Manuals / Q-Logic / Computer Equipment / Switch

Q-Logic 5600 manual User Account Security, Security Consistency Checklist

Models: 5600

1 336

Download 336 pages 25.61 Kb

Page 54

3 – Managing Fabrics Securing a Fabric

S

3.2.2

User Account Security

User account security is the process by which your user account and password are authenticated with the list of valid user accounts and passwords. The switch validates your account and password when you attempt to add a fabric using SANsurfer Switch Manager or log in to a switch through Telnet. Your system administrator defines accounts, passwords, and authority levels that are stored on the switch. Refer to ”Managing User Accounts” on page 4-2for more information.

The Admin account possesses Admin authority which grants full access to all tasks of the SANsurfer Switch Manager menu system. The switch validates your user account and SANsurfer Switch Manager grants access to its menus according to your authority level. If you do not have Admin authority, you are limited to monitoring tasks.

NOTE: If a user is logged into a switch using SANsurfer Switch Manager or CLI, and an administrator changes user access rights and passwords, existing logins will not be affected by the new settings. Login access and privileges are only checked for a new login request.

3.2.3

Security Consistency Checklist

The Security Consistency Checklist dialog enables you to compare security-related features on switches to check for inconsistencies. Any changes must be made through the appropriate dialog, such as Network Properties dialog, Switch Properties dialog, or SNMP Properties dialog. To open the Security Consistency Checklist dialog, open the Switch menu and select Security Consistency Checklist.

3-8	59097-02 B

Image 54

Q-Logic 5600 manual User Account Security, Security Consistency Checklist

Contents

SANbox 5600 Series Switch Managment User’s Guide SANbox 5600 Series Switch Management User’s Guide Document Revision HistoryTable of Contents Section Managing Fabrics SANbox 5600 Series Switch Management User’s Guide Managing Switches SectionSANbox 5600 Series Switch Management User’s Guide Section Managing Ports Appendix a Command Line Interface Glossary Index List of Figures List of Tables SANbox 5600 Series Switch Management User’s Guide Intended Audience Related MaterialsJdom License Introduction Jdom License Technical Support AvailabilityTraining Contact Information Support HeadquartersUsing SANsurfer Switch Manager Installing the Management Application Workstation RequirementsWorkstation Requirements SANsurfer Switch Manager SMS Installation for Windows SANsurfer Management SuiteChglax.bat SMS Installation for Linux SMS Installation for Solaris Install the new SANsurfer Switch Manager package Change directories to the package locationLocate and execute the file sbmoversms.sh Starting SANsurfer Switch Manager ‰ For Linux or Solaris enter the SANsurfer commandInitial Startup Dialog SANsurfer Switch Manager Window Exiting SANsurfer Switch Manager Save Default Fabric View File DialogUninstalling SANsurfer Switch Manager Load Default Fabric File DialogSMS Uninstall Standalone UninstallChanging the Encryption Key for the Default Fabric View File Saving and Opening Fabric View FilesSetting SANsurfer Switch Manager Preferences Using Online Help Viewing Software Version and Copyright InformationSANsurfer Switch Manager User Interface Faceplate DisplayMenu Bars Topology Display MenuFaceplate Display Menu Shortcut KeysTool Bar Tool Bar ButtonsFabric Tree Fabric TreeWorking Status Indicator Graphic WindowData Window and Tabs Using the Topology Display Switch and Link StatusWorking with Switches and Links Selecting Switches and LinksArranging Switches in the Display Opening the Faceplate and Topology Display Popup Menus Topology Data WindowsUsing the Faceplate Display 11. Faceplate DisplayPort Views and Status Working with PortsSelecting Ports Opening the Faceplate Popup Menu Faceplate Data WindowsPage Managing Fabrics Radius ServersAdding a Radius Server Add ServerManaging Fabrics Radius Servers Removing a Radius Server Remove ServerEditing Radius Server Information Edit Server InformationModifying Authentication Order Radius Server Information Modify Authentication Order Radius Server InformationSecuring a Fabric Connection SecurityFabric security consists of the following Security Consistency Checklist User Account SecurityDevice Security Edit Security Dialog Edit Security DialogCreating a Security Set Create Security Group Dialog Creating a Security GroupCreate Security Group Member Dialog Create a Security Group Member DialogManaging Fabrics Securing a Fabric Creating a Security Group Member Editing the Security Configuration on a Switch Using the Security Config Dialog Viewing Properties of a Security Set, Group, or MemberArchiving a Security Configuration to a File Activating a Security SetDeactivating a Security Set Configured Security Data Window Fabric ServicesActive Security Data Window Enabling In-band Management Enabling Snmp ConfigurationClick the In-band Management Enable button Tracking Fabric Firmware and Software VersionsSaving a Version Snapshot Viewing and Comparing Version SnapshotsExporting Version Snapshots to a File Fabric Version Snapshot Analysis DialogManaging the Fabric Database Adding a FabricRemoving a Fabric Opening a Fabric View FileDeleting Switches and Links Saving a Fabric View FileRediscovering a Fabric Adding a New Switch to a Fabric Replacing a Failed Switch Displaying Fabric Information Topology Display Switch and Status Icons Fabric StatusDisplaying the Event Browser 11. Events BrowserDiscarded when you close a SANsurfer Switch Manager session Severity LevelsEditor or browser Filtering the Event Browser 12. Filter Events DialogSorting the Event Browser Saving the Event Browser to a FileDevices Data Window Devices Data Window EntriesActive Zone Set Data Window 13. Active Zone Set Data WindowLink Data Window Working with Device Information and NicknamesDisplaying Detailed Device Information Exporting Device Information to a File Managing Device Port NicknamesCreating a Nickname Editing a Nickname Deleting a NicknameExporting Nicknames to a File Importing a Nicknames File Zoning a FabricZoning Concepts Zones Soft ZonesAccess Control List Hard Zones AliasesZone Sets Zoning Database Viewing Zoning Limits and PropertiesUsing the Zoning Wizard Managing the Zoning Database Editing the Zoning DatabaseManaging the zoning database consists of the following Edit Zoning Dialog Tool Bar Buttons and Icons Edit Zoning Dialog Tool Bar Buttons and Icons Configuring the Zoning Database Interop Auto SaveSaving the Zoning Database to a File Default VisibilityDiscard Inactive Restoring the Zoning Database from a FileRestoring the Default Zoning Database Removing All Zoning DefinitionsManaging Zone Sets Creating a Zone SetActivating and Deactivating a Zone Set Copying a Zone to a Zone SetRemoving a Zone from a Zone Set or from All Zone Sets Removing a Zone Set Managing ZonesManaging zones involves the following Creating a Zone in a Zone Set Adding Zone Members Removing a Zone from a Zone Set Renaming a Zone or a Zone SetRemoving a Zone Member Removing a Zone from All Zone SetsChanging Zone Types Managing AliasesCreating an Alias Adding a Member to an Alias Removing an Alias from All ZonesMerging Fabrics and Zoning Zone Merge FailureZone Merge Failure Recovery Managing Fabrics Zoning a Fabric 59097-02 B Managing Switches Managing User Accounts Factory User AccountsUser Account Administration Dialog Add Account Creating User AccountsUser Account Administration Dialog Remove Account Removing a User AccountChanging a User Account Password User Account Administration Dialog Change PasswordUser Account Administration Dialog Modify Account Modifying a User AccountDisplaying Switch Information Faceplate Display Switch InformationSwitch Data Window Switch Data Window EntriesRatov Switch Data Window Entries Ing Detailed Device Information on page 3-36for infor Port Statistics Data Window Port Information Data WindowConfigured Zonesets Data Windows Configured Zonesets Data WindowConfiguring Port Threshold Alarms Port Threshold Alarm Configuration DialogPaging a Switch Port Threshold Alarm ExampleSetting the Date/Time and Enabling NTP Client Resetting a SwitchSwitch Resets Type DescriptionConfiguring a Switch Using the Configuration WizardSwitch Properties Symbolic NameSwitch Administrative States Switch Administrative StatesDomain ID and Domain ID Lock Fabric Device Management Interface Broadcast Support In-band ManagementAdvanced Switch Properties 10. Advanced Switch Properties DialogInterop Mode for Zoning Legacy Port Address FormatTimeout Values Timeout ValuesSystem Services Dialog 11. System Services DialogSecurity Consistency Checklist Dialog Network Properties 12. Network Properties DialogIP Configuration IP Configuration ParametersRemote Logging NTP ClientSnmp Properties 13. Snmp Properties DialogSnmp Configuration Snmp Configuration ParametersSnmp Trap Configuration Snmp Trap Configuration ParametersManaging Switch Stacks 14. Switch StacksSyslog 15. Syslog DialogArchiving a Switch Select Source DialogRestoring a Switch 16. Restore Dialogs Full and SelectiveManaging Switches Restoring a Switch Restoring the Factory Default Configuration Factory Default Configuration SettingsFactory Default Configuration Settings Upgrading the Switch Using License Keys Downloading a Support File17. Features License Key Dialog Installing Firmware Displaying Hardware Status 19. Hardware Status LEDsManaging Switches Displaying Hardware Status 59097-02 B Managing Ports Displaying Port InformationMonitoring Port Status Displaying Port TypesPort Types Port Operational States Displaying Port Operational StatesDisplaying Port Speeds Port SpeedsDisplaying Transceiver Media Status Port Transceiver Media ViewPort Statistics Data Window Entries LIP ALPD,ALPS Port Statistics Data Window Entries Port Information Data Window Entries Port Information Data Window Entries Configuring Ports Port Properties DialogChanging Port Administrative States Port Administrative StatesChanging Port Speeds Changing Port Types Changing Port Symbolic Name Stream GuardDevice Scan Using the Extended Credits Wizard Resetting a Port Designate Donor PortsTesting Ports Port Loopback Test DialogManaging Ports Testing Ports Graphing Port Performance Fabric View GraphsThis section describes how to do the following Starting SANsurfer Performance ViewerSave Default Performance View File Dialog Exiting SANsurfer Performance ViewerLoad Default View File Dialog Saving and Opening Performance View FilesChanging the Default Performance View File Encryption Key Setting SANsurfer Performance Viewer PreferencesSetting the Polling Frequency Displaying Graphs for a SwitchDisplaying Graphs for a Stack Arranging Graphs in the DisplayDefault Graph Options Dialog Customizing GraphsManaging Ports Graphing Port Performance Printing Graphs Setting Global Graph TypeRescaling a Selected Graph Saving Graph Statistics to a FileCommand Line Interface Logging On to a SwitchWorking with Switch Configurations User AccountsModifying a Configuration Backing up and Restoring Switch Configurations Ftp ipaddress userimages password images ftp bin Commands Table A-1. Command-Line CompletionTable A-2. Commands Listed by Authority Level Admin Session CommandsSyntax Admin CommandAuthority KeywordsKeywords add alias memberlist Alias CommandSyntax alias Copy aliassource aliasdestinationMembers alias Delete aliasList Remove alias memberlistCIM Command Following is an example of the CIM Limits command CIMListener Command Table A-3. CIM Listener Configuration ParametersEdit listenername URLSyntax cimsubscription CIMSubscription CommandTable A-4. CIM Subscription Configuration Parameters Keywords create subscriptionnameEdit subscriptionname Config Command Syntax configKeywords activate configname Edit configname RestoreSave configname #ftp symbolicname or ipaddress user images Keywords certificate Create CommandSyntax create certificate support SupportLocal directory now /itasca/conf/images bin Following is an example of the Create Certificate command SANbox xxxx admin # create supportDate Command Syntax dateKeywords MMDDhhmmCCYY Keywords add licensekey Feature CommandSyntax feature LogFirmware Install Command Authority AdminSyntax firmware install Group Command Syntax groupKeywords add group Table A-5. ISL Group Member AttributesTable A-6. Port Group Member Attributes Copy groupsource groupdestination Configures security for attachments to other switchesTable A-7. MS Group Member Attributes Create group typeEdit group member Table A-8. Group Member AttributesRename groupold groupnew Members groupRemove group memberlist Securitysets groupFollowing is an example of the Group Edit command ISLFollowing is an example of the Group List command Following is an example of the Group Members commandHardreset Command SyntaxCommand Help CommandHelp command keyword KeywordHistory Command Following is an example of the History commandHistory Hotreset Command HotresetImage Command Keywords cleanupSyntax image Ftp Ftp switchname Wait for the unpack to complete Following is an example of the Lip command Lip CommandAdmin session Lip portnumberPasswd Command Syntax passwd accountname Keywords accountnamePing ipaddress Ping CommandFollowing is an example of a successful Ping command IpaddressAuthority None Syntax ps Ps CommandExamples The following is an example of the Ps command Displays current system process informationCloses the Telnet session Quit CommandAuthority None Syntax quit, exit, or logoutKeywords config configname Reset CommandSyntax reset FactoryRadius ServicesSwitch SecurityTable A-9. Switch Configuration Defaults ValuesTable A-10. Port Configuration Defaults Parameter 4-Gbps Port DefaultsTable A-11. Port Threshold Alarm Configuration Defaults Table A-12. Zoning Configuration Defaults Table A-13. Snmp Configuration DefaultsTable A-14. Radius Configuration Defaults Table A-15. Services Configuration DefaultsTable A-16. System Configuration Defaults Table A-17. Security Configuration DefaultsSecurity Command Keywords activeEdit Following is an example of the Security History command MD5Following is an example of the Security Limits command Following is an example of the Security List commandSecurityset Command Delete securityset Create securitysetDeactivate Groups securitysetFollowing is an example of the Securityset Groups command Following is an example of the Securityset List commandConfig option Set CommandKeywords alarm option Syntax setLog option Setup optionSwitch state Pagebreak stateTimezone Table A-18. Set Config Port Parameters Set Config CommandSet config Port portnumberSend Arbff True instead of IDLEs False on the loop Table A-18. Set Config Port Parameters Table A-19. Security Configuration Parameters Table A-20. Set Config Switch ParametersResource Allocation Timeout Value. The number Table A-21. Set Config Threshold Parameters ThresholdTable A-22. Set Config Zoning Parameters Following is an example of the Set Config Port command ArbffEnter key to do so Configuring Port Number AdminState Following is an example of the Set Config Security command Following is an example of the Set Config Switch commandFollowing is an example of the Set Config Threshold command Following is an example of the Set Config Zoning command Archive Set Log CommandSet log Component filterlistDisplay filter Level filter Port portlistStop Alarms are always logged and always displayed on the screenStart Stops logging of eventsSet Port Command Disables the port by removing power from the port lasers State stateRadius Services Snmp System Set Setup CommandSet setup Configuration fieldsTable A-23. Radius Service Settings Table A-24. Switch Services Settings Table A-24. Switch Services Settings Table A-25. Snmp Configuration Settings Table A-26. System Configuration Settings Table A-26. System Configuration Settings Following is an example of the Set Setup Services command Following is an example of the Set Setup Snmp command Following is an example of the Set Setup System command Show Command Keywords aboutAlarm option Cimlistener listenernameCimsubscription subscriptionname Log option Fdmi portwwnInterface LsdbPagebreak Perf optionTable A-27. Show Port Parameters Lipalpdalps Post log Steering domainidTable A-28. Switch Operational Parameters Displays all connected devices Displays the current time zone settingTopology UsersFollowing is an example of the Show Domains command Following is an example of the Show Fabric commandFollowing is an example of the Show Fdmi command Following is an example of the Show Fdmi WWN command Following is an example of the Show NS local domain commandFollowing is an example of the Show NS domainID command Following is an example of the Show NS portID commandFollowing is an example of the Show Interface command Following is an example of the Show Port command PL-XPL-VC-SG3-22Following is an example of the Show Switch command Following is an example of the Show Topology command59097-02 B 105 Following is an example of the Show Version command Show Config Command Show configFollowing is an example of the Show Config Port command Following is an example of the Show Config Switch command Following is an example of the Show Config Threshold command Following is an example of the Show Config Zoning commandShow log Show Log CommandNone Keywords numberofeventsDisplays all critical events Snmp eventsDisplays all informative events Displays all warning events Displays all events related to EPortsOptions SettingsLevel PortFollowing is an example of the Show Log command Show Perf Command Errors portnumber Outframe portnumberFollowing is an example of the Show Perf Byte command Show Setup Command Show setupMfg Following is an example of the Show Setup Services command Following is an example of the Show Setup Radius commandFollowing is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Shutdown Command Syntax shutdownSyntax test Test CommandPort portnumber testtype cancel Status Keywords port portnumber testtypeCancels the online test in progress StatusTest port x online Uptime Command Examples The following is an example of the Uptime commandAuthority None Syntax uptime Keywords accounts User CommandSyntax user AddFollowing is an example of the User Accounts command Following is an example of the User Add commandFollowing is an example of the User Edit command Following is an example of the User Delete command Following is an example of the User List commandWhoami Command Examples The following is an example of the Whoami commandAuthority None Syntax whoami Keywords add zone memberlist Zone CommandSyntax zone Copy zonesource zonedestinationRemove zone memberlist Delete zoneMembers zone Rename zoneold zonenewFollowing is an example of the Zone Members command Following is an example of the Zone Zonesets command Zoneset Command Syntax zonesetRename zonesetold zonesetnew Delete zonesetRemove zoneset zonelist Zones zonesetFollowing is an example of the Zoneset Zones command Zoning Command Opens a Zoning Edit sessionTable A-29. Zoning Database Limits Limit DescriptionFollowing is an example of the Zoning Limits command E2JBOD2Following is an example of the Zoning List command Command Line Interface Zoning Command 142 59097-02 B Alarm Access Control List ZoneAdministrative State BootPDefault Visibility Class 3 ServiceConfigured Zone Sets Fabric Management SwitchMaintenance Button Input Power LEDInter-Switch Link Maintenance ModeTarget Small Form-Factor Pluggable Zoning DatabaseSoft Zone User AccountIndex Index-2 59097-02 B 59097-02 B Index-3 Index-4 59097-02 B 59097-02 B Index-5 Index-6 59097-02 B 59097-02 B Index-7 Index-8 59097-02 B 59097-02 B Index-9 Index-10 59097-02 B