Fabric Security, User Account Security | Q-Logic 59226-00 B guide

Section 3

Managing Fabrics

This section describes the following tasks that manage fabrics:

Fabric Security

Tracking Fabric Firmware and Software Versions

Managing the Fabric Database

Displaying Fabric Information

Working with Device Information and Nicknames

Zoning a Fabric

3.1

Fabric Security

The components of Fibre Channel fabric security are:

User Account Security

Fabric Services

Security Consistency Checklist

3.1.1

User Account Security

User account security he process by which your user account and password are authenticated with the list of valid user accounts and passwords. The switch validates your account and password when you attempt to add a fabric using SANsurfer Switch Manager or log in to a switch through Telnet. Your system administrator defines accounts, passwords, and authority levels that are stored on the switch. Refer to “Managing User Accounts” on page 4-2for more information.

The Admin account possesses Admin authority which grants full access to all tasks of the SANsurfer Switch Manager menu system. The switch validates your user account and SANsurfer Switch Manager grants access to its menus according to your authority level. If you do not have Admin authority, you are limited to monitoring tasks.

NOTE: If a user is logged into a switch using SANsurfer Switch Manager or CLI, and an administrator changes user access rights or passwords, existing logins will not be affected by the new settings. Login access and privileges are only checked for a new login request.

59226-00 B

3-1

Image 49

Q-Logic 59226-00 B manual Fabric Security, User Account Security, Components of Fibre Channel fabric security are

Contents

SANbox 1400 Series Switch Management User’s Guide Revision B Changes Document Sections Affected Document Revision History Table of Contents Section Managing Fabrics SANbox 1400 Series Switch Management User’s Guide Section Managing Switches Section Managing Ports Appendix a Command Line Interface Glossary Index List of Figures List of Tables SANbox 1400 Series Switch Management User’s Guide 59226-00 B Related Materials Intended Audience Jdom License Availability Technical SupportTraining Contact Information Using SANsurfer Switch Manager Workstation Requirements Installing the Management ApplicationWorkstation Requirements For a Windows platform SANsurfer Switch ManagerFor a Linux platform SANsurfer Management Suite SMS Installation for WindowsFor a Solaris platform For a Mac OS X platform 59226-00 B SMS Installation for Linux Chmod +x sansurferswitchmgrlinuxx.xx.xx.bin SMS Installation for Solaris Change directories to the package location Install the new SANsurfer Switch Manager packageLocate and execute the file sbmoversms.sh Starting SANsurfer Switch Manager Initial Startup Dialog ‰ For Linux or Solaris enter the SANsurfer command SANsurfer Switch Manager Window Save Default Fabric View File Dialog Exiting SANsurfer Switch Manager Load Default Fabric File Dialog SMS Uninstall Uninstalling SANsurfer Switch Manager UninstallerData/UninstallSANsurferSwitchManager Standalone Uninstall Saving and Opening Fabric View Files Changing the Encryption Key for the Default Fabric View File Setting SANsurfer Switch Manager Preferences Viewing Software Version and Copyright Information Using Online Help Topology Display SANsurfer Switch Manager User InterfaceFaceplate Display Topology Display Menu Menu Bars Shortcut Keys Faceplate Display Menu Tool Bar Buttons Tool BarTool Bar Button Description Fabric Tree Fabric Tree Graphic Window Working Status IndicatorData Window and Tabs 10. Topology Display Using the Topology Display Working with Switches and Links Switch and Link StatusSelecting Switches and Links Opening the Faceplate and Topology Display Popup Menus Arranging Switches in the Display Topology Data Windows Port Views and Status Using the Faceplate Display Selecting Ports Working with PortsOpening the Faceplate Popup Menu Faceplate Data Windows User Account Security Fabric SecurityComponents of Fibre Channel fabric security are Enabling Snmp Configuration Fabric ServicesClick the In-band Management Enable button Enabling In-band Management Tracking Fabric Firmware and Software Versions Security Consistency ChecklistSaving a Version Snapshot Exporting Version Snapshots to a File Viewing and Comparing Version SnapshotsManaging the Fabric Database Add a New Fabric Dialog Adding a Fabric Opening a Fabric View File Removing a FabricSaving a Fabric View File Rediscovering a Fabric Adding a New Switch to a Fabric Deleting Switches and Links Replacing a Failed Switch Fabric Status Displaying Fabric Information Switch Icon Description Topology Display Switch and Status Icons Events Browser Displaying the Event Browser Severity Levels Discarded when you close a SANsurfer Switch Manager sessionEditor or browser Severity Description Icon Filter Events Dialog Filtering the Event Browser Saving the Event Browser to a File Sorting the Event Browser Devices Data Window Entries Devices Data WindowEntry Description Active Zone Set Data Window Active Zone Set Data Window Link Data Window SANsurfer Switch Manager enables you to do the followingWorking with Device Information and Nicknames Displaying Detailed Device Information Managing Device Port Nicknames Exporting Device Information to a FileCreating a Nickname Deleting a Nickname Editing a NicknameExporting Nicknames to a File Zoning a Fabric Importing a Nicknames FileZoning Concepts Soft Zones Zones Aliases Access Control List Hard ZonesZone Sets Zoning Database Managing the Zoning Database Using the Zoning WizardManaging the zoning database consists of the following Edit Zoning Dialog Editing the Zoning Database Managing Fabrics Zoning a Fabric Edit Zoning Dialog Tool Bar Buttons and Icons Interop Auto Save Configuring the Zoning Database Discard Inactive Default VisibilitySaving the Zoning Database to a File Restoring the Zoning Database from a File Removing All Zoning Definitions Restoring the Default Zoning Database Creating a Zone Set Managing Zone Sets Copying a Zone to a Zone Set Activating and Deactivating a Zone SetRemoving a Zone from a Zone Set or from All Zone Sets Managing Zones Removing a Zone SetManaging zones involves the following Creating a Zone in a Zone Set Adding Zone Members Removing a Zone Member Renaming a Zone or a Zone SetRemoving a Zone from a Zone Set Removing a Zone from All Zone Sets Managing Aliases Changing Zone TypesCreating an Alias Removing an Alias from All Zones Adding a Member to an Alias Zone Merge Failure Merging Fabrics and Zoning Zone Merge Failure Recovery Managing Switches Managing User Accounts Account Name Password Admin Authority ExpirationFactory User Accounts Creating User Accounts User Account Administration Dialog Add Account Removing a User Account User Account Administration Dialog Remove Account User Account Administration Dialog Change Password Changing a User Account Password Modifying a User Account User Account Administration Dialog Modify Account Faceplate Display Switch Information Displaying Switch Information Switch Data Window Entries Switch Data Window Ratov Switch Data Window Entries Port Information Data Window Port Statistics Data Window Configured Zonesets Data Window Configured Zonesets Data Window Port Threshold Alarm Configuration Dialog Configuring Port Threshold Alarms Port Threshold Alarm Example Paging a Switch Resetting a Switch Setting the Date/Time and Enabling NTP Client Type Description Switch Resets Using the Configuration Wizard Configuring a Switch Symbolic Name Switch Properties Switch Administrative States Switch Administrative StatesParameter Description Fabric Device Management Interface Domain ID and Domain ID Lock In-band Management Broadcast Support 10. Advanced Switch Properties Dialog Advanced Switch Properties Timeout Values Timeout Values Legacy Port Address Format Interop Mode for Zoning 11. Network Properties Dialog Network Properties IP Configuration Parameters IP Configuration NTP Client Remote Logging 12. Snmp Properties Dialog Snmp Properties Snmp Configuration Parameters Snmp Configuration Snmp Trap Configuration Parameters Snmp Trap Configuration Archiving a Switch 13. Restore Dialogs Full and Selective Restoring a Switch Managing Switches Restoring a Switch Factory Default Configuration Settings Restoring the Factory Default ConfigurationSetting Value Downloading a Support File Installing Firmware 14. Hardware Status LEDs Displaying Hardware Status Managing Switches Displaying Hardware Status 59226-00 B Displaying Port Information Managing Ports Displaying Port Types Monitoring Port StatusPort Types State Description Displaying Port Speeds Displaying Port Operational StatesPort Operational States Port Speeds Port Transceiver Media View Displaying Transceiver Media StatusMedia Icon Description Port Statistics Data Window Entries LIP ALPD,ALPS Entry Description Port Address Port Fibre Channel address Port Information Data Window Entries Port Information Data Window Entries Port Information Data Window Entries Port Properties Dialog Configuring Ports Port Administrative States Changing Port Administrative States Changing Port Speeds Changing Port Types Stream Guard Changing Port Symbolic NameDevice Scan Designate Donor Ports Using the Extended Credits Wizard Testing Ports Resetting a Port Managing Ports Testing Ports Performance View Graphs Graphing Port Performance Starting SANsurfer Performance View This section describes how to do the following Exiting SANsurfer Performance View Save Default Performance View File Dialog Saving and Opening Performance View Files Load Default View File Dialog Setting SANsurfer Performance View Preferences Changing the Default Performance View File Encryption Key Displaying Graphs for a Switch Setting the Polling Frequency Customizing Graphs Arranging Graphs in the Display Default Graph Options Dialog Rescaling a Selected Graph Setting Global Graph Type Saving Graph Statistics to a File Printing Graphs Managing Ports Graphing Port Performance 59226-00 B Logging On to a Switch Command Line Interface User Accounts Working with Switch Configurations Modifying a Configuration Backing up and Restoring Switch Configurations Ftp ipaddress Table A-1. Command-Line Completion CommandsKeystroke Effect Monitoring Commands Configuration Command Table A-2. Commands Listed by Authority LevelAdmin Session Commands Authority Admin CommandSyntax Keywords Syntax alias Alias CommandKeywords add alias memberlist Copy aliassource aliasdestination List Delete aliasMembers alias Remove alias memberlist Syntax config Config CommandKeywords activate configname Restore Edit confignameSave configname # ftp symbolicname or ipaddress Authority None Create Support CommandSyntax create support Local directory now /itasca/conf/images bin Syntax date Date CommandKeywords MMDDhhmmCCYY Authority None Syntax feature Feature CommandKeywords add licensekey Log Authority Admin Firmware Install CommandSyntax firmware install Syntax Hardreset Command Help command keyword Help CommandCommand Keyword Following is an example of the History command History CommandHistory Hotreset Hotreset Command Image Command Ftp Ftp switchname Wait for the unpack to complete Admin session Lip CommandFollowing is an example of the Lip command Lip portnumber Syntax passwd accountname Keywords accountname Passwd Command Authority None Syntax ping Ping CommandIpaddress Keywords ipaddress Examples The following is an example of the Ps command Ps CommandAuthority None Syntax ps Displays current system process information Closes the Telnet session Quit CommandSyntax quit, exit, or logout Syntax reset Reset CommandKeywords config configname Table A-3. Switch Configuration Defaults SwitchParameter Default System Arbff Table A-4. Port Configuration Defaults Table A-5. Port Threshold Alarm Configuration Defaults Table A-7. Snmp Configuration Defaults Table A-6. Zoning Configuration Defaults Table A-8. System Configuration Defaults Keywords alarm option Set CommandConfig option Syntax set Switch state Setup optionLog option Pagebreak state Timezone Set config Set Config CommandTable A-9. Set Config Port Parameters Port portnumber Send Arbff True instead of IDLEs False on Table A-9. Set Config Port Parameters Table A-10. Set Config Switch Parameters Resource Allocation Timeout Value. The number Threshold Table A-11. Set Config Threshold Parameters Table A-12. Set Config Zoning Parameters Arbff Edtov Following is an example of the Set Config Switch command Following is an example of the Set Config Threshold command Attributes Following is an example of the Set Config Zoning command Set log Set Log CommandArchive Clear Display filter Port portlist Level filter Save Alarms are always logged and always displayed on the screenStart Stop Enable Set Port CommandKeywords portnumber Bypass alpa State state Disables the port by removing power from the port lasers Set setup Set Setup CommandTable A-13. Snmp Configuration Settings Snmp System Table A-14. System Configuration Settings Table A-14. System Configuration Settings Trap Severity Options SANbox admin # set setup system Following is an example of the Set Setup System command Authority None Syntax show Show CommandKeywords about Fdmi portwwn Alarm optionLog option Lsdb Displays name server information for all switches and portsNs option Pagebreak Tbuf Table A-15. Show Port Parameters LIPF8ALPS Steering domainid Post log Support Table A-16. Switch Operational Parameters Topology Displays the current time zone settingDisplays all connected devices Users Following is an example of the Show Fabric command Following is an example of the Show Domains commandFollowing is an example of the Show Fdmi command Version Following is an example of the Show NS local domain command Following is an example of the Show Fdmi WWN command Following is an example of the Show NS portID command Following is an example of the Show NS domainID commandFollowing is an example of the Show Interface command PL-XPL-VC-SG3-22 Following is an example of the Show Port command Following is an example of the Show Topology command Following is an example of the Show Switch command SANbox # show topology 1 Local Link Information Following is an example of the Show Version command Show config Show Config Command Following is an example of the Show Config Switch command Following is an example of the Show Config Threshold command Following is an example of the Show Config Zoning command Show log Show Log CommandNumber of events Component Displays all informative events Displays all warning events Snmp eventsDisplays all critical events Displays all events related to EPorts Level SettingsOptions Port Following is an example of the Show Log command Show Perf Command Following is an example of the Show Perf Byte command Show setup Show Setup CommandMfg Following is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Syntax shutdown Shutdown Command Syntax test Test CommandKeywords port portnumber testtype Status Admin start Command Line Interface Test Command Examples The following is an example of the Uptime command Uptime CommandAuthority None Syntax uptime Syntax user User CommandKeywords accounts Following is an example of the User Add command Following is an example of the User Accounts commandFollowing is an example of the User Edit command Following is an example of the User List command Following is an example of the User Delete command Examples The following is an example of the Whoami command Whoami CommandAuthority None Syntax whoami Syntax zone Zone CommandKeywords add zone memberlist Copy zonesource zonedestination Members zone Delete zoneRemove zone memberlist Rename zoneold zonenew Following is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset Command Delete zoneset DeactivateRemove zoneset zonelist Rename zonesetold zonesetnew Following is an example of the Zoneset Zones command Keywords active Zoning CommandOpens a Zoning Edit session Table A-17. Zoning Database Limits LimitsLimit Description 108 59226-00 B E2JBOD2 Following is an example of the Zoning Limits command Following is an example of the Zoning List command Command Line Interface Zoning Command 59226-00 B 111 Command Line Interface Zoning Command 112 59226-00 B Administrative State Access Control List ZoneAlarm BootP Configured Zone Sets Class 3 ServiceDefault Visibility Fabric Management Switch Inter-Switch Link Input Power LEDMaintenance Button Maintenance Mode Target Soft ZoneUser Account World Wide Name WWN Index Index-2 59226-00 B 59226-00 B Index-3 Index-4 59226-00 B 59226-00 B Index-5 Index-6 59226-00 B 59226-00 B Index-7 Index-8 59226-00 B