HP AARTDZHTE/958000284008 manual Advanced Fabric Diagnostics, ISL fencing

Page 17

Enhanced Maintenance Port Security—This allows users to enable enhanced authorization on the maintenance port, which is the switch or director RS-232 connection. Enhanced Authorization mode enforces stronger security policies, requiring users to change the well-known password to a case- sensitive private password the first time they use the maintenance port. Subsequent access by service personnel will require log in through the private customer-level access.

Security Log—The Security Log is a new log available in EWS, CLI, and HAFM that records various events concerning integrity of a switch. This includes authorization or authentication problem detection, and approved and invalid access attempts. Each log entry provides an event number or reason, a date/time stamp, a trigger level (a type of security event severity), an event count, and a category and data pertaining to the specific event. The log wraps at 200 entries. This log provides customers with details to track down attempted security threats and identify the source of problems that might jeopardize the switch integrity.

IP Access Control List—This allows users to establish a list of IP addresses from which the switch is allowed to accept connections. This prevents users who have access to the Ethernet LAN from attempting to access the Fibre Channel switches. Connection attempts from unauthorized IP addresses are ignored by the switch, making it appear that no device is connected. This is primarily intended for environments that are not on a private, inaccessible subnet, such as when installed in most cabinet configurations with a dual-NIC HAFM appliance Processor.

Advanced Fabric Diagnostics

This provides tools to monitor the fabric and identify potential problems before they impact network and application performance. Tools include ISL Fencing, new switch-centric Fabric and Embedded Port Logs, an Audit Log for the embedded user interfaces, and access to the Digital Diagnostic capabilities included with newer SFP transceivers.

ISL fencing

Also called Port Fencing, this feature allows customers to set up policies for blocking an ISL when problems occur that cause an ISL to “bounce” or repeatedly attempt to establish a connection. Any time an ISL is brought up or down, a fabric rebuild occurs, which can cause disruption in some environments. ISL Fencing will lessen the likelihood of having a problematic ISL connection disrupt a SAN.

To configure this feature, users set policies with thresholds based on the number of port events occurring during a set time period. If a port generates enough events to exceed the policy threshold, the port is automatically blocked and the user is notified. Transmit and receive traffic is disabled until the user can investigate, solve the problem, and manually unblock the port.

Edge Switch release notes

15

Image 17
Contents HP StorageWorks Edge Switch release notes Edge Switch release notes Firmware version Release notes informationIntended audience Other edge switch documentation CD-ROM directory structure Supported configurations Minor Code Enhancements and Fixes in fw Cable requirementsImportant information Documentation released with firmware 07.00.00 and Hafm Features not supported in this releaseOccasional Ethernet hang issue is resolved HP and McDATA terminology Hafm and firmware compatibility Hafm and firmware compatibilityUpgrading from an earlier version of firmware Prerequisites for installing and using firmwareConsiderations for downgrading the version of firmware Upgrading firmware on an edge switch from 04.xx.xx toEdge Switch release notes Hafm upgrade required for firmware version Zone FlexPar feature Enhanced SANtegrity Security Suite Standard featuresISL fencing Advanced Fabric DiagnosticsSome IP addresses must be avoided Default zone is disabled by defaultOsms change Snmp changes Hard zoningZoning change Rscn control Zoning limitations Using the same firmwareDisconnecting the null modem cable Reinstalling feature licensesEthernet switch support CTP controls port lightsCLI threshold alerts CLI show.eventLog commandMihpto value EWS enhancementsBBCredit Allocation for ports Changing password in CLINvram caching Robust large fabricsFull-fabric capability for Edge Switch 2/12 Known issuesHSG80 transparent mode not supported with IBM AIX WorkaroundSupport for speed Auto-Negotiate Ports may accumulate spurious events Snmp issues