Security | Brocade Communications Systems DCX 8510-4 manual

1 Security

Security

The following list highlights some of the key security features available for the Brocade DCX 8510-4 and for other Brocade enterprise-class products running Fabric OS 7.0.1 or later. For details, contact your Brocade DCX 8510-4 supplier and refer to the Brocade White Paper, “The Growing Need for Security in Storage Area Networks.”

•DH-CHAP

•SSHv2 (using AES, 3DES, RSA)

•HTTPS (using AES)

•SNPMv3

•FC-SP

•Secure RPC

•Secure file copy (SCP)

•Telnet disable

•Telnet timeout

•IP filters (block listeners)

•Secure passwords (centralized control through RADIUS/CHAP)

•Multiple user accounts (MUAs). Up to 255.

•Role-based access controls (RBACs)

•Administrative domains/Virtual fabrics

•Boot PROM password reset

•Password hardening policies

•Up front login in Web Tools

•Login banner

•Monitoring of attempted security breaches (through audit logging)

•Monitoring of attempted security breaches (through Fabric Watch Security Class)

•Fibre Channel security policies: DCC and SCC

•Trusted Switch (FCS) for central security management

•Management access controls (SNMPv3, Telnet, FTP, serial port, front panel)

•Hardware-enforced zoning by WWN, domain/port ID, or both

•Default zoning

•RSCN suppression and aggregation

•Configurable RSCN suppression by port

•NTPv3 (to synchronize timestamps)

•Event auditing

•Change tracking

•Firmware change alerts in Fabric Manager

•Persistent port disable

•Persistent domain ID

•E_Port disable

10	Brocade DCX 8510-4 Backbone Hardware Reference Manual
	53-1002177-05

Image 30

Brocade Communications Systems DCX 8510-4 manual Security, SSHv2 using AES, 3DES, RSA Https using AES SNPMv3

Contents

Brocade DCX 8510-4 Backbone Brocade Communications Systems, Incorporated Brocade DCX 8510-4 Backbone Hardware Reference Manual Brocade DCX 8510-4 Backbone Hardware Reference Manual Contents Chapter Logging In and Configuring the Brocade DCX This chapter Monitoring overview Chapter Removal and Replacement Procedures Appendix a Specifications This appendix DiagnosticsTroubleshooting FS8-18 blade FX8-24 blade Brocade DCX 8510-4 Backbone Hardware Reference Manual Figures Page Tables Page This chapter How this document is organized Document conventions Supported hardware and softwareWhat’s new in this document Text formatting Command Option, option Argument, arg Command syntax conventionsCommand examples Show WWN Additional information Brocade resourcesCorporation Referenced Trademarks and Products Getting technical help Other industry resources Document feedback Documentation@brocade.com Brocade DCX 8510-4 features Brocade DCX 8510-4 Backbone Overview Brocade DCX 8510-4 hardware components Page Port side of the Brocade DCX 8510-4 sample configuration Port side of the Brocade DCX Brocade DCX 8510-4 hardware components Nonport side of the Brocade DCX Brocade DCX 8510-4 blades Description Name Function High availability Reliability Serviceability Software features SSHv2 using AES, 3DES, RSA Https using AES SNPMv3 Security Network manageability Network manageability Installation of the Brocade DCX Time and items required Preparing for Brocade DCX 8510-4 installation Installation task Time estimate Items requiredPage Unpacking and installing the Brocade DCX Unpacking and installing the Brocade DCXUse safe lifting practices when moving the product. C015 Items included with the Brocade DCX Items included with the Brocade DCX Providing power to the Brocade DCX Providing power to the Brocade DCXPort numbering Chassis slots Cable management High density cabling Installing inter-chassis link Qsfp cables optional Cable management Logging In and Configuring the Brocade DCX Configuring the Brocade DCX Illustrates the flow of the basic configuration tasks Establishing a serial connection to the Brocade DCX Logging in to the serial console port Proceed to the next taskParameter Value Configuring the IP addresses SwDiradmin ipaddrset -chassis Ethernet IP Address 0.0.0.0 Establishing an Ethernet connection to the Brocade DCX Customizing a switch name Customizing a chassis nameRecord the new name for reference Setting the date Setting the domain IDSetting the date and time Enter configure Setting the time zone You are prompted to select a general location Verifying the PID mode Verifying the PID modeSynchronizing local time Determining installed software licenses Installing transceivers and attaching cablesInstalling SFP+ and mSFP transceivers and cables Installing Qsfp transceivers and cables OFF Managing cables Managing cables Powering off the Brocade DCX ConfigShow IpaddrShow LicenseShow SwitchShow Powering off the Brocade DCX Powering off the Brocade DCX Monitoring System Components Monitoring overview 820000 Online SW Blade AP Blade AGC2M03FR7T Blade illustrations Illustrates the FC8-64 port blade FC8-32E port blade FC16-32 port blade FS8-18 encryption blade Color Status Recommended action PortCfgPersistentEnable LED purpose Color Status Recommended action Determining the status of a control processor blade CP8 Determining the status of a control processor blade CP8 Determining the status of a core switch blade CR16-4 Determining the status of a core switch blade CR16-4 Determining the status of a power supply Qsfp Determining the status of a blower assembly Determining the status of a blower assembly Determining the status of a WWN card Determining the status of a WWN card Type of message Sample error message WWN unit fails to power on WWN bezel logo plate for DCX Determining the status of a WWN card ESD precautions Introduction Time and items required Chassis door removal and replacementChassis door removal and replacement Removing a chassis door Vertical cable management fingers removal and replacement Removing a cable management finger assemblyVertical cable management fingers removal and replacement Replacing a cable management finger assembly Removing a blade Replacing a blade Blade filler panel removal and replacement Blade filler panel removal and replacementRemoving a filler panel Control processor blade CP8 removal and replacement Control processor blade CP8 removal and replacementReplacing a filler panel Faulty CP blade indicators Recording critical Brocade DCX 8510-4 information Removing a control processor blade CP8 Replacing a control processor blade CP8 Verifying operation of the new CP blade Downloading firmware from an FTP server Downloading firmware from a USB device Brocade DCX 8510-4 Backbone Hardware Reference Manual Completing the replacement Core switch blade CR16-4 removal and replacement Faulty core switch blade indicators Removing a core switch blade CR16-4 Power supply removal and replacement Replacing a core switch blade CR16-4Power supply removal and replacement Identifying power supplies Removing a power supply Blower assembly removal and replacement Replacing a power supplyUse this procedure to remove and replace a blower assembly Removing a blower assembly WWN card removal and replacement Replacing a blower assembly Verifying the need for replacement Preparing for the WWN card replacementRemoving the WWN bezel logo plate and WWN card Brocade DCX 8510-4 Backbone Hardware Reference Manual Transceiver removal and replacement Replacing the WWN card and WWN bezel logo plate Removing an SFP+ transceiver Replacing an SFP+ transceiver Removing and replacing an mSFP optical transceiver Inter-chassis link Qsfp cable removal and replacement Use this procedure to remove and replace a Qsfp cable Qsfp cable insertion Removing an ICL cable Replacing an ICL cableComplete the following steps to replace a Qsfp cable Possible ICL configurations Chassis 1 DCX Chassis 2 DCX DCX 8510 core/edge ICL topology Brocade DCX 8510-4 chassis removal and replacement DCX 8510 full mesh ICL topology Faulty Brocade DCX 8510-4 chassis indicators Critical information checklist Recording critical Brocade DCX 8510-4 and SAN information Switch NsShow NsAllShow SwitchShow -qsfp FabricShow Disconnecting from the network and fabric Sysshutdown Installing the replacement chassis Removing components from the chassis Installing components into the new chassis Downloading the configuration Switchadmin configdownload -all Verifying correct operation of the system Reconnecting the system to the network and fabric Verifying correct configuration of the fabric NsShow NsAllShow SwitchShow FabricShowLscfg --showif using the Virtual Fabric feature Cable routing table Cable routing table for Brocade DCX 8510-4 64 ports shown Slot Port Switch end Device end Slot/portPage General specifications This appendixDescription System architecture General specifications FeatureDescriptionSystem architecture System size and weight System size and weight System architectureFeature Description System Size or weight System blade and FRU weightsSystem blade and FRU weights System size and weight Weight Environmental requirements Facility requirements System FRU weightsFacility requirements Condition Acceptable range during operation Fibre Channel port specifications Power specifications Blade or fan Maximum SpecificationValueUnits Power Draw Ports per blade Number of blades Demand Power cordsPower cords Power demands per component VAC nominal Power cords Power cord types international All locations Power cords Power cord types international Power cord notice Power cord notice Japan DenanData transmission ranges Multimode media Qualified cables for the FC8-64 port bladeForm factor Speed Type Microns OM1 OM2 OM3 OM4 Safety notices Regulatory compliance Vcci statement Japan FCC warning US onlyKCC statement Republic of Korea Bsmi statement Taiwan German statement CE statementCanadian requirements Laser compliance China RoHS SafetyEnvironmental regulation compliance Country Standards Environmental Protection Use Period Epup Disclaimer Environmental regulation compliance Environmental regulation compliance Environmental regulation compliance Application and Encryption Blades FS8-18 blade FX8-24 blade FcipPage FX8-24 blade Diagnostics and Troubleshooting Interpreting Post and boot results Command Information displayedObtaining chassis and component status Diagnostics Boot Troubleshooting Troubleshooting the Brocade DCXIssue Possible cause Recommended action Troubleshooting Troubleshooting the Brocade DCX See the Fabric OS Administrator’s Guide for Source of the problem or replace the blade as Port Numbering Template Port Numbering Template FC16-48 port blade GbE ports FC ports Blade Power LED Blade Status LED Index 144 145 RRP 147