Fabric Security, User Account Security | Q-Logic 59042-07 A specification

0	3 – Planning
	3 – Planning
	Fabric Security

3.5

Fabric Security

Fabric security consists of the following:

User account security

Fabric services

3.5.1

User Account Security

User account security consists of the administration of account names, passwords, expiration date, and authority level. If an account has Admin authority, all management tasks can be performed by that account in both SANsurfer Switch Manager™ and the Telnet command line interface. Otherwise, only monitoring tasks are available. The default account name, Admin, is the only account that can create or change account names and passwords. Account names and passwords are always required when connecting to a switch. Consider your management needs and determine the number of user accounts, their authority needs, and expiration dates.

3.5.2

Fabric Services

Fabric services include security-related functions such as inband management and SNMP. Inband management is the ability to manage switches across inter-switch links using SANsurfer Switch Manager, SNMP, management server, or the application programming interface. The switch comes from the factory with inband management enabled. If you disable inband management on a particular switch, you can no longer communicate with that switch by means other than a direct Ethernet or serial connection.

You can also enable or disable the Simple Network Management Protocol (SNMP). SNMP is the protocol governing network management and monitoring of network devices. SNMP security consists of a read community string and a write community string, that are the passwords that control read and write access to the switch. The read community string ("public") and write community string ("private") are set at the factory to these well-known defaults and should be changed if SNMP is enabled. If SNMP is enabled (default) and the read and write community strings have not been changed from their defaults, you risk unwanted access to the switch. SNMP is enabled by default. Consider how you want to manage the fabric and what switches you do not want managed or monitored through other switches.

59042-07 A

3-11

Image 47

Q-Logic 59042-07 A manual Fabric Security, User Account Security, Fabric Services

Contents

SANbox2-8c Fibre Channel Switch Installation Guide Document Revision History SANbox2-8c Fibre Channel Switch Installation Guide Table of Contents Distance Bandwidth Latency Soft Zones Access Control List Hard ZonesUser Account Security Fabric Services Section Planning Section Diagnostics/Troubleshooting Section Installation Appendix B Command Line Interface Appendix a Specifications Glossary Index SANbox2-8c Fibre Channel Switch 100 Tables Intended Audience Introduction New in this Release Related Materials Sicherheitshinweise Safety Notices Federal Communications Commission FCC Class a Statement Communications Statements CE Statement Bsmi Class a Statement Vcci Class a Statement Pièces Accessibles Laser Safety InformationElectrostatic Discharge Sensitivity Esds Precautions Accessible Parts Preamble General Public License All SoftwareOthers will not reflect on the original authors reputations Introduction General Public License Introduction Introduction General Public License No Warranty How to Apply These Terms to Your New Programs Copyright C yyyy name of author Contact Information Technical SupportAvailability Training Introduction Technical Support 59042-07 a General Description Chassis Controls and Leds Chassis Controls and LEDs Placing the Switch in Maintenance Mode Maintenance ButtonResetting a Switch Heartbeat LED Amber Over Temperature LED AmberChassis LEDs Fan Fail LED Amber Fibre Channel Ports Input Power LED Green Port Activity LED Port LEDsPort Logged-In LED Port Types Small Form-Factor Pluggable SFP Transceivers Ethernet Port Ethernet Port Serial Port Pin Identification Serial Port Switch supports the following management tools Power Supply and FanSwitch Management SANsurfer Switch Manager Simple Network Management Protocol SANsurfer Switch Manager Web AppletCommand Line Interface SANsurfer Switch Manager Application Programming Interface File Transfer Protocol Devices Consider the following when planning a fabric Zoning Database Limits Device Access Soft Zones Access Control List Hard Zones Distance Performance Port-to-Port Latency BandwidthLatency Optimizing Device Performance Multiple Chassis Fabrics Domain ID, Principal Priority, and Domain ID Lock Cascade Topology SANbox2-8c switch supports the following topologiesCommon Topologies Mesh Topology Mesh Topology Multistage Topology Multistage Topology User Account Security Fabric ServicesFabric Security Fabric Management Management Workstation Requirements Switch Power RequirementsSite Requirements Fabric Management Workstation Environmental Conditions Installing a Switch Avertissement Mount the Switch Install SFP Transceivers Workstation Cable Connections Connect the Workstation to the Switch Configuring the Workstation Serial Port Configure the WorkstationSetting the Workstation IP Address for Ethernet Connections Data Bits Enter the following COM Port settings in the COM PropertiesWindow and choose the OK button ‰ Bits per second For a Windows workstation Install the Management Application For a Solaris workstation For a Linux workstation SANsurfer Management Suite SMS Installation for Windows Chglax.bat SMS Installation for Linux Chmod +x sansurferswitchmgrlinux4.02.xx.bin SMS Installation for Solaris Locate and execute the file sbmoversms.sh Install the new SANsurfer Switch Manager packageChange directories to the package location ‰ For Linux or Solaris enter the SANsurfer command Start SANsurfer Switch Manager‰ For Linux or Solaris, enter the following command Connect the Switch to AC Power Warnung Configure the Switch Telnet SANbox Login admin Password Install Firmware Cable Devices to the Switch Using the CLI to Install Firmware Using SANsurfer Switch Manager to Install Firmware Powering Down a Switch Installation Powering Down a Switch 59042-07 a Post Diagnostics Diagnostics/Troubleshooting Internal Firmware Failure Blink Pattern System Error Blink PatternHeartbeat LED Blink Patterns Configuration File System Error Blink Pattern Telnet xxx.xxx.xxx.xxx or Telnet switchname Logged-In LED Indications Open an admin session to acquire the necessary authority EPort Isolation Excessive Port Errors Diagnostics/Troubleshooting Post Diagnostics Over Temperature LED is Illuminated Chassis Diagnostics Fan Fail LED is Illuminated Input Power LED Is Extinguished Recovering a Switch Maintenance Image Unpack Maintenance Exit Maintenance Remove Switch Config Maintenance Reset Network ConfigMaintenance Reset User Accounts to Default Maintenance Copy Log Files Maintenance Reset Switch Maintenance Remake Filesystem Fabric Specifications Maintainability Electrical Dimensions Regulatory Certifications Environmental User Accounts Logging On to a Switch Modifying a Configuration Working with Switch Configurations Shown SwitchWhen you are done making changes to the switch Backing up and Restoring Switch Configurations Ftp ipaddress Table B-1. Command-Line Completion CommandsCommand syntax is as follows Command keyword keyword value Admin Session Commands Table B-2. Commands Listed by Authority Level Keywords Admin CommandAuthority Syntax Syntax alias Alias Command Rename aliasold aliasnew Members aliasRemove alias memberlist Edit configname Config CommandSyntax config Keywords activate configname Save configname RestoreManager Archive function are not compatible with the Config Restore command Download the file to the workstation # ftp symbolicname or ipaddress Create support Create Support CommandAdmin session Following is an example of the Create Support command You have transferred 43430 bytes in 1 files Keywords MMDDhhmmCCYY Date CommandSyntax date Syntax firmware install Firmware Install CommandAuthority Admin Syntax Hardreset Command Authority None Help CommandKeywords command Syntax help command keyword Authority None Syntax history History Command Hotreset Hotreset Command Unpack file Image CommandCleanup Image Ftp Ftp switchname Wait for the unpack to complete Lip portnumber Lip CommandFollowing is an example of the Lip command Reinitializes the specified loop port Syntax passwd accountname Keywords accountname Passwd Command Keywords ipaddress Ping CommandSyntax ping ipaddress Displays current system process information Ps CommandFollowing is an example of the Ps command Syntax Examples Syntax quit, exit, or logout Quit CommandCloses the Telnet session Config configname Reset Command Zoning Table B-3. Switch Configuration DefaultsSystem Table B-4. Port Configuration Defaults Table B-6. Zoning Configuration Defaults Table B-8. System Configuration Defaults Syntax set Set Command Port option Setup optionSwitch state Port portnumber Set Config CommandSet config Table B-9. Set Config Port Parameters Command Line Interface Set Config Command Table B-9. Set Config Port Parameters Table B-10. Set Config Switch Parameters Resource Allocation Timeout Value Table B-10. Set Config Switch Parameters Threshold Table B-11. Set Config Threshold Parameters Table B-12. Set Config Zoning Parameters Arbff Following is an example of the Set Config Switch command Following is an example of the Set Config Threshold command Attributes Following is an example of the Set Config Zoning command Clear Set Log CommandSet log Archive Level filter Display filter Stop Port portlistSave Start Set Port Command Command Line Interface Set Port Command Snmp System Set Setup CommandSet setup Table B-13. Snmp Configuration Settings Table B-14. System Configuration Settings Table B-14. System Configuration Settings If you wish SANbox2 admin # set setup system Following is an example of the Set Setup System command Broadcast Show CommandAlarm option Keywords about Log option Fdmi portwwn Table B-15. Show Port Parameters Ns optionPagebreak Perf option Lipalpdalps Steering domainid Post log Support Table B-16. Switch Operational Parameters Users TopologyDisplays all connected devices Version Following is an example of the Show Domains commandFollowing is an example of the Show Fabric command Following is an example of the Show Fdmi WWN command Following is an example of the Show Fdmi command Following is an example of the Show NS portID command Following is an example of the Show NS local domain commandFollowing is an example of the Show NS domainID command Collisions0 txqueuelen100 Following is an example of the Show Interface command PL-XPL-VC-SG3-22 Following is an example of the Show Port command Following is an example of the Show Topology command Following is an example of the Show Switch command Command Line Interface Following is an example of the Show Version command Show config Show Config Command Following is an example of the Show Config Threshold command Following is an example of the Show Config Switch command Following is an example of the Show Config Zoning command Component Show Log CommandShow log Number of events Port SettingsLevel Options Following is an example of the Show Log command Following is an example of the Show Log Level commandFollowing is an example of the Show Log Options command Show Perf Command Following is an example of the Show Perf Byte command Mfg Show Setup CommandShow setup Following is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Shutdown Shutdown CommandPower from the switch Status Test CommandTest Port portnumber testtype Test port x internal Command Line Interface Authority None Syntax uptime Uptime CommandExamples The following is an example of the Uptime command User Command Following is an example of the User Edit command Following is an example of the User Add command Following is an example of the User List command Following is an example of the User Delete command Whoami Whoami CommandFollowing is an example of the Whoami command Syntax zone Zone Command Type zone zonetype Members zoneRemove zone memberlist Rename zoneold zonenew Following is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset Command Rename zonesetold zonesetnew Following is an example of the Zoneset List commandFollowing is an example of the Zoneset Zones command Remove zoneset zonelist History Zoning CommandOpens a Zoning Edit session Table B-17. Zoning Database Limits Limits E1JBOD1 E2JBOD2 Following is an example of the Zoning Limits command Following is an example of the Zoning List command 59042-07 a 103 Command Line Interface Zoning Command 104 59042-07 a BootP Access Control List ZoneAdministrative State Alarm Fabric Management Switch Class 3 ServiceConfigured Zone Sets Default Visibility Maintenance Mode Input Power LEDInter-Switch Link Maintenance Button SANsurfer Switch Manager Over Temperature LEDPower On Self Test Post Principal Switch Zoning Database Set of zone sets, zones, and aliases stored on a switchZone Set Page Numerics Index Index-2 59042-07 a LED Account B-1 59042-07 a Index-5 Index-6 59042-07 a