Manuals / Q-Logic / Computer Equipment / Switch

Q-Logic 5600 manual Managing Fabrics, Radius Servers

Models: 5600

1 336

Download 336 pages 25.61 Kb

Page 47

Section 3

Managing Fabrics

This section describes the following tasks that manage fabrics:

RADIUS Servers

Securing a Fabric

Tracking Fabric Firmware and Software Versions

Managing the Fabric Database

Displaying Fabric Information

Working with Device Information and Nicknames

Zoning a Fabric

3.1

RADIUS Servers

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of authentication passwords in larger networks. It has a client/server model, where the server is the password repository and third party authentication point and the clients are all of the managed devices. RADIUS can be configured for devices and/or user accounts. The RADIUS server dialogs are available only on a secure (SSL) fabric and on the entry switch (out of band switch). Refer to ”Connection Security” on page 3-7and ”System Services Dialog” on page 4-27for more information.

RADIUS is designed to authenticate users and devices using a challenge/response protocol. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject. The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client. The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications.

59097-02 B

3-1

Image 47

Q-Logic 5600 manual Managing Fabrics, Radius Servers

Contents

SANbox 5600 Series Switch Managment User’s Guide Document Revision History SANbox 5600 Series Switch Management User’s GuideTable of Contents Section Managing Fabrics SANbox 5600 Series Switch Management User’s Guide Section Managing SwitchesSANbox 5600 Series Switch Management User’s Guide Section Managing Ports Appendix a Command Line Interface Glossary Index List of Figures List of Tables SANbox 5600 Series Switch Management User’s Guide Jdom License Intended AudienceRelated Materials Introduction Jdom License Training Technical SupportAvailability Support Headquarters Contact InformationUsing SANsurfer Switch Manager Workstation Requirements Installing the Management ApplicationWorkstation Requirements SANsurfer Switch Manager SANsurfer Management Suite SMS Installation for WindowsChglax.bat SMS Installation for Linux SMS Installation for Solaris Locate and execute the file sbmoversms.sh Install the new SANsurfer Switch Manager packageChange directories to the package location ‰ For Linux or Solaris enter the SANsurfer command Starting SANsurfer Switch ManagerInitial Startup Dialog SANsurfer Switch Manager Window Save Default Fabric View File Dialog Exiting SANsurfer Switch ManagerLoad Default Fabric File Dialog Uninstalling SANsurfer Switch ManagerStandalone Uninstall SMS UninstallSaving and Opening Fabric View Files Changing the Encryption Key for the Default Fabric View FileSetting SANsurfer Switch Manager Preferences Viewing Software Version and Copyright Information Using Online HelpFaceplate Display SANsurfer Switch Manager User InterfaceTopology Display Menu Menu BarsShortcut Keys Faceplate Display MenuTool Bar Buttons Tool BarFabric Tree Fabric TreeData Window and Tabs Working Status IndicatorGraphic Window Switch and Link Status Using the Topology DisplayArranging Switches in the Display Working with Switches and LinksSelecting Switches and Links Topology Data Windows Opening the Faceplate and Topology Display Popup Menus11. Faceplate Display Using the Faceplate DisplaySelecting Ports Port Views and StatusWorking with Ports Faceplate Data Windows Opening the Faceplate Popup MenuPage Radius Servers Managing FabricsAdd Server Adding a Radius ServerManaging Fabrics Radius Servers Remove Server Removing a Radius ServerEdit Server Information Editing Radius Server InformationModify Authentication Order Radius Server Information Modifying Authentication Order Radius Server InformationFabric security consists of the following Securing a FabricConnection Security User Account Security Security Consistency ChecklistDevice Security Edit Security Dialog Edit Security DialogCreating a Security Set Creating a Security Group Create Security Group DialogCreate a Security Group Member Dialog Create Security Group Member DialogManaging Fabrics Securing a Fabric Creating a Security Group Member Editing the Security Configuration on a Switch Viewing Properties of a Security Set, Group, or Member Using the Security Config DialogDeactivating a Security Set Archiving a Security Configuration to a FileActivating a Security Set Active Security Data Window Configured Security Data WindowFabric Services Tracking Fabric Firmware and Software Versions Enabling Snmp ConfigurationClick the In-band Management Enable button Enabling In-band ManagementViewing and Comparing Version Snapshots Saving a Version SnapshotFabric Version Snapshot Analysis Dialog Exporting Version Snapshots to a FileAdding a Fabric Managing the Fabric DatabaseOpening a Fabric View File Removing a FabricRediscovering a Fabric Deleting Switches and LinksSaving a Fabric View File Adding a New Switch to a Fabric Replacing a Failed Switch Displaying Fabric Information Fabric Status Topology Display Switch and Status Icons11. Events Browser Displaying the Event BrowserEditor or browser Discarded when you close a SANsurfer Switch Manager sessionSeverity Levels 12. Filter Events Dialog Filtering the Event BrowserSaving the Event Browser to a File Sorting the Event BrowserDevices Data Window Entries Devices Data Window13. Active Zone Set Data Window Active Zone Set Data WindowDisplaying Detailed Device Information Link Data WindowWorking with Device Information and Nicknames Creating a Nickname Exporting Device Information to a FileManaging Device Port Nicknames Exporting Nicknames to a File Editing a NicknameDeleting a Nickname Zoning Concepts Importing a Nicknames FileZoning a Fabric Soft Zones ZonesZone Sets Access Control List Hard ZonesAliases Viewing Zoning Limits and Properties Zoning DatabaseUsing the Zoning Wizard Managing the zoning database consists of the following Managing the Zoning DatabaseEditing the Zoning Database Edit Zoning Dialog Tool Bar Buttons and Icons Edit Zoning Dialog Tool Bar Buttons and Icons Interop Auto Save Configuring the Zoning DatabaseRestoring the Zoning Database from a File Default VisibilityDiscard Inactive Saving the Zoning Database to a FileRemoving All Zoning Definitions Restoring the Default Zoning DatabaseCreating a Zone Set Managing Zone SetsRemoving a Zone from a Zone Set or from All Zone Sets Activating and Deactivating a Zone SetCopying a Zone to a Zone Set Managing zones involves the following Removing a Zone SetManaging Zones Creating a Zone in a Zone Set Adding Zone Members Removing a Zone from All Zone Sets Renaming a Zone or a Zone SetRemoving a Zone Member Removing a Zone from a Zone SetCreating an Alias Changing Zone TypesManaging Aliases Removing an Alias from All Zones Adding a Member to an AliasZone Merge Failure Merging Fabrics and ZoningZone Merge Failure Recovery Managing Fabrics Zoning a Fabric 59097-02 B Managing Switches Factory User Accounts Managing User AccountsCreating User Accounts User Account Administration Dialog Add AccountRemoving a User Account User Account Administration Dialog Remove AccountUser Account Administration Dialog Change Password Changing a User Account PasswordModifying a User Account User Account Administration Dialog Modify AccountFaceplate Display Switch Information Displaying Switch InformationSwitch Data Window Entries Switch Data WindowRatov Switch Data Window Entries Ing Detailed Device Information on page 3-36for infor Port Information Data Window Port Statistics Data WindowConfigured Zonesets Data Window Configured Zonesets Data WindowsPort Threshold Alarm Configuration Dialog Configuring Port Threshold AlarmsPort Threshold Alarm Example Paging a SwitchResetting a Switch Setting the Date/Time and Enabling NTP ClientType Description Switch ResetsUsing the Configuration Wizard Configuring a SwitchSymbolic Name Switch PropertiesSwitch Administrative States Switch Administrative StatesDomain ID and Domain ID Lock Fabric Device Management Interface In-band Management Broadcast Support10. Advanced Switch Properties Dialog Advanced Switch PropertiesLegacy Port Address Format Interop Mode for ZoningTimeout Values Timeout Values11. System Services Dialog System Services DialogSecurity Consistency Checklist Dialog 12. Network Properties Dialog Network PropertiesIP Configuration Parameters IP ConfigurationNTP Client Remote Logging13. Snmp Properties Dialog Snmp PropertiesSnmp Configuration Parameters Snmp ConfigurationSnmp Trap Configuration Parameters Snmp Trap Configuration14. Switch Stacks Managing Switch Stacks15. Syslog Dialog SyslogSelect Source Dialog Archiving a Switch16. Restore Dialogs Full and Selective Restoring a SwitchManaging Switches Restoring a Switch Factory Default Configuration Settings Restoring the Factory Default ConfigurationFactory Default Configuration Settings Downloading a Support File Upgrading the Switch Using License Keys17. Features License Key Dialog Installing Firmware 19. Hardware Status LEDs Displaying Hardware StatusManaging Switches Displaying Hardware Status 59097-02 B Displaying Port Information Managing PortsPort Types Monitoring Port StatusDisplaying Port Types Port Speeds Displaying Port Operational StatesDisplaying Port Speeds Port Operational StatesPort Transceiver Media View Displaying Transceiver Media StatusPort Statistics Data Window Entries LIP ALPD,ALPS Port Statistics Data Window Entries Port Information Data Window Entries Port Information Data Window Entries Port Properties Dialog Configuring PortsPort Administrative States Changing Port Administrative StatesChanging Port Speeds Changing Port Types Device Scan Changing Port Symbolic NameStream Guard Using the Extended Credits Wizard Designate Donor Ports Resetting a PortPort Loopback Test Dialog Testing PortsManaging Ports Testing Ports Fabric View Graphs Graphing Port PerformanceStarting SANsurfer Performance Viewer This section describes how to do the followingExiting SANsurfer Performance Viewer Save Default Performance View File DialogSaving and Opening Performance View Files Load Default View File DialogSetting SANsurfer Performance Viewer Preferences Changing the Default Performance View File Encryption KeyDisplaying Graphs for a Switch Setting the Polling FrequencyArranging Graphs in the Display Displaying Graphs for a StackCustomizing Graphs Default Graph Options DialogManaging Ports Graphing Port Performance Saving Graph Statistics to a File Setting Global Graph TypeRescaling a Selected Graph Printing GraphsLogging On to a Switch Command Line InterfaceUser Accounts Working with Switch ConfigurationsModifying a Configuration Backing up and Restoring Switch Configurations Ftp ipaddress userimages password images ftp bin Table A-1. Command-Line Completion CommandsAdmin Session Commands Table A-2. Commands Listed by Authority LevelKeywords Admin CommandAuthority SyntaxCopy aliassource aliasdestination Alias CommandSyntax alias Keywords add alias memberlistRemove alias memberlist Delete aliasList Members aliasCIM Command Following is an example of the CIM Limits command Table A-3. CIM Listener Configuration Parameters CIMListener CommandURL Edit listenernameKeywords create subscriptionname CIMSubscription CommandTable A-4. CIM Subscription Configuration Parameters Syntax cimsubscriptionEdit subscriptionname Keywords activate configname Config CommandSyntax config Save configname Edit confignameRestore #ftp symbolicname or ipaddress user images Support Create CommandSyntax create certificate support Keywords certificateLocal directory now /itasca/conf/images bin SANbox xxxx admin # create support Following is an example of the Create Certificate commandKeywords MMDDhhmmCCYY Date CommandSyntax date Log Feature CommandSyntax feature Keywords add licensekeySyntax firmware install Firmware Install CommandAuthority Admin Syntax group Group CommandTable A-5. ISL Group Member Attributes Keywords add groupTable A-6. Port Group Member Attributes Create group type Configures security for attachments to other switchesTable A-7. MS Group Member Attributes Copy groupsource groupdestinationTable A-8. Group Member Attributes Edit group memberSecuritysets group Members groupRemove group memberlist Rename groupold groupnewISL Following is an example of the Group Edit commandFollowing is an example of the Group Members command Following is an example of the Group List commandSyntax Hardreset CommandKeyword Help CommandHelp command keyword CommandHistory History CommandFollowing is an example of the History command Hotreset Hotreset CommandSyntax image Image CommandKeywords cleanup Ftp Ftp switchname Wait for the unpack to complete Lip portnumber Lip CommandAdmin session Following is an example of the Lip commandSyntax passwd accountname Keywords accountname Passwd CommandIpaddress Ping CommandFollowing is an example of a successful Ping command Ping ipaddressDisplays current system process information Ps CommandExamples The following is an example of the Ps command Authority None Syntax psSyntax quit, exit, or logout Quit CommandAuthority None Closes the Telnet sessionFactory Reset CommandSyntax reset Keywords config confignameSecurity ServicesSwitch RadiusValues Table A-9. Switch Configuration DefaultsParameter 4-Gbps Port Defaults Table A-10. Port Configuration DefaultsTable A-11. Port Threshold Alarm Configuration Defaults Table A-13. Snmp Configuration Defaults Table A-12. Zoning Configuration DefaultsTable A-15. Services Configuration Defaults Table A-14. Radius Configuration DefaultsTable A-17. Security Configuration Defaults Table A-16. System Configuration DefaultsKeywords active Security CommandEdit MD5 Following is an example of the Security History commandFollowing is an example of the Security List command Following is an example of the Security Limits commandSecurityset Command Groups securityset Create securitysetDeactivate Delete securitysetFollowing is an example of the Securityset List command Following is an example of the Securityset Groups commandSyntax set Set CommandKeywords alarm option Config optionPagebreak state Setup optionSwitch state Log optionTimezone Port portnumber Set Config CommandSet config Table A-18. Set Config Port ParametersSend Arbff True instead of IDLEs False on the loop Table A-18. Set Config Port Parameters Table A-20. Set Config Switch Parameters Table A-19. Security Configuration ParametersResource Allocation Timeout Value. The number Threshold Table A-21. Set Config Threshold ParametersTable A-22. Set Config Zoning Parameters Arbff Following is an example of the Set Config Port commandEnter key to do so Configuring Port Number AdminState Following is an example of the Set Config Switch command Following is an example of the Set Config Security commandFollowing is an example of the Set Config Threshold command Following is an example of the Set Config Zoning command Component filterlist Set Log CommandSet log ArchiveDisplay filter Port portlist Level filterStops logging of events Alarms are always logged and always displayed on the screenStart StopSet Port Command State state Disables the port by removing power from the port lasersConfiguration fields Set Setup CommandSet setup Radius Services Snmp SystemTable A-23. Radius Service Settings Table A-24. Switch Services Settings Table A-24. Switch Services Settings Table A-25. Snmp Configuration Settings Table A-26. System Configuration Settings Table A-26. System Configuration Settings Following is an example of the Set Setup Services command Following is an example of the Set Setup Snmp command Following is an example of the Set Setup System command Keywords about Show CommandCimsubscription subscriptionname Alarm optionCimlistener listenername Lsdb Fdmi portwwnInterface Log optionTable A-27. Show Port Parameters PagebreakPerf option Lipalpdalps Steering domainid Post logTable A-28. Switch Operational Parameters Users Displays the current time zone settingTopology Displays all connected devicesFollowing is an example of the Show Fdmi command Following is an example of the Show Domains commandFollowing is an example of the Show Fabric command Following is an example of the Show NS local domain command Following is an example of the Show Fdmi WWN commandFollowing is an example of the Show Interface command Following is an example of the Show NS domainID commandFollowing is an example of the Show NS portID command PL-XPL-VC-SG3-22 Following is an example of the Show Port commandFollowing is an example of the Show Topology command Following is an example of the Show Switch command59097-02 B 105 Following is an example of the Show Version command Show config Show Config CommandFollowing is an example of the Show Config Port command Following is an example of the Show Config Switch command Following is an example of the Show Config Zoning command Following is an example of the Show Config Threshold commandKeywords numberofevents Show Log CommandNone Show logDisplays all events related to EPorts Snmp eventsDisplays all informative events Displays all warning events Displays all critical eventsPort SettingsLevel OptionsFollowing is an example of the Show Log command Show Perf Command Outframe portnumber Errors portnumberFollowing is an example of the Show Perf Byte command Mfg Show Setup CommandShow setup Following is an example of the Show Setup Radius command Following is an example of the Show Setup Services commandFollowing is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Syntax shutdown Shutdown CommandKeywords port portnumber testtype Test CommandPort portnumber testtype cancel Status Syntax testStatus Cancels the online test in progressTest port x online Authority None Syntax uptime Uptime CommandExamples The following is an example of the Uptime command Add User CommandSyntax user Keywords accountsFollowing is an example of the User Edit command Following is an example of the User Accounts commandFollowing is an example of the User Add command Following is an example of the User List command Following is an example of the User Delete commandAuthority None Syntax whoami Whoami CommandExamples The following is an example of the Whoami command Copy zonesource zonedestination Zone CommandSyntax zone Keywords add zone memberlistRename zoneold zonenew Delete zoneMembers zone Remove zone memberlistFollowing is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset CommandZones zoneset Delete zonesetRemove zoneset zonelist Rename zonesetold zonesetnewFollowing is an example of the Zoneset Zones command Opens a Zoning Edit session Zoning CommandLimit Description Table A-29. Zoning Database LimitsE2JBOD2 Following is an example of the Zoning Limits commandFollowing is an example of the Zoning List command Command Line Interface Zoning Command 142 59097-02 B BootP Access Control List ZoneAdministrative State AlarmFabric Management Switch Class 3 ServiceConfigured Zone Sets Default VisibilityMaintenance Mode Input Power LEDInter-Switch Link Maintenance ButtonUser Account Small Form-Factor Pluggable Zoning DatabaseSoft Zone TargetIndex Index-2 59097-02 B 59097-02 B Index-3 Index-4 59097-02 B 59097-02 B Index-5 Index-6 59097-02 B 59097-02 B Index-7 Index-8 59097-02 B 59097-02 B Index-9 Index-10 59097-02 B