Device Security Configuration | Q-Logic 5602 guide

Section 9

Device Security Configuration

NOTE: Device security requires the Fabric Security license key. To purchase a license key, contact your authorized maintenance provider or authorized reseller.

This section describes the following tasks:

Displaying Security Database Information

Configuring the Security Database

Modifying the Security Database

Resetting the Security Database

Managing Security Sets

Managing Groups

Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands.

Device security is defined through the use of security sets and groups. A group is a list of device worldwide names that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (port), and a third for devices issuing management server commands (MS). A security set is a set of up to three groups with no more than one of each group type. The security database is made up of all security sets on the switch.

In addition to authorization, the switch can be configured to require authentication to validate the identity of the connecting switch, device, or host. Authentication can be performed locally using the switch’s security database, or remotely using a Remote Dial-In User Service (RADIUS) server such as Microsoft® RADIUS.

59183-01 A

9-1

Image 99

Q-Logic 5602 manual Device Security Configuration

Contents

Firmware Version Document Revision History Table of Contents Section Port Configuration Section Zoning Configuration Add Members to an Alias Remove Members from an Alias Connection Security ConfigurationSection Device Security Configuration Radius Server Configuration Section Event Log ConfigurationSimple Network Management Protocol Configuration Command Reference 59183-01 a Index List of Tables Introduction Switch Models and Examples Intended AudienceRelated Materials New in This Release Technical Support AvailabilityTraining Support Headquarters Contact Information Introduction Technical Support 59183-01 a This section describes the following tasks Command Line Interface Usage To log off, enter the Exit command Logging In to the Switch Opening and Closing an Admin Session Entering CommandsCommand-Line Completion Getting Help Setting Page Breaks Local directory now /itasca/conf/images bin Creating a Support File Ftp Downloading and Uploading Files Userimages password images Factory User Accounts User Account Configuration Displaying User Account Information Creating User Accounts Following example deletes the user account named user3 Modifying User Accounts and Passwords Network and Fabric Configuration Displaying Name Server Information WWN Displaying the Ethernet Network Configuration Configuring the Ethernet Port Verifying a Switch in the Network Verifying and Tracing Fibre Channel ConnectionsFollowing is an example of a connection failure Port Switch configuration consists of the following tasks Displaying Switch Information Switch Operational Information PID Ppid CPU Time System Process Information Elapsed Time Between Resets Switch Configuration Parameters Configuration Information Security Configuration Parameters Zoning Configuration Parameters Heartbeat LED Activity Hardware Information Firmware Information Managing Switch Services Please Note Managing Switch Configurations Display a List of Switch ConfigurationsActivate a Switch Configuration Copy a Switch Configuration Delete a Switch ConfigurationModify a Switch Configuration Decimal value, 100-100000 msec Creating the Backup File Back Up and Restore a Switch Configuration Downloading the Configuration File Ftp ipaddress user images password images ftp bin Restoring the Configuration File Setting the Date and Time Paging a Switch Switch Configuration Setting the Date and Time List Resetting a Switch Installing FirmwareSwitch Reset Methods Nondisruptive Activation One-Step Firmware Installation Enter the password for your account name FTP only Wait for the unpack to complete Custom Firmware Installation Display Feature Licenses Managing Switch Feature Upgrades Install a Feature License Key Page Displaying Port Information This section describes the following topicsYou can display the following port information Arbff Port Configuration Parameters PL-XPL-VC-SG3-22 Port Operational Information Port Threshold Alarm Configuration Parameters Port Performance FTRJ8524P2BNL Transceiver Information Set config port Modifying Port Operating Characteristics Port Binding SANbox admin-config # set config security port Resetting a Port Configuring Port Threshold Alarms SANbox admin-config # set config threshold Online Tests for Ports Testing a Port Offline Tests for Ports Display Port Test Results Cancel a Port Test Current value Extending Port Transmission Distance SANbox # show donor Port Config Zoning Configuration Displaying Zoning Database Information Configured Zone Set Information SANbox # zoning list Active ZoneSet Information Active Zone Set Information Zone Membership Information Zone Set Membership Information Alias and Alias Membership Information Zoning Modification History E2JBOD2 Zoning Database Limits Configuring the Zoning Database SANbox # admin start SANbox admin # config edit Modifying the Zoning Database Removing Inactive Zone Sets, Zones, and Aliases Resetting the Zoning Database Managing Zone Sets consists of the following tasks Managing Zone SetsCreate a Zone Set Delete a Zone Set Remove Zones from a Zone Set Rename a Zone SetCopy a Zone Set Add Zones to a Zone Set Delete a Zone Deactivate a Zone SetManaging Zones Create a Zone Remove Members from a Zone Rename a ZoneCopy a Zone Add Members to a Zone Rename an Alias Managing AliasesCreate an Alias Delete an Alias Copy an Alias Add Members to an AliasRemove Members from an Alias Managing SSL and SSH Services Connection Security Configuration TelnetEnabled True / False SSHEnabled Creating an SSL Security Certificate Displaying SSL and SSH ServicesPage Device Security Configuration Displaying Security Database Information Configured Security Set Information MD5 Active Security Set Information Group Membership Information Security Set Membership Information Security Database Limits Security Database Modification History Set Config Security command Configuring the Security Database Before Reaching the end of the list Modifying the Security Database Resetting the Security Database Rename a Security Set Managing Security SetsCreate a Security Set Delete a Security Set Deactivate a Security Set Add Groups to a Security SetRemove Groups from a Security Set Activate a Security Set Rename a Group Managing GroupsCreate a Group Delete a Group Add Members to a Group Copy a Group Remove Members from a Group Modify a Group Member Radius Server Configuration Displaying Radius Server Information Configuring a Radius Server on the Switch Page Starting and Stopping Event Logging Event Log Configuration Displaying the Event Log Controlling Messages in the Output Stream Filtering the Event Log Display Configure the Event Log Managing the Event Log Configuration Display the Event Log Configuration Restore the Event Log ConfigurationClearing the Event Log Logging to a Remote Host Creating and Downloading a Log File Page You control the Snmp service SNMPEnabled parameters through Managing the Snmp Service 12-2 59183-01 a Displaying Snmp Information Modifying the Snmp Configuration SANbox admin # reset snmp Resetting the Snmp ConfigurationPage Access Authority Command Reference Syntax and Keywords Command Commands are listed in alphabetical order as follows Command Listing Keywords AdminAuthority Syntax Copy aliassource aliasdestination AliasSyntax alias Keywords add alias memberlist Remove alias memberlist Delete aliasList Members alias Config Syntax configKeywords activate configname Edit configname RestoreSave configname 59183-01 a 13-9 Create Keywords certificateSupport 59183-01 a 13-11 SANbox admin # create support Following is an example of the Create Certificate command Date Syntax dateKeywords MMDDhhmmCCYY Exit Authority None Syntax exitCloses the Telnet session Fcping Authority NoneKeywords address Fctrace PortdestinationHopcount Examples The following is an example of the Fctrace command Keywords add licensekey FeatureSyntax feature Add licensekey log Following is an example of the Feature Log command Syntax firmware install Firmware Install 59183-01 a 13-21 Syntax group Group ISL Group Member Attributes Keywords add group Port Group Member Attributes Create group type Configures security for attachments to other switchesMS Group Member Attributes Copy groupsource groupdestination Group Member Attributes Edit group member Securitysets group Members groupRemove group memberlist Rename groupold groupnew Following is an example of the Group Edit command Following is an example of the Group Members command Following is an example of the Group List command Syntax hardreset Hardreset Keyword Help command keywordCommand Help History Re-execute selected commandsFollowing is an example of the History command History Hotreset Hotreset Keywords cleanup ImageSyntax image Unpack file 13-36 59183-01 a Lip portnumber Following is an example of the Lip commandLip Reinitializes the specified loop port Authority None Syntax logout Logout Syntax passwd accountname Keywords accountname Passwd Ping Ping ipaddressIpaddress Examples The following is an example of the Ps command Authority None Syntax psDisplays current system process information Authority None Syntax quit Quit Reset Syntax resetKeywords config configname Radius ServicesFactory Port portlist Zoning SwitchWorkstation could lose communication with the switch System Values Switch Configuration Defaults Parameter 4-Gbps Port Defaults Port Configuration Defaults Port Threshold Alarm Configuration Defaults Snmp Configuration Defaults Zoning Configuration Defaults 11. Services Configuration Defaults 10. Radius Configuration Defaults 13. Security Configuration Defaults 12. System Configuration Defaults Security Keywords activeClear Edit LimitsSave Following is an example of the Security History command Following is an example of the Security List command Following is an example of the Security Limits command Active SecuritysetSyntax securityset Keywords activate securityset Delete securityset Copy securitysetsource securitysetdestinationCreate securityset Deactivate Following is an example of the Securityset List command Following is an example of the Securityset Groups command Option can be one of the following Set AlarmSyntax set alarm option Keywords option Set Beacon Set beacon stateState Ports portnumber Set Config Port14. Port Configuration Parameters Keywords port portnumber Send Arbff True instead of IDLEs False on the loop 14. Port Configuration Parameters 14. Port Configuration Parameters 59183-01 a 13-65 13-66 59183-01 a Set Config Security Syntax set config security15. Security Configuration Parameters 13-68 59183-01 a 16. Port Binding Configuration Parameters Set Config Security Portbinding Set Config Switch Syntax set config switch17. Switch Configuration Parameters Resource Allocation Timeout Value. The number of millisec Set Config Threshold Syntax set config threshold18. Port Alarm Threshold Parameters Following is an example of the Set Config Threshold command Error rate has fallen below the falling trigger Set Config Zoning Syntax set config zoning19. Zoning Configuration Parameters 59183-01 a 13-75 Component filterlist Set LogSet log Archive Display filter Specifies all ports Disables monitoring on all portsLevel filter Monitors none of the severity levels Stops logging of events Alarms are always logged and always displayed on the screenStart Stop Set Pagebreak Keywords stateSyntax pagebreak state 59183-01 a 13-81 Set port portnumber EnableSet Port Set port clear State state Speed transmissionspeed Configuration fields Set Setup RadiusConfigures Radius servers on the switch Set setup radius 20. Radius Service Settings 13-86 59183-01 a 21. Switch Services Settings Set Setup ServicesConfigures services on the switch Syntax set setup services 21. Switch Services Settings 59183-01 a 13-89 22. Snmp Configuration Settings Set Setup SnmpConfigures Snmp on the switch Syntax set setup snmp 22. Snmp Configuration Settings 13-92 59183-01 a Set Setup System Syntax set setup system23. System Configuration Settings 13-94 59183-01 a State can be one of the following Set Switch StateAdmin session Set switch state state Set timezone Set Timezone Show About Authority None SyntaxShow about Following is an example of the Show Alarm command Show AlarmShow alarm Settings Syntax show broadcast Show Broadcast Displays chassis component status and temperature Show ChassisShow chassis Portnumber Show Config PortDisplays configuration parameters for one or more ports Show config port portnumber 13-102 59183-01 a Show Config Security Displays the security database configuration parametersSyntax show config security Show config security portbinding portnumber Show Config Security Portbinding Show Config Switch Displays the switch configuration parametersSyntax show config switch Show Config Threshold Displays alarm threshold parameters for the switchSyntax show config threshold Show Config Zoning Displays zoning configuration parameters for the switchSyntax show config zoning Syntax show domains Show Domains Show donor Show Donor Show fabric Show Fabric Question marks ? Show FdmiShow fdmi portwwn Portwwn Following is an example of the Show Fdmi WWN command Show Interface Displays the status of the active network interfacesSyntax show interface Component Show LogShow log Numberofevents Options Level Port SettingsFollowing is an example of the Show Log Level command Following is an example of the Show Log Options command Show Lsdb Displays Link State database informationShow lsdb Portlist InstalledShow Media Show media 25. Transceiver Information 13-120 59183-01 a 59183-01 a 13-121 Show mem count Following is an example of the Show Mem commandShow Mem Displays information about memory activity Show NS Show ns optionOption Following is an example of the Show NS portID command Displays the current pagebreak setting Show PagebreakSyntax show pagebreak Byte portlist Show PerfSyntax show perf portlist Keywords portlist Inframe portlist Errors portlistOutbyte portlist Frame portlist Following is an example of the Show Perf Byte command Show Port Show port26. Show Port Parameters Lipalpdalps LIPF7F7 26. Show Port Parameters 59183-01 a 13-133 Syntax show post log Show Post Log Show Setup Mfg Displays manufacturing information about the switchSyntax show setup mfg Show Setup Radius Syntax show setup radiusDisplays Radius server information Show Setup Services Displays switch service status informationSyntax show setup services Following is an example of the Show Setup Snmp command Show Setup SnmpDisplays the current Snmp settings Syntax show setup snmp Show Setup System Displays the current system settingsSyntax show setup system Show Steering Show steering domainidDomainid 27. Switch Operational Parameters Show SwitchDisplays switch operational information Show switch 13-142 59183-01 a Displays the current time zone setting Show TimezoneSyntax show timezone Show Topology Displays all connected devicesSyntax show topology 59183-01 a 13-145 Show users Show Users Show Version Syntax shutdown Shutdown Test Cancel Test cancelPort portnumber Online Test PortSyntax test port portnumber Offline loopbacktype 28. Port Test Parameters 13-152 59183-01 a Test status Test Status Examples The following is an example of the Uptime command UptimeAuthority None Syntax uptime Add UserSyntax user Keywords accounts Following is an example of the User Edit command Following is an example of the User Add command Following is an example of the User List command Following is an example of the User Delete command Examples The following is an example of the Whoami command WhoamiAuthority None Syntax whoami Copy zonesource zonedestination ZoneSyntax zone Keywords add zone memberlist Rename zoneold zonenew Delete zoneMembers zone Remove zone memberlist Following is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset Zones zoneset Delete zonesetRemove zoneset zonelist Rename zonesetold zonesetnew Following is an example of the Zoneset Zones command Following is an example of the Zoneset List command Zoning Syntax zoningDelete orphans 29. Zoning Database Limits Opens a Zoning Edit session 13-168 59183-01 a Following is an example of the Zoning Limits command Following is an example of the Zoning List command Index Index-2 59183-01 a FTP See File Transfer Protocol Example Index-4 59183-01 a 59183-01 a Index-5 Index-6 59183-01 a Set Config Security Port command Show Config Security Port command 59183-01 a Index-9 Index-10 59183-01 a 59183-01 a Index-11