Manuals / Q-Logic / Computer Equipment / Switch

Q-Logic 2-8C manual Fabric Security, User Account Security, Fabric Services

Models: 2-8C

1 204

Download 204 pages 6.42 Kb

Page 47

0	3 – Planning
	3 – Planning
	Fabric Security

3.5

Fabric Security

Fabric security consists of the following:

User account security

Fabric services

3.5.1

User Account Security

User account security consists of the administration of account names, passwords, expiration date, and authority level. If an account has Admin authority, all management tasks can be performed by that account in both SANsurfer Switch Manager and the Command Line Interface. Otherwise only monitoring tasks are available. The default account name, Admin, is the only account that can administer user accounts. Consider your management needs and determine the number of user accounts, their authority needs, and expiration dates.

Account names and passwords are always required when connecting to a switch through Telnet. However, SANsurfer Switch Manager does not authenticate account names when opening a fabric unless user authentication is enabled. User authentication is disabled by default and can be changed using the Set Setup System command. Refer to the ”Set Setup Command” on page B-49for more information. User authentication must be configured the same for all switches in the fabric. If user authentication is disabled, SANsurfer Switch Manager ignores the account name and password entries and logs you in with the default account name and password (admin, password). Consider your user accounts and determine whether user authentication is necessary.

3.5.2

Fabric Services

Fabric services include security-related functions such as inband management and SNMP. Inband management is the ability to manage switches across inter-switch links using SANsurfer Switch Manager, SNMP, management server, or the application programming interface. The switch comes from the factory with inband management enabled. If you disable inband management on a particular switch, you can no longer communicate with that switch by means other than a direct Ethernet or serial connection.

59042-06 A

3-11

Image 47

Q-Logic 2-8C manual Fabric Security, User Account Security, Fabric Services

Contents

SANbox2-8c Fibre Channel Switch Installation Guide Document Revision History SANbox2-8c Fibre Channel Switch Installation GuideTable of Contents Distance Bandwidth Latency Soft Zones Access Control List Hard ZonesUser Account Security Fabric Services Section PlanningSection Diagnostics/Troubleshooting Section InstallationAppendix B Command Line Interface Appendix a SpecificationsGlossary Index Tables FiguresRelated Materials Intended AudienceNew in this Release Safety Notices Sicherheitshinweise Federal Communications Commission FCC Class a Statement Communications StatementsCE Statement Bsmi Class a Statement Vcci Class a StatementElectrostatic Discharge Sensitivity Esds Precautions Laser Safety InformationZugängliche Teile Accessible PartsPièces Accessibles Preamble General Public LicenseIntroduction General Public License Introduction Introduction General Public License Introduction No Warranty How to Apply These Terms to Your New ProgramsLater version ANY Warranty without even the implied warrantyStarts in an interactive mode Hypothetical commands `show w and `show c should showContact Information Technical SupportAvailability TrainingGeneral Description Chassis Controls and LEDs Maintenance ButtonResetting a Switch Chassis LEDs Placing the Switch in Maintenance ModeOver Temperature LED Amber Fibre Channel Ports Input Power LED GreenFan Fail LED Amber Heartbeat LED AmberPort Activity LED Port LEDsPort Logged-In LED Port Types Small Form-Factor Pluggable SFP TransceiversEthernet Port Ethernet PortSerial Port Pin Identification Serial PortSANsurfer Switch Manager Power Supply and FanSwitch Management Simple Network Management Protocol SANsurfer Switch Manager Web AppletCommand Line Interface SANsurfer Switch Manager Application Programming InterfaceFile Transfer Protocol General Description Switch Management 59042-06 a Devices PlanningZoning Database Limits Device AccessSoft Zones Access Control List Hard ZonesDistance PerformancePort-to-Port Latency BandwidthLatency Port-to-Port Transmission CombinationsOptimizing Device Performance Multiple Chassis FabricsDomain ID, Principal Priority, and Domain ID Lock Cascade Topology Common TopologiesMesh Topology Mesh TopologyMultistage Topology Multistage TopologyUser Account Security Fabric ServicesFabric Security Fabric Management Management Workstation Requirements Switch Power RequirementsSite Requirements Fabric Management WorkstationEnvironmental Conditions Installing a SwitchAvertissement Mount the SwitchInstall SFP Transceivers Ethernet and Serial Cable Connections Connect the Workstation to the SwitchChoose Make New Connection Configure the WorkstationSetting the Workstation IP Address for Ethernet Connections Configuring the Workstation Serial PortData Bits Enter the following COM Port settings in the COM PropertiesWindow and choose the OK button ‰ Bits per secondSANsurfer Management Suite Disk Windows Installation Install SANsurfer Switch ManagerSANsurfer Management Suite Disk Linux Installation Follow the installation instructions SANsurfer Management Suite Disk Solaris InstallationExecute the install program 5.4 ‰ For Linux or Solaris enter the SANsurfer command Start SANsurfer Switch ManagerConnect the Switch to AC Power Avertissement Installation Configure the Switch Select the connection you created earlier and choose the OK Cable Devices to the SwitchChoose the Start button, select Programs, Accessories HyperTerminal, and HyperTerminalInstall Firmware To start an admin session, enter the following Using SANsurfer Switch Manager to Install FirmwareUsing the CLI to Install Firmware Enter the following command to install the new firmware Using FTP and the CLI to Install FirmwareWait for the unpack to complete Powering Down a Switch Post Diagnostics Diagnostics/TroubleshootingInternal Firmware Failure Blink Pattern System Error Blink PatternHeartbeat LED Blink Patterns Configuration File System Error Blink Pattern Close the FTP session. ftpquit Telnet xxx.xxx.xxx.xxx or Telnet switchname Logged-In LED Indications Logging ErrorEPort Isolation Excessive Port Errors Diagnostics/Troubleshooting Over Temperature LED is Illuminated Chassis DiagnosticsFan Fail LED is Illuminated Input Power LED Is ExtinguishedRecovering a Switch Maintenance Image Unpack Maintenance ExitMaintenance Remove Switch Config Maintenance Reset Network ConfigMaintenance Reset User Accounts to Default Maintenance Copy Log FilesMaintenance Set Active Image Maintenance Show Firmware VersionsDiagnostics/Troubleshooting Recovering a Switch 59042-06 a Fabric Specifications Maintainability Electrical DimensionsNon-operating EnvironmentalCispr 22, Class a Regulatory CertificationsVcci Class a ITE Bsmi Class aSpecifications Regulatory Certifications 59042-06 a User Accounts Logging On to a SwitchModifying a Configuration Working with Switch ConfigurationsShown Backing up and Restoring Switch ConfigurationsWhen you are done making changes to the switch Ftp ipaddress Table B-1. Command-Line Completion CommandsAdmin Session Commands Table B-2. Commands Listed by Authority LevelKeywords Admin CommandAuthority SyntaxSyntax alias Alias CommandRename aliasold aliasnew Members aliasRemove alias memberlist Edit configname Config CommandSyntax config Keywords activate confignameSave configname RestoreManager Archive function are not compatible with the Config Restore command# ftp symbolicname or ipaddress Keywords MMDDhhmmCCYY Date CommandSyntax date Fallback Fallback CommandSyntax Hardreset CommandAuthority None Help CommandKeywords command Syntax help command keywordAuthority None Syntax history History CommandHotreset Hotreset CommandFetch accountname ipaddress filesource filedestination Image CommandCleanup ImageLip Command Syntax passwd accountname Keywords accountname Passwd CommandKeywords ipaddress Ping CommandSyntax ping ipaddress Displays current system process information Ps CommandFollowing is an example of the Ps command Syntax ExamplesSyntax quit, exit, or logout Quit CommandCloses the Telnet session Config configname Reset CommandZoning Table B-3. Switch Configuration DefaultsSystem Arbff Table B-4. Port Configuration DefaultsTable B-6. Zoning Configuration Defaults Table B-5. Port Threshold Alarm Configuration DefaultsTable B-7. Snmp Configuration Defaults Table B-8. System Configuration Defaults Syntax set Set CommandPort option Setup optionSwitch state Port portnumber Set Config CommandSet config Table B-9. Set Config Port ParametersCommand Line Interface Set Config Command Table B-9. Set Config Port Parameters Table B-10. Set Config Switch Parameters SwitchThreshold Table B-11. Set Config Threshold Parameters Memory. Refer to FC-SW-2 Compliant on page B-37 . Table B-12. Set Config Zoning ParametersArbff Following is an example of the Set Config Threshold command Following is an example of the Set Config Switch commandRisingTrigger Decimal value 200 FallingTrigger SampleWindow This Following is an example of the Set Config Zoning commandClear Set Log CommandSet log ArchiveStart Level levelPort portlist SaveStop Set Port Command Command Line Interface Set Port Command Snmp System Set Setup CommandSet setup Table B-13. Snmp Configuration SettingsSystem Table B-14. System Configuration SettingsTable B-14. System Configuration Settings SANbox2 admin # set setup snmp Command Line Interface SANbox2 admin # set setup system Following is an example of the Set Setup System commandBroadcast Show CommandAlarm option Keywords aboutNs option Fdmi portwwnLog option Table B-15. Show Port Parameters PagebreakPerf option Lipalpdalps Support Post logSteering domainid Table B-16. Switch Operational Parameters SwitchTable B-16. Switch Operational Parameters Version TopologyUsers Following is an example of the Show Fdmi WWN command Following is an example of the Show Fdmi commandFollowing is an example of the Show NS portID command Following is an example of the Show NS local domain commandFollowing is an example of the Show NS domainID command Collisions0 txqueuelen100 Following is an example of the Show Interface commandLIPF8F7 Following is an example of the Show Port commandFollowing is an example of the Show Topology command Following is an example of the Show Switch commandCommand Line Interface Show Command Following is an example of the Show Version command Show config Show Config CommandFollowing is an example of the Show Config Threshold command Following is an example of the Show Config Switch commandFollowing is an example of the Show Config Zoning command Level Show Log CommandShow log ComponentPort SettingsFollowing is an example of the Show Log Level command OptionsFollowing is an example of the Show Log command Following is an example of the Show Log Options commandShow Perf Command Following is an example of the Show Perf Byte command Mfg Show Setup CommandShow setup Following is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Shutdown Shutdown CommandPower from the switch Status Test CommandTest Port portnumber testtype„ To run an internal loopback test, enter the following Loopback plug must be installed for this test to passCommand Line Interface Test Command Authority None Syntax uptime Uptime CommandExamples The following is an example of the Uptime command Delete accountname User CommandKeywords accounts AddFollowing is an example of the User Add command Following is an example of the User List command Following is an example of the User Edit commandFollowing is an example of the User Delete command Whoami Whoami CommandFollowing is an example of the Whoami command Syntax zone Zone CommandType zone zonetype Members zoneRemove zone memberlist Rename zoneold zonenewFollowing is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset CommandZones zoneset Remove zoneset zonelistRename zonesetold zonesetnew History Zoning CommandKeywords active Opens a Zoning Edit sessionTable B-17. Zoning Database Limits LimitsE2JBOD2 Following is an example of the Zoning Limits commandFollowing is an example of the Zoning List command 100 59042-06 a BootP Access Control List ZoneAdministrative State AlarmFabric Management Switch Class 3 ServiceConfigured Zone Sets Default VisibilityMaintenance Mode Input Power LEDInter-Switch Link Maintenance ButtonSANsurfer Switch Manager Over Temperature LEDPower On Self Test Post Principal SwitchZoning Database Set of zone sets, zones, and aliases stored on a switchZone Set Page Numerics IndexIndex-2 59042-06 a LED Index-4 59042-06 a 59042-06 a Index-5 Start Database 3-2,B-26