ports...............................................................................................................................35
Disabling Device Mapping................................................................................................................................. 36
Enabling Device Mapping.................................................................................................................................. 37
Displaying Device Mapping Information............................................................................................................ 37
Pre-Provisioning................................................................................................................................................. 37
VMware Configuration Considerations.............................................................................................................. 37
Considerations for Access Gateway Mapping..........................................................................................................38
Mapping Priority................................................................................................................................................. 38
Device Mapping Considerations........................................................................................................................ 39
N_Port Configurations................................................................................................................................................... 39
Displaying N_Port Configurations............................................................................................................................. 41
Unlocking N_Ports.....................................................................................................................................................41
Persistent Port Online State..................................................................................................................................... 41
D_Port Support............................................................................................................................................................... 42
Saving Port Mappings...............................................................................................................................................43
Limitations and Considerations.................................................................................................................................43
Managing Policies and Features in Access Gateway Mode..........................................................44
Access Gateway Policies Overview............................................................................................................................. 44
Displaying Current Policies....................................................................................................................................... 44
Policy Enforcement Matrix........................................................................................................................................ 44
Advanced Device Security Policy................................................................................................................................ 44
How the ADS Policy Works...................................................................................................................................... 44
Enabling and Disabling the ADS Policy................................................................................................................... 45
Allow Lists................................................................................................................................................................. 45
Setting the List of Devices Allowed to Log In................................................................................................... 46
Setting the List of Devices Not Allowed to Log In............................................................................................ 46
Removing Devices from the List of Allowed Devices........................................................................................46
Adding New Devices to the List of Allowed Devices........................................................................................ 46
Displaying the List of Allowed Devices on the Switch...................................................................................... 47
ADS Policy Considerations....................................................................................................................................... 47
Automatic Port Configuration Policy........................................................................................................................... 47
How the APC Policy Works...................................................................................................................................... 47
Enabling and Disabling the APC Policy................................................................................................................... 47
Enabling the APC Policy................................................................................................................................... 48
FOS-821-access-AG104
3
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Disabling the APC Policy...................................................................................................................................48
APC Policy Considerations....................................................................................................................................... 48
Port Grouping Policy..................................................................................................................................................... 48
How Port Groups Work.............................................................................................................................................49
Adding an N_Port to a Port Group...........................................................................................................................50
Deleting an N_Port from a Port Group.....................................................................................................................50
Removing a Port Group............................................................................................................................................51
Renaming a Port Group............................................................................................................................................51
Disabling the Port Grouping Policy...........................................................................................................................51
Port Grouping Policy Modes..................................................................................................................................... 51
Automatic Login Balancing Mode...................................................................................................................... 51
Managed Fabric Name Monitoring Mode..........................................................................................................52
Creating a Port Group and Enabling Automatic Login Balancing Mode.................................................................. 52
Rebalancing F_Ports..........................................................................................................................................52
Considerations When Disabling Automatic Login Balancing Mode.................................................................. 53
Enabling MFNM Mode.............................................................................................................................................. 53
Disabling MFNM Mode............................................................................................................................................. 53
Displaying the Current MFNM Mode Timeout Value................................................................................................ 54
Setting the Current MFNM Mode Timeout Value..................................................................................................... 54
Port Grouping Policy Considerations........................................................................................................................54
Device Load Balancing Policy...................................................................................................................................... 54
Enabling the Device Load Balancing Policy.............................................................................................................55
Disabling the Device Load Balancing Policy............................................................................................................ 55
Device Load Balancing Policy Considerations......................................................................................................... 55
Persistent ALPA Policy..................................................................................................................................................55
Enabling the Persistent ALPA Policy........................................................................................................................ 56
Disabling the Persistent ALPA Policy....................................................................................................................... 56
Persistent ALPA Device Data................................................................................................................................... 56
Removing Device Data from the Database.......................................................................................................56
Displaying Device Data......................................................................................................................................57
Clearing ALPA Values............................................................................................................................................... 57
Persistent ALPA Policy Considerations.................................................................................................................... 57
Failover Policy................................................................................................................................................................ 57
Failover with Port Mapping....................................................................................................................................... 57
Failover Configuration in Access Gateway........................................................................................................58
Failover Example............................................................................................................................................... 58
Adding a Preferred Secondary N_Port (Optional).............................................................................................59
Deleting F_Ports from a Preferred Secondary N_Port......................................................................................60
Failover with Device Mapping...................................................................................................................................60
Adding a Preferred Secondary N_Port for Device Mapping (Optional).............................................................60
FOS-821-access-AG104
4
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Deleting a Preferred Secondary N_Port for Device Mapping (Optional)...........................................................61
Enabling and Disabling the Failover Policy on an N_Port....................................................................................... 61
Enabling and Disabling the Failover Policy for a Port Group...................................................................................62
Failback Policy................................................................................................................................................................62
Failback Policy Configurations in Access Gateway..................................................................................................62
Failback Example...............................................................................................................................................62
Enabling and Disabling the Failback Policy on an N_Port.......................................................................................63
Enabling and Disabling the Failback Policy for a Port Group.................................................................................. 64
Forcing Failback on N_Ports.................................................................................................................................... 64
Failback Policy Disabled on Unreliable Links (N_Port Monitoring).......................................................................... 64
Considerations for Failback Policy Disabled on Unreliable Links..................................................................... 65
Trunking in Access Gateway Mode............................................................................................................................. 65
How Trunking Works.................................................................................................................................................66
Configuring Trunking on the Edge Switch................................................................................................................ 66
Trunk Group Creation........................................................................................................................................ 66
Setting Up Trunking........................................................................................................................................... 67
Configuration Management for Trunk Areas............................................................................................................ 67
Assigning a Trunk Area..................................................................................................................................... 67
Enabling the DCC Policy on a Trunk................................................................................................................ 68
Enabling Trunking......................................................................................................................................................68
Disabling F_Port Trunking.........................................................................................................................................68
Monitoring Trunking...................................................................................................................................................69
AG Trunking Considerations for the Edge Switch....................................................................................................69
Trunking Considerations for Access Gateway Mode................................................................................................71
Adaptive Networking on Access Gateway.................................................................................................................. 71
QoS: Ingress Rate Limiting.......................................................................................................................................71
QoS: SID/DID Traffic Prioritization............................................................................................................................71
Adaptive Networking on Access Gateway Considerations.......................................................................................72
Per-Port NPIV Login Limit............................................................................................................................................. 72
Setting the Login Limit.............................................................................................................................................. 73
Duplicate PWWN Handling during Device Login........................................................................................................73
Performance Monitoring................................................................................................................................................ 73
Flow Monitor..............................................................................................................................................................74
Flow Mirror................................................................................................................................................................ 74
SAN Configuration with Access Gateway.......................................................................................76
Connectivity of Multiple Devices Overview.................................................................................................................76
Considerations for Connecting Multiple Devices...................................................................................................... 76
Direct Target Attachment...............................................................................................................................................76
Considerations for Direct Target Attachment............................................................................................................77
Target Aggregation.........................................................................................................................................................78
FOS-821-access-AG104
5
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Access Gateway Cascading..........................................................................................................................................78
Access Gateway Cascading Considerations............................................................................................................ 79
Fabric and Edge Switch Configuration........................................................................................................................79
Connectivity to Cisco Fabrics................................................................................................................................... 80
Enabling NPIV on a Cisco Switch..................................................................................................................... 80
Verifying the Switch Mode........................................................................................................................................ 80
Rejoining Fabric OS Switches to a Fabric.................................................................................................................. 81
Reverting to a Previous Configuration......................................................................................................................81
Troubleshooting..................................................................................................................................82
Revision History................................................................................................................................. 84
FOS-821-access-AG104
6
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Copyright Statement
Copyright © 2018–2020 Broadcom. All Rights Reserved. Broadcom, the pulse logo, Brocade, the stylized B logo, and
Fabric OS are among the trademarks of Broadcom in the United States, the EU, and/or other countries. The term
“Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,
function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does
not assume any liability arising out of the application or use of this information, nor the application or use of any product or
circuit described herein, neither does it convey any license under its patent rights nor the rights of others.
The product described by this document may contain open source software covered by the GNU General Public License
or other open source license agreements. To find out which open source software is included in Brocade products, to view
the licensing terms applicable to the open source software, and to obtain a copy of the programming source code, please
download the open source disclosure documents in the Broadcom Customer Support Portal (CSP). If you do not have a
CSP account or are unable to log in, please contact your support provider for this information.
FOS-821-access-AG104
7
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Introduction
About This Document
This document describes the Brocade® Access Gateway (AG) basic concepts, the platforms involved, port configuration in
AG mode, policy management, and SAN configuration.
What Is New in This Document
Starting with this release, all new and modified content is listed in the "Revision History" section at the end of this
document.
Supported Hardware and Software
The following hardware platforms are supported by Brocade Fabric OS® 8.2.x.
Brocade Gen 5 Platform (16Gb/s) Fixed-Port Switches
•Brocade 6505 Switch
•Brocade 6510 Switch
•Brocade M6505 blade server SAN I/O module
•Brocade 6542 blade server SAN I/O module
•Brocade 6543 blade server SAN I/O module
•Brocade 6545 blade server SAN I/O module
•Brocade 6546 blade server SAN I/O module
•Brocade 6547 blade server SAN I/O module
•Brocade 6548 blade server SAN I/O module
•Brocade 6558 blade server SAN I/O module
Brocade Gen 6 Platform (32Gb/s) Fixed-Port Switches
•Brocade G610 Switch
•Brocade G620 Switch
Key Access Gateway Terms
For definitions of the SAN-specific terms, visit the Storage Networking Industry Association (SNIA) online dictionary at:
http://www.snia.org/education/dictionary
The following terms are used in this manual to describe Brocade Access Gateway mode and its components.
Access Gateway (AG) A Fabric OS mode for switches that reduces storage area network (SAN) deployment complexity by
leveraging N_Port ID Virtualization (NPIV).
Advanced Device
Security (ADS) policy
A security policy that restricts access to the fabric at the AG level to a set of authorized devices.
device Any host or target device with a distinct WWN. Devices may be physical or virtual.
D_Port A port configured as a diagnostic port on an AG switch, connected fabric switch, or connected cascaded
AG switch to run diagnostic tests between the ports and test the link.
edge switch A fabric switch that connects host, storage, or other devices, such as switch running in Brocade Access
Gateway mode, to the fabric.
FOS-821-access-AG104
8
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
E_Port An inter-switch link (ISL) port. A switch port that connects switches together to form a fabric.
fabric system A fabric system consists of interconnected nodes that look like a single logical unit when viewed
collectively. A fabric system refers to a consolidated high-performance network system that consists of
coupled storage devices, networking devices, and parallel processing high-bandwidth interconnects such
as 8Gb/s, 10Gb/s, 16Gb/s, or 32Gb/s Fibre Channel ports.
FCoE Fibre Channel over Ethernet (FCoE) refers to a network technology that encapsulates Fibre Channel
frames over Ethernet networks. This allows Fibre Channel to use 10-Gigabit Ethernet or higher-speed
networks while preserving the Fibre Channel protocol.
F_Port A fabric port. A switch port that connects a host, host bus adapter (HBA), or storage device to the SAN. On
Brocade Access Gateway, the F_Port connects to a host or a target.
mapping In Access Gateway, mapping defines the routes between devices or F_Ports to the fabric-facing ports
(N_Ports).
N_Port A node port. An N_Port presents the AG-connected host or storage device to the fabric. On a Brocade
Access Gateway, the N_Port connects to the edge switch.
NPIV N_Port ID Virtualization. NPIV is a Fibre Channel facility that allows multiple F_Port IDs to share a single
physical N_Port. Multiple F_Ports can be mapped to a single N_Port. This allows multiple Fibre Channel
initiators to occupy a single physical port, easing hardware requirements in SAN design, especially for
virtual SANs.
Port Grouping
(PG) policy
The Port Grouping (PG) policy is used to partition the fabric, host, or target ports within an AG-enabled
module into independently operated groups.
Contacting Technical Support for Your Brocade® Product
For product support information and the latest information on contacting the Technical Assistance Center, go to https://
www.broadcom.com/support/fibre-channel-networking/. If you have purchased Brocade® product support directly from
Broadcom, use one of the following methods to contact the Technical Assistance Center 24x7.
Online Telephone
For nonurgent issues, the preferred method is to log in to
myBroadcom at https://www.broadcom.com/mybroadcom. (You
must initially register to gain access to the Customer Support
Portal.) Once there, select Customer Support Portal > Support
Portal. You will now be able to navigate to the following sites:
•Knowledge Search: Clicking the top-right magnifying glass
brings up a search bar.
•Case Management: The legacy MyBrocade case
management tool (MyCases) has been replaced with the Fibre
Channel Networking case management tool.
•DocSafe: You can download software and documentation.
•Other Resources: Licensing Portal (top), SAN Health (top and
bottom), Communities (top), Education (top).
Required for Severity 1 (critical) issues:
Please call Fibre Channel Networking Global Support at one of
the numbers listed at https://www.broadcom.com/support/fibre-
channel-networking/.
If you purchased Brocade product support from a Broadcom OEM/solution provider, contact your OEM/solution provider
for all your product support needs.
•OEM/solution providers are trained and certified by Broadcom to support Brocade products.
•Broadcom provides backline support for issues that cannot be resolved by the OEM/solution provider.
•Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade
expertise. For more information on this option, contact Broadcom or your OEM.
•For questions regarding service levels and response times, contact your OEM/solution provider.
FOS-821-access-AG104
9
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Document Feedback
Quality is our first concern. We have made every effort to ensure the accuracy and completeness of this document.
However, if you find an error or an omission or if you think that a topic needs further development, we want to hear from
you. Send your feedback to [email protected]. Provide the publication title, publication number, topic
heading, page number, and as much detail as possible.
FOS-821-access-AG104
10
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Access Gateway Basic Concepts
Brocade Access Gateway Overview
Brocade Access Gateway (AG) is a Fabric OS feature that you can use to configure your fabric to handle additional
devices instead of domains. You do so by configuring F_Ports to connect to the fabric as N_Ports, which increases the
number of device ports that you can connect to a single fabric. When a fabric switch operates in AG mode, it is referred to
as an AG device.
Multiple AG devices can connect to the following Brocade products:
•X6-4 and X6-8
•G610
•G620
•G630
•DCX 8510-4 and DCX 8510-8
•6505
•6510
•6520
•7810
•7840
Access Gateway is compatible with Cisco-based fabrics that support standards-based N_Port ID Virtualization (NPIV).
You can use the command line interface (CLI), Web Tools, SANnav, or Brocade Network Advisor to enable and disable
AG mode and configure the AG features on a switch. This document describes configuration using only CLI commands.
For more information, refer to the Brocade Fabric OS Command Reference Manual, the Brocade Fabric OS Web Tools
User Guide, the Brocade SANnav Management Portal and Global View User Guide, or the Brocade Network Advisor
User Guide.
After you enable AG mode on a switch, the F_Ports connect to the fabric as N_Ports rather than as E_Ports.
Switches in AG mode are logically transparent to the host and the fabric. Therefore, you can increase the number of hosts
that have access to the fabric without increasing the number of switch domains. AG mode simplifies configuration and
management in a large fabric by reducing the number of domain IDs and ports.
NOTE
In this document, a switch operating in Access Gateway mode is also referred to as an Access Gateway device
or AG device.
The following points summarize the differences between a Fabric OS switch functioning in Native operating mode and a
Fabric OS switch functioning in AG operating mode:
•The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as many physical ports,
consumes fabric resources, and can connect to a Fabric OS fabric only.
•A switch in AG mode is outside of the fabric; it reduces the number of switches in the fabric and the number of required
physical ports. You can connect a switch in AG mode to a Fabric OS, M-EOS, or Cisco-based fabric.
The following figures show differences between switch function in native mode and switch function in AG mode.
FOS-821-access-AG104
11
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Figure 1: Switch Function in Native Mode
FOS-821-access-AG104
12
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Figure 2: Switch Function in Access Gateway Mode
Fabric OS Features in Access Gateway Mode
The following table lists feature support for a switch that operates in Access Gateway mode. Feature support is indicated
in the following ways:
•Yes means that the feature is supported in Access Gateway mode.
•No means that the feature is not supported in Access Gateway mode.
•N/A means that the feature is not applicable in Access Gateway mode.
•Yes* means that the feature is transparent in Access Gateway mode.
•Yes** means that the feature is available on a Brocade enterprise fabric, but possibly not available if the enterprise
fabric is not a Brocade fabric.
For more information on features listed in the table, refer to the Brocade Fabric OS Administration Guide and the Brocade
Fabric OS Command Reference Manual.
FOS-821-access-AG104
13
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Table 1: Fabric OS Components Supported in Access Gateway Mode
Feature Support
Access Control Yes (limited roles)
Adaptive Networking Yes
Admin Domains No
Audit Yes
Beaconing Yes
Bottleneck Detection No
Buffer Credit Recovery (CR) Yes
See Buffer credit recovery support.
ClearLink Diagnostic Port (D_Port) Yes
See D_Port support.
Config Download/Upload Yes
Device Authentication Yes
See Device authentication support.
DHCP Yes
Duplicate PWWN Handling during Device Login Yes
See Duplicate PWWN handling during device login.
Encryption Configuration and Management No
Environmental Monitor Yes
Error Event Management Yes
Extended Fabrics No
Fabric Assigned PWWN (FA-PWWN) Yes
Fabric Device Management Interface (FDMI) Yes*
Fabric Manager Yes**
Fabric Performance Impact (FPI) Yes
On an AG switch set up with F_Port trunks, fabric performance
is monitored only on those F_Ports actually present on the AG
switch.
Fabric Provisioning No
Fabric Services No
Fabric Watch No
Fibre Channel Routing (FCR) Services No
Flow Vision
•Flow Monitor
•Flow Mirror
Yes
FICON (Includes CUP) No
Forward Error Correction (FEC) Yes
See Forward error correction support.
High Availability Yes
Hot Code Load Yes
IO Insight No
FOS-821-access-AG104
14
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Feature Support
License Yes**
Lightweight Directory Access Protocol (LDAP) Yes
Log Tracking Yes
Management Server NA
Manufacturing Diagnostics Yes
Monitoring and Alerting Policy Suite (MAPS) Yes
N_Port ID Virtualization (NPIV) Yes
Name Server NA
Native Interoperability Mode NA
Network Time Protocol (NTP) Yes
Open E_Port NA
Performance Monitor No
Persistent ALPA Yes
Port Decommission No
Port Mirroring No
QuickLoop, QuickLoop Fabric Assist No
Remote Authentication Dial-In User Service (RADIUS) Yes
Resource Monitor Yes
RLS Probing for NPIV Devices No
SANnav Management Portal Yes
Security Yes
ADS/DCC Policy
Slow-Drain Device Quarantining (SDDQ) Yes
See SDDQ Support.
SNMP Yes
Speed Negotiation Yes
Syslog Daemon Yes
TACACS+ Yes
Track Changes Yes
Trunking Yes**
User-Defined Roles Yes
Value Line Options (Static POD, DPOD) Yes
Virtual Fabrics No
See Virtual Fabrics support.
VM Insight No
Web Tools Yes
Zoning NA
Buffer Credit Recovery Support
Buffer credit recovery is a Fabric OS feature supported on 8Gb/s, 16Gb/s, and 32Gb/s platforms in the following
configurations:
FOS-821-access-AG104
15
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
•Between the AG device F_Port and a QLogic BR-1860 16Gb/s Host Bus Adapter (HBA) port running version 3.2 or
later firmware.
•Between the AG device F_Port and any device that supports credit recovery.
•Between the AG device N_Port and a Brocade fabric switch or a cascaded AG device F_Port.
NOTE
If a device that supports 16Gb/s or 32Gb/s is connected to a device that supports only 8Gb/s, buffer credit
recovery is disabled, even if both devices are running 8Gb/s.
Switch platforms support buffer credit recovery in R_RDY or VC_RDY mode. In R_RDY mode, buffer credit recovery
is supported without FA-PWWN and QoS. In VC_RDY mode, buffer credit recovery is supported with fabric-assigned
PWWN (FA-PWWN), FEC, QoS, and trunking.
Use the portcfgcreditrecovery command to enable and disable credit recovery. Refer to the Brocade Fabric OS
Command Reference Manual for more information.
Forward Error Correction Support
Forward error correction (FEC) is a Fabric OS feature that is supported in the following configurations:
•Between the AG device F_Port and a QLogic BR-1860 16Gb/s HBA port running version 3.2 or later firmware.
•Between the AG device N_Port and F_Port on a Brocade 16Gb/s or 32Gb/s fabric switch or cascaded AG switch.
Consider the following limitations for FEC:
•Supported on Brocade 16Gb/s and 32Gb/s platforms only.
•Enabled by default.
•Supported on specific switch platforms in R_RDY mode or VC_RDY mode. For more information, refer to the Brocade
Fabric OS Administration Guide.
Virtual Fabrics Support
Virtual Fabrics is a Fabric OS feature supported on 8Gb/s, 16Gb/s, and 32Gb/s platforms with the following limitations:
•A switch cannot be enabled for both the Virtual Fabrics and AG mode.
Device Authentication Support
By default, Fabric OS use the Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) or the Fibre
Channel Authentication Protocol (FCAP) for authentication. These protocols use shared secrets and digital certificates,
based on switch WWN and public key infrastructure (PKI) technology, to authenticate switches.
Authentication automatically defaults to FCAP when both the devices are configured to accept FCAP authentication. To
use FCAP on both devices, PKI certificates must be installed. If a PKI certificate is present on each device, FCAP has
precedence over DH-CHAP.
If ports are configured for in-flight encryption, authentication defaults to DH-CHAP. Both devices must be configured to
accept DH-CHAP for authentication.
If DH-CHAP or FCAP fail to authenticate, the Access Gateway port is disabled.
Authentication policy is supported in the following configurations for Access Gateway devices:
FOS-821-access-AG104
16
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
•An Access Gateway device N_Port connected to a Brocade fabric switch F_Port. The N_Port enables authentication
when authentication is enabled on the connected switch. Enable the switch policy on the AG device, and enable the
device policy on the fabric switch.
•An Access Gateway switch F_Port connected to an HBA. The F_Port enables authentication when the connected
device sends a login request with authentication enabled. Enable the device policy on the AG device. For
authentication between an AG device and an HBA, use DH-CHAP. The HBA supports DH-CHAP only.
For details on installing FCAP certificates and creating DH-CHAP secrets on the switch in AG or Native mode, refer to the
Brocade Fabric OS Administration Guide or the Brocade Fabric OS Command Reference Manual.
For general information on authentication, refer to the authentication policy for fabric elements in the Brocade Fabric OS
Administration Guide.
Supported Policy Modes
A switch in Access Gateway mode supports the following switch and device policy modes:
•On: Strict authentication is enforced on all ports. During AG initialization, authentication is enabled on all ports. The
ports on the AG device that are connected to another switch or device are disabled when the connected switch or
device does not support authentication or when the policy mode is set to off.
•Off: Authentication is disabled. The AG device does not support authentication and rejects any authentication
negotiation request from the connected fabric switch or HBA. Off is the default mode for both the switch and the device
policy. You must configure DH-CHAP shared secrets or install FCAP certificates on the AG device and connected
fabric switch before changing a policy mode from off to on.
•Passive: Incoming authentication requests are accepted. The AG device does not initiate authentication when
connected to a device, but it accepts incoming authentication requests if the connecting device initiates authentication.
The F_Ports on the AG device are not disabled if the connecting device does not support authentication or the
policy mode is off. Passive mode is the safest mode for an AG device when the connected devices do not support
authentication.
For device policy support, the AG device supports policy modes on, off, and passive.
For switch policy support, the AG device supports policy modes on and off.
The following tables describe interactions between switch policy modes on the AG device and policy modes on the
connected devices for both fabric switches and HBAs.
Table 2: Behavior of AG Sending Device and Receiving Fabric Switch with Different Policies Configured
Fabric Switch, Device Policy
Mode On
Fabric Switch, Device Policy
Mode Passive
Fabric Switch, Device Policy
Mode Off
AG Device, Switch Policy
Mode On
Authorization
negotiation – accept
DH-CHAP/FCAP:
•Success – N_Port
•Failure – disable
Authorization
negotiation – accept
DH-CHAP/FCAP:
•Success – N_Port
•Failure – disable
Authorization
negotiation – reject
N_Port without authentication
AG Device, Switch Policy
Mode Off
No negotiation
No light
No negotiation
N_Port without authentication
No negotiation
N_Port without authentication
FOS-821-access-AG104
17
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Table 3: Behavior of HBA Sending Device and Receiving AG Device with Different Policies Configured
AG Device, Device Policy
Mode On
AG Device, Device Policy
Mode Passive
AG Device, Device Policy
Mode Off
HBA, Authentication Enabled Authorization
negotiation – accept
DH-CHAP:
•Success – F_Port
•Failure – disable
Authorization
negotiation – accept
DH-CHAP:
•Success – F_Port
•Failure – disable
Authorization
negotiation – reject
F_Port without authentication
HBA, Authentication Disabled No negotiation
No light
No negotiation
F_Port without authentication
No negotiation
F_Port without authentication
Supported Fabric OS Commands
The following Fabric OS commands for authentication policy apply to AG mode:
•authutil --policy
•authutil --set
•authutil --show
•secauthsecret --set
•secauthsecret --show
NOTE
Although authutil --authinit is not supported in AG mode, it is supported in Native mode.
For more information, refer to the Brocade Fabric OS Command Reference Manual.
Limitations and Considerations
Be aware of the following limitations and considerations when configuring the authentication policy on an AG device:
•Authentication policy is not supported on cascaded AG device configurations.
•If the authentication policy is disabled on the fabric switch, the AG device N_Port will come online without the
authentication policy.
•Device and switch policies must be disabled on the AG device before converting it to Native mode.
•Device and switch policies must be disabled on the fabric switch in Native mode before converting it to AG mode.
•The authentication policy is disabled by default on all ports in AG mode.
AG Mode without All Ports on Demand Licenses
Consider the following points while running switches in AG mode without Ports on Demand (PoD) licenses:
•By default, configured N_Ports will come up as disabled because a PoD license is not installed for those ports.
•All F_Ports mapped to the default N_Port will come up as disabled with the following message displayed: N-Port
Offline for F-Port.
•You must manually configure N_Ports in the AG device using the portcfgnport command, and you must move the
cable connections accordingly.
•You can update the N_Port-to-F_Port mapping using the ag --mapdel and ag --mapadd commands.
FOS-821-access-AG104
18
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
Password Distribution Support
You can distribute the password database to all switches that are connected to the same fabric whether they are in AG
mode or Native mode. Use the distribute command on any switch that is in Native mode to distribute the password
database to all AG devices and switches connected to the same fabric. You can selectively distribute the password
database by specifying the AG device name, or you can use a wildcard-matching character (* ) to distribute it to all
switches and AG devices.
Consider the following points when configuring password distribution:
•On the AG device, the fddcfg command is used to accept or reject the password database from any of the switches
in the same fabric.
•Other databases supported by fddcfg are not supported on AG devices.
•Virtual Fabrics (VF) mode distribution does not apply to an AG device.
•The distribute command is not supported in AG mode. Therefore, an AG device cannot distribute its password
database to switches that are in Native mode.
•On the cascaded setup, only the core AG name must be used for distributing password from native mode. The core
AG will automatically distribute the password to the edge AG devices. password distribution directly to an edge AG is
not supported.
FDMI Support
An AG device can register its N_Port with FDMI devices. Use the fdmishow command to display the device details in AG
mode. The fdmishow command displays only the local devices. Remote device details cannot be displayed.
NTP Configuration Distribution to Access Gateways
You can distribute the NTP server configuration to core AG devices connected to the fabric. The core AG
devices distribute the NTP configuration to other cascaded or edge AG devices. However, AG devices are not capable of
distributing the NTP configuration to other switches in the fabric.
In switch mode, the principal or primary FCS switch synchronizes its time with the external NTP server every 64 seconds
and sends time updates to other switches in the fabric. The time updates are not sent in-band to AG devices. An
AG device need not sync with the external NTP server because it can receive the NTP server configuration from the
connected Fabric OS switch. If the AG device is connected to more than one fabric, the latest clock server request
received is used.
Consider the following points when distributing the NTP server configuration:
•The tsClockServer command distributes the NTP server configuration to all switches within the fabric and to AG
devices connected to the same fabric.
•Already distributed NTP server configurations will persist on the AG device after downgrading the firmware from Fabric
OS 8.0.1 or later to an earlier version on supported platforms.
•Already distributed NTP server configurations will persist on the AG device after downgrading the firmware from
Fabric OS 8.0.1 or later to an earlier version on supported platforms. However, the AG device cannot distribute any
configuration to the edge AG devices.
Remote Fosexec Support
For Fabric OS 8.1.0 and later, you can enable the Remote Fosexec feature and use the fosexec command to issue
Fabric OS commands on AG devices in remote domains across the fabric. Before this release, you needed to log in to
individual remote AG devices to issue commands.
FOS-821-access-AG104
19
FOS-821-access-AG104 User Guide Brocade® Fabric OS® Access Gateway User Guide, 8.2.x
NOTE
You must use the configure command to enable the Remote Fosexec feature on both the sending and
receiving AG device. By default, Remote Fosexec is disabled. Refer to the Brocade Fabric OS Command
Reference Manual for more information.
When Remote Fosexec is enabled, you can use fosexec to enable a command on all AG devices in a fabric or on
a specific remote AG device while logged into a local device. The following is an example of using the fosexec with
switchshow to display switch data.
•Execute the following command to issue the switchshow on a remote AG device named Core_AG_2 .
switch:admin> fosexec --ag Core_AG_2 -cmd "switchshow"
•Execute the following command to issue the switchshow on all remote AG devices in the fabric.
switch:admin> fosexec --ag all -cmd "switchshow"
You can use fosexec to issue commands that display statistics and monitoring (show commands). You cannot issue
commands that modify a switch state or display security-relevant states.
The following commands are supported in Fabric OS v8.1.0 and later in AG mode:
•ag --show
•ag --modeshow
•ag --mapshow
•ag --policyshow
•ag --failbackshow
•ag --pgshow
•ag --failovershow
•ag --prefshow
•ag --adsshow
•ag --wwnmapshow
•ag --reliabilitycountershow
•ag --reliabilityshow
•ag --backupmappingshow
NOTE
The fosexec command cannot be issued on a device configured in AG mode. Therefore, you cannot issue
commands on a remote AG device from a device configured in AG mode.
Commands issued using fosexec have the following limitations:
•They can fetch 64 KB of data from a remote switch or domain only.
•They are not supported in FIPS mode.
•They cannot be interactive.
•They will not work if they take longer than 15 seconds to complete.
For details on the Remote Fosexec feature and using the fosexec command for issuing commands on remote AG
devices, refer to the Brocade Fabric OS Command Reference Manual.
FOS-821-access-AG104
20
This manual suits for next models
10
Table of contents
Other Broadcom Gateway manuals
