Brocade Communications Systems 53-1002163-02 CEE audit logs

42 Converged Enhanced Ethernet Administrator’s Guide

53-1002163-02

CEE audit logs

5

DRAFT: BROCADE CONFIDENTIAL

CEE audit logs

The CEE audit logs record all changes made by authorized users. This information is always

present, irrespective of the configuring entity. Because redundant configuration is not recorded,

only configuration changes that have resulted in some change in the running-config file on the

system are logged.

In addition to configuration commands, the copy and clear commands, which alter the system

state, are logged. On the local system, the logs are maintained in a circular buffer with a capacity of

256 entries. The audit log infrastructure of the Fabric OS is used here and the capacity of 256

entries is shared between the Fabric OS and CEE audit logs.

Table 3 shows the components of the CEE audit logs.

To configure CEE audit logs, perform these steps from the Fabric OS command shell.

1. CEE audit logging is disabled by default. It must be enabled explicitly by using the auditcfg

command from the Fabric OS shell. See the Fabric OS Command Reference Manual

Supporting Fabric OS v6.4.0 for details.

switch>auditcfg –-enable

2. The CEE audit logs belong to the CONFIGURATION class of audit logs. The filter for this class

must be enabled by using the auditcfg command from the Fabric OS shell. See the Fabric OS

Command Reference Manual Supporting Fabric OS v6.4.0 for details.

switch>auditcfg –-class 3

3. Activate privileged EXEC mode.

switch>cmsh

switch#enable

switch#

TABLE 13 Format of the CEE audit logs

Name Example Description

Timestamp 2009/05/12-21:25:57 Date and time at which the log was

generated

User Root User’s login name

Role Root User’s RBAC role

IP 10.2.2.47 IP address of the user’s computer

Session telnet The virtual console from which the

user executed the command

Hostname EL34 Host name of the switch

Mode Config The configuration mode in which the

command was executed

Command rmon event 15 The CLI command that altered the

configuration

Contents

Main Brocade Communications Systems, Incorporated Document History November 2009 Title Publication number Summary of changes Date Converged Enhanced Ethernet Administrators Guide Page Page Contents About This Document Chapter 1 Introducing FCoE Chapter 2 Using the CEE CLI Chapter 3 Configuration management Chapter 4 FCoE Configuration Management Chapter 5 Initial FCoE and CEE Configuration Chapter 6 Configuring VLANs Chapter 7 Configuring STP, RSTP, and MSTP Chapter 8 Configuring Link Aggregation Chapter 9 Configuring LLDP Chapter 10 Configuring ACLs Chapter 11 Configuring QoS Chapter 12 Configuring 802.1x Port Authentication Chapter 13 Configuring IGMP Chapter 14 Configuring RMON Page Figures Page Tables Page About This Document How this document is organized Supported hardware and software Whats new in this document Document conventions Text formatting Command syntax conventions Notes, cautions, and warnings TABLE 1 Notice to the reader Additional information Brocade resources Other industry resources Getting technical help Document feedback Introducing FCoE FCoE terminology FCoE overview FCoE hardware Layer 2 Ethernet overview FIGURE 1 Layer 2 forwarding VLAN tagging Loop-free network environment Frame classification (incoming) Congestion control and queuing Page Access control Trunking Flow Control FCoE Initialization Protocol FIP discovery FIP login FIP logout FCoE login FCoE logout Logincfg Name server FC zoning Registered State Change Notification (RSCN) FCoE queuing Upgrade and downgrade considerations for FCoE Using the CEE CLI Management Tools CEE Command Line Interface Saving your configuration changes Saving configuration changes with the copy command Saving configuration changes with the write memory command CEE CLI RBAC permissions Accessing the CEE CLI from the Fabric OS shell CEE CLI command modes FIGURE 2 CEE Command Line Interface TABLE 4 CEE Command Line Interface 2 Table 5 lists CEE CLI keyboard shortcuts. CEE CLI keyboard shortcuts TABLE 4 Command mode Prompt How to access the command mode Description Using the do command as a shortcut Displaying CEE CLI commands and command syntax CEE CLI command completion CEE CLI command output modifiers TABLE 6 Configuration management Configuration management tasks CEE configuration guidelines and restrictions Display the running configuration file Saving the running configuration file Loading the startup configuration file Erasing the startup configuration file. Archiving the running configuration file Flash file management commands Debugging and logging commands TABLE 7 TABLE 8 FCoE Configuration Management In this chapter Managing the FCoE configuration FCoE configuration guidelines and restrictions Configuring the FCoE login information Enabling or disabling login configuration management Configuring the FCoE login information 4 Managing the current configuration transaction Perform the following tasks to display the FCoE login configuration. Cleaning up login groups and VN_port mappings Perform the following tasks to clean up login groups and VN_port mappings. Displaying the FCoE login configuration Creating an FCoE login group Creating an FCoE login group 4 Modifying the FCoE login group device list Perform the following task to rename an FCoE login group. Perform the following tasks to add or remove VN_port devices from the FCoE login group. Deleting an FCoE login group Perform the following task to delete an FCoE login group. Page Initial FCoE and CEE Configuration Overview End to End FCoE using FC ISLs FIGURE 3 FCoE Logical Port Numbering FCoE port-to-front end TenGigabit port mapping High availability Hot plug Control Processor failover ATTENTION TABLE 9 High availability reference This section contains reference tables for high availability. TABLE 10 Operation, data, or state Expected behavior Configuring the FCoE interfaces Configuring the FCoE VLAN TABLE 10 Assigning an FCoE map onto an interface Configuring DCBX Configuring Spanning Tree Protocol Configuring VLAN membership CEE map configuration TABLE 11 Defining a Priority Group Table map TABLE 12 TABLE 11 Defining a Priority-Table map Applying a CEE provisioning map to an interface Verifying the CEE maps CEE audit logs TABLE 13 Page Page Configuring VLANs VLAN overview Ingress VLAN filtering - - - - VLAN configuration guidelines and restrictions Default VLAN configuration VLAN configuration and management Enabling and disabling an interface port Configuring the MTU on an interface port Creating a VLAN interface Enabling STP on a VLAN Disabling STP on a VLAN Configuring a VLAN interface to forward FCoE traffic Configuring an interface port as a Layer 2 switch port Configuring an interface port as an access interface Configuring an interface port as a trunk interface Disabling a VLAN on a trunk interface Configuring an interface port as a converged interface Disabling a VLAN on a converged interface Configuring protocol-based VLAN classifier rules Configuring a VLAN classifier rule Configuring MAC address-based VLAN classifier rules Deleting a VLAN classifier rule Creating a VLAN classifier group and adding rules Activating a VLAN classifier group with an interface port Configuring the MAC address table Specifying or disabling the aging time for MAC addresses Adding static addresses to the MAC address table Page Configuring STP, RSTP, and MSTP STP overview Configuring STP RSTP overview TABLE 15 Configuring RSTP MSTP overview Configuring MSTP STP, RSTP, and MSTP configuration guidelines and restrictions Default STP, RSTP, and MSTP configuration STP, RSTP, and MSTP configuration and management Enabling STP, RSTP, or MSTP TABLE 17 TABLE 18 Disabling STP, RSTP, or MSTP Shutting down STP, RSTP, or MSTP globally Specifying the bridge priority Specifying the bridge forward delay Specifying the bridge maximum aging time Enabling the error disable timeout timer Specifying the error disable timeout interval Specifying the port-channel path cost Specifying the bridge hello time (STP and RSTP) Specifying the transmit hold count (RSTP and MSTP) Enabling Cisco interoperability (MSTP) Disabling Cisco interoperability (MSTP) Mapping a VLAN to an MSTP instance Specifying the maximum number of hops for a BPDU (MSTP) Specifying a name for an MSTP region Specifying a revision number for an MSTP configuration Flushing MAC addresses (RSTP and MSTP) Clearing spanning tree counters Clearing spanning tree-detected protocols Displaying STP, RSTP, and MSTP-related information Configuring STP, RSTP, or MSTP on CEE interface ports Enabling automatic edge detection Configuring the path cost Enabling a port (interface) as an edge port Enabling the guard root Specifying the MSTP hello time Specifying restrictions for an MSTP instance Specifying a link type Enabling port fast (STP) Specifying the port priority Restricting the port from becoming a root port Restricting the topology change notification Enabling spanning tree Disabling spanning tree Page Configuring Link Aggregation Link aggregation overview Link Aggregation Group configuration Page Link aggregation overview 8 Converged Enhanced Ethernet Administrators Guide 81 53-1002163-02 FIGURE 5 FIGURE 6 Link Aggregation Control Protocol Dynamic link aggregation Static link aggregation Brocade-proprietary aggregation LACP configuration guidelines and restrictions Default LACP configuration LACP configuration and management Enabling LACP on an CEE interface Enabling LACP on an interface in Layer 2 mode Configuring the LACP system priority Configuring the LACP timeout period on a CEE interface Clearing LACP counter statistics on a LAG Clearing LACP counter statistics on all LAG groups LACP troubleshooting tips Page Configuring LLDP LLDP overview Layer 2 topology mapping - DCBX overview Enhanced Transmission Selection (ETS) Priority Flow Control (PFC) TABLE 20 DCBX interaction with other vendor devices LLDP configuration guidelines and restrictions Default LLDP configuration LLDP configuration and management Enabling LLDP globally Disabling and resetting LLDP globally Configuring LLDP global command options TABLE 21 Specifying a system name for the Brocade FCoE hardware Specifying an LLDP system description for the Brocade FCoE hardware Specifying a user description for LLDP Enabling and disabling the receiving and transmitting of LLDP frames Configuring the transmit frequency of LLDP frames Configuring the hold time for receiving devices Advertising the optional LLDP TLVs Configuring the advertisement of LLDP DCBX-related TLVs Configuring FCoE priority bits Configuring iSCSI priority bits Configuring LLDP profiles Configuring the iSCSI profile Configuring LLDP interface-level command options Clearing LLDP-related information Displaying LLDP-related information Page Page Configuring ACLs ACL overview Default ACL configuration ACL configuration guidelines and restrictions ACL configuration and management Creating a standard MAC ACL and adding rules TABLE 22 Creating an extended MAC ACL and adding rules Modifying MAC ACL rules Removing a MAC ACL Reordering the sequence numbers in a MAC ACL Applying a MAC ACL to a CEE interface Applying a MAC ACL to a VLAN interface Page Configuring QoS QoS overview Rewriting Queueing User-priority mapping Default user-priority mappings for untrusted interfaces Configuring the QoS trust mode TABLE 23 TABLE 24 Configuring user-priority mappings Creating a CoS-to-CoS mutation QoS map Applying a CoS-to-CoS mutation QoS map Traffic class mapping Unicast traffic TABLE 25 Multicast traffic Mapping CoS-to-Traffic-Class Activating a mapping CoS-to-Traffic-Class TABLE 26 Verifying a mapping CoS-to-Traffic-Class Congestion control Tail drop FIGURE 7 Changing the Tail Drop threshold Ethernet pause Enabling Ethernet Pause Ethernet Priority Flow Control Enabling an Ethernet PFC Multicast rate limiting Creating a receive queue multicast rate-limit Scheduling Strict priority scheduling FIGURE 9 FIGURE 8 Deficit weighted round robin scheduling Traffic class scheduling policy FIGURE 10 Scheduling the QoS queue TABLE 27 Multicast queue scheduling CEE map configuration TABLE 28 TABLE 29 Defining a priority group table Defining a priority-table map TABLE 30 Applying a CEE provisioning map to an interface Verifying the CEE maps Configuring 802.1x Port Authentication 802.1x protocol overview 802.1x configuration guidelines and restrictions 802.1x authentication configuration tasks Configure authentication between the switch and CNA or NIC Interface-specific administrative tasks for 802.1x Configuring 802.1x on specific interface ports Configuring 802.1x timeouts on specific interface ports Configuring 802.1x re-authentication on specific interface ports Disabling 802.1x on specific interface ports Page Configuring IGMP About IGMP Active IGMP snooping Multicast routing Configuring IGMP Configuring IGMP snooping querier Configuring IGMP snooping mrouter Monitoring IGMP Configuring RMON RMON overview RMON configuration and management Default RMON configuration Configuring RMON settings Configuring RMON events Configuring RMON history collection Page Appendix A Brocade 8000 Replacement Page Page Page Page Page Index Symbols Numerics B C D E F G H I K L M N O P Q R S T U V W Z